RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

avcodec/g2meet: fix src pointer checks in kempf_decode_tile() 

Fixes Ticket2842

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2013-08-07 15:50:26 +02:00
parent 5cd57e8758
commit 2960576378
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libavcodec/g2meet.c
View File

@ -389,7 +389,7 @@ static int kempf_decode_tile(G2MContext *c, int tile_x, int tile_y,
return 0; return 0;
zsize = (src[0] << 8) | src[1]; src += 2; zsize = (src[0] << 8) | src[1]; src += 2;
if (src_end - src < zsize) if (src_end - src < zsize + (sub_type != 2))
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;
ret = uncompress(c->kempf_buf, &dlen, src, zsize); ret = uncompress(c->kempf_buf, &dlen, src, zsize);
@ -411,6 +411,8 @@ static int kempf_decode_tile(G2MContext *c, int tile_x, int tile_y,
for (i = 0; i < (FFALIGN(height, 16) >> 4); i++) { for (i = 0; i < (FFALIGN(height, 16) >> 4); i++) {
for (j = 0; j < (FFALIGN(width, 16) >> 4); j++) { for (j = 0; j < (FFALIGN(width, 16) >> 4); j++) {
if (!bits) { if (!bits) {
if (src >= src_end)
return AVERROR_INVALIDDATA;
bitbuf = *src++; bitbuf = *src++;
bits = 8; bits = 8;
} }