diff options
| author | Alex Converse <alex.converse@gmail.com> | 2011-09-09 13:26:49 -0700 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2011-11-03 03:26:19 +0100 |
| commit | 457f869b73ff9c49486c31a6574eb6601f8eb2d1 (patch) | |
| tree | be8aac4b90ab7cb002917b90c87da2f0cc26fffb | |
| parent | 70f01f12626caacd3926e11ac1ebc705e67016e7 (diff) | |
| download | ffmpeg-457f869b73ff9c49486c31a6574eb6601f8eb2d1.tar.gz | |
indeo2: fail if input buffer too small
(cherry picked from commit b7ce4f1d1c3add86ece7ca595ea6c4a10b471055)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
| -rw-r--r-- | libavcodec/indeo2.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/libavcodec/indeo2.c b/libavcodec/indeo2.c index e1bfd08870..8ee6a86e9e 100644 --- a/libavcodec/indeo2.c +++ b/libavcodec/indeo2.c @@ -153,6 +153,13 @@ static int ir2_decode_frame(AVCodecContext *avctx, return -1; } + start = 48; /* hardcoded for now */ + + if (start >= buf_size) { + av_log(s->avctx, AV_LOG_ERROR, "input buffer size too small (%d)\n", buf_size); + return AVERROR_INVALIDDATA; + } + s->decode_delta = buf[18]; /* decide whether frame uses deltas or not */ @@ -160,7 +167,6 @@ static int ir2_decode_frame(AVCodecContext *avctx, for (i = 0; i < buf_size; i++) buf[i] = ff_reverse[buf[i]]; #endif - start = 48; /* hardcoded for now */ init_get_bits(&s->gb, buf + start, (buf_size - start) * 8); |