[FFmpeg-devel] [PATCH 7/8] avcodec/svq3: Check that for 8 byte space before subtracting
Andreas Rheinhardt
andreas.rheinhardt at outlook.com
Wed May 14 19:34:25 EEST 2025
Michael Niedermayer:
> No testcase
>
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
> libavcodec/svq3.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavcodec/svq3.c b/libavcodec/svq3.c
> index f730358e2f9..30bc9334af7 100644
> --- a/libavcodec/svq3.c
> +++ b/libavcodec/svq3.c
> @@ -1173,7 +1173,7 @@ static av_cold int svq3_decode_init(AVCodecContext *avctx)
> int w,h;
>
> size = AV_RB32(&extradata[4]);
> - if (size > extradata_end - extradata - 8)
> + if (extradata_end - extradata < 8 || size > extradata_end - extradata - 8)
> return AVERROR_INVALIDDATA;
> init_get_bits(&gb, extradata + 8, size * 8);
>
Can't be triggered: This code is only executed iff marker_found is 1;
and given the "m + 8 < avctx->extradata_size" check in the loop it is
guaranteed that there are at least eight bytes of extradata available.
- Andreas
More information about the ffmpeg-devel
mailing list