Arrays where one element too small, fixes CID114.

this was possibly exploitable Originally committed as revision 13475 to svn://svn.ffmpeg.org/ffmpeg/trunk

Arrays where one element too small, fixes CID114.
this was possibly exploitable Originally committed as revision 13475 to svn://svn.ffmpeg.org/ffmpeg/trunk
6138ed77 · Michael Niedermayer · 5e5c9086 · 6138ed77
Commit 6138ed77 authored May 27, 2008 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

cavsdec.c libavcodec/cavsdec.c +2 -2

No files found.
--- a/libavcodec/cavsdec.c
+++ b/libavcodec/cavsdec.c
@@ -116,8 +116,8 @@ static int decode_residual_block(AVSContext *h, GetBitContext *gb,
                                 const dec_2dvlc_t *r, int esc_golomb_order,
                                 int qp, uint8_t *dst, int stride) {
    int i, level_code, esc_code, level, run, mask;
-    DCTELEM level_buf[64];
-    uint8_t run_buf[64];
+    DCTELEM level_buf[65];
+    uint8_t run_buf[65];
    DCTELEM *block = h->block;

    for(i=0;i<65;i++) {