RepoMirrors/ffmpeg
1
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2025-02-18 04:47:12 +00:00
Code Issues Projects Releases Wiki Activity

proresdec_lgpl: explicitly check coff[3] against slice_data_size

Browse Source 
The implicit checks via v_data_size and a_data_size don't work in the case
'(hdr_size > 7) && !ctx->alpha_info'.

This fixes segmentation faults due to invalid reads.

This problem was introduced in commit
547c2f002a.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
This commit is contained in:
Andreas Cadhalpun 2016-11-09 23:49:46 +01:00
parent 18108f3618
commit 1e33035ee7
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libavcodec/proresdec_lgpl.c
View File

@ -625,7 +625,7 @@ static int decode_slice(AVCodecContext *avctx, void *tdata)
/* if V or alpha component size is negative that means that previous /* if V or alpha component size is negative that means that previous
component sizes are too large */ component sizes are too large */
if (v_data_size < 0 || a_data_size < 0 || hdr_size < 6) { if (v_data_size < 0 || a_data_size < 0 || hdr_size < 6 || coff[3] > slice_data_size) {
av_log(avctx, AV_LOG_ERROR, "invalid data size\n"); av_log(avctx, AV_LOG_ERROR, "invalid data size\n");
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;
} }