[FFmpeg-cvslog] Fix invalid reads in VC1 decoder
Reimar Döffinger
git at videolan.org
Sat Mar 19 18:18:57 CET 2011
ffmpeg | branch: release/0.6 | Reimar Döffinger <Reimar.Doeffinger at gmx.de> | Sat Feb 19 11:33:01 2011 +0100| [cf69619141a5742c4e4156177335d553c5bab7b6] | committer: Reinhard Tartler
Fix invalid reads in VC1 decoder
Patch discussed and taken from https://roundup.ffmpeg.org/issue2584
(cherry picked from commit 2bbec1eda46d907605772a8b6e8263caa4bc4c82)
Change related to CVE-2011-0723
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cf69619141a5742c4e4156177335d553c5bab7b6
---
libavcodec/vc1dec.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/libavcodec/vc1dec.c b/libavcodec/vc1dec.c
index 52392c3..abcc5ec 100644
--- a/libavcodec/vc1dec.c
+++ b/libavcodec/vc1dec.c
@@ -1365,7 +1365,7 @@ static void vc1_decode_ac_coeff(VC1Context *v, int *last, int *skip, int *value,
if (index != vc1_ac_sizes[codingset] - 1) {
run = vc1_index_decode_table[codingset][index][0];
level = vc1_index_decode_table[codingset][index][1];
- lst = index >= vc1_last_decode_table[codingset];
+ lst = index >= vc1_last_decode_table[codingset] || get_bits_left(gb) < 0;
if(get_bits1(gb))
level = -level;
} else {
More information about the ffmpeg-cvslog
mailing list