[FFmpeg-cvslog] avcodec/cdgraphics: check buffer size before use

Michael Niedermayer git at videolan.org
Tue May 14 01:55:00 CEST 2013


ffmpeg | branch: release/1.0 | Michael Niedermayer <michaelni at gmx.at> | Tue May  7 21:04:33 2013 +0200| [2c66058737e254756118b7f7be0be7d3bfbb4fe3] | committer: Michael Niedermayer

avcodec/cdgraphics: check buffer size before use

Fixes out of array accesses

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit ad002e1a13a8df934bd6cb2c84175a4780ab8942)

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2c66058737e254756118b7f7be0be7d3bfbb4fe3
---

 libavcodec/cdgraphics.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libavcodec/cdgraphics.c b/libavcodec/cdgraphics.c
index 8638dca..72e569f 100644
--- a/libavcodec/cdgraphics.c
+++ b/libavcodec/cdgraphics.c
@@ -295,7 +295,9 @@ static int cdg_decode_frame(AVCodecContext *avctx,
     inst    = bytestream_get_byte(&buf);
     inst    &= CDG_MASK;
     buf += 2;  /// skipping 2 unneeded bytes
-    bytestream_get_buffer(&buf, cdg_data, buf_size - CDG_HEADER_SIZE);
+
+    if (buf_size > CDG_HEADER_SIZE)
+        bytestream_get_buffer(&buf, cdg_data, buf_size - CDG_HEADER_SIZE);
 
     if ((command & CDG_MASK) == CDG_COMMAND) {
         switch (inst) {



More information about the ffmpeg-cvslog mailing list