avcodec/rangecoder: Do not increase the pointer beyond the buffer

Fixes: undefined behavior Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/rangecoder: Do not increase the pointer beyond the buffer
Fixes: undefined behavior Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
c359c519 · Michael Niedermayer · f4544163 · c359c519 · c359c519
Commit c359c519 authored Aug 13, 2017 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 2 deletions

rangecoder.c libavcodec/rangecoder.c +1 -0

rangecoder.h libavcodec/rangecoder.h +6 -2

No files found.
--- a/libavcodec/rangecoder.c
+++ b/libavcodec/rangecoder.c
@@ -58,6 +58,7 @@ av_cold void ff_init_range_decoder(RangeCoder *c, const uint8_t *buf,
    c->low         = AV_RB16(c->bytestream);
    c->bytestream += 2;
+    c->overread    = 0;
    if (c->low >= 0xFF00) {
        c->low = 0xFF00;
        c->bytestream_end = c->bytestream;

--- a/libavcodec/rangecoder.h
+++ b/libavcodec/rangecoder.h
@@ -42,6 +42,8 @@ typedef struct RangeCoder {
    uint8_t *bytestream_start;
    uint8_t *bytestream;
    uint8_t *bytestream_end;
+    int overread;
+#define MAX_OVERREAD 2
 } RangeCoder;
 void ff_init_range_encoder(RangeCoder *c, uint8_t *buf, int buf_size);
@@ -106,9 +108,11 @@ static inline void refill(RangeCoder *c)
    if (c->range < 0x100) {
        c->range <<= 8;
        c->low   <<= 8;
-        if (c->bytestream < c->bytestream_end)
+        if (c->bytestream < c->bytestream_end) {
            c->low += c->bytestream[0];
-        c->bytestream++;
+            c->bytestream++;
+        } else
+            c->overread ++;
    }
 }