ffmpeg | branch: release/2.4 | Michael Niedermayer <michae...@gmx.at> | Fri May 15 16:48:31 2015 +0200| [49664f160e079659fc22e96820f43648f751a10f] | committer: Michael Niedermayer
avcodec/shorten: Check skip_bytes() Fixes CID1210526 Signed-off-by: Michael Niedermayer <michae...@gmx.at> (cherry picked from commit d201becfc0d89c6a5dfe44e96f1044fbc2aadb70) Signed-off-by: Michael Niedermayer <michae...@gmx.at> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=49664f160e079659fc22e96820f43648f751a10f --- libavcodec/shorten.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c index 4e63274..7eb3ac4 100644 --- a/libavcodec/shorten.c +++ b/libavcodec/shorten.c @@ -369,6 +369,11 @@ static int read_header(ShortenContext *s) s->nmean = get_uint(s, 0); skip_bytes = get_uint(s, NSKIPSIZE); + if ((unsigned)skip_bytes > get_bits_left(&s->gb)/8) { + av_log(s->avctx, AV_LOG_ERROR, "invalid skip_bytes: %d\n", skip_bytes); + return AVERROR_INVALIDDATA; + } + for (i = 0; i < skip_bytes; i++) skip_bits(&s->gb, 8); } _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog