avcodec/x86/v210: fix operands of vpblendd used in new avx2 code

[ffmpeg] / libavcodec / agm.c

diff --git a/libavcodec/agm.c b/libavcodec/agm.c
index f5fd5d065e6121cca6a780401f8b6206cbe595f5..a499c09082237ec42646079689900bacbd0002eb 100644 (file)
--- a/libavcodec/agm.c
+++ b/libavcodec/agm.c
@@ -103,6 +103,9 @@ static int read_code(GetBitContext *gb, int *oskip, int *level, int *map, int mo
 {
     int len = 0, skip = 0, max;
 
+    if (get_bits_left(gb) < 2)
+        return AVERROR_INVALIDDATA;
+
     if (show_bits(gb, 2)) {
         switch (show_bits(gb, 4)) {
         case 1:
@@ -913,13 +916,13 @@ static void get_tree_codes(uint32_t *codes, Node *nodes, int idx, uint32_t pfx,
 {
     if (idx < 256 && idx >= 0) {
         codes[idx] = pfx;
-    } else {
+    } else if (idx >= 0) {
         get_tree_codes(codes, nodes, nodes[idx].child[0], pfx + (0 << bitpos), bitpos + 1);
         get_tree_codes(codes, nodes, nodes[idx].child[1], pfx + (1 << bitpos), bitpos + 1);
     }
 }
 
-static void make_new_tree(const uint8_t *bitlens, uint32_t *codes)
+static int make_new_tree(const uint8_t *bitlens, uint32_t *codes)
 {
     int zlcount = 0, curlen, idx, nindex, last, llast;
     int blcounts[32] = { 0 };
@@ -943,7 +946,7 @@ static void make_new_tree(const uint8_t *bitlens, uint32_t *codes)
     }
 
     for (int i = 0; i < 256; i++) {
-        node_idx[i] = 257 + i;;
+        node_idx[i] = 257 + i;
     }
 
     curlen = 1;
@@ -959,6 +962,9 @@ static void make_new_tree(const uint8_t *bitlens, uint32_t *codes)
                 int p = node_idx[nindex - 1 + 512];
                 int ch = syms[256 * curlen + i];
 
+                if (nindex <= 0)
+                    return AVERROR_INVALIDDATA;
+
                 if (nodes[p].child[0] == -1) {
                     nodes[p].child[0] = ch;
                 } else {
@@ -998,6 +1004,7 @@ static void make_new_tree(const uint8_t *bitlens, uint32_t *codes)
 next:
 
     get_tree_codes(codes, nodes, 256, 0, 0);
+    return 0;
 }
 
 static int build_huff(const uint8_t *bitlen, VLC *vlc)
@@ -1008,7 +1015,9 @@ static int build_huff(const uint8_t *bitlen, VLC *vlc)
     uint32_t codes[256];
     int nb_codes = 0;
 
-    make_new_tree(bitlen, new_codes);
+    int ret = make_new_tree(bitlen, new_codes);
+    if (ret < 0)
+        return ret;
 
     for (int i = 0; i < 256; i++) {
         if (bitlen[i]) {
@@ -1040,6 +1049,9 @@ static int decode_huffman2(AVCodecContext *avctx, int header, int size)
 
     s->output_size = get_bits_long(gb, 32);
 
+    if (s->output_size > avctx->width * avctx->height * 9LL + 10000)
+        return AVERROR_INVALIDDATA;
+
     av_fast_padded_malloc(&s->output, &s->padded_output_size, s->output_size);
     if (!s->output)
         return AVERROR(ENOMEM);