Hi,
On Wed, May 11, 2011 at 2:46 PM, Justin Ruggles
<justin.rugg...@gmail.com> wrote:
> On 05/10/2011 11:29 AM, Ronald S. Bultje wrote:
>> ---
>> libavcodec/mdec.c | 3 ++-
>> 1 files changed, 2 insertions(+), 1 deletions(-)
>>
>> diff --git a/libavcodec/mdec.c b/libavcodec/mdec.c
>> index 545b919..9b6e6b6 100644
>> --- a/libavcodec/mdec.c
>> +++ b/libavcodec/mdec.c
>> @@ -125,7 +125,8 @@ static inline int decode_mb(MDECContext *a, DCTELEM
>> block[6][64]){
>> a->dsp.clear_blocks(block[0]);
>>
>> for(i=0; i<6; i++){
>> - if( mdec_decode_block_intra(a, block[ block_index[i] ],
>> block_index[i]) < 0)
>> + if( mdec_decode_block_intra(a, block[ block_index[i] ],
>> block_index[i]) < 0 ||
>> + get_bits_left(&a->gb) < 0)
>> return -1;
>> }
>> return 0;
>
> If get_bits_left() < 0 doesn't that mean that it has already overread?
> How much can it have possibly overread by at this point, and is that <=
> FF_INPUT_BUFFER_PADDING_SIZE?
When I had a look at it, it seemed to always be <
FF_INPUT_BUFFER_PADDING_SIZE, yes.
Ronald
_______________________________________________
libav-devel mailing list
libav-devel@libav.org
https://lists.libav.org/mailman/listinfo/libav-devel
