mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2024-11-21 10:55:51 +02:00
08b098169b
Certain alpha run lengths (for SHQ1/SHQ3/SHQ5) could be stored in both long and short versions, and we would only accept the short version, returning -1 (invalid code) for the others. This could cause an out-of-bounds write on malicious input, as discovered by Andreas Cadhalpun during fuzzing. Fix by simply allowing both versions, leaving no invalid codes in the alpha VLC. Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
82 lines
3.3 KiB
C
82 lines
3.3 KiB
C
/*
|
|
* This file is part of FFmpeg.
|
|
*
|
|
* FFmpeg is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation; either
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
*
|
|
* FFmpeg is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with FFmpeg; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
|
*/
|
|
|
|
#ifndef AVCODEC_VLC_H
|
|
#define AVCODEC_VLC_H
|
|
|
|
#include <stdint.h>
|
|
|
|
#define VLC_TYPE int16_t
|
|
|
|
typedef struct VLC {
|
|
int bits;
|
|
VLC_TYPE (*table)[2]; ///< code, bits
|
|
int table_size, table_allocated;
|
|
} VLC;
|
|
|
|
typedef struct RL_VLC_ELEM {
|
|
int16_t level;
|
|
int8_t len;
|
|
uint8_t run;
|
|
} RL_VLC_ELEM;
|
|
|
|
#define init_vlc(vlc, nb_bits, nb_codes, \
|
|
bits, bits_wrap, bits_size, \
|
|
codes, codes_wrap, codes_size, \
|
|
flags) \
|
|
ff_init_vlc_sparse(vlc, nb_bits, nb_codes, \
|
|
bits, bits_wrap, bits_size, \
|
|
codes, codes_wrap, codes_size, \
|
|
NULL, 0, 0, flags)
|
|
|
|
int ff_init_vlc_sparse(VLC *vlc, int nb_bits, int nb_codes,
|
|
const void *bits, int bits_wrap, int bits_size,
|
|
const void *codes, int codes_wrap, int codes_size,
|
|
const void *symbols, int symbols_wrap, int symbols_size,
|
|
int flags);
|
|
void ff_free_vlc(VLC *vlc);
|
|
|
|
#define INIT_VLC_LE 2
|
|
#define INIT_VLC_USE_NEW_STATIC 4
|
|
|
|
#define INIT_VLC_SPARSE_STATIC(vlc, bits, a, b, c, d, e, f, g, h, i, j, static_size) \
|
|
do { \
|
|
static VLC_TYPE table[static_size][2]; \
|
|
(vlc)->table = table; \
|
|
(vlc)->table_allocated = static_size; \
|
|
ff_init_vlc_sparse(vlc, bits, a, b, c, d, e, f, g, h, i, j, \
|
|
INIT_VLC_USE_NEW_STATIC); \
|
|
} while (0)
|
|
|
|
#define INIT_LE_VLC_SPARSE_STATIC(vlc, bits, a, b, c, d, e, f, g, h, i, j, static_size) \
|
|
do { \
|
|
static VLC_TYPE table[static_size][2]; \
|
|
(vlc)->table = table; \
|
|
(vlc)->table_allocated = static_size; \
|
|
ff_init_vlc_sparse(vlc, bits, a, b, c, d, e, f, g, h, i, j, \
|
|
INIT_VLC_USE_NEW_STATIC | INIT_VLC_LE); \
|
|
} while (0)
|
|
|
|
#define INIT_VLC_STATIC(vlc, bits, a, b, c, d, e, f, g, static_size) \
|
|
INIT_VLC_SPARSE_STATIC(vlc, bits, a, b, c, d, e, f, g, NULL, 0, 0, static_size)
|
|
|
|
#define INIT_LE_VLC_STATIC(vlc, bits, a, b, c, d, e, f, g, static_size) \
|
|
INIT_LE_VLC_SPARSE_STATIC(vlc, bits, a, b, c, d, e, f, g, NULL, 0, 0, static_size)
|
|
|
|
#endif /* AVCODEC_VLC_H */
|