Fixes: out of array read
Fixes: Ticket 10308
Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
---
libavcodec/h263dec.c | 2 +-
libavcodec/mpeg4videodec.c | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/libavcodec/h263dec.c b/libavcodec/h263dec.c
index f4e7048a5f..68a618a7ed 100644
--- a/libavcodec/h263dec.c
+++ b/libavcodec/h263dec.c
@@ -281,7 +281,7 @@ static int decode_slice(MpegEncContext *s)
ff_er_add_slice(&s->er, s->resync_mb_x, s->resync_mb_y,
s->mb_x, s->mb_y, ER_MB_ERROR & part_mask);
- if (s->avctx->err_recognition & AV_EF_IGNORE_ERR)
+ if ((s->avctx->err_recognition & AV_EF_IGNORE_ERR) &&
get_bits_left(&s->gb) > 0)
continue;
return AVERROR_INVALIDDATA;
}
diff --git a/libavcodec/mpeg4videodec.c b/libavcodec/mpeg4videodec.c
index d456e5dd11..30aec5e529 100644
--- a/libavcodec/mpeg4videodec.c
+++ b/libavcodec/mpeg4videodec.c
@@ -1437,7 +1437,7 @@ static inline int mpeg4_decode_block(Mpeg4DecContext
*ctx, int16_t *block,
if (SHOW_UBITS(re, &s->gb, 1) == 0) {
av_log(s->avctx, AV_LOG_ERROR,
"1. marker bit missing in 3.
esc\n");
- if (!(s->avctx->err_recognition &
AV_EF_IGNORE_ERR))
+ if (!(s->avctx->err_recognition &
AV_EF_IGNORE_ERR) || get_bits_left(&s->gb) <= 0)
return AVERROR_INVALIDDATA;
}
SKIP_CACHE(re, &s->gb, 1);
@@ -1448,7 +1448,7 @@ static inline int mpeg4_decode_block(Mpeg4DecContext
*ctx, int16_t *block,
if (SHOW_UBITS(re, &s->gb, 1) == 0) {
av_log(s->avctx, AV_LOG_ERROR,
"2. marker bit missing in 3.
esc\n");
- if (!(s->avctx->err_recognition &
AV_EF_IGNORE_ERR))
+ if (!(s->avctx->err_recognition &
AV_EF_IGNORE_ERR) || get_bits_left(&s->gb) <= 0)
return AVERROR_INVALIDDATA;
}
--
2.17.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
