[FFmpeg-devel] [PATCH] avcodec/rscc: check deflated input pixel buffer size
James Almer
jamrial at gmail.com
Wed May 11 03:13:44 CEST 2016
On 5/10/2016 9:30 PM, Michael Niedermayer wrote:
> On Tue, May 10, 2016 at 04:30:03PM -0300, James Almer wrote:
>> Prevents overreads as reported by valgrind
>>
>> Signed-off-by: James Almer <jamrial at gmail.com>
>> ---
>> See http://fate.ffmpeg.org/report.cgi?time=20160509191458&slot=x86_64-archlinux-gcc-valgrindundef
>>
>> libavcodec/rscc.c | 5 +++++
>> 1 file changed, 5 insertions(+)
>>
>> diff --git a/libavcodec/rscc.c b/libavcodec/rscc.c
>> index a47d29f..b1f6f87 100644
>> --- a/libavcodec/rscc.c
>> +++ b/libavcodec/rscc.c
>> @@ -258,6 +258,11 @@ static int rscc_decode_frame(AVCodecContext *avctx, void *data,
>> pixels = gbc->buffer;
>> } else {
>> uLongf len = ctx->inflated_size;
>> + if (bytestream2_get_bytes_left(gbc) < packed_size) {
>> + av_log(avctx, AV_LOG_ERROR, "Insufficient input for %d\n", packed_size);
>> + ret = AVERROR_INVALIDDATA;
>> + goto end;
>> + }
>
> you might want to check for packed_size < 0
> isnt strictly needed i guess but seems more proper
Done
>
> LGTM otherwise
Pushed, thanks.
More information about the ffmpeg-devel
mailing list