wmalosslessdec: make MCLMS arrays big enough for what is written into them.

Fixes a part of CVE-2012-2795 CC:libav-stable@libav.org Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Anton Khirnov <anton@khirnov.net>

wmalosslessdec: make MCLMS arrays big enough for what is written into them.
Fixes a part of CVE-2012-2795 CC:libav-stable@libav.org Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Anton Khirnov <anton@khirnov.net>
607f5715 · Michael Niedermayer · Anton Khirnov · ae3da0ae · 607f5715
Commit 607f5715 authored Apr 14, 2012 by Michael Niedermayer Committed by Anton Khirnov Sep 29, 2012
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

wmalosslessdec.c libavcodec/wmalosslessdec.c +2 -2

No files found.
--- a/libavcodec/wmalosslessdec.c
+++ b/libavcodec/wmalosslessdec.c
@@ -129,8 +129,8 @@ typedef struct WmallDecodeCtx {
    int8_t  mclms_scaling;
    int16_t mclms_coeffs[128];
    int16_t mclms_coeffs_cur[4];
-    int16_t mclms_prevvalues[64];
-    int16_t mclms_updates[64];
+    int16_t mclms_prevvalues[WMALL_MAX_CHANNELS * 2 * 32];
+    int16_t mclms_updates[WMALL_MAX_CHANNELS * 2 * 32];
    int     mclms_recent;

    int     movave_scaling;