[FFmpeg-devel] [PATCH 03/25] avcodec/magicyuv: Improve overread check when parsing Huffman tables

Sat Sep 26 13:27:42 EEST 2020

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
---
 libavcodec/magicyuv.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/libavcodec/magicyuv.c b/libavcodec/magicyuv.c
index b56d3e9d32..d2f6a9b01e 100644
--- a/libavcodec/magicyuv.c
+++ b/libavcodec/magicyuv.c
@@ -394,8 +394,13 @@ static int build_huffman(AVCodecContext *avctx, GetBitContext *gbit, int max)
     while (get_bits_left(gbit) >= 8) {
         int b = get_bits(gbit, 1);
         int x = get_bits(gbit, 7);
-        int l = get_bitsz(gbit, b * 8) + 1;
+        int l = 1;
 
+        if (b) {
+            if (get_bits_left(gbit) < 8)
+                break;
+            l += get_bits(gbit, 8);
+        }
         k = j + l;
         if (k > max || x == 0 || x > 32) {
             av_log(avctx, AV_LOG_ERROR, "Invalid Huffman codes\n");
-- 
2.25.1

