On 5/10/2016 9:30 PM, Michael Niedermayer wrote: > On Tue, May 10, 2016 at 04:30:03PM -0300, James Almer wrote: >> Prevents overreads as reported by valgrind >> >> Signed-off-by: James Almer <jamr...@gmail.com> >> --- >> See >> http://fate.ffmpeg.org/report.cgi?time=20160509191458&slot=x86_64-archlinux-gcc-valgrindundef >> >> libavcodec/rscc.c | 5 +++++ >> 1 file changed, 5 insertions(+) >> >> diff --git a/libavcodec/rscc.c b/libavcodec/rscc.c >> index a47d29f..b1f6f87 100644 >> --- a/libavcodec/rscc.c >> +++ b/libavcodec/rscc.c >> @@ -258,6 +258,11 @@ static int rscc_decode_frame(AVCodecContext *avctx, >> void *data, >> pixels = gbc->buffer; >> } else { >> uLongf len = ctx->inflated_size; >> + if (bytestream2_get_bytes_left(gbc) < packed_size) { >> + av_log(avctx, AV_LOG_ERROR, "Insufficient input for %d\n", >> packed_size); >> + ret = AVERROR_INVALIDDATA; >> + goto end; >> + } > > you might want to check for packed_size < 0 > isnt strictly needed i guess but seems more proper
Done > > LGTM otherwise Pushed, thanks. _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
