[libav-devel] [PATCH 1/4] xxan: don't read before start of buffer in av_memcpy_backptr().

Ronald S. Bultje Thu, 08 Mar 2012 16:32:59 -0800

From: "Ronald S. Bultje" <[email protected]>

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: [email protected]
---
 libavcodec/xxan.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)


diff --git a/libavcodec/xxan.c b/libavcodec/xxan.c
index 4659d34..8147bad 100644
--- a/libavcodec/xxan.c
+++ b/libavcodec/xxan.c
@@ -129,7 +129,8 @@ static int xan_unpack(uint8_t *dest, const int dest_len,
                 if (size + size2 > dest_end - dest)
                     break;
             }
-            if (src + size > src_end || dest + size + size2 > dest_end)
+            if (src + size > src_end || dest + size + size2 > dest_end ||
+                dest - orig_dest + size < back)
                 return -1;
             bytestream_get_buffer(&src, dest, size);
             dest += size;
-- 
1.7.9.2

_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel

[libav-devel] [PATCH 1/4] xxan: don't read before start of buffer in av_memcpy_backptr().

Reply via email to