generic-library/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge commit '00915d3cd2ce61db3d6dc11f63566630a9aff4ec' into release/1.1

Browse Source 
* commit '00915d3cd2ce61db3d6dc11f63566630a9aff4ec':
  pgssubdec: Check RLE size before copying

See: c0d68be555
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer
2014-08-08 14:19:24 +02:00
parent 6e83c26620 00915d3cd2
commit 1ee5e2ce3d
1 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
libavcodec/pgssubdec.c
View File

@@ -212,6 +212,13 @@ static int parse_picture_segment(AVCodecContext *avctx,
/* Decode rle bitmap length, stored size includes width/height data */
rle_bitmap_len = bytestream_get_be24(&buf) - 2*2;
if (buf_size > rle_bitmap_len) {
av_log(avctx, AV_LOG_ERROR,
"Buffer dimension %d larger than the expected RLE data %d\n",
buf_size, rle_bitmap_len);
return AVERROR_INVALIDDATA;
}
/* Get bitmap dimensions from data */
width = bytestream_get_be16(&buf);
height = bytestream_get_be16(&buf);
@@ -222,11 +229,6 @@ static int parse_picture_segment(AVCodecContext *avctx,
return -1;
}
if (buf_size > rle_bitmap_len) {
av_log(avctx, AV_LOG_ERROR, "too much RLE data\n");
return AVERROR_INVALIDDATA;
}
ctx->pictures[picture_id].w = width;
ctx->pictures[picture_id].h = height;