[FFmpeg-devel] [PATCH 1/2] avcodec/mjpegdec: Use correct number of codes for VLC tables

Andreas Rheinhardt andreas.rheinhardt at gmail.com
Thu Oct 8 20:57:55 EEST 2020 

Commit 1249698e1b424cff8e77e6a83cfdbc9d11e01aa7 made
ff_mjpeg_decode_dht() call build_vlc() with a wrong (too hight)
number of codes. The reason it worked is that the lengths of the extraneous
entries is initialized to zero and ff_init_vlc_sparse() ignores codes
with a length of zero. But using a too high number of codes was
nevertheless bad, because a) the assert in build_vlc() could have been
triggered (namely if the real amount of codes is 256) and b) the loop in
build_vlc() uses initialized data (leading to Valgrind errors [1]).
Furthermore, the old code spend CPU cycles in said loop although the
result won't be used anyway.

[1]: http://fate.ffmpeg.org/report.cgi?slot=x86_64-archlinux-gcc-valgrind&time=20201008025137

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
---
 libavcodec/mjpegdec.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index 44bbae010c..4128c47303 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -78,7 +78,7 @@ static int build_vlc(VLC *vlc, const uint8_t *bits_table,
 
     build_huffman_codes(huff_size, huff_code, bits_table);
 
-    for (i = 0; i < 256; i++) {
+    for (i = 0; i < nb_codes; i++) {
         huff_sym[i] = val_table[i] + 16 * is_ac;
 
         if (is_ac && !val_table[i])
@@ -295,15 +295,15 @@ int ff_mjpeg_decode_dht(MJpegDecodeContext *s)
         /* build VLC and flush previous vlc if present */
         ff_free_vlc(&s->vlcs[class][index]);
         av_log(s->avctx, AV_LOG_DEBUG, "class=%d index=%d nb_codes=%d\n",
-               class, index, n + 1);
+               class, index, n);
         if ((ret = build_vlc(&s->vlcs[class][index], bits_table, val_table,
-                             n + 1, 0, class > 0)) < 0)
+                             n, 0, class > 0)) < 0)
             return ret;
 
         if (class > 0) {
             ff_free_vlc(&s->vlcs[2][index]);
             if ((ret = build_vlc(&s->vlcs[2][index], bits_table, val_table,
-                                 n + 1, 0, 0)) < 0)
+                                 n, 0, 0)) < 0)
                 return ret;
         }
 
-- 
2.25.1

More information about the ffmpeg-devel mailing list