From 6b0d8201b1ef4be11b028e7c635dfe6a9c919380 Mon Sep 17 00:00:00 2001 From: Robert Kausch Date: Sun, 23 Apr 2017 21:31:36 +0200 Subject: Add checks to avoid overreading supplied buffers and fix issue #61. --- libFDK/include/FDK_bitstream.h | 47 ++++++++++++++++++++++++++++++++---------- 1 file changed, 36 insertions(+), 11 deletions(-) (limited to 'libFDK/include/FDK_bitstream.h') diff --git a/libFDK/include/FDK_bitstream.h b/libFDK/include/FDK_bitstream.h index fc8d7de..d2a7e7d 100644 --- a/libFDK/include/FDK_bitstream.h +++ b/libFDK/include/FDK_bitstream.h @@ -212,9 +212,20 @@ FDK_INLINE UINT FDKreadBits(HANDLE_FDK_BITSTREAM hBitStream, INT missingBits = numberOfBits - hBitStream->BitsInCache; if (missingBits > 0) { - UINT bits = hBitStream->CacheWord << missingBits; - hBitStream->CacheWord = FDK_get32 (&hBitStream->hBitBuf) ; - hBitStream->BitsInCache = CACHE_BITS - missingBits; + const UINT bits = hBitStream->CacheWord << missingBits; + const UINT validBits = FDK_getValidBits (&hBitStream->hBitBuf); + + if (validBits >= 32) + { + hBitStream->CacheWord = FDK_get32 (&hBitStream->hBitBuf) ; + hBitStream->BitsInCache = CACHE_BITS - missingBits; + } + else + { + hBitStream->CacheWord = FDK_get (&hBitStream->hBitBuf,validBits) ; + hBitStream->BitsInCache = validBits - missingBits; + } + return ( bits | (hBitStream->CacheWord >> hBitStream->BitsInCache)) & BitMask[numberOfBits]; } @@ -226,10 +237,12 @@ FDK_INLINE UINT FDKreadBits(HANDLE_FDK_BITSTREAM hBitStream, if (hBitStream->BitsInCache <= numberOfBits) { - const INT freeBits = (CACHE_BITS-1) - hBitStream->BitsInCache ; + const UINT validBits = FDK_getValidBits (&hBitStream->hBitBuf) ; + const INT freeBits = (CACHE_BITS-1) - hBitStream->BitsInCache ; + const INT bitsToRead = (freeBits <= validBits) ? freeBits : validBits ; - hBitStream->CacheWord = (hBitStream->CacheWord << freeBits) | FDK_get (&hBitStream->hBitBuf,freeBits) ; - hBitStream->BitsInCache += freeBits ; + hBitStream->CacheWord = (hBitStream->CacheWord << bitsToRead) | FDK_get (&hBitStream->hBitBuf,bitsToRead) ; + hBitStream->BitsInCache += bitsToRead ; } hBitStream->BitsInCache -= numberOfBits ; @@ -243,8 +256,18 @@ FDK_INLINE UINT FDKreadBit(HANDLE_FDK_BITSTREAM hBitStream) #ifdef OPTIMIZE_FDKREADBITS if (!hBitStream->BitsInCache) { - hBitStream->CacheWord = FDK_get32 (&hBitStream->hBitBuf); - hBitStream->BitsInCache = CACHE_BITS; + const UINT validBits = FDK_getValidBits (&hBitStream->hBitBuf); + + if (validBits >= 32) + { + hBitStream->CacheWord = FDK_get32 (&hBitStream->hBitBuf); + hBitStream->BitsInCache = CACHE_BITS; + } + else + { + hBitStream->CacheWord = FDK_get (&hBitStream->hBitBuf,validBits); + hBitStream->BitsInCache = validBits; + } } hBitStream->BitsInCache--; @@ -268,10 +291,12 @@ inline UINT FDKread2Bits(HANDLE_FDK_BITSTREAM hBitStream) UINT BitsInCache = hBitStream->BitsInCache; if (BitsInCache < 2) /* Comparison changed from 'less-equal' to 'less' */ { - const INT freeBits = (CACHE_BITS-1) - BitsInCache ; + const UINT validBits = FDK_getValidBits (&hBitStream->hBitBuf) ; + const INT freeBits = (CACHE_BITS-1) - BitsInCache ; + const INT bitsToRead = (freeBits <= validBits) ? freeBits : validBits ; - hBitStream->CacheWord = (hBitStream->CacheWord << freeBits) | FDK_get (&hBitStream->hBitBuf,freeBits) ; - BitsInCache += freeBits; + hBitStream->CacheWord = (hBitStream->CacheWord << bitsToRead) | FDK_get (&hBitStream->hBitBuf,bitsToRead) ; + BitsInCache += bitsToRead; } hBitStream->BitsInCache = BitsInCache - 2; return (hBitStream->CacheWord >> hBitStream->BitsInCache) & 0x3; -- cgit v1.2.3 From 50922e3dbd5d099a67d879c4ec1d7535ebfa30a8 Mon Sep 17 00:00:00 2001 From: Martin Storsjo Date: Wed, 26 Apr 2017 23:37:11 +0300 Subject: Try to properly handle the case when the bitstream reader runs out of bits to read --- libFDK/include/FDK_bitstream.h | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'libFDK/include/FDK_bitstream.h') diff --git a/libFDK/include/FDK_bitstream.h b/libFDK/include/FDK_bitstream.h index d2a7e7d..d47a750 100644 --- a/libFDK/include/FDK_bitstream.h +++ b/libFDK/include/FDK_bitstream.h @@ -223,7 +223,15 @@ FDK_INLINE UINT FDKreadBits(HANDLE_FDK_BITSTREAM hBitStream, else { hBitStream->CacheWord = FDK_get (&hBitStream->hBitBuf,validBits) ; - hBitStream->BitsInCache = validBits - missingBits; + if (validBits >= missingBits) + { + hBitStream->BitsInCache = validBits - missingBits; + } + else + { + hBitStream->BitsInCache = 0; + hBitStream->CacheWord <<= missingBits - validBits; + } } return ( bits | (hBitStream->CacheWord >> hBitStream->BitsInCache)) & BitMask[numberOfBits]; @@ -243,6 +251,12 @@ FDK_INLINE UINT FDKreadBits(HANDLE_FDK_BITSTREAM hBitStream, hBitStream->CacheWord = (hBitStream->CacheWord << bitsToRead) | FDK_get (&hBitStream->hBitBuf,bitsToRead) ; hBitStream->BitsInCache += bitsToRead ; + if (hBitStream->BitsInCache < numberOfBits) + { + hBitStream->CacheWord <<= numberOfBits - hBitStream->BitsInCache; + hBitStream->BitsInCache = 0; + return (hBitStream->CacheWord >> hBitStream->BitsInCache) & validMask ; + } } hBitStream->BitsInCache -= numberOfBits ; -- cgit v1.2.3