Commit 7d78a964 authored by Michael Niedermayer's avatar Michael Niedermayer
Browse files

Fix possibly exploitable out of buffer writes in msrle_decode_pal4().

This fix is minimalistic, that function should be cleaned up by someone.

Originally committed as revision 25633 to svn://
parent 74297831
......@@ -45,7 +45,7 @@ static int msrle_decode_pal4(AVCodecContext *avctx, AVPicture *pic,
unsigned char rle_code;
unsigned char extra_byte, odd_pixel;
unsigned char stream_byte;
int pixel_ptr = 0;
unsigned int pixel_ptr = 0;
int row_dec = pic->linesize[0];
int row_ptr = (avctx->height - 1) * row_dec;
int frame_size = row_dec * avctx->height;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment