summaryrefslogtreecommitdiffstats
path: root/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-error-concealment-initialize-block-index.patch
blob: e0e4239c2f9d36e620d1694c55174132ce5f57c1 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
gst-ffmpeg: error concealment: initialize block index.

Fixes CVE-2011-3941 (out of bounds write)

Upstream-Status: Backport 

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/error_resilience.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/libavcodec/error_resilience.c b/libavcodec/error_resilience.c
index 8bb5d0c..d55c000 100644
--- a/gst-libs/ext/libav/libavcodec/error_resilience.c
+++ b/gst-libs/ext/libav/libavcodec/error_resilience.c
@@ -45,6 +45,9 @@ static void decode_mb(MpegEncContext *s, int ref){
     s->dest[1] = s->current_picture.data[1] + (s->mb_y * (16>>s->chroma_y_shift) * s->uvlinesize) + s->mb_x * (16>>s->chroma_x_shift);
     s->dest[2] = s->current_picture.data[2] + (s->mb_y * (16>>s->chroma_y_shift) * s->uvlinesize) + s->mb_x * (16>>s->chroma_x_shift);
 
+    ff_init_block_index(s);
+    ff_update_block_index(s);
+
     if(CONFIG_H264_DECODER && s->codec_id == CODEC_ID_H264){
         H264Context *h= (void*)s;
         h->mb_xy= s->mb_x + s->mb_y*s->mb_stride;
-- 
1.7.5.4