avcodec/magicyuv: Improve overread check when parsing Huffman tables

author Andreas Rheinhardt <andreas.rheinhardt@gmail.com>

Wed, 23 Sep 2020 03:42:31 +0000 (05:42 +0200)

committer Andreas Rheinhardt <andreas.rheinhardt@gmail.com>

Sat, 26 Sep 2020 18:38:30 +0000 (20:38 +0200)
author Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Wed, 23 Sep 2020 03:42:31 +0000 (05:42 +0200)
committer Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Sat, 26 Sep 2020 18:38:30 +0000 (20:38 +0200)
diff --git a/libavcodec/magicyuv.c b/libavcodec/magicyuv.c

index b56d3e9d32fa0c2f9bee0f1d5fe3737fa3b7d1de..d2f6a9b01e9f37861d865e1baaf1b2c91a828695 100644 (file)
--- a/libavcodec/magicyuv.c
+++ b/libavcodec/magicyuv.c
@@ -394,8 +394,13 @@ static int build_huffman(AVCodecContext *avctx, GetBitContext *gbit, int max)
      while (get_bits_left(gbit) >= 8) {
          int b = get_bits(gbit, 1);
          int x = get_bits(gbit, 7);
-        int l = get_bitsz(gbit, b * 8) + 1;
+        int l = 1;
  
+        if (b) {
+            if (get_bits_left(gbit) < 8)
+                break;
+            l += get_bits(gbit, 8);
+        }
          k = j + l;
          if (k > max || x == 0 || x > 32) {
              av_log(avctx, AV_LOG_ERROR, "Invalid Huffman codes\n");
author	Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
	Wed, 23 Sep 2020 03:42:31 +0000 (05:42 +0200)
committer	Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
	Sat, 26 Sep 2020 18:38:30 +0000 (20:38 +0200)