Commit fb3e3808 authored by Michael Niedermayer's avatar Michael Niedermayer

avcodec/bitstream: Check bits in ff_init_vlc_sparse()

Fixes out of array reads

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
parent bdfe60c7
...@@ -305,6 +305,10 @@ int ff_init_vlc_sparse(VLC *vlc, int nb_bits, int nb_codes, ...@@ -305,6 +305,10 @@ int ff_init_vlc_sparse(VLC *vlc, int nb_bits, int nb_codes,
GET_DATA(buf[j].bits, bits, i, bits_wrap, bits_size);\ GET_DATA(buf[j].bits, bits, i, bits_wrap, bits_size);\
if (!(condition))\ if (!(condition))\
continue;\ continue;\
if (buf[j].bits > 3*nb_bits || buf[j].bits>32) {\
av_log(NULL, AV_LOG_ERROR, "Too long VLC in init_vlc\n");\
return -1;\
}\
GET_DATA(buf[j].code, codes, i, codes_wrap, codes_size);\ GET_DATA(buf[j].code, codes, i, codes_wrap, codes_size);\
if (flags & INIT_VLC_LE)\ if (flags & INIT_VLC_LE)\
buf[j].code = bitswap_32(buf[j].code);\ buf[j].code = bitswap_32(buf[j].code);\
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment