[FFmpeg-cvslog] dfa: check for invalid access in decode_wdlt().

Anton Khirnov git at videolan.org
Sun Oct 6 19:06:14 CEST 2013


ffmpeg | branch: release/0.7 | Anton Khirnov <anton at khirnov.net> | Wed Mar 27 18:18:38 2013 +0100| [96cf80609af6372d4e0d150b8a5ca517c072e897] | committer: Reinhard Tartler

dfa: check for invalid access in decode_wdlt().

This can happen when the number of skipped lines is not consistent with
the number of coded lines.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 3623589edc7b1257bb45aa9e52c9631e133f22b6)

Signed-off-by: Reinhard Tartler <siretart at tauware.de>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=96cf80609af6372d4e0d150b8a5ca517c072e897
---

 libavcodec/dfa.c |    2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavcodec/dfa.c b/libavcodec/dfa.c
index 9c80b3c..563d7d5 100644
--- a/libavcodec/dfa.c
+++ b/libavcodec/dfa.c
@@ -263,6 +263,8 @@ static int decode_wdlt(uint8_t *frame, int width, int height,
             segments = bytestream_get_le16(&src);
         }
         line_ptr = frame;
+        if (frame_end - frame < width)
+            return AVERROR_INVALIDDATA;
         frame += width;
         y++;
         while (segments--) {



More information about the ffmpeg-cvslog mailing list