]> rtime.felk.cvut.cz Git - frescor/ffmpeg.git/commitdiff
projects / frescor / ffmpeg.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8576b37)
fix segfault (bug #1165640)
authormichael <michael@9553f0bf-9b14-0410-a0b8-cfaf0461ba5b>
Mon, 11 Jul 2005 22:56:23 +0000 (22:56 +0000)
committermichael <michael@9553f0bf-9b14-0410-a0b8-cfaf0461ba5b>
Mon, 11 Jul 2005 22:56:23 +0000 (22:56 +0000)
git-svn-id: file:///var/local/repositories/ffmpeg/trunk@4435 9553f0bf-9b14-0410-a0b8-cfaf0461ba5b

libavcodec/8bps.c patch | blob | history

diff --git a/libavcodec/8bps.c b/libavcodec/8bps.c
index 3898ac5dd353e47314916bd833434aed3941d1c1..4d5a64e5d9edd99a9c5f5dfed7fe282c9bcd7a42 100644 (file)
--- a/libavcodec/8bps.c
+++ b/libavcodec/8bps.c
@@ -100,11 +100,13 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, uint8
                        dlen = be2me_16(*(unsigned short *)(lp+row*2));
                        /* Decode a row of this plane */
                        while(dlen > 0) {
+                               if(dp + 1 >= buf+buf_size) return -1;
                                if ((count = *dp++) <= 127) {
                                        count++;
                                        dlen -= count + 1;
                                        if (pixptr + count * px_inc > pixptr_end)
                                            break;
+                                       if(dp + count > buf+buf_size) return -1;
                                        while(count--) {
                                                *pixptr = *dp++;
                                                pixptr += px_inc;
FFmpeg local copy adapted for FWP Frescor Contracts.