mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2024-12-23 12:43:46 +02:00
wmalosslessdec: Fix reading too many bits in decode_channel_residues()
Fixes a part of CVE-2012-2795 CC:libav-stable@libav.org Based on a patch by Michael Niedermayer <michaelni@gmx.at> Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
This commit is contained in:
parent
f48fbf2eb5
commit
6a99310fce
@ -520,7 +520,7 @@ static int decode_channel_residues(WmallDecodeCtx *s, int ch, int tile_size)
|
|||||||
residue = quo;
|
residue = quo;
|
||||||
else {
|
else {
|
||||||
rem_bits = av_ceil_log2(ave_mean);
|
rem_bits = av_ceil_log2(ave_mean);
|
||||||
rem = rem_bits ? get_bits(&s->gb, rem_bits) : 0;
|
rem = rem_bits ? get_bits_long(&s->gb, rem_bits) : 0;
|
||||||
residue = (quo << rem_bits) + rem;
|
residue = (quo << rem_bits) + rem;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user