RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

rv10: improve buffer size check. 

Check slice count and input buffer size before constructing a possibly
invalid pointer, not after.
This commit is contained in:
Anton Khirnov 2013-02-03 08:42:02 +01:00
parent c5fcdb4402
commit 605b047bcc
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
libavcodec/rv10.c
View File

@ -659,11 +659,15 @@ static int rv10_decode_frame(AVCodecContext *avctx,
if(!avctx->slice_count){
slice_count = (*buf++) + 1;
buf_size--;
if (!slice_count || buf_size <= 8 * slice_count) {
av_log(avctx, AV_LOG_ERROR, "Invalid slice count: %d.\n", slice_count);
return AVERROR_INVALIDDATA;
}
slices_hdr = buf + 4;
buf += 8 * slice_count;
buf_size -= 8 * slice_count;
if (buf_size <= 0)
return AVERROR_INVALIDDATA;
}else
slice_count = avctx->slice_count;