# HG changeset patch
# User michael
# Date 1089248001 0
# Node ID 48d9f86fb047460e0d0af38a28a1a89ea249f884
# Parent  4ea05f23730ba9f3f0d2feb7533203dbd8ffa1c0
overread fix

diff -r 4ea05f23730b -r 48d9f86fb047 cabac.c
--- a/cabac.c	Tue Jul 06 12:27:36 2004 +0000
+++ b/cabac.c	Thu Jul 08 00:53:21 2004 +0000
@@ -93,6 +93,7 @@
 void ff_init_cabac_decoder(CABACContext *c, const uint8_t *buf, int buf_size){
     c->bytestream_start= 
     c->bytestream= buf;
+    c->bytestream_end= buf + buf_size;
 
     c->low= *c->bytestream++;
     c->low= (c->low<<9) + ((*c->bytestream++)<<1);
diff -r 4ea05f23730b -r 48d9f86fb047 cabac.h
--- a/cabac.h	Tue Jul 06 12:27:36 2004 +0000
+++ b/cabac.h	Thu Jul 08 00:53:21 2004 +0000
@@ -39,6 +39,7 @@
     uint8_t mps_state[2*64];      ///< transIdxMPS
     const uint8_t *bytestream_start;
     const uint8_t *bytestream;
+    const uint8_t *bytestream_end;
     int bits_left;                ///<
     PutBitContext pb;
 }CABACContext;
@@ -253,7 +254,9 @@
         c->range+= c->range;
         c->low+= c->low;
         if(--c->bits_left == 0){
-            c->low+= *c->bytestream++;
+            if(c->bytestream < c->bytestream_end)
+                c->low+= *c->bytestream;
+            c->bytestream++;
             c->bits_left= 8;
         }
     }
@@ -298,7 +301,9 @@
     c->low += c->low;
 
     if(--c->bits_left == 0){
-        c->low+= *c->bytestream++;
+        if(c->bytestream < c->bytestream_end)
+            c->low+= *c->bytestream;
+        c->bytestream++;
         c->bits_left= 8;
     }
     
diff -r 4ea05f23730b -r 48d9f86fb047 h264.c
--- a/h264.c	Tue Jul 06 12:27:36 2004 +0000
+++ b/h264.c	Thu Jul 08 00:53:21 2004 +0000
@@ -5117,7 +5117,7 @@
         ff_init_cabac_states( &h->cabac, ff_h264_lps_range, ff_h264_mps_state, ff_h264_lps_state, 64 );
         ff_init_cabac_decoder( &h->cabac,
                                s->gb.buffer + get_bits_count(&s->gb)/8,
-                               ( s->gb.size_in_bits - get_bits_count(&s->gb) ) );
+                               ( s->gb.size_in_bits - get_bits_count(&s->gb) + 7)/8);
         /* calculate pre-state */
         for( i= 0; i < 399; i++ ) {
             int pre;
@@ -5149,7 +5149,7 @@
                 s->mb_y--;
             }
 
-            if( ret < 0 ) {
+            if( ret < 0 || h->cabac.bytestream > h->cabac.bytestream_end + 1) {
                 av_log(h->s.avctx, AV_LOG_ERROR, "error while decoding MB %d %d\n", s->mb_x, s->mb_y);
                 ff_er_add_slice(s, s->resync_mb_x, s->resync_mb_y, s->mb_x, s->mb_y, (AC_ERROR|DC_ERROR|MV_ERROR)&part_mask);
                 return -1;