diracdec: Correct the bytestream end pointer.

This fixes some arith decoder overreads and a potential infinite loop. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer <michaelni@gmx.at> 2012-03-06 19:13:55 +0100
committer: Michael Niedermayer <michaelni@gmx.at> 2012-03-06 19:13:55 +0100
commit: 0f13cc732b3752828890b8dff507615cfd454336 (patch)
tree: 62d719aba4921ffa9b9fa76b9010bcc3de888915 /libavcodec/diracdec.c
parent: f095391a140ed3f379e1fb16605fac821c3e6660 (diff)
download: ffmpeg-0f13cc732b3752828890b8dff507615cfd454336.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c
index b9effd1b8b..f9aace9567 100644
--- a/libavcodec/diracdec.c
+++ b/libavcodec/diracdec.c
@@ -625,7 +625,7 @@ static void decode_component(DiracContext *s, int comp)
                 b->quant = svq3_get_ue_golomb(&s->gb);
                 align_get_bits(&s->gb);
                 b->coeff_data = s->gb.buffer + get_bits_count(&s->gb)/8;
-                b->length = FFMIN(b->length, get_bits_left(&s->gb)/8);
+                b->length = FFMIN(b->length, FFMAX(get_bits_left(&s->gb)/8, 0));
                 skip_bits_long(&s->gb, b->length*8);
             }
         }
author	Michael Niedermayer <michaelni@gmx.at>	2012-03-06 19:13:55 +0100
committer	Michael Niedermayer <michaelni@gmx.at>	2012-03-06 19:13:55 +0100
commit	0f13cc732b3752828890b8dff507615cfd454336 (patch)
tree	62d719aba4921ffa9b9fa76b9010bcc3de888915 /libavcodec/diracdec.c
parent	f095391a140ed3f379e1fb16605fac821c3e6660 (diff)
download	ffmpeg-0f13cc732b3752828890b8dff507615cfd454336.tar.gz