[FFmpeg-cvslog] ogg: Avoid the possibility to read out-of-bounds of a static global array in Vorbis
Chris Evans
git at videolan.org
Thu Jan 5 01:13:03 CET 2012
ffmpeg | branch: release/0.9 | Chris Evans <cevans at chromium.org> | Wed Jan 4 17:24:15 2012 +0100| [6a3fed87498b425d19dee4b57d969e10e2dd5f43] | committer: Michael Niedermayer
ogg: Avoid the possibility to read out-of-bounds of a static global array in Vorbis
decoding.
BUG=100543
Review URL: http://codereview.chromium.org/8365014
This fixes 25% of CVE-2011-3893
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 7149fce2cac0474a5fbc5b47add1158cd8bb283e)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6a3fed87498b425d19dee4b57d969e10e2dd5f43
---
libavcodec/vorbis.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/vorbis.c b/libavcodec/vorbis.c
index 1624948..251442b 100644
--- a/libavcodec/vorbis.c
+++ b/libavcodec/vorbis.c
@@ -156,7 +156,7 @@ void ff_vorbis_ready_floor1_list(vorbis_floor1_entry * list, int values)
}
}
-static inline void render_line_unrolled(intptr_t x, intptr_t y, int x1,
+static inline void render_line_unrolled(intptr_t x, unsigned char y, int x1,
intptr_t sy, int ady, int adx,
float *buf)
{
@@ -191,7 +191,7 @@ static void render_line(int x0, int y0, int x1, int y1, float *buf)
} else {
int base = dy / adx;
int x = x0;
- int y = y0;
+ unsigned char y = y0;
int err = -adx;
ady -= FFABS(base) * adx;
while (++x < x1) {
More information about the ffmpeg-cvslog
mailing list