[FFmpeg-cvslog] on2avc: limit number of bits to 30 in get_egolomb
Andreas Cadhalpun
git at videolan.org
Sun Dec 20 14:09:29 CET 2015
ffmpeg | branch: release/2.8 | Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com> | Wed Dec 16 16:48:19 2015 +0100| [6d7b4dbcb4103a0c54d486d3a51aa3122a4914b6] | committer: Andreas Cadhalpun
on2avc: limit number of bits to 30 in get_egolomb
More don't fit into the integer output.
Also use get_bits_long, since get_bits only supports reading up to 25
bits, while get_bits_long supports the full integer range.
Reviewed-by: Michael Niedermayer <michael at niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
(cherry picked from commit 4d5c3b02e9d2c9a630ca433fabca43285879e0b8)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6d7b4dbcb4103a0c54d486d3a51aa3122a4914b6
---
libavcodec/on2avc.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/libavcodec/on2avc.c b/libavcodec/on2avc.c
index 15f4dd1..04c8e41 100644
--- a/libavcodec/on2avc.c
+++ b/libavcodec/on2avc.c
@@ -211,9 +211,16 @@ static inline int get_egolomb(GetBitContext *gb)
{
int v = 4;
- while (get_bits1(gb)) v++;
+ while (get_bits1(gb)) {
+ v++;
+ if (v > 30) {
+ av_log(NULL, AV_LOG_WARNING, "Too large golomb code in get_egolomb.\n");
+ v = 30;
+ break;
+ }
+ }
- return (1 << v) + get_bits(gb, v);
+ return (1 << v) + get_bits_long(gb, v);
}
static int on2avc_decode_pairs(On2AVCContext *c, GetBitContext *gb, float *dst,
More information about the ffmpeg-cvslog
mailing list