[FFmpeg-cvslog] r22429 - trunk/libavcodec/h264_cavlc.c

michael subversion
Wed Mar 10 10:55:03 CET 2010


Author: michael
Date: Wed Mar 10 10:55:03 2010
New Revision: 22429

Log:
Check level_prefix a bit (this just checks the max our bitreader can handle,
as i did nt find a limit in the spec)
This should stop cavlc_decode_residual() on a zero bitstream

Modified:
   trunk/libavcodec/h264_cavlc.c

Modified: trunk/libavcodec/h264_cavlc.c
==============================================================================
--- trunk/libavcodec/h264_cavlc.c	Wed Mar 10 10:20:32 2010	(r22428)
+++ trunk/libavcodec/h264_cavlc.c	Wed Mar 10 10:55:03 2010	(r22429)
@@ -431,8 +431,13 @@ static int decode_residual(H264Context *
                     level_code= prefix + get_bits(gb, 4); //part
             }else{
                 level_code= 30 + get_bits(gb, prefix-3); //part
-                if(prefix>=16)
+                if(prefix>=16){
+                    if(prefix > 25+3){
+                        av_log(h->s.avctx, AV_LOG_ERROR, "Invalid level prefix\n");
+                        return -1;
+                    }
                     level_code += (1<<(prefix-3))-4096;
+                }
             }
 
             if(trailing_ones < 3) level_code += 2;



More information about the ffmpeg-cvslog mailing list