[FFmpeg-devel] [libav-devel] [PATCH 1/4] dds: validate source buffer size before copying
Vittorio Giovara
vittorio.giovara at gmail.com
Wed Nov 11 12:32:16 CET 2015
On Wed, Nov 11, 2015 at 1:14 AM, Andreas Cadhalpun
<andreas.cadhalpun at googlemail.com> wrote:
> If it is too small av_image_copy_plane segfaults.
>
> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> ---
> libavcodec/dds.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/libavcodec/dds.c b/libavcodec/dds.c
> index a604d56..324e665 100644
> --- a/libavcodec/dds.c
> +++ b/libavcodec/dds.c
> @@ -666,6 +666,12 @@ static int dds_decode(AVCodecContext *avctx, void *data,
> frame->palette_has_changed = 1;
> }
>
> + if (bytestream2_get_bytes_left(gbc) < frame->height * linesize) {
> + av_log(avctx, AV_LOG_ERROR, "Buffer is too small (%d < %d).\n",
> + bytestream2_get_bytes_left(gbc), frame->height * linesize);
> + return AVERROR_INVALIDDATA;
> + }
> +
> av_image_copy_plane(frame->data[0], frame->linesize[0],
> gbc->buffer, linesize,
> linesize, frame->height);
> --
> 2.6.2
Same thought of 2/4 but patch should be ok.
Thanks
--
Vittorio
More information about the ffmpeg-devel
mailing list