[FFmpeg-cvslog] on2avc: limit number of bits to 30 in get_egolomb

Andreas Cadhalpun git at videolan.org
Sun Dec 20 15:24:14 CET 2015


ffmpeg | branch: release/2.6 | Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com> | Wed Dec 16 16:48:19 2015 +0100| [564e63a0334f12ea3fbfde45d8e86be47792b3aa] | committer: Andreas Cadhalpun

on2avc: limit number of bits to 30 in get_egolomb

More don't fit into the integer output.

Also use get_bits_long, since get_bits only supports reading up to 25
bits, while get_bits_long supports the full integer range.

Reviewed-by: Michael Niedermayer <michael at niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
(cherry picked from commit 4d5c3b02e9d2c9a630ca433fabca43285879e0b8)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=564e63a0334f12ea3fbfde45d8e86be47792b3aa
---

 libavcodec/on2avc.c |   11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/libavcodec/on2avc.c b/libavcodec/on2avc.c
index 1d8fcbc..9ca716c 100644
--- a/libavcodec/on2avc.c
+++ b/libavcodec/on2avc.c
@@ -211,9 +211,16 @@ static inline int get_egolomb(GetBitContext *gb)
 {
     int v = 4;
 
-    while (get_bits1(gb)) v++;
+    while (get_bits1(gb)) {
+        v++;
+        if (v > 30) {
+            av_log(NULL, AV_LOG_WARNING, "Too large golomb code in get_egolomb.\n");
+            v = 30;
+            break;
+        }
+    }
 
-    return (1 << v) + get_bits(gb, v);
+    return (1 << v) + get_bits_long(gb, v);
 }
 
 static int on2avc_decode_pairs(On2AVCContext *c, GetBitContext *gb, float *dst,



More information about the ffmpeg-cvslog mailing list