diff options
| author | Michael Niedermayer <michael@niedermayer.cc> | 2017-10-09 00:32:30 +0200 |
|---|---|---|
| committer | Michael Niedermayer <michael@niedermayer.cc> | 2018-01-31 22:56:14 +0100 |
| commit | 0d9baa6d16cc84a12f0c73af383c5242a3e4c451 (patch) | |
| tree | a9a23133030acdb2b0a3457517a21f67e9ee410a | |
| parent | fd21cec8a9e7e22cff392db265508c72892b8152 (diff) | |
| download | ffmpeg-0d9baa6d16cc84a12f0c73af383c5242a3e4c451.tar.gz | |
avcodec/mpeg_er: Clear mcsel in mpeg_er_decode_mb()
Fixes out of array read
Should fix: 3516/clusterfuzz-testcase-minimized-4608518562775040 (not reprodoceable)
Found-by: Insu Yun, Georgia Tech.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 127a362630e11fe724e2e63fc871791fdcbcfa64)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
| -rw-r--r-- | libavcodec/mpeg_er.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/libavcodec/mpeg_er.c b/libavcodec/mpeg_er.c index dd87ae9cc9..9bd269c440 100644 --- a/libavcodec/mpeg_er.c +++ b/libavcodec/mpeg_er.c @@ -71,6 +71,7 @@ static void mpeg_er_decode_mb(void *opaque, int ref, int mv_dir, int mv_type, s->mb_skipped = mb_skipped; s->mb_x = mb_x; s->mb_y = mb_y; + s->mcsel = 0; memcpy(s->mv, mv, sizeof(*mv)); ff_init_block_index(s); |