generic-library/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

4xm: do not overread the source buffer in decode_p_block

Browse Source 
Check for out of picture macroblocks before calling mcdc.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org

(cherry picked from commit 94aefb1932be882fd93f66cf790ceb19ff575c19)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>

Conflicts:
	libavcodec/4xm.c
This commit is contained in:
Luca Barbato 2013-06-09 18:27:05 +02:00 committed by Reinhard Tartler
parent 6a4f1e784e
commit 0c943d1cdd
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
libavcodec/4xm.c
View File

@ -343,6 +343,10 @@ static void decode_p_block(FourXContext *f, uint16_t *dst, uint16_t *src, int lo
decode_p_block(f, dst , src , log2w, log2h, stride);
decode_p_block(f, dst + (1<<log2w), src + (1<<log2w), log2w, log2h, stride);
}else if(code == 3 && f->version<2){
if (start > src || src > end) {
av_log(f->avctx, AV_LOG_ERROR, "mv out of pic\n");
return;
}
mcdc(dst, src, log2w, h, stride, 1, 0);
}else if(code == 4){
src += f->mv[bytestream2_get_byte(&f->g)];
@ -352,6 +356,10 @@ static void decode_p_block(FourXContext *f, uint16_t *dst, uint16_t *src, int lo
}
mcdc(dst, src, log2w, h, stride, 1, bytestream2_get_le16(&f->g2));
}else if(code == 5){
if (start > src || src > end) {
av_log(f->avctx, AV_LOG_ERROR, "mv out of pic\n");
return;
}
mcdc(dst, src, log2w, h, stride, 0, bytestream2_get_le16(&f->g2));
}else if(code == 6){
if(log2w){