On Thu, May 14, 2015 at 02:37:21PM +0200, Carl Eugen Hoyos wrote: > Hi! > > Attached patch fixes an overwrite in decode_rle() for invalid pict files. > > Please comment, Carl Eugen
> qdrw.c | 2 ++
> 1 file changed, 2 insertions(+)
> 9a329e941d8bc50cb6015d5ab69af79acd9b1d79 patchqdrw2.diff
> diff --git a/libavcodec/qdrw.c b/libavcodec/qdrw.c
> index 6c920aa..85aa5f4 100644
> --- a/libavcodec/qdrw.c
> +++ b/libavcodec/qdrw.c
> @@ -95,6 +95,8 @@ static int decode_rle(AVCodecContext *avctx, AVFrame *p,
> GetByteContext *gbc,
> pos -= offset;
> pos++;
> }
> + if (pos >= offset)
> + return AVERROR_INVALIDDATA;
> }
> left -= 2;
> } else { /* copy */
ok but theres a 2nd case below which i think needs a similar change
[..]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
It is what and why we do it that matters, not just one of them.
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list [email protected] http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
