From 79af5913681dca800f35bee89b5f18c56b8eef45 Mon Sep 17 00:00:00 2001
From: Yaowu Xu <yaowu@google.com>
Date: Wed, 18 Sep 2013 12:29:32 -0700
Subject: [PATCH] change to avoid invalid memory read.

The fake token EOSB may cause invaild memory read in pack token, this
commit reworked the loop to avoid such invalid read.

Change-Id: I37fdfce869b44a7f90003f82a02f84c45472a457
---
 vp9/encoder/vp9_bitstream.c | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/vp9/encoder/vp9_bitstream.c b/vp9/encoder/vp9_bitstream.c
index 957cfd2c0e..622f75fe60 100644
--- a/vp9/encoder/vp9_bitstream.c
+++ b/vp9/encoder/vp9_bitstream.c
@@ -283,7 +283,7 @@ static void pack_mb_tokens(vp9_writer* const bc,
                            const TOKENEXTRA *const stop) {
   TOKENEXTRA *p = *tp;
 
-  while (p < stop) {
+  while (p < stop && p->token != EOSB_TOKEN) {
     const int t = p->token;
     const struct vp9_token *const a = vp9_coef_encodings + t;
     const vp9_extra_bit *const b = vp9_extra_bits + t;
@@ -293,10 +293,6 @@ static void pack_mb_tokens(vp9_writer* const bc,
     int n = a->len;
     vp9_prob probs[ENTROPY_NODES];
 
-    if (t == EOSB_TOKEN) {
-      ++p;
-      break;
-    }
     if (t >= TWO_TOKEN) {
       vp9_model_to_full_probs(p->context_tree, probs);
       pp = probs;
@@ -338,7 +334,7 @@ static void pack_mb_tokens(vp9_writer* const bc,
     ++p;
   }
 
-  *tp = p;
+  *tp = p + (p->token == EOSB_TOKEN);
 }
 
 static void write_sb_mv_ref(vp9_writer *w, MB_PREDICTION_MODE mode,
-- 
GitLab