mirror of
https://git.ffmpeg.org/ffmpeg.git
synced 2024-12-11 17:55:21 +00:00
dnxhddec: fix integer overflow / index check
Fixes out of array read Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
parent
b926cc7834
commit
4a2da83a78
@ -180,7 +180,7 @@ static int dnxhd_decode_header(DNXHDContext *ctx, const uint8_t *buf, int buf_si
|
||||
for (i = 0; i < ctx->mb_height; i++) {
|
||||
ctx->mb_scan_index[i] = AV_RB32(buf + 0x170 + (i<<2));
|
||||
av_dlog(ctx->avctx, "mb scan index %d\n", ctx->mb_scan_index[i]);
|
||||
if (buf_size < ctx->mb_scan_index[i] + 0x280) {
|
||||
if (buf_size < ctx->mb_scan_index[i] + 0x280LL) {
|
||||
av_log(ctx->avctx, AV_LOG_ERROR, "invalid mb scan index\n");
|
||||
return -1;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user