[FFmpeg-devel] [libav-devel] [PATCH 1/4] dds: validate source buffer size before copying
Andreas Cadhalpun
andreas.cadhalpun at googlemail.com
Wed Nov 11 21:59:34 CET 2015
On 11.11.2015 12:32, Vittorio Giovara wrote:
> On Wed, Nov 11, 2015 at 1:14 AM, Andreas Cadhalpun
> <andreas.cadhalpun at googlemail.com> wrote:
>> If it is too small av_image_copy_plane segfaults.
>>
>> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
>> ---
>> libavcodec/dds.c | 6 ++++++
>> 1 file changed, 6 insertions(+)
>>
>> diff --git a/libavcodec/dds.c b/libavcodec/dds.c
>> index a604d56..324e665 100644
>> --- a/libavcodec/dds.c
>> +++ b/libavcodec/dds.c
>> @@ -666,6 +666,12 @@ static int dds_decode(AVCodecContext *avctx, void *data,
>> frame->palette_has_changed = 1;
>> }
>>
>> + if (bytestream2_get_bytes_left(gbc) < frame->height * linesize) {
>> + av_log(avctx, AV_LOG_ERROR, "Buffer is too small (%d < %d).\n",
>> + bytestream2_get_bytes_left(gbc), frame->height * linesize);
>> + return AVERROR_INVALIDDATA;
>> + }
>> +
>> av_image_copy_plane(frame->data[0], frame->linesize[0],
>> gbc->buffer, linesize,
>> linesize, frame->height);
>> --
>> 2.6.2
>
> Same thought of 2/4 but patch should be ok.
Pushed.
Best regards,
Andreas
More information about the ffmpeg-devel
mailing list