Commit 607f5715 authored by Michael Niedermayer's avatar Michael Niedermayer Committed by Anton Khirnov

wmalosslessdec: make MCLMS arrays big enough for what is written into them.

Fixes a part of CVE-2012-2795

CC:libav-stable@libav.org

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: 's avatarAnton Khirnov <anton@khirnov.net>
parent ae3da0ae
......@@ -129,8 +129,8 @@ typedef struct WmallDecodeCtx {
int8_t mclms_scaling;
int16_t mclms_coeffs[128];
int16_t mclms_coeffs_cur[4];
int16_t mclms_prevvalues[64];
int16_t mclms_updates[64];
int16_t mclms_prevvalues[WMALL_MAX_CHANNELS * 2 * 32];
int16_t mclms_updates[WMALL_MAX_CHANNELS * 2 * 32];
int mclms_recent;
int movave_scaling;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment