Mercurial > libavcodec.hg
comparison vp56.c @ 11050:170c9ce34d14 libavcodec
vp56: check buffer size to fix a potential segfault
patch by Laurent Aimar fenrir _at_ videolan _dot_ org
author | aurel |
---|---|
date | Thu, 28 Jan 2010 23:49:46 +0000 |
parents | c1cccc058c7a |
children | c57e72227d7d |
comparison
equal
deleted
inserted
replaced
11049:e26ea20d293a | 11050:170c9ce34d14 |
---|---|
502 AVFrame *const p = s->framep[VP56_FRAME_CURRENT]; | 502 AVFrame *const p = s->framep[VP56_FRAME_CURRENT]; |
503 int remaining_buf_size = avpkt->size; | 503 int remaining_buf_size = avpkt->size; |
504 int is_alpha, av_uninit(alpha_offset); | 504 int is_alpha, av_uninit(alpha_offset); |
505 | 505 |
506 if (s->has_alpha) { | 506 if (s->has_alpha) { |
507 if (remaining_buf_size < 3) | |
508 return -1; | |
507 alpha_offset = bytestream_get_be24(&buf); | 509 alpha_offset = bytestream_get_be24(&buf); |
508 remaining_buf_size -= 3; | 510 remaining_buf_size -= 3; |
511 if (remaining_buf_size < alpha_offset) | |
512 return -1; | |
509 } | 513 } |
510 | 514 |
511 for (is_alpha=0; is_alpha < 1+s->has_alpha; is_alpha++) { | 515 for (is_alpha=0; is_alpha < 1+s->has_alpha; is_alpha++) { |
512 int mb_row, mb_col, mb_row_flip, mb_offset = 0; | 516 int mb_row, mb_col, mb_row_flip, mb_offset = 0; |
513 int block, y, uv, stride_y, stride_uv; | 517 int block, y, uv, stride_y, stride_uv; |