diff options
| author | Harish Mahendrakar <harish.mahendrakar@ittiam.com> | 2016-05-13 19:59:37 +0000 |
|---|---|---|
| committer | android-build-merger <android-build-merger@google.com> | 2016-05-13 19:59:37 +0000 |
| commit | 18c905dd013ffbef11082f782b96b653f0d70777 (patch) | |
| tree | e076be2aca12972193cf3d6754cc5f2c6b67ace6 | |
| parent | f725093d8ba60dcb7724850cf668fa2b7c0a6473 (diff) | |
| parent | 8a34f810ab8cc44db2251e8dc1c078fea3d36b6e (diff) | |
| download | libmpeg2-nougat-cts-release.tar.gz | |
Fixed out of bound read in flush_bits am: 763ffef681 am: 16620937c2 am: cb0ef8df6eandroid-cts-7.0_r9android-cts-7.0_r8android-cts-7.0_r7android-cts-7.0_r6android-cts-7.0_r5android-cts-7.0_r4android-cts-7.0_r33android-cts-7.0_r32android-cts-7.0_r31android-cts-7.0_r30android-cts-7.0_r3android-cts-7.0_r29android-cts-7.0_r28android-cts-7.0_r27android-cts-7.0_r26android-cts-7.0_r25android-cts-7.0_r24android-cts-7.0_r23android-cts-7.0_r22android-cts-7.0_r21android-cts-7.0_r20android-cts-7.0_r2android-cts-7.0_r19android-cts-7.0_r18android-cts-7.0_r17android-cts-7.0_r16android-cts-7.0_r15android-cts-7.0_r14android-cts-7.0_r13android-cts-7.0_r12android-cts-7.0_r11android-cts-7.0_r10android-cts-7.0_r1android-7.0.0_r9android-7.0.0_r8android-7.0.0_r7android-7.0.0_r6android-7.0.0_r5android-7.0.0_r4android-7.0.0_r31android-7.0.0_r30android-7.0.0_r3android-7.0.0_r29android-7.0.0_r28android-7.0.0_r27android-7.0.0_r24android-7.0.0_r21android-7.0.0_r19android-7.0.0_r17android-7.0.0_r15android-7.0.0_r14android-7.0.0_r13android-7.0.0_r12android-7.0.0_r11android-7.0.0_r10android-7.0.0_r1nougat-releasenougat-devnougat-cts-releasenougat-bugfix-release
am: 8a34f810ab
* commit '8a34f810ab8cc44db2251e8dc1c078fea3d36b6e':
Fixed out of bound read in flush_bits
Change-Id: If2bf55fa0d027e958d2e1e36ffe407e8944523a0
| -rw-r--r-- | decoder/impeg2d_bitstream.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/decoder/impeg2d_bitstream.c b/decoder/impeg2d_bitstream.c index b67161d..36092e5 100644 --- a/decoder/impeg2d_bitstream.c +++ b/decoder/impeg2d_bitstream.c @@ -191,12 +191,21 @@ INLINE UWORD8 impeg2d_bit_stream_get_bit(stream_t *ps_stream) INLINE void impeg2d_bit_stream_flush(void* pv_ctxt, UWORD32 u4_no_of_bits) { stream_t *ps_stream = (stream_t *)pv_ctxt; - - - if (ps_stream->u4_offset < ps_stream->u4_max_offset) + if ((ps_stream->u4_offset + 64) < ps_stream->u4_max_offset) { FLUSH_BITS(ps_stream->u4_offset,ps_stream->u4_buf,ps_stream->u4_buf_nxt,u4_no_of_bits,ps_stream->pu4_buf_aligned) } + else + { + UWORD32 u4_temp; + + if (((ps_stream->u4_offset & 0x1f) + u4_no_of_bits) >= 32) + { + ps_stream->u4_buf = ps_stream->u4_buf_nxt; + ps_stream->u4_buf_nxt = 0; + } + ps_stream->u4_offset += u4_no_of_bits; + } return; } /****************************************************************************** |