From: Michael Niedermayer <[email protected]> Fixes out of array access Fixes: 1399/clusterfuzz-testcase-minimized-4866094172995584 Bug-Id: CVE-2017-9991 CC: [email protected]
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 441026fcb13ac23aa10edc312bdacb6445a0ad06) Signed-off-by: Diego Biurrun <[email protected]> --- libavcodec/xwddec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/xwddec.c b/libavcodec/xwddec.c index cae6287987..22b6e52d5d 100644 --- a/libavcodec/xwddec.c +++ b/libavcodec/xwddec.c @@ -157,9 +157,9 @@ static int xwd_decode_frame(AVCodecContext *avctx, void *data, case XWD_GRAY_SCALE: if (bpp != 1 && bpp != 8) return AVERROR_INVALIDDATA; - if (pixdepth == 1) { + if (bpp == 1 && pixdepth == 1) { avctx->pix_fmt = AV_PIX_FMT_MONOWHITE; - } else if (pixdepth == 8) { + } else if (bpp == 8 && pixdepth == 8) { avctx->pix_fmt = AV_PIX_FMT_GRAY8; } break; -- 2.11.0 _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
