[FFmpeg-cvslog] avformat/redspark: check coef_off
Michael Niedermayer
git at videolan.org
Fri Aug 23 20:15:15 CEST 2013
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Fri Aug 23 19:12:54 2013 +0200| [aadfadd784bb1b50f0fd7444a06b2895c7fe87a3] | committer: Michael Niedermayer
avformat/redspark: check coef_off
Fixes out of array reads
Found-by: Laurent Butti <laurentb at gmail.com>
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=aadfadd784bb1b50f0fd7444a06b2895c7fe87a3
---
libavformat/redspark.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/libavformat/redspark.c b/libavformat/redspark.c
index 44d5da7..3963261 100644
--- a/libavformat/redspark.c
+++ b/libavformat/redspark.c
@@ -108,6 +108,11 @@ static int redspark_read_header(AVFormatContext *s)
if (bytestream2_get_byteu(&gbc)) // Loop flag
coef_off += 16;
+ if (coef_off + codec->channels * (32 + 14) > HEADER_SIZE) {
+ ret = AVERROR_INVALIDDATA;
+ goto fail;
+ }
+
codec->extradata_size = 32 * codec->channels;
codec->extradata = av_malloc(codec->extradata_size);
if (!codec->extradata) {
More information about the ffmpeg-cvslog
mailing list