virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00
Code Issues Releases Activity

kgv1dec: Increase offsets array size so it is large enough.

Browse Source 
Fixes CVE-2011-3945

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 807a045ab7)

Signed-off-by: Alex Converse <alex.converse@gmail.com>
This commit is contained in:
Michael Niedermayer 2012-01-25 23:23:35 +01:00 committed by Alex Converse
parent 386741f887
commit a02e8df973
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libavcodec/kgv1dec.c
View File

@ -39,7 +39,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac
const uint8_t *buf = avpkt->data; const uint8_t *buf = avpkt->data;
const uint8_t *buf_end = buf + avpkt->size; const uint8_t *buf_end = buf + avpkt->size;
KgvContext * const c = avctx->priv_data; KgvContext * const c = avctx->priv_data;
int offsets[7]; int offsets[8];
uint16_t *out, *prev; uint16_t *out, *prev;
int outcnt = 0, maxcnt; int outcnt = 0, maxcnt;
int w, h, i; int w, h, i;
@ -69,7 +69,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac
return -1; return -1;
c->prev = prev; c->prev = prev;
for (i = 0; i < 7; i++) for (i = 0; i < 8; i++)
offsets[i] = -1; offsets[i] = -1;
while (outcnt < maxcnt && buf_end - 2 > buf) { while (outcnt < maxcnt && buf_end - 2 > buf) {