generic-library/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

avcodec/snow: check coeffs for validity

Browse Source 
Fixes deadlock
Fixes integer overflow
Fixes Ticket 3892

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 596636a474)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer
2014-08-30 02:12:10 +02:00
parent 0bf0de7185
commit 96d1a8f014
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
libavcodec/snow.h
View File

@@ -650,7 +650,10 @@ static inline void unpack_coeffs(SnowContext *s, SubBand *b, SubBand * parent, i
if(v){ if(v){
v= 2*(get_symbol2(&s->c, b->state[context + 2], context-4) + 1); v= 2*(get_symbol2(&s->c, b->state[context + 2], context-4) + 1);
v+=get_rac(&s->c, &b->state[0][16 + 1 + 3 + ff_quant3bA[l&0xFF] + 3*ff_quant3bA[t&0xFF]]); v+=get_rac(&s->c, &b->state[0][16 + 1 + 3 + ff_quant3bA[l&0xFF] + 3*ff_quant3bA[t&0xFF]]);
if ((uint16_t)v != v) {
av_log(s->avctx, AV_LOG_ERROR, "Coefficient damaged\n");
v = 1;
}
xc->x=x; xc->x=x;
(xc++)->coeff= v; (xc++)->coeff= v;
} }
@@ -660,6 +663,10 @@ static inline void unpack_coeffs(SnowContext *s, SubBand *b, SubBand * parent, i
else run= INT_MAX; else run= INT_MAX;
v= 2*(get_symbol2(&s->c, b->state[0 + 2], 0-4) + 1); v= 2*(get_symbol2(&s->c, b->state[0 + 2], 0-4) + 1);
v+=get_rac(&s->c, &b->state[0][16 + 1 + 3]); v+=get_rac(&s->c, &b->state[0][16 + 1 + 3]);
if ((uint16_t)v != v) {
av_log(s->avctx, AV_LOG_ERROR, "Coefficient damaged\n");
v = 1;
}
xc->x=x; xc->x=x;
(xc++)->coeff= v; (xc++)->coeff= v;