Re: [libav-devel] [PATCH] huffyuv: error out on bit overrun.

Martin Storsjö Fri, 17 Feb 2012 15:09:43 -0800

On Fri, 17 Feb 2012, Ronald S. Bultje wrote:

From: "Ronald S. Bultje" <[email protected]>


On EOF, get_bits() will continuously return 0, causing an infinite
loop.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: [email protected]
---
libavcodec/huffyuv.c |    2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/libavcodec/huffyuv.c b/libavcodec/huffyuv.c
index ebbfc45..0c5f6be 100644
--- a/libavcodec/huffyuv.c
+++ b/libavcodec/huffyuv.c
@@ -184,7 +184,7 @@ static int read_len_table(uint8_t *dst, GetBitContext *gb){
        if(repeat==0)
            repeat= get_bits(gb, 8);
//printf("%d %d\n", val, repeat);
-        if(i+repeat > 256) {
+        if(i+repeat > 256 || get_bits_left(gb) < 0) {
            av_log(NULL, AV_LOG_ERROR, "Error reading huffman table\n");
            return -1;
        }
--
1.7.7.4


Looks sensible to me.

// Martin
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel

Re: [libav-devel] [PATCH] huffyuv: error out on bit overrun.

Reply via email to