Home Explore Help
Sign In
SMusatov
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Files Wiki
Browse Source

vble: check packet size.

Fixes null pointer dereference

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer 12 years ago
parent
10416a4d56
commit
0b28abf903
1 changed files with 5 additions and 0 deletions
Split View Show Diff Stats
  1. 5 0
      libavcodec/vble.c

+ 5 - 0
libavcodec/vble.c
View File 

@@ -127,6 +127,11 @@ static int vble_decode_frame(AVCodecContext *avctx, void *data, int *data_size,
 
     if (pic->data[0])
 
         avctx->release_buffer(avctx, pic);
 
 
+    if (avpkt->size < 4 || avpkt->size - 4 > INT_MAX/8) {
 
+        av_log(avctx, AV_LOG_ERROR, "Invalid packet size\n");
 
+        return AVERROR_INVALIDDATA;
 
+    }
 
+
 
     /* Allocate buffer */
 
     if (avctx->get_buffer(avctx, pic) < 0) {
 
         av_log(avctx, AV_LOG_ERROR, "Could not allocate buffer.\n");