From 85737a4d76f8a39ec5554abe62bcbc41b6123d09 Mon Sep 17 00:00:00 2001
From: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Date: Wed, 23 Sep 2020 05:42:31 +0200
Subject: avcodec/magicyuv: Improve overread check when parsing Huffman tables

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
---
 libavcodec/magicyuv.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'libavcodec')

diff --git a/libavcodec/magicyuv.c b/libavcodec/magicyuv.c
index b56d3e9d32..d2f6a9b01e 100644
--- a/libavcodec/magicyuv.c
+++ b/libavcodec/magicyuv.c
@@ -394,8 +394,13 @@ static int build_huffman(AVCodecContext *avctx, GetBitContext *gbit, int max)
     while (get_bits_left(gbit) >= 8) {
         int b = get_bits(gbit, 1);
         int x = get_bits(gbit, 7);
-        int l = get_bitsz(gbit, b * 8) + 1;
+        int l = 1;
 
+        if (b) {
+            if (get_bits_left(gbit) < 8)
+                break;
+            l += get_bits(gbit, 8);
+        }
         k = j + l;
         if (k > max || x == 0 || x > 32) {
             av_log(avctx, AV_LOG_ERROR, "Invalid Huffman codes\n");
-- 
cgit v1.2.3