h264: fix overreads in cabac reader.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org

h264: fix overreads in cabac reader.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org
7374fac8 · Ronald S. Bultje · d360dd90 · 7374fac8
Commit 7374fac8 authored Mar 17, 2012 by Ronald S. Bultje
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 2 deletions

cabac_functions.h libavcodec/cabac_functions.h +4 -2

No files found.
--- a/libavcodec/cabac_functions.h
+++ b/libavcodec/cabac_functions.h
@@ -47,7 +47,8 @@ static void refill(CABACContext *c){
        c->low+= c->bytestream[0]<<1;
 #endif
    c->low -= CABAC_MASK;
-    c->bytestream+= CABAC_BITS/8;
+    if (c->bytestream < c->bytestream_end)
+        c->bytestream += CABAC_BITS / 8;
 }

 static inline void renorm_cabac_decoder_once(CABACContext *c){
@@ -74,7 +75,8 @@ static void refill2(CABACContext *c){
 #endif

    c->low += x<<i;
-    c->bytestream+= CABAC_BITS/8;
+    if (c->bytestream < c->bytestream_end)
+        c->bytestream += CABAC_BITS/8;
 }

 static av_always_inline int get_cabac_inline(CABACContext *c, uint8_t * const state){