[FFmpeg-cvslog] cfhd: fix off-by-one error in level check
Andreas Cadhalpun
git at videolan.org
Wed Feb 3 01:21:29 CET 2016
ffmpeg | branch: master | Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com> | Wed Feb 3 00:55:18 2016 +0100| [916da13d6dac8b0d3e8f7b1cb87fa37801cee3f8] | committer: Andreas Cadhalpun
cfhd: fix off-by-one error in level check
This fixes out-of-bounds writes causing segmentation faults.
Found-by: Piotr Bandurski <ami_stuff at o2.pl>
Reviewed-by: Kieran Kunhya <kierank at obe.tv>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=916da13d6dac8b0d3e8f7b1cb87fa37801cee3f8
---
libavcodec/cfhd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/cfhd.c b/libavcodec/cfhd.c
index 410bb7b..2436aae 100644
--- a/libavcodec/cfhd.c
+++ b/libavcodec/cfhd.c
@@ -280,7 +280,7 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, int *got_frame,
s->level++;
av_log(avctx, AV_LOG_DEBUG, "Subband number %"PRIu16"\n", data);
s->subband_num = data;
- if (s->level > DWT_LEVELS) {
+ if (s->level >= DWT_LEVELS) {
av_log(avctx, AV_LOG_ERROR, "Invalid level\n");
ret = AVERROR(EINVAL);
break;
More information about the ffmpeg-cvslog
mailing list