avcodec/mjpegdec: use the correct linesize in the flipping code

Fixes out of array access No releases should be affected Depends on 7c3700cd, do not backport without this one Fixes: asan_heap-oob_14a37fe_9111_cov_1692584941_test4.amv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

avcodec/mjpegdec: use the correct linesize in the flipping code
Fixes out of array access No releases should be affected Depends on 7c3700cd, do not backport without this one Fixes: asan_heap-oob_14a37fe_9111_cov_1692584941_test4.amv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
19b41f86 · Michael Niedermayer · f58eab15 · 19b41f86
Commit 19b41f86 authored Jan 31, 2014 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 3 deletions

mjpegdec.c libavcodec/mjpegdec.c +3 -3

No files found.
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -2052,12 +2052,12 @@ the_end:
                h = FF_CEIL_RSHIFT(h, vshift);
            }
            if(dst){
-                uint8_t *dst2 = dst + s->linesize[index]*(h-1);
+                uint8_t *dst2 = dst + s->picture_ptr->linesize[index]*(h-1);
                for (i=0; i<h/2; i++) {
                    for (j=0; j<w; j++)
                        FFSWAP(int, dst[j], dst2[j]);
-                    dst  += s->linesize[index];
-                    dst2 -= s->linesize[index];
+                    dst  += s->picture_ptr->linesize[index];
+                    dst2 -= s->picture_ptr->linesize[index];
                }
            }
        }