[FFmpeg-devel] [PATCH 1/2] avcodec/rangecoder: Do not increase the pointer beyond the buffer

[James Almer]

On 8/13/2017 7:15 PM, Michael Niedermayer wrote:
> Fixes: undefined behavior
> 
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
>  libavcodec/rangecoder.c | 1 +
>  libavcodec/rangecoder.h | 8 ++++++--
>  2 files changed, 7 insertions(+), 2 deletions(-)
> 
> diff --git a/libavcodec/rangecoder.c b/libavcodec/rangecoder.c
> index 0bb79c880e..0d53bef076 100644
> --- a/libavcodec/rangecoder.c
> +++ b/libavcodec/rangecoder.c
> @@ -58,6 +58,7 @@ av_cold void ff_init_range_decoder(RangeCoder *c, const uint8_t *buf,
>  
>      c->low         = AV_RB16(c->bytestream);
>      c->bytestream += 2;
> +    c->overread    = 0;
>      if (c->low >= 0xFF00) {
>          c->low = 0xFF00;
>          c->bytestream_end = c->bytestream;
> diff --git a/libavcodec/rangecoder.h b/libavcodec/rangecoder.h
> index c3e81d0dcb..44af88b8f5 100644
> --- a/libavcodec/rangecoder.h
> +++ b/libavcodec/rangecoder.h
> @@ -42,6 +42,8 @@ typedef struct RangeCoder {
>      uint8_t *bytestream_start;
>      uint8_t *bytestream;
>      uint8_t *bytestream_end;
> +    int overread;
> +#define MAX_OVERREAD 2
>  } RangeCoder;
>  
>  void ff_init_range_encoder(RangeCoder *c, uint8_t *buf, int buf_size);
> @@ -106,9 +108,11 @@ static inline void refill(RangeCoder *c)
>      if (c->range < 0x100) {
>          c->range <<= 8;
>          c->low   <<= 8;
> -        if (c->bytestream < c->bytestream_end)
> +        if (c->bytestream < c->bytestream_end) {
>              c->low += c->bytestream[0];
> -        c->bytestream++;
> +            c->bytestream++;
> +        } else
> +            c->overread ++;
>      }
>  }

Wouldn't it be better to port this to the bytestream2 reading api?