aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRonald S. Bultje <rsbultje@gmail.com>2012-03-16 21:56:40 -0700
committerRonald S. Bultje <rsbultje@gmail.com>2012-03-28 08:01:28 -0700
commit7374fac80406d6c1a67a0e3265cfe6dfcc51ce61 (patch)
tree59bfddefc944a8ef5942e591bea8ac0f2f352dcc
parentd360dd902c602aea2d634a0091cc7754eab4839e (diff)
downloadffmpeg-7374fac80406d6c1a67a0e3265cfe6dfcc51ce61.tar.gz
h264: fix overreads in cabac reader.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org
-rw-r--r--libavcodec/cabac_functions.h6
1 files changed, 4 insertions, 2 deletions
diff --git a/libavcodec/cabac_functions.h b/libavcodec/cabac_functions.h
index b150aabcc4..4c74cf7b23 100644
--- a/libavcodec/cabac_functions.h
+++ b/libavcodec/cabac_functions.h
@@ -47,7 +47,8 @@ static void refill(CABACContext *c){
c->low+= c->bytestream[0]<<1;
#endif
c->low -= CABAC_MASK;
- c->bytestream+= CABAC_BITS/8;
+ if (c->bytestream < c->bytestream_end)
+ c->bytestream += CABAC_BITS / 8;
}
static inline void renorm_cabac_decoder_once(CABACContext *c){
@@ -74,7 +75,8 @@ static void refill2(CABACContext *c){
#endif
c->low += x<<i;
- c->bytestream+= CABAC_BITS/8;
+ if (c->bytestream < c->bytestream_end)
+ c->bytestream += CABAC_BITS/8;
}
static av_always_inline int get_cabac_inline(CABACContext *c, uint8_t * const state){