From: Michael Niedermayer <[email protected]> Sample file available from https://trac.ffmpeg.org/ticket/2842
Adresses: CVE-2013-4264 CC: [email protected] Signed-off-by: Reinhard Tartler <[email protected]> --- libavcodec/g2meet.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavcodec/g2meet.c b/libavcodec/g2meet.c index 89fafef..eda57f8 100644 --- a/libavcodec/g2meet.c +++ b/libavcodec/g2meet.c @@ -393,7 +393,7 @@ static int kempf_decode_tile(G2MContext *c, int tile_x, int tile_y, return 0; zsize = (src[0] << 8) | src[1]; src += 2; - if (src_end - src < zsize) + if (src_end - src < zsize + (sub_type != 2)) return AVERROR_INVALIDDATA; ret = uncompress(c->kempf_buf, &dlen, src, zsize); @@ -415,6 +415,8 @@ static int kempf_decode_tile(G2MContext *c, int tile_x, int tile_y, for (i = 0; i < (FFALIGN(height, 16) >> 4); i++) { for (j = 0; j < (FFALIGN(width, 16) >> 4); j++) { if (!bits) { + if (src >= src_end) + return AVERROR_INVALIDDATA; bitbuf = *src++; bits = 8; } -- 1.8.3.2 _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
