[FFmpeg-cvslog] vorbis: Reorder conditions to avoid possible overread
Mark Thompson
git at videolan.org
Wed Oct 18 22:09:09 EEST 2017
ffmpeg | branch: master | Mark Thompson <sw at jkqxz.net> | Tue Oct 17 22:25:46 2017 +0100| [c37de519202ac2e5f20141673081b0e6b57ab983] | committer: Mark Thompson
vorbis: Reorder conditions to avoid possible overread
This can trigger a single-byte overread if the codebook has the maximum
number of entries.
Fixes #6743.
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c37de519202ac2e5f20141673081b0e6b57ab983
---
libavcodec/vorbis.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/vorbis.c b/libavcodec/vorbis.c
index 399020eec5..ce23b947f0 100644
--- a/libavcodec/vorbis.c
+++ b/libavcodec/vorbis.c
@@ -58,7 +58,7 @@ int ff_vorbis_len2vlc(uint8_t *bits, uint32_t *codes, unsigned num)
uint32_t exit_at_level[33] = { 404 };
unsigned i, j, p, code;
- for (p = 0; (bits[p] == 0) && (p < num); ++p)
+ for (p = 0; (p < num) && (bits[p] == 0); ++p)
;
if (p == num)
return 0;
@@ -71,7 +71,7 @@ int ff_vorbis_len2vlc(uint8_t *bits, uint32_t *codes, unsigned num)
++p;
- for (i = p; (bits[i] == 0) && (i < num); ++i)
+ for (i = p; (i < num) && (bits[i] == 0); ++i)
;
if (i == num)
return 0;
More information about the ffmpeg-cvslog
mailing list