[4/5] cinepak: check strip_size

Message ID 1321608892-57655-2-git-send-email-martin@martin.st
State Committed
Commit 867b496681b3cdc774b80764fbea42f7c9aca842
Headers show

Commit Message

Martin Storsjö Nov. 18, 2011, 9:34 a.m.
From: Michael Niedermayer <michaelni@gmx.at>

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/cinepak.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

Comments

Kostya Shishkov Nov. 18, 2011, 9:43 a.m. | #1
On Fri, Nov 18, 2011 at 11:34:51AM +0200, Martin Storsjö wrote:
> From: Michael Niedermayer <michaelni@gmx.at>
> 
> Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
> ---
>  libavcodec/cinepak.c |    2 ++
>  1 files changed, 2 insertions(+), 0 deletions(-)
> 
> diff --git a/libavcodec/cinepak.c b/libavcodec/cinepak.c
> index e66a1c0..a858d6e 100644
> --- a/libavcodec/cinepak.c
> +++ b/libavcodec/cinepak.c
> @@ -370,6 +370,8 @@ static int cinepak_decode (CinepakContext *s)
>          s->strips[i].x2 = s->avctx->width;
>  
>          strip_size = AV_RB24 (&s->data[1]) - 12;
> +        if (strip_size < 0)
> +            return -1;
>          s->data   += 12;
>          strip_size = ((s->data + strip_size) > eod) ? (eod - s->data) : strip_size;
>  
> -- 

looks OK
Luca Barbato Nov. 18, 2011, 10:22 a.m. | #2
On 18/11/11 10:34, Martin Storsjö wrote:
> From: Michael Niedermayer <michaelni@gmx.at>
> 
> Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
> ---
>  libavcodec/cinepak.c |    2 ++
>  1 files changed, 2 insertions(+), 0 deletions(-)
> 
> diff --git a/libavcodec/cinepak.c b/libavcodec/cinepak.c
> index e66a1c0..a858d6e 100644
> --- a/libavcodec/cinepak.c
> +++ b/libavcodec/cinepak.c
> @@ -370,6 +370,8 @@ static int cinepak_decode (CinepakContext *s)
>          s->strips[i].x2 = s->avctx->width;
>  
>          strip_size = AV_RB24 (&s->data[1]) - 12;
> +        if (strip_size < 0)
> +            return -1;

Again, can't we use a non-generic return value?

lu

Patch

diff --git a/libavcodec/cinepak.c b/libavcodec/cinepak.c
index e66a1c0..a858d6e 100644
--- a/libavcodec/cinepak.c
+++ b/libavcodec/cinepak.c
@@ -370,6 +370,8 @@  static int cinepak_decode (CinepakContext *s)
         s->strips[i].x2 = s->avctx->width;
 
         strip_size = AV_RB24 (&s->data[1]) - 12;
+        if (strip_size < 0)
+            return -1;
         s->data   += 12;
         strip_size = ((s->data + strip_size) > eod) ? (eod - s->data) : strip_size;