har0ke/FFmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fraps: fix version 0/1 input data size check.

Browse Source 
Fixes array overread.
Fixes Ticket1371

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2012-06-01 23:21:03 +02:00
parent f23a2418fb
commit 0bae6661cd
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
libavcodec/fraps.c
View File

@ -161,17 +161,17 @@ static int decode_frame(AVCodecContext *avctx,
unsigned needed_size = avctx->width*avctx->height*3;
if (version == 0) needed_size /= 2;
needed_size += header_size;
if (buf_size != needed_size && buf_size != header_size) {
av_log(avctx, AV_LOG_ERROR,
"Invalid frame length %d (should be %d)\n",
buf_size, needed_size);
return -1;
}
/* bit 31 means same as previous pic */
if (header & (1U<<31)) {
*data_size = 0;
return buf_size;
}
if (buf_size != needed_size) {
av_log(avctx, AV_LOG_ERROR,
"Invalid frame length %d (should be %d)\n",
buf_size, needed_size);
return -1;
}
} else {
/* skip frame */
if (buf_size == 8) {