avcodec/rangecoder: Check e

Fixes hang.nut Found-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/rangecoder: Check e
Fixes hang.nut Found-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
b2955b6c · Michael Niedermayer · 9458a62d · b2955b6c · b2955b6c
Commit b2955b6c authored Sep 25, 2015 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 1 deletion

ffv1dec.c libavcodec/ffv1dec.c +4 -1

snow.h libavcodec/snow.h +2 -0

No files found.
--- a/libavcodec/ffv1dec.c
+++ b/libavcodec/ffv1dec.c
@@ -47,8 +47,11 @@ static inline av_flatten int get_symbol_inline(RangeCoder *c, uint8_t *state,
    else {
        int i, e, a;
        e = 0;
-        while (get_rac(c, state + 1 + FFMIN(e, 9))) // 1..10
+        while (get_rac(c, state + 1 + FFMIN(e, 9))) { // 1..10
            e++;
+            if (e > 31)
+                return AVERROR_INVALIDDATA;
+        }
        a = 1;
        for (i = e - 1; i >= 0; i--)

--- a/libavcodec/snow.h
+++ b/libavcodec/snow.h
@@ -564,6 +564,8 @@ static inline int get_symbol(RangeCoder *c, uint8_t *state, int is_signed){
        e= 0;
        while(get_rac(c, state+1 + FFMIN(e,9))){ //1..10
            e++;
+            if (e > 31)
+                return AVERROR_INVALIDDATA;
        }
        a= 1;