[FFmpeg-cvslog] roqvideodec: improve end of input buffer check
Michael Niedermayer
git at videolan.org
Fri Mar 2 03:09:13 CET 2012
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Fri Mar 2 02:32:14 2012 +0100| [7a7b1f5c4d4127ff78bed67e786d03560a9cc199] | committer: Michael Niedermayer
roqvideodec: improve end of input buffer check
This fixes a out of array read.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7a7b1f5c4d4127ff78bed67e786d03560a9cc199
---
libavcodec/roqvideodec.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/libavcodec/roqvideodec.c b/libavcodec/roqvideodec.c
index 161e7da..6085f4a 100644
--- a/libavcodec/roqvideodec.c
+++ b/libavcodec/roqvideodec.c
@@ -44,7 +44,7 @@ static void roqvideo_decode_frame(RoqContext *ri)
const unsigned char *buf = ri->buf;
const unsigned char *buf_end = ri->buf + ri->size;
- while (buf < buf_end) {
+ while (buf + 8 <= buf_end) {
chunk_id = bytestream_get_le16(&buf);
chunk_size = bytestream_get_le32(&buf);
chunk_arg = bytestream_get_le16(&buf);
More information about the ffmpeg-cvslog
mailing list