diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2013-01-30 19:31:45 +0100 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2013-01-30 19:32:18 +0100 |
| commit | 4a2da83a787b24c4027aa963d9db9b453e91f413 (patch) | |
| tree | 392f3c83c350bbe61a4e18eb3a6fef8840d9299e | |
| parent | b926cc7834d5bc998775528097831c0fbcf3730a (diff) | |
| download | ffmpeg-streaming-4a2da83a787b24c4027aa963d9db9b453e91f413.zip ffmpeg-streaming-4a2da83a787b24c4027aa963d9db9b453e91f413.tar.gz | |
dnxhddec: fix integer overflow / index check
Fixes out of array read
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
| -rw-r--r-- | libavcodec/dnxhddec.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/dnxhddec.c b/libavcodec/dnxhddec.c index 6e94d32..0af685e 100644 --- a/libavcodec/dnxhddec.c +++ b/libavcodec/dnxhddec.c @@ -180,7 +180,7 @@ static int dnxhd_decode_header(DNXHDContext *ctx, const uint8_t *buf, int buf_si for (i = 0; i < ctx->mb_height; i++) { ctx->mb_scan_index[i] = AV_RB32(buf + 0x170 + (i<<2)); av_dlog(ctx->avctx, "mb scan index %d\n", ctx->mb_scan_index[i]); - if (buf_size < ctx->mb_scan_index[i] + 0x280) { + if (buf_size < ctx->mb_scan_index[i] + 0x280LL) { av_log(ctx->avctx, AV_LOG_ERROR, "invalid mb scan index\n"); return -1; } |
