RepoMirrors/ffmpeg
1
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2025-01-16 04:11:12 +00:00
Code Issues Projects Releases Wiki Activity

4xm: do not overread the prestream buffer

Browse Source 
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
This commit is contained in:
Luca Barbato 2013-06-07 16:18:22 +02:00
parent de2e5777e2
commit be373cb50d
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
libavcodec/4xm.c
View File

@ -579,7 +579,8 @@ static int decode_i_mb(FourXContext *f)
} }
static const uint8_t *read_huffman_tables(FourXContext *f, static const uint8_t *read_huffman_tables(FourXContext *f,
const uint8_t * const buf) const uint8_t * const buf,
int len)
{ {
int frequency[512] = { 0 }; int frequency[512] = { 0 };
uint8_t flag[512]; uint8_t flag[512];
@ -597,12 +598,20 @@ static const uint8_t *read_huffman_tables(FourXContext *f,
for (;;) { for (;;) {
int i; int i;
len -= end - start + 1;
if (end < start || len < 0)
return NULL;
for (i = start; i <= end; i++) for (i = start; i <= end; i++)
frequency[i] = *ptr++; frequency[i] = *ptr++;
start = *ptr++; start = *ptr++;
if (start == 0) if (start == 0)
break; break;
if (--len < 0)
return NULL;
end = *ptr++; end = *ptr++;
} }
frequency[256] = 1; frequency[256] = 1;
@ -744,7 +753,7 @@ static int decode_i_frame(FourXContext *f, AVFrame *frame, const uint8_t *buf, i
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;
} }
prestream = read_huffman_tables(f, prestream); prestream = read_huffman_tables(f, prestream, prestream_size);
if (!prestream) { if (!prestream) {
av_log(f->avctx, AV_LOG_ERROR, "Error reading Huffman tables.\n"); av_log(f->avctx, AV_LOG_ERROR, "Error reading Huffman tables.\n");
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;