ffmpeg | branch: release/2.8 | Andreas Cadhalpun <andreas.cadhal...@googlemail.com> | Thu Nov 10 22:09:03 2016 +0100| [f76947fd567f20287bc8ca8e692a59026bac19e7] | committer: Andreas Cadhalpun
smvjpegdec: make sure cur_frame is not negative This fixes a heap-buffer-overflow detected by AddressSanitizer. Reviewed-by: Michael Niedermayer <mich...@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> (cherry picked from commit 360bc0d90aa66cf21e9f488e77d21db18e01ec9c) Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f76947fd567f20287bc8ca8e692a59026bac19e7 --- libavcodec/smvjpegdec.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/smvjpegdec.c b/libavcodec/smvjpegdec.c index 9c2fb38..2235ed5 100644 --- a/libavcodec/smvjpegdec.c +++ b/libavcodec/smvjpegdec.c @@ -152,6 +152,10 @@ static int smvjpeg_decode_frame(AVCodecContext *avctx, void *data, int *data_siz cur_frame = avpkt->pts % s->frames_per_jpeg; + /* cur_frame is later used to calculate the buffer offset, so it mustn't be negative */ + if (cur_frame < 0) + cur_frame += s->frames_per_jpeg; + /* Are we at the start of a block? */ if (!cur_frame) { av_frame_unref(mjpeg_data); _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
