avcodec/dirac_arith: fix integer overflow

Fixes: asan_heap-oob_1078676_9_008.drc Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

avcodec/dirac_arith: fix integer overflow
Fixes: asan_heap-oob_1078676_9_008.drc Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
39680cac · Michael Niedermayer · 5145d22b · 39680cac
Commit 39680cac authored Oct 28, 2014 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

dirac_arith.h libavcodec/dirac_arith.h +4 -0

No files found.
--- a/libavcodec/dirac_arith.h
+++ b/libavcodec/dirac_arith.h
@@ -171,6 +171,10 @@ static inline int dirac_get_arith_uint(DiracArith *c, int follow_ctx, int data_c
 {
    int ret = 1;
    while (!dirac_get_arith_bit(c, follow_ctx)) {
+        if (ret >= 0x40000000) {
+            av_log(NULL, AV_LOG_ERROR, "dirac_get_arith_uint overflow\n");
+            return -1;
+        }
        ret <<= 1;
        ret += dirac_get_arith_bit(c, data_ctx);
        follow_ctx = ff_dirac_next_ctx[follow_ctx];