[SCM] libav/experimental: Check level_prefix a bit (this just checks the max our bitreader can handle, as i did nt find a limit in the spec) This should stop cavlc_decode_residual() on a zero bitstream
siretart at users.alioth.debian.org
siretart at users.alioth.debian.org
Sun Jun 30 17:04:01 UTC 2013
The following commit has been merged in the experimental branch:
commit 9885284c2259847b0d2b34b5574e3276607e37e4
Author: Michael Niedermayer <michaelni at gmx.at>
Date: Wed Mar 10 09:55:03 2010 +0000
Check level_prefix a bit (this just checks the max our bitreader can handle,
as i did nt find a limit in the spec)
This should stop cavlc_decode_residual() on a zero bitstream
Originally committed as revision 22429 to svn://svn.ffmpeg.org/ffmpeg/trunk
diff --git a/libavcodec/h264_cavlc.c b/libavcodec/h264_cavlc.c
index ef92218..7da645d 100644
--- a/libavcodec/h264_cavlc.c
+++ b/libavcodec/h264_cavlc.c
@@ -431,8 +431,13 @@ static int decode_residual(H264Context *h, GetBitContext *gb, DCTELEM *block, in
level_code= prefix + get_bits(gb, 4); //part
}else{
level_code= 30 + get_bits(gb, prefix-3); //part
- if(prefix>=16)
+ if(prefix>=16){
+ if(prefix > 25+3){
+ av_log(h->s.avctx, AV_LOG_ERROR, "Invalid level prefix\n");
+ return -1;
+ }
level_code += (1<<(prefix-3))-4096;
+ }
}
if(trailing_ones < 3) level_code += 2;
--
Libav/FFmpeg packaging
More information about the pkg-multimedia-commits
mailing list