[FFmpeg-devel] [PATCH] lavc/mmvideo: fix potential buffer overread in mm_decode_pal()

Stefano Sabatini stefasab at gmail.com
Wed Jul 25 09:56:26 CEST 2012


Add missing buffer check.
---
 libavcodec/mmvideo.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/libavcodec/mmvideo.c b/libavcodec/mmvideo.c
index 3e6cb1a..ed2d405 100644
--- a/libavcodec/mmvideo.c
+++ b/libavcodec/mmvideo.c
@@ -71,7 +71,7 @@ static int mm_decode_pal(MmContext *s)
     int i;
 
     bytestream2_skip(&s->gb, 4);
-    for (i = 0; i < 128; i++) {
+    for (i = 0; i < 128 && bytestream2_get_bytes_left(&s->gb) >= 3; i++) {
         s->palette[i] = 0xFF << 24 | bytestream2_get_be24(&s->gb);
         s->palette[i+128] = s->palette[i]<<2;
     }
-- 
1.7.5.4



More information about the ffmpeg-devel mailing list