[FFmpeg-cvslog] svq1enc: fix out of bounds reads
Andreas Cadhalpun
git at videolan.org
Wed Jan 27 00:09:19 CET 2016
ffmpeg | branch: master | Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com> | Thu Jan 21 22:36:36 2016 +0100| [9079e99d2c462ec7ef2e89d9e77ee6c3553dacce] | committer: Andreas Cadhalpun
svq1enc: fix out of bounds reads
level can be 5, but there are only four codebooks.
Fixes ubsan runtime error: index 5 out of bounds for type 'int8_t
[4][96]'
Reviewed-by: Michael Niedermayer <michael at niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9079e99d2c462ec7ef2e89d9e77ee6c3553dacce
---
libavcodec/svq1enc.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/libavcodec/svq1enc.c b/libavcodec/svq1enc.c
index 1e1745e..d968d36 100644
--- a/libavcodec/svq1enc.c
+++ b/libavcodec/svq1enc.c
@@ -104,7 +104,9 @@ static int encode_block(SVQ1EncContext *s, uint8_t *src, uint8_t *ref,
best_score = 0;
// FIXME: Optimize, this does not need to be done multiple times.
if (intra) {
- codebook_sum = svq1_intra_codebook_sum[level];
+ // level is 5 when encode_block is called from svq1_encode_plane
+ // and always < 4 when called recursively from this function.
+ codebook_sum = level < 4 ? svq1_intra_codebook_sum[level] : NULL;
codebook = ff_svq1_intra_codebooks[level];
mean_vlc = ff_svq1_intra_mean_vlc;
multistage_vlc = ff_svq1_intra_multistage_vlc[level];
@@ -117,7 +119,8 @@ static int encode_block(SVQ1EncContext *s, uint8_t *src, uint8_t *ref,
}
}
} else {
- codebook_sum = svq1_inter_codebook_sum[level];
+ // level is 5 or < 4, see above for details.
+ codebook_sum = level < 4 ? svq1_inter_codebook_sum[level] : NULL;
codebook = ff_svq1_inter_codebooks[level];
mean_vlc = ff_svq1_inter_mean_vlc + 256;
multistage_vlc = ff_svq1_inter_multistage_vlc[level];
More information about the ffmpeg-cvslog
mailing list