diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2013-06-14 21:13:47 +0200 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2013-06-14 21:14:31 +0200 |
| commit | 3c4c5ca1c194464f51de87534d15602f99bf9759 (patch) | |
| tree | 2efacfa064a31ad8d9b7fb4df71ae5771416fd4f | |
| parent | 69e4d8e6a4cefdf1b19f5d4d1293aa881d6064e8 (diff) | |
| download | ffmpeg-3c4c5ca1c194464f51de87534d15602f99bf9759.tar.gz | |
avcodec/g2meet: Check monochrome cursor width
Fixes out of array write
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
| -rw-r--r-- | libavcodec/g2meet.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/libavcodec/g2meet.c b/libavcodec/g2meet.c index 2aa9b2b589..09ed7ce7c4 100644 --- a/libavcodec/g2meet.c +++ b/libavcodec/g2meet.c @@ -514,6 +514,11 @@ static int g2m_load_cursor(AVCodecContext *avctx, G2MContext *c, return AVERROR_PATCHWELCOME; } + if (cursor_fmt == 1 && cursor_w % 32) { + avpriv_report_missing_feature(avctx, "odd monochrome cursor width %d", cursor_w); + return AVERROR_PATCHWELCOME; + } + tmp = av_realloc(c->cursor, cursor_stride * cursor_h); if (!tmp) { av_log(avctx, AV_LOG_ERROR, "Cannot allocate cursor buffer\n"); |