wrapper/FFmpeg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

dfa: improve boundary checks in decode_dds1()

Browse source 
Fixes CVE-2012-2798

CC:libav-stable@libav.org
(cherry picked from commit d05f72c754)

Conflicts:

	libavcodec/dfa.c
This commit is contained in:
Anton Khirnov 2012-09-29 13:25:28 +02:00 committed by Reinhard Tartler
parent 03ddc26066
commit 604d72aa0d
1 changed files with 6 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

10
libavcodec/dfa.c
View file

@ -159,8 +159,7 @@ static int decode_dds1(uint8_t *frame, int width, int height,
bitbuf = bytestream_get_le16(&src);
mask = 1;
}
if (src_end - src < 2 || frame_end - frame < 2)
return -1;
if (bitbuf & mask) {
v = bytestream_get_le16(&src);
offset = (v & 0x1FFF) << 2;
@ -174,9 +173,12 @@ static int decode_dds1(uint8_t *frame, int width, int height,
frame += 2;
}
} else if (bitbuf & (mask << 1)) {
frame += bytestream_get_le16(&src) * 2;
v = bytestream_get_le16(&src)*2;
if (frame - frame_end < v)
return AVERROR_INVALIDDATA;
frame += v;
} else {
if (frame_end - frame < width + 2)
if (frame_end - frame < width + 3)
return AVERROR_INVALIDDATA;
frame[0] = frame[1] =
frame[width] = frame[width + 1] = *src++;