[FFmpeg-cvslog] kgv1dec: Increase offsets array size so it is large enough.
Michael Niedermayer
git at videolan.org
Mon Jun 4 12:51:29 CEST 2012
ffmpeg | branch: release/0.6 | Michael Niedermayer <michaelni at gmx.at> | Wed Jan 25 23:23:35 2012 +0100| [1156f07c6a82af5bd692847d2e66478a28ab1ee2] | committer: Reinhard Tartler
kgv1dec: Increase offsets array size so it is large enough.
Fixes CVE-2011-3945
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 807a045ab7f51993a2c1b3116016cbbd4f3d20d6)
Signed-off-by: Alex Converse <alex.converse at gmail.com>
(cherry picked from commit a02e8df973f5478ec82f4c507f5b5b191a5ecb6b)
(cherry picked from commit d5f2382d0389ed47a566ea536887af908bf9b14f)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
(cherry picked from commit a0b65938b7cf37680a4ce0667444a217a151c551)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1156f07c6a82af5bd692847d2e66478a28ab1ee2
---
libavcodec/kgv1dec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/kgv1dec.c b/libavcodec/kgv1dec.c
index 5af6b3b..494aa11 100644
--- a/libavcodec/kgv1dec.c
+++ b/libavcodec/kgv1dec.c
@@ -38,7 +38,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac
const uint8_t *buf = avpkt->data;
const uint8_t *buf_end = buf + avpkt->size;
KgvContext * const c = avctx->priv_data;
- int offsets[7];
+ int offsets[8];
uint16_t *out, *prev;
int outcnt = 0, maxcnt;
int w, h, i;
@@ -68,7 +68,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac
return -1;
c->prev = prev;
- for (i = 0; i < 7; i++)
+ for (i = 0; i < 8; i++)
offsets[i] = -1;
while (outcnt < maxcnt && buf_end - 2 > buf) {
More information about the ffmpeg-cvslog
mailing list