On Jul 31, 2014 5:11 AM, "Luca Barbato" <[email protected]> wrote: > > On 31/07/14 03:31, [email protected] wrote: > > From: Michael Niedermayer <[email protected]> > > > > Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind > > Signed-off-by: Michael Niedermayer <[email protected]> > > Addresses: CVE-2013-0852 > > Bug-Id: please > > > > > Conflicts: > > libavcodec/pgssubdec.c > > Drop this > > > --- > > libavcodec/pgssubdec.c | 5 +++++ > > 1 file changed, 5 insertions(+) > > > > diff --git a/libavcodec/pgssubdec.c b/libavcodec/pgssubdec.c > > index 1cafd9f..d5185ee 100644 > > --- a/libavcodec/pgssubdec.c > > +++ b/libavcodec/pgssubdec.c > > @@ -285,6 +285,11 @@ static int parse_object_segment(AVCodecContext *avctx, > > return AVERROR_INVALIDDATA; > > } > > > > + if (buf_size > rle_bitmap_len) { > > + av_log(avctx, AV_LOG_ERROR, "too much RLE data\n"); > > + return AVERROR_INVALIDDATA; > > + } > > should go where the rle_bitmap_len is parsed. > > > + > > object->w = width; > > object->h = height; > > > > > > I'll amend the patch myself. >
Thanks for taking over Reinhard _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
