h264: fix overreads in cabac reader.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org
2025-07-11 14:30:22 +02:00 · 2012-03-16 21:56:40 -07:00
parent d360dd902c
commit 7374fac804
1 changed files with 4 additions and 2 deletions
--- a/libavcodec/cabac_functions.h
+++ b/libavcodec/cabac_functions.h
@ -47,6 +47,7 @@ static void refill(CABACContext *c){
        c->low+= c->bytestream[0]<<1;
 #endif
    c->low -= CABAC_MASK;
+    if (c->bytestream < c->bytestream_end)
        c->bytestream += CABAC_BITS / 8;
 }

@ -74,6 +75,7 @@ static void refill2(CABACContext *c){
 #endif

    c->low += x<<i;
+    if (c->bytestream < c->bytestream_end)
        c->bytestream += CABAC_BITS/8;
 }