[FFmpeg-devel] [PATCH] iff: fix invalid reads (ticket 689)
Peter Ross
pross at xvid.org
Sun Nov 27 02:07:47 CET 2011
---
https://ffmpeg.org/trac/ffmpeg/ticket/689
libavcodec/iff.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/iff.c b/libavcodec/iff.c
index c4c614e..30a3f6f 100644
--- a/libavcodec/iff.c
+++ b/libavcodec/iff.c
@@ -464,7 +464,7 @@ static int decode_frame_ilbm(AVCodecContext *avctx,
} else if (s->ham) { // HAM to PIX_FMT_BGR32
for (y = 0; y < avctx->height; y++) {
uint8_t *row = &s->frame.data[0][ y*s->frame.linesize[0] ];
- memset(s->ham_buf, 0, avctx->width);
+ memset(s->ham_buf, 0, s->planesize * 8);
for (plane = 0; plane < s->bpp && buf < buf_end; plane++) {
decodeplane8(s->ham_buf, buf, FFMIN(s->planesize, buf_end - buf), plane);
buf += s->planesize;
@@ -540,7 +540,7 @@ static int decode_frame_byterun1(AVCodecContext *avctx,
} else if (s->ham) { // HAM to PIX_FMT_BGR32
for (y = 0; y < avctx->height ; y++) {
uint8_t *row = &s->frame.data[0][y*s->frame.linesize[0]];
- memset(s->ham_buf, 0, avctx->width);
+ memset(s->ham_buf, 0, s->planesize * 8);
for (plane = 0; plane < s->bpp; plane++) {
buf += decode_byterun(s->planebuf, s->planesize, buf, buf_end);
decodeplane8(s->ham_buf, s->planebuf, s->planesize, plane);
--
1.7.7.1
-- Peter
(A907 E02F A6E5 0CD2 34CD 20D2 6760 79C5 AC40 DD6B)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20111127/b44d7a54/attachment.asc>
More information about the ffmpeg-devel
mailing list