Skip to content
Permalink
Browse files Browse the repository at this point in the history
avcodec/g2meet: Fix framebuf size
Currently the code can in some cases draw tiles that hang outside the
allocated buffer. This patch increases the buffer size to avoid out
of array accesses. An alternative would be to fail if such tiles are
encountered.
I do not know if any valid files use such hanging tiles.

Fixes Ticket2971
Found-by: ami_stuff
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
  • Loading branch information
michaelni committed Sep 21, 2013
1 parent 5dca837 commit e07ac72
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions libavcodec/g2meet.c
Expand Up @@ -443,8 +443,8 @@ static int g2m_init_buffers(G2MContext *c)
int aligned_height;

if (!c->framebuf || c->old_width < c->width || c->old_height < c->height) {
c->framebuf_stride = FFALIGN(c->width * 3, 16);
aligned_height = FFALIGN(c->height, 16);
c->framebuf_stride = FFALIGN(c->width + 15, 16) * 3;
aligned_height = c->height + 15;
av_free(c->framebuf);
c->framebuf = av_mallocz(c->framebuf_stride * aligned_height);
if (!c->framebuf)
Expand Down

0 comments on commit e07ac72

Please sign in to comment.