Mercurial > libavcodec.hg

changeset 8243:d5949e5d36f3 libavcodec

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Check RV30/40 slice offsets to be inside buffer. This fixes issue 738
author kostya
date Tue, 02 Dec 2008 17:39:20 +0000
parents 91a340f25c8c
children 3f3d653fb46d
files rv34.c
diffstat 1 files changed, 5 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/rv34.c	Tue Dec 02 17:35:38 2008 +0000
+++ b/rv34.c	Tue Dec 02 17:39:20 2008 +0000
@@ -1389,6 +1389,11 @@
         else
             size= get_slice_offset(avctx, slices_hdr, i+1) - offset;
 
+        if(offset > buf_size){
+            av_log(avctx, AV_LOG_ERROR, "Slice offset is greater than frame size\n");
+            break;
+        }
+
         r->si.end = s->mb_width * s->mb_height;
         if(i+1 < slice_count){
             init_get_bits(&s->gb, buf+get_slice_offset(avctx, slices_hdr, i+1), (buf_size-get_slice_offset(avctx, slices_hdr, i+1))*8);