mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2024-12-23 12:43:46 +02:00
cavsdec: check for value in get_ue_code()
Fixes integer overflow and prints an error in case the value is invalid. Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
parent
77b740ac0a
commit
cf48b00640
@ -510,11 +510,15 @@ static inline void mv_pred_sym(AVSContext *h, cavs_vector *src,
|
||||
/** kth-order exponential golomb code */
|
||||
static inline int get_ue_code(GetBitContext *gb, int order)
|
||||
{
|
||||
if (order) {
|
||||
int ret = get_ue_golomb(gb) << order;
|
||||
return ret + get_bits(gb, order);
|
||||
unsigned ret = get_ue_golomb(gb);
|
||||
if (ret >= ((1U<<31)>>order)) {
|
||||
av_log(NULL, AV_LOG_ERROR, "get_ue_code: value too larger\n");
|
||||
return AVERROR_INVALIDDATA;
|
||||
}
|
||||
return get_ue_golomb(gb);
|
||||
if (order) {
|
||||
return (ret<<order) + get_bits(gb, order);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
static inline int dequant(AVSContext *h, int16_t *level_buf, uint8_t *run_buf,
|
||||
|
Loading…
Reference in New Issue
Block a user