mmvideo: restore initial y value.
authorMichael Niedermayer <michaelni@gmx.at>
Tue, 13 Mar 2012 21:20:39 +0000 (22:20 +0100)
committerMichael Niedermayer <michaelni@gmx.at>
Fri, 16 Mar 2012 13:46:08 +0000 (14:46 +0100)
This bug might have been exploitable (out of HEAP buffer writes)

Bug introduced by libav
commit a55d5bdc6e28a2cfefc440d792de5cc4f02377e2
Date:   Tue Mar 6 15:15:42 2012 -0800

    algmm: convert to bytestream2 API.
(cherry picked from commit c2e3b564b32d596f5a66d47409f9e07a067a3084)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
libavcodec/mmvideo.c

index 87eeee2..7066053 100644 (file)
@@ -127,7 +127,7 @@ static int mm_decode_intra(MmContext * s, int half_horiz, int half_vert)
  */
 static int mm_decode_inter(MmContext * s, int half_horiz, int half_vert)
 {
-    int data_off = bytestream2_get_le16(&s->gb), y;
+    int data_off = bytestream2_get_le16(&s->gb), y = 0;
     GetByteContext data_ptr;
 
     if (bytestream2_get_bytes_left(&s->gb) < data_off)