[SCM] libav/experimental: Fix possibly exploitable out of buffer writes in msrle_decode_pal4(). This fix is minimalistic, that function should be cleaned up by someone.
siretart at users.alioth.debian.org
siretart at users.alioth.debian.org
Sun Jun 30 17:18:26 UTC 2013
The following commit has been merged in the experimental branch:
commit 7d78a964413a50409b1db441d966cd2810eb6c86
Author: Michael Niedermayer <michaelni at gmx.at>
Date: Tue Nov 2 01:19:15 2010 +0000
Fix possibly exploitable out of buffer writes in msrle_decode_pal4().
This fix is minimalistic, that function should be cleaned up by someone.
Originally committed as revision 25633 to svn://svn.ffmpeg.org/ffmpeg/trunk
diff --git a/libavcodec/msrledec.c b/libavcodec/msrledec.c
index 098e7d8..9751083 100644
--- a/libavcodec/msrledec.c
+++ b/libavcodec/msrledec.c
@@ -45,7 +45,7 @@ static int msrle_decode_pal4(AVCodecContext *avctx, AVPicture *pic,
unsigned char rle_code;
unsigned char extra_byte, odd_pixel;
unsigned char stream_byte;
- int pixel_ptr = 0;
+ unsigned int pixel_ptr = 0;
int row_dec = pic->linesize[0];
int row_ptr = (avctx->height - 1) * row_dec;
int frame_size = row_dec * avctx->height;
--
Libav/FFmpeg packaging
More information about the pkg-multimedia-commits
mailing list