Hi!
Attached patch fixes an overwrite in decode_rle() for invalid pict files.
Please comment, Carl Eugen
diff --git a/libavcodec/qdrw.c b/libavcodec/qdrw.c
index 6c920aa..85aa5f4 100644
--- a/libavcodec/qdrw.c
+++ b/libavcodec/qdrw.c
@@ -95,6 +95,8 @@ static int decode_rle(AVCodecContext *avctx, AVFrame *p,
GetByteContext *gbc,
pos -= offset;
pos++;
}
+ if (pos >= offset)
+ return AVERROR_INVALIDDATA;
}
left -= 2;
} else { /* copy */
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
