[FFmpeg-cvslog] huffyuvdec: Check init_vlc() return codes.
Michael Niedermayer
git at videolan.org
Mon Feb 11 12:41:02 CET 2013
ffmpeg | branch: release/0.5 | Michael Niedermayer <michaelni at gmx.at> | Tue Jan 29 18:29:41 2013 +0100| [272e7f6443b76fb47192930d157bfd9284294188] | committer: Michael Niedermayer
huffyuvdec: Check init_vlc() return codes.
Prevents out of array writes
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit f67a0d115254461649470452058fa3c28c0df294)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 95ab8d33e1a680f30a5a9605175112008ab81afc)
Conflicts:
libavcodec/huffyuv.c
(cherry picked from commit 277def59fce10d91e3113e5c0f63e22bc4abfa88)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=272e7f6443b76fb47192930d157bfd9284294188
---
libavcodec/huffyuv.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/libavcodec/huffyuv.c b/libavcodec/huffyuv.c
index dfa06d5..93e9e74 100644
--- a/libavcodec/huffyuv.c
+++ b/libavcodec/huffyuv.c
@@ -318,6 +318,7 @@ static void generate_joint_tables(HYuvContext *s){
int len1 = s->len[p][u];
if(len1 > limit)
continue;
+ assert(i < (1 << VLC_BITS));
len[i] = len0 + len1;
bits[i] = (s->bits[0][y] << len1) + s->bits[p][u];
symbols[i] = (y<<8) + u;
@@ -351,6 +352,7 @@ static void generate_joint_tables(HYuvContext *s){
int len2 = s->len[2][r&255];
if(len2 > limit1)
continue;
+ assert(i < (1 << VLC_BITS));
len[i] = len0 + len1 + len2;
bits[i] = (code << len2) + s->bits[2][r&255];
if(s->decorrelate){
@@ -374,6 +376,7 @@ static void generate_joint_tables(HYuvContext *s){
static int read_huffman_tables(HYuvContext *s, uint8_t *src, int length){
GetBitContext gb;
int i;
+ int ret;
init_get_bits(&gb, src, length*8);
@@ -389,7 +392,8 @@ printf("%6X, %2d, %3d\n", s->bits[i][j], s->len[i][j], j);
}
#endif
free_vlc(&s->vlc[i]);
- init_vlc(&s->vlc[i], VLC_BITS, 256, s->len[i], 1, 1, s->bits[i], 4, 4, 0);
+ if ((ret = init_vlc(&s->vlc[i], VLC_BITS, 256, s->len[i], 1, 1, s->bits[i], 4, 4, 0)) < 0)
+ return ret;
}
generate_joint_tables(s);
@@ -401,6 +405,7 @@ static int read_old_huffman_tables(HYuvContext *s){
#if 1
GetBitContext gb;
int i;
+ int ret;
init_get_bits(&gb, classic_shift_luma, sizeof(classic_shift_luma)*8);
read_len_table(s->len[0], &gb);
@@ -419,7 +424,8 @@ static int read_old_huffman_tables(HYuvContext *s){
for(i=0; i<3; i++){
free_vlc(&s->vlc[i]);
- init_vlc(&s->vlc[i], VLC_BITS, 256, s->len[i], 1, 1, s->bits[i], 4, 4, 0);
+ if ((ret = init_vlc(&s->vlc[i], VLC_BITS, 256, s->len[i], 1, 1, s->bits[i], 4, 4, 0)) < 0)
+ return ret;
}
generate_joint_tables(s);
More information about the ffmpeg-cvslog
mailing list