[FFmpeg-cvslog] avcodec/scpr: mask bits to prevent out of array read
Michael Niedermayer
git at videolan.org
Fri Jun 2 03:03:18 EEST 2017
ffmpeg | branch: release/3.3 | Michael Niedermayer <michael at niedermayer.cc> | Tue May 16 02:22:37 2017 +0200| [21d50c185db03349282bc718f8aa4b7bb3d355a2] | committer: Michael Niedermayer
avcodec/scpr: mask bits to prevent out of array read
Fixes: 1615/clusterfuzz-testcase-minimized-6625214647500800
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5666b95c9f27efa6f9b1e1bb6c592b9a8d78bca5)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=21d50c185db03349282bc718f8aa4b7bb3d355a2
---
libavcodec/scpr.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/scpr.c b/libavcodec/scpr.c
index 286fffbf35..b4cc7df07f 100644
--- a/libavcodec/scpr.c
+++ b/libavcodec/scpr.c
@@ -488,7 +488,7 @@ static int decompress_i(AVCodecContext *avctx, uint32_t *dst, int linesize)
if (avctx->bits_per_coded_sample == 16) {
cx1 = (clr & 0x3F00) >> 2;
- cx = (clr & 0xFFFFFF) >> 16;
+ cx = (clr & 0x3FFFFF) >> 16;
} else {
cx1 = (clr & 0xFC00) >> 4;
cx = (clr & 0xFFFFFF) >> 18;
@@ -726,7 +726,7 @@ static int decompress_p(AVCodecContext *avctx,
if (avctx->bits_per_coded_sample == 16) {
cx1 = (clr & 0x3F00) >> 2;
- cx = (clr & 0xFFFFFF) >> 16;
+ cx = (clr & 0x3FFFFF) >> 16;
} else {
cx1 = (clr & 0xFC00) >> 4;
cx = (clr & 0xFFFFFF) >> 18;
More information about the ffmpeg-cvslog
mailing list