[FFmpeg-cvslog] avcodec/dirac_parser: Fix potential overflows in pointer checks

Michael Niedermayer git at videolan.org
Sat Dec 5 17:44:04 CET 2015


ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Sat Dec  5 17:11:54 2015 +0100| [79798f7c57b098c78e0bbc6becd64b9888b013d1] | committer: Michael Niedermayer

avcodec/dirac_parser: Fix potential overflows in pointer checks

Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=79798f7c57b098c78e0bbc6becd64b9888b013d1
---

 libavcodec/dirac_parser.c |    8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/libavcodec/dirac_parser.c b/libavcodec/dirac_parser.c
index 83c35a2..12f1a60 100644
--- a/libavcodec/dirac_parser.c
+++ b/libavcodec/dirac_parser.c
@@ -100,10 +100,12 @@ typedef struct DiracParseUnit {
 static int unpack_parse_unit(DiracParseUnit *pu, DiracParseContext *pc,
                              int offset)
 {
-    uint8_t *start = pc->buffer + offset;
-    uint8_t *end   = pc->buffer + pc->index;
-    if (start < pc->buffer || (start + 13 > end))
+    int8_t *start;
+
+    if (offset < 0 || pc->index - 13 < offset)
         return 0;
+
+    start = pc->buffer + offset;
     pu->pu_type = start[4];
 
     pu->next_pu_offset = AV_RB32(start + 5);



More information about the ffmpeg-cvslog mailing list