summaryrefslogtreecommitdiff
path: root/libavcodec/roqvideodec.c
diff options
context:
space:
mode:
Diffstat (limited to 'libavcodec/roqvideodec.c')
-rw-r--r--libavcodec/roqvideodec.c37
1 files changed, 25 insertions, 12 deletions
diff --git a/libavcodec/roqvideodec.c b/libavcodec/roqvideodec.c
index bf5664b9e5..a6f213c4de 100644
--- a/libavcodec/roqvideodec.c
+++ b/libavcodec/roqvideodec.c
@@ -1,20 +1,20 @@
/*
* Copyright (C) 2003 the ffmpeg project
*
- * This file is part of Libav.
+ * This file is part of FFmpeg.
*
- * Libav is free software; you can redistribute it and/or
+ * FFmpeg is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
- * Libav is distributed in the hope that it will be useful,
+ * FFmpeg is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
- * License along with Libav; if not, write to the Free Software
+ * License along with FFmpeg; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
@@ -25,10 +25,6 @@
* http://www.csse.monash.edu.au/~timf/
*/
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
#include "avcodec.h"
#include "bytestream.h"
#include "roqvideo.h"
@@ -43,7 +39,7 @@ static void roqvideo_decode_frame(RoqContext *ri)
roq_qcell *qcell;
int64_t chunk_start;
- while (bytestream2_get_bytes_left(&ri->gb) > 0) {
+ while (bytestream2_get_bytes_left(&ri->gb) >= 8) {
chunk_id = bytestream2_get_le16(&ri->gb);
chunk_size = bytestream2_get_le32(&ri->gb);
chunk_arg = bytestream2_get_le16(&ri->gb);
@@ -71,9 +67,19 @@ static void roqvideo_decode_frame(RoqContext *ri)
chunk_start = bytestream2_tell(&ri->gb);
xpos = ypos = 0;
+
+ if (chunk_size > bytestream2_get_bytes_left(&ri->gb)) {
+ av_log(ri->avctx, AV_LOG_ERROR, "Chunk does not fit in input buffer\n");
+ chunk_size = bytestream2_get_bytes_left(&ri->gb);
+ }
+
while (bytestream2_tell(&ri->gb) < chunk_start + chunk_size) {
for (yp = ypos; yp < ypos + 16; yp += 8)
for (xp = xpos; xp < xpos + 16; xp += 8) {
+ if (bytestream2_tell(&ri->gb) >= chunk_start + chunk_size) {
+ av_log(ri->avctx, AV_LOG_ERROR, "Input buffer too small\n");
+ return;
+ }
if (vqflg_pos < 0) {
vqflg = bytestream2_get_le16(&ri->gb);
vqflg_pos = 7;
@@ -105,6 +111,10 @@ static void roqvideo_decode_frame(RoqContext *ri)
if(k & 0x01) x += 4;
if(k & 0x02) y += 4;
+ if (bytestream2_tell(&ri->gb) >= chunk_start + chunk_size) {
+ av_log(ri->avctx, AV_LOG_ERROR, "Input buffer too small\n");
+ return;
+ }
if (vqflg_pos < 0) {
vqflg = bytestream2_get_le16(&ri->gb);
vqflg_pos = 7;
@@ -161,6 +171,8 @@ static av_cold int roq_decode_init(AVCodecContext *avctx)
s->avctx = avctx;
s->width = avctx->width;
s->height = avctx->height;
+ avcodec_get_frame_defaults(&s->frames[0]);
+ avcodec_get_frame_defaults(&s->frames[1]);
s->last_frame = &s->frames[0];
s->current_frame = &s->frames[1];
avctx->pix_fmt = AV_PIX_FMT_YUV444P;
@@ -176,11 +188,12 @@ static int roq_decode_frame(AVCodecContext *avctx,
int buf_size = avpkt->size;
RoqContext *s = avctx->priv_data;
int copy= !s->current_frame->data[0];
+ int ret;
s->current_frame->reference = 3;
- if (avctx->reget_buffer(avctx, s->current_frame)) {
- av_log(avctx, AV_LOG_ERROR, " RoQ: get_buffer() failed\n");
- return -1;
+ if ((ret = avctx->reget_buffer(avctx, s->current_frame)) < 0) {
+ av_log(avctx, AV_LOG_ERROR, "reget_buffer() failed\n");
+ return ret;
}
if(copy)
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-11 04:37:47 +0000