diff options
| author | Reimar Döffinger <Reimar.Doeffinger@gmx.de> | 2011-02-19 11:33:01 +0100 |
|---|---|---|
| committer | Reinhard Tartler <siretart@tauware.de> | 2011-03-18 17:01:08 +0100 |
| commit | cf69619141a5742c4e4156177335d553c5bab7b6 (patch) | |
| tree | 74ae94d79ac1d0d8493b2bc428d1e1025b612688 | |
| parent | 2d782b964624fd454151e3f8ac9b6718f665466c (diff) | |
| download | ffmpeg-cf69619141a5742c4e4156177335d553c5bab7b6.tar.gz | |
Fix invalid reads in VC1 decoder
Patch discussed and taken from https://roundup.ffmpeg.org/issue2584
(cherry picked from commit 2bbec1eda46d907605772a8b6e8263caa4bc4c82)
Change related to CVE-2011-0723
| -rw-r--r-- | libavcodec/vc1dec.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/vc1dec.c b/libavcodec/vc1dec.c index 52392c3f76..abcc5ecda8 100644 --- a/libavcodec/vc1dec.c +++ b/libavcodec/vc1dec.c @@ -1365,7 +1365,7 @@ static void vc1_decode_ac_coeff(VC1Context *v, int *last, int *skip, int *value, if (index != vc1_ac_sizes[codingset] - 1) { run = vc1_index_decode_table[codingset][index][0]; level = vc1_index_decode_table[codingset][index][1]; - lst = index >= vc1_last_decode_table[codingset]; + lst = index >= vc1_last_decode_table[codingset] || get_bits_left(gb) < 0; if(get_bits1(gb)) level = -level; } else { |