[FFmpeg-devel] [PATCH] avcodec/golomb: Mask shift amount before use in get_ue_golomb()

Ganesh Ajjanagadde gajjanag at mit.edu
Fri Dec 4 01:50:53 CET 2015


On Thu, Dec 3, 2015 at 5:09 PM, Michael Niedermayer <michaelni at gmx.at> wrote:
> From: Michael Niedermayer <michael at niedermayer.cc>
>
> Fixes undefined behavior
> Fixes: mozilla bug 1229208
> Fixes: fbeb8b2c7c996e9b91c6b1af319d7ebc/asan_heap-oob_195450f_2743_e8856ece4579ea486670be2b236099a0.bit
>
> Found-by: Tyson Smith
> Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

Minor comment: was this found by xiedingbao's undefined behavior
report as well? While investigating, I found some things that were
flagging the golomb code, but can't confirm that it is this one.

I don't mind at all; it may be somewhat funny if 3 people
independently came up with the same report :).

As for the technical change, seems ok but you may want a better review
as I have not done deep analysis of this.

> ---
>  libavcodec/golomb.h |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavcodec/golomb.h b/libavcodec/golomb.h
> index d30bb6b..323665d 100644
> --- a/libavcodec/golomb.h
> +++ b/libavcodec/golomb.h
> @@ -72,7 +72,7 @@ static inline int get_ue_golomb(GetBitContext *gb)
>              av_log(NULL, AV_LOG_ERROR, "Invalid UE golomb code\n");
>              return AVERROR_INVALIDDATA;
>          }
> -        buf >>= log;
> +        buf >>= log & 31;
>          buf--;
>
>          return buf;
> --
> 1.7.9.5
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel


More information about the ffmpeg-devel mailing list