[FFmpeg-cvslog] vorbis: Avoid some out-of-bounds reads
Chris Evans
git at videolan.org
Sun Jan 8 07:52:51 CET 2012
ffmpeg | branch: release/0.5 | Chris Evans <cevans at chromium.org> | Thu Jan 5 21:25:41 2012 +0100| [665421f3b1a626610206410e5dc12e5e236b92a2] | committer: Reinhard Tartler
vorbis: Avoid some out-of-bounds reads
Fixes Bug: #190
Chromium Bug: #100543
Related to CVE-2011-3893
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
(cherry picked from commit 57cd6d709565e84e84385f8f2a9641ca3fa718be)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
(cherry picked from commit 4a94678f1be4b7d47f862e9523ca3358255da5d4)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
(cherry picked from commit 6d6254ba9fbb22260939c06db1faed5bbd295ad4)
Conflicts:
libavcodec/vorbis.c
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=665421f3b1a626610206410e5dc12e5e236b92a2
---
libavcodec/vorbis.c | 7 ++++---
1 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/libavcodec/vorbis.c b/libavcodec/vorbis.c
index dbc409f..13e7e65 100644
--- a/libavcodec/vorbis.c
+++ b/libavcodec/vorbis.c
@@ -146,13 +146,13 @@ void ff_vorbis_ready_floor1_list(vorbis_floor1_entry * list, int values) {
}
}
-static void render_line(int x0, int y0, int x1, int y1, float * buf) {
+static void render_line(int x0, uint8_t y0, int x1, int y1, float * buf) {
int dy = y1 - y0;
int adx = x1 - x0;
int base = dy / adx;
int ady = FFABS(dy) - FFABS(base) * adx;
int x = x0;
- int y = y0;
+ uint8_t y = y0;
int err = 0;
int sy = dy<0 ? -1 : 1;
buf[x] = ff_vorbis_floor1_inverse_db_table[y];
@@ -168,7 +168,8 @@ static void render_line(int x0, int y0, int x1, int y1, float * buf) {
}
void ff_vorbis_floor1_render_list(vorbis_floor1_entry * list, int values, uint_fast16_t * y_list, int * flag, int multiplier, float * out, int samples) {
- int lx, ly, i;
+ int lx, i;
+ uint8_t ly;
lx = 0;
ly = y_list[0] * multiplier;
for (i = 1; i < values; i++) {
More information about the ffmpeg-cvslog
mailing list