kgv1dec: Increase offsets array size so it is large enough.

Fixes CVE-2011-3945 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 807a045ab7f51993a2c1b3116016cbbd4f3d20d6) Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit a02e8df973f5478ec82f4c507f5b5b191a5ecb6b)
author: Michael Niedermayer <michaelni@gmx.at> 2012-01-25 23:23:35 +0100
committer: Alex Converse <alex.converse@gmail.com> 2012-03-06 15:28:00 -0800
commit: d5f2382d0389ed47a566ea536887af908bf9b14f (patch)
tree: 1e23651b423834dedcdfc17f56af9a85f1ef2e3e
parent: 416849f2e06227b1b4a451c392f100db1d709a0c (diff)
download: ffmpeg-d5f2382d0389ed47a566ea536887af908bf9b14f.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/libavcodec/kgv1dec.c b/libavcodec/kgv1dec.c
index c4c3dac016..42bbcae530 100644
--- a/libavcodec/kgv1dec.c
+++ b/libavcodec/kgv1dec.c
@@ -46,7 +46,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac
     const uint8_t *buf = avpkt->data;
     const uint8_t *buf_end = buf + avpkt->size;
     KgvContext * const c = avctx->priv_data;
-    int offsets[7];
+    int offsets[8];
     uint16_t *out, *prev;
     int outcnt = 0, maxcnt;
     int w, h, i, res;
@@ -79,7 +79,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac
         prev = NULL;
     }
 
-    for (i = 0; i < 7; i++)
+    for (i = 0; i < 8; i++)
         offsets[i] = -1;
 
     while (outcnt < maxcnt && buf_end - 2 > buf) {
author	Michael Niedermayer <michaelni@gmx.at>	2012-01-25 23:23:35 +0100
committer	Alex Converse <alex.converse@gmail.com>	2012-03-06 15:28:00 -0800
commit	d5f2382d0389ed47a566ea536887af908bf9b14f (patch)
tree	1e23651b423834dedcdfc17f56af9a85f1ef2e3e
parent	416849f2e06227b1b4a451c392f100db1d709a0c (diff)
download	ffmpeg-d5f2382d0389ed47a566ea536887af908bf9b14f.tar.gz