From: Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
Date: Thu, 5 Dec 2019 16:27:00 +0000 (+0000)
Subject: CVE-2018-19128
X-Git-Tag: archive/raspbian/6%11.12-1_deb8u9+rpi1^2~3
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=d18bd5d9b2f500285235940ac67ffb145cbc69fd;p=libav.git

CVE-2018-19128

commit 6c36b3afe72d1ab635efba36e78c849630ed9ec6
Author: Michael Niedermayer <michaelni@gmx.at>
Date:   Thu Aug 14 15:18:49 2014 +0200

    avcodec/lcldec: initialize encoded correctly

    Fixes out of array read
    Fixes: yuv111_no_compr_crash.avi

    Found-by: Piotr Bandurski <ami_stuff@o2.pl>
    Signed-off-by: Michael Niedermayer <michaelni@gmx.at>


Gbp-Pq: Name CVE-2018-19128.patch
---

diff --git a/libavcodec/lcldec.c b/libavcodec/lcldec.c
index 9c60697..0f023cb 100644
--- a/libavcodec/lcldec.c
+++ b/libavcodec/lcldec.c
@@ -164,7 +164,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame, AVPac
     LclDecContext * const c = avctx->priv_data;
     unsigned int pixel_ptr;
     int row, col;
-    unsigned char *encoded, *outptr;
+    unsigned char *encoded = avpkt->data, *outptr;
     uint8_t *y_out, *u_out, *v_out;
     unsigned int width = avctx->width; // Real image width
     unsigned int height = avctx->height; // Real image height