[FFmpeg-cvslog] avcodec/cinepak: fix integer underflow

Michael Niedermayer git at videolan.org
Fri Nov 28 20:02:27 CET 2014


ffmpeg | branch: release/2.1 | Michael Niedermayer <michaelni at gmx.at> | Fri Oct  3 19:33:01 2014 +0200| [96357894ff9ac019edced85d51cf4a509c12116c] | committer: Michael Niedermayer

avcodec/cinepak: fix integer underflow

Fixes out of array access
Fixes: asan_heap-oob_4da0ba_6_asan_heap-oob_4da0ba_241_cvid_crash.avi

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit e7e5114c506957f40aafd794e06de1a7e341e9d5)

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=96357894ff9ac019edced85d51cf4a509c12116c
---

 libavcodec/cinepak.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/cinepak.c b/libavcodec/cinepak.c
index 082d0b2..d0d07bc 100644
--- a/libavcodec/cinepak.c
+++ b/libavcodec/cinepak.c
@@ -135,7 +135,7 @@ static int cinepak_decode_vectors (CinepakContext *s, cvid_strip *strip,
     const uint8_t   *eod = (data + size);
     uint32_t         flag, mask;
     uint8_t         *cb0, *cb1, *cb2, *cb3;
-    unsigned int     x, y;
+    int             x, y;
     char            *ip0, *ip1, *ip2, *ip3;
 
     flag = 0;



More information about the ffmpeg-cvslog mailing list