generic-library/vpx
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

change to avoid invalid memory read.

Browse Source 
The fake token EOSB may cause invaild memory read in pack token, this
commit reworked the loop to avoid such invalid read.

Change-Id: I37fdfce869b44a7f90003f82a02f84c45472a457
This commit is contained in:
Yaowu Xu 2013-09-18 12:29:32 -07:00
parent 014acfa2af
commit 79af591368
1 changed files with 2 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
vp9/encoder/vp9_bitstream.c
View File

@ -283,7 +283,7 @@ static void pack_mb_tokens(vp9_writer* const bc,
const TOKENEXTRA *const stop) { const TOKENEXTRA *const stop) {
TOKENEXTRA *p = *tp; TOKENEXTRA *p = *tp;
while (p < stop) { while (p < stop && p->token != EOSB_TOKEN) {
const int t = p->token; const int t = p->token;
const struct vp9_token *const a = vp9_coef_encodings + t; const struct vp9_token *const a = vp9_coef_encodings + t;
const vp9_extra_bit *const b = vp9_extra_bits + t; const vp9_extra_bit *const b = vp9_extra_bits + t;
@ -293,10 +293,6 @@ static void pack_mb_tokens(vp9_writer* const bc,
int n = a->len; int n = a->len;
vp9_prob probs[ENTROPY_NODES]; vp9_prob probs[ENTROPY_NODES];
if (t == EOSB_TOKEN) {
++p;
break;
}
if (t >= TWO_TOKEN) { if (t >= TWO_TOKEN) {
vp9_model_to_full_probs(p->context_tree, probs); vp9_model_to_full_probs(p->context_tree, probs);
pp = probs; pp = probs;
@ -338,7 +334,7 @@ static void pack_mb_tokens(vp9_writer* const bc,
++p; ++p;
} }
*tp = p; *tp = p + (p->token == EOSB_TOKEN);
} }
static void write_sb_mv_ref(vp9_writer *w, MB_PREDICTION_MODE mode, static void write_sb_mv_ref(vp9_writer *w, MB_PREDICTION_MODE mode,