Arrays where one element too small, fixes CID114.

this was possibly exploitable Originally committed as revision 13475 to svn://svn.ffmpeg.org/ffmpeg/trunk
author: Michael Niedermayer <michaelni@gmx.at> 2008-05-27 22:10:17 +0000
committer: Michael Niedermayer <michaelni@gmx.at> 2008-05-27 22:10:17 +0000
commit: 6138ed777db101c26d19b96e6a27b8499ab9f4e7 (patch)
tree: 796ce8a9457be2ee092d9db74ad8ae8f0b2b30d5
parent: 5e5c9086919952af197044a0bdd99bfb1cfec401 (diff)
download: ffmpeg-6138ed777db101c26d19b96e6a27b8499ab9f4e7.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/libavcodec/cavsdec.c b/libavcodec/cavsdec.c
index a7ce8838e7..b212eb93c4 100644
--- a/libavcodec/cavsdec.c
+++ b/libavcodec/cavsdec.c
@@ -116,8 +116,8 @@ static int decode_residual_block(AVSContext *h, GetBitContext *gb,
                                  const dec_2dvlc_t *r, int esc_golomb_order,
                                  int qp, uint8_t *dst, int stride) {
     int i, level_code, esc_code, level, run, mask;
-    DCTELEM level_buf[64];
-    uint8_t run_buf[64];
+    DCTELEM level_buf[65];
+    uint8_t run_buf[65];
     DCTELEM *block = h->block;
 
     for(i=0;i<65;i++) {
author	Michael Niedermayer <michaelni@gmx.at>	2008-05-27 22:10:17 +0000
committer	Michael Niedermayer <michaelni@gmx.at>	2008-05-27 22:10:17 +0000
commit	6138ed777db101c26d19b96e6a27b8499ab9f4e7 (patch)
tree	796ce8a9457be2ee092d9db74ad8ae8f0b2b30d5
parent	5e5c9086919952af197044a0bdd99bfb1cfec401 (diff)
download	ffmpeg-6138ed777db101c26d19b96e6a27b8499ab9f4e7.tar.gz