Module: ffmpeg Branch: release/0.5 Commit: 8069e2f6fbd79e3d3d2ba17f5f097475b43e2921
Author: Reimar Döffinger <[email protected]> Committer: Reinhard Tartler <[email protected]> Date: Sat Feb 19 11:33:01 2011 +0100 Fix invalid reads in VC1 decoder Patch discussed and taken from https://roundup.ffmpeg.org/issue2584 (cherry picked from commit 2bbec1eda46d907605772a8b6e8263caa4bc4c82) Change related to CVE-2011-0723 --- libavcodec/vc1.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/libavcodec/vc1.c b/libavcodec/vc1.c index 03257b8..619e903 100644 --- a/libavcodec/vc1.c +++ b/libavcodec/vc1.c @@ -2366,7 +2366,7 @@ static void vc1_decode_ac_coeff(VC1Context *v, int *last, int *skip, int *value, if (index != vc1_ac_sizes[codingset] - 1) { run = vc1_index_decode_table[codingset][index][0]; level = vc1_index_decode_table[codingset][index][1]; - lst = index >= vc1_last_decode_table[codingset]; + lst = index >= vc1_last_decode_table[codingset] || get_bits_left(gb) < 0; if(get_bits1(gb)) level = -level; } else { _______________________________________________ ffmpeg-commits mailing list [email protected] https://lists.mplayerhq.hu/mailman/listinfo/ffmpeg-commits
