[FFmpeg-cvslog] vorbisdec: fix heap buffer overflow.

Michael Niedermayer git at videolan.org
Thu Aug 2 12:32:26 CEST 2012


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Thu Aug  2 12:21:25 2012 +0200| [8cac86e091118dab5a7463cb6119c940a6b8940c] | committer: Michael Niedermayer

vorbisdec: fix heap buffer overflow.

Found-by: Dale Curtis <dalecurtis at chromium.org>
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8cac86e091118dab5a7463cb6119c940a6b8940c
---

 libavcodec/vorbisdec.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/vorbisdec.c b/libavcodec/vorbisdec.c
index 4ddd978..34ba7ba 100644
--- a/libavcodec/vorbisdec.c
+++ b/libavcodec/vorbisdec.c
@@ -1411,7 +1411,7 @@ static av_always_inline int vorbis_residue_decode_internal(vorbis_context *vc,
                                 }
 
                             } else if (vr_type == 2) {
-                                unsigned voffs_div = FASTDIV(voffset, ch);
+                                unsigned voffs_div = ch == 1 ? voffset : FASTDIV(voffset, ch);
                                 unsigned voffs_mod = voffset - voffs_div * ch;
 
                                 for (k = 0; k < step; ++k) {



More information about the ffmpeg-cvslog mailing list