RepoMirrors/ffmpeg
1
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2025-02-26 00:31:12 +00:00
Code Issues Projects Releases Wiki Activity

smc: fix the bounds check

Browse Source 
Fixes invalid writes when there are more blocks in a run than total
remaining blocks.

CC: libav-stable@libav.org
Bug-ID: CVE-2014-8548
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit d423dd72be)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 58dc526ebf)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit f249e98891)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
This commit is contained in:
Michael Niedermayer 2014-10-03 22:50:45 +02:00 committed by Anton Khirnov
parent 02de44073a
commit 306ee95088
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libavcodec/smc.c
View File

@ -69,7 +69,7 @@ typedef struct SmcContext {
row_ptr += stride * 4; \
} \
total_blocks--; \
if (total_blocks < 0) \
if (total_blocks < !!n_blocks) \
{ \
av_log(s->avctx, AV_LOG_INFO, "warning: block counter just went negative (this should not happen)\n"); \
return; \