---
libavcodec/apv_entropy.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/libavcodec/apv_entropy.c b/libavcodec/apv_entropy.c
index 00e0b4fbdf..a5648c09b4 100644
--- a/libavcodec/apv_entropy.c
+++ b/libavcodec/apv_entropy.c
@@ -84,6 +84,14 @@ static unsigned int apv_read_vlc(GetBitContext *gbc, int
k_param,
next_bits = show_bits(gbc, 16);
leading_zeroes = 15 - av_log2(next_bits);
+ if (leading_zeroes == 0) {
+ // This can't happen mid-stream because the lookup would
+ // have resolved a leading one into a shorter code, but it
+ // can happen if we are hitting the end of the buffer.
+ // Return an invalid code to propagate as an error.
+ return APV_MAX_TRANS_COEFF + 1;
+ }
+
skip_bits(gbc, leading_zeroes + 1);
return (2 << k_param) +
@@ -182,6 +190,14 @@ int ff_apv_entropy_decode_block(int16_t *coeff,
else
level = abs_ac_coeff_minus1 + 1;
+ if (level < APV_MIN_TRANS_COEFF ||
+ level > APV_MAX_TRANS_COEFF) {
+ av_log(state->log_ctx, AV_LOG_ERROR,
+ "Out-of-range AC coefficient value: %d "
+ "(from prev_level %d abs_ac_coeff_minus1 %d
sign_ac_coeff %d)\n",
+ level, prev_level, abs_ac_coeff_minus1,
sign_ac_coeff);
+ }
+
coeff[ff_zigzag_direct[scan_pos]] = level;
prev_level = abs_ac_coeff_minus1 + 1;
--
2.47.2
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
