On 27 November 2013 17:11, Vittorio Giovara <[email protected]> wrote: > From: Michael Niedermayer <[email protected]> > > Currently the code in some cases can draw tiles that hang outside the > allocated buffer. This patch increases the buffer size to avoid out > of array accesses. An alternative would be to fail if such tiles are > encountered. > > I do not know if any valid files use such hanging tiles. > > Found-by: ami_stuff > --- > libavcodec/g2meet.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/libavcodec/g2meet.c b/libavcodec/g2meet.c > index 898ca74..5ba1129 100644 > --- a/libavcodec/g2meet.c > +++ b/libavcodec/g2meet.c > @@ -441,8 +441,8 @@ static int g2m_init_buffers(G2MContext *c) > int aligned_height; > > if (!c->framebuf || c->old_width < c->width || c->old_height < > c->height) { > - c->framebuf_stride = FFALIGN(c->width * 3, 16); > - aligned_height = FFALIGN(c->height, 16); > + c->framebuf_stride = FFALIGN(c->width + 15, 16) * 3; > + aligned_height = c->height + 15; > av_free(c->framebuf); > c->framebuf = av_mallocz(c->framebuf_stride * aligned_height); > if (!c->framebuf) > --
Looks WTFy and not fixing the real issue. _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
