[FFmpeg-cvslog] r26289 - trunk/libavcodec/truemotion2.c
Stefano Sabatini
stefano.sabatini-lala
Sun Jan 9 21:41:52 CET 2011
On date Sunday 2011-01-09 20:38:32 +0100, cehoyos wrote:
> Author: cehoyos
> Date: Sun Jan 9 20:38:32 2011
> New Revision: 26289
>
> Log:
> Check for several overreads, fixes issue 2512.
>
> Patch by Daniel Kang, daniel.d.kang at gmail
>
> Modified:
> trunk/libavcodec/truemotion2.c
>
> Modified: trunk/libavcodec/truemotion2.c
> ==============================================================================
> --- trunk/libavcodec/truemotion2.c Sun Jan 9 20:29:39 2011 (r26288)
> +++ trunk/libavcodec/truemotion2.c Sun Jan 9 20:38:32 2011 (r26289)
> @@ -260,7 +260,8 @@ static int tm2_read_deltas(TM2Context *c
> return 0;
> }
>
> -static int tm2_read_stream(TM2Context *ctx, const uint8_t *buf, int stream_id) {
> +static int tm2_read_stream(TM2Context *ctx, const uint8_t *buf, int stream_id, int buf_size)
> +{
> int i;
> int cur = 0;
> int skip = 0;
> @@ -274,6 +275,11 @@ static int tm2_read_stream(TM2Context *c
> if(len == 0)
> return 4;
>
> + if (len >= INT_MAX/4-1 || len < 0 || len > buf_size) {
> + av_log(ctx->avctx, AV_LOG_ERROR, "Error, invalid stream size.\n");
> + return -1;
> + }
People, plese try to use meaningful error codes, they help calling
code to detect and report which is the cause of the problem, -1
corresponds to EPERM which is not the correct reason most of the
times.
--
You will hear good news from one you thought unfriendly to you.
More information about the ffmpeg-cvslog
mailing list