RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

smc: fix the bounds check 

Fixes invalid writes when there are more blocks in a run than total
remaining blocks.

CC: libav-stable@libav.org
Bug-ID: CVE-2014-8548
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit d423dd72be)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
This commit is contained in:
Michael Niedermayer 2014-10-03 22:50:45 +02:00 committed by Anton Khirnov
parent eac49477aa
commit 58dc526ebf
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libavcodec/smc.c
View File

@ -70,7 +70,7 @@ typedef struct SmcContext {
row_ptr += stride * 4; \
} \
total_blocks--; \
if (total_blocks < 0) \
if (total_blocks < !!n_blocks) \
{ \
av_log(s->avctx, AV_LOG_INFO, "warning: block counter just went negative (this should not happen)\n"); \
return; \