[FFmpeg-cvslog] avformat/wtvdec: Check pointer before use
Michael Niedermayer
git at videolan.org
Mon Sep 5 02:24:48 EEST 2016
ffmpeg | branch: release/3.0 | Michael Niedermayer <michael at niedermayer.cc> | Sun Aug 21 21:30:36 2016 +0200| [2858f77fd460f668a9e29dd897be940d29d9bb10] | committer: Michael Niedermayer
avformat/wtvdec: Check pointer before use
Fixes out of array read
Fixes: 049fdf78565f1ce5665df236d90f8657/asan_heap-oob_10a5a97_1026_42f9d4855547329560f385768de2f3fb.wtv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit cc5e5548df4af48674c7aef518e831b19e99f9fc)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2858f77fd460f668a9e29dd897be940d29d9bb10
---
libavformat/wtvdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/wtvdec.c b/libavformat/wtvdec.c
index 71deaf0..882fde1 100644
--- a/libavformat/wtvdec.c
+++ b/libavformat/wtvdec.c
@@ -1033,7 +1033,7 @@ static int read_header(AVFormatContext *s)
while (1) {
uint64_t frame_nb = avio_rl64(pb);
uint64_t position = avio_rl64(pb);
- while (frame_nb > e->size && e <= e_end) {
+ while (e <= e_end && frame_nb > e->size) {
e->pos = last_position;
e++;
}
More information about the ffmpeg-cvslog
mailing list