[MPlayer-dev-eng] [PATCH] qtrle decoder can read beyond end of input buffer
Michael Lampe
Michael.Lampe at iwr.uni-heidelberg.de
Mon Jul 1 17:41:06 CEST 2002
Hi!
--- qtrle.c-old Mon Jul 1 17:17:41 2002
+++ qtrle.c Mon Jul 1 17:17:41 2002
@@ -61,7 +61,8 @@
{
pixel_ptr = row_ptr + ((encoded[stream_ptr++] - 1) * bytes_per_pixel);
- while ((rle_code = (signed char)encoded[stream_ptr++]) != -1)
+ while (stream_ptr < encoded_size &&
+ (rle_code = (signed char)encoded[stream_ptr++]) != -1)
{
if (rle_code == 0)
// there's another skip code in the stream
See http://cox.iwr.uni-heidelberg.de/~ug/films/stefan.mov for a file
demonstrating the bug.
-Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: qtrle-patch
Type: application/x-java-vm
Size: 438 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/mplayer-dev-eng/attachments/20020701/539e3dea/attachment.bin>
More information about the MPlayer-dev-eng
mailing list