Commit 1007a805 authored by Michael Niedermayer's avatar Michael Niedermayer

smc: Fix overread.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
parent 263bb6ed
...@@ -313,7 +313,7 @@ static void smc_decode_stream(SmcContext *s) ...@@ -313,7 +313,7 @@ static void smc_decode_stream(SmcContext *s)
} else } else
color_table_index = CQUAD * s->buf[stream_ptr++]; color_table_index = CQUAD * s->buf[stream_ptr++];
while (n_blocks--) { while (n_blocks-- && stream_ptr + 3 < s->size) {
color_flags = AV_RB32(&s->buf[stream_ptr]); color_flags = AV_RB32(&s->buf[stream_ptr]);
stream_ptr += 4; stream_ptr += 4;
/* flag mask actually acts as a bit shift count here */ /* flag mask actually acts as a bit shift count here */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment