[FFmpeg-cvslog] qpeg: Fix out of array writes.
Michael Niedermayer
git at videolan.org
Sat Mar 3 04:41:32 CET 2012
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Sat Mar 3 03:37:52 2012 +0100| [4299dfa5ded84111231a456ad102f65f6f62649e] | committer: Michael Niedermayer
qpeg: Fix out of array writes.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4299dfa5ded84111231a456ad102f65f6f62649e
---
libavcodec/qpeg.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/libavcodec/qpeg.c b/libavcodec/qpeg.c
index ca48b6b..f2dba73 100644
--- a/libavcodec/qpeg.c
+++ b/libavcodec/qpeg.c
@@ -203,6 +203,8 @@ static void qpeg_decode_inter(const uint8_t *src, uint8_t *dst, int size,
filled = 0;
dst -= stride;
height--;
+ if(height < 0)
+ break;
}
}
} else if(code >= 0xC0) { /* copy code: 0xC0..0xDF */
@@ -214,6 +216,8 @@ static void qpeg_decode_inter(const uint8_t *src, uint8_t *dst, int size,
filled = 0;
dst -= stride;
height--;
+ if(height < 0)
+ break;
}
}
size -= code + 1;
More information about the ffmpeg-cvslog
mailing list