ogg: Avoid the possibility to read out-of-bounds of a static global array in Vorbis

decoding. BUG=100543 Review URL: http://codereview.chromium.org/8365014 This fixes 25% of CVE-2011-3893 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 7149fce2cac0474a5fbc5b47add1158cd8bb283e) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Chris Evans <cevans@chromium.org> 2012-01-04 17:24:15 +0100
committer: Michael Niedermayer <michaelni@gmx.at> 2012-01-04 22:18:56 +0100
commit: 6a3fed87498b425d19dee4b57d969e10e2dd5f43 (patch)
tree: 759ee6e44d9b2d5e7cca9edbd59d58aac66af653 /libavcodec
parent: 49b8709870e4fa4d577ce6909d4bc6e03cedfe4e (diff)
download: ffmpeg-6a3fed87498b425d19dee4b57d969e10e2dd5f43.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/libavcodec/vorbis.c b/libavcodec/vorbis.c
index 1624948626..251442bfc3 100644
--- a/libavcodec/vorbis.c
+++ b/libavcodec/vorbis.c
@@ -156,7 +156,7 @@ void ff_vorbis_ready_floor1_list(vorbis_floor1_entry * list, int values)
     }
 }
 
-static inline void render_line_unrolled(intptr_t x, intptr_t y, int x1,
+static inline void render_line_unrolled(intptr_t x, unsigned char y, int x1,
                                         intptr_t sy, int ady, int adx,
                                         float *buf)
 {
@@ -191,7 +191,7 @@ static void render_line(int x0, int y0, int x1, int y1, float *buf)
     } else {
         int base = dy / adx;
         int x    = x0;
-        int y    = y0;
+        unsigned char y = y0;
         int err  = -adx;
         ady -= FFABS(base) * adx;
         while (++x < x1) {
author	Chris Evans <cevans@chromium.org>	2012-01-04 17:24:15 +0100
committer	Michael Niedermayer <michaelni@gmx.at>	2012-01-04 22:18:56 +0100
commit	6a3fed87498b425d19dee4b57d969e10e2dd5f43 (patch)
tree	759ee6e44d9b2d5e7cca9edbd59d58aac66af653 /libavcodec
parent	49b8709870e4fa4d577ce6909d4bc6e03cedfe4e (diff)
download	ffmpeg-6a3fed87498b425d19dee4b57d969e10e2dd5f43.tar.gz