[vlc-commits] codec/araw: Fix Dat12 decode buffer overflow

Sun Jan 7 14:31:47 CET 2018

vlc | branch: master | Lyndon Brown <jnqnfe at gmail.com> | Wed Dec 27 05:41:01 2017 +0000| [44bed4b30276059a16647a08c7746b6e067612b6] | committer: Rémi Denis-Courmont

codec/araw: Fix Dat12 decode buffer overflow

Dat12 decode is a 12bit=>16bit conversion, and the output buffer is sized
based upon 16bit samples. However, the decoder function casts the output
buffer pointer to a 32bit type, meaning that half of the output thus ends
up being written past the end of the buffer.

Signed-off-by: Rémi Denis-Courmont <remi at remlab.net>

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=44bed4b30276059a16647a08c7746b6e067612b6
---

 modules/codec/araw.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/codec/araw.c b/modules/codec/araw.c
index fcac471d73..460e09b9f6 100644
--- a/modules/codec/araw.c
+++ b/modules/codec/araw.c
@@ -625,7 +625,7 @@ static int16_t dat12tos16( uint_fast16_t y )
 
 static void DAT12Decode( void *outp, const uint8_t *in, unsigned samples )
 {
-    int32_t *out = outp;
+    int16_t *out = outp;
 
     while( samples >= 2 )
     {

