[FFmpeg-devel] [PATCH 3/7] vorbis: Reorder conditions to avoid possible overread

Mark Thompson Tue, 17 Oct 2017 15:12:37 -0700

This can trigger a single-byte overread if the codebook has the maximum
number of entries.


Fixes #6743.
---
 libavcodec/vorbis.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/vorbis.c b/libavcodec/vorbis.c
index 399020eec5..ce23b947f0 100644
--- a/libavcodec/vorbis.c
+++ b/libavcodec/vorbis.c
@@ -58,7 +58,7 @@ int ff_vorbis_len2vlc(uint8_t *bits, uint32_t *codes, 
unsigned num)
     uint32_t exit_at_level[33] = { 404 };
     unsigned i, j, p, code;
 
-    for (p = 0; (bits[p] == 0) && (p < num); ++p)
+    for (p = 0; (p < num) && (bits[p] == 0); ++p)
         ;
     if (p == num)
         return 0;
@@ -71,7 +71,7 @@ int ff_vorbis_len2vlc(uint8_t *bits, uint32_t *codes, 
unsigned num)
 
     ++p;
 
-    for (i = p; (bits[i] == 0) && (i < num); ++i)
+    for (i = p; (i < num) && (bits[i] == 0); ++i)
         ;
     if (i == num)
         return 0;
-- 
2.11.0

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

[FFmpeg-devel] [PATCH 3/7] vorbis: Reorder conditions to avoid possible overread

Reply via email to