ref: 54f92068caa25ccf75af52067786caf0415a17e0
parent: b14711ca0fe92056c6c076abbfad057029a58987
author: Wan-Teh Chang <wtc@google.com>
date: Fri Jun 19 22:10:53 EDT 2020
Simplify checks for leb128() and leb() output overflow
--- a/tools/input/parse.h
+++ b/tools/input/parse.h
@@ -29,10 +29,12 @@
#ifndef DAV1D_INPUT_PARSE_H
#define DAV1D_INPUT_PARSE_H
+#include <limits.h>
+
#include "dav1d/headers.h"
static int leb128(FILE *const f, size_t *const len) {- unsigned i = 0, more;
+ unsigned i = 0, more, max = UINT_MAX;
*len = 0;
do {uint8_t byte;
@@ -40,9 +42,9 @@
return -1;
more = byte & 0x80;
const unsigned bits = byte & 0x7f;
- if (i <= 3 || (i == 4 && bits < (1 << 4)))
- *len |= bits << (i * 7);
- else if (bits) return -1;
+ if (bits > max) return -1;
+ *len |= bits << (i * 7);
+ max >>= 7;
if (++i == 8 && more) return -1;
} while (more);
return i;
@@ -52,7 +54,7 @@
// with author's permission
static int leb(const uint8_t *ptr, int sz, size_t *const len) {- unsigned i = 0, more;
+ unsigned i = 0, more, max = UINT_MAX;
*len = 0;
do {if (!sz--) return -1;
@@ -59,9 +61,9 @@
const int byte = *ptr++;
more = byte & 0x80;
const unsigned bits = byte & 0x7f;
- if (i <= 3 || (i == 4 && bits < (1 << 4)))
- *len |= bits << (i * 7);
- else if (bits) return -1;
+ if (bits > max) return -1;
+ *len |= bits << (i * 7);
+ max >>= 7;
if (++i == 8 && more) return -1;
} while (more);
return i;