avcodec/wmalosslessdec: fix mclms_coeffs* array size
authorMichael Niedermayer <michaelni@gmx.at>
Fri, 7 Feb 2014 14:07:23 +0000 (15:07 +0100)
committerMichael Niedermayer <michaelni@gmx.at>
Fri, 21 Mar 2014 03:23:59 +0000 (04:23 +0100)
Fixes corruption of context
Fixes: 8835659dde6a4f7dcdf341de6a45c6c8-signal_sigsegv_1dce67b_4564_cov_2504444599_classical_22_16_1_14000_v3c_0_extend_0_29.wma
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ec9578d54d09b64bf112c2bf7a34b1ef3b93dbd3)

Conflicts:

libavcodec/wmalosslessdec.c
(cherry picked from commit 5d683807be71002a6c3facef3e26350762a760e2)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
libavcodec/wmalosslessdec.c

index 41bd067..691bfbf 100644 (file)
@@ -235,8 +235,8 @@ typedef struct WmallDecodeCtx {
 
     int8_t mclms_order;
     int8_t mclms_scaling;
-    int16_t mclms_coeffs[128];
-    int16_t mclms_coeffs_cur[4];
+    int16_t mclms_coeffs[WMALL_MAX_CHANNELS * WMALL_MAX_CHANNELS * 32];
+    int16_t mclms_coeffs_cur[WMALL_MAX_CHANNELS * WMALL_MAX_CHANNELS];
     int16_t mclms_prevvalues[WMALL_MAX_CHANNELS * 2 * 32];
     int16_t mclms_updates[WMALL_MAX_CHANNELS * 2 * 32];
     int     mclms_recent;