[FFmpeg-cvslog] r25633 - trunk/libavcodec/msrledec.c

michael subversion
Tue Nov 2 02:19:15 CET 2010


Author: michael
Date: Tue Nov  2 02:19:15 2010
New Revision: 25633

Log:
Fix possibly exploitable out of buffer writes in msrle_decode_pal4().
This fix is minimalistic, that function should be cleaned up by someone.

Modified:
   trunk/libavcodec/msrledec.c

Modified: trunk/libavcodec/msrledec.c
==============================================================================
--- trunk/libavcodec/msrledec.c	Tue Nov  2 02:19:12 2010	(r25632)
+++ trunk/libavcodec/msrledec.c	Tue Nov  2 02:19:15 2010	(r25633)
@@ -45,7 +45,7 @@ static int msrle_decode_pal4(AVCodecCont
     unsigned char rle_code;
     unsigned char extra_byte, odd_pixel;
     unsigned char stream_byte;
-    int pixel_ptr = 0;
+    unsigned int pixel_ptr = 0;
     int row_dec = pic->linesize[0];
     int row_ptr = (avctx->height - 1) * row_dec;
     int frame_size = row_dec * avctx->height;



More information about the ffmpeg-cvslog mailing list