From f52edef30197735bfb937e9e723ab1e7b31165c6 Mon Sep 17 00:00:00 2001 From: Kostya Shishkov Date: Wed, 12 Jun 2013 14:22:24 +0200 Subject: [PATCH] smacker: fix an off by one in huff.length computation Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Luca Barbato --- libavcodec/smacker.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c index a89cbd3896..ca9194f576 100644 --- a/libavcodec/smacker.c +++ b/libavcodec/smacker.c @@ -246,7 +246,7 @@ static int smacker_decode_header_tree(SmackVContext *smk, GetBitContext *gb, int ctx.recode2 = tmp2.values; ctx.last = last; - huff.length = ((size + 3) >> 2) + 3; + huff.length = ((size + 3) >> 2) + 4; huff.maxlength = 0; huff.current = 0; huff.values = av_mallocz(huff.length * sizeof(int));