Re: [libav-devel] [PATCH 09/12] wmalosslessdec: Reset put bit buffer when num_saved_bits is reset.

Kostya Shishkov Sat, 29 Sep 2012 05:47:39 -0700

On Sat, Sep 29, 2012 at 02:04:58PM +0200, Anton Khirnov wrote:
> From: Michael Niedermayer <[email protected]>
> 
> Fixes CVE-2012-2799
> 
> Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
> Signed-off-by: Anton Khirnov <[email protected]>
> ---
>  libavcodec/wmalosslessdec.c |    2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/libavcodec/wmalosslessdec.c b/libavcodec/wmalosslessdec.c
> index b97f397..df02528 100644
> --- a/libavcodec/wmalosslessdec.c
> +++ b/libavcodec/wmalosslessdec.c
> @@ -1230,6 +1230,7 @@ static int decode_packet(AVCodecContext *avctx, void 
> *data, int *got_frame_ptr,
>               * to decode incomplete frames in the s->len_prefix == 0 case. */
>              s->num_saved_bits = 0;
>              s->packet_loss    = 0;
> +            init_put_bits(&s->pb, s->frame_data, MAX_FRAMESIZE);
>          }
>  
>      } else {
> @@ -1282,6 +1283,7 @@ static void flush(AVCodecContext *avctx)
>      s->next_packet_start = 0;
>      s->cdlms[0][0].order = 0;
>      s->frame.nb_samples  = 0;
> +    init_put_bits(&s->pb, s->frame_data, MAX_FRAMESIZE);
>  }
>  
>  AVCodec ff_wmalossless_decoder = {
> --


looks OK
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel

Re: [libav-devel] [PATCH 09/12] wmalosslessdec: Reset put bit buffer when num_saved_bits is reset.

Reply via email to