[FFmpeg-cvslog] avcodec/interplayvideo: fix dead-lock

Paul B Mahol git at videolan.org
Wed Jun 28 18:16:08 EEST 2017


ffmpeg | branch: master | Paul B Mahol <onemda at gmail.com> | Wed Jun 28 17:14:30 2017 +0200| [ed782bebf508d4a27e1beaa040035bf84376f359] | committer: Paul B Mahol

avcodec/interplayvideo: fix dead-lock

Fixes #6499.

Signed-off-by: Paul B Mahol <onemda at gmail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ed782bebf508d4a27e1beaa040035bf84376f359
---

 libavcodec/interplayvideo.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libavcodec/interplayvideo.c b/libavcodec/interplayvideo.c
index 1a1aa96ac7..8ccd20019f 100644
--- a/libavcodec/interplayvideo.c
+++ b/libavcodec/interplayvideo.c
@@ -1044,7 +1044,7 @@ static void ipvideo_decode_format_10_opcodes(IpvideoContext *s, AVFrame *frame)
             for (x = 0; x < s->avctx->width; x += 8) {
                 s->pixel_ptr = s->cur_decode_frame->data[0] + x + y * s->cur_decode_frame->linesize[0];
 
-                while (skip <= 0)  {
+                while (skip <= 0 && bytestream2_get_bytes_left(&decoding_map_ptr) > 1)  {
                     if (skip != -0x8000 && skip) {
                         opcode = bytestream2_get_le16(&decoding_map_ptr);
                         ipvideo_format_10_passes[pass](s, frame, opcode);
@@ -1069,6 +1069,8 @@ static void ipvideo_decode_format_10_opcodes(IpvideoContext *s, AVFrame *frame)
                     changed_block = 1;
                     break;
                 }
+                if (bytestream2_get_bytes_left(&skip_map_ptr) < 2)
+                    return AVERROR_INVALIDDATA;
                 skip = bytestream2_get_le16(&skip_map_ptr);
             }
 



More information about the ffmpeg-cvslog mailing list