virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-08-04 22:03:09 +02:00
Code Issues Releases Activity

apv_decode: Discard invalid run codes earlier

Browse Source 
Caught by ubsan - would cause an invalid shift in constructing the
run value.
This commit is contained in:
Mark Thompson
2025-05-13 20:50:38 +01:00
parent 1753d41d4e
commit 527d5eaec7
1 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
libavcodec/apv_entropy.c
View File

@ -278,6 +278,13 @@ int ff_apv_entropy_decode_block(int16_t *restrict coeff,
bits = next_bits & 0xffff;
// Determine code length.
leading_zeroes = 15 - av_log2(bits);
if (leading_zeroes >= 6) {
// 6 zeroes implies run > 64, which is always invalid.
av_log(state->log_ctx, AV_LOG_ERROR,
"Out-of-range run value: %d leading zeroes.\n",
leading_zeroes);
return AVERROR_INVALIDDATA;
}
// Extract the low bits.
low_bit_count = leading_zeroes;
low_bit_shift = 16 - (1 + 2 * leading_zeroes);
@ -443,6 +450,13 @@ int ff_apv_entropy_decode_block(int16_t *restrict coeff,
bits = next_bits & 0xffff;
// Determine code length.
leading_zeroes = 15 - av_log2(bits);
if (leading_zeroes >= 6) {
// 6 zeroes implies run > 64, which is always invalid.
av_log(state->log_ctx, AV_LOG_ERROR,
"Out-of-range run value: %d leading zeroes.\n",
leading_zeroes);
return AVERROR_INVALIDDATA;
}
// Extract the low bits.
low_bit_count = leading_zeroes + k_run;
low_bit_shift = 16 - (1 + 2 * leading_zeroes + k_run);