diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2011-12-15 04:24:38 +0100 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2012-01-03 18:17:50 +0100 |
| commit | 6a805e5334637c74af7ae45a838ef78fa2acb7d8 (patch) | |
| tree | 09bd3c3bba66fa433cc6049d240cf9db9774d07b | |
| parent | 6b7a14e5993848ffa6a388ca3829b3b2652f7afc (diff) | |
| download | ffmpeg-6a805e5334637c74af7ae45a838ef78fa2acb7d8.tar.gz | |
flicvideo: fix overread.
Bug Found by: Diana Elena Muscalu
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit afb2bac48d0d044718c2da3d34a97bee244be2e3)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
| -rw-r--r-- | libavcodec/flicvideo.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/libavcodec/flicvideo.c b/libavcodec/flicvideo.c index 9111d17d82..28009cddba 100644 --- a/libavcodec/flicvideo.c +++ b/libavcodec/flicvideo.c @@ -319,12 +319,14 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, pixel_ptr = y_ptr; CHECK_PIXEL_PTR(0); pixel_countdown = s->avctx->width; - line_packets = buf[stream_ptr++]; - if (stream_ptr + 2 * line_packets > stream_ptr_after_chunk) + if (stream_ptr + 1 > stream_ptr_after_chunk) break; + line_packets = buf[stream_ptr++]; if (line_packets > 0) { for (i = 0; i < line_packets; i++) { /* account for the skip bytes */ + if (stream_ptr + 2 > stream_ptr_after_chunk) + break; pixel_skip = buf[stream_ptr++]; pixel_ptr += pixel_skip; pixel_countdown -= pixel_skip; |