On Thu, Jul 31, 2014 at 5:35 AM, Kostya Shishkov <[email protected]> wrote: > On Wed, Jul 30, 2014 at 07:52:01PM +0100, Vittorio Giovara wrote: >> Properly address CVE-2011-3946 and parse bitstream as described in the spec. >> >> CC: [email protected] >> Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind >> --- >> libavcodec/h264_sei.c | 17 +++++++++++------ >> 1 file changed, 11 insertions(+), 6 deletions(-) >> >> diff --git a/libavcodec/h264_sei.c b/libavcodec/h264_sei.c >> index 33230b7..641ee1d 100644 >> --- a/libavcodec/h264_sei.c >> +++ b/libavcodec/h264_sei.c >> @@ -222,14 +222,19 @@ int ff_h264_decode_sei(H264Context *h) >> int size = 0; >> int type = 0; >> int ret = 0; >> + int last = 0; >> >> - do >> - type += show_bits(&h->gb, 8); >> - while (get_bits(&h->gb, 8) == 255); >> + while (get_bits_left(&h->gb) >= 8 && >> + (last = get_bits(&h->gb, 8)) == 255) { >> + type += 255; >> + } >> + type += last; >> >> - do >> - size += show_bits(&h->gb, 8); >> - while (get_bits(&h->gb, 8) == 255); > > last = 0 missing here?
amended locally thanks -- Vittorio _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
