[FFmpeg-cvslog] avcodec/vp7: check buffer size
Michael Niedermayer
git at videolan.org
Sat Mar 29 04:40:37 CET 2014
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Sat Mar 29 04:25:50 2014 +0100| [46f72ea507afee6adb0d2324848159063d0e7afc] | committer: Michael Niedermayer
avcodec/vp7: check buffer size
Fixes overread
Fixes Ticket 3501
Found-by: Piotr Bandurski <ami_stuff at o2.pl>
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=46f72ea507afee6adb0d2324848159063d0e7afc
---
libavcodec/vp8.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/libavcodec/vp8.c b/libavcodec/vp8.c
index 45a19a0..c15111e 100644
--- a/libavcodec/vp8.c
+++ b/libavcodec/vp8.c
@@ -434,6 +434,11 @@ static int vp7_decode_frame_header(VP8Context *s, const uint8_t *buf, int buf_si
s->invisible = 0;
part1_size = AV_RL24(buf) >> 4;
+ if (buf_size < 4 - s->profile + part1_size) {
+ av_log(s->avctx, AV_LOG_ERROR, "Buffer size %d is too small, needed : %d\n", buf_size, 4 - s->profile + part1_size);
+ return AVERROR_INVALIDDATA;
+ }
+
buf += 4 - s->profile;
buf_size -= 4 - s->profile;
More information about the ffmpeg-cvslog
mailing list