avcodec/cinepak: fix integer underflow

Fixes out of array access
Fixes: asan_heap-oob_4da0ba_6_asan_heap-oob_4da0ba_241_cvid_crash.avi

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
pull/87/head
Michael Niedermayer 10 years ago
parent e830902934
commit e7e5114c50
  1. 2
      libavcodec/cinepak.c

@ -135,7 +135,7 @@ static int cinepak_decode_vectors (CinepakContext *s, cvid_strip *strip,
const uint8_t *eod = (data + size); const uint8_t *eod = (data + size);
uint32_t flag, mask; uint32_t flag, mask;
uint8_t *cb0, *cb1, *cb2, *cb3; uint8_t *cb0, *cb1, *cb2, *cb3;
unsigned int x, y; int x, y;
char *ip0, *ip1, *ip2, *ip3; char *ip0, *ip1, *ip2, *ip3;
flag = 0; flag = 0;

Loading…
Cancel
Save