videolan/ffmpeg
1
Fork 0
mirror of https://git.videolan.org/git/ffmpeg.git synced 2024-10-01 00:54:33 +02:00
Code Releases Activity

Fixed buffer overread in flashsv decoder.

Browse Source 
Originally committed as revision 22210 to svn://svn.ffmpeg.org/ffmpeg/trunk
This commit is contained in:
Laurent Aimar 2010-03-04 19:10:44 +00:00
parent 1379b58482
commit b8fb21e902
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
libavcodec/flashsv.c
View File

@ -113,6 +113,8 @@ static int flashsv_decode_frame(AVCodecContext *avctx,
/* no supplementary picture */
if (buf_size == 0)
return 0;
if (buf_size < 4)
return -1;
init_get_bits(&gb, buf, buf_size * 8);
@ -181,6 +183,11 @@ static int flashsv_decode_frame(AVCodecContext *avctx,
/* get the size of the compressed zlib chunk */
int size = get_bits(&gb, 16);
if (8 * size > get_bits_left(&gb)) {
avctx->release_buffer(avctx, &s->frame);
s->frame.data[0] = NULL;
return -1;
}
if (size == 0) {
/* no change, don't do anything */