ffmpeg | branch: master | Michael Niedermayer <michae...@gmx.at> | Wed Nov 26 17:00:17 2014 +0100| [9a53707e86eb066e1c77460215c716f7962c71e7] | committer: Michael Niedermayer
avcodec/pngdec: Fix paeth prediction with small images Fixes out of array read Fixes: asan_heap-oob_20b0a06_1962_cov_1907976991_delete_node_small.png Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michae...@gmx.at> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9a53707e86eb066e1c77460215c716f7962c71e7 --- libavcodec/pngdec.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c index f80a3fe..35dcd76 100644 --- a/libavcodec/pngdec.c +++ b/libavcodec/pngdec.c @@ -267,8 +267,10 @@ static void png_filter_row(PNGDSPContext *dsp, uint8_t *dst, int filter_type, /* would write off the end of the array if we let it process * the last pixel with bpp=3 */ int w = bpp == 4 ? size : size - 3; - dsp->add_paeth_prediction(dst + i, src + i, last + i, w - i, bpp); - i = w; + if (w > i) { + dsp->add_paeth_prediction(dst + i, src + i, last + i, w - i, bpp); + i = w; + } } ff_add_png_paeth_prediction(dst + i, src + i, last + i, size - i, bpp); break; _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
