From: "Ronald S. Bultje" <rsbul...@gmail.com> Prevent an invalid write into coeffs[scantable[-1]] if zeros_left itself was an invalid VLC code (and thus -1).
Signed-off-by: Luca Barbato <lu_z...@gentoo.org> --- libavcodec/h264_cavlc.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/libavcodec/h264_cavlc.c b/libavcodec/h264_cavlc.c index 8702122..0cc7214 100644 --- a/libavcodec/h264_cavlc.c +++ b/libavcodec/h264_cavlc.c @@ -610,17 +610,18 @@ static int decode_residual(H264Context *h, GetBitContext *gb, DCTELEM *block, in } \ } + if (zeros_left < 0) { + av_log(h->s.avctx, AV_LOG_ERROR, + "negative number of zero coeffs at %d %d\n", s->mb_x, s->mb_y); + return AVERROR_INVALIDDATA; + } + if (h->pixel_shift) { STORE_BLOCK(int32_t) } else { STORE_BLOCK(int16_t) } - if(zeros_left<0){ - av_log(h->s.avctx, AV_LOG_ERROR, "negative number of zero coeffs at %d %d\n", s->mb_x, s->mb_y); - return -1; - } - return 0; } -- 1.7.12 _______________________________________________ libav-devel mailing list libav-devel@libav.org https://lists.libav.org/mailman/listinfo/libav-devel