tscc2: Fix an out of array access

Message ID 1350029964-1378-1-git-send-email-martin@martin.st
State Committed
Commit c80b59f679a0ac861bc30f6b5469032884e42ab6
Headers show

Commit Message

Martin Storsjö Oct. 12, 2012, 8:19 a.m.
From: Michael Niedermayer <michaelni@gmx.at>

---
 libavcodec/tscc2.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Kostya Shishkov Oct. 12, 2012, 8:32 a.m. | #1
On Fri, Oct 12, 2012 at 11:19:24AM +0300, Martin Storsjö wrote:
> From: Michael Niedermayer <michaelni@gmx.at>
> 
> ---
>  libavcodec/tscc2.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/libavcodec/tscc2.c b/libavcodec/tscc2.c
> index 1b2a3a4..3628713 100644
> --- a/libavcodec/tscc2.c
> +++ b/libavcodec/tscc2.c
> @@ -173,7 +173,7 @@ static int tscc2_decode_mb(TSCC2Context *c, int *q, int vlc_set,
>                  if (ac == 0x1000)
>                      ac = get_bits(gb, 12);
>                  bpos += ac & 0xF;
> -                if (bpos >= 64)
> +                if (bpos >= 16)
>                      return AVERROR_INVALIDDATA;
>                  val = sign_extend(ac >> 4, 8);
>                  c->block[tscc2_zigzag[bpos++]] = val;
> -- 

OK

Patch

diff --git a/libavcodec/tscc2.c b/libavcodec/tscc2.c
index 1b2a3a4..3628713 100644
--- a/libavcodec/tscc2.c
+++ b/libavcodec/tscc2.c
@@ -173,7 +173,7 @@  static int tscc2_decode_mb(TSCC2Context *c, int *q, int vlc_set,
                 if (ac == 0x1000)
                     ac = get_bits(gb, 12);
                 bpos += ac & 0xF;
-                if (bpos >= 64)
+                if (bpos >= 16)
                     return AVERROR_INVALIDDATA;
                 val = sign_extend(ac >> 4, 8);
                 c->block[tscc2_zigzag[bpos++]] = val;