[FFmpeg-cvslog] avcodec/interplayvideo: fix dead-lock
Paul B Mahol
git at videolan.org
Wed Jun 28 18:16:08 EEST 2017
ffmpeg | branch: master | Paul B Mahol <onemda at gmail.com> | Wed Jun 28 17:14:30 2017 +0200| [ed782bebf508d4a27e1beaa040035bf84376f359] | committer: Paul B Mahol
avcodec/interplayvideo: fix dead-lock
Fixes #6499.
Signed-off-by: Paul B Mahol <onemda at gmail.com>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ed782bebf508d4a27e1beaa040035bf84376f359
---
libavcodec/interplayvideo.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libavcodec/interplayvideo.c b/libavcodec/interplayvideo.c
index 1a1aa96ac7..8ccd20019f 100644
--- a/libavcodec/interplayvideo.c
+++ b/libavcodec/interplayvideo.c
@@ -1044,7 +1044,7 @@ static void ipvideo_decode_format_10_opcodes(IpvideoContext *s, AVFrame *frame)
for (x = 0; x < s->avctx->width; x += 8) {
s->pixel_ptr = s->cur_decode_frame->data[0] + x + y * s->cur_decode_frame->linesize[0];
- while (skip <= 0) {
+ while (skip <= 0 && bytestream2_get_bytes_left(&decoding_map_ptr) > 1) {
if (skip != -0x8000 && skip) {
opcode = bytestream2_get_le16(&decoding_map_ptr);
ipvideo_format_10_passes[pass](s, frame, opcode);
@@ -1069,6 +1069,8 @@ static void ipvideo_decode_format_10_opcodes(IpvideoContext *s, AVFrame *frame)
changed_block = 1;
break;
}
+ if (bytestream2_get_bytes_left(&skip_map_ptr) < 2)
+ return AVERROR_INVALIDDATA;
skip = bytestream2_get_le16(&skip_map_ptr);
}
More information about the ffmpeg-cvslog
mailing list