pgssubdec: Check RLE size before copying
Make sure the buffer size does not exceed the expected RLE size. Prevent an out of array bound write. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:Michael Niedermayer <michaelni@gmx.at> Bug-Id: CVE-2013-0852 Signed-off-by:
Luca Barbato <lu_zero@gentoo.org>
Showing
Please
register
or
sign in
to comment