[FFmpeg-cvslog] motionpixels: clip VLC codes.

Sun Jan 12 16:44:05 CET 2014

ffmpeg | branch: release/1.1 | Anton Khirnov <anton at khirnov.net> | Fri Nov 15 15:33:20 2013 +0100| [26221a54eca391de29557fc08c32d23a40ef4d32] | committer: Reinhard Tartler

motionpixels: clip VLC codes.

Fixes invalid reads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable at libav.org

(cherry picked from commit ca41c72c6d9515d9045bd3b68104525dee81b8d0)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=26221a54eca391de29557fc08c32d23a40ef4d32
---

 libavcodec/motionpixels.c |    1 +
 1 file changed, 1 insertion(+)

diff --git a/libavcodec/motionpixels.c b/libavcodec/motionpixels.c
index c2bd0f4..4c0b98b 100644
--- a/libavcodec/motionpixels.c
+++ b/libavcodec/motionpixels.c
@@ -159,6 +159,7 @@ static int mp_get_vlc(MotionPixelsContext *mp, GetBitContext *gb)
     int i;
 
     i = (mp->codes_count == 1) ? 0 : get_vlc2(gb, mp->vlc.table, mp->max_codes_bits, 1);
+    i = FFMIN(i, FF_ARRAY_ELEMS(mp->codes) - 1);
     return mp->codes[i].delta;
 }
 

