[FFmpeg-cvslog] xan: fix out of array read
    Michael Niedermayer 
    git at videolan.org
       
    Sat Jun  9 21:05:13 CEST 2012
    
    
  
ffmpeg | branch: release/0.10 | Michael Niedermayer <michaelni at gmx.at> | Mon May 28 17:04:38 2012 +0200| [7df0e309fd6e39384f9ed80103e3191049f0a280] | committer: Michael Niedermayer
xan: fix out of array read
Fixes ticket1360
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 01900fcc45e99ee4556e0a5d87ff57b2f150dad4)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7df0e309fd6e39384f9ed80103e3191049f0a280
---
 libavcodec/xan.c |    4 ++++
 1 file changed, 4 insertions(+)
diff --git a/libavcodec/xan.c b/libavcodec/xan.c
index cfaca81..62bec83 100644
--- a/libavcodec/xan.c
+++ b/libavcodec/xan.c
@@ -512,6 +512,10 @@ static int xan_decode_frame(AVCodecContext *avctx,
             int i;
             tag  = bytestream_get_le32(&buf);
             size = bytestream_get_be32(&buf);
+            if(size < 0) {
+                av_log(avctx, AV_LOG_ERROR, "Invalid tag size %d\n", size);
+                return AVERROR_INVALIDDATA;
+            }
             size = FFMIN(size, buf_end - buf);
             switch (tag) {
             case PALT_TAG:
    
    
More information about the ffmpeg-cvslog
mailing list