[FFmpeg-cvslog] avcodec/vc1: fix DIFF2/NORM2 with width<=16
Michael Niedermayer
git at videolan.org
Sat Dec 14 18:11:12 CET 2013
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Sat Dec 14 17:55:25 2013 +0100| [2224159c787ed19a3cd2e061bc00af125c9c2cef] | committer: Michael Niedermayer
avcodec/vc1: fix DIFF2/NORM2 with width<=16
Fixes read of uninitialized memory
Fixes msan_uninit-mem_7f785da000e8_585_480i30__codec_WVC1__mode_2__framerate_29.970__type_2__preproc_17.wmv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2224159c787ed19a3cd2e061bc00af125c9c2cef
---
libavcodec/vc1.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/libavcodec/vc1.c b/libavcodec/vc1.c
index f20b946..6557724 100644
--- a/libavcodec/vc1.c
+++ b/libavcodec/vc1.c
@@ -122,12 +122,16 @@ static int bitplane_decoding(uint8_t* data, int *raw_flag, VC1Context *v)
case IMODE_NORM2:
if ((height * width) & 1) {
*planep++ = get_bits1(gb);
- offset = 1;
+ y = offset = 1;
+ if (offset == width) {
+ offset = 0;
+ planep += stride - width;
+ }
}
else
- offset = 0;
+ y = offset = 0;
// decode bitplane as one long line
- for (y = offset; y < height * width; y += 2) {
+ for (; y < height * width; y += 2) {
code = get_vlc2(gb, ff_vc1_norm2_vlc.table, VC1_NORM2_VLC_BITS, 1);
*planep++ = code & 1;
offset++;
More information about the ffmpeg-cvslog
mailing list