[FFmpeg-cvslog] avcodec/shorten: Check skip_bytes()
Michael Niedermayer
git at videolan.org
Thu May 21 21:26:09 CEST 2015
ffmpeg | branch: release/2.5 | Michael Niedermayer <michaelni at gmx.at> | Fri May 15 16:48:31 2015 +0200| [71689e78632de55e593aa90ba2c80860c0b00eb6] | committer: Michael Niedermayer
avcodec/shorten: Check skip_bytes()
Fixes CID1210526
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit d201becfc0d89c6a5dfe44e96f1044fbc2aadb70)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=71689e78632de55e593aa90ba2c80860c0b00eb6
---
libavcodec/shorten.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c
index 925d9ca..04e868f 100644
--- a/libavcodec/shorten.c
+++ b/libavcodec/shorten.c
@@ -369,6 +369,11 @@ static int read_header(ShortenContext *s)
s->nmean = get_uint(s, 0);
skip_bytes = get_uint(s, NSKIPSIZE);
+ if ((unsigned)skip_bytes > get_bits_left(&s->gb)/8) {
+ av_log(s->avctx, AV_LOG_ERROR, "invalid skip_bytes: %d\n", skip_bytes);
+ return AVERROR_INVALIDDATA;
+ }
+
for (i = 0; i < skip_bytes; i++)
skip_bits(&s->gb, 8);
}
More information about the ffmpeg-cvslog
mailing list