[FFmpeg-cvslog] rv10: improve buffer size check.
Anton Khirnov
git at videolan.org
Thu Feb 7 14:24:23 CET 2013
ffmpeg | branch: master | Anton Khirnov <anton at khirnov.net> | Sun Feb 3 08:42:02 2013 +0100| [605b047bcc48482dc8a356f56629da259fbddbf1] | committer: Anton Khirnov
rv10: improve buffer size check.
Check slice count and input buffer size before constructing a possibly
invalid pointer, not after.
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=605b047bcc48482dc8a356f56629da259fbddbf1
---
libavcodec/rv10.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/libavcodec/rv10.c b/libavcodec/rv10.c
index 8cce6cf..38abf78 100644
--- a/libavcodec/rv10.c
+++ b/libavcodec/rv10.c
@@ -659,11 +659,15 @@ static int rv10_decode_frame(AVCodecContext *avctx,
if(!avctx->slice_count){
slice_count = (*buf++) + 1;
buf_size--;
+
+ if (!slice_count || buf_size <= 8 * slice_count) {
+ av_log(avctx, AV_LOG_ERROR, "Invalid slice count: %d.\n", slice_count);
+ return AVERROR_INVALIDDATA;
+ }
+
slices_hdr = buf + 4;
buf += 8 * slice_count;
buf_size -= 8 * slice_count;
- if (buf_size <= 0)
- return AVERROR_INVALIDDATA;
}else
slice_count = avctx->slice_count;
More information about the ffmpeg-cvslog
mailing list