diff options
| author | Michael Niedermayer <michael@niedermayer.cc> | 2019-11-16 00:10:53 +0100 |
|---|---|---|
| committer | Michael Niedermayer <michael@niedermayer.cc> | 2019-11-20 00:14:03 +0100 |
| commit | d73f06270600c37c74beeceac37f593838ced383 (patch) | |
| tree | 1aabf5bbbd830ef6c76906e3896f48f244e692af | |
| parent | fdf46b4a6b36dd8551adc29c455326b1a13b4acb (diff) | |
| download | ffmpeg-d73f06270600c37c74beeceac37f593838ced383.tar.gz | |
avcodec/dvdec: Use av_clip_uint8 instead of ff_crop_tab
Fixes: out of array access
Fixes: 18788/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DVVIDEO_fuzzer-6254863113781248
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Baptiste Coudurier <baptiste.coudurier@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
| -rw-r--r-- | libavcodec/dvdec.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/libavcodec/dvdec.c b/libavcodec/dvdec.c index 578d7f505f..c526091eb4 100644 --- a/libavcodec/dvdec.c +++ b/libavcodec/dvdec.c @@ -272,11 +272,10 @@ static inline void bit_copy(PutBitContext *pb, GetBitContext *gb) static av_always_inline void put_block_8x4(int16_t *block, uint8_t *av_restrict p, int stride) { int i, j; - const uint8_t *cm = ff_crop_tab + MAX_NEG_CROP; for (i = 0; i < 4; i++) { for (j = 0; j < 8; j++) - p[j] = cm[block[j]]; + p[j] = av_clip_uint8(block[j]); block += 8; p += stride; } |