aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Niedermayer <michaelni@gmx.at>2012-04-22 11:10:17 +0200
committerMichael Niedermayer <michaelni@gmx.at>2012-04-22 11:10:17 +0200
commitf7c67536fe56336b9c6dcbc87162394c7feb18a5 (patch)
treed7bf7d82bae73677fabb96ee061cc7a94c0e8dab
parentb21ba20cc83c80fe56192fee3626a8087f37d806 (diff)
downloadffmpeg-f7c67536fe56336b9c6dcbc87162394c7feb18a5.tar.gz
svq1dec: Fix overread on very small input
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
-rw-r--r--libavcodec/svq1dec.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/libavcodec/svq1dec.c b/libavcodec/svq1dec.c
index e03df08c2d..c36f9fe435 100644
--- a/libavcodec/svq1dec.c
+++ b/libavcodec/svq1dec.c
@@ -647,6 +647,9 @@ static int svq1_decode_frame(AVCodecContext *avctx,
if (s->f_code != 0x20) {
uint32_t *src = (uint32_t *) (buf + 4);
+ if (buf_size < 36)
+ return AVERROR_INVALIDDATA;
+
for (i=0; i < 4; i++) {
src[i] = ((src[i] << 16) | (src[i] >> 16)) ^ src[7 - i];
}