Michael Niedermayer: > No testcase > > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > --- > libavcodec/svq3.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavcodec/svq3.c b/libavcodec/svq3.c > index f730358e2f9..30bc9334af7 100644 > --- a/libavcodec/svq3.c > +++ b/libavcodec/svq3.c > @@ -1173,7 +1173,7 @@ static av_cold int svq3_decode_init(AVCodecContext > *avctx) > int w,h; > > size = AV_RB32(&extradata[4]); > - if (size > extradata_end - extradata - 8) > + if (extradata_end - extradata < 8 || size > extradata_end - > extradata - 8) > return AVERROR_INVALIDDATA; > init_get_bits(&gb, extradata + 8, size * 8); >
Can't be triggered: This code is only executed iff marker_found is 1; and given the "m + 8 < avctx->extradata_size" check in the loop it is guaranteed that there are at least eight bytes of extradata available. - Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
