[FFmpeg-devel] [PATCH 10/16] qtrle: check for invalid line offset
Laurent Aimar
fenrir at elivagar.org
Sun Oct 9 02:08:08 CEST 2011
On Sun, Oct 09, 2011 at 12:25:38AM +0200, Reimar Döffinger wrote:
> On Sat, Oct 08, 2011 at 11:40:35PM +0200, fenrir at elivagar.org wrote:
> > From: Laurent Aimar <fenrir at videolan.org>
> >
> > ---
> > libavcodec/qtrle.c | 4 ++++
> > 1 files changed, 4 insertions(+), 0 deletions(-)
> >
> > diff --git a/libavcodec/qtrle.c b/libavcodec/qtrle.c
> > index 752bbc1..bd9514a 100644
> > --- a/libavcodec/qtrle.c
> > +++ b/libavcodec/qtrle.c
> > @@ -464,6 +464,10 @@ static int qtrle_decode_frame(AVCodecContext *avctx,
> > stream_ptr += 4;
> > height = AV_RB16(&s->buf[stream_ptr]);
> > stream_ptr += 4;
> > + if (start_line >= s->avctx->height ||
> > + start_line + height > s->avctx->height)
>
> start_line and height are both only 16 bit, why 2 checks?
> Might even be more readable as
> height > s->avctx->height - start_line
Patch attached.
--
fenrir
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-qtrle-check-for-invalid-line-offset.patch
Type: text/x-diff
Size: 766 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20111009/2fa816af/attachment.bin>
More information about the ffmpeg-devel
mailing list