qdm2_fft_decode_tones: fix infinite loop

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

qdm2_fft_decode_tones: fix infinite loop
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
20335598 · Michael Niedermayer · 1a974679 · 20335598
Commit 20335598 authored Apr 15, 2012 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

qdm2.c libavcodec/qdm2.c +4 -0

No files found.
--- a/libavcodec/qdm2.c
+++ b/libavcodec/qdm2.c
@@ -1358,6 +1358,10 @@ static void qdm2_fft_decode_tones (QDM2Context *q, int duration, GetBitContext *
    while (get_bits_left(gb)>0) {
        if (q->superblocktype_2_3) {
            while ((n = qdm2_get_vlc(gb, &vlc_tab_fft_tone_offset[local_int_8], 1, 2)) < 2) {
+                if (get_bits_left(gb)<0) {
+                    av_log(0, AV_LOG_ERROR, "overread in qdm2_fft_decode_tones()\n");
+                    return;
+                }
                offset = 1;
                if (n == 0) {
                    local_int_4 += local_int_10;