shithub: dav1d

Info • Files • Log • Branches

ref: 4abd6949dbd5861d76d009a6e997ade7f12b29a7
parent: 887c026966d2d781d0b296291c12b06839ede2ce
author: Janne Grunau <janne-vlc@jannau.net>
date: Fri Oct 19 07:44:51 EDT 2018

getbits: do not call get_bits(0) for coded value 0 in dav1d_get_vlc

Fixes clusterfuzz-testcase-minimized-dav1d_fuzzer-5669943870226432. Credits to
oss-fuzz.

--- a/src/getbits.c

+++ b/src/getbits.c

@@ -95,7 +95,7 @@

     while (!dav1d_get_bits(c, 1))

         if (++n_bits == 32)

             return 0xFFFFFFFFU;

-    return ((1 << n_bits) - 1) + dav1d_get_bits(c, n_bits);

+    return n_bits ? ((1 << n_bits) - 1) + dav1d_get_bits(c, n_bits) : 0;

 static unsigned get_bits_subexp_u(GetBits *const c, const unsigned ref,