[FFmpeg-cvslog] 4xm: do not overread the prestream buffer
Luca Barbato
git at videolan.org
Mon Nov 4 17:58:42 CET 2013
ffmpeg | branch: release/0.10 | Luca Barbato <lu_zero at gentoo.org> | Fri Jun 7 16:18:22 2013 +0200| [12dc01bb1f07112cd7eb31e183d75cb3c0fb92ca] | committer: Luca Barbato
4xm: do not overread the prestream buffer
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit be373cb50d3c411366fec7eef2eb3681abe48f96)
Signed-off-by: Luca Barbato <lu_zero at gentoo.org>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=12dc01bb1f07112cd7eb31e183d75cb3c0fb92ca
---
libavcodec/4xm.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/libavcodec/4xm.c b/libavcodec/4xm.c
index 52c16cf..3d026fe 100644
--- a/libavcodec/4xm.c
+++ b/libavcodec/4xm.c
@@ -535,7 +535,10 @@ static int decode_i_mb(FourXContext *f){
return 0;
}
-static const uint8_t *read_huffman_tables(FourXContext *f, const uint8_t * const buf){
+static const uint8_t *read_huffman_tables(FourXContext *f,
+ const uint8_t * const buf,
+ int len)
+{
int frequency[512];
uint8_t flag[512];
int up[512];
@@ -553,12 +556,20 @@ static const uint8_t *read_huffman_tables(FourXContext *f, const uint8_t * const
for(;;){
int i;
+ len -= end - start + 1;
+
+ if (end < start || len < 0)
+ return NULL;
+
for(i=start; i<=end; i++){
frequency[i]= *ptr++;
}
start= *ptr++;
if(start==0) break;
+ if (--len < 0)
+ return NULL;
+
end= *ptr++;
}
frequency[256]=1;
@@ -691,7 +702,7 @@ static int decode_i_frame(FourXContext *f, const uint8_t *buf, int length){
return -1;
}
- prestream = read_huffman_tables(f, prestream);
+ prestream = read_huffman_tables(f, prestream, prestream_size);
if (!prestream) {
av_log(f->avctx, AV_LOG_ERROR, "Error reading Huffman tables.\n");
return AVERROR_INVALIDDATA;
More information about the ffmpeg-cvslog
mailing list