[FFmpeg-cvslog] avcodec/h264_cabac: Check decode_cabac_mb_mvd() for failure
Michael Niedermayer
git at videolan.org
Sun Feb 14 21:33:41 CET 2016
ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Tue Jan 26 02:23:31 2016 +0100| [e5655a32bc745462cb820f4ccc3eaee146dd2cdc] | committer: Michael Niedermayer
avcodec/h264_cabac: Check decode_cabac_mb_mvd() for failure
Fixes harmless integer overflow
Fixes Ticket5150
No speedloss measured, actually its slightly faster, but please benchmark & double check this
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e5655a32bc745462cb820f4ccc3eaee146dd2cdc
---
libavcodec/h264_cabac.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/libavcodec/h264_cabac.c b/libavcodec/h264_cabac.c
index 04d412b..deab35a 100644
--- a/libavcodec/h264_cabac.c
+++ b/libavcodec/h264_cabac.c
@@ -1540,8 +1540,12 @@ static int decode_cabac_mb_mvd(H264SliceContext *sl, int ctxbase, int amvd, int
int amvd1 = sl->mvd_cache[list][scan8[n] - 1][1] +\
sl->mvd_cache[list][scan8[n] - 8][1];\
\
- mx += decode_cabac_mb_mvd(sl, 40, amvd0, &mpx);\
- my += decode_cabac_mb_mvd(sl, 47, amvd1, &mpy);\
+ int mxd = decode_cabac_mb_mvd(sl, 40, amvd0, &mpx);\
+ int myd = decode_cabac_mb_mvd(sl, 47, amvd1, &mpy);\
+ if (mxd == INT_MIN || myd == INT_MIN) \
+ return AVERROR_INVALIDDATA; \
+ mx += mxd;\
+ my += myd;\
}
static av_always_inline int get_cabac_cbf_ctx(H264SliceContext *sl,
More information about the ffmpeg-cvslog
mailing list