eessppeelllloo/ffmpeg
1
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2025-12-11 09:20:01 +01:00
Code Issues Packages Projects Releases Wiki Activity

pictordec: break out of both decoding loops when y drops below 0

Browse Source 
Otherwise picmemset can get called with negative y, resulting in an
invalid write.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 5f7aecde02)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
This commit is contained in:
Anton Khirnov
2013-08-24 21:30:46 +02:00
committed by Luca Barbato
parent 251b4655be
commit 8dc4b2c92e
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
libavcodec/pictordec.c
View File

@@ -227,7 +227,7 @@ static int decode_frame(AVCodecContext *avctx,
if (bits_per_plane == 8) {
picmemset_8bpp(s, val, run, &x, &y);
if (y < 0)
break;
goto finish;
} else {
picmemset(s, val, run, &x, &y, &plane, bits_per_plane);
}
@@ -237,6 +237,7 @@ static int decode_frame(AVCodecContext *avctx,
av_log_ask_for_sample(s, "uncompressed image\n");
return avpkt->size;
}
finish:
*got_frame = 1;
*(AVFrame*)data = s->frame;