aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlex Converse <alex.converse@gmail.com>2011-11-17 10:06:14 -0800
committerMichael Niedermayer <michaelni@gmx.at>2011-11-18 14:29:52 +0100
commitf62fa1ce9f12e4a43b41401a7416c6fa8da579c9 (patch)
tree08fddc02144726d9007c8bd6993bcf0cca9ed4d4
parent8a63deab15ef41fd439be1b46d8dcb73669ccfc1 (diff)
downloadffmpeg-f62fa1ce9f12e4a43b41401a7416c6fa8da579c9.tar.gz
vp5: Fix illegal read.
Found with Address Sanitizer (cherry picked from commit bb4b0ad83b13c3af57675e80163f3f333adef96f) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
-rw-r--r--libavcodec/vp5.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/libavcodec/vp5.c b/libavcodec/vp5.c
index f1b0169ae1..47a82e0253 100644
--- a/libavcodec/vp5.c
+++ b/libavcodec/vp5.c
@@ -183,7 +183,8 @@ static void vp5_parse_coeff(VP56Context *s)
model1 = model->coeff_dccv[pt];
model2 = model->coeff_dcct[pt][ctx];
- for (coeff_idx=0; coeff_idx<64; ) {
+ coeff_idx = 0;
+ for (;;) {
if (vp56_rac_get_prob(c, model2[0])) {
if (vp56_rac_get_prob(c, model2[2])) {
if (vp56_rac_get_prob(c, model2[3])) {
@@ -220,8 +221,11 @@ static void vp5_parse_coeff(VP56Context *s)
ct = 0;
s->coeff_ctx[vp56_b6to4[b]][coeff_idx] = 0;
}
+ coeff_idx++;
+ if (coeff_idx >= 64)
+ break;
- cg = vp5_coeff_groups[++coeff_idx];
+ cg = vp5_coeff_groups[coeff_idx];
ctx = s->coeff_ctx[vp56_b6to4[b]][coeff_idx];
model1 = model->coeff_ract[pt][ct][cg];
model2 = cg > 2 ? model1 : model->coeff_acct[pt][ct][cg][ctx];