Download-Tools/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-02-12 04:44:25 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix an exploit in indeo by checking we are not writing out of the strip array.

Browse Source 
Fixes issue 655

Originally committed as revision 16802 to svn://svn.ffmpeg.org/ffmpeg/trunk
This commit is contained in:
Benoit Fouet 2009-01-26 09:41:23 +00:00
parent f2f35d3364
commit a44cb89b0f
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
libavcodec/indeo3.c
View File

@ -252,6 +252,10 @@ static void iv_Decode_Chunk(Indeo3DecodeContext *s,
if(cmd == 0) {
strip++;
if(strip >= strip_tbl + FF_ARRAY_ELEMS(strip_tbl)) {
av_log(s->avctx, AV_LOG_WARNING, "out of range strip\n");
break;
}
memcpy(strip, strip-1, sizeof(*strip));
strip->split_flag = 1;
strip->split_direction = 0;
@ -259,6 +263,10 @@ static void iv_Decode_Chunk(Indeo3DecodeContext *s,
continue;
} else if(cmd == 1) {
strip++;
if(strip >= strip_tbl + FF_ARRAY_ELEMS(strip_tbl)) {
av_log(s->avctx, AV_LOG_WARNING, "out of range strip\n");
break;
}
memcpy(strip, strip-1, sizeof(*strip));
strip->split_flag = 1;
strip->split_direction = 1;