Commit 32e60b6b authored by Michael Niedermayer's avatar Michael Niedermayer

h264: increase scantable sizes to avoid overread

We could also check the index but this would slow speed critical code
down.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
parent fd4c1c0b
...@@ -52,18 +52,20 @@ static const uint8_t golomb_to_inter_cbp[48] = { ...@@ -52,18 +52,20 @@ static const uint8_t golomb_to_inter_cbp[48] = {
17, 18, 20, 24, 19, 21, 26, 28, 23, 27, 29, 30, 22, 25, 38, 41 17, 18, 20, 24, 19, 21, 26, 28, 23, 27, 29, 30, 22, 25, 38, 41
}; };
static const uint8_t zigzag_scan[16] = { static const uint8_t zigzag_scan[16+1] = {
0 + 0 * 4, 1 + 0 * 4, 0 + 1 * 4, 0 + 2 * 4, 0 + 0 * 4, 1 + 0 * 4, 0 + 1 * 4, 0 + 2 * 4,
1 + 1 * 4, 2 + 0 * 4, 3 + 0 * 4, 2 + 1 * 4, 1 + 1 * 4, 2 + 0 * 4, 3 + 0 * 4, 2 + 1 * 4,
1 + 2 * 4, 0 + 3 * 4, 1 + 3 * 4, 2 + 2 * 4, 1 + 2 * 4, 0 + 3 * 4, 1 + 3 * 4, 2 + 2 * 4,
3 + 1 * 4, 3 + 2 * 4, 2 + 3 * 4, 3 + 3 * 4, 3 + 1 * 4, 3 + 2 * 4, 2 + 3 * 4, 3 + 3 * 4,
0,
}; };
static const uint8_t field_scan[16] = { static const uint8_t field_scan[16+1] = {
0 + 0 * 4, 0 + 1 * 4, 1 + 0 * 4, 0 + 2 * 4, 0 + 0 * 4, 0 + 1 * 4, 1 + 0 * 4, 0 + 2 * 4,
0 + 3 * 4, 1 + 1 * 4, 1 + 2 * 4, 1 + 3 * 4, 0 + 3 * 4, 1 + 1 * 4, 1 + 2 * 4, 1 + 3 * 4,
2 + 0 * 4, 2 + 1 * 4, 2 + 2 * 4, 2 + 3 * 4, 2 + 0 * 4, 2 + 1 * 4, 2 + 2 * 4, 2 + 3 * 4,
3 + 0 * 4, 3 + 1 * 4, 3 + 2 * 4, 3 + 3 * 4, 3 + 0 * 4, 3 + 1 * 4, 3 + 2 * 4, 3 + 3 * 4,
0,
}; };
static const uint8_t luma_dc_zigzag_scan[16] = { static const uint8_t luma_dc_zigzag_scan[16] = {
...@@ -93,7 +95,7 @@ static const uint8_t chroma422_dc_scan[8] = { ...@@ -93,7 +95,7 @@ static const uint8_t chroma422_dc_scan[8] = {
}; };
// zigzag_scan8x8_cavlc[i] = zigzag_scan8x8[(i/4) + 16*(i%4)] // zigzag_scan8x8_cavlc[i] = zigzag_scan8x8[(i/4) + 16*(i%4)]
static const uint8_t zigzag_scan8x8_cavlc[64] = { static const uint8_t zigzag_scan8x8_cavlc[64+1] = {
0 + 0 * 8, 1 + 1 * 8, 1 + 2 * 8, 2 + 2 * 8, 0 + 0 * 8, 1 + 1 * 8, 1 + 2 * 8, 2 + 2 * 8,
4 + 1 * 8, 0 + 5 * 8, 3 + 3 * 8, 7 + 0 * 8, 4 + 1 * 8, 0 + 5 * 8, 3 + 3 * 8, 7 + 0 * 8,
3 + 4 * 8, 1 + 7 * 8, 5 + 3 * 8, 6 + 3 * 8, 3 + 4 * 8, 1 + 7 * 8, 5 + 3 * 8, 6 + 3 * 8,
...@@ -110,9 +112,10 @@ static const uint8_t zigzag_scan8x8_cavlc[64] = { ...@@ -110,9 +112,10 @@ static const uint8_t zigzag_scan8x8_cavlc[64] = {
1 + 4 * 8, 2 + 4 * 8, 6 + 0 * 8, 4 + 3 * 8, 1 + 4 * 8, 2 + 4 * 8, 6 + 0 * 8, 4 + 3 * 8,
0 + 7 * 8, 4 + 4 * 8, 7 + 2 * 8, 3 + 6 * 8, 0 + 7 * 8, 4 + 4 * 8, 7 + 2 * 8, 3 + 6 * 8,
5 + 5 * 8, 6 + 5 * 8, 6 + 6 * 8, 7 + 7 * 8, 5 + 5 * 8, 6 + 5 * 8, 6 + 6 * 8, 7 + 7 * 8,
0,
}; };
static const uint8_t field_scan8x8[64] = { static const uint8_t field_scan8x8[64+1] = {
0 + 0 * 8, 0 + 1 * 8, 0 + 2 * 8, 1 + 0 * 8, 0 + 0 * 8, 0 + 1 * 8, 0 + 2 * 8, 1 + 0 * 8,
1 + 1 * 8, 0 + 3 * 8, 0 + 4 * 8, 1 + 2 * 8, 1 + 1 * 8, 0 + 3 * 8, 0 + 4 * 8, 1 + 2 * 8,
2 + 0 * 8, 1 + 3 * 8, 0 + 5 * 8, 0 + 6 * 8, 2 + 0 * 8, 1 + 3 * 8, 0 + 5 * 8, 0 + 6 * 8,
...@@ -129,9 +132,10 @@ static const uint8_t field_scan8x8[64] = { ...@@ -129,9 +132,10 @@ static const uint8_t field_scan8x8[64] = {
7 + 0 * 8, 7 + 1 * 8, 6 + 4 * 8, 6 + 5 * 8, 7 + 0 * 8, 7 + 1 * 8, 6 + 4 * 8, 6 + 5 * 8,
6 + 6 * 8, 6 + 7 * 8, 7 + 2 * 8, 7 + 3 * 8, 6 + 6 * 8, 6 + 7 * 8, 7 + 2 * 8, 7 + 3 * 8,
7 + 4 * 8, 7 + 5 * 8, 7 + 6 * 8, 7 + 7 * 8, 7 + 4 * 8, 7 + 5 * 8, 7 + 6 * 8, 7 + 7 * 8,
0,
}; };
static const uint8_t field_scan8x8_cavlc[64] = { static const uint8_t field_scan8x8_cavlc[64+1] = {
0 + 0 * 8, 1 + 1 * 8, 2 + 0 * 8, 0 + 7 * 8, 0 + 0 * 8, 1 + 1 * 8, 2 + 0 * 8, 0 + 7 * 8,
2 + 2 * 8, 2 + 3 * 8, 2 + 4 * 8, 3 + 3 * 8, 2 + 2 * 8, 2 + 3 * 8, 2 + 4 * 8, 3 + 3 * 8,
3 + 4 * 8, 4 + 3 * 8, 4 + 4 * 8, 5 + 3 * 8, 3 + 4 * 8, 4 + 3 * 8, 4 + 4 * 8, 5 + 3 * 8,
...@@ -148,6 +152,7 @@ static const uint8_t field_scan8x8_cavlc[64] = { ...@@ -148,6 +152,7 @@ static const uint8_t field_scan8x8_cavlc[64] = {
1 + 7 * 8, 3 + 2 * 8, 2 + 7 * 8, 4 + 2 * 8, 1 + 7 * 8, 3 + 2 * 8, 2 + 7 * 8, 4 + 2 * 8,
3 + 7 * 8, 5 + 2 * 8, 4 + 7 * 8, 5 + 4 * 8, 3 + 7 * 8, 5 + 2 * 8, 4 + 7 * 8, 5 + 4 * 8,
6 + 3 * 8, 6 + 5 * 8, 7 + 3 * 8, 7 + 7 * 8, 6 + 3 * 8, 6 + 5 * 8, 7 + 3 * 8, 7 + 7 * 8,
0,
}; };
typedef struct IMbInfo { typedef struct IMbInfo {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment