[FFmpeg-cvslog] avcodec/rangecoder: Do not increase the pointer beyond the buffer

Michael Niedermayer git at videolan.org
Fri Aug 18 13:41:17 EEST 2017


ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Mon Aug 14 00:15:54 2017 +0200| [c359c51947c9ac925cc4a5d1893ef20ea1d3b4c8] | committer: Michael Niedermayer

avcodec/rangecoder: Do not increase the pointer beyond the buffer

Fixes: undefined behavior

Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c359c51947c9ac925cc4a5d1893ef20ea1d3b4c8
---

 libavcodec/rangecoder.c | 1 +
 libavcodec/rangecoder.h | 8 ++++++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/libavcodec/rangecoder.c b/libavcodec/rangecoder.c
index 0bb79c880e..0d53bef076 100644
--- a/libavcodec/rangecoder.c
+++ b/libavcodec/rangecoder.c
@@ -58,6 +58,7 @@ av_cold void ff_init_range_decoder(RangeCoder *c, const uint8_t *buf,
 
     c->low         = AV_RB16(c->bytestream);
     c->bytestream += 2;
+    c->overread    = 0;
     if (c->low >= 0xFF00) {
         c->low = 0xFF00;
         c->bytestream_end = c->bytestream;
diff --git a/libavcodec/rangecoder.h b/libavcodec/rangecoder.h
index c3e81d0dcb..44af88b8f5 100644
--- a/libavcodec/rangecoder.h
+++ b/libavcodec/rangecoder.h
@@ -42,6 +42,8 @@ typedef struct RangeCoder {
     uint8_t *bytestream_start;
     uint8_t *bytestream;
     uint8_t *bytestream_end;
+    int overread;
+#define MAX_OVERREAD 2
 } RangeCoder;
 
 void ff_init_range_encoder(RangeCoder *c, uint8_t *buf, int buf_size);
@@ -106,9 +108,11 @@ static inline void refill(RangeCoder *c)
     if (c->range < 0x100) {
         c->range <<= 8;
         c->low   <<= 8;
-        if (c->bytestream < c->bytestream_end)
+        if (c->bytestream < c->bytestream_end) {
             c->low += c->bytestream[0];
-        c->bytestream++;
+            c->bytestream++;
+        } else
+            c->overread ++;
     }
 }
 



More information about the ffmpeg-cvslog mailing list