wmalosslessdec: make MCLMS arrays big enough for what is written into them.

Fixes a part of CVE-2012-2795 CC:libav-stable@libav.org Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Anton Khirnov <anton@khirnov.net>
author: Michael Niedermayer <michaelni@gmx.at> 2012-04-14 14:49:22 +0200
committer: Anton Khirnov <anton@khirnov.net> 2012-09-29 19:14:25 +0200
commit: 607f57152c59bcec26caaf2060a86d96f76c4e8b (patch)
tree: 68317a301c9d1c857c6e81311549d0f05bb539c2 /libavcodec/wmalosslessdec.c
parent: ae3da0ae5550053583a6f281ea7fd940497ea0d1 (diff)
download: ffmpeg-607f57152c59bcec26caaf2060a86d96f76c4e8b.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/libavcodec/wmalosslessdec.c b/libavcodec/wmalosslessdec.c
index c67a392bfe..cfa877f086 100644
--- a/libavcodec/wmalosslessdec.c
+++ b/libavcodec/wmalosslessdec.c
@@ -129,8 +129,8 @@ typedef struct WmallDecodeCtx {
     int8_t  mclms_scaling;
     int16_t mclms_coeffs[128];
     int16_t mclms_coeffs_cur[4];
-    int16_t mclms_prevvalues[64];
-    int16_t mclms_updates[64];
+    int16_t mclms_prevvalues[WMALL_MAX_CHANNELS * 2 * 32];
+    int16_t mclms_updates[WMALL_MAX_CHANNELS * 2 * 32];
     int     mclms_recent;
 
     int     movave_scaling;
author	Michael Niedermayer <michaelni@gmx.at>	2012-04-14 14:49:22 +0200
committer	Anton Khirnov <anton@khirnov.net>	2012-09-29 19:14:25 +0200
commit	607f57152c59bcec26caaf2060a86d96f76c4e8b (patch)
tree	68317a301c9d1c857c6e81311549d0f05bb539c2 /libavcodec/wmalosslessdec.c
parent	ae3da0ae5550053583a6f281ea7fd940497ea0d1 (diff)
download	ffmpeg-607f57152c59bcec26caaf2060a86d96f76c4e8b.tar.gz