[FFmpeg-cvslog] avcodec/dvdsubdec: Fix off by 1 error
Michael Niedermayer
git at videolan.org
Sun Dec 4 22:12:57 EET 2016
ffmpeg | branch: release/3.0 | Michael Niedermayer <michael at niedermayer.cc> | Wed Oct 26 00:11:52 2016 +0200| [9ec40eacb1696933b507bf6860d149f0c25494b6] | committer: Michael Niedermayer
avcodec/dvdsubdec: Fix off by 1 error
Fixes out of array read
Found-by: Thomas Garnier using libFuzzer
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c92f55847a3d9cd12db60bfcd0831ff7f089c37c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9ec40eacb1696933b507bf6860d149f0c25494b6
---
libavcodec/dvdsubdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/dvdsubdec.c b/libavcodec/dvdsubdec.c
index 783a24f..4ae63b4 100644
--- a/libavcodec/dvdsubdec.c
+++ b/libavcodec/dvdsubdec.c
@@ -185,7 +185,7 @@ static void guess_palette(DVDSubContext* ctx,
for(i = 0; i < 4; i++) {
if (alpha[i] != 0) {
if (!color_used[colormap[i]]) {
- level = level_map[nb_opaque_colors][j];
+ level = level_map[nb_opaque_colors - 1][j];
r = (((subtitle_color >> 16) & 0xff) * level) >> 8;
g = (((subtitle_color >> 8) & 0xff) * level) >> 8;
b = (((subtitle_color >> 0) & 0xff) * level) >> 8;
More information about the ffmpeg-cvslog
mailing list