h264: fix overreads in cabac reader.

author Ronald S. Bultje <rsbultje@gmail.com>

Sat, 17 Mar 2012 04:56:40 +0000 (21:56 -0700)

committer Ronald S. Bultje <rsbultje@gmail.com>

Wed, 28 Mar 2012 15:01:28 +0000 (08:01 -0700)
author Ronald S. Bultje <rsbultje@gmail.com>
Sat, 17 Mar 2012 04:56:40 +0000 (21:56 -0700)
committer Ronald S. Bultje <rsbultje@gmail.com>
Wed, 28 Mar 2012 15:01:28 +0000 (08:01 -0700)
diff --git a/libavcodec/cabac_functions.h b/libavcodec/cabac_functions.h

index b150aabcc44200e61b3c5d779b057a2aaef1198e..4c74cf7b2316c994f2d611b25d909bdd53fc9405 100644 (file)
--- a/libavcodec/cabac_functions.h
+++ b/libavcodec/cabac_functions.h
@@ -47,7 +47,8 @@ static void refill(CABACContext *c){
          c->low+= c->bytestream[0]<<1;
  #endif
      c->low -= CABAC_MASK;
-    c->bytestream+= CABAC_BITS/8;
+    if (c->bytestream < c->bytestream_end)
+        c->bytestream += CABAC_BITS / 8;
  }
  
  static inline void renorm_cabac_decoder_once(CABACContext *c){
@@ -74,7 +75,8 @@ static void refill2(CABACContext *c){
  #endif
  
      c->low += x<<i;
-    c->bytestream+= CABAC_BITS/8;
+    if (c->bytestream < c->bytestream_end)
+        c->bytestream += CABAC_BITS/8;
  }
  
  static av_always_inline int get_cabac_inline(CABACContext *c, uint8_t * const state){
author	Ronald S. Bultje <rsbultje@gmail.com>
	Sat, 17 Mar 2012 04:56:40 +0000 (21:56 -0700)
committer	Ronald S. Bultje <rsbultje@gmail.com>
	Wed, 28 Mar 2012 15:01:28 +0000 (08:01 -0700)