CVE-2018-6621

author Markus Koschany <apo@debian.org>

Sun, 6 Jan 2019 15:05:17 +0000 (16:05 +0100)

committer Mike Gabriel <sunweaver@debian.org>

Mon, 21 Jan 2019 14:30:50 +0000 (14:30 +0000)
author Markus Koschany <apo@debian.org>
Sun, 6 Jan 2019 15:05:17 +0000 (16:05 +0100)
committer Mike Gabriel <sunweaver@debian.org>
Mon, 21 Jan 2019 14:30:50 +0000 (14:30 +0000)
diff --git a/libavcodec/utvideodec.c b/libavcodec/utvideodec.c

index 553f45dcd385ba33f531bfa0fd82751986af4f87..63556b821d3a06b8b10b6dae12990877d948cbc2 100644 (file)
--- a/libavcodec/utvideodec.c
+++ b/libavcodec/utvideodec.c
@@ -362,7 +362,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
              slice_end   = bytestream2_get_le32u(&gb);
              slice_size  = slice_end - slice_start;
              if (slice_end < 0 || slice_size < 0 ||
-                bytestream2_get_bytes_left(&gb) < slice_end) {
+                bytestream2_get_bytes_left(&gb) < slice_end + 1024LL) {
                  av_log(avctx, AV_LOG_ERROR, "Incorrect slice size\n");
                  return AVERROR_INVALIDDATA;
              }
author	Markus Koschany <apo@debian.org>
	Sun, 6 Jan 2019 15:05:17 +0000 (16:05 +0100)
committer	Mike Gabriel <sunweaver@debian.org>
	Mon, 21 Jan 2019 14:30:50 +0000 (14:30 +0000)