Commit 849b9d34 authored by Michael Niedermayer's avatar Michael Niedermayer Committed by Anton Khirnov

wmalosslessdec: fix mclms_coeffs* array size

Fixes corruption of context

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
Bug-Id: CVE-2014-2098
Signed-off-by: 's avatarAnton Khirnov <anton@khirnov.net>
parent 15201e25
......@@ -129,8 +129,8 @@ typedef struct WmallDecodeCtx {
int8_t mclms_order;
int8_t mclms_scaling;
int16_t mclms_coeffs[128];
int16_t mclms_coeffs_cur[4];
int16_t mclms_coeffs[WMALL_MAX_CHANNELS * WMALL_MAX_CHANNELS * 32];
int16_t mclms_coeffs_cur[WMALL_MAX_CHANNELS * WMALL_MAX_CHANNELS];
int16_t mclms_prevvalues[WMALL_MAX_CHANNELS * 2 * 32];
int16_t mclms_updates[WMALL_MAX_CHANNELS * 2 * 32];
int mclms_recent;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment