From b3867c93d10b42dae1aeb1e8fa6059c5b87c28a5 Mon Sep 17 00:00:00 2001 From: Kostya Shishkov Date: Sat, 16 May 2009 06:39:08 +0000 Subject: [PATCH] Fix off-by-one error in MS RLE decoder which may result into writing past picture buffer. Originally committed as revision 18852 to svn://svn.ffmpeg.org/ffmpeg/trunk --- libavcodec/msrledec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/msrledec.c b/libavcodec/msrledec.c index 40fec31278..1401ee3424 100644 --- a/libavcodec/msrledec.c +++ b/libavcodec/msrledec.c @@ -134,7 +134,7 @@ static int msrle_decode_8_16_24_32(AVCodecContext *avctx, AVPicture *pic, int de { uint8_t *output, *output_end; const uint8_t* src = data; - int p1, p2, line=avctx->height, pos=0, i; + int p1, p2, line=avctx->height - 1, pos=0, i; uint16_t av_uninit(pix16); uint32_t av_uninit(pix32);