RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Check for out of bound reads in PTX decoder. 

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Laurent Aimar 2011-10-02 00:38:32 +02:00 committed by Michael Niedermayer
parent e1d5bbeb39
commit 581898ae88
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
libavcodec/ptx.c
View File

@ -39,12 +39,15 @@ static av_cold int ptx_init(AVCodecContext *avctx) {
static int ptx_decode_frame(AVCodecContext *avctx, void *data, int *data_size,
AVPacket *avpkt) {
const uint8_t *buf = avpkt->data;
const uint8_t *buf_end = avpkt->data + avpkt->size;
PTXContext * const s = avctx->priv_data;
AVFrame *picture = data;
AVFrame * const p = &s->picture;
unsigned int offset, w, h, y, stride, bytes_per_pixel;
uint8_t *ptr;
if (buf_end - buf < 14)
return AVERROR_INVALIDDATA;
offset = AV_RL16(buf);
w = AV_RL16(buf+8);
h = AV_RL16(buf+10);
@ -57,6 +60,9 @@ static int ptx_decode_frame(AVCodecContext *avctx, void *data, int *data_size,
avctx->pix_fmt = PIX_FMT_RGB555;
if (buf_end - buf < offset)
return AVERROR_INVALIDDATA;
if (offset != 0x2c)
av_log_ask_for_sample(avctx, "offset != 0x2c\n");
@ -80,6 +86,8 @@ static int ptx_decode_frame(AVCodecContext *avctx, void *data, int *data_size,
stride = p->linesize[0];
for (y=0; y<h; y++) {
if (buf_end - buf < w * bytes_per_pixel)
break;
#if HAVE_BIGENDIAN
unsigned int x;
for (x=0; x<w*bytes_per_pixel; x+=bytes_per_pixel)