diff options
| author | Laurent Aimar <fenrir@videolan.org> | 2011-10-01 02:45:01 +0400 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2011-10-01 23:03:31 +0400 |
| commit | e8fd4a43ba758adb9378afe2cde4a5b9d4bda357 (patch) | |
| tree | de84485720dea0aa50d972d2e0b58ed97c5271ff | |
| parent | d950461f599241c770d29deea201d7438211dbbb (diff) | |
Check for out of bound reads in the Electronic Arts CMV decoder.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit a5d46235f3f70f0b620f8e54649ece45ecc5b170)
| -rw-r--r-- | libavcodec/eacmv.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/libavcodec/eacmv.c b/libavcodec/eacmv.c index 6e3b51998a..4cd6a6fd1f 100644 --- a/libavcodec/eacmv.c +++ b/libavcodec/eacmv.c @@ -158,6 +158,9 @@ static int cmv_decode_frame(AVCodecContext *avctx, CmvContext *s = avctx->priv_data; const uint8_t *buf_end = buf + buf_size; + if (buf_end - buf < EA_PREAMBLE_SIZE) + return AVERROR_INVALIDDATA; + if (AV_RL32(buf)==MVIh_TAG||AV_RB32(buf)==MVIh_TAG) { cmv_process_header(s, buf+EA_PREAMBLE_SIZE, buf_end); return buf_size; |