[FFmpeg-cvslog] avcodec/magicyuv: Improve overread check when parsing Huffman tables

Andreas Rheinhardt git at videolan.org
Sat Sep 26 22:12:17 EEST 2020


ffmpeg | branch: master | Andreas Rheinhardt <andreas.rheinhardt at gmail.com> | Wed Sep 23 05:42:31 2020 +0200| [85737a4d76f8a39ec5554abe62bcbc41b6123d09] | committer: Andreas Rheinhardt

avcodec/magicyuv: Improve overread check when parsing Huffman tables

Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=85737a4d76f8a39ec5554abe62bcbc41b6123d09
---

 libavcodec/magicyuv.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/libavcodec/magicyuv.c b/libavcodec/magicyuv.c
index b56d3e9d32..d2f6a9b01e 100644
--- a/libavcodec/magicyuv.c
+++ b/libavcodec/magicyuv.c
@@ -394,8 +394,13 @@ static int build_huffman(AVCodecContext *avctx, GetBitContext *gbit, int max)
     while (get_bits_left(gbit) >= 8) {
         int b = get_bits(gbit, 1);
         int x = get_bits(gbit, 7);
-        int l = get_bitsz(gbit, b * 8) + 1;
+        int l = 1;
 
+        if (b) {
+            if (get_bits_left(gbit) < 8)
+                break;
+            l += get_bits(gbit, 8);
+        }
         k = j + l;
         if (k > max || x == 0 || x > 32) {
             av_log(avctx, AV_LOG_ERROR, "Invalid Huffman codes\n");



More information about the ffmpeg-cvslog mailing list