mirror of https://git.ffmpeg.org/ffmpeg.git
lagarith: check count before writing zeros.
Fixes CVE-2012-2793 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Anton Khirnov <anton@khirnov.net>
This commit is contained in:
parent
99f392a584
commit
b631e4ed64
|
@ -361,6 +361,11 @@ static int lag_decode_zero_run_line(LagarithContext *l, uint8_t *dst,
|
|||
output_zeros:
|
||||
if (l->zeros_rem) {
|
||||
count = FFMIN(l->zeros_rem, width - i);
|
||||
if (end - dst < count) {
|
||||
av_log(l->avctx, AV_LOG_ERROR, "Too many zeros remaining.\n");
|
||||
return AVERROR_INVALIDDATA;
|
||||
}
|
||||
|
||||
memset(dst, 0, count);
|
||||
l->zeros_rem -= count;
|
||||
dst += count;
|
||||
|
|
Loading…
Reference in New Issue