On Wed, 9 Oct 2013, Luca Barbato wrote:
Fix some buffer overreads.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: [email protected]
---
;; removed and rebased test still pass.
libavcodec/vmnc.c | 132 +++++++++++++++++++++++-------------------------------
1 file changed, 57 insertions(+), 75 deletions(-)
diff --git a/libavcodec/vmnc.c b/libavcodec/vmnc.c
index 2ecc563..5b14877 100644
--- a/libavcodec/vmnc.c
+++ b/libavcodec/vmnc.c
@@ -32,6 +32,7 @@
#include "libavutil/intreadwrite.h"
#include "avcodec.h"
#include "internal.h"
+#include "bytestream.h"
enum EncTypes {
MAGIC_WMVd = 0x574D5664,
@@ -63,6 +64,7 @@ typedef struct VmncContext {
int bigendian;
uint8_t pal[768];
int width, height;
+ GetByteContext gb;
The fact that this is added to the context but only used from one function
feels puzzling to me. I guess it's ok this way as well, but it'd be less
odd if you'd pass around a GetByteContext* to load_cursor as well, instead
of using it from the context at that point.
Other than that it looks good.
// Martin
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
