aboutsummaryrefslogtreecommitdiffstats
path: root/libavcodec
diff options
context:
space:
mode:
authorMichael Niedermayer <michaelni@gmx.at>2012-04-14 14:49:22 +0200
committerAnton Khirnov <anton@khirnov.net>2012-09-29 19:14:25 +0200
commit607f57152c59bcec26caaf2060a86d96f76c4e8b (patch)
tree68317a301c9d1c857c6e81311549d0f05bb539c2 /libavcodec
parentae3da0ae5550053583a6f281ea7fd940497ea0d1 (diff)
downloadffmpeg-607f57152c59bcec26caaf2060a86d96f76c4e8b.tar.gz
wmalosslessdec: make MCLMS arrays big enough for what is written into them.
Fixes a part of CVE-2012-2795 CC:libav-stable@libav.org Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Anton Khirnov <anton@khirnov.net>
Diffstat (limited to 'libavcodec')
-rw-r--r--libavcodec/wmalosslessdec.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/libavcodec/wmalosslessdec.c b/libavcodec/wmalosslessdec.c
index c67a392bfe..cfa877f086 100644
--- a/libavcodec/wmalosslessdec.c
+++ b/libavcodec/wmalosslessdec.c
@@ -129,8 +129,8 @@ typedef struct WmallDecodeCtx {
int8_t mclms_scaling;
int16_t mclms_coeffs[128];
int16_t mclms_coeffs_cur[4];
- int16_t mclms_prevvalues[64];
- int16_t mclms_updates[64];
+ int16_t mclms_prevvalues[WMALL_MAX_CHANNELS * 2 * 32];
+ int16_t mclms_updates[WMALL_MAX_CHANNELS * 2 * 32];
int mclms_recent;
int movave_scaling;