[FFmpeg-cvslog] diracdec: fix unchecked byte length

Rostislav Pehlivanov git at videolan.org
Thu Jul 14 00:54:51 CEST 2016


ffmpeg | branch: master | Rostislav Pehlivanov <atomnuker at gmail.com> | Wed Jul 13 23:53:05 2016 +0100| [000eb01a7d14ee635bd0e554ea92e05feb8cf685] | committer: Rostislav Pehlivanov

diracdec: fix unchecked byte length

Also drops the start variable since it's redundant.
Found by Coverity, fixes CID1363964

Signed-off-by: Rostislav Pehlivanov <atomnuker at gmail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=000eb01a7d14ee635bd0e554ea92e05feb8cf685
---

 libavcodec/diracdec.c |    5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c
index dc42a42..6cb098b 100644
--- a/libavcodec/diracdec.c
+++ b/libavcodec/diracdec.c
@@ -835,11 +835,10 @@ static int decode_hq_slice(DiracContext *s, DiracSlice *slice, uint8_t *tmp_buf)
     for (i = 0; i < 3; i++) {
         int coef_num, coef_par, off = 0;
         int64_t length = s->highquality.size_scaler*get_bits(gb, 8);
-        int64_t start = get_bits_count(gb);
-        int64_t bits_end = start + 8*length;
+        int64_t bits_end = get_bits_count(gb) + 8*length;
         const uint8_t *addr = align_get_bits(gb);
 
-        if (bits_end >= INT_MAX) {
+        if (length*8 > get_bits_left(gb)) {
             av_log(s->avctx, AV_LOG_ERROR, "end too far away\n");
             return AVERROR_INVALIDDATA;
         }



More information about the ffmpeg-cvslog mailing list