avcodec/rangecoder: Check e
authorMichael Niedermayer <michael@niedermayer.cc>
Fri, 25 Sep 2015 12:26:14 +0000 (14:26 +0200)
committerMichael Niedermayer <michael@niedermayer.cc>
Fri, 25 Sep 2015 12:36:41 +0000 (14:36 +0200)
Fixes hang.nut

Found-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavcodec/ffv1dec.c
libavcodec/snow.h

index fbb85d6..fd9dc60 100644 (file)
@@ -47,8 +47,11 @@ static inline av_flatten int get_symbol_inline(RangeCoder *c, uint8_t *state,
     else {
         int i, e, a;
         e = 0;
-        while (get_rac(c, state + 1 + FFMIN(e, 9))) // 1..10
+        while (get_rac(c, state + 1 + FFMIN(e, 9))) // 1..10
             e++;
+            if (e > 31)
+                return AVERROR_INVALIDDATA;
+        }
 
         a = 1;
         for (i = e - 1; i >= 0; i--)
index bf744cf..a794da6 100644 (file)
@@ -564,6 +564,8 @@ static inline int get_symbol(RangeCoder *c, uint8_t *state, int is_signed){
         e= 0;
         while(get_rac(c, state+1 + FFMIN(e,9))){ //1..10
             e++;
+            if (e > 31)
+                return AVERROR_INVALIDDATA;
         }
 
         a= 1;