Browse code
indeo: Properly forward the error codes
If the tile data size does not match the buffer size it did not
return an AVERROR_INVALIDDATA causing futher corruption later.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit 7388c0c58601477db076e2e74e8b11f8a644384a)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Luca Barbato authored on 2013/06/30 16:57:56Showing 1 changed files
| ... | ... |
@@ -804,8 +804,16 @@ static int decode_band(IVI45DecContext *ctx, |
| 804 | 804 |
break; |
| 805 | 805 |
|
| 806 | 806 |
result = ivi_decode_blocks(&ctx->gb, band, tile, avctx); |
| 807 |
- if (result < 0 || ((get_bits_count(&ctx->gb) - pos) >> 3) != tile->data_size) {
|
|
| 808 |
- av_log(avctx, AV_LOG_ERROR, "Corrupted tile data encountered!\n"); |
|
| 807 |
+ if (result < 0) {
|
|
| 808 |
+ av_log(avctx, AV_LOG_ERROR, |
|
| 809 |
+ "Corrupted tile data encountered!\n"); |
|
| 810 |
+ break; |
|
| 811 |
+ } |
|
| 812 |
+ |
|
| 813 |
+ if (((get_bits_count(&ctx->gb) - pos) >> 3) != tile->data_size) {
|
|
| 814 |
+ av_log(avctx, AV_LOG_ERROR, |
|
| 815 |
+ "Tile data_size mismatch!\n"); |
|
| 816 |
+ result = AVERROR_INVALIDDATA; |
|
| 809 | 817 |
break; |
| 810 | 818 |
} |
| 811 | 819 |
|