avcodec/h264_cabac: Tighten allowed coeff_abs range

Fixes: integer overflows
Reported-by: "Xiaohan Wang (王消寒)" <xhwang@chromium.org>
Based on limits in "8.5 Transform coefficient decoding process and picture
construction process prior to deblocking  filter process"

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

diff --git a/libavcodec/h264_cabac.c b/libavcodec/h264_cabac.c
index ec5fc74b9b1d46d494f7d42ea8f75aae2b6ffd03..815149a501acb5313c18ac578ffddccc338d5529 100644 (file)
--- a/libavcodec/h264_cabac.c
+++ b/libavcodec/h264_cabac.c
@@ -1735,7 +1735,7 @@ decode_cabac_residual_internal(const H264Context *h, H264SliceContext *sl,
 \
             if( coeff_abs >= 15 ) { \
                 int j = 0; \
-                while (get_cabac_bypass(CC) && j < 30) { \
+                while (get_cabac_bypass(CC) && j < 16+7) { \
                     j++; \
                 } \
 \