Re: [FFmpeg-devel] [libav-devel] [PATCH 1/4] dds: validate source buffer size before copying

Vittorio Giovara Wed, 11 Nov 2015 03:32:37 -0800

On Wed, Nov 11, 2015 at 1:14 AM, Andreas Cadhalpun
<andreas.cadhal...@googlemail.com> wrote:
> If it is too small av_image_copy_plane segfaults.
>
> Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com>
> ---
>  libavcodec/dds.c | 6 ++++++
>  1 file changed, 6 insertions(+)
>
> diff --git a/libavcodec/dds.c b/libavcodec/dds.c
> index a604d56..324e665 100644
> --- a/libavcodec/dds.c
> +++ b/libavcodec/dds.c
> @@ -666,6 +666,12 @@ static int dds_decode(AVCodecContext *avctx, void *data,
>              frame->palette_has_changed = 1;
>          }
>
> +        if (bytestream2_get_bytes_left(gbc) < frame->height * linesize) {
> +            av_log(avctx, AV_LOG_ERROR, "Buffer is too small (%d < %d).\n",
> +                   bytestream2_get_bytes_left(gbc), frame->height * 
> linesize);
> +            return AVERROR_INVALIDDATA;
> +        }
> +
>          av_image_copy_plane(frame->data[0], frame->linesize[0],
>                              gbc->buffer, linesize,
>                              linesize, frame->height);
> --
> 2.6.2


Same thought of 2/4 but patch should be ok.
Thanks
-- 
Vittorio
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Re: [FFmpeg-devel] [libav-devel] [PATCH 1/4] dds: validate source buffer size before copying

Reply via email to