[FFmpeg-devel] [PATCH] avcodec/rscc: check deflated input pixel buffer size

James Almer Tue, 10 May 2016 15:45:30 -0700

Prevents overreads as reported by valgrind

Signed-off-by: James Almer <jamr...@gmail.com>
---
See 
http://fate.ffmpeg.org/report.cgi?time=20160509191458&slot=x86_64-archlinux-gcc-valgrindundef


 libavcodec/rscc.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/rscc.c b/libavcodec/rscc.c
index a47d29f..b1f6f87 100644
--- a/libavcodec/rscc.c
+++ b/libavcodec/rscc.c
@@ -258,6 +258,11 @@ static int rscc_decode_frame(AVCodecContext *avctx, void 
*data,
         pixels = gbc->buffer;
     } else {
         uLongf len = ctx->inflated_size;
+        if (bytestream2_get_bytes_left(gbc) < packed_size) {
+            av_log(avctx, AV_LOG_ERROR, "Insufficient input for %d\n", 
packed_size);
+            ret = AVERROR_INVALIDDATA;
+            goto end;
+        }
         ret = uncompress(ctx->inflated_buf, &len, gbc->buffer, packed_size);
         if (ret) {
             av_log(avctx, AV_LOG_ERROR, "Pixel deflate error %d.\n", ret);
-- 
2.8.2

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

[FFmpeg-devel] [PATCH] avcodec/rscc: check deflated input pixel buffer size

Reply via email to