[FFmpeg-devel] [PATCH] smvjpegdec: make sure cur_frame is not negative

Andreas Cadhalpun Thu, 10 Nov 2016 13:14:38 -0800

This fixes a heap-buffer-overflow detected by AddressSanitizer.

Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com>
---
 libavcodec/smvjpegdec.c | 4 ++++
 1 file changed, 4 insertions(+)


diff --git a/libavcodec/smvjpegdec.c b/libavcodec/smvjpegdec.c
index 9057e86..e319e57 100644
--- a/libavcodec/smvjpegdec.c
+++ b/libavcodec/smvjpegdec.c
@@ -152,6 +152,10 @@ static int smvjpeg_decode_frame(AVCodecContext *avctx, 
void *data, int *data_siz
 
     cur_frame = avpkt->pts % s->frames_per_jpeg;
 
+    /* cur_frame is later used to calculate the buffer offset, so it mustn't 
be negative */
+    if (cur_frame < 0)
+        cur_frame += s->frames_per_jpeg;
+
     /* Are we at the start of a block? */
     if (!cur_frame) {
         av_frame_unref(mjpeg_data);
-- 
2.10.2
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

[FFmpeg-devel] [PATCH] smvjpegdec: make sure cur_frame is not negative

Reply via email to