Commit e9e207ec authored by Michael Niedermayer's avatar Michael Niedermayer

dfa: Put our pointer check back.

The reimplementation by Libav does not prevent out of array
writes, even though it looks like it does at a quick glance.

No FFmpeg releases are affected by this

See: d1c95d2c
     3623589e
     740ebe46

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
parent d18341fb
......@@ -254,6 +254,9 @@ static int decode_wdlt(GetByteContext *gb, uint8_t *frame, int width, int height
y += skip_lines;
segments = bytestream2_get_le16(gb);
}
if (frame_end <= frame)
return AVERROR_INVALIDDATA;
if (segments & 0x8000) {
frame[width - 1] = segments & 0xFF;
segments = bytestream2_get_le16(gb);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment