[FFmpeg-devel] [PATCH 1/3] avcodec/siren: prevent getbitcontext overread
Peter Ross
pross at xvid.org
Sat Sep 25 11:33:26 EEST 2021
On Sat, Sep 18, 2021 at 08:01:38PM +1000, Peter Ross wrote:
> ---
> libavcodec/siren.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/libavcodec/siren.c b/libavcodec/siren.c
> index 2161b29a2c..3b0ad7b642 100644
> --- a/libavcodec/siren.c
> +++ b/libavcodec/siren.c
> @@ -608,12 +608,16 @@ static int decode_vector(SirenContext *s, int number_of_regions,
>
> index >>= 1;
>
> - if (error == 0 && get_bits_left(gb) >= 0) {
> + if (error == 0) {
> for (j = 0; j < vector_dimension[category]; j++) {
> decoded_value = mlt_quant[category][index & ((1 << index_table[category]) - 1)];
> index >>= index_table[category];
>
> if (decoded_value) {
> + if (get_bits_left(gb) <= 0) {
> + error = 1;
> + break;
> + }
> if (!get_bits1(gb))
> decoded_value *= -decoder_standard_deviation[region];
> else
ping
-- Peter
(A907 E02F A6E5 0CD2 34CD 20D2 6760 79C5 AC40 DD6B)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20210925/425e18ca/attachment.sig>
More information about the ffmpeg-devel
mailing list