[FFmpeg-cvslog] vp6: Fix illegal read.

Thierry Foucu git at videolan.org
Fri Nov 18 03:13:17 CET 2011


ffmpeg | branch: master | Thierry Foucu <tfoucu at gmail.com> | Thu Nov 17 09:39:52 2011 -0800| [e0966eb140b3569b3d6b5b5008961944ef229c06] | committer: Alex Converse

vp6: Fix illegal read.

Found with Address Sanitizer

Signed-off-by: Alex Converse <alex.converse at gmail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e0966eb140b3569b3d6b5b5008961944ef229c06
---

 libavcodec/vp6.c |    9 ++++++---
 1 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/libavcodec/vp6.c b/libavcodec/vp6.c
index 03024fa..9433983 100644
--- a/libavcodec/vp6.c
+++ b/libavcodec/vp6.c
@@ -442,7 +442,8 @@ static void vp6_parse_coeff(VP56Context *s)
         model1 = model->coeff_dccv[pt];
         model2 = model->coeff_dcct[pt][ctx];
 
-        for (coeff_idx=0; coeff_idx<64; ) {
+        coeff_idx = 0;
+        for (;;) {
             if ((coeff_idx>1 && ct==0) || vp56_rac_get_prob(c, model2[0])) {
                 /* parse a coeff */
                 if (vp56_rac_get_prob(c, model2[2])) {
@@ -483,8 +484,10 @@ static void vp6_parse_coeff(VP56Context *s)
                             run += vp56_rac_get_prob(c, model3[i+8]) << i;
                 }
             }
-
-            cg = vp6_coeff_groups[coeff_idx+=run];
+            coeff_idx += run;
+            if (coeff_idx >= 64)
+                break;
+            cg = vp6_coeff_groups[coeff_idx];
             model1 = model2 = model->coeff_ract[pt][ct][cg];
         }
 



More information about the ffmpeg-cvslog mailing list