[FFmpeg-cvslog] avcodec/xface: correct the XFACE_MAX_* values

Michael Niedermayer git at videolan.org
Mon Dec 22 03:32:49 CET 2014


ffmpeg | branch: release/2.5 | Michael Niedermayer <michaelni at gmx.at> | Tue Dec 16 18:57:54 2014 +0100| [991ef3a67ec66b3f4e11752eff48b6ae925a1ba7] | committer: Michael Niedermayer

avcodec/xface: correct the XFACE_MAX_* values

Fixes out of array access

Fixes: asan_stack-oob_32c12e5_2536_cov_2442316831_lena.xface
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 93a5a16f136d095d23610f57bdad10ba88120fba)

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=991ef3a67ec66b3f4e11752eff48b6ae925a1ba7
---

 libavcodec/xface.h |   10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/libavcodec/xface.h b/libavcodec/xface.h
index 63df5d3..0236d71 100644
--- a/libavcodec/xface.h
+++ b/libavcodec/xface.h
@@ -41,17 +41,17 @@
 /*
  * Image is encoded as a big integer, using characters from '~' to
  * '!', for a total of 94 symbols. In order to express
- * 48x48*2=8*XFACE_MAX_WORDS=4608
- * bits, we need a total of 704 digits, as given by:
- * ceil(lg_94(2^4608)) = 704
+ * 48x48 pixels with the worst case encoding 666 symbols should
+ * be sufficient.
  */
-#define XFACE_MAX_DIGITS 704
+#define XFACE_MAX_DIGITS 666
 
 #define XFACE_BITSPERWORD 8
 #define XFACE_WORDCARRY (1 << XFACE_BITSPERWORD)
 #define XFACE_WORDMASK (XFACE_WORDCARRY - 1)
 
-#define XFACE_MAX_WORDS ((XFACE_PIXELS * 2 + XFACE_BITSPERWORD - 1) / XFACE_BITSPERWORD)
+// This must be larger or equal to log256(94^XFACE_MAX_DIGITS)
+#define XFACE_MAX_WORDS 546
 
 /* Portable, very large unsigned integer arithmetic is needed.
  * Implementation uses arrays of WORDs. */



More information about the ffmpeg-cvslog mailing list