[FFmpeg-cvslog] avcodec/truemotion1: Initialize mb_change_byte only when needed
Michael Niedermayer
git at videolan.org
Thu Nov 5 15:19:36 CET 2015
ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Thu Nov 5 03:15:24 2015 +0100| [a813cdda487e252681df36f675332b04c2e0e5a6] | committer: Michael Niedermayer
avcodec/truemotion1: Initialize mb_change_byte only when needed
Fixes out of array read
Fixes: d92114d8c2a019b8a6e50cd2a7301b54/asan_heap-oob_26bf563_60_1d3420277533de9dbf8aba3f93af346f.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a813cdda487e252681df36f675332b04c2e0e5a6
---
libavcodec/truemotion1.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libavcodec/truemotion1.c b/libavcodec/truemotion1.c
index b8d0de4..da843c4 100644
--- a/libavcodec/truemotion1.c
+++ b/libavcodec/truemotion1.c
@@ -645,7 +645,8 @@ static void truemotion1_decode_16bit(TrueMotion1Context *s)
current_pixel_pair = (unsigned int *)current_line;
vert_pred = s->vert_pred;
mb_change_index = 0;
- mb_change_byte = mb_change_bits[mb_change_index++];
+ if (!keyframe)
+ mb_change_byte = mb_change_bits[mb_change_index++];
mb_change_byte_mask = 0x01;
pixels_left = s->avctx->width;
More information about the ffmpeg-cvslog
mailing list