rpza: limit the number of blocks to the total remaining blocks in the frame
authorAnton Khirnov <anton@khirnov.net>
Thu, 28 Nov 2013 09:54:35 +0000 (10:54 +0100)
committerAnton Khirnov <anton@khirnov.net>
Mon, 10 Feb 2014 14:22:28 +0000 (15:22 +0100)
Fixes invalid writes.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org

libavcodec/rpza.c

index 0efd7f4..83dde7a 100644 (file)
@@ -119,6 +119,8 @@ static void rpza_decode_stream(RpzaContext *s)
             }
         }
 
+        n_blocks = FFMIN(n_blocks, total_blocks);
+
         switch (opcode & 0xe0) {
 
         /* Skip blocks */