RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

avcodec/vmdvideo: Check len before using it in method 3 

Fixes out of array access
Fixes: asan_heap-oob_4d23ba_91_cov_3853393937_128.vmd

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3030fb7e0d)

Conflicts:

	libavcodec/vmdav.c
This commit is contained in:
Michael Niedermayer 2014-12-16 16:24:55 +01:00
parent adf2f2166e
commit 87ec3c6156
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libavcodec/vmdav.c
View File

@ -319,8 +319,12 @@ static void vmd_decode(VmdVideoContext *s)
len = rle_unpack(gb.buffer, &dp[ofs], len = rle_unpack(gb.buffer, &dp[ofs],
len, bytestream2_get_bytes_left(&gb), len, bytestream2_get_bytes_left(&gb),
frame_width - ofs); frame_width - ofs);
else else {
if (ofs + len > frame_width ||
bytestream2_get_bytes_left(&gb) < len)
return;
bytestream2_get_buffer(&gb, &dp[ofs], len); bytestream2_get_buffer(&gb, &dp[ofs], len);
}
bytestream2_skip(&gb, len); bytestream2_skip(&gb, len);
} else { } else {
/* interframe pixel copy */ /* interframe pixel copy */