diff mbox series

[FFmpeg-devel,03/25] avcodec/magicyuv: Improve overread check when parsing Huffman tables

Message ID 20200926102804.228089-3-andreas.rheinhardt@gmail.com
State Accepted
Commit 85737a4d76f8a39ec5554abe62bcbc41b6123d09
Headers show
Series [FFmpeg-devel,01/25] avcodec/photocd: Simplify parsing Huffman tables a bit | expand

Checks

Context Check Description
andriy/default pending
andriy/make success Make finished
andriy/make_fate success Make fate finished

Commit Message

Andreas Rheinhardt Sept. 26, 2020, 10:27 a.m. UTC 
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
---
 libavcodec/magicyuv.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

Comments

Paul B Mahol Sept. 26, 2020, 10:43 a.m. UTC | #1 
On Sat, Sep 26, 2020 at 12:27:42PM +0200, Andreas Rheinhardt wrote:
> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
> ---
>  libavcodec/magicyuv.c | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
> 

lgtm

> diff --git a/libavcodec/magicyuv.c b/libavcodec/magicyuv.c
> index b56d3e9d32..d2f6a9b01e 100644
> --- a/libavcodec/magicyuv.c
> +++ b/libavcodec/magicyuv.c
> @@ -394,8 +394,13 @@ static int build_huffman(AVCodecContext *avctx, GetBitContext *gbit, int max)
>      while (get_bits_left(gbit) >= 8) {
>          int b = get_bits(gbit, 1);
>          int x = get_bits(gbit, 7);
> -        int l = get_bitsz(gbit, b * 8) + 1;
> +        int l = 1;
>  
> +        if (b) {
> +            if (get_bits_left(gbit) < 8)
> +                break;
> +            l += get_bits(gbit, 8);
> +        }
>          k = j + l;
>          if (k > max || x == 0 || x > 32) {
>              av_log(avctx, AV_LOG_ERROR, "Invalid Huffman codes\n");
> -- 
> 2.25.1
> 
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> 
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
diff mbox series

Patch

diff --git a/libavcodec/magicyuv.c b/libavcodec/magicyuv.c
index b56d3e9d32..d2f6a9b01e 100644
--- a/libavcodec/magicyuv.c
+++ b/libavcodec/magicyuv.c
@@ -394,8 +394,13 @@  static int build_huffman(AVCodecContext *avctx, GetBitContext *gbit, int max)
     while (get_bits_left(gbit) >= 8) {
         int b = get_bits(gbit, 1);
         int x = get_bits(gbit, 7);
-        int l = get_bitsz(gbit, b * 8) + 1;
+        int l = 1;
 
+        if (b) {
+            if (get_bits_left(gbit) < 8)
+                break;
+            l += get_bits(gbit, 8);
+        }
         k = j + l;
         if (k > max || x == 0 || x > 32) {
             av_log(avctx, AV_LOG_ERROR, "Invalid Huffman codes\n");