mirror of
https://git.ffmpeg.org/ffmpeg.git
synced 2024-12-25 16:52:31 +00:00
4xm: check bitstream_size boundary before using it
Prevent buffer overread. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org
This commit is contained in:
parent
fbd0dacc8d
commit
59d7bb99b6
@ -739,6 +739,9 @@ static int decode_i_frame(FourXContext *f, AVFrame *frame, const uint8_t *buf, i
|
||||
unsigned int prestream_size;
|
||||
const uint8_t *prestream;
|
||||
|
||||
if (bitstream_size > (1 << 26))
|
||||
return AVERROR_INVALIDDATA;
|
||||
|
||||
if (length < bitstream_size + 12) {
|
||||
av_log(f->avctx, AV_LOG_ERROR, "packet size too small\n");
|
||||
return AVERROR_INVALIDDATA;
|
||||
@ -749,7 +752,6 @@ static int decode_i_frame(FourXContext *f, AVFrame *frame, const uint8_t *buf, i
|
||||
prestream = buf + bitstream_size + 12;
|
||||
|
||||
if (prestream_size + bitstream_size + 12 != length
|
||||
|| bitstream_size > (1 << 26)
|
||||
|| prestream_size > (1 << 26)) {
|
||||
av_log(f->avctx, AV_LOG_ERROR, "size mismatch %d %d %d\n",
|
||||
prestream_size, bitstream_size, length);
|
||||
|
Loading…
Reference in New Issue
Block a user