[FFmpeg-cvslog] h264: fix overreads in cabac reader.
Ronald S. Bultje
git at videolan.org
Thu Mar 29 04:32:34 CEST 2012
ffmpeg | branch: master | Ronald S. Bultje <rsbultje at gmail.com> | Fri Mar 16 21:56:40 2012 -0700| [7374fac80406d6c1a67a0e3265cfe6dfcc51ce61] | committer: Ronald S. Bultje
h264: fix overreads in cabac reader.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7374fac80406d6c1a67a0e3265cfe6dfcc51ce61
---
libavcodec/cabac_functions.h | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/libavcodec/cabac_functions.h b/libavcodec/cabac_functions.h
index b150aab..4c74cf7 100644
--- a/libavcodec/cabac_functions.h
+++ b/libavcodec/cabac_functions.h
@@ -47,7 +47,8 @@ static void refill(CABACContext *c){
c->low+= c->bytestream[0]<<1;
#endif
c->low -= CABAC_MASK;
- c->bytestream+= CABAC_BITS/8;
+ if (c->bytestream < c->bytestream_end)
+ c->bytestream += CABAC_BITS / 8;
}
static inline void renorm_cabac_decoder_once(CABACContext *c){
@@ -74,7 +75,8 @@ static void refill2(CABACContext *c){
#endif
c->low += x<<i;
- c->bytestream+= CABAC_BITS/8;
+ if (c->bytestream < c->bytestream_end)
+ c->bytestream += CABAC_BITS/8;
}
static av_always_inline int get_cabac_inline(CABACContext *c, uint8_t * const state){
More information about the ffmpeg-cvslog
mailing list