[FFmpeg-cvslog] indeo3dec: Fix end pointer.
Michael Niedermayer
git at videolan.org
Mon Mar 26 22:26:57 CEST 2012
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Mon Mar 26 22:06:54 2012 +0200| [8a521d57b30c86a222c99a8c65d663cd227ea834] | committer: Michael Niedermayer
indeo3dec: Fix end pointer.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8a521d57b30c86a222c99a8c65d663cd227ea834
---
libavcodec/indeo3.c | 7 ++++---
1 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/libavcodec/indeo3.c b/libavcodec/indeo3.c
index b6ae2ea..62cd835 100644
--- a/libavcodec/indeo3.c
+++ b/libavcodec/indeo3.c
@@ -840,13 +840,13 @@ static int decode_plane(Indeo3DecodeContext *ctx, AVCodecContext *avctx,
/* each plane data starts with mc_vector_count field, */
/* an optional array of motion vectors followed by the vq data */
- num_vectors = bytestream_get_le32(&data);
+ num_vectors = bytestream_get_le32(&data); data_size -= 4;
if (num_vectors > 256) {
av_log(ctx->avctx, AV_LOG_ERROR,
"Read invalid number of motion vectors %d\n", num_vectors);
return AVERROR_INVALIDDATA;
}
- if (num_vectors * 2 >= data_size)
+ if (num_vectors * 2 > data_size)
return AVERROR_INVALIDDATA;
ctx->num_vectors = num_vectors;
@@ -857,7 +857,7 @@ static int decode_plane(Indeo3DecodeContext *ctx, AVCodecContext *avctx,
ctx->skip_bits = 0;
ctx->need_resync = 0;
- ctx->last_byte = data + data_size - 1;
+ ctx->last_byte = data + data_size;
/* initialize the 1st cell and set its dimensions to whole plane */
curr_cell.xpos = curr_cell.ypos = 0;
@@ -894,6 +894,7 @@ static int decode_frame_headers(Indeo3DecodeContext *ctx, AVCodecContext *avctx,
/* parse the bitstream header */
bs_hdr = buf_ptr;
+ buf_size -= 16;
if (bytestream_get_le16(&buf_ptr) != 32) {
av_log(avctx, AV_LOG_ERROR, "Unsupported codec version!\n");
More information about the ffmpeg-cvslog
mailing list