subject:"\[FFmpeg\-cvslog\] avcodec\/flashsv\: Check size before updating it"

[FFmpeg-cvslog] avcodec/flashsv: Check size before updating it

2015-12-06 Thread Michael Niedermayer

ffmpeg | branch: release/2.4 | Michael Niedermayer  | 
Sat Nov 14 13:34:02 2015 +0100| [52d332b044eb5f10a1346fa77964ae331a0ff7d3] | 
committer: Michael Niedermayer

avcodec/flashsv: Check size before updating it

Fixes out of array read
Fixes: 
3c857d4d90365731524716e6d051e43a/signal_sigsegv_7f4f59bcc29e_1386_20abd2c8e655cb9c75b24368e65fe3b1.flv

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 17705f5d4f57c15f9b9bb9cfcbbb4621fed2fc70)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=52d332b044eb5f10a1346fa77964ae331a0ff7d3
---

 libavcodec/flashsv.c |8 
 1 file changed, 8 insertions(+)

diff --git a/libavcodec/flashsv.c b/libavcodec/flashsv.c
index 8791a2d..f777f24 100644
--- a/libavcodec/flashsv.c
+++ b/libavcodec/flashsv.c
@@ -413,6 +413,10 @@ static int flashsv_decode_frame(AVCodecContext *avctx, 
void *data,
 }
 
 if (has_diff) {
+if (size < 3) {
+av_log(avctx, AV_LOG_ERROR, "size too small for 
diff\n");
+return AVERROR_INVALIDDATA;
+}
 if (!s->keyframe) {
 av_log(avctx, AV_LOG_ERROR,
"Inter frame without keyframe\n");
@@ -440,6 +444,10 @@ static int flashsv_decode_frame(AVCodecContext *avctx, 
void *data,
 int row = get_bits(, 8);
 av_log(avctx, AV_LOG_DEBUG, "%dx%d zlibprime_curr %dx%d\n",
i, j, col, row);
+if (size < 3) {
+av_log(avctx, AV_LOG_ERROR, "size too small for 
zlibprime_curr\n");
+return AVERROR_INVALIDDATA;
+}
 size -= 2;
 avpriv_request_sample(avctx, "zlibprime_curr");
 return AVERROR_PATCHWELCOME;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/flashsv: Check size before updating it

2015-11-26 Thread Michael Niedermayer

ffmpeg | branch: release/2.8 | Michael Niedermayer  | 
Sat Nov 14 13:34:02 2015 +0100| [7f0b58947d6bf392bde028ec19e260ed1f8a6ebf] | 
committer: Michael Niedermayer

avcodec/flashsv: Check size before updating it

Fixes out of array read
Fixes: 
3c857d4d90365731524716e6d051e43a/signal_sigsegv_7f4f59bcc29e_1386_20abd2c8e655cb9c75b24368e65fe3b1.flv

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 17705f5d4f57c15f9b9bb9cfcbbb4621fed2fc70)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7f0b58947d6bf392bde028ec19e260ed1f8a6ebf
---

 libavcodec/flashsv.c |8 
 1 file changed, 8 insertions(+)

diff --git a/libavcodec/flashsv.c b/libavcodec/flashsv.c
index 69b56d1..90e1d43 100644
--- a/libavcodec/flashsv.c
+++ b/libavcodec/flashsv.c
@@ -413,6 +413,10 @@ static int flashsv_decode_frame(AVCodecContext *avctx, 
void *data,
 }
 
 if (has_diff) {
+if (size < 3) {
+av_log(avctx, AV_LOG_ERROR, "size too small for 
diff\n");
+return AVERROR_INVALIDDATA;
+}
 if (!s->keyframe) {
 av_log(avctx, AV_LOG_ERROR,
"Inter frame without keyframe\n");
@@ -440,6 +444,10 @@ static int flashsv_decode_frame(AVCodecContext *avctx, 
void *data,
 int row = get_bits(, 8);
 av_log(avctx, AV_LOG_DEBUG, "%dx%d zlibprime_curr %dx%d\n",
i, j, col, row);
+if (size < 3) {
+av_log(avctx, AV_LOG_ERROR, "size too small for 
zlibprime_curr\n");
+return AVERROR_INVALIDDATA;
+}
 size -= 2;
 avpriv_request_sample(avctx, "zlibprime_curr");
 return AVERROR_PATCHWELCOME;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/flashsv: Check size before updating it

2015-11-26 Thread Michael Niedermayer

ffmpeg | branch: release/2.5 | Michael Niedermayer  | 
Sat Nov 14 13:34:02 2015 +0100| [93ff48fd2e41b0d02655aaabb11b76a6549703a5] | 
committer: Michael Niedermayer

avcodec/flashsv: Check size before updating it

Fixes out of array read
Fixes: 
3c857d4d90365731524716e6d051e43a/signal_sigsegv_7f4f59bcc29e_1386_20abd2c8e655cb9c75b24368e65fe3b1.flv

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 17705f5d4f57c15f9b9bb9cfcbbb4621fed2fc70)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=93ff48fd2e41b0d02655aaabb11b76a6549703a5
---

 libavcodec/flashsv.c |8 
 1 file changed, 8 insertions(+)

diff --git a/libavcodec/flashsv.c b/libavcodec/flashsv.c
index 8791a2d..f777f24 100644
--- a/libavcodec/flashsv.c
+++ b/libavcodec/flashsv.c
@@ -413,6 +413,10 @@ static int flashsv_decode_frame(AVCodecContext *avctx, 
void *data,
 }
 
 if (has_diff) {
+if (size < 3) {
+av_log(avctx, AV_LOG_ERROR, "size too small for 
diff\n");
+return AVERROR_INVALIDDATA;
+}
 if (!s->keyframe) {
 av_log(avctx, AV_LOG_ERROR,
"Inter frame without keyframe\n");
@@ -440,6 +444,10 @@ static int flashsv_decode_frame(AVCodecContext *avctx, 
void *data,
 int row = get_bits(, 8);
 av_log(avctx, AV_LOG_DEBUG, "%dx%d zlibprime_curr %dx%d\n",
i, j, col, row);
+if (size < 3) {
+av_log(avctx, AV_LOG_ERROR, "size too small for 
zlibprime_curr\n");
+return AVERROR_INVALIDDATA;
+}
 size -= 2;
 avpriv_request_sample(avctx, "zlibprime_curr");
 return AVERROR_PATCHWELCOME;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/flashsv: Check size before updating it

2015-11-19 Thread Michael Niedermayer

ffmpeg | branch: release/2.6 | Michael Niedermayer  | 
Sat Nov 14 13:34:02 2015 +0100| [1c73f9d84c8c0726fca4627381b77b99f09af99a] | 
committer: Michael Niedermayer

avcodec/flashsv: Check size before updating it

Fixes out of array read
Fixes: 
3c857d4d90365731524716e6d051e43a/signal_sigsegv_7f4f59bcc29e_1386_20abd2c8e655cb9c75b24368e65fe3b1.flv

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 17705f5d4f57c15f9b9bb9cfcbbb4621fed2fc70)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1c73f9d84c8c0726fca4627381b77b99f09af99a
---

 libavcodec/flashsv.c |8 
 1 file changed, 8 insertions(+)

diff --git a/libavcodec/flashsv.c b/libavcodec/flashsv.c
index 8791a2d..f777f24 100644
--- a/libavcodec/flashsv.c
+++ b/libavcodec/flashsv.c
@@ -413,6 +413,10 @@ static int flashsv_decode_frame(AVCodecContext *avctx, 
void *data,
 }
 
 if (has_diff) {
+if (size < 3) {
+av_log(avctx, AV_LOG_ERROR, "size too small for 
diff\n");
+return AVERROR_INVALIDDATA;
+}
 if (!s->keyframe) {
 av_log(avctx, AV_LOG_ERROR,
"Inter frame without keyframe\n");
@@ -440,6 +444,10 @@ static int flashsv_decode_frame(AVCodecContext *avctx, 
void *data,
 int row = get_bits(, 8);
 av_log(avctx, AV_LOG_DEBUG, "%dx%d zlibprime_curr %dx%d\n",
i, j, col, row);
+if (size < 3) {
+av_log(avctx, AV_LOG_ERROR, "size too small for 
zlibprime_curr\n");
+return AVERROR_INVALIDDATA;
+}
 size -= 2;
 avpriv_request_sample(avctx, "zlibprime_curr");
 return AVERROR_PATCHWELCOME;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/flashsv: Check size before updating it

2015-11-18 Thread Michael Niedermayer

ffmpeg | branch: release/2.7 | Michael Niedermayer  | 
Sat Nov 14 13:34:02 2015 +0100| [ec1f59150d2437ea36baa0b6052ae1cf89b85ca8] | 
committer: Michael Niedermayer

avcodec/flashsv: Check size before updating it

Fixes out of array read
Fixes: 
3c857d4d90365731524716e6d051e43a/signal_sigsegv_7f4f59bcc29e_1386_20abd2c8e655cb9c75b24368e65fe3b1.flv

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 17705f5d4f57c15f9b9bb9cfcbbb4621fed2fc70)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ec1f59150d2437ea36baa0b6052ae1cf89b85ca8
---

 libavcodec/flashsv.c |8 
 1 file changed, 8 insertions(+)

diff --git a/libavcodec/flashsv.c b/libavcodec/flashsv.c
index f429167..088b50e 100644
--- a/libavcodec/flashsv.c
+++ b/libavcodec/flashsv.c
@@ -413,6 +413,10 @@ static int flashsv_decode_frame(AVCodecContext *avctx, 
void *data,
 }
 
 if (has_diff) {
+if (size < 3) {
+av_log(avctx, AV_LOG_ERROR, "size too small for 
diff\n");
+return AVERROR_INVALIDDATA;
+}
 if (!s->keyframe) {
 av_log(avctx, AV_LOG_ERROR,
"Inter frame without keyframe\n");
@@ -440,6 +444,10 @@ static int flashsv_decode_frame(AVCodecContext *avctx, 
void *data,
 int row = get_bits(, 8);
 av_log(avctx, AV_LOG_DEBUG, "%dx%d zlibprime_curr %dx%d\n",
i, j, col, row);
+if (size < 3) {
+av_log(avctx, AV_LOG_ERROR, "size too small for 
zlibprime_curr\n");
+return AVERROR_INVALIDDATA;
+}
 size -= 2;
 avpriv_request_sample(avctx, "zlibprime_curr");
 return AVERROR_PATCHWELCOME;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/flashsv: Check size before updating it

[FFmpeg-cvslog] avcodec/flashsv: Check size before updating it

[FFmpeg-cvslog] avcodec/flashsv: Check size before updating it

[FFmpeg-cvslog] avcodec/flashsv: Check size before updating it

[FFmpeg-cvslog] avcodec/flashsv: Check size before updating it

5 matches

Site Navigation

Mail list logo

Footer information