]> git.sesse.net Git - ffmpeg/commitdiff
projects / ffmpeg / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2672b2c)
qdm2: fix out of stack array read.
authorMichael Niedermayer <michaelni@gmx.at>
Thu, 10 Jan 2013 03:23:14 +0000 (04:23 +0100)
committerMichael Niedermayer <michaelni@gmx.at>
Thu, 10 Jan 2013 03:57:50 +0000 (04:57 +0100)
The read value is not used when its outside the array.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
libavcodec/qdm2.c patch | blob | history

diff --git a/libavcodec/qdm2.c b/libavcodec/qdm2.c
index c8727c6b1c23bd33a5aecbb2b5a43d1c8a2ee17b..ca2aab7b56bfb6d0bac7bd5b5d3f8318d321c13d 100644 (file)
--- a/libavcodec/qdm2.c
+++ b/libavcodec/qdm2.c
@@ -928,10 +928,10 @@ static int synthfilt_build_sb_samples (QDM2Context *q, GetBitContext *gb, int le
 
                 if (joined_stereo) {
                     float tmp[10][MPA_MAX_CHANNELS];
-
                     for (k = 0; k < run; k++) {
                         tmp[k][0] = samples[k];
-                        tmp[k][1] = (sign_bits[(j + k) / 8]) ? -samples[k] : samples[k];
+                        if ((j + k) < 128)
+                            tmp[k][1] = (sign_bits[(j + k) / 8]) ? -samples[k] : samples[k];
                     }
                     for (chs = 0; chs < q->nb_channels; chs++)
                         for (k = 0; k < run; k++)
Unnamed repository; edit this file 'description' to name the repository.