From a0bdcb019e24f8a75ebef54289c4b8c015f77f41 Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Sat, 17 Mar 2012 08:58:48 -0700 Subject: [PATCH] h264: add overread protection to get_cabac_bypass_sign_x86(). --- libavcodec/x86/cabac.h | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/libavcodec/x86/cabac.h b/libavcodec/x86/cabac.h index b00652be94..adf4fc39b2 100644 --- a/libavcodec/x86/cabac.h +++ b/libavcodec/x86/cabac.h @@ -105,7 +105,7 @@ static av_always_inline int get_cabac_bypass_sign_x86(CABACContext *c, int val) { x86_reg tmp; __asm__ volatile( - "movl %a5(%2), %k1 \n\t" + "movl %a6(%2), %k1 \n\t" "movl %a3(%2), %%eax \n\t" "shl $17, %k1 \n\t" "add %%eax, %%eax \n\t" @@ -122,9 +122,10 @@ static av_always_inline int get_cabac_bypass_sign_x86(CABACContext *c, int val) "movzwl (%1), %%edx \n\t" "bswap %%edx \n\t" "shrl $15, %%edx \n\t" - "add $2, %1 \n\t" "addl %%edx, %%eax \n\t" - "mov %1, %a4(%2) \n\t" + "cmp %a5(%2), %1 \n\t" + "jge 1f \n\t" + "add"OPSIZE" $2, %a4(%2) \n\t" "1: \n\t" "movl %%eax, %a3(%2) \n\t" @@ -132,6 +133,7 @@ static av_always_inline int get_cabac_bypass_sign_x86(CABACContext *c, int val) : "r"(c), "i"(offsetof(CABACContext, low)), "i"(offsetof(CABACContext, bytestream)), + "i"(offsetof(CABACContext, bytestream_end)), "i"(offsetof(CABACContext, range)) : "%eax", "%edx", "memory" );