[FFmpeg-devel] [PATCH 2/6] Check for out of bound reads in xan_huffman_decode() of the xan decoder.
fenrir at elivagar.org
fenrir at elivagar.org
Thu Sep 29 01:04:50 CEST 2011
From: Laurent Aimar <fenrir at videolan.org>
---
libavcodec/xan.c | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/libavcodec/xan.c b/libavcodec/xan.c
index 51b4b95..3359102 100644
--- a/libavcodec/xan.c
+++ b/libavcodec/xan.c
@@ -114,7 +114,10 @@ static int xan_huffman_decode(unsigned char *dest, int dest_len,
init_get_bits(&gb, ptr, ptr_len * 8);
while ( val != 0x16 ) {
- val = src[val - 0x17 + get_bits1(&gb) * byte];
+ int idx = val - 0x17 + get_bits1(&gb) * byte;
+ if (idx < 0 || idx >= 2 * byte)
+ return -1;
+ val = src[idx];
if ( val < 0x16 ) {
if (dest >= dest_end)
--
1.7.2.5
More information about the ffmpeg-devel
mailing list