From ddd7559ad97d3cde401ce096262af6375685ea22 Mon Sep 17 00:00:00 2001
From: "Ronald S. Bultje" <rsbultje@gmail.com>
Date: Fri, 7 Dec 2012 13:09:20 -0800
Subject: h264: check for invalid zeros_left before writing

Prevent an invalid write into coeffs[scantable[-1]] if zeros_left
itself was an invalid VLC code (and thus -1).

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
---
 libavcodec/h264_cavlc.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

(limited to 'libavcodec/h264_cavlc.c')

diff --git a/libavcodec/h264_cavlc.c b/libavcodec/h264_cavlc.c
index 87021229d4..0cc7214666 100644
--- a/libavcodec/h264_cavlc.c
+++ b/libavcodec/h264_cavlc.c
@@ -610,17 +610,18 @@ static int decode_residual(H264Context *h, GetBitContext *gb, DCTELEM *block, in
         } \
     }
 
+    if (zeros_left < 0) {
+        av_log(h->s.avctx, AV_LOG_ERROR,
+               "negative number of zero coeffs at %d %d\n", s->mb_x, s->mb_y);
+        return AVERROR_INVALIDDATA;
+    }
+
     if (h->pixel_shift) {
         STORE_BLOCK(int32_t)
     } else {
         STORE_BLOCK(int16_t)
     }
 
-    if(zeros_left<0){
-        av_log(h->s.avctx, AV_LOG_ERROR, "negative number of zero coeffs at %d %d\n", s->mb_x, s->mb_y);
-        return -1;
-    }
-
     return 0;
 }
 
-- 
cgit v1.2.3