wmalosslessdec: Reset put bit buffer when num_saved_bits is reset.

Fixes CVE-2012-2799 CC:libav-stable@libav.org Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Anton Khirnov <anton@khirnov.net>
author: Michael Niedermayer <michaelni@gmx.at> 2012-04-14 16:32:56 +0200
committer: Anton Khirnov <anton@khirnov.net> 2012-09-29 19:17:38 +0200
commit: d65d8347314b645051e336aed141aaf32a6c0d02 (patch)
tree: 2cc4f8444e86501480ef5fe93b6b127bdae28189
parent: d05f72c75445969cd7bdb1d860635c9880c67fb6 (diff)
download: ffmpeg-d65d8347314b645051e336aed141aaf32a6c0d02.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/libavcodec/wmalosslessdec.c b/libavcodec/wmalosslessdec.c
index b97f39752c..df025282ae 100644
--- a/libavcodec/wmalosslessdec.c
+++ b/libavcodec/wmalosslessdec.c
@@ -1230,6 +1230,7 @@ static int decode_packet(AVCodecContext *avctx, void *data, int *got_frame_ptr,
              * to decode incomplete frames in the s->len_prefix == 0 case. */
             s->num_saved_bits = 0;
             s->packet_loss    = 0;
+            init_put_bits(&s->pb, s->frame_data, MAX_FRAMESIZE);
         }
 
     } else {
@@ -1282,6 +1283,7 @@ static void flush(AVCodecContext *avctx)
     s->next_packet_start = 0;
     s->cdlms[0][0].order = 0;
     s->frame.nb_samples  = 0;
+    init_put_bits(&s->pb, s->frame_data, MAX_FRAMESIZE);
 }
 
 AVCodec ff_wmalossless_decoder = {
author	Michael Niedermayer <michaelni@gmx.at>	2012-04-14 16:32:56 +0200
committer	Anton Khirnov <anton@khirnov.net>	2012-09-29 19:17:38 +0200
commit	d65d8347314b645051e336aed141aaf32a6c0d02 (patch)
tree	2cc4f8444e86501480ef5fe93b6b127bdae28189
parent	d05f72c75445969cd7bdb1d860635c9880c67fb6 (diff)
download	ffmpeg-d65d8347314b645051e336aed141aaf32a6c0d02.tar.gz