cfhd: fix off-by-one error in level check

This fixes out-of-bounds writes causing segmentation faults.

Found-by: Piotr Bandurski <ami_stuff@o2.pl>
Reviewed-by: Kieran Kunhya <kierank@obe.tv>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
This commit is contained in:
Andreas Cadhalpun 2016-02-03 00:55:18 +01:00
parent e9025573fa
commit 916da13d6d

View File

@ -280,7 +280,7 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, int *got_frame,
s->level++;
av_log(avctx, AV_LOG_DEBUG, "Subband number %"PRIu16"\n", data);
s->subband_num = data;
if (s->level > DWT_LEVELS) {
if (s->level >= DWT_LEVELS) {
av_log(avctx, AV_LOG_ERROR, "Invalid level\n");
ret = AVERROR(EINVAL);
break;