On 31.12.2015 17:24, Michael Niedermayer wrote:
> On Thu, Dec 31, 2015 at 05:02:14PM +0100, Andreas Cadhalpun wrote:
>> On 30.12.2015 21:12, Andreas Cadhalpun wrote:
>>> It is read up to length s->width * stride, which can be larger than the
>>> linesize. (stride = (s->nb_components > 1) ? 3 : 1)
>
On Thu, Dec 31, 2015 at 05:02:14PM +0100, Andreas Cadhalpun wrote:
> On 30.12.2015 21:12, Andreas Cadhalpun wrote:
> > It is read up to length s->width * stride, which can be larger than the
> > linesize. (stride = (s->nb_components > 1) ? 3 : 1)
> >
> > This fixes an out of bounds read.
> >
> >
On 30.12.2015 21:12, Andreas Cadhalpun wrote:
> It is read up to length s->width * stride, which can be larger than the
> linesize. (stride = (s->nb_components > 1) ? 3 : 1)
>
> This fixes an out of bounds read.
>
> Signed-off-by: Andreas Cadhalpun
> ---
> libavcodec/jpeglsdec.c | 2 +-
> 1 fil
It is read up to length s->width * stride, which can be larger than the
linesize. (stride = (s->nb_components > 1) ? 3 : 1)
This fixes an out of bounds read.
Signed-off-by: Andreas Cadhalpun
---
libavcodec/jpeglsdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcode
