har0ke/FFmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Check RV30/40 slice offsets to be inside buffer.

Browse Source 
This fixes issue 738

Originally committed as revision 15981 to svn://svn.ffmpeg.org/ffmpeg/trunk
This commit is contained in:
Kostya Shishkov 2008-12-02 17:39:20 +00:00
parent a1c1c78019
commit 1799d5223e
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
libavcodec/rv34.c
View File

@ -1389,6 +1389,11 @@ int ff_rv34_decode_frame(AVCodecContext *avctx,
else else
size= get_slice_offset(avctx, slices_hdr, i+1) - offset; size= get_slice_offset(avctx, slices_hdr, i+1) - offset;
if(offset > buf_size){
av_log(avctx, AV_LOG_ERROR, "Slice offset is greater than frame size\n");
break;
}
r->si.end = s->mb_width * s->mb_height; r->si.end = s->mb_width * s->mb_height;
if(i+1 < slice_count){ if(i+1 < slice_count){
init_get_bits(&s->gb, buf+get_slice_offset(avctx, slices_hdr, i+1), (buf_size-get_slice_offset(avctx, slices_hdr, i+1))*8); init_get_bits(&s->gb, buf+get_slice_offset(avctx, slices_hdr, i+1), (buf_size-get_slice_offset(avctx, slices_hdr, i+1))*8);