On Thu, Jan 5, 2012 at 1:01 PM, Reinhard Tartler <siret...@tauware.de> wrote:
> From: Chris Evans <cev...@chromium.org>
>
> Fixes Bug: #190
> Chromium Bug: #100543
> Related to CVE-2011-3893
>
> Signed-off-by: Reinhard Tartler <siret...@tauware.de>
> ---
> libavcodec/vorbis.c | 6 +++---
> 1 files changed, 3 insertions(+), 3 deletions(-)
>
> I've implemented Ronald's second suggestion.
>
> diff --git a/libavcodec/vorbis.c b/libavcodec/vorbis.c
> index 86df288..66364d1 100644
> --- a/libavcodec/vorbis.c
> +++ b/libavcodec/vorbis.c
> @@ -152,7 +152,7 @@ void ff_vorbis_ready_floor1_list(vorbis_floor1_entry *
> list, int values)
> }
> }
>
> -static inline void render_line_unrolled(intptr_t x, intptr_t y, int x1,
> +static inline void render_line_unrolled(intptr_t x, unsigned char y, int x1,
> intptr_t sy, int ady, int adx,
> float *buf)
> {
> @@ -175,7 +175,7 @@ static inline void render_line_unrolled(intptr_t x,
> intptr_t y, int x1,
> }
> }
>
> -static void render_line(int x0, int y0, int x1, int y1, float *buf)
> +static void render_line(int x0, unsigned char y0, int x1, int y1, float *buf)
> {
> int dy = y1 - y0;
> int adx = x1 - x0;
> @@ -187,7 +187,7 @@ static void render_line(int x0, int y0, int x1, int y1,
> float *buf)
> } else {
> int base = dy / adx;
> int x = x0;
> - int y = y0;
> + unsigned char y = y0;
> int err = -adx;
> ady -= FFABS(base) * adx;
> while (++x < x1) {
> --
Relying on undefined language behavior to solve a problem is a terrible idea.
Jason
_______________________________________________
libav-devel mailing list
libav-devel@libav.org
https://lists.libav.org/mailman/listinfo/libav-devel
