[FFmpeg-devel] [PATCH] vp8: Fix off by one allocation leading to oob read/write.

dalecurtis at chromium.org dalecurtis at chromium.org
Thu Apr 12 03:14:27 CEST 2012


From: Dale Curtis <dalecurtis at chromium.org>

It's possible this is due to an incorrect calculation elsewhere,
but my expertise ran out.

Signed-off-by: Dale Curtis <dalecurtis at chromium.org>
---
 libavcodec/vp8.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/libavcodec/vp8.c b/libavcodec/vp8.c
index 07e5b61..5635bb3 100644
--- a/libavcodec/vp8.c
+++ b/libavcodec/vp8.c
@@ -124,7 +124,7 @@ static int update_dimensions(VP8Context *s, int width, int height)
     s->macroblocks_base        = av_mallocz((s->mb_width+s->mb_height*2+1)*sizeof(*s->macroblocks));
     s->filter_strength         = av_mallocz(s->mb_width*sizeof(*s->filter_strength));
     s->intra4x4_pred_mode_top  = av_mallocz(s->mb_width*4);
-    s->top_nnz                 = av_mallocz(s->mb_width*sizeof(*s->top_nnz));
+    s->top_nnz                 = av_mallocz((s->mb_width+1)*sizeof(*s->top_nnz));
     s->top_border              = av_mallocz((s->mb_width+1)*sizeof(*s->top_border));
 
     if (!s->macroblocks_base || !s->filter_strength || !s->intra4x4_pred_mode_top ||
-- 
1.7.7.3



More information about the ffmpeg-devel mailing list