error concealment: initialize block index.

Fixes CVE-2011-3941 (out of bounds write) Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer <michaelni@gmx.at> 2012-01-24 20:54:27 +0100
committer: Michael Niedermayer <michaelni@gmx.at> 2012-01-24 21:08:41 +0100
commit: c77be3a35a0160d6af88056b0899f120f2eef38e (patch)
tree: f5c80f972c263e247039bc79595f116f461377e0 /libavcodec
parent: f1721fbc52534efb8f462e09c88d92f6f8637b97 (diff)
download: ffmpeg-c77be3a35a0160d6af88056b0899f120f2eef38e.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/libavcodec/error_resilience.c b/libavcodec/error_resilience.c
index 8bb5d0c0de..d55c0006ef 100644
--- a/libavcodec/error_resilience.c
+++ b/libavcodec/error_resilience.c
@@ -46,6 +46,9 @@ static void decode_mb(MpegEncContext *s, int ref)
     s->dest[1] = s->current_picture.f.data[1] + (s->mb_y * (16 >> s->chroma_y_shift) * s->uvlinesize) + s->mb_x * (16 >> s->chroma_x_shift);
     s->dest[2] = s->current_picture.f.data[2] + (s->mb_y * (16 >> s->chroma_y_shift) * s->uvlinesize) + s->mb_x * (16 >> s->chroma_x_shift);
 
+    ff_init_block_index(s);
+    ff_update_block_index(s);
+
     if (CONFIG_H264_DECODER && s->codec_id == CODEC_ID_H264) {
         H264Context *h = (void*)s;
         h->mb_xy = s->mb_x + s->mb_y * s->mb_stride;
author	Michael Niedermayer <michaelni@gmx.at>	2012-01-24 20:54:27 +0100
committer	Michael Niedermayer <michaelni@gmx.at>	2012-01-24 21:08:41 +0100
commit	c77be3a35a0160d6af88056b0899f120f2eef38e (patch)
tree	f5c80f972c263e247039bc79595f116f461377e0 /libavcodec
parent	f1721fbc52534efb8f462e09c88d92f6f8637b97 (diff)
download	ffmpeg-c77be3a35a0160d6af88056b0899f120f2eef38e.tar.gz