Mercurial > libavcodec.hg
changeset 2116:48d9f86fb047 libavcodec
overread fix
author | michael |
---|---|
date | Thu, 08 Jul 2004 00:53:21 +0000 |
parents | 4ea05f23730b |
children | a21b80c71d88 |
files | cabac.c cabac.h h264.c |
diffstat | 3 files changed, 10 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/cabac.c Tue Jul 06 12:27:36 2004 +0000 +++ b/cabac.c Thu Jul 08 00:53:21 2004 +0000 @@ -93,6 +93,7 @@ void ff_init_cabac_decoder(CABACContext *c, const uint8_t *buf, int buf_size){ c->bytestream_start= c->bytestream= buf; + c->bytestream_end= buf + buf_size; c->low= *c->bytestream++; c->low= (c->low<<9) + ((*c->bytestream++)<<1);
--- a/cabac.h Tue Jul 06 12:27:36 2004 +0000 +++ b/cabac.h Thu Jul 08 00:53:21 2004 +0000 @@ -39,6 +39,7 @@ uint8_t mps_state[2*64]; ///< transIdxMPS const uint8_t *bytestream_start; const uint8_t *bytestream; + const uint8_t *bytestream_end; int bits_left; ///< PutBitContext pb; }CABACContext; @@ -253,7 +254,9 @@ c->range+= c->range; c->low+= c->low; if(--c->bits_left == 0){ - c->low+= *c->bytestream++; + if(c->bytestream < c->bytestream_end) + c->low+= *c->bytestream; + c->bytestream++; c->bits_left= 8; } } @@ -298,7 +301,9 @@ c->low += c->low; if(--c->bits_left == 0){ - c->low+= *c->bytestream++; + if(c->bytestream < c->bytestream_end) + c->low+= *c->bytestream; + c->bytestream++; c->bits_left= 8; }
--- a/h264.c Tue Jul 06 12:27:36 2004 +0000 +++ b/h264.c Thu Jul 08 00:53:21 2004 +0000 @@ -5117,7 +5117,7 @@ ff_init_cabac_states( &h->cabac, ff_h264_lps_range, ff_h264_mps_state, ff_h264_lps_state, 64 ); ff_init_cabac_decoder( &h->cabac, s->gb.buffer + get_bits_count(&s->gb)/8, - ( s->gb.size_in_bits - get_bits_count(&s->gb) ) ); + ( s->gb.size_in_bits - get_bits_count(&s->gb) + 7)/8); /* calculate pre-state */ for( i= 0; i < 399; i++ ) { int pre; @@ -5149,7 +5149,7 @@ s->mb_y--; } - if( ret < 0 ) { + if( ret < 0 || h->cabac.bytestream > h->cabac.bytestream_end + 1) { av_log(h->s.avctx, AV_LOG_ERROR, "error while decoding MB %d %d\n", s->mb_x, s->mb_y); ff_er_add_slice(s, s->resync_mb_x, s->resync_mb_y, s->mb_x, s->mb_y, (AC_ERROR|DC_ERROR|MV_ERROR)&part_mask); return -1;