[FFmpeg-cvslog] iff_ilbm: fix null ptr deref

Michael Niedermayer git at videolan.org
Sat Jun 9 21:18:02 CEST 2012


ffmpeg | branch: release/0.7 | Michael Niedermayer <michaelni at gmx.at> | Mon May 28 17:13:10 2012 +0200| [a85c3fff37a9f410aded0cbcdae08e724adbea21] | committer: Michael Niedermayer

iff_ilbm: fix null ptr deref

Fixes Ticket1362

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 849d4b041351ef8d77c4231cf417f997e79f9ab7)

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a85c3fff37a9f410aded0cbcdae08e724adbea21
---

 libavcodec/iff.c |   10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/libavcodec/iff.c b/libavcodec/iff.c
index 195ef10..9e74365 100644
--- a/libavcodec/iff.c
+++ b/libavcodec/iff.c
@@ -176,7 +176,13 @@ static int extract_header(AVCodecContext *const avctx,
     const uint8_t *buf;
     unsigned buf_size;
     IffContext *s = avctx->priv_data;
-    int palette_size = avctx->extradata_size - AV_RB16(avctx->extradata);
+    int palette_size;
+
+    if (avctx->extradata_size < 2) {
+        av_log(avctx, AV_LOG_ERROR, "not enough extradata\n");
+        return AVERROR_INVALIDDATA;
+    }
+    palette_size = avctx->extradata_size - AV_RB16(avctx->extradata);
 
     if (avpkt) {
         int image_size;
@@ -192,8 +198,6 @@ static int extract_header(AVCodecContext *const avctx,
             return AVERROR_INVALIDDATA;
         }
     } else {
-        if (avctx->extradata_size < 2)
-            return AVERROR_INVALIDDATA;
         buf = avctx->extradata;
         buf_size = bytestream_get_be16(&buf);
         if (buf_size <= 1 || palette_size < 0) {



More information about the ffmpeg-cvslog mailing list