From: Markus Koschany <apo@debian.org>
Date: Sun, 6 Jan 2019 15:05:17 +0000 (+0100)
Subject: CVE-2018-6621
X-Git-Tag: archive/raspbian/6%11.12-1_deb8u6+rpi1^2~26
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=4c626da8b07a5c14de96526176f5bad0dc047c76;p=libav.git

CVE-2018-6621

Origin: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/118e1b0b3370dd1c0da442901b486689efd1654b

Gbp-Pq: Name CVE-2018-6621.patch
---

diff --git a/libavcodec/utvideodec.c b/libavcodec/utvideodec.c
index 553f45d..63556b8 100644
--- a/libavcodec/utvideodec.c
+++ b/libavcodec/utvideodec.c
@@ -362,7 +362,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
             slice_end   = bytestream2_get_le32u(&gb);
             slice_size  = slice_end - slice_start;
             if (slice_end < 0 || slice_size < 0 ||
-                bytestream2_get_bytes_left(&gb) < slice_end) {
+                bytestream2_get_bytes_left(&gb) < slice_end + 1024LL) {
                 av_log(avctx, AV_LOG_ERROR, "Incorrect slice size\n");
                 return AVERROR_INVALIDDATA;
             }