avcodec/cdgraphics: check buffer size before use

Fixes out of array accesses

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2013-05-07 21:04:33 +02:00
parent ead590c256
commit ad002e1a13

View File

@ -289,7 +289,9 @@ static int cdg_decode_frame(AVCodecContext *avctx,
inst = bytestream_get_byte(&buf); inst = bytestream_get_byte(&buf);
inst &= CDG_MASK; inst &= CDG_MASK;
buf += 2; /// skipping 2 unneeded bytes buf += 2; /// skipping 2 unneeded bytes
bytestream_get_buffer(&buf, cdg_data, buf_size - CDG_HEADER_SIZE);
if (buf_size > CDG_HEADER_SIZE)
bytestream_get_buffer(&buf, cdg_data, buf_size - CDG_HEADER_SIZE);
if ((command & CDG_MASK) == CDG_COMMAND) { if ((command & CDG_MASK) == CDG_COMMAND) {
switch (inst) { switch (inst) {