[FFmpeg-cvslog] vc1dec: Fix global array overread.
Michael Niedermayer
git at videolan.org
Wed Mar 28 15:22:49 CEST 2012
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Wed Mar 28 10:44:43 2012 +0200| [a60a4d704149ab51bd27b63ae763c1d26d075013] | committer: Michael Niedermayer
vc1dec: Fix global array overread.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a60a4d704149ab51bd27b63ae763c1d26d075013
---
libavcodec/vc1dec.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/vc1dec.c b/libavcodec/vc1dec.c
index d538c74..d2923b9 100644
--- a/libavcodec/vc1dec.c
+++ b/libavcodec/vc1dec.c
@@ -1049,8 +1049,8 @@ static void vc1_mc_4mv_chroma4(VC1Context *v)
mquant = v->altpq; \
if ((edges&8) && s->mb_y == (s->mb_height - 1)) \
mquant = v->altpq; \
- if (!mquant) { \
- av_log(v->s.avctx,AV_LOG_ERROR, "zero mquant\n"); \
+ if (!mquant || mquant > 31) { \
+ av_log(v->s.avctx, AV_LOG_ERROR, "invalid mquant %d\n", mquant); \
mquant = 1; \
} \
}
More information about the ffmpeg-cvslog
mailing list