On 2012-02-16 17:28:04 -0800, Ronald S. Bultje wrote: > From: "Ronald S. Bultje" <[email protected]> > > Prevents crashes if the return value is used as an index in arrays > without being checked. Before, it could reach -1. > --- > libavcodec/golomb.h | 6 ++++-- > 1 files changed, 4 insertions(+), 2 deletions(-) > > diff --git a/libavcodec/golomb.h b/libavcodec/golomb.h > index 5f720c0..ae3f530 100644 > --- a/libavcodec/golomb.h > +++ b/libavcodec/golomb.h > @@ -123,7 +123,7 @@ static inline int svq3_get_ue_golomb(GetBitContext *gb){ > }else{ > int ret = 1; > > - do { > + for (;;) { > buf >>= 32 - 8; > LAST_SKIP_BITS(re, gb, FFMIN(ff_interleaved_golomb_vlc_len[buf], > 8)); > > @@ -133,9 +133,11 @@ static inline int svq3_get_ue_golomb(GetBitContext *gb){ > break; > } > ret = (ret << 4) | ff_interleaved_dirac_golomb_vlc_code[buf]; > + if (!ret) > + return 0;
I think a CLOSE_READER() is missing here. It is probably better to skip the bits when we consider them as invalid. Janne _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
