Fix a possibly exploitable buffer overflow.

backported r18640 by michael Originally committed as revision 21712 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5
2010-02-09 18:55:41 +00:00
parent ef84190a1a
commit c42640b200
1 changed files with 1 additions and 2 deletions
--- a/libavcodec/ffv1.c
+++ b/libavcodec/ffv1.c
@@ -248,10 +248,9 @@ static inline int get_symbol(RangeCoder *c, uint8_t *state, int is_signed){
    else{
        int i, e, a;
        e= 0;
-        while(get_rac(c, state+1 + e)){ //1..10
+        while(get_rac(c, state+1 + e) && e<9){ //1..10
            e++;
        }
-        assert(e<=9);

        a= 1;
        for(i=e-1; i>=0; i--){