[FFmpeg-cvslog] Fix invalid reads in VC1 decoder
Reimar Döffinger
git
Sun Feb 20 19:30:47 CET 2011
ffmpeg | branch: release/0.5 | Reimar D?ffinger <Reimar.Doeffinger at gmx.de> | Sat Feb 19 11:33:01 2011 +0100| [8069e2f6fbd79e3d3d2ba17f5f097475b43e2921] | committer: Reinhard Tartler
Fix invalid reads in VC1 decoder
Patch discussed and taken from https://roundup.ffmpeg.org/issue2584
(cherry picked from commit 2bbec1eda46d907605772a8b6e8263caa4bc4c82)
Change related to CVE-2011-0723
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8069e2f6fbd79e3d3d2ba17f5f097475b43e2921
---
libavcodec/vc1.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/libavcodec/vc1.c b/libavcodec/vc1.c
index 03257b8..619e903 100644
--- a/libavcodec/vc1.c
+++ b/libavcodec/vc1.c
@@ -2366,7 +2366,7 @@ static void vc1_decode_ac_coeff(VC1Context *v, int *last, int *skip, int *value,
if (index != vc1_ac_sizes[codingset] - 1) {
run = vc1_index_decode_table[codingset][index][0];
level = vc1_index_decode_table[codingset][index][1];
- lst = index >= vc1_last_decode_table[codingset];
+ lst = index >= vc1_last_decode_table[codingset] || get_bits_left(gb) < 0;
if(get_bits1(gb))
level = -level;
} else {
More information about the ffmpeg-cvslog
mailing list