On 13/01/15 13:43, Martin Storsjö wrote: > From: Michael Niedermayer <[email protected]> > > This fixes out of array reads and/or infinite loops. > > CC: [email protected] > Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind > --- > Not sure exactly which of the fuzzed samples this fixes, I ran > into other, unrelated, broken samples that triggered this issue > and found this fix for it. > --- > libavcodec/h264_cabac.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavcodec/h264_cabac.c b/libavcodec/h264_cabac.c > index 1e91626..0ad8ac0 100644 > --- a/libavcodec/h264_cabac.c > +++ b/libavcodec/h264_cabac.c > @@ -1712,7 +1712,7 @@ decode_cabac_residual_internal(H264Context *h, int16_t > *block, > \ > if( coeff_abs >= 15 ) { \ > int j = 0; \ > - while( get_cabac_bypass( CC ) ) { \ > + while (get_cabac_bypass(CC) && j < 30) { \ > j++; \ > } \ > \ >
Probably ok, not sure why 30 though. lu _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
