avcodec/ffwavesynth: Check ts_end - ts_start for overflow

[ffmpeg] / libavcodec / dxv.c

diff --git a/libavcodec/dxv.c b/libavcodec/dxv.c
index aef5ec19dd6b6970d91fd264698a10ce6bbfde7f..5fd1844094a4e891e61b5fc87ea3a4d22062ba61 100644 (file)
--- a/libavcodec/dxv.c
+++ b/libavcodec/dxv.c
@@ -256,6 +256,8 @@ static int decompress_texture_thread(AVCodecContext *avctx, void *arg,
 #define CHECKPOINT(x)                                                         \
     do {                                                                      \
         if (state == 0) {                                                     \
+            if (bytestream2_get_bytes_left(gbc) < 4)                          \
+                return AVERROR_INVALIDDATA;                                   \
             value = bytestream2_get_le32(gbc);                                \
             state = 16;                                                       \
         }                                                                     \
@@ -743,6 +745,9 @@ static int dxv_decompress_cocg(DXVContext *ctx, GetByteContext *gb,
     int skip0, skip1, oi0 = 0, oi1 = 0;
     int ret, state0 = 0, state1 = 0;
 
+    if (op_offset < 12)
+        return AVERROR_INVALIDDATA;
+
     dst = tex_data;
     bytestream2_skip(gb, op_offset - 12);
     if (op_size0 > max_op_size0)