| Message ID | 20190918032607.11774-4-andreas.rheinhardt@gmail.com |
|---|---|
| State | Accepted |
| Commit | 1929dd4eff93e81bab8637f298754294448e624e |
| Headers | show |
diff --git a/libavcodec/cbs_av1.c b/libavcodec/cbs_av1.c index 0ff6d60ae2..84998e1e8c 100644 --- a/libavcodec/cbs_av1.c +++ b/libavcodec/cbs_av1.c @@ -211,8 +211,8 @@ static int cbs_av1_read_ns(CodedBitstreamContext *ctx, GetBitContext *gbc, uint32_t n, const char *name, const int *subscripts, uint32_t *write_to) { - uint32_t w, m, v, extra_bit, value; - int position; + uint32_t m, v, extra_bit, value; + int position, w; av_assert0(n > 0);
When performing a comparison of a signed int and an unsigned int, the signed int is first converted to an unsigned int, so that negative values are being treated as big, positive values. This can become a problem in an overread check, namely when an overread already happened. So change the type of the variable containing the amount of bits that need to be left to signed. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> --- I am not aware of any situation where cbs overreads, but robustness is nevertheless valueable. libavcodec/cbs_av1.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)