[FFmpeg-devel] [PATCH 2/2] avcodec/cfhd: Use bytestream2 for peaks

Michael Niedermayer michael at niedermayer.cc
Sat Jul 14 02:14:25 EEST 2018 

This fixes out of array accesses
No testcase known

Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
 libavcodec/cfhd.c | 10 +++++-----
 libavcodec/cfhd.h |  3 ++-
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/libavcodec/cfhd.c b/libavcodec/cfhd.c
index ef5ebe42c5..76838f0869 100644
--- a/libavcodec/cfhd.c
+++ b/libavcodec/cfhd.c
@@ -79,7 +79,7 @@ static void init_peak_table_defaults(CFHDContext *s)
 {
     s->peak.level  = 0;
     s->peak.offset = 0;
-    s->peak.base   = NULL;
+    memset(&s->peak.base, 0, sizeof(s->peak.base));
 }
 
 static void init_frame_defaults(CFHDContext *s)
@@ -133,7 +133,7 @@ static inline void peak_table(int16_t *band, Peak *peak, int length)
     int i;
     for (i = 0; i < length; i++)
         if (abs(band[i]) > peak->level)
-            band[i] = *(peak->base++);
+            band[i] = bytestream2_get_le16(&peak->base);
 }
 
 static inline void process_alpha(int16_t *alpha, int width)
@@ -537,16 +537,16 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, int *got_frame,
         } else if (tag == -75) {
             s->peak.offset &= ~0xffff;
             s->peak.offset |= (data & 0xffff);
-            s->peak.base    = (int16_t *) gb.buffer;
+            s->peak.base    = gb;
             s->peak.level   = 0;
         } else if (tag == -76) {
             s->peak.offset &= 0xffff;
             s->peak.offset |= (data & 0xffffU)<<16;
-            s->peak.base    = (int16_t *) gb.buffer;
+            s->peak.base    = gb;
             s->peak.level   = 0;
         } else if (tag == -74 && s->peak.offset) {
             s->peak.level = data;
-            s->peak.base += s->peak.offset / 2 - 2;
+            bytestream2_seek(&s->peak.base, s->peak.offset - 4, SEEK_CUR);
         } else
             av_log(avctx, AV_LOG_DEBUG,  "Unknown tag %i data %x\n", tag, data);
 
diff --git a/libavcodec/cfhd.h b/libavcodec/cfhd.h
index 7cd251fca7..4f2c82d8bc 100644
--- a/libavcodec/cfhd.h
+++ b/libavcodec/cfhd.h
@@ -26,6 +26,7 @@
 #include "libavutil/avassert.h"
 
 #include "avcodec.h"
+#include "bytestream.h"
 #include "get_bits.h"
 #include "vlc.h"
 
@@ -71,7 +72,7 @@ typedef struct Plane {
 typedef struct Peak {
     int level;
     int offset;
-    const int16_t *base;
+    GetByteContext base;
 } Peak;
 
 typedef struct CFHDContext {
-- 
2.18.0

More information about the ffmpeg-devel mailing list