On Sun, Aug 10, 2014 at 11:59:08AM +0200, Christophe Gisquet wrote:
> This fixes ticket #3839.
>
> --
> Christophe
> hevc.c |8
> 1 file changed, 4 insertions(+), 4 deletions(-)
> c80c52a6aacdb596af7c66a961a5887c4cdfb348
> 0001-hevc-fix-incorrect-sao-buffer-size.patch
> From 3745
Hi,
2014-08-10 11:59 GMT+02:00 Christophe Gisquet :
> This fixes ticket #3839.
By the way, not completely sure, but that is probably exploitable (I
am not a security expert):
- indicate large cropping in the header; this will cause an overrun of
probably (max_ctb_size-1) lines (ie ~118KB for a 19
This fixes ticket #3839.
--
Christophe
From 3745a3b611159f6a373785b67cbc92d4b36af44b Mon Sep 17 00:00:00 2001
From: Christophe Gisquet
Date: Sun, 10 Aug 2014 11:43:12 +0200
Subject: [PATCH] hevc: fix incorrect sao buffer size
It previously used the output, cropped size, causing overreads/writes