On 30/10/14 01:52, Vittorio Giovara wrote:
From: Michael Niedermayer <[email protected]>
Make code safer against too large input values.
CC: [email protected]
Bug-Id: CID 700697
---
libavcodec/aacdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/aacdec.c b/libavcodec/aacdec.c
index 4bdf52f..498b278 100644
--- a/libavcodec/aacdec.c
+++ b/libavcodec/aacdec.c
@@ -1422,7 +1422,7 @@ static void decode_mid_side_stereo(ChannelElement *cpe,
GetBitContext *gb,
idx++)
cpe->ms_mask[idx] = get_bits1(gb);
} else if (ms_present == 2) {
- memset(cpe->ms_mask, 1, cpe->ch[0].ics.num_window_groups *
cpe->ch[0].ics.max_sfb * sizeof(cpe->ms_mask[0]));
+ memset(cpe->ms_mask, 1, sizeof(cpe->ms_mask[0]) *
cpe->ch[0].ics.num_window_groups * cpe->ch[0].ics.max_sfb);
}
}
Too large values should be checked above I'm afraid.
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
