From: Fiona Glaser <fiona@x264.com>
Date: Thu, 14 Jan 2010 01:21:31 +0000 (-0500)
Subject: Eliminate intentional array overflow in quant matrix handling
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c37a51005f305e7c339051e102fbcab266cbef83;p=libx264

Eliminate intentional array overflow in quant matrix handling
While it probably never caused problems, it was incredibly ugly and evil.
---

diff --git a/common/set.c b/common/set.c
index a7bca7db..f9379f08 100644
--- a/common/set.c
+++ b/common/set.c
@@ -184,26 +184,30 @@ fail:
     return -1;
 }
 
+#define CQM_DELETE( n, max )\
+    for( i = 0; i < max; i++ )\
+    {\
+        for( j = 0; j < i; j++ )\
+            if( h->quant##n##_mf[i] == h->quant##n##_mf[j] )\
+                break;\
+        if( j == i )\
+        {\
+            x264_free( h->  quant##n##_mf[i] );\
+            x264_free( h->dequant##n##_mf[i] );\
+            x264_free( h->unquant##n##_mf[i] );\
+        }\
+        for( j = 0; j < i; j++ )\
+            if( h->quant##n##_bias[i] == h->quant##n##_bias[j] )\
+                break;\
+        if( j == i )\
+            x264_free( h->quant##n##_bias[i] );\
+    }
+
 void x264_cqm_delete( x264_t *h )
 {
     int i, j;
-    for( i = 0; i < 6; i++ )
-    {
-        for( j = 0; j < i; j++ )
-            if( h->quant4_mf[i] == h->quant4_mf[j] )
-                break;
-        if( j == i )
-        {
-            x264_free( h->  quant4_mf[i] );
-            x264_free( h->dequant4_mf[i] );
-            x264_free( h->unquant4_mf[i] );
-        }
-        for( j = 0; j < i; j++ )
-            if( h->quant4_bias[i] == h->quant4_bias[j] )
-                break;
-        if( j == i )
-            x264_free( h->quant4_bias[i] );
-    }
+    CQM_DELETE( 4, 4 );
+    CQM_DELETE( 8, 2 );
 }
 
 static int x264_cqm_parse_jmlist( x264_t *h, const char *buf, const char *name,