On Tue, May 10, 2016 at 04:30:03PM -0300, James Almer wrote: > Prevents overreads as reported by valgrind > > Signed-off-by: James Almer <jamr...@gmail.com> > --- > See > http://fate.ffmpeg.org/report.cgi?time=20160509191458&slot=x86_64-archlinux-gcc-valgrindundef > > libavcodec/rscc.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/libavcodec/rscc.c b/libavcodec/rscc.c > index a47d29f..b1f6f87 100644 > --- a/libavcodec/rscc.c > +++ b/libavcodec/rscc.c > @@ -258,6 +258,11 @@ static int rscc_decode_frame(AVCodecContext *avctx, void > *data, > pixels = gbc->buffer; > } else { > uLongf len = ctx->inflated_size; > + if (bytestream2_get_bytes_left(gbc) < packed_size) { > + av_log(avctx, AV_LOG_ERROR, "Insufficient input for %d\n", > packed_size); > + ret = AVERROR_INVALIDDATA; > + goto end; > + }
you might want to check for packed_size < 0 isnt strictly needed i guess but seems more proper LGTM otherwise [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB If you drop bombs on a foreign country and kill a hundred thousand innocent people, expect your government to call the consequence "unprovoked inhuman terrorist attacks" and use it to justify dropping more bombs and killing more people. The technology changed, the idea is old.
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
