CVE-2017-15672

author Markus Koschany <apo@debian.org>

Sun, 30 Dec 2018 16:29:28 +0000 (17:29 +0100)

committer Mike Gabriel <sunweaver@debian.org>

Tue, 28 May 2019 12:14:01 +0000 (13:14 +0100)
author Markus Koschany <apo@debian.org>
Sun, 30 Dec 2018 16:29:28 +0000 (17:29 +0100)
committer Mike Gabriel <sunweaver@debian.org>
Tue, 28 May 2019 12:14:01 +0000 (13:14 +0100)
diff --git a/libavcodec/ffv1dec.c b/libavcodec/ffv1dec.c

index 50b220ff07fde2c9fbd4c4a3f4f46475bfe048f4..84a4b1b126f992d05010367e9f50be6a8477f983 100644 (file)
--- a/libavcodec/ffv1dec.c
+++ b/libavcodec/ffv1dec.c
@@ -730,7 +730,7 @@ static int read_header(FFV1Context *f)
      } else {
          const uint8_t *p = c->bytestream_end;
          for (f->slice_count = 0;
-             f->slice_count < MAX_SLICES && 3 < p - c->bytestream_start;
+             f->slice_count < MAX_SLICES && 3 + 5*!!f->ec < p - c->bytestream_start;
               f->slice_count++) {
              int trailer = 3 + 5 * !!f->ec;
              int size    = AV_RB24(p - trailer);
author	Markus Koschany <apo@debian.org>
	Sun, 30 Dec 2018 16:29:28 +0000 (17:29 +0100)
committer	Mike Gabriel <sunweaver@debian.org>
	Tue, 28 May 2019 12:14:01 +0000 (13:14 +0100)