[FFmpeg-cvslog] vp6: Fix illegal read.

Thierry Foucu git at videolan.org
Sun Dec 25 01:36:04 CET 2011


ffmpeg | branch: release/0.6 | Thierry Foucu <tfoucu at gmail.com> | Thu Nov 17 09:39:52 2011 -0800| [94aacaf5083313378c6105bd71db04ce8f62c058] | committer: Reinhard Tartler

vp6: Fix illegal read.

Found with Address Sanitizer

Signed-off-by: Alex Converse <alex.converse at gmail.com>
(cherry picked from commit e0966eb140b3569b3d6b5b5008961944ef229c06)

Signed-off-by: Reinhard Tartler <siretart at tauware.de>
(cherry picked from commit ba4b08b78918f399f9c9524750b26e904d146078)

Signed-off-by: Reinhard Tartler <siretart at tauware.de>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=94aacaf5083313378c6105bd71db04ce8f62c058
---

 libavcodec/vp6.c |    9 ++++++---
 1 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/libavcodec/vp6.c b/libavcodec/vp6.c
index 87834cd..1fe24cf 100644
--- a/libavcodec/vp6.c
+++ b/libavcodec/vp6.c
@@ -439,7 +439,8 @@ static void vp6_parse_coeff(VP56Context *s)
         model1 = model->coeff_dccv[pt];
         model2 = model->coeff_dcct[pt][ctx];
 
-        for (coeff_idx=0; coeff_idx<64; ) {
+        coeff_idx = 0;
+        for (;;) {
             if ((coeff_idx>1 && ct==0) || vp56_rac_get_prob(c, model2[0])) {
                 /* parse a coeff */
                 if (vp56_rac_get_prob(c, model2[2])) {
@@ -480,8 +481,10 @@ static void vp6_parse_coeff(VP56Context *s)
                             run += vp56_rac_get_prob(c, model3[i+8]) << i;
                 }
             }
-
-            cg = vp6_coeff_groups[coeff_idx+=run];
+            coeff_idx += run;
+            if (coeff_idx >= 64)
+                break;
+            cg = vp6_coeff_groups[coeff_idx];
             model1 = model2 = model->coeff_ract[pt][ct][cg];
         }
 



More information about the ffmpeg-cvslog mailing list