[FFmpeg-devel] [PATCH 2/6] Check for out of bound reads in xan_huffman_decode() of the xan decoder.

Reimar Döffinger Reimar.Doeffinger at gmx.de
Thu Sep 29 02:18:18 CEST 2011



On 29 Sep 2011, at 01:04, fenrir at elivagar.org wrote:

> From: Laurent Aimar <fenrir at videolan.org>
> 
> ---
> libavcodec/xan.c |    5 ++++-
> 1 files changed, 4 insertions(+), 1 deletions(-)
> 
> diff --git a/libavcodec/xan.c b/libavcodec/xan.c
> index 51b4b95..3359102 100644
> --- a/libavcodec/xan.c
> +++ b/libavcodec/xan.c
> @@ -114,7 +114,10 @@ static int xan_huffman_decode(unsigned char *dest, int dest_len,
>     init_get_bits(&gb, ptr, ptr_len * 8);
> 
>     while ( val != 0x16 ) {
> -        val = src[val - 0x17 + get_bits1(&gb) * byte];
> +        int idx = val - 0x17 + get_bits1(&gb) * byte;
> +        if (idx < 0 || idx >= 2 * byte)
> +            return -1;

Using unsigned will need one check less.
However I don't know if the condition is actually correct.


More information about the ffmpeg-devel mailing list