From 5628a5406299585c916cb4bedd768b1d370ad0fb Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 27 Nov 2014 15:03:35 +0100 Subject: [PATCH] avcodec/hevc_ps: More complete window reset Fixes out of array read Fixes: signal_sigsegv_35bcf26_471_cov_2806540268_CAINIT_A_SHARP_4.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 57e5812198aada016e9ba4149123c541f8c8a7ec) Conflicts: libavcodec/hevc_ps.c --- libavcodec/hevc_ps.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c index f16651ade2..7d75b058e5 100644 --- a/libavcodec/hevc_ps.c +++ b/libavcodec/hevc_ps.c @@ -887,10 +887,8 @@ int ff_hevc_decode_nal_sps(HEVCContext *s) goto err; } av_log(s->avctx, AV_LOG_WARNING, "Displaying the whole video surface.\n"); - sps->pic_conf_win.left_offset = - sps->pic_conf_win.right_offset = - sps->pic_conf_win.top_offset = - sps->pic_conf_win.bottom_offset = 0; + memset(&sps->pic_conf_win, 0, sizeof(sps->pic_conf_win)); + memset(&sps->output_window, 0, sizeof(sps->output_window)); sps->output_width = sps->width; sps->output_height = sps->height; }