avcodec/h264_cabac: Check decode_cabac_mb_mvd() for failure

Fixes harmless integer overflow Fixes Ticket5150 No speedloss measured, actually its slightly faster, but please benchmark & double check this Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2016-01-26 02:23:31 +0100
committer: Michael Niedermayer <michael@niedermayer.cc> 2016-02-14 21:09:07 +0100
commit: e5655a32bc745462cb820f4ccc3eaee146dd2cdc (patch)
tree: 2108e64d306135d2a57392a943a20a372e3efd18 /libavcodec/h264_cabac.c
parent: dcb6d5b831b32ade33d578ba593b1f65cb77191d (diff)
download: ffmpeg-e5655a32bc745462cb820f4ccc3eaee146dd2cdc.tar.gz
1 files changed, 6 insertions, 2 deletions
diff --git a/libavcodec/h264_cabac.c b/libavcodec/h264_cabac.c
index 04d412b74b..deab35a3d9 100644
--- a/libavcodec/h264_cabac.c
+++ b/libavcodec/h264_cabac.c
@@ -1540,8 +1540,12 @@ static int decode_cabac_mb_mvd(H264SliceContext *sl, int ctxbase, int amvd, int
     int amvd1 = sl->mvd_cache[list][scan8[n] - 1][1] +\
                 sl->mvd_cache[list][scan8[n] - 8][1];\
 \
-    mx += decode_cabac_mb_mvd(sl, 40, amvd0, &mpx);\
-    my += decode_cabac_mb_mvd(sl, 47, amvd1, &mpy);\
+    int mxd = decode_cabac_mb_mvd(sl, 40, amvd0, &mpx);\
+    int myd = decode_cabac_mb_mvd(sl, 47, amvd1, &mpy);\
+    if (mxd == INT_MIN || myd == INT_MIN) \
+        return AVERROR_INVALIDDATA; \
+    mx += mxd;\
+    my += myd;\
 }
 
 static av_always_inline int get_cabac_cbf_ctx(H264SliceContext *sl,
author	Michael Niedermayer <michael@niedermayer.cc>	2016-01-26 02:23:31 +0100
committer	Michael Niedermayer <michael@niedermayer.cc>	2016-02-14 21:09:07 +0100
commit	e5655a32bc745462cb820f4ccc3eaee146dd2cdc (patch)
tree	2108e64d306135d2a57392a943a20a372e3efd18 /libavcodec/h264_cabac.c
parent	dcb6d5b831b32ade33d578ba593b1f65cb77191d (diff)
download	ffmpeg-e5655a32bc745462cb820f4ccc3eaee146dd2cdc.tar.gz