[FFmpeg-cvslog] vp6: Fix illegal read.
Thierry Foucu
git at videolan.org
Fri Nov 18 03:13:17 CET 2011
ffmpeg | branch: master | Thierry Foucu <tfoucu at gmail.com> | Thu Nov 17 09:39:52 2011 -0800| [e0966eb140b3569b3d6b5b5008961944ef229c06] | committer: Alex Converse
vp6: Fix illegal read.
Found with Address Sanitizer
Signed-off-by: Alex Converse <alex.converse at gmail.com>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e0966eb140b3569b3d6b5b5008961944ef229c06
---
libavcodec/vp6.c | 9 ++++++---
1 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/libavcodec/vp6.c b/libavcodec/vp6.c
index 03024fa..9433983 100644
--- a/libavcodec/vp6.c
+++ b/libavcodec/vp6.c
@@ -442,7 +442,8 @@ static void vp6_parse_coeff(VP56Context *s)
model1 = model->coeff_dccv[pt];
model2 = model->coeff_dcct[pt][ctx];
- for (coeff_idx=0; coeff_idx<64; ) {
+ coeff_idx = 0;
+ for (;;) {
if ((coeff_idx>1 && ct==0) || vp56_rac_get_prob(c, model2[0])) {
/* parse a coeff */
if (vp56_rac_get_prob(c, model2[2])) {
@@ -483,8 +484,10 @@ static void vp6_parse_coeff(VP56Context *s)
run += vp56_rac_get_prob(c, model3[i+8]) << i;
}
}
-
- cg = vp6_coeff_groups[coeff_idx+=run];
+ coeff_idx += run;
+ if (coeff_idx >= 64)
+ break;
+ cg = vp6_coeff_groups[coeff_idx];
model1 = model2 = model->coeff_ract[pt][ct][cg];
}
More information about the ffmpeg-cvslog
mailing list