On Tue, Feb 04, 2014 at 11:31:39AM +0100, Anton Khirnov wrote: > Fixes invalid writes. > > Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind > CC:[email protected] > --- > libavcodec/rpza.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/libavcodec/rpza.c b/libavcodec/rpza.c > index c859126..54b96b4 100644 > --- a/libavcodec/rpza.c > +++ b/libavcodec/rpza.c > @@ -119,6 +119,8 @@ static void rpza_decode_stream(RpzaContext *s) > } > } > > + n_blocks = FFMIN(n_blocks, total_blocks); > + > switch (opcode & 0xe0) { > > /* Skip blocks */ > --
LGTM, would be even better with a warning message and break on trailing data (i.e. all blocks are decoded but there's still a lot of opcodes left in the stream) _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
