generic-library/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

gifdec: check ff_lzw_decode_init() return value, fix out of array reads

Browse Source 
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2012-11-14 22:59:22 +01:00
parent 50f0a6b4e6
commit 612ecfbbbb
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
libavcodec/gifdec.c
View File

@ -67,6 +67,7 @@ static int gif_read_image(GifState *s)
int left, top, width, height, bits_per_pixel, code_size, flags; int left, top, width, height, bits_per_pixel, code_size, flags;
int is_interleaved, has_local_palette, y, pass, y1, linesize, n, i; int is_interleaved, has_local_palette, y, pass, y1, linesize, n, i;
uint8_t *ptr, *spal, *palette, *ptr1; uint8_t *ptr, *spal, *palette, *ptr1;
int ret;
left = bytestream_get_le16(&s->bytestream); left = bytestream_get_le16(&s->bytestream);
top = bytestream_get_le16(&s->bytestream); top = bytestream_get_le16(&s->bytestream);
@ -107,8 +108,11 @@ static int gif_read_image(GifState *s)
/* now get the image data */ /* now get the image data */
code_size = bytestream_get_byte(&s->bytestream); code_size = bytestream_get_byte(&s->bytestream);
ff_lzw_decode_init(s->lzw, code_size, s->bytestream, if ((ret = ff_lzw_decode_init(s->lzw, code_size, s->bytestream,
s->bytestream_end - s->bytestream, FF_LZW_GIF); s->bytestream_end - s->bytestream, FF_LZW_GIF)) < 0) {
av_log(s->avctx, AV_LOG_ERROR, "LZW init failed\n");
return ret;
}
/* read all the image */ /* read all the image */
linesize = s->picture.linesize[0]; linesize = s->picture.linesize[0];