Mercurial > libavcodec.hg

comparison huffyuv.c @ 9917:2e8083f6524e libavcodec

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fix a buffer overrun on corrupt huffyuv streams
author lorenm
date Sat, 04 Jul 2009 23:59:10 +0000
parents 2fb2e212318b
children 266bf83f634d
comparison
equal deleted inserted replaced
9916:2c1c28f26a27 9917:2e8083f6524e
211 *red= src[(w-1)*4+R]; 211 *red= src[(w-1)*4+R];
212 *green= src[(w-1)*4+G]; 212 *green= src[(w-1)*4+G];
213 *blue= src[(w-1)*4+B]; 213 *blue= src[(w-1)*4+B];
214 } 214 }
215 215
216 static void read_len_table(uint8_t *dst, GetBitContext *gb){ 216 static int read_len_table(uint8_t *dst, GetBitContext *gb){
217 int i, val, repeat; 217 int i, val, repeat;
218 218
219 for(i=0; i<256;){ 219 for(i=0; i<256;){
220 repeat= get_bits(gb, 3); 220 repeat= get_bits(gb, 3);
221 val = get_bits(gb, 5); 221 val = get_bits(gb, 5);
222 if(repeat==0) 222 if(repeat==0)
223 repeat= get_bits(gb, 8); 223 repeat= get_bits(gb, 8);
224 //printf("%d %d\n", val, repeat); 224 //printf("%d %d\n", val, repeat);
225 if(i+repeat > 256) {
226 av_log(NULL, AV_LOG_ERROR, "Error reading huffman table\n");
227 return -1;
228 }
225 while (repeat--) 229 while (repeat--)
226 dst[i++] = val; 230 dst[i++] = val;
227 } 231 }
232 return 0;
228 } 233 }
229 234
230 static int generate_bits_table(uint32_t *dst, uint8_t *len_table){ 235 static int generate_bits_table(uint32_t *dst, uint8_t *len_table){
231 int len, index; 236 int len, index;
232 uint32_t bits=0; 237 uint32_t bits=0;
377 int i; 382 int i;
378 383
379 init_get_bits(&gb, src, length*8); 384 init_get_bits(&gb, src, length*8);
380 385
381 for(i=0; i<3; i++){ 386 for(i=0; i<3; i++){
382 read_len_table(s->len[i], &gb); 387 if(read_len_table(s->len[i], &gb)<0)
383 388 return -1;
384 if(generate_bits_table(s->bits[i], s->len[i])<0){ 389 if(generate_bits_table(s->bits[i], s->len[i])<0){
385 return -1; 390 return -1;
386 } 391 }
387 #if 0 392 #if 0
388 for(j=0; j<256; j++){ 393 for(j=0; j<256; j++){
402 #if 1 407 #if 1
403 GetBitContext gb; 408 GetBitContext gb;
404 int i; 409 int i;
405 410
406 init_get_bits(&gb, classic_shift_luma, sizeof(classic_shift_luma)*8); 411 init_get_bits(&gb, classic_shift_luma, sizeof(classic_shift_luma)*8);
407 read_len_table(s->len[0], &gb); 412 if(read_len_table(s->len[0], &gb)<0)
413 return -1;
408 init_get_bits(&gb, classic_shift_chroma, sizeof(classic_shift_chroma)*8); 414 init_get_bits(&gb, classic_shift_chroma, sizeof(classic_shift_chroma)*8);
409 read_len_table(s->len[1], &gb); 415 if(read_len_table(s->len[1], &gb)<0)
416 return -1;
410 417
411 for(i=0; i<256; i++) s->bits[0][i] = classic_add_luma [i]; 418 for(i=0; i<256; i++) s->bits[0][i] = classic_add_luma [i];
412 for(i=0; i<256; i++) s->bits[1][i] = classic_add_chroma[i]; 419 for(i=0; i<256; i++) s->bits[1][i] = classic_add_chroma[i];
413 420
414 if(s->bitstream_bpp >= 24){ 421 if(s->bitstream_bpp >= 24){