ref: b14711ca0fe92056c6c076abbfad057029a58987
parent: 1efea985698591000cfa9b32964a0e7a3be03794
author: Wan-Teh Chang <wtc@google.com>
date: Fri Jun 19 11:41:12 EDT 2020
Simplify checks for dav1d_get_uleb128 out overflow
--- a/src/getbits.c
+++ b/src/getbits.c
@@ -27,6 +27,8 @@
#include "config.h"
+#include <limits.h>
+
#include "common/intops.h"
#include "src/getbits.h"
@@ -80,17 +82,17 @@
}
unsigned dav1d_get_uleb128(GetBits *c) {- unsigned val = 0, more, i = 0;
+ unsigned val = 0, more, i = 0, max = UINT_MAX;
do {more = dav1d_get_bits(c, 1);
unsigned bits = dav1d_get_bits(c, 7);
- if (i <= 3 || (i == 4 && bits < (1 << 4)))
- val |= bits << (i * 7);
- else if (bits) {+ if (bits > max) {c->error = 1;
return 0;
}
+ val |= bits << (i * 7);
+ max >>= 7;
if (more && ++i == 8) {c->error = 1;
return 0;