Browse code
indeo: Properly forward the error codes
If the tile data size does not match the buffer size it did not
return an AVERROR_INVALIDDATA causing futher corruption later.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 7388c0c58601477db076e2e74e8b11f8a644384a)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/ivi_common.c
Luca Barbato authored on 2013/06/30 16:57:56Showing 1 changed files
| ... | ... |
@@ -737,8 +737,16 @@ static int decode_band(IVI45DecContext *ctx, int plane_num, |
| 737 | 737 |
break; |
| 738 | 738 |
|
| 739 | 739 |
result = ff_ivi_decode_blocks(&ctx->gb, band, tile); |
| 740 |
- if (result < 0 || ((get_bits_count(&ctx->gb) - pos) >> 3) != tile->data_size) {
|
|
| 741 |
- av_log(avctx, AV_LOG_ERROR, "Corrupted tile data encountered!\n"); |
|
| 740 |
+ if (result < 0) {
|
|
| 741 |
+ av_log(avctx, AV_LOG_ERROR, |
|
| 742 |
+ "Corrupted tile data encountered!\n"); |
|
| 743 |
+ break; |
|
| 744 |
+ } |
|
| 745 |
+ |
|
| 746 |
+ if (((get_bits_count(&ctx->gb) - pos) >> 3) != tile->data_size) {
|
|
| 747 |
+ av_log(avctx, AV_LOG_ERROR, |
|
| 748 |
+ "Tile data_size mismatch!\n"); |
|
| 749 |
+ result = AVERROR_INVALIDDATA; |
|
| 742 | 750 |
break; |
| 743 | 751 |
} |
| 744 | 752 |
|