[FFmpeg-cvslog] r19042 - trunk/libavcodec/lcldec.c
reimar
subversion
Sun May 31 11:59:46 CEST 2009
Author: reimar
Date: Sun May 31 11:59:46 2009
New Revision: 19042
Log:
Add sanity check for mthread_inlen, avoids crashes due to invalid reads.
Modified:
trunk/libavcodec/lcldec.c
Modified: trunk/libavcodec/lcldec.c
==============================================================================
--- trunk/libavcodec/lcldec.c Sun May 31 11:57:42 2009 (r19041)
+++ trunk/libavcodec/lcldec.c Sun May 31 11:59:46 2009 (r19042)
@@ -190,6 +190,7 @@ static int decode_frame(AVCodecContext *
case COMP_MSZH:
if (c->flags & FLAG_MULTITHREAD) {
mthread_inlen = *(unsigned int*)encoded;
+ mthread_inlen = FFMIN(mthread_inlen, len - 8);
mthread_outlen = *(unsigned int*)(encoded+4);
mthread_outlen = FFMIN(mthread_outlen, c->decomp_size);
mszh_dlen = mszh_decomp(encoded + 8, mthread_inlen, c->decomp_buf, c->decomp_size);
@@ -236,6 +237,7 @@ static int decode_frame(AVCodecContext *
if (c->flags & FLAG_MULTITHREAD) {
int ret;
mthread_inlen = *(unsigned int*)encoded;
+ mthread_inlen = FFMIN(mthread_inlen, len - 8);
mthread_outlen = *(unsigned int*)(encoded+4);
mthread_outlen = FFMIN(mthread_outlen, c->decomp_size);
ret = zlib_decomp(avctx, encoded + 8, mthread_inlen, 0, mthread_outlen);
More information about the ffmpeg-cvslog
mailing list