videolan/ffmpeg
1
Fork 0
mirror of https://git.videolan.org/git/ffmpeg.git synced 2024-09-01 22:16:42 +02:00
Code Releases Activity

avcodec/pngdec: Fix paeth prediction with small images

Browse Source 
Fixes out of array read
Fixes: asan_heap-oob_20b0a06_1962_cov_1907976991_delete_node_small.png
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2014-11-26 17:00:17 +01:00
parent 79ceaf827b
commit 9a53707e86
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libavcodec/pngdec.c
View File

@ -267,8 +267,10 @@ static void png_filter_row(PNGDSPContext *dsp, uint8_t *dst, int filter_type,
/* would write off the end of the array if we let it process
* the last pixel with bpp=3 */
int w = bpp == 4 ? size : size - 3;
dsp->add_paeth_prediction(dst + i, src + i, last + i, w - i, bpp);
i = w;
if (w > i) {
dsp->add_paeth_prediction(dst + i, src + i, last + i, w - i, bpp);
i = w;
}
}
ff_add_png_paeth_prediction(dst + i, src + i, last + i, size - i, bpp);
break;