aboutsummaryrefslogtreecommitdiffstats
path: root/libavcodec/mjpegdec.c
diff options
context:
space:
mode:
authorMichael Niedermayer <michaelni@gmx.at>2014-01-31 20:59:57 +0100
committerMichael Niedermayer <michaelni@gmx.at>2014-01-31 21:47:44 +0100
commit19b41f86457d945e98c236f67faf59d560861a4c (patch)
tree37ad09e4e70f3d9431d9317b3a434157babe5857 /libavcodec/mjpegdec.c
parentf58eab151214d2d35ff0973f2b3e51c5eb372da4 (diff)
downloadffmpeg-19b41f86457d945e98c236f67faf59d560861a4c.tar.gz
avcodec/mjpegdec: use the correct linesize in the flipping code
Fixes out of array access No releases should be affected Depends on 7c3700cd1d8683966b21fffbf02e326d0bd14e06, do not backport without this one Fixes: asan_heap-oob_14a37fe_9111_cov_1692584941_test4.amv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat (limited to 'libavcodec/mjpegdec.c')
-rw-r--r--libavcodec/mjpegdec.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index 464b1d8369..0ed9c0a41b 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -2052,12 +2052,12 @@ the_end:
h = FF_CEIL_RSHIFT(h, vshift);
}
if(dst){
- uint8_t *dst2 = dst + s->linesize[index]*(h-1);
+ uint8_t *dst2 = dst + s->picture_ptr->linesize[index]*(h-1);
for (i=0; i<h/2; i++) {
for (j=0; j<w; j++)
FFSWAP(int, dst[j], dst2[j]);
- dst += s->linesize[index];
- dst2 -= s->linesize[index];
+ dst += s->picture_ptr->linesize[index];
+ dst2 -= s->picture_ptr->linesize[index];
}
}
}