qdm2_fft_decode_tones: fix infinite loop

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer <michaelni@gmx.at> 2012-04-15 16:30:17 +0200
committer: Michael Niedermayer <michaelni@gmx.at> 2012-04-15 17:01:38 +0200
commit: 20335598f2a08e92ae8f098f62f6311d42ebd55b (patch)
tree: afa1a216196cc5832697b9311a3aabfcdf6e4db7
parent: 1a974679d097e878401cc1a425c3ed612be1581e (diff)
download: ffmpeg-20335598f2a08e92ae8f098f62f6311d42ebd55b.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/libavcodec/qdm2.c b/libavcodec/qdm2.c
index 0ba457d81e..c38282fdf2 100644
--- a/libavcodec/qdm2.c
+++ b/libavcodec/qdm2.c
@@ -1358,6 +1358,10 @@ static void qdm2_fft_decode_tones (QDM2Context *q, int duration, GetBitContext *
     while (get_bits_left(gb)>0) {
         if (q->superblocktype_2_3) {
             while ((n = qdm2_get_vlc(gb, &vlc_tab_fft_tone_offset[local_int_8], 1, 2)) < 2) {
+                if (get_bits_left(gb)<0) {
+                    av_log(0, AV_LOG_ERROR, "overread in qdm2_fft_decode_tones()\n");
+                    return;
+                }
                 offset = 1;
                 if (n == 0) {
                     local_int_4 += local_int_10;
author	Michael Niedermayer <michaelni@gmx.at>	2012-04-15 16:30:17 +0200
committer	Michael Niedermayer <michaelni@gmx.at>	2012-04-15 17:01:38 +0200
commit	20335598f2a08e92ae8f098f62f6311d42ebd55b (patch)
tree	afa1a216196cc5832697b9311a3aabfcdf6e4db7
parent	1a974679d097e878401cc1a425c3ed612be1581e (diff)
download	ffmpeg-20335598f2a08e92ae8f098f62f6311d42ebd55b.tar.gz