From: Alex Converse <alex.converse@gmail.com>
Date: Thu, 17 Nov 2011 18:06:14 +0000 (-0800)
Subject: vp5: Fix illegal read.
X-Git-Tag: android-x86-4.4-r1~8529^2~4550
X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=bb4b0ad83b13c3af57675e80163f3f333adef96f;p=android-x86%2Fexternal-ffmpeg.git

vp5: Fix illegal read.

Found with Address Sanitizer
---

diff --git a/libavcodec/vp5.c b/libavcodec/vp5.c
index a1a38b0a03..56f667cb63 100644
--- a/libavcodec/vp5.c
+++ b/libavcodec/vp5.c
@@ -185,7 +185,8 @@ static void vp5_parse_coeff(VP56Context *s)
         model1 = model->coeff_dccv[pt];
         model2 = model->coeff_dcct[pt][ctx];
 
-        for (coeff_idx=0; coeff_idx<64; ) {
+        coeff_idx = 0;
+        for (;;) {
             if (vp56_rac_get_prob(c, model2[0])) {
                 if (vp56_rac_get_prob(c, model2[2])) {
                     if (vp56_rac_get_prob(c, model2[3])) {
@@ -222,8 +223,11 @@ static void vp5_parse_coeff(VP56Context *s)
                 ct = 0;
                 s->coeff_ctx[vp56_b6to4[b]][coeff_idx] = 0;
             }
+            coeff_idx++;
+            if (coeff_idx >= 64)
+                break;
 
-            cg = vp5_coeff_groups[++coeff_idx];
+            cg = vp5_coeff_groups[coeff_idx];
             ctx = s->coeff_ctx[vp56_b6to4[b]][coeff_idx];
             model1 = model->coeff_ract[pt][ct][cg];
             model2 = cg > 2 ? model1 : model->coeff_acct[pt][ct][cg][ctx];