From 223d996aaf9f1668c28519d3d7eb756e6cdf3fcf Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 21 Apr 2009 12:00:39 +0000 Subject: [PATCH] Fix a possibly exploitable buffer overflow. Originally committed as revision 18640 to svn://svn.ffmpeg.org/ffmpeg/trunk --- libavcodec/ffv1.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libavcodec/ffv1.c b/libavcodec/ffv1.c index 86f2897434..9eef531d59 100644 --- a/libavcodec/ffv1.c +++ b/libavcodec/ffv1.c @@ -249,10 +249,9 @@ static inline int get_symbol(RangeCoder *c, uint8_t *state, int is_signed){ else{ int i, e, a; e= 0; - while(get_rac(c, state+1 + e)){ //1..10 + while(get_rac(c, state+1 + e) && e<9){ //1..10 e++; } - assert(e<=9); a= 1; for(i=e-1; i>=0; i--){