On 05.12.2015 04:02, Michael Niedermayer wrote:
> On Fri, Dec 04, 2015 at 03:14:21PM +0100, Andreas Cadhalpun wrote:
>> On 03.12.2015 15:48, Michael Niedermayer wrote:
>>> On Wed, Dec 02, 2015 at 10:00:13PM +0100, Andreas Cadhalpun wrote:
@@ -1293,14 +1296,16 @@ static int
On 06.12.2015 22:18, Michael Niedermayer wrote:
> On Sun, Dec 06, 2015 at 06:56:35PM +0100, Andreas Cadhalpun wrote:
>> mjpegdec.c | 11 ---
>> 1 file changed, 8 insertions(+), 3 deletions(-)
>> a294ce9a780fdd710d3661bc201b0c72d30786d3
>>
On Sun, Dec 06, 2015 at 06:56:35PM +0100, Andreas Cadhalpun wrote:
> On 05.12.2015 04:02, Michael Niedermayer wrote:
> > On Fri, Dec 04, 2015 at 03:14:21PM +0100, Andreas Cadhalpun wrote:
> >> On 03.12.2015 15:48, Michael Niedermayer wrote:
> >>> On Wed, Dec 02, 2015 at 10:00:13PM +0100, Andreas
On 03.12.2015 15:48, Michael Niedermayer wrote:
> On Wed, Dec 02, 2015 at 10:00:13PM +0100, Andreas Cadhalpun wrote:
>> @@ -1293,14 +1296,16 @@ static int mjpeg_decode_scan(MJpegDecodeContext *s,
>> int nb_components, int Ah,
>> v = s->v_scount[i];
>> x = 0;
>>
On Fri, Dec 04, 2015 at 03:14:21PM +0100, Andreas Cadhalpun wrote:
> On 03.12.2015 15:48, Michael Niedermayer wrote:
> > On Wed, Dec 02, 2015 at 10:00:13PM +0100, Andreas Cadhalpun wrote:
> >> @@ -1293,14 +1296,16 @@ static int mjpeg_decode_scan(MJpegDecodeContext
> >> *s, int nb_components, int
On Wed, Dec 02, 2015 at 10:00:13PM +0100, Andreas Cadhalpun wrote:
> If the chroma components are subsampled, smaller buffers are allocated
> for them. In that case the maximal block_offset for the chroma
> components is not as large as for the luma component.
>
> This fixes out of bounds writes
If the chroma components are subsampled, smaller buffers are allocated
for them. In that case the maximal block_offset for the chroma
components is not as large as for the luma component.
This fixes out of bounds writes causing segmentation faults or memory
corruption.
Signed-off-by: Andreas
