highperfocused/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

dpx: include offset in the total_size calculation

Browse Source 
Fixes out of array reads

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer
2013-02-10 17:54:00 +01:00
parent 151067bbc2
commit cb85779d45
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libavcodec/dpx.c
View File

@@ -199,7 +199,7 @@ static int decode_frame(AVCodecContext *avctx,
for (i=0; i<AV_NUM_DATA_POINTERS; i++) for (i=0; i<AV_NUM_DATA_POINTERS; i++)
ptr[i] = p->data[i]; ptr[i] = p->data[i];
if (total_size > avpkt->size) { if (total_size + (int64_t)offset > avpkt->size) {
av_log(avctx, AV_LOG_ERROR, "Overread buffer. Invalid header?\n"); av_log(avctx, AV_LOG_ERROR, "Overread buffer. Invalid header?\n");
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;
} }