diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2012-01-24 22:53:59 +0100 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2012-01-24 22:53:59 +0100 |
| commit | 1d9569f9e8361c3be06b9732c0b80639a51b4b87 (patch) | |
| tree | 95f5730b649726856ee2babd9c2bb30f9601f4b6 /libavcodec/rv10.c | |
| parent | 76c3e76eb35ce7cca5c912f0d21b736bb0be22fb (diff) | |
| parent | efe68076dab56293168ffb66d7b6c1977b740098 (diff) | |
Merge remote-tracking branch 'qatar/master'
* qatar/master: (23 commits)
aacenc: Fix identification padding when the bitstream is already aligned.
aacenc: Write correct length for long identification strings.
aud: remove unneeded field, audio_stream_index from context
aud: fix time stamp calculation for ADPCM IMA WS
aud: simplify header parsing
aud: set pts_wrap_bits to 64.
cosmetics: indentation
aud: support Westwood SND1 audio in AUD files.
adpcm_ima_ws: fix stereo decoding
avcodec: add a new codec_id for CRYO APC IMA ADPCM.
vqa: remove unused context fields, audio_samplerate and audio_bits
vqa: clean up audio header parsing
vqa: set time base to frame rate as coded in the header.
vqa: set packet duration.
vqa: use 1/sample_rate as the audio stream time base
vqa: set stream start_time to 0.
lavc: postpone the removal of AVCodecContext.request_channels.
lavf: postpone removing av_close_input_file().
lavc: postpone removing old audio encoding and decoding API
avplay: remove the -er option.
...
Conflicts:
Changelog
libavcodec/version.h
libavdevice/v4l.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat (limited to 'libavcodec/rv10.c')
| -rw-r--r-- | libavcodec/rv10.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/libavcodec/rv10.c b/libavcodec/rv10.c index 11e3f8b3fe..60760f681c 100644 --- a/libavcodec/rv10.c +++ b/libavcodec/rv10.c @@ -666,9 +666,12 @@ static int rv10_decode_frame(AVCodecContext *avctx, slice_count = avctx->slice_count; for(i=0; i<slice_count; i++){ - int offset= get_slice_offset(avctx, slices_hdr, i); + unsigned offset = get_slice_offset(avctx, slices_hdr, i); int size, size2; + if (offset >= buf_size) + return AVERROR_INVALIDDATA; + if(i+1 == slice_count) size= buf_size - offset; else @@ -679,6 +682,10 @@ static int rv10_decode_frame(AVCodecContext *avctx, else size2= get_slice_offset(avctx, slices_hdr, i+2) - offset; + if (size <= 0 || size2 <= 0 || + offset + FFMAX(size, size2) > buf_size) + return AVERROR_INVALIDDATA; + if(rv10_decode_packet(avctx, buf+offset, size, size2) > 8*size) i++; } |