[FFmpeg-cvslog] avformat/dvbsub: Fix hypothetical pointer overflow in dvbsub_probe()
Michael Niedermayer
git at videolan.org
Sun Mar 15 13:55:15 CET 2015
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Sun Mar 15 13:45:31 2015 +0100| [2cda1a16d0d34f1e936ed179c6f864bae1026b06] | committer: Michael Niedermayer
avformat/dvbsub: Fix hypothetical pointer overflow in dvbsub_probe()
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2cda1a16d0d34f1e936ed179c6f864bae1026b06
---
libavformat/dvbsub.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libavformat/dvbsub.c b/libavformat/dvbsub.c
index d52bc86..3d2f704 100644
--- a/libavformat/dvbsub.c
+++ b/libavformat/dvbsub.c
@@ -37,7 +37,7 @@ static int dvbsub_probe(AVProbeData *p)
const uint8_t *ptr = p->buf + i;
uint8_t histogram[6] = {0};
int min = 255;
- for(j=0; ptr + 6 < end; j++) {
+ for(j=0; 6 < end - ptr; j++) {
if (*ptr != 0x0f)
break;
type = ptr[1];
@@ -49,6 +49,8 @@ static int dvbsub_probe(AVProbeData *p)
histogram[type - 0x10] ++;
} else
break;
+ if (6 + len > end - ptr)
+ break;
ptr += 6 + len;
}
for (k=0; k < 4; k++) {
More information about the ffmpeg-cvslog
mailing list