wmalosslessdec: fix a get_bits(0) in decode_ac_filter

Fixes a part of CVE-2012-2795 CC:libav-stable@libav.org Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Anton Khirnov <anton@khirnov.net>
author: Michael Niedermayer <michaelni@gmx.at> 2012-04-14 14:50:25 +0200
committer: Anton Khirnov <anton@khirnov.net> 2012-09-29 19:15:27 +0200
commit: f48fbf2eb5ba7015c65b31c266edf399dd6a82b1 (patch)
tree: 75662f4c22dc6e6d0d0e9c84d3b4604036781bc5 /libavcodec/wmalosslessdec.c
parent: 607f57152c59bcec26caaf2060a86d96f76c4e8b (diff)
download: ffmpeg-f48fbf2eb5ba7015c65b31c266edf399dd6a82b1.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/libavcodec/wmalosslessdec.c b/libavcodec/wmalosslessdec.c
index cfa877f086..dc83b0607b 100644
--- a/libavcodec/wmalosslessdec.c
+++ b/libavcodec/wmalosslessdec.c
@@ -406,7 +406,8 @@ static void decode_ac_filter(WmallDecodeCtx *s)
     s->acfilter_scaling = get_bits(&s->gb, 4);
 
     for (i = 0; i < s->acfilter_order; i++)
-        s->acfilter_coeffs[i] = get_bits(&s->gb, s->acfilter_scaling) + 1;
+        s->acfilter_coeffs[i] = (s->acfilter_scaling ?
+                                 get_bits(&s->gb, s->acfilter_scaling) : 0) + 1;
 }
 
 static void decode_mclms(WmallDecodeCtx *s)
author	Michael Niedermayer <michaelni@gmx.at>	2012-04-14 14:50:25 +0200
committer	Anton Khirnov <anton@khirnov.net>	2012-09-29 19:15:27 +0200
commit	f48fbf2eb5ba7015c65b31c266edf399dd6a82b1 (patch)
tree	75662f4c22dc6e6d0d0e9c84d3b4604036781bc5 /libavcodec/wmalosslessdec.c
parent	607f57152c59bcec26caaf2060a86d96f76c4e8b (diff)
download	ffmpeg-f48fbf2eb5ba7015c65b31c266edf399dd6a82b1.tar.gz