projects
/
platform
/
upstream
/
libav.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
a1c1c78
)
Check RV30/40 slice offsets to be inside buffer.
author
Kostya Shishkov
<kostya.shishkov@gmail.com>
Tue, 2 Dec 2008 17:39:20 +0000
(17:39 +0000)
committer
Kostya Shishkov
<kostya.shishkov@gmail.com>
Tue, 2 Dec 2008 17:39:20 +0000
(17:39 +0000)
This fixes issue 738
Originally committed as revision 15981 to svn://svn.ffmpeg.org/ffmpeg/trunk
libavcodec/rv34.c
patch
|
blob
|
history
diff --git
a/libavcodec/rv34.c
b/libavcodec/rv34.c
index
297a1a7
..
ec80035
100644
(file)
--- a/
libavcodec/rv34.c
+++ b/
libavcodec/rv34.c
@@
-1389,6
+1389,11
@@
int ff_rv34_decode_frame(AVCodecContext *avctx,
else
size= get_slice_offset(avctx, slices_hdr, i+1) - offset;
+ if(offset > buf_size){
+ av_log(avctx, AV_LOG_ERROR, "Slice offset is greater than frame size\n");
+ break;
+ }
+
r->si.end = s->mb_width * s->mb_height;
if(i+1 < slice_count){
init_get_bits(&s->gb, buf+get_slice_offset(avctx, slices_hdr, i+1), (buf_size-get_slice_offset(avctx, slices_hdr, i+1))*8);