pcx: check that the packet is large enough before reading the header

Fixes possible invalid reads. CC: libav-stable@libav.org Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind

pcx: check that the packet is large enough before reading the header
Fixes possible invalid reads. CC: libav-stable@libav.org Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
221402c1 · Anton Khirnov · 15ee419b · 221402c1
Commit 221402c1 authored Aug 14, 2016 by Anton Khirnov
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 0 deletions

pcx.c libavcodec/pcx.c +7 -0

No files found.
--- a/libavcodec/pcx.c
+++ b/libavcodec/pcx.c
@@ -28,6 +28,8 @@
 #include "get_bits.h"
 #include "internal.h"
+#define PCX_HEADER_SIZE 128
 /**
 * @return advanced src pointer
 */
@@ -85,6 +87,11 @@ static int pcx_decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
    uint8_t *scanline;
    int ret = -1;
+    if (buf_size < PCX_HEADER_SIZE) {
+        av_log(avctx, AV_LOG_ERROR, "Packet too small\n");
+        return AVERROR_INVALIDDATA;
+    }
    if (buf[0] != 0x0a || buf[1] > 5) {
        av_log(avctx, AV_LOG_ERROR, "this is not PCX encoded data\n");
        return AVERROR_INVALIDDATA;