On 11.11.2015 12:32, Vittorio Giovara wrote:
> On Wed, Nov 11, 2015 at 1:14 AM, Andreas Cadhalpun
> <andreas.cadhal...@googlemail.com> wrote:
>> If it is too small av_image_copy_plane segfaults.
>>
>> Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com>
>> ---
>> libavcodec/dds.c | 6 ++++++
>> 1 file changed, 6 insertions(+)
>>
>> diff --git a/libavcodec/dds.c b/libavcodec/dds.c
>> index a604d56..324e665 100644
>> --- a/libavcodec/dds.c
>> +++ b/libavcodec/dds.c
>> @@ -666,6 +666,12 @@ static int dds_decode(AVCodecContext *avctx, void *data,
>> frame->palette_has_changed = 1;
>> }
>>
>> + if (bytestream2_get_bytes_left(gbc) < frame->height * linesize) {
>> + av_log(avctx, AV_LOG_ERROR, "Buffer is too small (%d < %d).\n",
>> + bytestream2_get_bytes_left(gbc), frame->height *
>> linesize);
>> + return AVERROR_INVALIDDATA;
>> + }
>> +
>> av_image_copy_plane(frame->data[0], frame->linesize[0],
>> gbc->buffer, linesize,
>> linesize, frame->height);
>> --
>> 2.6.2
>
> Same thought of 2/4 but patch should be ok.
Pushed.
Best regards,
Andreas
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
