Mercurial > libavcodec.hg

changeset 9919:c7c1c6b35a73 libavcodec

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
vp56dec: ensure range coder won't read past the end of input buffer
author aurel
date Sun, 05 Jul 2009 15:23:42 +0000
parents de14016e0b2d
children 8332746a9db9
files vp56.h
diffstat 1 files changed, 4 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/vp56.h	Sun Jul 05 12:14:05 2009 +0000
+++ b/vp56.h	Sun Jul 05 15:23:42 2009 +0000
@@ -50,6 +50,7 @@
     int high;
     int bits;
     const uint8_t *buffer;
+    const uint8_t *end;
     unsigned long code_word;
 } VP56RangeCoder;
 
@@ -185,6 +186,7 @@
     c->high = 255;
     c->bits = 8;
     c->buffer = buf;
+    c->end = buf + buf_size;
     c->code_word = bytestream_get_be16(&c->buffer);
 }
 
@@ -205,7 +207,7 @@
     while (c->high < 128) {
         c->high <<= 1;
         c->code_word <<= 1;
-        if (--c->bits == 0) {
+        if (--c->bits == 0 && c->buffer < c->end) {
             c->bits = 8;
             c->code_word |= *c->buffer++;
         }
@@ -228,7 +230,7 @@
 
     /* normalize */
     c->code_word <<= 1;
-    if (--c->bits == 0) {
+    if (--c->bits == 0 && c->buffer < c->end) {
         c->bits = 8;
         c->code_word |= *c->buffer++;
     }