RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

mss1: improve check if decoded pivot is invalid 

The pivot has to lie between 0 and base.
Check of ==base is insufficient.
Thus replace it by a proper check.

Fixes out of array write.

Fixes bug #1531.

Found-by: Piotr Bandurski <ami_stuff@o2.pl>
Signed-off-by: Paul B Mahol <onemda@gmail.com>
This commit is contained in:
Paul B Mahol 2012-07-14 23:27:21 +00:00
parent ab46300078
commit 6ad4560031
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libavcodec/mss1.c
View File

@ -575,7 +575,7 @@ static int decode_pivot(MSS1Context *ctx, ArithCoder *acoder, int base)
val = arith_get_number(acoder, (base + 1) / 2 - 2) + 3;
}
if (val == base) {
if ((unsigned)val >= base) {
ctx->corrupted = 1;
return 0;
}