[FFmpeg-devel] [PATCH] huffyuv: check input buffer size
Reimar Döffinger
Reimar.Doeffinger
Wed Jul 1 21:19:21 CEST 2009
Hello,
FFmpeg's huffyuv decoder seems to decode without ever checkking if there is
enough data to decode available.
Following is a stupid patch to fix it, benchmarking or improvements I leave
to others...
I don't have a proper sample for this, but smclockhuffyuv.avi.1.10 from issue
1240 shows the invalid reads wthout this under valgrind.
Index: libavcodec/huffyuv.c
===================================================================
--- libavcodec/huffyuv.c (revision 19317)
+++ libavcodec/huffyuv.c (working copy)
@@ -714,7 +714,9 @@
/* TODO instead of restarting the read when the code isn't in the first level
* of the joint table, jump into the 2nd level of the individual table. */
#define READ_2PIX(dst0, dst1, plane1){\
- uint16_t code = get_vlc2(&s->gb, s->vlc[3+plane1].table, VLC_BITS, 1);\
+ uint16_t code; \
+ if (get_bits_count(&s->gb) >= s->gb.size_in_bits) return; \
+ code = get_vlc2(&s->gb, s->vlc[3+plane1].table, VLC_BITS, 1);\
if(code != 0xffff){\
dst0 = code>>8;\
dst1 = code;\
More information about the ffmpeg-devel
mailing list