diff options
| author | Wan-Teh Chang <wtc@google.com> | 2020-06-20 03:10:53 +0300 |
|---|---|---|
| committer | Ronald S. Bultje <rsbultje@gmail.com> | 2020-06-21 16:29:57 +0300 |
| commit | 54f92068caa25ccf75af52067786caf0415a17e0 (patch) | |
| tree | c546a68a01637ac6615dadc4e8484dae214d0669 /tools | |
| parent | b14711ca0fe92056c6c076abbfad057029a58987 (diff) | |
Simplify checks for leb128() and leb() output overflow
Diffstat (limited to 'tools')
| -rw-r--r-- | tools/input/parse.h | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/tools/input/parse.h b/tools/input/parse.h index bebea21..b10e8b7 100644 --- a/tools/input/parse.h +++ b/tools/input/parse.h @@ -29,10 +29,12 @@ #ifndef DAV1D_INPUT_PARSE_H #define DAV1D_INPUT_PARSE_H +#include <limits.h> + #include "dav1d/headers.h" static int leb128(FILE *const f, size_t *const len) { - unsigned i = 0, more; + unsigned i = 0, more, max = UINT_MAX; *len = 0; do { uint8_t byte; @@ -40,9 +42,9 @@ static int leb128(FILE *const f, size_t *const len) { return -1; more = byte & 0x80; const unsigned bits = byte & 0x7f; - if (i <= 3 || (i == 4 && bits < (1 << 4))) - *len |= bits << (i * 7); - else if (bits) return -1; + if (bits > max) return -1; + *len |= bits << (i * 7); + max >>= 7; if (++i == 8 && more) return -1; } while (more); return i; @@ -52,16 +54,16 @@ static int leb128(FILE *const f, size_t *const len) { // with author's permission static int leb(const uint8_t *ptr, int sz, size_t *const len) { - unsigned i = 0, more; + unsigned i = 0, more, max = UINT_MAX; *len = 0; do { if (!sz--) return -1; const int byte = *ptr++; more = byte & 0x80; const unsigned bits = byte & 0x7f; - if (i <= 3 || (i == 4 && bits < (1 << 4))) - *len |= bits << (i * 7); - else if (bits) return -1; + if (bits > max) return -1; + *len |= bits << (i * 7); + max >>= 7; if (++i == 8 && more) return -1; } while (more); return i; |