[libav-devel] [PATCH] eamad: fix out of array accesses

Reinhard Tartler Sat, 19 Jul 2014 08:17:12 -0700

From: Michael Niedermayer <[email protected]>

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Addresses: CVE-2013-0845
CC: [email protected]
Signed-off-by: Michael Niedermayer <[email protected]>
Signed-off-by: Martin Storsjö <[email protected]>
---
 libavcodec/eamad.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


diff --git a/libavcodec/eamad.c b/libavcodec/eamad.c
index 19a6783..091faa9 100644
--- a/libavcodec/eamad.c
+++ b/libavcodec/eamad.c
@@ -242,7 +242,7 @@ static int decode_frame(AVCodecContext *avctx,
     int chunk_type;
     int inter, ret;
 
-    if (buf_size < 17) {
+    if (buf_size < 26) {
         av_log(avctx, AV_LOG_ERROR, "Input buffer too small\n");
         *got_frame = 0;
         return -1;
-- 
1.9.1

_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel

[libav-devel] [PATCH] eamad: fix out of array accesses

Reply via email to