[FFmpeg-devel] [PATCH] cfhd: fix off-by-one error in level check

Andreas Cadhalpun andreas.cadhalpun at googlemail.com
Wed Feb 3 00:59:42 CET 2016


This fixes out-of-bounds writes causing segmentation faults.

Found-by: Piotr Bandurski <ami_stuff at o2.pl>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
---

Didn't you want to fix this before pushing?

---
 libavcodec/cfhd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/cfhd.c b/libavcodec/cfhd.c
index 410bb7b..2436aae 100644
--- a/libavcodec/cfhd.c
+++ b/libavcodec/cfhd.c
@@ -280,7 +280,7 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, int *got_frame,
                 s->level++;
             av_log(avctx, AV_LOG_DEBUG, "Subband number %"PRIu16"\n", data);
             s->subband_num = data;
-            if (s->level > DWT_LEVELS) {
+            if (s->level >= DWT_LEVELS) {
                 av_log(avctx, AV_LOG_ERROR, "Invalid level\n");
                 ret = AVERROR(EINVAL);
                 break;
-- 
2.7.0


More information about the ffmpeg-devel mailing list