diff options
author | Michael Niedermayer <michaelni@gmx.at> | 2012-05-30 16:40:33 +0200 |
---|---|---|
committer | Michael Niedermayer <michaelni@gmx.at> | 2012-05-30 16:40:33 +0200 |
commit | 32e60b6bfed709a7d84fd35942baee12a6080595 (patch) | |
tree | e2a1f9623d51f7f8c7dc853cdc0d3e70cdd1065b /libavcodec | |
parent | fd4c1c0b70b5a06dd572d7e27799a2f4c3d9b984 (diff) | |
download | ffmpeg-32e60b6bfed709a7d84fd35942baee12a6080595.tar.gz |
h264: increase scantable sizes to avoid overread
We could also check the index but this would slow speed critical code
down.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat (limited to 'libavcodec')
-rw-r--r-- | libavcodec/h264data.h | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/libavcodec/h264data.h b/libavcodec/h264data.h index 60df532658..b665bca8c5 100644 --- a/libavcodec/h264data.h +++ b/libavcodec/h264data.h @@ -52,18 +52,20 @@ static const uint8_t golomb_to_inter_cbp[48] = { 17, 18, 20, 24, 19, 21, 26, 28, 23, 27, 29, 30, 22, 25, 38, 41 }; -static const uint8_t zigzag_scan[16] = { +static const uint8_t zigzag_scan[16+1] = { 0 + 0 * 4, 1 + 0 * 4, 0 + 1 * 4, 0 + 2 * 4, 1 + 1 * 4, 2 + 0 * 4, 3 + 0 * 4, 2 + 1 * 4, 1 + 2 * 4, 0 + 3 * 4, 1 + 3 * 4, 2 + 2 * 4, 3 + 1 * 4, 3 + 2 * 4, 2 + 3 * 4, 3 + 3 * 4, + 0, }; -static const uint8_t field_scan[16] = { +static const uint8_t field_scan[16+1] = { 0 + 0 * 4, 0 + 1 * 4, 1 + 0 * 4, 0 + 2 * 4, 0 + 3 * 4, 1 + 1 * 4, 1 + 2 * 4, 1 + 3 * 4, 2 + 0 * 4, 2 + 1 * 4, 2 + 2 * 4, 2 + 3 * 4, 3 + 0 * 4, 3 + 1 * 4, 3 + 2 * 4, 3 + 3 * 4, + 0, }; static const uint8_t luma_dc_zigzag_scan[16] = { @@ -93,7 +95,7 @@ static const uint8_t chroma422_dc_scan[8] = { }; // zigzag_scan8x8_cavlc[i] = zigzag_scan8x8[(i/4) + 16*(i%4)] -static const uint8_t zigzag_scan8x8_cavlc[64] = { +static const uint8_t zigzag_scan8x8_cavlc[64+1] = { 0 + 0 * 8, 1 + 1 * 8, 1 + 2 * 8, 2 + 2 * 8, 4 + 1 * 8, 0 + 5 * 8, 3 + 3 * 8, 7 + 0 * 8, 3 + 4 * 8, 1 + 7 * 8, 5 + 3 * 8, 6 + 3 * 8, @@ -110,9 +112,10 @@ static const uint8_t zigzag_scan8x8_cavlc[64] = { 1 + 4 * 8, 2 + 4 * 8, 6 + 0 * 8, 4 + 3 * 8, 0 + 7 * 8, 4 + 4 * 8, 7 + 2 * 8, 3 + 6 * 8, 5 + 5 * 8, 6 + 5 * 8, 6 + 6 * 8, 7 + 7 * 8, + 0, }; -static const uint8_t field_scan8x8[64] = { +static const uint8_t field_scan8x8[64+1] = { 0 + 0 * 8, 0 + 1 * 8, 0 + 2 * 8, 1 + 0 * 8, 1 + 1 * 8, 0 + 3 * 8, 0 + 4 * 8, 1 + 2 * 8, 2 + 0 * 8, 1 + 3 * 8, 0 + 5 * 8, 0 + 6 * 8, @@ -129,9 +132,10 @@ static const uint8_t field_scan8x8[64] = { 7 + 0 * 8, 7 + 1 * 8, 6 + 4 * 8, 6 + 5 * 8, 6 + 6 * 8, 6 + 7 * 8, 7 + 2 * 8, 7 + 3 * 8, 7 + 4 * 8, 7 + 5 * 8, 7 + 6 * 8, 7 + 7 * 8, + 0, }; -static const uint8_t field_scan8x8_cavlc[64] = { +static const uint8_t field_scan8x8_cavlc[64+1] = { 0 + 0 * 8, 1 + 1 * 8, 2 + 0 * 8, 0 + 7 * 8, 2 + 2 * 8, 2 + 3 * 8, 2 + 4 * 8, 3 + 3 * 8, 3 + 4 * 8, 4 + 3 * 8, 4 + 4 * 8, 5 + 3 * 8, @@ -148,6 +152,7 @@ static const uint8_t field_scan8x8_cavlc[64] = { 1 + 7 * 8, 3 + 2 * 8, 2 + 7 * 8, 4 + 2 * 8, 3 + 7 * 8, 5 + 2 * 8, 4 + 7 * 8, 5 + 4 * 8, 6 + 3 * 8, 6 + 5 * 8, 7 + 3 * 8, 7 + 7 * 8, + 0, }; typedef struct IMbInfo { |