On Thu, 26 Jan 2012 17:27:14 -0800, Alex Converse <[email protected]> wrote: > From: Michael Niedermayer <[email protected]> > > Fixes CVE-2011-3940 (Out of bounds read resulting in out of bounds write) > > Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind > Signed-off-by: Michael Niedermayer <[email protected]> > (cherry picked from commit 5c011706bc752d34bc6ada31d7df2ca0c9af7c6b) > > Signed-off-by: Alex Converse <[email protected]> > --- > libavformat/nsvdec.c | 8 ++++---- > 1 files changed, 4 insertions(+), 4 deletions(-) > > diff --git a/libavformat/nsvdec.c b/libavformat/nsvdec.c > index 52f81f1..70b2536 100644 > --- a/libavformat/nsvdec.c > +++ b/libavformat/nsvdec.c > @@ -607,12 +607,12 @@ null_chunk_retry: > } > > /* map back streams to v,a */ > - if (s->streams[0]) > + if (s->nb_streams > 0) > st[s->streams[0]->id] = s->streams[0]; > - if (s->streams[1]) > + if (s->nb_streams > 1) > st[s->streams[1]->id] = s->streams[1];
Unrelated: this code looks trippy and should probably be rewritten more sanely, The patch looks ok. -- Anton Khirnov _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
