diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2012-11-12 14:56:07 +0100 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2012-11-12 14:56:33 +0100 |
| commit | c433823750bf096187e70c22822431a7c0bb4202 (patch) | |
| tree | 0625bd4166cb88b94e3792d385ebbbe82ee0089a /libavcodec/4xm.c | |
| parent | be818df547c3b0ae4fadb50fd210139a8636706a (diff) | |
| download | ffmpeg-c433823750bf096187e70c22822431a7c0bb4202.tar.gz | |
4xmdec: test version for cfrms, fix out of array accesses
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat (limited to 'libavcodec/4xm.c')
| -rw-r--r-- | libavcodec/4xm.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/libavcodec/4xm.c b/libavcodec/4xm.c index bbf6d902c0..bd70692273 100644 --- a/libavcodec/4xm.c +++ b/libavcodec/4xm.c @@ -811,6 +811,11 @@ static int decode_frame(AVCodecContext *avctx, void *data, return AVERROR_INVALIDDATA; } + if (f->version <= 1) { + av_log(f->avctx, AV_LOG_ERROR, "cfrm in version %d\n", f->version); + return AVERROR_INVALIDDATA; + } + for (i = 0; i < CFRAME_BUFFER_COUNT; i++) if (f->cfrm[i].id && f->cfrm[i].id < avctx->frame_number) av_log(f->avctx, AV_LOG_ERROR, "lost c frame %d\n", |