[FFmpeg-cvslog] huffyuvdec: Check init_vlc() return codes.

Michael Niedermayer git at videolan.org
Tue Jan 29 18:23:05 CET 2013


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Tue Jan 29 17:56:19 2013 +0100| [f67a0d115254461649470452058fa3c28c0df294] | committer: Michael Niedermayer

huffyuvdec: Check init_vlc() return codes.

Prevents out of array writes

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f67a0d115254461649470452058fa3c28c0df294
---

 libavcodec/huffyuvdec.c |   14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/libavcodec/huffyuvdec.c b/libavcodec/huffyuvdec.c
index 9c92bf3..0bdd143 100644
--- a/libavcodec/huffyuvdec.c
+++ b/libavcodec/huffyuvdec.c
@@ -124,6 +124,7 @@ static void generate_joint_tables(HYuvContext *s)
                     int len1 = s->len[p][u];
                     if (len1 > limit)
                         continue;
+                    av_assert0(i < (1 << VLC_BITS));
                     len[i] = len0 + len1;
                     bits[i] = (s->bits[0][y] << len1) + s->bits[p][u];
                     symbols[i] = (y << 8) + u;
@@ -158,6 +159,7 @@ static void generate_joint_tables(HYuvContext *s)
                     int len2 = s->len[2][r & 255];
                     if (len2 > limit1)
                         continue;
+                    av_assert0(i < (1 << VLC_BITS));
                     len[i] = len0 + len1 + len2;
                     bits[i] = (code << len2) + s->bits[2][r & 255];
                     if (s->decorrelate) {
@@ -182,6 +184,7 @@ static int read_huffman_tables(HYuvContext *s, const uint8_t *src, int length)
 {
     GetBitContext gb;
     int i;
+    int ret;
 
     init_get_bits(&gb, src, length * 8);
 
@@ -192,8 +195,9 @@ static int read_huffman_tables(HYuvContext *s, const uint8_t *src, int length)
             return -1;
         }
         ff_free_vlc(&s->vlc[i]);
-        init_vlc(&s->vlc[i], VLC_BITS, 256, s->len[i], 1, 1,
-                 s->bits[i], 4, 4, 0);
+        if ((ret = init_vlc(&s->vlc[i], VLC_BITS, 256, s->len[i], 1, 1,
+                           s->bits[i], 4, 4, 0)) < 0)
+            return ret;
     }
 
     generate_joint_tables(s);
@@ -205,6 +209,7 @@ static int read_old_huffman_tables(HYuvContext *s)
 {
     GetBitContext gb;
     int i;
+    int ret;
 
     init_get_bits(&gb, classic_shift_luma,
                   classic_shift_luma_table_size * 8);
@@ -228,8 +233,9 @@ static int read_old_huffman_tables(HYuvContext *s)
 
     for (i = 0; i < 3; i++) {
         ff_free_vlc(&s->vlc[i]);
-        init_vlc(&s->vlc[i], VLC_BITS, 256, s->len[i], 1, 1,
-                 s->bits[i], 4, 4, 0);
+        if ((ret = init_vlc(&s->vlc[i], VLC_BITS, 256, s->len[i], 1, 1,
+                            s->bits[i], 4, 4, 0)) < 0)
+            return ret;
     }
 
     generate_joint_tables(s);



More information about the ffmpeg-cvslog mailing list