[FFmpeg-cvslog] avcodec/vqavideo: Check chunk size
Michael Niedermayer
git at videolan.org
Thu May 21 21:26:01 CEST 2015
ffmpeg | branch: release/2.5 | Michael Niedermayer <michaelni at gmx.at> | Wed May 13 00:41:38 2015 +0200| [00223d461bb78756033479e80c6a10a5570658bc] | committer: Michael Niedermayer
avcodec/vqavideo: Check chunk size
Fixes CID1239154
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 8a62b80ce6c8e87e7937f9a5d68f83882c1c8da2)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=00223d461bb78756033479e80c6a10a5570658bc
---
libavcodec/vqavideo.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/libavcodec/vqavideo.c b/libavcodec/vqavideo.c
index 4dcebd4..bf55571 100644
--- a/libavcodec/vqavideo.c
+++ b/libavcodec/vqavideo.c
@@ -231,6 +231,12 @@ static int decode_format80(VqaContext *s, int src_size,
unsigned char color;
int i;
+ if (src_size < 0 || src_size > bytestream2_get_bytes_left(&s->gb)) {
+ av_log(s->avctx, AV_LOG_ERROR, "Chunk size %d is out of range\n",
+ src_size);
+ return AVERROR_INVALIDDATA;
+ }
+
start = bytestream2_tell(&s->gb);
while (bytestream2_tell(&s->gb) - start < src_size) {
opcode = bytestream2_get_byte(&s->gb);
More information about the ffmpeg-cvslog
mailing list