diff mbox

[FFmpeg-devel] avcodec/h264_cabac: Tighten allowed coeff_abs range

Message ID 20180213233230.11455-1-michael@niedermayer.cc
State Accepted
Commit f26a63c4ee1bdbe21d7ab462cd66f8ba20b14244
Headers show

Commit Message

Michael Niedermayer Feb. 13, 2018, 11:32 p.m. UTC 
Fixes: integer overflows
Reported-by: "Xiaohan Wang (王消寒)" <xhwang@chromium.org>

Based on limits in "8.5 Transform coefficient decoding process and picture
construction process prior to deblocking  filter process"
---
 libavcodec/h264_cabac.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Michael Niedermayer Feb. 15, 2018, 12:41 p.m. UTC | #1 
On Wed, Feb 14, 2018 at 12:32:30AM +0100, Michael Niedermayer wrote:
> Fixes: integer overflows
> Reported-by: "Xiaohan Wang (王消寒)" <xhwang@chromium.org>
> 
> Based on limits in "8.5 Transform coefficient decoding process and picture
> construction process prior to deblocking  filter process"
> ---
>  libavcodec/h264_cabac.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

will apply

[...]
diff mbox

Patch

diff --git a/libavcodec/h264_cabac.c b/libavcodec/h264_cabac.c
index ec5fc74b9b..815149a501 100644
--- a/libavcodec/h264_cabac.c
+++ b/libavcodec/h264_cabac.c
@@ -1735,7 +1735,7 @@  decode_cabac_residual_internal(const H264Context *h, H264SliceContext *sl,
 \
             if( coeff_abs >= 15 ) { \
                 int j = 0; \
-                while (get_cabac_bypass(CC) && j < 30) { \
+                while (get_cabac_bypass(CC) && j < 16+7) { \
                     j++; \
                 } \
 \