[FFmpeg-devel] [PATCH] avcodec/utvideodec: Fix bytes left check in decode_frame()
Paul B Mahol
onemda at gmail.com
Sat Feb 3 11:16:07 EET 2018
On 2/2/18, Michael Niedermayer <michael at niedermayer.cc> wrote:
> Fixes: out of array read
> Fixes: poc-2017.avi
>
> Found-by: GwanYeong Kim <gy741.kim at gmail.com>
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
> libavcodec/utvideodec.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavcodec/utvideodec.c b/libavcodec/utvideodec.c
> index 608c8c4998..1bcd14e74c 100644
> --- a/libavcodec/utvideodec.c
> +++ b/libavcodec/utvideodec.c
> @@ -676,7 +676,7 @@ static int decode_frame(AVCodecContext *avctx, void
> *data, int *got_frame,
> for (j = 0; j < c->slices; j++) {
> slice_end = bytestream2_get_le32u(&gb);
> if (slice_end < 0 || slice_end < slice_start ||
> - bytestream2_get_bytes_left(&gb) < slice_end) {
> + bytestream2_get_bytes_left(&gb) < slice_end + 1024LL) {
> av_log(avctx, AV_LOG_ERROR, "Incorrect slice size\n");
> return AVERROR_INVALIDDATA;
> }
> --
> 2.16.1
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
Why this magic number 1024LL ?
More information about the ffmpeg-devel
mailing list