Hi, On Mon, Jan 15, 2018 at 6:37 PM, Michael Niedermayer <mich...@niedermayer.cc > wrote:
> I suspect that this can be limited tighter, but i failed to find anything > in the spec that would confirm that. > > Fixes: 4833/clusterfuzz-testcase-minimized-5302840101699584 > Fixes: runtime error: left shift of 134217730 by 4 places cannot be > represented in type 'int' > > Found-by: continuous fuzzing process https://github.com/google/oss- > fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > --- > libavcodec/hevc_cabac.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavcodec/hevc_cabac.c b/libavcodec/hevc_cabac.c > index 743168500c..faa36d5459 100644 > --- a/libavcodec/hevc_cabac.c > +++ b/libavcodec/hevc_cabac.c > @@ -998,7 +998,7 @@ static av_always_inline int > coeff_abs_level_remaining_decode(HEVCContext > *s, int > } else { > int prefix_minus3 = prefix - 3; > > - if (prefix == CABAC_MAX_BIN) { > + if (prefix == CABAC_MAX_BIN || prefix_minus3 + rc_rice_param >= > 31) { > av_log(s->avctx, AV_LOG_ERROR, "CABAC_MAX_BIN : %d\n", > prefix); > return 0; > } I understand this is unrelated to the patch, but I once again want to point out how utterly useless this error message is for end users :-(. Ronald _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
