From c4cccc8d3f6605c5fdd73723a865486c5b7fb117 Mon Sep 17 00:00:00 2001 From: Mans Rullgard Date: Fri, 26 Oct 2012 21:18:33 +0100 Subject: [PATCH] h264: fix invalid pointer arithmetic Subtracting a (positive) value from the address of an array violates C99 section 6.5.6: If both the pointer operand and the result point to elements of the same array object, or one past the last element of the array object, the evaluation shall not produce an overflow; otherwise, the behavior is undefined. Signed-off-by: Mans Rullgard --- libavcodec/h264_cavlc.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/libavcodec/h264_cavlc.c b/libavcodec/h264_cavlc.c index 8996057c31..87021229d4 100644 --- a/libavcodec/h264_cavlc.c +++ b/libavcodec/h264_cavlc.c @@ -566,13 +566,13 @@ static int decode_residual(H264Context *h, GetBitContext *gb, DCTELEM *block, in else{ if (max_coeff <= 8) { if (max_coeff == 4) - zeros_left = get_vlc2(gb, (chroma_dc_total_zeros_vlc-1)[total_coeff].table, + zeros_left = get_vlc2(gb, chroma_dc_total_zeros_vlc[total_coeff - 1].table, CHROMA_DC_TOTAL_ZEROS_VLC_BITS, 1); else - zeros_left = get_vlc2(gb, (chroma422_dc_total_zeros_vlc-1)[total_coeff].table, + zeros_left = get_vlc2(gb, chroma422_dc_total_zeros_vlc[total_coeff - 1].table, CHROMA422_DC_TOTAL_ZEROS_VLC_BITS, 1); } else { - zeros_left= get_vlc2(gb, (total_zeros_vlc-1)[ total_coeff ].table, TOTAL_ZEROS_VLC_BITS, 1); + zeros_left= get_vlc2(gb, total_zeros_vlc[total_coeff - 1].table, TOTAL_ZEROS_VLC_BITS, 1); } } @@ -582,7 +582,7 @@ static int decode_residual(H264Context *h, GetBitContext *gb, DCTELEM *block, in ((type*)block)[*scantable] = level[0]; \ for(i=1;i 0;i++) { \ if(zeros_left < 7) \ - run_before= get_vlc2(gb, (run_vlc-1)[zeros_left].table, RUN_VLC_BITS, 1); \ + run_before= get_vlc2(gb, run_vlc[zeros_left - 1].table, RUN_VLC_BITS, 1); \ else \ run_before= get_vlc2(gb, run7_vlc.table, RUN7_VLC_BITS, 2); \ zeros_left -= run_before; \ @@ -597,7 +597,7 @@ static int decode_residual(H264Context *h, GetBitContext *gb, DCTELEM *block, in ((type*)block)[*scantable] = ((int)(level[0] * qmul[*scantable] + 32))>>6; \ for(i=1;i 0;i++) { \ if(zeros_left < 7) \ - run_before= get_vlc2(gb, (run_vlc-1)[zeros_left].table, RUN_VLC_BITS, 1); \ + run_before= get_vlc2(gb, run_vlc[zeros_left - 1].table, RUN_VLC_BITS, 1); \ else \ run_before= get_vlc2(gb, run7_vlc.table, RUN7_VLC_BITS, 2); \ zeros_left -= run_before; \