Hi, 2014-08-17 20:39 GMT+02:00 Michael Niedermayer <michae...@gmx.at>: >> + if (width > s->screen_width) { >> + av_log(s->avctx, AV_LOG_ERROR, "Invalid image width.\n"); >> + return AVERROR_INVALIDDATA; >> + } >> + if (left + width > s->screen_width) { >> + /* width must be kept around to avoid lzw vs line desync */ >> + pw = s->screen_width - left; >> + av_log(s->avctx, AV_LOG_WARNING, "Image too wide by %d, >> truncating.\n", >> + left + width - s->screen_width); >> + } else { >> + pw = width; >> + } >> + if (top + height > s->screen_height) { >> + /* we don't care about the extra invisible lines */ >> + av_log(s->avctx, AV_LOG_WARNING, "Image too high by %d, >> truncating.\n", >> + top + height - s->screen_height); >> + height = s->screen_height - top; >> + } > > i think these need a check for top >= s->screen_height and > left >= s->screen_width
Because of integer wraparound/overflow/... and/or values being potentially negative? If yes, I don't think it can happen: left = bytestream2_get_le16u(&s->gb); top = bytestream2_get_le16u(&s->gb); width = bytestream2_get_le16u(&s->gb); height = bytestream2_get_le16u(&s->gb); And the conditions are then already part of the new checks, right? -- Christophe _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel