diff options
author | Laurent Aimar <fenrir@videolan.org> | 2011-10-01 00:45:01 +0200 |
---|---|---|
committer | Michael Niedermayer <michaelni@gmx.at> | 2011-10-01 02:41:40 +0200 |
commit | a5d46235f3f70f0b620f8e54649ece45ecc5b170 (patch) | |
tree | f14d93f67180c1ee20356497173079c24f22b2aa /libavcodec/eacmv.c | |
parent | 113d7be62497c4e59db8f224fdb7f0a90cf17d03 (diff) | |
download | ffmpeg-a5d46235f3f70f0b620f8e54649ece45ecc5b170.tar.gz |
Check for out of bound reads in the Electronic Arts CMV decoder.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat (limited to 'libavcodec/eacmv.c')
-rw-r--r-- | libavcodec/eacmv.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/libavcodec/eacmv.c b/libavcodec/eacmv.c index 3ac9cdaecb..20ec0a2265 100644 --- a/libavcodec/eacmv.c +++ b/libavcodec/eacmv.c @@ -158,6 +158,9 @@ static int cmv_decode_frame(AVCodecContext *avctx, CmvContext *s = avctx->priv_data; const uint8_t *buf_end = buf + buf_size; + if (buf_end - buf < EA_PREAMBLE_SIZE) + return AVERROR_INVALIDDATA; + if (AV_RL32(buf)==MVIh_TAG||AV_RB32(buf)==MVIh_TAG) { cmv_process_header(s, buf+EA_PREAMBLE_SIZE, buf_end); return buf_size; |