[FFmpeg-cvslog] r13475 - trunk/libavcodec/cavsdec.c

michael subversion
Wed May 28 00:10:17 CEST 2008


Author: michael
Date: Wed May 28 00:10:17 2008
New Revision: 13475

Log:
Arrays where one element too small, fixes CID114.
this was possibly exploitable


Modified:
   trunk/libavcodec/cavsdec.c

Modified: trunk/libavcodec/cavsdec.c
==============================================================================
--- trunk/libavcodec/cavsdec.c	(original)
+++ trunk/libavcodec/cavsdec.c	Wed May 28 00:10:17 2008
@@ -116,8 +116,8 @@ static int decode_residual_block(AVSCont
                                  const dec_2dvlc_t *r, int esc_golomb_order,
                                  int qp, uint8_t *dst, int stride) {
     int i, level_code, esc_code, level, run, mask;
-    DCTELEM level_buf[64];
-    uint8_t run_buf[64];
+    DCTELEM level_buf[65];
+    uint8_t run_buf[65];
     DCTELEM *block = h->block;
 
     for(i=0;i<65;i++) {




More information about the ffmpeg-cvslog mailing list