pcx: check that the packet is large enough before reading the header

author Anton Khirnov <anton@khirnov.net>

Sun, 14 Aug 2016 08:18:39 +0000 (10:18 +0200)

committer Anton Khirnov <anton@khirnov.net>

Thu, 18 Aug 2016 15:06:46 +0000 (17:06 +0200)
author Anton Khirnov <anton@khirnov.net>
Sun, 14 Aug 2016 08:18:39 +0000 (10:18 +0200)
committer Anton Khirnov <anton@khirnov.net>
Thu, 18 Aug 2016 15:06:46 +0000 (17:06 +0200)
diff --git a/libavcodec/pcx.c b/libavcodec/pcx.c

index 77b2331f0e67703316e0878107814444a2896ee8..2191ad15036777975869741eecfaa43b974ad9b9 100644 (file)
--- a/libavcodec/pcx.c
+++ b/libavcodec/pcx.c
@@ -28,6 +28,8 @@
  #include "get_bits.h"
  #include "internal.h"
  
+#define PCX_HEADER_SIZE 128
+
  /**
   * @return advanced src pointer
   */
@@ -85,6 +87,11 @@ static int pcx_decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
      uint8_t *scanline;
      int ret = -1;
  
+    if (buf_size < PCX_HEADER_SIZE) {
+        av_log(avctx, AV_LOG_ERROR, "Packet too small\n");
+        return AVERROR_INVALIDDATA;
+    }
+
      if (buf[0] != 0x0a || buf[1] > 5) {
          av_log(avctx, AV_LOG_ERROR, "this is not PCX encoded data\n");
          return AVERROR_INVALIDDATA;
author	Anton Khirnov <anton@khirnov.net>
	Sun, 14 Aug 2016 08:18:39 +0000 (10:18 +0200)
committer	Anton Khirnov <anton@khirnov.net>
	Thu, 18 Aug 2016 15:06:46 +0000 (17:06 +0200)