[FFmpeg-devel] [PATCH] flicvideo: fix crash on flic files with invalid frame size
Stefano Sabatini
stefano.sabatini-lala at poste.it
Sat Apr 23 00:15:25 CEST 2011
Add a check on flic_decode_frame_8BPP(), in case chunk_size is >
frame_size issue a warning and resize chunk_size to frame_size, in
order to avoid out-of-buffer reads.
Fix roundup issue #2520, trac issue #69.
Signed-off-by: Stefano Sabatini <stefano.sabatini-lala at poste.it>
---
libavcodec/flicvideo.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/libavcodec/flicvideo.c b/libavcodec/flicvideo.c
index 12e590b..71620f5 100644
--- a/libavcodec/flicvideo.c
+++ b/libavcodec/flicvideo.c
@@ -181,6 +181,11 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx,
/* iterate through the chunks */
while ((frame_size > 0) && (num_chunks > 0)) {
chunk_size = AV_RL32(&buf[stream_ptr]);
+ if (chunk_size > frame_size) {
+ av_log(avctx, AV_LOG_WARNING,
+ "Invalid chunk_size:%u > frame_size:%u\n", chunk_size, frame_size);
+ chunk_size = frame_size;
+ }
stream_ptr += 4;
chunk_type = AV_RL16(&buf[stream_ptr]);
stream_ptr += 2;
--
1.7.2.3
More information about the ffmpeg-devel
mailing list