generic-library/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

vmnc: check input size before reading chunk header, fix overread

Browse Source 
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2012-11-14 02:50:59 +01:00
parent b61658829b
commit 39c5cd601e
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libavcodec/vmnc.c
View File

@ -332,6 +332,10 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac
src += 2; src += 2;
chunks = AV_RB16(src); src += 2; chunks = AV_RB16(src); src += 2;
while(chunks--) { while(chunks--) {
if(buf_size - (src - buf) < 12) {
av_log(avctx, AV_LOG_ERROR, "Premature end of data!\n");
return -1;
}
dx = AV_RB16(src); src += 2; dx = AV_RB16(src); src += 2;
dy = AV_RB16(src); src += 2; dy = AV_RB16(src); src += 2;
w = AV_RB16(src); src += 2; w = AV_RB16(src); src += 2;