On 11.11.2015 12:32, Vittorio Giovara wrote: > On Wed, Nov 11, 2015 at 1:14 AM, Andreas Cadhalpun > <andreas.cadhal...@googlemail.com> wrote: >> If it is too small av_image_copy_plane segfaults. >> >> Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> >> --- >> libavcodec/dds.c | 6 ++++++ >> 1 file changed, 6 insertions(+) >> >> diff --git a/libavcodec/dds.c b/libavcodec/dds.c >> index a604d56..324e665 100644 >> --- a/libavcodec/dds.c >> +++ b/libavcodec/dds.c >> @@ -666,6 +666,12 @@ static int dds_decode(AVCodecContext *avctx, void *data, >> frame->palette_has_changed = 1; >> } >> >> + if (bytestream2_get_bytes_left(gbc) < frame->height * linesize) { >> + av_log(avctx, AV_LOG_ERROR, "Buffer is too small (%d < %d).\n", >> + bytestream2_get_bytes_left(gbc), frame->height * >> linesize); >> + return AVERROR_INVALIDDATA; >> + } >> + >> av_image_copy_plane(frame->data[0], frame->linesize[0], >> gbc->buffer, linesize, >> linesize, frame->height); >> -- >> 2.6.2 > > Same thought of 2/4 but patch should be ok.
Pushed. Best regards, Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel