vorbis: Reorder conditions to avoid possible overread

This can trigger a single-byte overread if the codebook has the maximum number of entries. Fixes #6743.
author: Mark Thompson <sw@jkqxz.net> 2017-10-17 22:25:46 +0100
committer: Mark Thompson <sw@jkqxz.net> 2017-10-18 20:06:01 +0100
commit: c37de519202ac2e5f20141673081b0e6b57ab983 (patch)
tree: 6a10b863a27c9fb04c23177bd73a17293bcbd191
parent: 242d8c8763d86f27ad3d63a4d48deccbb133c6c7 (diff)
download: ffmpeg-c37de519202ac2e5f20141673081b0e6b57ab983.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/libavcodec/vorbis.c b/libavcodec/vorbis.c
index 399020eec5..ce23b947f0 100644
--- a/libavcodec/vorbis.c
+++ b/libavcodec/vorbis.c
@@ -58,7 +58,7 @@ int ff_vorbis_len2vlc(uint8_t *bits, uint32_t *codes, unsigned num)
     uint32_t exit_at_level[33] = { 404 };
     unsigned i, j, p, code;
 
-    for (p = 0; (bits[p] == 0) && (p < num); ++p)
+    for (p = 0; (p < num) && (bits[p] == 0); ++p)
         ;
     if (p == num)
         return 0;
@@ -71,7 +71,7 @@ int ff_vorbis_len2vlc(uint8_t *bits, uint32_t *codes, unsigned num)
 
     ++p;
 
-    for (i = p; (bits[i] == 0) && (i < num); ++i)
+    for (i = p; (i < num) && (bits[i] == 0); ++i)
         ;
     if (i == num)
         return 0;
author	Mark Thompson <sw@jkqxz.net>	2017-10-17 22:25:46 +0100
committer	Mark Thompson <sw@jkqxz.net>	2017-10-18 20:06:01 +0100
commit	c37de519202ac2e5f20141673081b0e6b57ab983 (patch)
tree	6a10b863a27c9fb04c23177bd73a17293bcbd191
parent	242d8c8763d86f27ad3d63a4d48deccbb133c6c7 (diff)
download	ffmpeg-c37de519202ac2e5f20141673081b0e6b57ab983.tar.gz