Commit 1a2a1d90 authored by Michael Niedermayer's avatar Michael Niedermayer

Prevent segfault due to reading over the end of the input buffer.

Originally committed as revision 12315 to svn://svn.ffmpeg.org/ffmpeg/trunk
parent 79989881
......@@ -256,7 +256,10 @@ static inline void range_start_decoding(APEContext * ctx)
static inline void range_dec_normalize(APEContext * ctx)
{
while (ctx->rc.range <= BOTTOM_VALUE) {
ctx->rc.buffer = (ctx->rc.buffer << 8) | bytestream_get_byte(&ctx->ptr);
ctx->rc.buffer <<= 8;
if(ctx->ptr < ctx->data_end)
ctx->rc.buffer += *ctx->ptr;
ctx->ptr++;
ctx->rc.low = (ctx->rc.low << 8) | ((ctx->rc.buffer >> 1) & 0xFF);
ctx->rc.range <<= 8;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment