On Fri, Jan 27, 2012 at 05:57:23PM -0800, Alex Converse wrote:
> From: Michael Niedermayer <[email protected]>
>
> Fixes CVE-2011-3945
>
> Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
> Signed-off-by: Michael Niedermayer <[email protected]>
> (cherry picked from commit 807a045ab7f51993a2c1b3116016cbbd4f3d20d6)
>
> Signed-off-by: Alex Converse <[email protected]>
This commit message is political - it vaguely says something about the problem
without disclosing any information.
> ---
> libavcodec/kgv1dec.c | 4 ++--
> 1 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/libavcodec/kgv1dec.c b/libavcodec/kgv1dec.c
> index 2d6fa73..f3ffd8f 100644
> --- a/libavcodec/kgv1dec.c
> +++ b/libavcodec/kgv1dec.c
> @@ -39,7 +39,7 @@ static int decode_frame(AVCodecContext *avctx, void *data,
> int *data_size, AVPac
> const uint8_t *buf = avpkt->data;
> const uint8_t *buf_end = buf + avpkt->size;
> KgvContext * const c = avctx->priv_data;
> - int offsets[7];
> + int offsets[8];
> uint16_t *out, *prev;
> int outcnt = 0, maxcnt;
> int w, h, i;
> @@ -69,7 +69,7 @@ static int decode_frame(AVCodecContext *avctx, void *data,
> int *data_size, AVPac
> return -1;
> c->prev = prev;
>
> - for (i = 0; i < 7; i++)
> + for (i = 0; i < 8; i++)
> offsets[i] = -1;
>
> while (outcnt < maxcnt && buf_end - 2 > buf) {
> --
the patch itself looks correct
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
