[FFmpeg-cvslog] indeo3dec: check mv bitstream pointer
Michael Niedermayer
git at videolan.org
Mon Mar 26 22:26:57 CEST 2012
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Mon Mar 26 22:11:53 2012 +0200| [a84851bef8b7c99708ac5c7d0cddd6f8a7ee4d9e] | committer: Michael Niedermayer
indeo3dec: check mv bitstream pointer
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a84851bef8b7c99708ac5c7d0cddd6f8a7ee4d9e
---
libavcodec/indeo3.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/libavcodec/indeo3.c b/libavcodec/indeo3.c
index 62cd835..c24252a 100644
--- a/libavcodec/indeo3.c
+++ b/libavcodec/indeo3.c
@@ -801,6 +801,10 @@ static int parse_bintree(Indeo3DecodeContext *ctx, AVCodecContext *avctx,
/* get motion vector index and setup the pointer to the mv set */
if (!ctx->need_resync)
ctx->next_cell_data = &ctx->gb.buffer[(get_bits_count(&ctx->gb) + 7) >> 3];
+ if (ctx->next_cell_data >= ctx->last_byte) {
+ av_log(avctx, AV_LOG_ERROR, "motion vector out of array\n");
+ return AVERROR_INVALIDDATA;
+ }
mv_idx = *(ctx->next_cell_data++);
if (mv_idx >= ctx->num_vectors) {
av_log(avctx, AV_LOG_ERROR, "motion vector index out of range\n");
More information about the ffmpeg-cvslog
mailing list