Fixes out of array accesses.
CC: libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Bug-Id: CVE-2014-9604
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
slice_start = ((slice * height) / slices) & cmask;
slice_height = ((((slice + 1) * height) / slices) & cmask) -
slice_start;
+ if (!slice_height)
+ continue;
bsrc = src + slice_start * stride;
slice_height = ((((slice + 1) * height) / slices) & cmask) -
slice_start;
slice_height >>= 1;
+ if (!slice_height)
+ continue;
bsrc = src + slice_start * stride;