diff options
author | Michael Niedermayer <michaelni@gmx.at> | 2012-04-14 14:49:22 +0200 |
---|---|---|
committer | Anton Khirnov <anton@khirnov.net> | 2012-09-29 19:14:25 +0200 |
commit | 607f57152c59bcec26caaf2060a86d96f76c4e8b (patch) | |
tree | 68317a301c9d1c857c6e81311549d0f05bb539c2 /libavcodec | |
parent | ae3da0ae5550053583a6f281ea7fd940497ea0d1 (diff) | |
download | ffmpeg-607f57152c59bcec26caaf2060a86d96f76c4e8b.tar.gz |
wmalosslessdec: make MCLMS arrays big enough for what is written into them.
Fixes a part of CVE-2012-2795
CC:libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Diffstat (limited to 'libavcodec')
-rw-r--r-- | libavcodec/wmalosslessdec.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/libavcodec/wmalosslessdec.c b/libavcodec/wmalosslessdec.c index c67a392bfe..cfa877f086 100644 --- a/libavcodec/wmalosslessdec.c +++ b/libavcodec/wmalosslessdec.c @@ -129,8 +129,8 @@ typedef struct WmallDecodeCtx { int8_t mclms_scaling; int16_t mclms_coeffs[128]; int16_t mclms_coeffs_cur[4]; - int16_t mclms_prevvalues[64]; - int16_t mclms_updates[64]; + int16_t mclms_prevvalues[WMALL_MAX_CHANNELS * 2 * 32]; + int16_t mclms_updates[WMALL_MAX_CHANNELS * 2 * 32]; int mclms_recent; int movave_scaling; |