avcodec/faxcompr: Check remaining bits on error in decode_group3_1d_line()

author Michael Niedermayer <michael@niedermayer.cc>

Thu, 15 Apr 2021 18:08:22 +0000 (20:08 +0200)

committer Michael Niedermayer <michael@niedermayer.cc>

Thu, 22 Apr 2021 13:06:55 +0000 (15:06 +0200)
author Michael Niedermayer <michael@niedermayer.cc>
Thu, 15 Apr 2021 18:08:22 +0000 (20:08 +0200)
committer Michael Niedermayer <michael@niedermayer.cc>
Thu, 22 Apr 2021 13:06:55 +0000 (15:06 +0200)
diff --git a/libavcodec/faxcompr.c b/libavcodec/faxcompr.c

index 3dd64cf73069e96d082b8fb938bface543f1950e..7bf11d80ca11e3d6fa19a111f26572ad6dd0f22b 100644 (file)
--- a/libavcodec/faxcompr.c
+++ b/libavcodec/faxcompr.c
@@ -227,7 +227,7 @@ static int decode_group3_1d_line(AVCodecContext *avctx, GetBitContext *gb,
              run       = 0;
              mode      = !mode;
          } else if ((int)t == -1) {
-            if (show_bits(gb, 12) == 15) {
+            if (get_bits_left(gb) > 12 && show_bits(gb, 12) == 15) {
                  int ret;
                  skip_bits(gb, 12);
                  ret = decode_uncompressed(avctx, gb, &pix_left, &runs, runend, &mode);
author	Michael Niedermayer <michael@niedermayer.cc>
	Thu, 15 Apr 2021 18:08:22 +0000 (20:08 +0200)
committer	Michael Niedermayer <michael@niedermayer.cc>
	Thu, 22 Apr 2021 13:06:55 +0000 (15:06 +0200)