[FFmpeg-cvslog] qdm2dec: check remaining input bits in the mainloop of qdm2_fft_decode_tones()

Michael Niedermayer git at videolan.org
Mon Nov 21 22:29:18 CET 2011


ffmpeg | branch: release/0.5 | Michael Niedermayer <michaelni at gmx.at> | Fri Nov 18 17:56:24 2011 +0100| [2c8ac664561a1843f299295443720ce83105c024] | committer: Michael Niedermayer

qdm2dec: check remaining input bits in the mainloop of qdm2_fft_decode_tones()
This is neccessary but likely not sufficient to prevent out of array reads.

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 14db3af4f26dad8e6ddf2147e96ccc710952ad4d)

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 8120a1d9bd4bcc4434b4f588f50c9d81aa8ad0e0)

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2c8ac664561a1843f299295443720ce83105c024
---

 libavcodec/qdm2.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/libavcodec/qdm2.c b/libavcodec/qdm2.c
index 69be061..3aef7a3 100644
--- a/libavcodec/qdm2.c
+++ b/libavcodec/qdm2.c
@@ -1351,7 +1351,7 @@ static void qdm2_fft_decode_tones (QDM2Context *q, int duration, GetBitContext *
     local_int_10 = 1 << (q->group_order - duration - 1);
     offset = 1;
 
-    while (1) {
+    while (get_bits_left(gb)>0) {
         if (q->superblocktype_2_3) {
             while ((n = qdm2_get_vlc(gb, &vlc_tab_fft_tone_offset[local_int_8], 1, 2)) < 2) {
                 offset = 1;



More information about the ffmpeg-cvslog mailing list