kgv1dec: Increase offsets array size so it is large enough.

Fixes CVE-2011-3945 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 807a045a) Signed-off-by: Alex Converse <alex.converse@gmail.com>

kgv1dec: Increase offsets array size so it is large enough.
Fixes CVE-2011-3945 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 807a045a) Signed-off-by: Alex Converse <alex.converse@gmail.com>
a02e8df9 · Michael Niedermayer · Alex Converse · 386741f8 · a02e8df9
Commit a02e8df9 authored Jan 25, 2012 by Michael Niedermayer Committed by Alex Converse Jan 30, 2012
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

kgv1dec.c libavcodec/kgv1dec.c +2 -2

No files found.
--- a/libavcodec/kgv1dec.c
+++ b/libavcodec/kgv1dec.c
@@ -39,7 +39,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac
    const uint8_t *buf = avpkt->data;
    const uint8_t *buf_end = buf + avpkt->size;
    KgvContext * const c = avctx->priv_data;
-    int offsets[7];
+    int offsets[8];
    uint16_t *out, *prev;
    int outcnt = 0, maxcnt;
    int w, h, i;
@@ -69,7 +69,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac
        return -1;
    c->prev = prev;

-    for (i = 0; i < 7; i++)
+    for (i = 0; i < 8; i++)
        offsets[i] = -1;

    while (outcnt < maxcnt && buf_end - 2 > buf) {