[FFmpeg-devel] [PATCH] avcodec/cbs_jpeg: Fix size of huffman symbol table array

Tue Feb 8 11:41:06 EET 2022

L[i] can be in the range of 0-255, see table B.5 of ITU T.81.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at outlook.com>
---
 libavcodec/cbs_jpeg.h                 | 2 +-
 libavcodec/cbs_jpeg_syntax_template.c | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/libavcodec/cbs_jpeg.h b/libavcodec/cbs_jpeg.h
index 6305f0ee86..9dbebd259f 100644
--- a/libavcodec/cbs_jpeg.h
+++ b/libavcodec/cbs_jpeg.h
@@ -99,7 +99,7 @@ typedef struct JPEGRawHuffmanTable {
     uint8_t  Tc;
     uint8_t  Th;
     uint8_t  L[16];
-    uint8_t  V[224];
+    uint8_t  V[256];
 } JPEGRawHuffmanTable;
 
 typedef struct JPEGRawHuffmanTableSpecification {
diff --git a/libavcodec/cbs_jpeg_syntax_template.c b/libavcodec/cbs_jpeg_syntax_template.c
index 6eda56d623..e06abdc674 100644
--- a/libavcodec/cbs_jpeg_syntax_template.c
+++ b/libavcodec/cbs_jpeg_syntax_template.c
@@ -84,12 +84,12 @@ static int FUNC(huffman_table)(CodedBitstreamContext *ctx, RWContext *rw,
     u(4, Th, 0, 3);
 
     for (i = 0; i < 16; i++)
-        us(8, L[i], i, 0, 224);
+        us(8, L[i], i, 0, 255);
 
     ij = 0;
     for (i = 0; i < 16; i++) {
         for (j = 0; j < current->L[i]; j++) {
-            if (ij >= 224)
+            if (ij >= FF_ARRAY_ELEMS(current->V))
                 return AVERROR_INVALIDDATA;
             us(8, V[ij], ij, 0, 255);
             ++ij;
-- 
2.32.0

