[FFmpeg-cvslog] aacdec: Fix an off-by-one overwrite when switching to LTP profile from MAIN .
Alex Converse
git at videolan.org
Thu Jan 17 02:30:59 CET 2013
ffmpeg | branch: release/0.10 | Alex Converse <alex.converse at gmail.com> | Tue Dec 11 17:26:10 2012 -0800| [a4a63bf5b55f9b42b752301ae417ee3f50f5a594] | committer: Reinhard Tartler
aacdec: Fix an off-by-one overwrite when switching to LTP profile from MAIN.
Found-by: pawlkt
CC: libav-stable at libav.org
Fixes: CVE-2012-5144
(cherry picked from commit 6d5b0092678b2a95dfe209a207550bd2fe9ef646)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a4a63bf5b55f9b42b752301ae417ee3f50f5a594
---
libavcodec/aacdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/aacdec.c b/libavcodec/aacdec.c
index 2b9b45c..6478c77 100644
--- a/libavcodec/aacdec.c
+++ b/libavcodec/aacdec.c
@@ -1747,7 +1747,7 @@ static void apply_tns(float coef[1024], TemporalNoiseShaping *tns,
int w, filt, m, i;
int bottom, top, order, start, end, size, inc;
float lpc[TNS_MAX_ORDER];
- float tmp[TNS_MAX_ORDER];
+ float tmp[TNS_MAX_ORDER + 1];
for (w = 0; w < ics->num_windows; w++) {
bottom = ics->num_swb;
More information about the ffmpeg-cvslog
mailing list