aasc: check before reading the first 4 byte, fix overread

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

aasc: check before reading the first 4 byte, fix overread
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
e1631f8e · Michael Niedermayer · 39c5cd60 · e1631f8e
Commit e1631f8e authored Nov 14, 2012 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 0 deletions

aasc.c libavcodec/aasc.c +5 -0

No files found.
--- a/libavcodec/aasc.c
+++ b/libavcodec/aasc.c
@@ -83,6 +83,11 @@ static int aasc_decode_frame(AVCodecContext *avctx,
    AascContext *s = avctx->priv_data;
    int compr, i, stride, psize;
+    if (buf_size < 4) {
+        av_log(avctx, AV_LOG_ERROR, "frame too short\n");
+        return AVERROR_INVALIDDATA;
+    }
    s->frame.reference = 3;
    s->frame.buffer_hints = FF_BUFFER_HINTS_VALID | FF_BUFFER_HINTS_PRESERVE | FF_BUFFER_HINTS_REUSABLE;
    if (avctx->reget_buffer(avctx, &s->frame)) {