Commit 807e2311 authored by Sebastian Dröge's avatar Sebastian Dröge 🍵

vmncdec: Sanity-check rectangle sizes a bit more thorough

The x/y coordinates could already be bigger than the configured
width/height, and adding the rectangle width/height could cause an
overflow.
parent 1dbbd4c9
......@@ -785,7 +785,8 @@ vmnc_handle_packet (GstVMncDec * dec, const guint8 * data, int len,
r.type);
return ERROR_INVALID;
}
if (r.x + r.width > dec->format.width ||
if (r.x > dec->format.width || r.y > dec->format.height ||
r.x + r.width > dec->format.width ||
r.y + r.height > dec->format.height) {
GST_WARNING_OBJECT (dec, "Rectangle out of range, type %d", r.type);
return ERROR_INVALID;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment