[FFmpeg-cvslog] avcodec/rka: fix array overflow
Paul B Mahol
git at videolan.org
Wed Feb 15 15:17:39 EET 2023
ffmpeg | branch: master | Paul B Mahol <onemda at gmail.com> | Wed Feb 15 13:54:11 2023 +0100| [cb350367660032e2e47fa379a3f119ddf60eb029] | committer: Paul B Mahol
avcodec/rka: fix array overflow
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cb350367660032e2e47fa379a3f119ddf60eb029
---
libavcodec/rka.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/libavcodec/rka.c b/libavcodec/rka.c
index 7b3ba771a6..8719325a9e 100644
--- a/libavcodec/rka.c
+++ b/libavcodec/rka.c
@@ -77,8 +77,8 @@ typedef struct ChContext {
Model64 mdl64[4][11];
- int32_t buf0[12001];
- int32_t buf1[12001];
+ int32_t buf0[131072+2560];
+ int32_t buf1[131072+2560];
} ChContext;
typedef struct RKAContext {
@@ -701,6 +701,9 @@ static int decode_filter(RKAContext *s, ChContext *ctx, ACoder *ac, int off, uns
for (int y = 0; y < FFMIN(split, size - x); y++, off++) {
int midx, shift = idx, *src, sum = 16;
+ if (off >= FF_ARRAY_ELEMS(ctx->buf0))
+ return -1;
+
midx = FFABS(last_val) >> shift;
if (midx >= 15) {
mdl64 = &ctx->mdl64[3][idx];
More information about the ffmpeg-cvslog
mailing list