mirror of
https://git.ffmpeg.org/ffmpeg.git
synced 2024-12-25 08:42:39 +00:00
Check level_prefix a bit (this just checks the max our bitreader can handle,
as i did nt find a limit in the spec) This should stop cavlc_decode_residual() on a zero bitstream Originally committed as revision 22429 to svn://svn.ffmpeg.org/ffmpeg/trunk
This commit is contained in:
parent
83c2bc7abb
commit
9885284c22
@ -431,8 +431,13 @@ static int decode_residual(H264Context *h, GetBitContext *gb, DCTELEM *block, in
|
||||
level_code= prefix + get_bits(gb, 4); //part
|
||||
}else{
|
||||
level_code= 30 + get_bits(gb, prefix-3); //part
|
||||
if(prefix>=16)
|
||||
if(prefix>=16){
|
||||
if(prefix > 25+3){
|
||||
av_log(h->s.avctx, AV_LOG_ERROR, "Invalid level prefix\n");
|
||||
return -1;
|
||||
}
|
||||
level_code += (1<<(prefix-3))-4096;
|
||||
}
|
||||
}
|
||||
|
||||
if(trailing_ones < 3) level_code += 2;
|
||||
|
Loading…
Reference in New Issue
Block a user