[FFmpeg-devel] [PATCH] exr: check size of uncompressed buffer returned by uncompress()
Paul B Mahol
onemda at gmail.com
Fri Jul 13 04:08:06 CEST 2012
The actual size of uncompressed buffer returned by uncompress() may be
smaller than expected, so abort decoding in such cases.
Signed-off-by: Paul B Mahol <onemda at gmail.com>
---
libavcodec/exr.c | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/libavcodec/exr.c b/libavcodec/exr.c
index 905d389..7b32abd 100644
--- a/libavcodec/exr.c
+++ b/libavcodec/exr.c
@@ -542,7 +542,10 @@ static int decode_frame(AVCodecContext *avctx,
const uint8_t *red_channel_buffer, *green_channel_buffer, *blue_channel_buffer, *alpha_channel_buffer = 0;
if ((s->compr == EXR_ZIP1 || s->compr == EXR_ZIP16) && data_size < uncompressed_size) {
- if (uncompress(s->tmp, &uncompressed_size, avpkt->data + line_offset, data_size) != Z_OK) {
+ unsigned long dest_len = uncompressed_size;
+
+ if (uncompress(s->tmp, &dest_len, avpkt->data + line_offset, data_size) != Z_OK ||
+ dest_len != uncompressed_size) {
av_log(avctx, AV_LOG_ERROR, "error during zlib decompression\n");
return AVERROR(EINVAL);
}
--
1.7.7
More information about the ffmpeg-devel
mailing list