Re: [libav-devel] [PATCH 06/12] wmalosslessdec: fix a get_bits(0) in decode_ac_filter

Kostya Shishkov Sat, 29 Sep 2012 05:46:33 -0700

On Sat, Sep 29, 2012 at 02:04:55PM +0200, Anton Khirnov wrote:
> From: Michael Niedermayer <[email protected]>
> 
> Fixes a part of CVE-2012-2795
> 
> Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
> Signed-off-by: Anton Khirnov <[email protected]>
> ---
>  libavcodec/wmalosslessdec.c |    3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/libavcodec/wmalosslessdec.c b/libavcodec/wmalosslessdec.c
> index cfa877f..dc83b06 100644
> --- a/libavcodec/wmalosslessdec.c
> +++ b/libavcodec/wmalosslessdec.c
> @@ -406,7 +406,8 @@ static void decode_ac_filter(WmallDecodeCtx *s)
>      s->acfilter_scaling = get_bits(&s->gb, 4);
>  
>      for (i = 0; i < s->acfilter_order; i++)
> -        s->acfilter_coeffs[i] = get_bits(&s->gb, s->acfilter_scaling) + 1;
> +        s->acfilter_coeffs[i] = (s->acfilter_scaling ?
> +                                 get_bits(&s->gb, s->acfilter_scaling) : 0) 
> + 1;
>  }
>  
>  static void decode_mclms(WmallDecodeCtx *s)
> --


OK if Diego agrees
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel

Re: [libav-devel] [PATCH 06/12] wmalosslessdec: fix a get_bits(0) in decode_ac_filter

Reply via email to