projects
/
platform
/
upstream
/
libav.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
2d1309c
)
h264_cabac: Break infinite loops
author
Michael Niedermayer
<michaelni@gmx.at>
Thu, 31 Jan 2013 03:20:24 +0000
(
04:20
+0100)
committer
Vittorio Giovara
<vittorio.giovara@gmail.com>
Sun, 22 Feb 2015 23:49:34 +0000
(23:49 +0000)
This fixes out of array reads and/or infinite loops.
30 is the maximum number of bits that can be read into
coeff_abs below.
CC: libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Martin Storsjö <martin@martin.st>
libavcodec/h264_cabac.c
patch
|
blob
|
history
diff --git
a/libavcodec/h264_cabac.c
b/libavcodec/h264_cabac.c
index
f1ab97a
..
cce6450
100644
(file)
--- a/
libavcodec/h264_cabac.c
+++ b/
libavcodec/h264_cabac.c
@@
-1711,7
+1711,7
@@
decode_cabac_residual_internal(H264Context *h, int16_t *block,
\
if( coeff_abs >= 15 ) { \
int j = 0; \
- while
( get_cabac_bypass( CC )
) { \
+ while
(get_cabac_bypass(CC) && j < 30
) { \
j++; \
} \
\