fix segfault with lol-ffplay2.mpg (dunno if this is exploitable, probably not easily)

author Michael Niedermayer <michaelni@gmx.at>

Fri, 9 Feb 2007 02:21:34 +0000 (02:21 +0000)

committer Michael Niedermayer <michaelni@gmx.at>

Fri, 9 Feb 2007 02:21:34 +0000 (02:21 +0000)
author Michael Niedermayer <michaelni@gmx.at>
Fri, 9 Feb 2007 02:21:34 +0000 (02:21 +0000)
committer Michael Niedermayer <michaelni@gmx.at>
Fri, 9 Feb 2007 02:21:34 +0000 (02:21 +0000)
diff --git a/libavcodec/mpeg12.c b/libavcodec/mpeg12.c

index c0d1f0d7b7b3631045615d945552a6651a7a213e..0b7cb47e80f61be43eba6ff40a2992e55edffdfe 100644 (file)
--- a/libavcodec/mpeg12.c
+++ b/libavcodec/mpeg12.c
@@ -2593,6 +2593,10 @@ static int mpeg_decode_slice(Mpeg1Context *s1, int mb_y,
              break;
          }
      }
+    if(s->mb_x >= (unsigned)s->mb_width){
+        av_log(s->avctx, AV_LOG_ERROR, "initial skip overflow\n");
+        return -1;
+    }
  
      s->resync_mb_x= s->mb_x;
      s->resync_mb_y= s->mb_y= mb_y;
author	Michael Niedermayer <michaelni@gmx.at>
	Fri, 9 Feb 2007 02:21:34 +0000 (02:21 +0000)
committer	Michael Niedermayer <michaelni@gmx.at>
	Fri, 9 Feb 2007 02:21:34 +0000 (02:21 +0000)