videolan/ffmpeg
1
Fork 0
mirror of https://git.videolan.org/git/ffmpeg.git synced 2024-07-25 21:51:29 +02:00
Code Releases Activity

sanm: Check MV before using them.

Browse Source 
Fixes out of array reads

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2013-01-29 22:35:37 +01:00
parent 1d81f7448c
commit dc8dd2f6e9
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
libavcodec/sanm.c
View File

@ -29,6 +29,7 @@
#include "libavutil/imgutils.h"
#include "libavcodec/dsputil.h"
#include "sanm_data.h"
#include "libavutil/avassert.h"
#define NGLYPHS 256
@ -613,6 +614,16 @@ static int process_block(SANMVideoContext *ctx, uint8_t *dst, uint8_t *prev1,
} else {
int mx = motion_vectors[code][0];
int my = motion_vectors[code][1];
int index = prev2 - (const uint8_t*)ctx->frm2;
av_assert2(index >= 0 && index < (ctx->buf_size>>1));
if (index < - mx - my*stride ||
(ctx->buf_size>>1) - index < mx + size + (my + size - 1)*stride) {
av_log(ctx->avctx, AV_LOG_ERROR, "MV is invalid \n");
return AVERROR_INVALIDDATA;
}
for (k = 0; k < size; k++)
memcpy(dst + k * stride, prev2 + mx + (my + k) * stride, size);
}