1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-11-21 10:55:51 +02:00

vp56dec: ensure range coder won't read past the end of input buffer

Originally committed as revision 19348 to svn://svn.ffmpeg.org/ffmpeg/trunk
This commit is contained in:
Aurelien Jacobs 2009-07-05 15:23:42 +00:00
parent 5be5daf1e5
commit 7576516a7e

View File

@ -50,6 +50,7 @@ typedef struct {
int high;
int bits;
const uint8_t *buffer;
const uint8_t *end;
unsigned long code_word;
} VP56RangeCoder;
@ -185,6 +186,7 @@ static inline void vp56_init_range_decoder(VP56RangeCoder *c,
c->high = 255;
c->bits = 8;
c->buffer = buf;
c->end = buf + buf_size;
c->code_word = bytestream_get_be16(&c->buffer);
}
@ -205,7 +207,7 @@ static inline int vp56_rac_get_prob(VP56RangeCoder *c, uint8_t prob)
while (c->high < 128) {
c->high <<= 1;
c->code_word <<= 1;
if (--c->bits == 0) {
if (--c->bits == 0 && c->buffer < c->end) {
c->bits = 8;
c->code_word |= *c->buffer++;
}
@ -228,7 +230,7 @@ static inline int vp56_rac_get(VP56RangeCoder *c)
/* normalize */
c->code_word <<= 1;
if (--c->bits == 0) {
if (--c->bits == 0 && c->buffer < c->end) {
c->bits = 8;
c->code_word |= *c->buffer++;
}