[Ffmpeg-devel] [PATCH] fix jpegls unitialized data reading
Reimar Döffinger
Reimar.Doeffinger
Sat Dec 9 23:52:54 CET 2006
Hello,
On Sat, Dec 09, 2006 at 11:48:17PM +0100, Reimar D?ffinger wrote:
> On Sat, Dec 09, 2006 at 11:29:57PM +0100, Reimar D?ffinger wrote:
> > + put_bits(&pb2, 16, 0);
> > flush_put_bits(&pb2);
> > /* do escape coding */
> > - size = put_bits_count(&pb2) >> 3;
> > + size = (put_bits_count(&pb2) >> 3) - 2;
>
> Just initializing 8 extra bits instead of 16 is enough, because v ==
> 0xff is not possible when we already hit the end before reading v
> completely.
> Actually that even means that 7 bits extra initialization would be
> enough, but that would be complicate to compensate due to
> flush_put_bits.
> Of course, just a memset of buf2 to 0 right at the start works, too.
Sorry, yet another correction. init_get_bits should get the larger size,
too, in case somebody adds thorough checking of get_bits limits e.g. for
debugging purposes.
-------------- next part --------------
Index: libavcodec/jpeg_ls.c
===================================================================
--- libavcodec/jpeg_ls.c (revision 7265)
+++ libavcodec/jpeg_ls.c (working copy)
@@ -804,10 +804,12 @@
av_free(zero);
av_free(state);
+ put_bits(&pb2, 8, 0);
flush_put_bits(&pb2);
/* do escape coding */
size = put_bits_count(&pb2) >> 3;
init_get_bits(&gb, buf2, size);
+ size--;
while(get_bits_count(&gb) < size * 8){
int v;
v = get_bits(&gb, 8);
More information about the ffmpeg-devel
mailing list