highperfocused/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

avcodec/dirac_parser: Fix potential overflows in pointer checks

Browse Source 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 79798f7c57b098c78e0bbc6becd64b9888b013d1)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2015-12-05 17:11:54 +01:00
parent 1601420be4
commit d092b7f04c
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
libavcodec/dirac_parser.c
View File

@ -100,10 +100,12 @@ typedef struct DiracParseUnit {
static int unpack_parse_unit(DiracParseUnit *pu, DiracParseContext *pc, static int unpack_parse_unit(DiracParseUnit *pu, DiracParseContext *pc,
int offset) int offset)
{ {
uint8_t *start = pc->buffer + offset; int8_t *start;
uint8_t *end = pc->buffer + pc->index;
if (start < pc->buffer || (start + 13 > end)) if (offset < 0 || pc->index - 13 < offset)
return 0; return 0;
start = pc->buffer + offset;
pu->pu_type = start[4]; pu->pu_type = start[4];
pu->next_pu_offset = AV_RB32(start + 5); pu->next_pu_offset = AV_RB32(start + 5);