From 7d78a964413a50409b1db441d966cd2810eb6c86 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 2 Nov 2010 01:19:15 +0000 Subject: [PATCH] Fix possibly exploitable out of buffer writes in msrle_decode_pal4(). This fix is minimalistic, that function should be cleaned up by someone. Originally committed as revision 25633 to svn://svn.ffmpeg.org/ffmpeg/trunk --- libavcodec/msrledec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/msrledec.c b/libavcodec/msrledec.c index 098e7d857a..97510830d5 100644 --- a/libavcodec/msrledec.c +++ b/libavcodec/msrledec.c @@ -45,7 +45,7 @@ static int msrle_decode_pal4(AVCodecContext *avctx, AVPicture *pic, unsigned char rle_code; unsigned char extra_byte, odd_pixel; unsigned char stream_byte; - int pixel_ptr = 0; + unsigned int pixel_ptr = 0; int row_dec = pic->linesize[0]; int row_ptr = (avctx->height - 1) * row_dec; int frame_size = row_dec * avctx->height;