[FFmpeg-devel] [PATCH] vp6_parse_coeff_huffman misses buffer size check

Reimar Döffinger Reimar.Doeffinger
Sun Jul 5 14:19:52 CEST 2009

affected file is vp62/smclockvp62hsp.avi.1.1 from issue 1240.
One solution is just to check if there is still data available for every
coded coefficient. Given the overall complexity of the code that might
even be acceptable, no idea.
Probably vp6_parse_coeff needs the same kind of check, but I don't have
a sample file to test.
Anyway, that is the change I did (an additional av_log probably wouldn't
Index: libavcodec/vp6.c
--- libavcodec/vp6.c    (revision 19346)
+++ libavcodec/vp6.c    (working copy)
@@ -372,6 +372,8 @@
                 if (coeff_idx)
             } else {
+                if (get_bits_count(&s->gb) >= s->gb.size_in_bits)
+                    return;
                 coeff = get_vlc2(&s->gb, vlc_coeff->table, 9, 3);
                 if (coeff == 0) {
                     if (coeff_idx) {

More information about the ffmpeg-devel mailing list