diff options
| author | Grigori Goronzy <greg@chown.ath.cx> | 2016-10-04 02:47:36 +0200 |
|---|---|---|
| committer | Grigori Goronzy <greg@chown.ath.cx> | 2016-10-04 19:45:16 +0200 |
| commit | 08e754612019ed84d1db0d1fc4f5798248decd75 (patch) | |
| tree | 03ea35b6617183969af7b463ea4cb2c3749fd8db /libass | |
| parent | 1ca16e18cb9421853e5523e19d3826d4ea252a64 (diff) | |
| download | libass-08e754612019ed84d1db0d1fc4f5798248decd75.tar.bz2 libass-08e754612019ed84d1db0d1fc4f5798248decd75.tar.xz | |
Fix blur coefficient calculation buffer overflow
Found by fuzzer test case id:000082,sig:11,src:002579,op:havoc,rep:8.
Correctness should be checked, but this fixes the overflow for good.
Diffstat (limited to 'libass')
| -rw-r--r-- | libass/ass_blur.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/libass/ass_blur.c b/libass/ass_blur.c index 636ab1a..109c24d 100644 --- a/libass/ass_blur.c +++ b/libass/ass_blur.c @@ -744,7 +744,7 @@ static void calc_coeff(double mu[4], const int index[4], int prefilter, double r ( 17 - 126 * mul + 273 * mul2 - 164 * mul3) / 12096, }; - double mat_freq[13]; + double mat_freq[14]; memcpy(mat_freq, kernel, sizeof(kernel)); memset(mat_freq + 4, 0, sizeof(mat_freq) - sizeof(kernel)); int n = 6; |