diff options
author | Michael Niedermayer <michael@niedermayer.cc> | 2017-05-16 03:22:37 +0300 |
---|---|---|
committer | Michael Niedermayer <michael@niedermayer.cc> | 2017-05-17 00:14:28 +0300 |
commit | 5666b95c9f27efa6f9b1e1bb6c592b9a8d78bca5 (patch) | |
tree | 3a43b74a383608819ced57cc626f813cbdd38bcc /libavcodec/scpr.c | |
parent | f810c469223b92da97505f8b1475b04388cf9308 (diff) |
avcodec/scpr: mask bits to prevent out of array read
Fixes: 1615/clusterfuzz-testcase-minimized-6625214647500800
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'libavcodec/scpr.c')
-rw-r--r-- | libavcodec/scpr.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/libavcodec/scpr.c b/libavcodec/scpr.c index 46f072c757..f6d1e45692 100644 --- a/libavcodec/scpr.c +++ b/libavcodec/scpr.c @@ -488,7 +488,7 @@ static int decompress_i(AVCodecContext *avctx, uint32_t *dst, int linesize) if (avctx->bits_per_coded_sample == 16) { cx1 = (clr & 0x3F00) >> 2; - cx = (clr & 0xFFFFFF) >> 16; + cx = (clr & 0x3FFFFF) >> 16; } else { cx1 = (clr & 0xFC00) >> 4; cx = (clr & 0xFFFFFF) >> 18; @@ -726,7 +726,7 @@ static int decompress_p(AVCodecContext *avctx, if (avctx->bits_per_coded_sample == 16) { cx1 = (clr & 0x3F00) >> 2; - cx = (clr & 0xFFFFFF) >> 16; + cx = (clr & 0x3FFFFF) >> 16; } else { cx1 = (clr & 0xFC00) >> 4; cx = (clr & 0xFFFFFF) >> 18; |