[FFmpeg-cvslog] avcodec/mjpegdec: Reorder operations to avoid undefined behavior
Michael Niedermayer
git at videolan.org
Thu Jul 2 19:07:05 CEST 2015
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Thu Jul 2 18:53:17 2015 +0200| [c9220d5b06536ac359166214b4131a1f15244617] | committer: Michael Niedermayer
avcodec/mjpegdec: Reorder operations to avoid undefined behavior
Fixes: asan_heap-oob_1dd60fd_267_cov_2954683513_5baad44ca4702949724234e35c5bb341.jpg
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c9220d5b06536ac359166214b4131a1f15244617
---
libavcodec/mjpegdec.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index 8bf950d..f85eabf 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -719,7 +719,7 @@ static int decode_dc_progressive(MJpegDecodeContext *s, int16_t *block,
av_log(s->avctx, AV_LOG_ERROR, "error dc\n");
return AVERROR_INVALIDDATA;
}
- val = (val * quant_matrix[0] << Al) + s->last_dc[component];
+ val = (val * (quant_matrix[0] << Al)) + s->last_dc[component];
s->last_dc[component] = val;
block[0] = val;
return 0;
@@ -762,14 +762,14 @@ static int decode_block_progressive(MJpegDecodeContext *s, int16_t *block,
if (i >= se) {
if (i == se) {
j = s->scantable.permutated[se];
- block[j] = level * quant_matrix[j] << Al;
+ block[j] = level * (quant_matrix[j] << Al);
break;
}
av_log(s->avctx, AV_LOG_ERROR, "error count: %d\n", i);
return AVERROR_INVALIDDATA;
}
j = s->scantable.permutated[i];
- block[j] = level * quant_matrix[j] << Al;
+ block[j] = level * (quant_matrix[j] << Al);
} else {
if (run == 0xF) {// ZRL - skip 15 coefficients
i += 15;
@@ -848,7 +848,7 @@ static int decode_block_refinement(MJpegDecodeContext *s, int16_t *block,
ZERO_RUN;
j = s->scantable.permutated[i];
val--;
- block[j] = ((quant_matrix[j]^val) - val) << Al;
+ block[j] = ((quant_matrix[j] << Al) ^ val) - val;
if (i == se) {
if (i > *last_nnz)
*last_nnz = i;
More information about the ffmpeg-cvslog
mailing list