diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2012-01-06 02:45:12 +0100 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2012-01-06 02:45:12 +0100 |
| commit | 3edff185abfdd089b88ecc5770e5f6a963055a97 (patch) | |
| tree | 62407714d095f71c370e07c78c2c019ab01ff324 /libavcodec/4xm.c | |
| parent | ee4d43ef7a89626de8eaf02bec5a7ca44d96edbf (diff) | |
| parent | f5be84cfbc9c132a867ae8a8c0e0de26ed1a4e88 (diff) | |
Merge remote-tracking branch 'qatar/master'
* qatar/master: (21 commits)
ipmovie: do not read audio packets before the codec is known
truemotion2: check size before GetBitContext initialisation
avio: Only do implicit network initialization for network protocols
avio: Add an URLProtocol flag for indicating that a protocol uses network
adpcm: ADPCM Electronic Arts has always two channels
matroskadec: Fix a bug where a pointer was cached to an array that might later move due to a realloc()
fate: Add missing reference file from 9b4767e4.
mov: Support MOV_CH_LAYOUT_USE_DESCRIPTIONS for labeled descriptions.
4xm: Prevent buffer overreads.
mjpegdec: parse RSTn to prevent skipping other data in mjpeg_decode_scan
vp3: add fate test for non-zero last coefficient
vp3: fix streams with non-zero last coefficient
swscale: remove unused U/V arguments from yuv2rgb_write().
timer: K&R formatting cosmetics
lavf: cosmetics, reformat av_read_frame().
lavf: refactor av_read_frame() to make it easier to understand.
Report an error if pitch_lag is zero in AMR-NB decoder.
Revert "4xm: Prevent buffer overreads."
4xm: Prevent buffer overreads.
4xm: pass the correct remaining buffer size to decode_i2_frame().
...
Conflicts:
libavcodec/4xm.c
libavcodec/mjpegdec.c
libavcodec/truemotion2.c
libavformat/ipmovie.c
libavformat/mov_chan.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat (limited to 'libavcodec/4xm.c')
| -rw-r--r-- | libavcodec/4xm.c | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/libavcodec/4xm.c b/libavcodec/4xm.c index e57ce90df6..d665436844 100644 --- a/libavcodec/4xm.c +++ b/libavcodec/4xm.c @@ -643,9 +643,17 @@ static int decode_i2_frame(FourXContext *f, const uint8_t *buf, int length){ int x, y, x2, y2; const int width= f->avctx->width; const int height= f->avctx->height; + const int mbs = (FFALIGN(width, 16) >> 4) * (FFALIGN(height, 16) >> 4); uint16_t *dst= (uint16_t*)f->current_picture.data[0]; const int stride= f->current_picture.linesize[0]>>1; const uint8_t *buf_end = buf + length; + GetByteContext g3; + + if(length < mbs * 8) { + av_log(f->avctx, AV_LOG_ERROR, "packet size too small\n"); + return AVERROR_INVALIDDATA; + } + bytestream2_init(&g3, buf, length); for(y=0; y<height; y+=16){ for(x=0; x<width; x+=16){ @@ -654,8 +662,8 @@ static int decode_i2_frame(FourXContext *f, const uint8_t *buf, int length){ return -1; memset(color, 0, sizeof(color)); //warning following is purely guessed ... - color[0]= bytestream_get_le16(&buf); - color[1]= bytestream_get_le16(&buf); + color[0]= bytestream2_get_le16u(&g3); + color[1]= bytestream2_get_le16u(&g3); if(color[0]&0x8000) av_log(NULL, AV_LOG_ERROR, "unk bit 1\n"); if(color[1]&0x8000) av_log(NULL, AV_LOG_ERROR, "unk bit 2\n"); @@ -663,7 +671,7 @@ static int decode_i2_frame(FourXContext *f, const uint8_t *buf, int length){ color[2]= mix(color[0], color[1]); color[3]= mix(color[1], color[0]); - bits= bytestream_get_le32(&buf); + bits= bytestream2_get_le32u(&g3); for(y2=0; y2<16; y2++){ for(x2=0; x2<16; x2++){ int index= 2*(x2>>2) + 8*(y2>>2); @@ -672,7 +680,7 @@ static int decode_i2_frame(FourXContext *f, const uint8_t *buf, int length){ } dst+=16; } - dst += 16*stride - width; + dst += 16 * stride - x; } return 0; @@ -823,7 +831,7 @@ static int decode_frame(AVCodecContext *avctx, if(frame_4cc == AV_RL32("ifr2")){ p->pict_type= AV_PICTURE_TYPE_I; - if(decode_i2_frame(f, buf-4, frame_size+4) < 0){ + if(decode_i2_frame(f, buf-4, frame_size + 4) < 0) { av_log(f->avctx, AV_LOG_ERROR, "decode i2 frame failed\n"); return -1; } |