On Tue, Sep 04, 2012 at 02:32:23PM -0400, Justin Ruggles wrote: > From: Thilo Borgmann <[email protected]> > > Fixes CVE-2012-2790 > > Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind > Signed-off-by: Michael Niedermayer <[email protected]> > Signed-off-by: Justin Ruggles <[email protected]> > --- > libavcodec/alsdec.c | 8 ++++---- > 1 files changed, 4 insertions(+), 4 deletions(-) > > diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c > index 3990b50..b7b841a 100644 > --- a/libavcodec/alsdec.c > +++ b/libavcodec/alsdec.c > @@ -770,7 +770,7 @@ static int read_var_block_data(ALSDecContext *ctx, > ALSBlockData *bd) > int delta[8]; > unsigned int k [8]; > unsigned int b = av_clip((av_ceil_log2(bd->block_length) - 3) >> 1, > 0, 5); > - unsigned int i; > + unsigned int i = start; > > // read most significant bits > unsigned int high; > @@ -781,14 +781,14 @@ static int read_var_block_data(ALSDecContext *ctx, > ALSBlockData *bd) > > current_res = bd->raw_samples + start; > > - for (sb = 0; sb < sub_blocks; sb++) { > + for (sb = 0; sb < sub_blocks; sb++, i = 0) { > k [sb] = s[sb] > b ? s[sb] - b : 0; > delta[sb] = 5 - s[sb] + k[sb]; > > - ff_bgmc_decode(gb, sb_length, current_res, > + ff_bgmc_decode(gb, sb_length - i, current_res, > delta[sb], sx[sb], &high, &low, &value, > ctx->bgmc_lut, ctx->bgmc_lut_status); > > - current_res += sb_length; > + current_res += sb_length - i; > } > > ff_bgmc_decode_end(gb); > --
probably OK but I'd rename the variable - it's used for anything but indexing _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
