[FFmpeg-devel] [PATCH 03/25] avcodec/magicyuv: Improve overread check when parsing Huffman tables
Paul B Mahol
onemda at gmail.com
Sat Sep 26 13:43:38 EEST 2020
On Sat, Sep 26, 2020 at 12:27:42PM +0200, Andreas Rheinhardt wrote:
> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
> ---
> libavcodec/magicyuv.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
lgtm
> diff --git a/libavcodec/magicyuv.c b/libavcodec/magicyuv.c
> index b56d3e9d32..d2f6a9b01e 100644
> --- a/libavcodec/magicyuv.c
> +++ b/libavcodec/magicyuv.c
> @@ -394,8 +394,13 @@ static int build_huffman(AVCodecContext *avctx, GetBitContext *gbit, int max)
> while (get_bits_left(gbit) >= 8) {
> int b = get_bits(gbit, 1);
> int x = get_bits(gbit, 7);
> - int l = get_bitsz(gbit, b * 8) + 1;
> + int l = 1;
>
> + if (b) {
> + if (get_bits_left(gbit) < 8)
> + break;
> + l += get_bits(gbit, 8);
> + }
> k = j + l;
> if (k > max || x == 0 || x > 32) {
> av_log(avctx, AV_LOG_ERROR, "Invalid Huffman codes\n");
> --
> 2.25.1
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
More information about the ffmpeg-devel
mailing list