[FFmpeg-cvslog] mss1: improve check if decoded pivot is invalid
Paul B Mahol
git at videolan.org
Sun Jul 15 04:15:53 CEST 2012
ffmpeg | branch: master | Paul B Mahol <onemda at gmail.com> | Sat Jul 14 23:27:21 2012 +0000| [6ad45600313f0df1abf31abdd28f4339dbdc7ca0] | committer: Paul B Mahol
mss1: improve check if decoded pivot is invalid
The pivot has to lie between 0 and base.
Check of ==base is insufficient.
Thus replace it by a proper check.
Fixes out of array write.
Fixes bug #1531.
Found-by: Piotr Bandurski <ami_stuff at o2.pl>
Signed-off-by: Paul B Mahol <onemda at gmail.com>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6ad45600313f0df1abf31abdd28f4339dbdc7ca0
---
libavcodec/mss1.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/mss1.c b/libavcodec/mss1.c
index 302a5b8..4be7a1f 100644
--- a/libavcodec/mss1.c
+++ b/libavcodec/mss1.c
@@ -575,7 +575,7 @@ static int decode_pivot(MSS1Context *ctx, ArithCoder *acoder, int base)
val = arith_get_number(acoder, (base + 1) / 2 - 2) + 3;
}
- if (val == base) {
+ if ((unsigned)val >= base) {
ctx->corrupted = 1;
return 0;
}
More information about the ffmpeg-cvslog
mailing list