aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Niedermayer <michaelni@gmx.at>2012-03-05 03:43:15 +0100
committerMichael Niedermayer <michaelni@gmx.at>2012-03-05 03:43:15 +0100
commit1007a805a486a1348a0543ac2dd99d823148d25c (patch)
tree6481c7f2a00895790cc3e7ed9378dec130d326b1
parent263bb6edcf6b767006fcde315850d3a60b3fceed (diff)
downloadffmpeg-1007a805a486a1348a0543ac2dd99d823148d25c.tar.gz
smc: Fix overread.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
-rw-r--r--libavcodec/smc.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/smc.c b/libavcodec/smc.c
index 9ae19ffb45..a4fc861f62 100644
--- a/libavcodec/smc.c
+++ b/libavcodec/smc.c
@@ -313,7 +313,7 @@ static void smc_decode_stream(SmcContext *s)
} else
color_table_index = CQUAD * s->buf[stream_ptr++];
- while (n_blocks--) {
+ while (n_blocks-- && stream_ptr + 3 < s->size) {
color_flags = AV_RB32(&s->buf[stream_ptr]);
stream_ptr += 4;
/* flag mask actually acts as a bit shift count here */