[FFmpeg-cvslog] h264_cavlc: fix assertion failure due to reading too long vlc

Michael Niedermayer git at videolan.org
Thu Mar 28 04:09:33 CET 2013


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Thu Mar 28 03:16:01 2013 +0100| [10ece44d0948b44b062d09319052d09d14f7bfdb] | committer: Michael Niedermayer

h264_cavlc: fix assertion failure due to reading too long vlc

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=10ece44d0948b44b062d09319052d09d14f7bfdb
---

 libavcodec/h264_cavlc.c |   10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/libavcodec/h264_cavlc.c b/libavcodec/h264_cavlc.c
index d06c86a..dad819f 100644
--- a/libavcodec/h264_cavlc.c
+++ b/libavcodec/h264_cavlc.c
@@ -549,9 +549,15 @@ static int decode_residual(H264Context *h, GetBitContext *gb, int16_t *block, in
                 if(prefix<15){
                     level_code = (prefix<<suffix_length) + get_bits(gb, suffix_length);
                 }else{
-                    level_code = (15<<suffix_length) + get_bits(gb, prefix-3);
-                    if(prefix>=16)
+                    level_code = 15<<suffix_length;
+                    if (prefix>=16) {
+                        if(prefix > 25+3){
+                            av_log(h->avctx, AV_LOG_ERROR, "Invalid level prefix\n");
+                            return AVERROR_INVALIDDATA;
+                        }
                         level_code += (1<<(prefix-3))-4096;
+                    }
+                    level_code += get_bits(gb, prefix-3);
                 }
                 mask= -(level_code&1);
                 level_code= (((2+level_code)>>1) ^ mask) - mask;



More information about the ffmpeg-cvslog mailing list