virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-08-15 14:13:16 +02:00
Code Issues Releases Activity

cavsdec: check for value in get_ue_code()

Browse Source 
Fixes integer overflow and prints an error in case the value is
invalid.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer
2013-01-24 21:55:12 +01:00
parent 77b740ac0a
commit cf48b00640
1 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
libavcodec/cavsdec.c
View File

@@ -510,11 +510,15 @@ static inline void mv_pred_sym(AVSContext *h, cavs_vector *src,
/** kth-order exponential golomb code */ /** kth-order exponential golomb code */
static inline int get_ue_code(GetBitContext *gb, int order) static inline int get_ue_code(GetBitContext *gb, int order)
{ {
if (order) { unsigned ret = get_ue_golomb(gb);
int ret = get_ue_golomb(gb) << order; if (ret >= ((1U<<31)>>order)) {
return ret + get_bits(gb, order); av_log(NULL, AV_LOG_ERROR, "get_ue_code: value too larger\n");
return AVERROR_INVALIDDATA;
} }
return get_ue_golomb(gb); if (order) {
return (ret<<order) + get_bits(gb, order);
}
return ret;
} }
static inline int dequant(AVSContext *h, int16_t *level_buf, uint8_t *run_buf, static inline int dequant(AVSContext *h, int16_t *level_buf, uint8_t *run_buf,