falkTX
/
FFmpeg
mirror of https://github.com/falkTX/FFmpeg.git
1
0
Fork 0
Code Issues 0 Releases 338 Wiki Activity
Browse Source

ivi_common: more MV Checks, fixes out of array reads 

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
tags/n1.1
Michael Niedermayer 13 years ago
parent
c63e76ba35
commit
a93c7ca6ef
1 changed files with 16 additions and 0 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +16
    -0
      libavcodec/ivi_common.c

+ 16
- 0
libavcodec/ivi_common.c View File

@@ -560,6 +560,22 @@ static int ivi_process_empty_tile(AVCodecContext *avctx, IVIBandDesc *band,
mb->mv_y = ref_mb->mv_y;
}
need_mc |= mb->mv_x || mb->mv_y; /* tracking non-zero motion vectors */
{
int dmv_x, dmv_y, cx, cy;

dmv_x = mb->mv_x >> band->is_halfpel;
dmv_y = mb->mv_y >> band->is_halfpel;
cx = mb->mv_x & band->is_halfpel;
cy = mb->mv_y & band->is_halfpel;

if ( mb->xpos + dmv_x < 0
|| mb->xpos + dmv_x + band->mb_size + cx > band->pitch
|| mb->ypos + dmv_y < 0
|| mb->ypos + dmv_y + band->mb_size + cy > band->aheight) {
av_log(avctx, AV_LOG_ERROR, "MV out of bounds\n");
return AVERROR_INVALIDDATA;
}
}
}

mb++;


Write Preview
Loading…
Cancel
Save