On 10/12/11 17:33, Justin Ruggles wrote:
From: Stefano Sabatini<[email protected]>
Add a check in flic_decode_frame_8BPP(), in case chunk_size is>
frame_size issue a warning and resize chunk_size to frame_size, in
order to avoid out-of-buffer reads.
Fix roundup issue #2520.
Signed-off-by: Stefano Sabatini<[email protected]>
Signed-off-by: Justin Ruggles<[email protected]>
---
libavcodec/flicvideo.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/libavcodec/flicvideo.c b/libavcodec/flicvideo.c
index 70d3adb..386605f 100644
--- a/libavcodec/flicvideo.c
+++ b/libavcodec/flicvideo.c
@@ -183,6 +183,11 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx,
/* iterate through the chunks */
while ((frame_size> 0)&& (num_chunks> 0)) {
chunk_size = AV_RL32(&buf[stream_ptr]);
+ if (chunk_size> frame_size) {
+ av_log(avctx, AV_LOG_WARNING,
+ "Invalid chunk_size = %u> frame_size = %u\n", chunk_size,
frame_size);
Again I prefer having the values apart, "Invalid" could be omitted, e.g.:
chunk_size > frame_size (%u > %u)
lu
--
Luca Barbato
Gentoo/linux
http://dev.gentoo.org/~lu_zero
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
