Quoting Luca Barbato (2015-01-19 14:06:31) > Bug-Id: CVE-2014-9603 > CC: [email protected] > --- > libavcodec/vmdvideo.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/libavcodec/vmdvideo.c b/libavcodec/vmdvideo.c > index 4a14ef0..caf4f38 100644 > --- a/libavcodec/vmdvideo.c > +++ b/libavcodec/vmdvideo.c > @@ -245,6 +245,12 @@ static int rle_region(VmdVideoContext *s, GetByteContext > *gb, > len = bytestream2_get_byte(gb); > if (len & 0x80) { > len = (len & 0x7F) + 1; > + if (ofs + len > frame_width) { > + av_log(s->avctx, AV_LOG_ERROR, > + "offset > width (%d > %d)\n", > + ofs, frame_width); > + return AVERROR_INVALIDDATA; > + } > if (bytestream2_peek_byte(gb) == 0xFF) { > int slen = len; > bytestream2_get_byte(gb); > -- > 1.9.0 >
Seems to me it'd be much better to switch the two patches, so cosmetics does not need to go into release branches. -- Anton Khirnov _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
