virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-11-26 19:01:44 +02:00
Code Issues Releases Activity

avcodec/h263: Fix global-buffer-overflow with noout flag2 set

Browse Source 
h263_get_motion_length() forgot to take an absolute value;
as a consequence, a negative index was used to access an array.
This leads to potential crashes, but mostly it just accesses what
is to the left of ff_mvtab (unless one uses ASAN), thereby defeating
the purpose of the AV_CODEC_FLAG2_NO_OUTPUT because the sizes of
the returned packets differ from the sizes the encoder would actually
have produced.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
This commit is contained in:
Andreas Rheinhardt 2021-11-21 01:57:41 +01:00
parent 27c9300027
commit 9207dc3b0d
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
libavcodec/h263.h
View File

@ -100,15 +100,16 @@ void ff_h263_encode_motion(PutBitContext *pb, int val, int f_code);
static inline int h263_get_motion_length(int val, int f_code){
int l, bit_size, code;
int bit_size, code, sign;
if (val == 0) {
return 1; /* ff_mvtab[0][1] */
} else {
bit_size = f_code - 1;
/* modulo encoding */
l= INT_BIT - 6 - bit_size;
val = (val<<l)>>l;
val = sign_extend(val, 6 + bit_size);
sign = val >> 31;
val = (val ^ sign) - sign; /* val = FFABS(val) */
val--;
code = (val >> bit_size) + 1;