From e0966eb140b3569b3d6b5b5008961944ef229c06 Mon Sep 17 00:00:00 2001 From: Thierry Foucu Date: Thu, 17 Nov 2011 09:39:52 -0800 Subject: [PATCH] vp6: Fix illegal read. Found with Address Sanitizer Signed-off-by: Alex Converse --- libavcodec/vp6.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/libavcodec/vp6.c b/libavcodec/vp6.c index 03024fa865..9433983be3 100644 --- a/libavcodec/vp6.c +++ b/libavcodec/vp6.c @@ -442,7 +442,8 @@ static void vp6_parse_coeff(VP56Context *s) model1 = model->coeff_dccv[pt]; model2 = model->coeff_dcct[pt][ctx]; - for (coeff_idx=0; coeff_idx<64; ) { + coeff_idx = 0; + for (;;) { if ((coeff_idx>1 && ct==0) || vp56_rac_get_prob(c, model2[0])) { /* parse a coeff */ if (vp56_rac_get_prob(c, model2[2])) { @@ -483,8 +484,10 @@ static void vp6_parse_coeff(VP56Context *s) run += vp56_rac_get_prob(c, model3[i+8]) << i; } } - - cg = vp6_coeff_groups[coeff_idx+=run]; + coeff_idx += run; + if (coeff_idx >= 64) + break; + cg = vp6_coeff_groups[coeff_idx]; model1 = model2 = model->coeff_ract[pt][ct][cg]; }