openharmony/third_party_ffmpeg
1
0
Fork 0
mirror of https://gitee.com/openharmony/third_party_ffmpeg synced 2024-11-24 03:39:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

exr: fix out of bounds read in get_code

Browse Source 
This macro unconditionally used out[-1], which causes an out of bounds
read, if out is the very beginning of the buffer.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
This commit is contained in:
Andreas Cadhalpun 2015-12-13 23:37:25 +01:00 committed by Luca Barbato
parent 17776638c3
commit 5ea59b1f42
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
libavcodec/exr.c
View File

@ -459,7 +459,7 @@ static int huf_build_dec_table(const uint64_t *hcode, int im,
lc += 8; \
}
#define get_code(po, rlc, c, lc, gb, out, oe) \
#define get_code(po, rlc, c, lc, gb, out, oe, outb) \
{ \
if (po == rlc) { \
if (lc < 8) \
@ -468,7 +468,7 @@ static int huf_build_dec_table(const uint64_t *hcode, int im,
\
cs = c >> lc; \
\
if (out + cs > oe) \
if (out + cs > oe || out == outb) \
return AVERROR_INVALIDDATA; \
\
s = out[-1]; \
@ -501,7 +501,7 @@ static int huf_decode(const uint64_t *hcode, const HufDec *hdecod,
if (pl.len) {
lc -= pl.len;
get_code(pl.lit, rlc, c, lc, gb, out, oe);
get_code(pl.lit, rlc, c, lc, gb, out, oe, outb);
} else {
int j;
@ -518,7 +518,7 @@ static int huf_decode(const uint64_t *hcode, const HufDec *hdecod,
if ((hcode[pl.p[j]] >> 6) ==
((c >> (lc - l)) & ((1LL << l) - 1))) {
lc -= l;
get_code(pl.p[j], rlc, c, lc, gb, out, oe);
get_code(pl.p[j], rlc, c, lc, gb, out, oe, outb);
break;
}
}
@ -539,7 +539,7 @@ static int huf_decode(const uint64_t *hcode, const HufDec *hdecod,
if (pl.len) {
lc -= pl.len;
get_code(pl.lit, rlc, c, lc, gb, out, oe);
get_code(pl.lit, rlc, c, lc, gb, out, oe, outb);
} else {
return AVERROR_INVALIDDATA;
}