Mercurial > libavcodec.hg

changeset 8669:16b978f64d9e libavcodec

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix an exploit in indeo by checking we are not writing out of the strip array. Fixes issue 655
author benoit
date Mon, 26 Jan 2009 09:41:23 +0000
parents 191860960b23
children 7e7acb5d1da8
files indeo3.c
diffstat 1 files changed, 8 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/indeo3.c	Mon Jan 26 03:40:48 2009 +0000
+++ b/indeo3.c	Mon Jan 26 09:41:23 2009 +0000
@@ -252,6 +252,10 @@
 
         if(cmd == 0) {
             strip++;
+            if(strip >= strip_tbl + FF_ARRAY_ELEMS(strip_tbl)) {
+                av_log(s->avctx, AV_LOG_WARNING, "out of range strip\n");
+                break;
+            }
             memcpy(strip, strip-1, sizeof(*strip));
             strip->split_flag = 1;
             strip->split_direction = 0;
@@ -259,6 +263,10 @@
             continue;
         } else if(cmd == 1) {
             strip++;
+            if(strip >= strip_tbl + FF_ARRAY_ELEMS(strip_tbl)) {
+                av_log(s->avctx, AV_LOG_WARNING, "out of range strip\n");
+                break;
+            }
             memcpy(strip, strip-1, sizeof(*strip));
             strip->split_flag = 1;
             strip->split_direction = 1;