[FFmpeg-cvslog] r21712 - in branches/0.5: . libavcodec/ffv1.c

siretart subversion
Tue Feb 9 19:55:41 CET 2010


Author: siretart
Date: Tue Feb  9 19:55:41 2010
New Revision: 21712

Log:
Fix a possibly exploitable buffer overflow.

backported r18640 by michael

Modified:
   branches/0.5/   (props changed)
   branches/0.5/libavcodec/ffv1.c

Modified: branches/0.5/libavcodec/ffv1.c
==============================================================================
--- branches/0.5/libavcodec/ffv1.c	Tue Feb  9 19:51:11 2010	(r21711)
+++ branches/0.5/libavcodec/ffv1.c	Tue Feb  9 19:55:41 2010	(r21712)
@@ -248,10 +248,9 @@ static inline int get_symbol(RangeCoder 
     else{
         int i, e, a;
         e= 0;
-        while(get_rac(c, state+1 + e)){ //1..10
+        while(get_rac(c, state+1 + e) && e<9){ //1..10
             e++;
         }
-        assert(e<=9);
 
         a= 1;
         for(i=e-1; i>=0; i--){



More information about the ffmpeg-cvslog mailing list