[FFmpeg-devel] [PATCH] avcodec/cbs_jpeg: Fix size of huffman symbol table array

Andreas Rheinhardt andreas.rheinhardt at outlook.com
Fri Feb 11 11:28:03 EET 2022


Andreas Rheinhardt:
> L[i] can be in the range of 0-255, see table B.5 of ITU T.81.
> 
> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at outlook.com>
> ---
>  libavcodec/cbs_jpeg.h                 | 2 +-
>  libavcodec/cbs_jpeg_syntax_template.c | 4 ++--
>  2 files changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/libavcodec/cbs_jpeg.h b/libavcodec/cbs_jpeg.h
> index 6305f0ee86..9dbebd259f 100644
> --- a/libavcodec/cbs_jpeg.h
> +++ b/libavcodec/cbs_jpeg.h
> @@ -99,7 +99,7 @@ typedef struct JPEGRawHuffmanTable {
>      uint8_t  Tc;
>      uint8_t  Th;
>      uint8_t  L[16];
> -    uint8_t  V[224];
> +    uint8_t  V[256];
>  } JPEGRawHuffmanTable;
>  
>  typedef struct JPEGRawHuffmanTableSpecification {
> diff --git a/libavcodec/cbs_jpeg_syntax_template.c b/libavcodec/cbs_jpeg_syntax_template.c
> index 6eda56d623..e06abdc674 100644
> --- a/libavcodec/cbs_jpeg_syntax_template.c
> +++ b/libavcodec/cbs_jpeg_syntax_template.c
> @@ -84,12 +84,12 @@ static int FUNC(huffman_table)(CodedBitstreamContext *ctx, RWContext *rw,
>      u(4, Th, 0, 3);
>  
>      for (i = 0; i < 16; i++)
> -        us(8, L[i], i, 0, 224);
> +        us(8, L[i], i, 0, 255);
>  
>      ij = 0;
>      for (i = 0; i < 16; i++) {
>          for (j = 0; j < current->L[i]; j++) {
> -            if (ij >= 224)
> +            if (ij >= FF_ARRAY_ELEMS(current->V))
>                  return AVERROR_INVALIDDATA;
>              us(8, V[ij], ij, 0, 255);
>              ++ij;

Will apply this later tonight unless there are objections.

- Andreas


More information about the ffmpeg-devel mailing list