[FFmpeg-cvslog] avformat/wtvdec: Check pointer before use

Michael Niedermayer git at videolan.org
Thu Aug 25 05:21:46 EEST 2016


ffmpeg | branch: release/3.1 | Michael Niedermayer <michael at niedermayer.cc> | Sun Aug 21 21:30:36 2016 +0200| [596513ca2ce9f140135a75647cf34ea86c8d86ce] | committer: Michael Niedermayer

avformat/wtvdec: Check pointer before use

Fixes out of array read
Fixes: 049fdf78565f1ce5665df236d90f8657/asan_heap-oob_10a5a97_1026_42f9d4855547329560f385768de2f3fb.wtv

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit cc5e5548df4af48674c7aef518e831b19e99f9fc)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=596513ca2ce9f140135a75647cf34ea86c8d86ce
---

 libavformat/wtvdec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/wtvdec.c b/libavformat/wtvdec.c
index bd32d70..3ac4501 100644
--- a/libavformat/wtvdec.c
+++ b/libavformat/wtvdec.c
@@ -1031,7 +1031,7 @@ static int read_header(AVFormatContext *s)
                     while (1) {
                         uint64_t frame_nb = avio_rl64(pb);
                         uint64_t position = avio_rl64(pb);
-                        while (frame_nb > e->size && e <= e_end) {
+                        while (e <= e_end && frame_nb > e->size) {
                             e->pos = last_position;
                             e++;
                         }



More information about the ffmpeg-cvslog mailing list