generic-library/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

avcodec/hnm4video: check offset before subtraction in decode_interframe_v4a()

Browse Source 
Fixes out of array read
Fixes: signal_sigsegv_1326a09_1752_cov_245452111_GRTH301.HNS
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2014-02-03 03:10:46 +01:00
parent 8e36fc0c33
commit 4d7d9a5782
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
libavcodec/hnm4video.c
View File

@ -311,8 +311,13 @@ static void decode_interframe_v4a(AVCodecContext *avctx, uint8_t *src,
offset = writeoffset;
offset += bytestream2_get_le16(&gb);
if (delta)
if (delta) {
if (offset < 0x10000) {
av_log(avctx, AV_LOG_ERROR, "Attempting to read out of bounds\n");
break;
}
offset -= 0x10000;
}
if (offset + hnm->width + count >= hnm->width * hnm->height) {
av_log(avctx, AV_LOG_ERROR, "Attempting to read out of bounds\n");