[FFmpeg-devel] [PATCH 5/6] apv_entropy: Improve robustness to bitstream errors

[Mark Thompson <sw@jkqxz.net>]

---
 libavcodec/apv_entropy.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/libavcodec/apv_entropy.c b/libavcodec/apv_entropy.c
index 00e0b4fbdf..a5648c09b4 100644
--- a/libavcodec/apv_entropy.c
+++ b/libavcodec/apv_entropy.c
@@ -84,6 +84,14 @@ static unsigned int apv_read_vlc(GetBitContext *gbc, int k_param,
         next_bits = show_bits(gbc, 16);
         leading_zeroes = 15 - av_log2(next_bits);
 
+        if (leading_zeroes == 0) {
+            // This can't happen mid-stream because the lookup would
+            // have resolved a leading one into a shorter code, but it
+            // can happen if we are hitting the end of the buffer.
+            // Return an invalid code to propagate as an error.
+            return APV_MAX_TRANS_COEFF + 1;
+        }
+
         skip_bits(gbc, leading_zeroes + 1);
 
         return (2 << k_param) +
@@ -182,6 +190,14 @@ int ff_apv_entropy_decode_block(int16_t *coeff,
                 else
                     level = abs_ac_coeff_minus1 + 1;
 
+                if (level < APV_MIN_TRANS_COEFF ||
+                    level > APV_MAX_TRANS_COEFF) {
+                    av_log(state->log_ctx, AV_LOG_ERROR,
+                           "Out-of-range AC coefficient value: %d "
+                           "(from prev_level %d abs_ac_coeff_minus1 %d sign_ac_coeff %d)\n",
+                           level, prev_level, abs_ac_coeff_minus1, sign_ac_coeff);
+                }
+
                 coeff[ff_zigzag_direct[scan_pos]] = level;
 
                 prev_level = abs_ac_coeff_minus1 + 1;
-- 
2.47.2

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".