falkTX
/
FFmpeg
mirror of https://github.com/falkTX/FFmpeg.git
1
0
Fork 0
Code Issues 0 Releases 338 Wiki Activity
Browse Source

diracdec: fix unchecked byte length 

Also drops the start variable since it's redundant.
Found by Coverity, fixes CID1363964

Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>
tags/n3.2
Rostislav Pehlivanov 9 years ago
parent
b2b12b2d4a
commit
000eb01a7d
1 changed files with 2 additions and 3 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +2
    -3
      libavcodec/diracdec.c

+ 2
- 3
libavcodec/diracdec.c View File

@@ -835,11 +835,10 @@ static int decode_hq_slice(DiracContext *s, DiracSlice *slice, uint8_t *tmp_buf)
for (i = 0; i < 3; i++) {
int coef_num, coef_par, off = 0;
int64_t length = s->highquality.size_scaler*get_bits(gb, 8);
int64_t start = get_bits_count(gb);
int64_t bits_end = start + 8*length;
int64_t bits_end = get_bits_count(gb) + 8*length;
const uint8_t *addr = align_get_bits(gb);

if (bits_end >= INT_MAX) {
if (length*8 > get_bits_left(gb)) {
av_log(s->avctx, AV_LOG_ERROR, "end too far away\n");
return AVERROR_INVALIDDATA;
}


Write Preview
Loading…
Cancel
Save