[SCM] libav/wheezy-security: h264: check buffer size before accessing it
siretart at users.alioth.debian.org
siretart at users.alioth.debian.org
Sun Jun 1 21:36:12 UTC 2014
The following commit has been merged in the wheezy-security branch:
commit 2cbc8dfeddcbe00ef5f112162912bb49c1dd6623
Author: Anton Khirnov <anton at khirnov.net>
Date: Fri Nov 15 10:15:24 2013 +0100
h264: check buffer size before accessing it
Fixes invalid reads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable at libav.org
diff --git a/libavcodec/h264.c b/libavcodec/h264.c
index ba8872c..f021e59 100644
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@@ -3919,7 +3919,7 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size){
s->workaround_bugs |= FF_BUG_TRUNCATED;
if(!(s->workaround_bugs & FF_BUG_TRUNCATED)){
- while(ptr[dst_length - 1] == 0 && dst_length > 0)
+ while(dst_length > 0 && ptr[dst_length - 1] == 0)
dst_length--;
}
bit_length= !dst_length ? 0 : (8*dst_length - ff_h264_decode_rbsp_trailing(h, ptr + dst_length - 1));
--
Libav/FFmpeg packaging
More information about the pkg-multimedia-commits
mailing list