[FFmpeg-cvslog] on2avc: limit number of bits to 30 in get_egolomb
    Andreas Cadhalpun 
    git at videolan.org
       
    Sun Dec 20 16:28:21 CET 2015
    
    
  
ffmpeg | branch: release/2.4 | Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com> | Wed Dec 16 16:48:19 2015 +0100| [e32095807b86480dfa5395972f7734990e27c146] | committer: Andreas Cadhalpun
on2avc: limit number of bits to 30 in get_egolomb
More don't fit into the integer output.
Also use get_bits_long, since get_bits only supports reading up to 25
bits, while get_bits_long supports the full integer range.
Reviewed-by: Michael Niedermayer <michael at niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
(cherry picked from commit 4d5c3b02e9d2c9a630ca433fabca43285879e0b8)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e32095807b86480dfa5395972f7734990e27c146
---
 libavcodec/on2avc.c |   11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/libavcodec/on2avc.c b/libavcodec/on2avc.c
index c864e14..c4e45af 100644
--- a/libavcodec/on2avc.c
+++ b/libavcodec/on2avc.c
@@ -211,9 +211,16 @@ static inline int get_egolomb(GetBitContext *gb)
 {
     int v = 4;
 
-    while (get_bits1(gb)) v++;
+    while (get_bits1(gb)) {
+        v++;
+        if (v > 30) {
+            av_log(NULL, AV_LOG_WARNING, "Too large golomb code in get_egolomb.\n");
+            v = 30;
+            break;
+        }
+    }
 
-    return (1 << v) + get_bits(gb, v);
+    return (1 << v) + get_bits_long(gb, v);
 }
 
 static int on2avc_decode_pairs(On2AVCContext *c, GetBitContext *gb, float *dst,
    
    
More information about the ffmpeg-cvslog
mailing list