[FFmpeg-cvslog] avcodec/bitstream: Check code length before truncating to uint8_t
Andreas Rheinhardt
git at videolan.org
Wed Oct 28 12:49:13 EET 2020
ffmpeg | branch: master | Andreas Rheinhardt <andreas.rheinhardt at gmail.com> | Sat Oct 24 14:11:14 2020 +0200| [e75b6ec43b63c5ba5ca2202ffd06df4d5a018e4a] | committer: Andreas Rheinhardt
avcodec/bitstream: Check code length before truncating to uint8_t
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e75b6ec43b63c5ba5ca2202ffd06df4d5a018e4a
---
libavcodec/bitstream.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/libavcodec/bitstream.c b/libavcodec/bitstream.c
index 2685ff2968..2a796e0a3e 100644
--- a/libavcodec/bitstream.c
+++ b/libavcodec/bitstream.c
@@ -302,15 +302,17 @@ int ff_init_vlc_sparse(VLC *vlc_arg, int nb_bits, int nb_codes,
j = 0;
#define COPY(condition)\
for (i = 0; i < nb_codes; i++) { \
- GET_DATA(buf[j].bits, bits, i, bits_wrap, bits_size); \
+ unsigned len; \
+ GET_DATA(len, bits, i, bits_wrap, bits_size); \
if (!(condition)) \
continue; \
- if (buf[j].bits > 3*nb_bits || buf[j].bits>32) { \
- av_log(NULL, AV_LOG_ERROR, "Too long VLC (%d) in init_vlc\n", buf[j].bits);\
+ if (len > 3*nb_bits || len > 32) { \
+ av_log(NULL, AV_LOG_ERROR, "Too long VLC (%u) in init_vlc\n", len);\
if (buf != localbuf) \
av_free(buf); \
return AVERROR(EINVAL); \
} \
+ buf[j].bits = len; \
GET_DATA(buf[j].code, codes, i, codes_wrap, codes_size); \
if (buf[j].code >= (1LL<<buf[j].bits)) { \
av_log(NULL, AV_LOG_ERROR, "Invalid code %"PRIx32" for %d in " \
@@ -329,10 +331,10 @@ int ff_init_vlc_sparse(VLC *vlc_arg, int nb_bits, int nb_codes,
buf[j].symbol = i; \
j++; \
}
- COPY(buf[j].bits > nb_bits);
+ COPY(len > nb_bits);
// qsort is the slowest part of init_vlc, and could probably be improved or avoided
AV_QSORT(buf, j, struct VLCcode, compare_vlcspec);
- COPY(buf[j].bits && buf[j].bits <= nb_bits);
+ COPY(len && len <= nb_bits);
nb_codes = j;
ret = build_table(vlc, nb_bits, nb_codes, buf, flags);
More information about the ffmpeg-cvslog
mailing list