Browse code
qdm2_fft_decode_tones: fix infinite loop
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer authored on 2012/04/15 23:30:17Showing 1 changed files
| ... | ... |
@@ -1358,6 +1358,10 @@ static void qdm2_fft_decode_tones (QDM2Context *q, int duration, GetBitContext * |
| 1358 | 1358 |
while (get_bits_left(gb)>0) {
|
| 1359 | 1359 |
if (q->superblocktype_2_3) {
|
| 1360 | 1360 |
while ((n = qdm2_get_vlc(gb, &vlc_tab_fft_tone_offset[local_int_8], 1, 2)) < 2) {
|
| 1361 |
+ if (get_bits_left(gb)<0) {
|
|
| 1362 |
+ av_log(0, AV_LOG_ERROR, "overread in qdm2_fft_decode_tones()\n"); |
|
| 1363 |
+ return; |
|
| 1364 |
+ } |
|
| 1361 | 1365 |
offset = 1; |
| 1362 | 1366 |
if (n == 0) {
|
| 1363 | 1367 |
local_int_4 += local_int_10; |