RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

svq1dec: Fix overread on very small input 

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2012-04-22 11:10:17 +02:00
parent b21ba20cc8
commit f7c67536fe
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
libavcodec/svq1dec.c
View File

@ -647,6 +647,9 @@ static int svq1_decode_frame(AVCodecContext *avctx,
if (s->f_code != 0x20) { if (s->f_code != 0x20) {
uint32_t *src = (uint32_t *) (buf + 4); uint32_t *src = (uint32_t *) (buf + 4);
if (buf_size < 36)
return AVERROR_INVALIDDATA;
for (i=0; i < 4; i++) { for (i=0; i < 4; i++) {
src[i] = ((src[i] << 16) | (src[i] >> 16)) ^ src[7 - i]; src[i] = ((src[i] << 16) | (src[i] >> 16)) ^ src[7 - i];
} }