[FFmpeg-cvslog] avcodec/shorten: Check skip_bytes()

Michael Niedermayer git at videolan.org
Tue Jun 2 00:50:14 CEST 2015


ffmpeg | branch: release/2.4 | Michael Niedermayer <michaelni at gmx.at> | Fri May 15 16:48:31 2015 +0200| [49664f160e079659fc22e96820f43648f751a10f] | committer: Michael Niedermayer

avcodec/shorten: Check skip_bytes()

Fixes CID1210526

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit d201becfc0d89c6a5dfe44e96f1044fbc2aadb70)

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=49664f160e079659fc22e96820f43648f751a10f
---

 libavcodec/shorten.c |    5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c
index 4e63274..7eb3ac4 100644
--- a/libavcodec/shorten.c
+++ b/libavcodec/shorten.c
@@ -369,6 +369,11 @@ static int read_header(ShortenContext *s)
         s->nmean = get_uint(s, 0);
 
         skip_bytes = get_uint(s, NSKIPSIZE);
+        if ((unsigned)skip_bytes > get_bits_left(&s->gb)/8) {
+            av_log(s->avctx, AV_LOG_ERROR, "invalid skip_bytes: %d\n", skip_bytes);
+            return AVERROR_INVALIDDATA;
+        }
+
         for (i = 0; i < skip_bytes; i++)
             skip_bits(&s->gb, 8);
     }



More information about the ffmpeg-cvslog mailing list