[FFmpeg-devel] [PATCH] on2avc: limit number of bits to 30 in get_egolomb

Hendrik Leppkes h.leppkes at gmail.com
Thu Dec 17 10:54:18 CET 2015


On Wed, Dec 16, 2015 at 8:20 PM, Andreas Cadhalpun
<andreas.cadhalpun at googlemail.com> wrote:
> More don't fit into the integer output.
>
> Also use get_bits_long, since get_bits only supports reading up to 25
> bits, while get_bits_long supports the full integer range.
>
> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> ---
>  libavcodec/on2avc.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/libavcodec/on2avc.c b/libavcodec/on2avc.c
> index 15f4dd1..10861b5 100644
> --- a/libavcodec/on2avc.c
> +++ b/libavcodec/on2avc.c
> @@ -211,9 +211,9 @@ static inline int get_egolomb(GetBitContext *gb)
>  {
>      int v = 4;
>
> -    while (get_bits1(gb)) v++;
> +    while (get_bits1(gb) && v < 30) v++;
>
> -    return (1 << v) + get_bits(gb, v);
> +    return (1 << v) + get_bits_long(gb, v);
>  }
>

Just arbitrarily cutting the read short will make it lose its
bitstream position. While you may argue that this is likely a broken
file, maybe you should still consume as much data as the golomb
indicates, and just cap the return value?

- Hendrik


More information about the ffmpeg-devel mailing list