# HG changeset patch
# User michael
# Date 1211926217 0
# Node ID e716466d366510c327763464a143ced6b21a2ff5
# Parent  941a4e753961008ded0cdc62af3396f2df377309
Arrays where one element too small, fixes CID114.
this was possibly exploitable

diff -r 941a4e753961 -r e716466d3665 cavsdec.c
--- a/cavsdec.c	Tue May 27 21:12:28 2008 +0000
+++ b/cavsdec.c	Tue May 27 22:10:17 2008 +0000
@@ -116,8 +116,8 @@
                                  const dec_2dvlc_t *r, int esc_golomb_order,
                                  int qp, uint8_t *dst, int stride) {
     int i, level_code, esc_code, level, run, mask;
-    DCTELEM level_buf[64];
-    uint8_t run_buf[64];
+    DCTELEM level_buf[65];
+    uint8_t run_buf[65];
     DCTELEM *block = h->block;
 
     for(i=0;i<65;i++) {