wmalosslessdec: Fix reading too many bits in decode_channel_residues()

Fixes a part of CVE-2012-2795 CC:libav-stable@libav.org Based on a patch by Michael Niedermayer <michaelni@gmx.at> Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
author: Anton Khirnov <anton@khirnov.net> 2012-09-29 19:16:32 +0200
committer: Anton Khirnov <anton@khirnov.net> 2012-09-29 19:16:32 +0200
commit: 6a99310fce49f51773ab7d8ffa4f4748bbf58db9 (patch)
tree: 778a0336b11945e4c0b8ba9165195b876042ed8f /libavcodec/wmalosslessdec.c
parent: f48fbf2eb5ba7015c65b31c266edf399dd6a82b1 (diff)
download: ffmpeg-6a99310fce49f51773ab7d8ffa4f4748bbf58db9.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/wmalosslessdec.c b/libavcodec/wmalosslessdec.c
index dc83b0607b..b97f39752c 100644
--- a/libavcodec/wmalosslessdec.c
+++ b/libavcodec/wmalosslessdec.c
@@ -520,7 +520,7 @@ static int decode_channel_residues(WmallDecodeCtx *s, int ch, int tile_size)
             residue = quo;
         else {
             rem_bits = av_ceil_log2(ave_mean);
-            rem      = rem_bits ? get_bits(&s->gb, rem_bits) : 0;
+            rem      = rem_bits ? get_bits_long(&s->gb, rem_bits) : 0;
             residue  = (quo << rem_bits) + rem;
         }
author	Anton Khirnov <anton@khirnov.net>	2012-09-29 19:16:32 +0200
committer	Anton Khirnov <anton@khirnov.net>	2012-09-29 19:16:32 +0200
commit	6a99310fce49f51773ab7d8ffa4f4748bbf58db9 (patch)
tree	778a0336b11945e4c0b8ba9165195b876042ed8f /libavcodec/wmalosslessdec.c
parent	f48fbf2eb5ba7015c65b31c266edf399dd6a82b1 (diff)
download	ffmpeg-6a99310fce49f51773ab7d8ffa4f4748bbf58db9.tar.gz