ffmpeg | branch: master | Luca Barbato <lu_z...@gentoo.org> | Sun Nov 1 04:07:48 2015 +0100| [50d2a3b5f34e6f99e5ffe17f2be5eb1815555960] | committer: Luca Barbato
flashsv: Initialize the block array Otherwise flashsv2_prime could be fed random data. Bug-Id: 908 CC: libav-sta...@libav.org Signed-off-by: Luca Barbato <lu_z...@gentoo.org> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=50d2a3b5f34e6f99e5ffe17f2be5eb1815555960 --- libavcodec/flashsv.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libavcodec/flashsv.c b/libavcodec/flashsv.c index ee854ac..2cf8f3f 100644 --- a/libavcodec/flashsv.c +++ b/libavcodec/flashsv.c @@ -339,12 +339,14 @@ static int flashsv_decode_frame(AVCodecContext *avctx, void *data, s->is_keyframe = (avpkt->flags & AV_PKT_FLAG_KEY) && (s->ver == 2); if (s->is_keyframe) { int err; + int nb_blocks = (v_blocks + !!v_part) * + (h_blocks + !!h_part) * sizeof(s->blocks[0]); if ((err = av_reallocp(&s->keyframedata, avpkt->size)) < 0) return err; memcpy(s->keyframedata, avpkt->data, avpkt->size); - if ((err = av_reallocp(&s->blocks, (v_blocks + !!v_part) * - (h_blocks + !!h_part) * sizeof(s->blocks[0]))) < 0) + if ((err = av_reallocp(&s->blocks, nb_blocks)) < 0) return err; + memset(s->blocks, 0, nb_blocks); } ff_dlog(avctx, "image: %dx%d block: %dx%d num: %dx%d part: %dx%d\n", _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
