[FFmpeg-cvslog] avcodec/sgidec: fix count check
    Michael Niedermayer 
    git at videolan.org
       
    Sat Nov  1 14:33:31 CET 2014
    
    
  
ffmpeg | branch: release/2.3 | Michael Niedermayer <michaelni at gmx.at> | Mon Oct 27 20:48:58 2014 +0100| [5c791b1c9ce0edab69d4aa9b17a967a3b3792a07] | committer: Michael Niedermayer
avcodec/sgidec: fix count check
Fixes: asan_heap-oob_22b30d4_39_038.sgi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit a050cf0c451bdf1c1bd512c4fce6b6f8a5e85102)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5c791b1c9ce0edab69d4aa9b17a967a3b3792a07
---
 libavcodec/sgidec.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/sgidec.c b/libavcodec/sgidec.c
index 8338863..3ddbf77 100644
--- a/libavcodec/sgidec.c
+++ b/libavcodec/sgidec.c
@@ -98,7 +98,7 @@ static int expand_rle_row16(SgiState *s, uint16_t *out_buf,
             break;
 
         /* Check for buffer overflow. */
-        if (pixelstride * (count - 1) >= len) {
+        if (out_end - out_buf <= pixelstride * (count - 1)) {
             av_log(s->avctx, AV_LOG_ERROR, "Invalid pixel count.\n");
             return AVERROR_INVALIDDATA;
         }
    
    
More information about the ffmpeg-cvslog
mailing list