Chiebot-Mirror
/
FFmpeg
mirror of https://github.com/FFmpeg/FFmpeg.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

wmalosslessdec: Fix reading too many bits in decode_channel_residues()

Browse Source 
Fixes a part of CVE-2012-2795

CC:libav-stable@libav.org

Based on a patch by Michael Niedermayer <michaelni@gmx.at>

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
pull/6/head
Anton Khirnov 12 years ago
parent f48fbf2eb5
commit 6a99310fce
1 changed files with 1 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      libavcodec/wmalosslessdec.c

2
libavcodec/wmalosslessdec.c
Unescape View File

@ -520,7 +520,7 @@ static int decode_channel_residues(WmallDecodeCtx *s, int ch, int tile_size)
residue = quo; residue = quo;
else { else {
rem_bits = av_ceil_log2(ave_mean); rem_bits = av_ceil_log2(ave_mean);
rem = rem_bits ? get_bits(&s->gb, rem_bits) : 0; rem = rem_bits ? get_bits_long(&s->gb, rem_bits) : 0;
residue = (quo << rem_bits) + rem; residue = (quo << rem_bits) + rem;
} }

Write Preview
Loading…
Cancel
Save