Module: libav Branch: master Commit: f48fbf2eb5ba7015c65b31c266edf399dd6a82b1
Author: Michael Niedermayer <[email protected]> Committer: Anton Khirnov <[email protected]> Date: Sat Apr 14 14:50:25 2012 +0200 wmalosslessdec: fix a get_bits(0) in decode_ac_filter Fixes a part of CVE-2012-2795 CC:[email protected] Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Anton Khirnov <[email protected]> --- libavcodec/wmalosslessdec.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/libavcodec/wmalosslessdec.c b/libavcodec/wmalosslessdec.c index cfa877f..dc83b06 100644 --- a/libavcodec/wmalosslessdec.c +++ b/libavcodec/wmalosslessdec.c @@ -406,7 +406,8 @@ static void decode_ac_filter(WmallDecodeCtx *s) s->acfilter_scaling = get_bits(&s->gb, 4); for (i = 0; i < s->acfilter_order; i++) - s->acfilter_coeffs[i] = get_bits(&s->gb, s->acfilter_scaling) + 1; + s->acfilter_coeffs[i] = (s->acfilter_scaling ? + get_bits(&s->gb, s->acfilter_scaling) : 0) + 1; } static void decode_mclms(WmallDecodeCtx *s) _______________________________________________ libav-commits mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-commits
