From: Ronald S. Bultje <rsbultje@gmail.com>
Date: Sat, 17 Mar 2012 15:58:48 +0000 (-0700)
Subject: h264: add overread protection to get_cabac_bypass_sign_x86().
X-Git-Tag: v9_beta1~2180
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=a0bdcb019e24f8a75ebef54289c4b8c015f77f41;p=platform%2Fupstream%2Flibav.git

h264: add overread protection to get_cabac_bypass_sign_x86().
---

diff --git a/libavcodec/x86/cabac.h b/libavcodec/x86/cabac.h
index b00652b..adf4fc3 100644
--- a/libavcodec/x86/cabac.h
+++ b/libavcodec/x86/cabac.h
@@ -105,7 +105,7 @@ static av_always_inline int get_cabac_bypass_sign_x86(CABACContext *c, int val)
 {
     x86_reg tmp;
     __asm__ volatile(
-        "movl        %a5(%2), %k1       \n\t"
+        "movl        %a6(%2), %k1       \n\t"
         "movl        %a3(%2), %%eax     \n\t"
         "shl             $17, %k1       \n\t"
         "add           %%eax, %%eax     \n\t"
@@ -122,9 +122,10 @@ static av_always_inline int get_cabac_bypass_sign_x86(CABACContext *c, int val)
         "movzwl         (%1), %%edx     \n\t"
         "bswap         %%edx            \n\t"
         "shrl            $15, %%edx     \n\t"
-        "add              $2, %1        \n\t"
         "addl          %%edx, %%eax     \n\t"
-        "mov              %1, %a4(%2)   \n\t"
+        "cmp         %a5(%2), %1        \n\t"
+        "jge              1f            \n\t"
+        "add"OPSIZE"      $2, %a4(%2)   \n\t"
         "1:                             \n\t"
         "movl          %%eax, %a3(%2)   \n\t"
 
@@ -132,6 +133,7 @@ static av_always_inline int get_cabac_bypass_sign_x86(CABACContext *c, int val)
         : "r"(c),
           "i"(offsetof(CABACContext, low)),
           "i"(offsetof(CABACContext, bytestream)),
+          "i"(offsetof(CABACContext, bytestream_end)),
           "i"(offsetof(CABACContext, range))
         : "%eax", "%edx", "memory"
     );