[FFmpeg-devel] [PATCH] avcodec/golomb: Mask shift amount before use in get_ue_golomb()

Michael Niedermayer michaelni at gmx.at
Thu Dec 3 23:09:35 CET 2015


From: Michael Niedermayer <michael at niedermayer.cc>

Fixes undefined behavior
Fixes: mozilla bug 1229208
Fixes: fbeb8b2c7c996e9b91c6b1af319d7ebc/asan_heap-oob_195450f_2743_e8856ece4579ea486670be2b236099a0.bit

Found-by: Tyson Smith
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
 libavcodec/golomb.h |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/golomb.h b/libavcodec/golomb.h
index d30bb6b..323665d 100644
--- a/libavcodec/golomb.h
+++ b/libavcodec/golomb.h
@@ -72,7 +72,7 @@ static inline int get_ue_golomb(GetBitContext *gb)
             av_log(NULL, AV_LOG_ERROR, "Invalid UE golomb code\n");
             return AVERROR_INVALIDDATA;
         }
-        buf >>= log;
+        buf >>= log & 31;
         buf--;
 
         return buf;
-- 
1.7.9.5



More information about the ffmpeg-devel mailing list