[FFmpeg-cvslog] avcodec/rangecoder: Do not increase the pointer beyond the buffer
Michael Niedermayer
git at videolan.org
Fri Aug 18 13:41:17 EEST 2017
ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Mon Aug 14 00:15:54 2017 +0200| [c359c51947c9ac925cc4a5d1893ef20ea1d3b4c8] | committer: Michael Niedermayer
avcodec/rangecoder: Do not increase the pointer beyond the buffer
Fixes: undefined behavior
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c359c51947c9ac925cc4a5d1893ef20ea1d3b4c8
---
libavcodec/rangecoder.c | 1 +
libavcodec/rangecoder.h | 8 ++++++--
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/libavcodec/rangecoder.c b/libavcodec/rangecoder.c
index 0bb79c880e..0d53bef076 100644
--- a/libavcodec/rangecoder.c
+++ b/libavcodec/rangecoder.c
@@ -58,6 +58,7 @@ av_cold void ff_init_range_decoder(RangeCoder *c, const uint8_t *buf,
c->low = AV_RB16(c->bytestream);
c->bytestream += 2;
+ c->overread = 0;
if (c->low >= 0xFF00) {
c->low = 0xFF00;
c->bytestream_end = c->bytestream;
diff --git a/libavcodec/rangecoder.h b/libavcodec/rangecoder.h
index c3e81d0dcb..44af88b8f5 100644
--- a/libavcodec/rangecoder.h
+++ b/libavcodec/rangecoder.h
@@ -42,6 +42,8 @@ typedef struct RangeCoder {
uint8_t *bytestream_start;
uint8_t *bytestream;
uint8_t *bytestream_end;
+ int overread;
+#define MAX_OVERREAD 2
} RangeCoder;
void ff_init_range_encoder(RangeCoder *c, uint8_t *buf, int buf_size);
@@ -106,9 +108,11 @@ static inline void refill(RangeCoder *c)
if (c->range < 0x100) {
c->range <<= 8;
c->low <<= 8;
- if (c->bytestream < c->bytestream_end)
+ if (c->bytestream < c->bytestream_end) {
c->low += c->bytestream[0];
- c->bytestream++;
+ c->bytestream++;
+ } else
+ c->overread ++;
}
}
More information about the ffmpeg-cvslog
mailing list