mirror of https://git.ffmpeg.org/ffmpeg.git
avcodec/qpeg: fix off by 1 error in MV bounds check
Fixes out of array access Fixes: asan_heap-oob_153760f_4_asan_heap-oob_1d7a4cf_164_VWbig6.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
parent
8f1457864b
commit
dd3bfe3cc1
|
@ -163,7 +163,7 @@ static void av_noinline qpeg_decode_inter(QpegContext *qctx, uint8_t *dst,
|
|||
|
||||
/* check motion vector */
|
||||
if ((me_x + filled < 0) || (me_x + me_w + filled > width) ||
|
||||
(height - me_y - me_h < 0) || (height - me_y > orig_height) ||
|
||||
(height - me_y - me_h < 0) || (height - me_y >= orig_height) ||
|
||||
(filled + me_w > width) || (height - me_h < 0))
|
||||
av_log(NULL, AV_LOG_ERROR, "Bogus motion vector (%i,%i), block size %ix%i at %i,%i\n",
|
||||
me_x, me_y, me_w, me_h, filled, height);
|
||||
|
|
Loading…
Reference in New Issue