generic-library/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

indeo3: fix out of cell write.

Browse Source 
Fixes CVE-2012-2776.

CC:libav-stable@libav.org

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit e4d4044339b9c3b0f45f7203cd026eda3c0414c0)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
This commit is contained in:
Anton Khirnov 2012-09-29 10:39:49 +02:00 committed by Reinhard Tartler
parent 5c413648c1
commit 1c8e2561b4
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
libavcodec/indeo3.c
View File

@ -416,6 +416,9 @@ static int decode_cell_data(Cell *cell, uint8_t *block, uint8_t *ref_block,
blk_row_offset = (row_offset << (2 + v_zoom)) - (cell->width << 2);
line_offset = v_zoom ? row_offset : 0;
if (cell->height & v_zoom || cell->width & h_zoom)
return IV3_BAD_DATA;
for (y = 0; y < cell->height; is_first_row = 0, y += 1 + v_zoom) {
for (x = 0; x < cell->width; x += 1 + h_zoom) {
ref = ref_block;