Libav is a complete, cross-platform solution to record, convert and stream audio and video. ()

Alex Converse | 28 Jan 2012 02:57

[PATCH] kgv1dec: Increase offsets array size so it is large enough.

From: Michael Niedermayer <michaelni@...>

Fixes CVE-2011-3945

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@...>
(cherry picked from commit 807a045ab7f51993a2c1b3116016cbbd4f3d20d6)

Signed-off-by: Alex Converse <alex.converse@...>
---
 libavcodec/kgv1dec.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/kgv1dec.c b/libavcodec/kgv1dec.c
index 2d6fa73..f3ffd8f 100644
--- a/libavcodec/kgv1dec.c
+++ b/libavcodec/kgv1dec.c
 <at>  <at>  -39,7 +39,7  <at>  <at>  static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac
     const uint8_t *buf = avpkt->data;
     const uint8_t *buf_end = buf + avpkt->size;
     KgvContext * const c = avctx->priv_data;
-    int offsets[7];
+    int offsets[8];
     uint16_t *out, *prev;
     int outcnt = 0, maxcnt;
     int w, h, i;
 <at>  <at>  -69,7 +69,7  <at>  <at>  static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac
         return -1;
     c->prev = prev;

(Continue reading)

headers

Kostya Shishkov | 28 Jan 2012 08:21

Re: [PATCH] kgv1dec: Increase offsets array size so it is large enough.

On Fri, Jan 27, 2012 at 05:57:23PM -0800, Alex Converse wrote:
> From: Michael Niedermayer <michaelni@...>
> 
> Fixes CVE-2011-3945
> 
> Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
> Signed-off-by: Michael Niedermayer <michaelni@...>
> (cherry picked from commit 807a045ab7f51993a2c1b3116016cbbd4f3d20d6)
> 
> Signed-off-by: Alex Converse <alex.converse@...>

This commit message is political - it vaguely says something about the problem
without disclosing any information.

> ---
>  libavcodec/kgv1dec.c |    4 ++--
>  1 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/libavcodec/kgv1dec.c b/libavcodec/kgv1dec.c
> index 2d6fa73..f3ffd8f 100644
> --- a/libavcodec/kgv1dec.c
> +++ b/libavcodec/kgv1dec.c
>  <at>  <at>  -39,7 +39,7  <at>  <at>  static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac
>      const uint8_t *buf = avpkt->data;
>      const uint8_t *buf_end = buf + avpkt->size;
>      KgvContext * const c = avctx->priv_data;
> -    int offsets[7];
> +    int offsets[8];
>      uint16_t *out, *prev;
>      int outcnt = 0, maxcnt;

(Continue reading)