aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Niedermayer <michaelni@gmx.at>2015-02-24 03:12:22 +0100
committerMichael Niedermayer <michaelni@gmx.at>2015-06-10 02:13:09 +0200
commitbc0bf39e4ccfb0a85ddb2b072d42bad2a8e8b1be (patch)
treeeb37ce0befe479bf18baa516cd96fa2a87ed4c42
parent3cca4c770ea6c9b946067df7b0f46716fc864414 (diff)
downloadffmpeg-bc0bf39e4ccfb0a85ddb2b072d42bad2a8e8b1be.tar.gz
avcodec/snowdec: Fix ref value check
Fixes integer overflow and out of array read. Fixes: signal_sigsegv_24169e6_3445_cov_3778346427_snow_chroma_bug.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 8f4cbf940212079a34753c7f4d6c6b5a43586d30) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat
-rw-r--r--libavcodec/snowdec.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/snowdec.c b/libavcodec/snowdec.c
index c8a03277e6..f2ea8de491 100644
--- a/libavcodec/snowdec.c
+++ b/libavcodec/snowdec.c
@@ -156,7 +156,7 @@ static int decode_q_branch(SnowContext *s, int level, int x, int y){
int l = left->color[0];
int cb= left->color[1];
int cr= left->color[2];
- int ref = 0;
+ unsigned ref = 0;
int ref_context= av_log2(2*left->ref) + av_log2(2*top->ref);
int mx_context= av_log2(2*FFABS(left->mx - top->mx)) + 0*av_log2(2*FFABS(tr->mx - top->mx));
int my_context= av_log2(2*FFABS(left->my - top->my)) + 0*av_log2(2*FFABS(tr->my - top->my));
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-23 19:22:42 +0000