[FFmpeg-cvslog] Merge commit 'b2788fe9347c02b1355574f3d28d60bfe1250ea7'
James Almer
git at videolan.org
Wed Oct 4 02:30:21 EEST 2017
ffmpeg | branch: master | James Almer <jamrial at gmail.com> | Tue Oct 3 20:28:51 2017 -0300| [cb222d73225adae76893f58c8283b32a9943094f] | committer: James Almer
Merge commit 'b2788fe9347c02b1355574f3d28d60bfe1250ea7'
* commit 'b2788fe9347c02b1355574f3d28d60bfe1250ea7':
svq3: fix the slice size check
Merged-by: James Almer <jamrial at gmail.com>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cb222d73225adae76893f58c8283b32a9943094f
---
libavcodec/svq3.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/libavcodec/svq3.c b/libavcodec/svq3.c
index 5cb5bd45b7..a937b2f951 100644
--- a/libavcodec/svq3.c
+++ b/libavcodec/svq3.c
@@ -1036,17 +1036,16 @@ static int svq3_decode_slice_header(AVCodecContext *avctx)
slice_bits = slice_length * 8;
slice_bytes = slice_length + length - 1;
- if (8LL*slice_bytes > get_bits_left(&s->gb)) {
- av_log(avctx, AV_LOG_ERROR, "slice after bitstream end\n");
- return -1;
- }
-
skip_bits(&s->gb, 8);
av_fast_malloc(&s->slice_buf, &s->slice_size, slice_bytes + AV_INPUT_BUFFER_PADDING_SIZE);
if (!s->slice_buf)
return AVERROR(ENOMEM);
+ if (slice_bytes * 8LL > get_bits_left(&s->gb)) {
+ av_log(avctx, AV_LOG_ERROR, "slice after bitstream end\n");
+ return AVERROR_INVALIDDATA;
+ }
memcpy(s->slice_buf, s->gb.buffer + s->gb.index / 8, slice_bytes);
init_get_bits(&s->gb_slice, s->slice_buf, slice_bits);
======================================================================
diff --cc libavcodec/svq3.c
index 5cb5bd45b7,667d3906a1..a937b2f951
--- a/libavcodec/svq3.c
+++ b/libavcodec/svq3.c
@@@ -1036,32 -1031,30 +1036,31 @@@ static int svq3_decode_slice_header(AVC
slice_bits = slice_length * 8;
slice_bytes = slice_length + length - 1;
- if (8LL*slice_bytes > get_bits_left(&s->gb)) {
- av_log(avctx, AV_LOG_ERROR, "slice after bitstream end\n");
- return -1;
- }
-
- bitstream_skip(&s->bc, 8);
+ skip_bits(&s->gb, 8);
av_fast_malloc(&s->slice_buf, &s->slice_size, slice_bytes + AV_INPUT_BUFFER_PADDING_SIZE);
if (!s->slice_buf)
return AVERROR(ENOMEM);
- if (slice_bytes * 8 > bitstream_bits_left(&s->bc)) {
++ if (slice_bytes * 8LL > get_bits_left(&s->gb)) {
+ av_log(avctx, AV_LOG_ERROR, "slice after bitstream end\n");
+ return AVERROR_INVALIDDATA;
+ }
- memcpy(s->slice_buf, s->bc.buffer + bitstream_tell(&s->bc) / 8, slice_bytes);
+ memcpy(s->slice_buf, s->gb.buffer + s->gb.index / 8, slice_bytes);
+
+ init_get_bits(&s->gb_slice, s->slice_buf, slice_bits);
if (s->watermark_key) {
- uint32_t header = AV_RL32(&s->bc_slice.buffer[1]);
- AV_WL32(&s->bc_slice.buffer[1], header ^ s->watermark_key);
+ uint32_t header = AV_RL32(&s->gb_slice.buffer[1]);
+ AV_WL32(&s->gb_slice.buffer[1], header ^ s->watermark_key);
}
if (length > 0) {
- memcpy(s->slice_buf, &s->slice_buf[slice_length], length - 1);
+ memmove(s->slice_buf, &s->slice_buf[slice_length], length - 1);
}
- bitstream_skip(&s->bc, slice_bytes * 8);
- bitstream_init(&s->bc_slice, s->slice_buf, slice_bits);
+ skip_bits_long(&s->gb, slice_bytes * 8);
}
- if ((slice_id = get_interleaved_ue_golomb(&s->bc_slice)) >= 3) {
+ if ((slice_id = get_interleaved_ue_golomb(&s->gb_slice)) >= 3) {
av_log(s->avctx, AV_LOG_ERROR, "illegal slice type %u \n", slice_id);
return -1;
}
More information about the ffmpeg-cvslog
mailing list