vpriv_adx_decode_header: avoid underreading the array.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

vpriv_adx_decode_header: avoid underreading the array.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
30bce34b · Michael Niedermayer · ab8517b8 · 30bce34b
Commit 30bce34b authored Nov 14, 2012 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 0 deletions

adx.c libavcodec/adx.c +5 -0

No files found.
--- a/libavcodec/adx.c
+++ b/libavcodec/adx.c
@@ -47,6 +47,11 @@ int avpriv_adx_decode_header(AVCodecContext *avctx, const uint8_t *buf,
        return AVERROR_INVALIDDATA;
    offset = AV_RB16(buf + 2) + 4;

+    if (offset < 6) {
+        av_log(avctx, AV_LOG_ERROR, "offset is prior data\n");
+        return AVERROR_INVALIDDATA;
+    }
+
    /* if copyright string is within the provided data, validate it */
    if (bufsize >= offset && memcmp(buf + offset - 6, "(c)CRI", 6))
        return AVERROR_INVALIDDATA;