obu: fix setting num_ticks_per_picture in sequence headers

This fixes a potential overflow when setting num_ticks_per_picture if
dav1d_get_vlc() returns (1 << 32) - 1.
parent 36b807af
......@@ -203,7 +203,7 @@ typedef struct Dav1dSequenceHeader {
int num_units_in_tick;
int time_scale;
int equal_picture_interval;
int num_ticks_per_picture;
unsigned num_ticks_per_picture;
int decoder_model_info_present;
int encoder_decoder_buffer_delay_length;
int num_units_in_decoding_tick;
......
......@@ -84,8 +84,12 @@ static int parse_seq_hdr(Dav1dContext *const c, GetBits *const gb,
hdr->num_units_in_tick = dav1d_get_bits(gb, 32);
hdr->time_scale = dav1d_get_bits(gb, 32);
hdr->equal_picture_interval = dav1d_get_bits(gb, 1);
if (hdr->equal_picture_interval)
hdr->num_ticks_per_picture = dav1d_get_vlc(gb) + 1;
if (hdr->equal_picture_interval) {
unsigned num_ticks_per_picture = dav1d_get_vlc(gb);
if (num_ticks_per_picture == 0xFFFFFFFFU)
goto error;
hdr->num_ticks_per_picture = num_ticks_per_picture + 1;
}
hdr->decoder_model_info_present = dav1d_get_bits(gb, 1);
if (hdr->decoder_model_info_present) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment