| gst-ffmpeg: error concealment: initialize block index. |
| |
| Fixes CVE-2011-3941 (out of bounds write) |
| |
| Upstream-Status: Backport |
| |
| Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind |
| Signed-off-by: Michael Niedermayer <michaelni@gmx.at> |
| --- |
| libavcodec/error_resilience.c | 3 +++ |
| 1 files changed, 3 insertions(+), 0 deletions(-) |
| |
| diff --git a/libavcodec/error_resilience.c b/libavcodec/error_resilience.c |
| index 8bb5d0c..d55c000 100644 |
| --- a/gst-libs/ext/libav/libavcodec/error_resilience.c |
| +++ b/gst-libs/ext/libav/libavcodec/error_resilience.c |
| @@ -45,6 +45,9 @@ static void decode_mb(MpegEncContext *s, int ref){ |
| s->dest[1] = s->current_picture.data[1] + (s->mb_y * (16>>s->chroma_y_shift) * s->uvlinesize) + s->mb_x * (16>>s->chroma_x_shift); |
| s->dest[2] = s->current_picture.data[2] + (s->mb_y * (16>>s->chroma_y_shift) * s->uvlinesize) + s->mb_x * (16>>s->chroma_x_shift); |
| |
| + ff_init_block_index(s); |
| + ff_update_block_index(s); |
| + |
| if(CONFIG_H264_DECODER && s->codec_id == CODEC_ID_H264){ |
| H264Context *h= (void*)s; |
| h->mb_xy= s->mb_x + s->mb_y*s->mb_stride; |
| -- |
| 1.7.5.4 |
| |