]> git.sesse.net Git - ffmpeg/commitdiff
projects / ffmpeg / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8db2935)
vc1dec: Fix global array overread.
authorMichael Niedermayer <michaelni@gmx.at>
Wed, 28 Mar 2012 08:44:43 +0000 (10:44 +0200)
committerMichael Niedermayer <michaelni@gmx.at>
Wed, 28 Mar 2012 08:44:43 +0000 (10:44 +0200)
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
libavcodec/vc1dec.c patch | blob | history

diff --git a/libavcodec/vc1dec.c b/libavcodec/vc1dec.c
index d538c74c3e27c1abe02a830338ac033de10fb22f..d2923b9cf272b3412053d4a707d3472bedd1cdd0 100644 (file)
--- a/libavcodec/vc1dec.c
+++ b/libavcodec/vc1dec.c
@@ -1049,8 +1049,8 @@ static void vc1_mc_4mv_chroma4(VC1Context *v)
             mquant = v->altpq;                                 \
         if ((edges&8) && s->mb_y == (s->mb_height - 1))        \
             mquant = v->altpq;                                 \
-        if (!mquant) {                                 \
-            av_log(v->s.avctx,AV_LOG_ERROR, "zero mquant\n");   \
+        if (!mquant || mquant > 31) {                          \
+            av_log(v->s.avctx, AV_LOG_ERROR, "invalid mquant %d\n", mquant);   \
             mquant = 1;                                \
         }                                              \
     }
Unnamed repository; edit this file 'description' to name the repository.