When performing a comparison of a signed int and an unsigned int, the
signed int is first converted to an unsigned int, so that negative
values are being treated as big, positive values. This can become a
problem in an overread check, namely when an overread already happened.
So change the type of the variable containing the amount of bits that
need to be left to signed.
Signed-off-by: Andreas Rheinhardt <andreas.rheinha...@gmail.com>
---
I am not aware of any situation where cbs overreads, but robustness is
nevertheless valueable.
libavcodec/cbs_av1.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/cbs_av1.c b/libavcodec/cbs_av1.c
index 0ff6d60ae2..84998e1e8c 100644
--- a/libavcodec/cbs_av1.c
+++ b/libavcodec/cbs_av1.c
@@ -211,8 +211,8 @@ static int cbs_av1_read_ns(CodedBitstreamContext *ctx,
GetBitContext *gbc,
uint32_t n, const char *name,
const int *subscripts, uint32_t *write_to)
{
- uint32_t w, m, v, extra_bit, value;
- int position;
+ uint32_t m, v, extra_bit, value;
+ int position, w;
av_assert0(n > 0);
--
2.20.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
