diff options
| author | Reinhard Tartler <siretart@tauware.de> | 2010-02-09 18:55:41 +0000 |
|---|---|---|
| committer | Reinhard Tartler <siretart@tauware.de> | 2010-02-09 18:55:41 +0000 |
| commit | c42640b20049517ce641e802935db28c7cdc32ae (patch) | |
| tree | e2709fc871de692339261753276caf6d236a1a4d | |
| parent | ef84190a1ab777c35ea9fec64c3ab6ce641b79e5 (diff) | |
| download | ffmpeg-c42640b20049517ce641e802935db28c7cdc32ae.tar.gz | |
Fix a possibly exploitable buffer overflow.
backported r18640 by michael
Originally committed as revision 21712 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5
| -rw-r--r-- | libavcodec/ffv1.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/libavcodec/ffv1.c b/libavcodec/ffv1.c index 72c5fbd881..ccfcb62dc4 100644 --- a/libavcodec/ffv1.c +++ b/libavcodec/ffv1.c @@ -248,10 +248,9 @@ static inline int get_symbol(RangeCoder *c, uint8_t *state, int is_signed){ else{ int i, e, a; e= 0; - while(get_rac(c, state+1 + e)){ //1..10 + while(get_rac(c, state+1 + e) && e<9){ //1..10 e++; } - assert(e<=9); a= 1; for(i=e-1; i>=0; i--){ |