[FFmpeg-cvslog] avcodec/siren: prevent getbitcontext overread

Peter Ross git at videolan.org
Tue Sep 28 14:39:47 EEST 2021


ffmpeg | branch: master | Peter Ross <pross at xvid.org> | Sat Sep 18 19:55:03 2021 +1000| [b007e8968f2072b9e8076d0ab474ad944fc07ade] | committer: Peter Ross

avcodec/siren: prevent getbitcontext overread

Reviewed-by: Michael Niedermayer <michael at niedermayer.cc>
Signed-off-by: Peter Ross <pross at xvid.org>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b007e8968f2072b9e8076d0ab474ad944fc07ade
---

 libavcodec/siren.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/libavcodec/siren.c b/libavcodec/siren.c
index 7f2b467860..27ee356c44 100644
--- a/libavcodec/siren.c
+++ b/libavcodec/siren.c
@@ -608,12 +608,16 @@ static int decode_vector(SirenContext *s, int number_of_regions,
 
                 index >>= 1;
 
-                if (error == 0 && get_bits_left(gb) >= 0) {
+                if (error == 0) {
                     for (j = 0; j < vector_dimension[category]; j++) {
                         decoded_value = mlt_quant[category][index & ((1 << index_table[category]) - 1)];
                         index >>= index_table[category];
 
                         if (decoded_value) {
+                            if (get_bits_left(gb) <= 0) {
+                                error = 1;
+                                break;
+                            }
                             if (!get_bits1(gb))
                                 decoded_value *= -decoder_standard_deviation[region];
                             else



More information about the ffmpeg-cvslog mailing list