Browse code
avcodec/cinepak: fix integer underflow
Fixes out of array access
Fixes: asan_heap-oob_4da0ba_6_asan_heap-oob_4da0ba_241_cvid_crash.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e7e5114c506957f40aafd794e06de1a7e341e9d5)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer authored on 2014/10/04 02:33:01Showing 1 changed files
| ... | ... |
@@ -135,7 +135,7 @@ static int cinepak_decode_vectors (CinepakContext *s, cvid_strip *strip, |
| 135 | 135 |
const uint8_t *eod = (data + size); |
| 136 | 136 |
uint32_t flag, mask; |
| 137 | 137 |
uint8_t *cb0, *cb1, *cb2, *cb3; |
| 138 |
- unsigned int x, y; |
|
| 138 |
+ int x, y; |
|
| 139 | 139 |
char *ip0, *ip1, *ip2, *ip3; |
| 140 | 140 |
|
| 141 | 141 |
flag = 0; |