[FFmpeg-devel] [PATCH] avcodec/golomb: Prevent shift by negative number
Lynne
dev at lynne.ee
Fri Jul 10 17:48:11 EEST 2020
Jul 10, 2020, 14:48 by andreas.rheinhardt at gmail.com:
> This happened in get_ue_golomb() if the cached bitstream reader was in
> use, because there was no check to handle the case of the read value
> not being in the range 0..8190.
>
> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
> ---
> libavcodec/golomb.h | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/libavcodec/golomb.h b/libavcodec/golomb.h
> index 7fd46a91bd..5bfcfe085f 100644
> --- a/libavcodec/golomb.h
> +++ b/libavcodec/golomb.h
> @@ -66,6 +66,10 @@ static inline int get_ue_golomb(GetBitContext *gb)
> return ff_ue_golomb_vlc_code[buf];
> } else {
> int log = 2 * av_log2(buf) - 31;
> + if (log < 0) {
> + av_log(NULL, AV_LOG_ERROR, "Invalid UE golomb code\n");
> + return AVERROR_INVALIDDATA;
> + }
> buf >>= log;
> buf--;
> skip_bits_long(gb, 32 - log);
>
That's in an extremely hot path. Any alternatives?
More information about the ffmpeg-devel
mailing list