videolan/ffmpeg
1
Fork 0
mirror of https://git.videolan.org/git/ffmpeg.git synced 2024-07-22 04:04:14 +02:00
Code Releases Activity

Check for overread in vqa video decoder.

Browse Source 
This issue was discovered while decoding the FATE sample vqa/ws_snd.vqa.
For some unknown reason only audio decoding is tested by FATE for that file,
but not video.

Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
This commit is contained in:
Reimar Döffinger 2012-01-05 18:25:40 +01:00
parent 1d0d63052b
commit 4278023240
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
libavcodec/vqavideo.c
View File

@ -322,10 +322,17 @@ static void vqa_decode_chunk(VqaContext *s)
int hibytes = s->decode_buffer_size / 2;
/* first, traverse through the frame and find the subchunks */
while (index < s->size) {
while (index + CHUNK_PREAMBLE_SIZE <= s->size) {
unsigned next_index;
chunk_type = AV_RB32(&s->buf[index]);
chunk_size = AV_RB32(&s->buf[index + 4]);
byte_skip = chunk_size & 0x01;
next_index = index + CHUNK_PREAMBLE_SIZE + chunk_size + byte_skip;
if (next_index > s->size) {
av_log(s->avctx, AV_LOG_ERROR, "Dropping incomplete chunk\n");
break;
}
switch (chunk_type) {
@ -366,9 +373,7 @@ static void vqa_decode_chunk(VqaContext *s)
chunk_type);
break;
}
byte_skip = chunk_size & 0x01;
index += (CHUNK_PREAMBLE_SIZE + chunk_size + byte_skip);
index = next_index;
}
/* next, deal with the palette */