diff mbox series

[FFmpeg-devel,1/3] avcodec/siren: prevent getbitcontext overread

Message ID 5da14be177af2fd768c1cde4d450b27d659a5472.1631959242.git.pross@xvid.org
State Accepted
Commit b007e8968f2072b9e8076d0ab474ad944fc07ade
Headers show
Series [FFmpeg-devel,1/3] avcodec/siren: prevent getbitcontext overread
Related show

Checks

Context Check Description
andriy/make_x86 success Make finished
andriy/make_fate_x86 success Make fate finished
andriy/make_ppc success Make finished
andriy/make_fate_ppc success Make fate finished

Commit Message

Peter Ross Sept. 18, 2021, 10:01 a.m. UTC
---
 libavcodec/siren.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

Comments

Peter Ross Sept. 25, 2021, 8:33 a.m. UTC | #1
On Sat, Sep 18, 2021 at 08:01:38PM +1000, Peter Ross wrote:
> ---
>  libavcodec/siren.c | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/libavcodec/siren.c b/libavcodec/siren.c
> index 2161b29a2c..3b0ad7b642 100644
> --- a/libavcodec/siren.c
> +++ b/libavcodec/siren.c
> @@ -608,12 +608,16 @@ static int decode_vector(SirenContext *s, int number_of_regions,
>  
>                  index >>= 1;
>  
> -                if (error == 0 && get_bits_left(gb) >= 0) {
> +                if (error == 0) {
>                      for (j = 0; j < vector_dimension[category]; j++) {
>                          decoded_value = mlt_quant[category][index & ((1 << index_table[category]) - 1)];
>                          index >>= index_table[category];
>  
>                          if (decoded_value) {
> +                            if (get_bits_left(gb) <= 0) {
> +                                error = 1;
> +                                break;
> +                            }
>                              if (!get_bits1(gb))
>                                  decoded_value *= -decoder_standard_deviation[region];
>                              else

ping

-- Peter
(A907 E02F A6E5 0CD2 34CD 20D2 6760 79C5 AC40 DD6B)
Michael Niedermayer Sept. 25, 2021, 8:58 p.m. UTC | #2
On Sat, Sep 18, 2021 at 08:01:38PM +1000, Peter Ross wrote:
> ---
>  libavcodec/siren.c | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)

probably ok 

thx

[...]
diff mbox series

Patch

diff --git a/libavcodec/siren.c b/libavcodec/siren.c
index 2161b29a2c..3b0ad7b642 100644
--- a/libavcodec/siren.c
+++ b/libavcodec/siren.c
@@ -608,12 +608,16 @@  static int decode_vector(SirenContext *s, int number_of_regions,
 
                 index >>= 1;
 
-                if (error == 0 && get_bits_left(gb) >= 0) {
+                if (error == 0) {
                     for (j = 0; j < vector_dimension[category]; j++) {
                         decoded_value = mlt_quant[category][index & ((1 << index_table[category]) - 1)];
                         index >>= index_table[category];
 
                         if (decoded_value) {
+                            if (get_bits_left(gb) <= 0) {
+                                error = 1;
+                                break;
+                            }
                             if (!get_bits1(gb))
                                 decoded_value *= -decoder_standard_deviation[region];
                             else