[FFmpeg-cvslog] eamad: check for out of bounds read
Federico Tomassetti
git at videolan.org
Sat Mar 21 02:30:12 CET 2015
ffmpeg | branch: release/2.5 | Federico Tomassetti <ftomassetti at groupon.com> | Wed Feb 18 12:11:44 2015 +0000| [2684ff3573a68037aa298bedd93b00a126c48a30] | committer: Michael Niedermayer
eamad: check for out of bounds read
Bug-Id: CID 1257500
CC: libav-stable at libav.org
Signed-off-by: Luca Barbato <lu_zero at gentoo.org>
(cherry picked from commit 061c489895d29049a88dc6118e4b639a273b31d6)
Conflicts:
libavcodec/eamad.c
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2684ff3573a68037aa298bedd93b00a126c48a30
---
libavcodec/eamad.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/libavcodec/eamad.c b/libavcodec/eamad.c
index 813a2d1..6b7134a 100644
--- a/libavcodec/eamad.c
+++ b/libavcodec/eamad.c
@@ -151,6 +151,11 @@ static inline int decode_block_intra(MadContext *s, int16_t * block)
break;
} else if (level != 0) {
i += run;
+ if (i > 63) {
+ av_log(s->avctx, AV_LOG_ERROR,
+ "ac-tex damaged at %d %d\n", s->mb_x, s->mb_y);
+ return -1;
+ }
j = scantable[i];
level = (level*quant_matrix[j]) >> 4;
level = (level-1)|1;
@@ -165,6 +170,11 @@ static inline int decode_block_intra(MadContext *s, int16_t * block)
run = SHOW_UBITS(re, &s->gb, 6)+1; LAST_SKIP_BITS(re, &s->gb, 6);
i += run;
+ if (i > 63) {
+ av_log(s->avctx, AV_LOG_ERROR,
+ "ac-tex damaged at %d %d\n", s->mb_x, s->mb_y);
+ return -1;
+ }
j = scantable[i];
if (level < 0) {
level = -level;
@@ -176,10 +186,6 @@ static inline int decode_block_intra(MadContext *s, int16_t * block)
level = (level-1)|1;
}
}
- if (i > 63) {
- av_log(s->avctx, AV_LOG_ERROR, "ac-tex damaged at %d %d\n", s->mb_x, s->mb_y);
- return -1;
- }
block[j] = level;
}
More information about the ffmpeg-cvslog
mailing list