dfa: Put our pointer check back.

The reimplementation by Libav does not prevent out of array writes, even though it looks like it does at a quick glance. No FFmpeg releases are affected by this See: d1c95d2c 3623589e 740ebe46 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

dfa: Put our pointer check back.
The reimplementation by Libav does not prevent out of array writes, even though it looks like it does at a quick glance. No FFmpeg releases are affected by this See: d1c95d2c 3623589e 740ebe46 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
e9e207ec · Michael Niedermayer · d18341fb · e9e207ec
Commit e9e207ec authored May 04, 2013 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 0 deletions

dfa.c libavcodec/dfa.c +3 -0

No files found.
--- a/libavcodec/dfa.c
+++ b/libavcodec/dfa.c
@@ -254,6 +254,9 @@ static int decode_wdlt(GetByteContext *gb, uint8_t *frame, int width, int height
            y        += skip_lines;
            segments = bytestream2_get_le16(gb);
        }
+
+        if (frame_end <= frame)
+            return AVERROR_INVALIDDATA;
        if (segments & 0x8000) {
            frame[width - 1] = segments & 0xFF;
            segments = bytestream2_get_le16(gb);