diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2012-11-14 19:15:32 +0100 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2012-11-14 19:16:08 +0100 |
| commit | 30bce34b6719ca99ad72c62e2fba3eade71f1eae (patch) | |
| tree | 4ac7f92fcc72ef448eb47f811cd7627fa15e927f /libavcodec | |
| parent | ab8517b89196890ca9f9b1ccd70acec838a9129b (diff) | |
| download | ffmpeg-30bce34b6719ca99ad72c62e2fba3eade71f1eae.tar.gz | |
vpriv_adx_decode_header: avoid underreading the array.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat (limited to 'libavcodec')
| -rw-r--r-- | libavcodec/adx.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/libavcodec/adx.c b/libavcodec/adx.c index 870216c606..7da696d0a8 100644 --- a/libavcodec/adx.c +++ b/libavcodec/adx.c @@ -47,6 +47,11 @@ int avpriv_adx_decode_header(AVCodecContext *avctx, const uint8_t *buf, return AVERROR_INVALIDDATA; offset = AV_RB16(buf + 2) + 4; + if (offset < 6) { + av_log(avctx, AV_LOG_ERROR, "offset is prior data\n"); + return AVERROR_INVALIDDATA; + } + /* if copyright string is within the provided data, validate it */ if (bufsize >= offset && memcmp(buf + offset - 6, "(c)CRI", 6)) return AVERROR_INVALIDDATA; |