RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

tm2: Check remaining size before init_get_bits() 

Fixes a null pointer dereference.
Fixes 2nd half of Ticket800
Bug found by: Oana Stratulat

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2011-12-20 16:53:56 +01:00
parent 3c7f75bd84
commit 65f0f9183b
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libavcodec/truemotion2.c
View File

@ -286,6 +286,8 @@ static int tm2_read_stream(TM2Context *ctx, const uint8_t *buf, int stream_id, i
buf += 4; cur += 4; buf += 4; cur += 4;
buf += 4; cur += 4; /* unused by decoder */ buf += 4; cur += 4; /* unused by decoder */
if(skip < cur)
return -1;
init_get_bits(&ctx->gb, buf, (skip - cur) * 8); init_get_bits(&ctx->gb, buf, (skip - cur) * 8);
if(tm2_build_huff_table(ctx, &codes) == -1) if(tm2_build_huff_table(ctx, &codes) == -1)
return -1; return -1;