diff options
author | Alex Converse <alex.converse@gmail.com> | 2011-11-17 10:06:14 -0800 |
---|---|---|
committer | Michael Niedermayer <michaelni@gmx.at> | 2011-11-18 14:29:52 +0100 |
commit | f62fa1ce9f12e4a43b41401a7416c6fa8da579c9 (patch) | |
tree | 08fddc02144726d9007c8bd6993bcf0cca9ed4d4 | |
parent | 8a63deab15ef41fd439be1b46d8dcb73669ccfc1 (diff) | |
download | ffmpeg-f62fa1ce9f12e4a43b41401a7416c6fa8da579c9.tar.gz |
vp5: Fix illegal read.
Found with Address Sanitizer
(cherry picked from commit bb4b0ad83b13c3af57675e80163f3f333adef96f)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
-rw-r--r-- | libavcodec/vp5.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/libavcodec/vp5.c b/libavcodec/vp5.c index f1b0169ae1..47a82e0253 100644 --- a/libavcodec/vp5.c +++ b/libavcodec/vp5.c @@ -183,7 +183,8 @@ static void vp5_parse_coeff(VP56Context *s) model1 = model->coeff_dccv[pt]; model2 = model->coeff_dcct[pt][ctx]; - for (coeff_idx=0; coeff_idx<64; ) { + coeff_idx = 0; + for (;;) { if (vp56_rac_get_prob(c, model2[0])) { if (vp56_rac_get_prob(c, model2[2])) { if (vp56_rac_get_prob(c, model2[3])) { @@ -220,8 +221,11 @@ static void vp5_parse_coeff(VP56Context *s) ct = 0; s->coeff_ctx[vp56_b6to4[b]][coeff_idx] = 0; } + coeff_idx++; + if (coeff_idx >= 64) + break; - cg = vp5_coeff_groups[++coeff_idx]; + cg = vp5_coeff_groups[coeff_idx]; ctx = s->coeff_ctx[vp56_b6to4[b]][coeff_idx]; model1 = model->coeff_ract[pt][ct][cg]; model2 = cg > 2 ? model1 : model->coeff_acct[pt][ct][cg][ctx]; |