[FFmpeg-cvslog] avcodec/vp7: check buffer size

Michael Niedermayer git at videolan.org
Sat Mar 29 04:40:37 CET 2014


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Sat Mar 29 04:25:50 2014 +0100| [46f72ea507afee6adb0d2324848159063d0e7afc] | committer: Michael Niedermayer

avcodec/vp7: check buffer size

Fixes overread
Fixes Ticket 3501
Found-by: Piotr Bandurski <ami_stuff at o2.pl>
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=46f72ea507afee6adb0d2324848159063d0e7afc
---

 libavcodec/vp8.c |    5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/vp8.c b/libavcodec/vp8.c
index 45a19a0..c15111e 100644
--- a/libavcodec/vp8.c
+++ b/libavcodec/vp8.c
@@ -434,6 +434,11 @@ static int vp7_decode_frame_header(VP8Context *s, const uint8_t *buf, int buf_si
     s->invisible = 0;
     part1_size   = AV_RL24(buf) >> 4;
 
+    if (buf_size < 4 - s->profile + part1_size) {
+        av_log(s->avctx, AV_LOG_ERROR, "Buffer size %d is too small, needed : %d\n", buf_size, 4 - s->profile + part1_size);
+        return AVERROR_INVALIDDATA;
+    }
+
     buf      += 4 - s->profile;
     buf_size -= 4 - s->profile;
 



More information about the ffmpeg-cvslog mailing list