Skip to content

F
ffmpeg.wasm-core
Commit c3d5cd1e authored by Michael Niedermayer's avatar Michael Niedermayer
Browse files
Options

Revert "Merge remote-tracking branch 'qatar/master'" (43dec5ef) 

Fixes out of array accesses
Fixes asan_static-oob_eb9812_5961_iv41.avi
This reverts the merge of c9ef6b09

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
parent a0286035
Show whitespace changes
Inline Side-by-side
Showing with 10 additions and 14 deletions
libavcodec/indeo4.c
View file @ c3d5cd1e
...@@ -284,6 +284,7 @@ static int decode_band_hdr(IVI45DecContext *ctx, IVIBandDesc *band, ...@@ -284,6 +284,7 @@ static int decode_band_hdr(IVI45DecContext *ctx, IVIBandDesc *band,
{ {
int plane, band_num, indx, transform_id, scan_indx; int plane, band_num, indx, transform_id, scan_indx;
int i; int i;
int quant_mat;
plane = get_bits(&ctx->gb, 2); plane = get_bits(&ctx->gb, 2);
band_num = get_bits(&ctx->gb, 4); band_num = get_bits(&ctx->gb, 4);
...@@ -382,18 +383,17 @@ static int decode_band_hdr(IVI45DecContext *ctx, IVIBandDesc *band, ...@@ -382,18 +383,17 @@ static int decode_band_hdr(IVI45DecContext *ctx, IVIBandDesc *band,
band->scan = scan_index_to_tab[scan_indx]; band->scan = scan_index_to_tab[scan_indx];
band->scan_size = band->blk_size; band->scan_size = band->blk_size;
band->quant_mat = get_bits(&ctx->gb, 5); quant_mat = get_bits(&ctx->gb, 5);
if (band->quant_mat >= FF_ARRAY_ELEMS(quant_index_to_tab)) { if (quant_mat == 31) {
av_log(avctx, AV_LOG_ERROR, "Custom quant matrix encountered!\n");
if (band->quant_mat == 31) return AVERROR_INVALIDDATA;
av_log(avctx, AV_LOG_ERROR, }
"Custom quant matrix encountered!\n"); if (quant_mat >= FF_ARRAY_ELEMS(quant_index_to_tab)) {
else
avpriv_request_sample(avctx, "Quantization matrix %d", avpriv_request_sample(avctx, "Quantization matrix %d",
band->quant_mat); quant_mat);
band->quant_mat = -1;
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;
} }
band->quant_mat = quant_mat;
} else { } else {
if (old_blk_size != band->blk_size) { if (old_blk_size != band->blk_size) {
av_log(avctx, AV_LOG_ERROR, av_log(avctx, AV_LOG_ERROR,
...@@ -401,10 +401,6 @@ static int decode_band_hdr(IVI45DecContext *ctx, IVIBandDesc *band, ...@@ -401,10 +401,6 @@ static int decode_band_hdr(IVI45DecContext *ctx, IVIBandDesc *band,
"inherited\n"); "inherited\n");
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;
} }
if (band->quant_mat < 0) {
av_log(avctx, AV_LOG_ERROR, "Invalid quant_mat inherited\n");
return AVERROR_INVALIDDATA;
}
} }
if (quant_index_to_tab[band->quant_mat] > 4 && band->blk_size == 4) { if (quant_index_to_tab[band->quant_mat] > 4 && band->blk_size == 4) {
av_log(avctx, AV_LOG_ERROR, "Invalid quant matrix for 4x4 block encountered!\n"); av_log(avctx, AV_LOG_ERROR, "Invalid quant matrix for 4x4 block encountered!\n");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment