[FFmpeg-devel] [PATCH] vp8: Fix off by one allocation leading to oob read/write.
dalecurtis at chromium.org
dalecurtis at chromium.org
Thu Apr 12 03:14:27 CEST 2012
From: Dale Curtis <dalecurtis at chromium.org>
It's possible this is due to an incorrect calculation elsewhere,
but my expertise ran out.
Signed-off-by: Dale Curtis <dalecurtis at chromium.org>
---
libavcodec/vp8.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/libavcodec/vp8.c b/libavcodec/vp8.c
index 07e5b61..5635bb3 100644
--- a/libavcodec/vp8.c
+++ b/libavcodec/vp8.c
@@ -124,7 +124,7 @@ static int update_dimensions(VP8Context *s, int width, int height)
s->macroblocks_base = av_mallocz((s->mb_width+s->mb_height*2+1)*sizeof(*s->macroblocks));
s->filter_strength = av_mallocz(s->mb_width*sizeof(*s->filter_strength));
s->intra4x4_pred_mode_top = av_mallocz(s->mb_width*4);
- s->top_nnz = av_mallocz(s->mb_width*sizeof(*s->top_nnz));
+ s->top_nnz = av_mallocz((s->mb_width+1)*sizeof(*s->top_nnz));
s->top_border = av_mallocz((s->mb_width+1)*sizeof(*s->top_border));
if (!s->macroblocks_base || !s->filter_strength || !s->intra4x4_pred_mode_top ||
--
1.7.7.3
More information about the ffmpeg-devel
mailing list