Higher modes are not allowed for 16x16/chroma, which is what this function is used for. Otherwise this function would return 0 (vertical prediction) for invalid higher modes, which could result in invalid reads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:[email protected] --- libavcodec/h264.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 47fb76d..9817d20 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -534,10 +534,10 @@ int ff_h264_check_intra4x4_pred_mode(H264Context *h) */ int ff_h264_check_intra_pred_mode(H264Context *h, int mode, int is_chroma) { - static const int8_t top[7] = { LEFT_DC_PRED8x8, 1, -1, -1 }; - static const int8_t left[7] = { TOP_DC_PRED8x8, -1, 2, -1, DC_128_PRED8x8 }; + static const int8_t top[4] = { LEFT_DC_PRED8x8, 1, -1, -1 }; + static const int8_t left[5] = { TOP_DC_PRED8x8, -1, 2, -1, DC_128_PRED8x8 }; - if (mode > 6U) { + if (mode > 3U) { av_log(h->avctx, AV_LOG_ERROR, "out of range intra chroma pred mode at %d %d\n", h->mb_x, h->mb_y); -- 1.7.10.4 _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
