From patchwork Fri May 26 01:19:09 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jun Zhao <mypopydev@gmail.com>
X-Patchwork-Id: 3743
Delivered-To: ffmpegpatchwork@gmail.com
Received: by 10.103.10.2 with SMTP id 2csp72183vsk;
	Thu, 25 May 2017 18:27:46 -0700 (PDT)
X-Received: by 10.28.41.65 with SMTP id p62mr11118595wmp.32.1495762066674;
	Thu, 25 May 2017 18:27:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1495762066; cv=none;
	d=google.com; s=arc-20160816;
	b=RR8c0rMQOBxt2MNU334KGQFLNq/PuqwPHFNnk7/dDdAbfm27Pvje7tnNMlEPezneb8
	VO40LxcjmMmVhF1XCorPftXxW73MXpxXYQGNqkrM6b7QIFCUL/9vZJ2i5EwL21JH9tT4
	EQCBZn1aU/qvARpb8NOkq3X3W9gIoidyof1bM6875G+pniHQ0aXWZASfsRBAygXUMJIk
	D81Qm//1GmrgDiDuFvb1ZyiXN7HGCVmCPjOa0Bmdp7jgBgXD1TURh3lCNNoUTZat8CJG
	IWtxj0cXaBipFR/h+t6hnKpfIcEg/frc3pr0aZunXDT2Gkn7wcIFh21qsJk3NXpLe1eh
	JbIg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
	s=arc-20160816;
	h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe
	:list-help:list-post:list-archive:list-unsubscribe:list-id
	:precedence:subject:content-disposition:content-language
	:mime-version:user-agent:date:message-id:from:to:dkim-signature
	:delivered-to:arc-authentication-results;
	bh=0k/U634Ats8duBN+RDgMBHli57BxyOybbf2xO1XzyN0=;
	b=J9UKH6AfpKoM1GDHuZxOd/vWQulP0cYfBKMKY8eMfNWHSjBEeRXzWAOMrxAzf/Oy80
	nw5jLqkxCaR8EK/AqyguIn8ss5aTuJuf+89qnsXG3+O+Sd4lpKCYx9TVI7O113i4Y5/B
	h+4EUaM3mNoSSyebJz9Q9hWdOa+gvmkLlP6tlPomWzLcImbA9eaUvqV3cIM3jK6CC5Ut
	JuEY7Bdj7Xp6o0vjXqCukFssy1Kb1bpDfkecDahoHzu1cAR5NTMFbIs6kd+7JkwAdcY4
	u9xsjkm/YPIe3AgIpt8kBeDhajZDb3YS0I7vJgGPMSYAOwoY5t2ngTBtyTSxfGDbf/tq
	7sig==
ARC-Authentication-Results: i=1; mx.google.com;
	dkim=neutral (body hash did not verify) header.i=@gmail.com;
	spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
	designates 79.124.17.100 as permitted sender)
	smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
	dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=gmail.com
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
	by mx.google.com with ESMTP id
	s12si22246643wrb.115.2017.05.25.18.27.45;
	Thu, 25 May 2017 18:27:46 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
	designates 79.124.17.100 as permitted sender)
	client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
	dkim=neutral (body hash did not verify) header.i=@gmail.com;
	spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
	designates 79.124.17.100 as permitted sender)
	smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
	dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=gmail.com
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 699FA689C4F;
	Fri, 26 May 2017 04:27:39 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from mail-pf0-f169.google.com (mail-pf0-f169.google.com
	[209.85.192.169])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id C1084689BA6
	for <ffmpeg-devel@ffmpeg.org>; Fri, 26 May 2017 04:27:32 +0300 (EEST)
Received: by mail-pf0-f169.google.com with SMTP id e193so182731193pfh.0
	for <ffmpeg-devel@ffmpeg.org>; Thu, 25 May 2017 18:27:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=to:from:subject:message-id:date:user-agent:mime-version
	:content-language;
	bh=aKRDVmEwO3sDsw2MhDK21okvMYQKQvaW8rDXiY04RBA=;
	b=FLbKLogm2BfHv4Mua8ifKRi8lDt3ubp2akMAEFqofZKrbx6wfYAtNzZkWrCtUjp6LH
	rYUd0f4Ms3lJEHdc7s4nM9tlDzQ+Wh/kkK0H9/x8ii3q6GDwcijR3kzeH8U7I9+HeAit
	XU/IWSlyj+dXUYlirHYjoeM4pcxs/wOPxMfaC2rqES5G3gu/qK/ttd4zeTiIXXB19O3M
	Jeiu0ES4ix5Hg/zXp0+FkVZ0jIOdVos3kLNFKSIwzoBCSTwbLDk9x2w04qdX+YOSUJLd
	vADRiATV5MILq+jB+vhHXdcXoBAuNG4e+pSjg8mcGbT2PY+4mURR0SeIE0ESbLMZfv5L
	LnAw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:to:from:subject:message-id:date:user-agent
	:mime-version:content-language;
	bh=aKRDVmEwO3sDsw2MhDK21okvMYQKQvaW8rDXiY04RBA=;
	b=KNe+f6ija7JbQz5PBxhv2VRA+8GqUf+5T29o4B9ENlL5+0zHoq0uJ67x+7iFn27C0j
	n0U/ShmNQeUkks519YslTccWWcpZTfzKRkA/pWDqSJJPtsy1ZCmmuLfMr2oUJ7Rq152n
	lLEisrXnp1fFJvjpZ/9cFmOanYXE6ac7+wl4yrR0IySSaDx+vzxJyvaxjFfe3fj1xvMg
	XExsBgBK3s4PhKRUSwDZNLtCr5CwC1kTn5/fZ6gQE3Cdi8ouHQ7u23gyk9plHZs2XA9m
	NF8t5or2TPn/eSLBXBSWr27IvQprA0i7zPa3pTIGd2Y83x2/Ly2gaxTDewiQJUXEL47l
	F3FA==
X-Gm-Message-State: AODbwcBuZCd2wb0+eqtev4zB0HPfqWAb1UcHQtvbiXjVfRu3/rk+d01X
	CFPkbZEVkq89Pg==
X-Received: by 10.98.212.66 with SMTP id u2mr47864441pfl.73.1495761553700;
	Thu, 25 May 2017 18:19:13 -0700 (PDT)
Received: from [10.239.204.58] (fmdmzpr01-ext.fm.intel.com. [192.55.54.36])
	by smtp.gmail.com with ESMTPSA id
	s17sm16364878pfk.112.2017.05.25.18.19.11
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 25 May 2017 18:19:12 -0700 (PDT)
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>,
	Michael Niedermayer <michael@niedermayer.cc>
From: Jun Zhao <mypopydev@gmail.com>
Message-ID: <a25e1917-2430-ddc2-ff2c-2fd0cf3e1645@gmail.com>
Date: Fri, 26 May 2017 09:19:09 +0800
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:52.0) Gecko/20100101
	Thunderbird/52.1.1
MIME-Version: 1.0
Content-Language: en-US
Content-Disposition: attachment;
	filename="0001-lavc-golomb-Fix-UE-golomb-overwrite-issue.patch"
X-Content-Filtered-By: Mailman/MimeDel 2.1.20
Subject: [FFmpeg-devel] [PATCH] lavc/golomb: Fix UE golomb overwrite issue.
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <http://ffmpeg.org/mailman/options/ffmpeg-devel>,
	<mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <http://ffmpeg.org/pipermail/ffmpeg-devel/>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <http://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
	<mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches
	<ffmpeg-devel@ffmpeg.org>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

From eabcbf3d41e83f24623e6195d4a0ff86e4d95a80 Mon Sep 17 00:00:00 2001
From: Jun Zhao <jun.zhao@intel.com>
Date: Fri, 26 May 2017 09:02:29 +0800
Subject: [PATCH] lavc/golomb: Fix UE golomb overwrite issue.

put_bits just support write up to 31 bits, when write 32 bit in
put_bits, it's will overwrite the bit buffer, because the default
assert level is 0, the av_assert2(n <= 31 && value < (1U << n))
in put_bits can not be trigger runtime.

Signed-off-by: Jun Zhao <jun.zhao@intel.com>
---
 libavcodec/golomb.h | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/libavcodec/golomb.h b/libavcodec/golomb.h
index 0833aff468..2c5a969ac1 100644
--- a/libavcodec/golomb.h
+++ b/libavcodec/golomb.h
@@ -468,7 +468,10 @@ static inline void set_ue_golomb(PutBitContext *pb, int i)
         put_bits(pb, ff_ue_golomb_len[i], i + 1);
     else {
         int e = av_log2(i + 1);
-        put_bits(pb, 2 * e + 1, i + 1);
+        if (e < 16)
+            put_bits(pb, 2 * e + 1, i + 1);
+        else
+            put_bits32(pb, i + 1);
     }
 }