[FFmpeg-cvslog] qdm2_fft_decode_tones: fix infinite loop
Michael Niedermayer
git at videolan.org
Sun Apr 15 17:20:50 CEST 2012
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Sun Apr 15 16:30:17 2012 +0200| [20335598f2a08e92ae8f098f62f6311d42ebd55b] | committer: Michael Niedermayer
qdm2_fft_decode_tones: fix infinite loop
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=20335598f2a08e92ae8f098f62f6311d42ebd55b
---
libavcodec/qdm2.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/libavcodec/qdm2.c b/libavcodec/qdm2.c
index 0ba457d..c38282f 100644
--- a/libavcodec/qdm2.c
+++ b/libavcodec/qdm2.c
@@ -1358,6 +1358,10 @@ static void qdm2_fft_decode_tones (QDM2Context *q, int duration, GetBitContext *
while (get_bits_left(gb)>0) {
if (q->superblocktype_2_3) {
while ((n = qdm2_get_vlc(gb, &vlc_tab_fft_tone_offset[local_int_8], 1, 2)) < 2) {
+ if (get_bits_left(gb)<0) {
+ av_log(0, AV_LOG_ERROR, "overread in qdm2_fft_decode_tones()\n");
+ return;
+ }
offset = 1;
if (n == 0) {
local_int_4 += local_int_10;
More information about the ffmpeg-cvslog
mailing list