mirror of https://git.ffmpeg.org/ffmpeg.git
huffyuv: add padding to classic (v1) huffman tables.
We slightly overread the input buffer, so we require padding at the end of the buffer, as is documented in the get_bits API. Without padding, we'll read uninitialized data or beyond the end of the .rodata, which may crash. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org
This commit is contained in:
parent
4c25269ced
commit
4ffe5e2aa5
|
@ -82,13 +82,15 @@ typedef struct HYuvContext{
|
||||||
DSPContext dsp;
|
DSPContext dsp;
|
||||||
}HYuvContext;
|
}HYuvContext;
|
||||||
|
|
||||||
static const unsigned char classic_shift_luma[] = {
|
#define classic_shift_luma_table_size 42
|
||||||
|
static const unsigned char classic_shift_luma[classic_shift_luma_table_size + FF_INPUT_BUFFER_PADDING_SIZE] = {
|
||||||
34,36,35,69,135,232,9,16,10,24,11,23,12,16,13,10,14,8,15,8,
|
34,36,35,69,135,232,9,16,10,24,11,23,12,16,13,10,14,8,15,8,
|
||||||
16,8,17,20,16,10,207,206,205,236,11,8,10,21,9,23,8,8,199,70,
|
16,8,17,20,16,10,207,206,205,236,11,8,10,21,9,23,8,8,199,70,
|
||||||
69,68, 0
|
69,68, 0
|
||||||
};
|
};
|
||||||
|
|
||||||
static const unsigned char classic_shift_chroma[] = {
|
#define classic_shift_chroma_table_size 59
|
||||||
|
static const unsigned char classic_shift_chroma[classic_shift_chroma_table_size + FF_INPUT_BUFFER_PADDING_SIZE] = {
|
||||||
66,36,37,38,39,40,41,75,76,77,110,239,144,81,82,83,84,85,118,183,
|
66,36,37,38,39,40,41,75,76,77,110,239,144,81,82,83,84,85,118,183,
|
||||||
56,57,88,89,56,89,154,57,58,57,26,141,57,56,58,57,58,57,184,119,
|
56,57,88,89,56,89,154,57,58,57,26,141,57,56,58,57,58,57,184,119,
|
||||||
214,245,116,83,82,49,80,79,78,77,44,75,41,40,39,38,37,36,34, 0
|
214,245,116,83,82,49,80,79,78,77,44,75,41,40,39,38,37,36,34, 0
|
||||||
|
@ -366,10 +368,10 @@ static int read_old_huffman_tables(HYuvContext *s){
|
||||||
GetBitContext gb;
|
GetBitContext gb;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
init_get_bits(&gb, classic_shift_luma, sizeof(classic_shift_luma)*8);
|
init_get_bits(&gb, classic_shift_luma, classic_shift_luma_table_size*8);
|
||||||
if(read_len_table(s->len[0], &gb)<0)
|
if(read_len_table(s->len[0], &gb)<0)
|
||||||
return -1;
|
return -1;
|
||||||
init_get_bits(&gb, classic_shift_chroma, sizeof(classic_shift_chroma)*8);
|
init_get_bits(&gb, classic_shift_chroma, classic_shift_chroma_table_size*8);
|
||||||
if(read_len_table(s->len[1], &gb)<0)
|
if(read_len_table(s->len[1], &gb)<0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue