highperfocused/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

avcodec/interplayvideo: properly check if there is enough bytes left

Browse Source 
Signed-off-by: Paul B Mahol <onemda@gmail.com>
This commit is contained in:
Paul B Mahol
2017-06-27 15:46:08 +02:00
parent c4cbaec6e3
commit feab761b73
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
libavcodec/interplayvideo.c
View File

@@ -1233,6 +1233,10 @@ static int ipvideo_decode_frame(AVCodecContext *avctx,
s->decoding_map_size = ((s->avctx->width / 8) * (s->avctx->height / 8)) * 2; s->decoding_map_size = ((s->avctx->width / 8) * (s->avctx->height / 8)) * 2;
s->decoding_map = buf + 8 + 14; /* 14 bits of op data */ s->decoding_map = buf + 8 + 14; /* 14 bits of op data */
video_data_size -= s->decoding_map_size + 14; video_data_size -= s->decoding_map_size + 14;
if (buf_size < 8 + s->decoding_map_size + 14 + video_data_size)
return AVERROR_INVALIDDATA;
bytestream2_init(&s->stream_ptr, buf + 8 + s->decoding_map_size + 14, video_data_size); bytestream2_init(&s->stream_ptr, buf + 8 + s->decoding_map_size + 14, video_data_size);
break; break;
@@ -1253,6 +1257,9 @@ static int ipvideo_decode_frame(AVCodecContext *avctx,
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;
} }
if (buf_size < 8 + video_data_size + s->decoding_map_size + s->skip_map_size)
return AVERROR_INVALIDDATA;
bytestream2_init(&s->stream_ptr, buf + 8, video_data_size); bytestream2_init(&s->stream_ptr, buf + 8, video_data_size);
s->decoding_map = buf + 8 + video_data_size; s->decoding_map = buf + 8 + video_data_size;
s->skip_map = buf + 8 + video_data_size + s->decoding_map_size; s->skip_map = buf + 8 + video_data_size + s->decoding_map_size;
@@ -1270,6 +1277,9 @@ static int ipvideo_decode_frame(AVCodecContext *avctx,
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;
} }
if (buf_size < 8 + video_data_size + s->decoding_map_size)
return AVERROR_INVALIDDATA;
bytestream2_init(&s->stream_ptr, buf + 8, video_data_size); bytestream2_init(&s->stream_ptr, buf + 8, video_data_size);
s->decoding_map = buf + 8 + video_data_size; s->decoding_map = buf + 8 + video_data_size;