[SCM] libav/experimental: Fix nodes[nb_codes2-1].count being uninitialized and used to initialize nodes[nb_codes2-2].count (thus making that invalid as well) in ff_huff_build_tree. Might fix some (hard to reproduce) crashes in VP6 decoder.

Sun Jun 30 16:09:54 UTC 2013

The following commit has been merged in the experimental branch:
commit 892a4c2da8518aa5c86b6cfdd90a7f399a41c814
Author: Reimar Döffinger <Reimar.Doeffinger at gmx.de>
Date:   Sat Dec 1 09:39:59 2007 +0000

    Fix nodes[nb_codes*2-1].count being uninitialized and used to initialize
    nodes[nb_codes*2-2].count (thus making that invalid as well) in
    ff_huff_build_tree.
    Might fix some (hard to reproduce) crashes in VP6 decoder.
    
    Originally committed as revision 11119 to svn://svn.ffmpeg.org/ffmpeg/trunk

diff --git a/libavcodec/huffman.c b/libavcodec/huffman.c
index f75346f..43a7855 100644
--- a/libavcodec/huffman.c
+++ b/libavcodec/huffman.c
@@ -82,6 +82,7 @@ int ff_huff_build_tree(AVCodecContext *avctx, VLC *vlc, int nb_codes,
     }
     qsort(nodes, nb_codes, sizeof(Node), cmp);
     cur_node = nb_codes;
+    nodes[nb_codes*2-1].count = 0;
     for(i = 0; i < nb_codes*2-1; i += 2){
         nodes[cur_node].sym = HNODE;
         nodes[cur_node].count = nodes[i].count + nodes[i+1].count;

-- 
Libav/FFmpeg packaging



[SCM] libav/experimental: Fix nodes[nb_codes*2-1].count being uninitialized and used to initialize nodes[nb_codes*2-2].count (thus making that invalid as well) in ff_huff_build_tree. Might fix some (hard to reproduce) crashes in VP6 decoder.

[SCM] libav/experimental: Fix nodes[nb_codes2-1].count being uninitialized and used to initialize nodes[nb_codes2-2].count (thus making that invalid as well) in ff_huff_build_tree. Might fix some (hard to reproduce) crashes in VP6 decoder.