diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2012-05-30 16:40:33 +0200 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2012-06-07 00:55:24 +0200 |
| commit | 622e926e9cdfa620acced831efaea74b7a290e3d (patch) | |
| tree | 6b6e78fdc795189a884c687568b74f4d6a7ed315 | |
| parent | 8ad71e276c9b2abd8fa4edfe5ba24492b7c6b56f (diff) | |
| download | ffmpeg-622e926e9cdfa620acced831efaea74b7a290e3d.tar.gz | |
h264: increase scantable sizes to avoid overread
We could also check the index but this would slow speed critical code
down.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 32e60b6bfed709a7d84fd35942baee12a6080595)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
| -rw-r--r-- | libavcodec/h264data.h | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/libavcodec/h264data.h b/libavcodec/h264data.h index 60df532658..b665bca8c5 100644 --- a/libavcodec/h264data.h +++ b/libavcodec/h264data.h @@ -52,18 +52,20 @@ static const uint8_t golomb_to_inter_cbp[48] = { 17, 18, 20, 24, 19, 21, 26, 28, 23, 27, 29, 30, 22, 25, 38, 41 }; -static const uint8_t zigzag_scan[16] = { +static const uint8_t zigzag_scan[16+1] = { 0 + 0 * 4, 1 + 0 * 4, 0 + 1 * 4, 0 + 2 * 4, 1 + 1 * 4, 2 + 0 * 4, 3 + 0 * 4, 2 + 1 * 4, 1 + 2 * 4, 0 + 3 * 4, 1 + 3 * 4, 2 + 2 * 4, 3 + 1 * 4, 3 + 2 * 4, 2 + 3 * 4, 3 + 3 * 4, + 0, }; -static const uint8_t field_scan[16] = { +static const uint8_t field_scan[16+1] = { 0 + 0 * 4, 0 + 1 * 4, 1 + 0 * 4, 0 + 2 * 4, 0 + 3 * 4, 1 + 1 * 4, 1 + 2 * 4, 1 + 3 * 4, 2 + 0 * 4, 2 + 1 * 4, 2 + 2 * 4, 2 + 3 * 4, 3 + 0 * 4, 3 + 1 * 4, 3 + 2 * 4, 3 + 3 * 4, + 0, }; static const uint8_t luma_dc_zigzag_scan[16] = { @@ -93,7 +95,7 @@ static const uint8_t chroma422_dc_scan[8] = { }; // zigzag_scan8x8_cavlc[i] = zigzag_scan8x8[(i/4) + 16*(i%4)] -static const uint8_t zigzag_scan8x8_cavlc[64] = { +static const uint8_t zigzag_scan8x8_cavlc[64+1] = { 0 + 0 * 8, 1 + 1 * 8, 1 + 2 * 8, 2 + 2 * 8, 4 + 1 * 8, 0 + 5 * 8, 3 + 3 * 8, 7 + 0 * 8, 3 + 4 * 8, 1 + 7 * 8, 5 + 3 * 8, 6 + 3 * 8, @@ -110,9 +112,10 @@ static const uint8_t zigzag_scan8x8_cavlc[64] = { 1 + 4 * 8, 2 + 4 * 8, 6 + 0 * 8, 4 + 3 * 8, 0 + 7 * 8, 4 + 4 * 8, 7 + 2 * 8, 3 + 6 * 8, 5 + 5 * 8, 6 + 5 * 8, 6 + 6 * 8, 7 + 7 * 8, + 0, }; -static const uint8_t field_scan8x8[64] = { +static const uint8_t field_scan8x8[64+1] = { 0 + 0 * 8, 0 + 1 * 8, 0 + 2 * 8, 1 + 0 * 8, 1 + 1 * 8, 0 + 3 * 8, 0 + 4 * 8, 1 + 2 * 8, 2 + 0 * 8, 1 + 3 * 8, 0 + 5 * 8, 0 + 6 * 8, @@ -129,9 +132,10 @@ static const uint8_t field_scan8x8[64] = { 7 + 0 * 8, 7 + 1 * 8, 6 + 4 * 8, 6 + 5 * 8, 6 + 6 * 8, 6 + 7 * 8, 7 + 2 * 8, 7 + 3 * 8, 7 + 4 * 8, 7 + 5 * 8, 7 + 6 * 8, 7 + 7 * 8, + 0, }; -static const uint8_t field_scan8x8_cavlc[64] = { +static const uint8_t field_scan8x8_cavlc[64+1] = { 0 + 0 * 8, 1 + 1 * 8, 2 + 0 * 8, 0 + 7 * 8, 2 + 2 * 8, 2 + 3 * 8, 2 + 4 * 8, 3 + 3 * 8, 3 + 4 * 8, 4 + 3 * 8, 4 + 4 * 8, 5 + 3 * 8, @@ -148,6 +152,7 @@ static const uint8_t field_scan8x8_cavlc[64] = { 1 + 7 * 8, 3 + 2 * 8, 2 + 7 * 8, 4 + 2 * 8, 3 + 7 * 8, 5 + 2 * 8, 4 + 7 * 8, 5 + 4 * 8, 6 + 3 * 8, 6 + 5 * 8, 7 + 3 * 8, 7 + 7 * 8, + 0, }; typedef struct IMbInfo { |