[FFmpeg-cvslog] vp5: Fix illegal read.

Alex Converse git at videolan.org
Fri Nov 18 03:13:17 CET 2011


ffmpeg | branch: master | Alex Converse <alex.converse at gmail.com> | Thu Nov 17 10:06:14 2011 -0800| [bb4b0ad83b13c3af57675e80163f3f333adef96f] | committer: Alex Converse

vp5: Fix illegal read.

Found with Address Sanitizer

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bb4b0ad83b13c3af57675e80163f3f333adef96f
---

 libavcodec/vp5.c |    8 ++++++--
 1 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/libavcodec/vp5.c b/libavcodec/vp5.c
index a1a38b0..56f667c 100644
--- a/libavcodec/vp5.c
+++ b/libavcodec/vp5.c
@@ -185,7 +185,8 @@ static void vp5_parse_coeff(VP56Context *s)
         model1 = model->coeff_dccv[pt];
         model2 = model->coeff_dcct[pt][ctx];
 
-        for (coeff_idx=0; coeff_idx<64; ) {
+        coeff_idx = 0;
+        for (;;) {
             if (vp56_rac_get_prob(c, model2[0])) {
                 if (vp56_rac_get_prob(c, model2[2])) {
                     if (vp56_rac_get_prob(c, model2[3])) {
@@ -222,8 +223,11 @@ static void vp5_parse_coeff(VP56Context *s)
                 ct = 0;
                 s->coeff_ctx[vp56_b6to4[b]][coeff_idx] = 0;
             }
+            coeff_idx++;
+            if (coeff_idx >= 64)
+                break;
 
-            cg = vp5_coeff_groups[++coeff_idx];
+            cg = vp5_coeff_groups[coeff_idx];
             ctx = s->coeff_ctx[vp56_b6to4[b]][coeff_idx];
             model1 = model->coeff_ract[pt][ct][cg];
             model2 = cg > 2 ? model1 : model->coeff_acct[pt][ct][cg][ctx];



More information about the ffmpeg-cvslog mailing list