From 01cb4c84f54a52725c9b4b4dd6c609c36cccc5d4 Mon Sep 17 00:00:00 2001 From: Jan Ekström Date: Thu, 23 Aug 2012 23:32:06 +0300 Subject: utvideodec: Fix single symbol mode decoding Put the zero length check in place of code that was never used during decoding, as zero-length slices were generally refused in decode_frame(). Signed-off-by: Kostya Shishkov --- libavcodec/utvideodec.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) (limited to 'libavcodec/utvideodec.c') diff --git a/libavcodec/utvideodec.c b/libavcodec/utvideodec.c index 8b71d62886..7ae2573140 100644 --- a/libavcodec/utvideodec.c +++ b/libavcodec/utvideodec.c @@ -134,12 +134,9 @@ static int decode_plane(UtvideoContext *c, int plane_no, slice_size = slice_data_end - slice_data_start; if (!slice_size) { - for (j = sstart; j < send; j++) { - for (i = 0; i < width * step; i += step) - dest[i] = 0x80; - dest += stride; - } - continue; + av_log(c->avctx, AV_LOG_ERROR, "Plane has more than one symbol " + "yet a slice has a length of zero.\n"); + goto fail; } memcpy(c->slice_bits, src + slice_data_start + c->slices * 4, @@ -361,7 +358,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, for (j = 0; j < c->slices; j++) { slice_end = bytestream2_get_le32u(&gb); slice_size = slice_end - slice_start; - if (slice_end <= 0 || slice_size <= 0 || + if (slice_end < 0 || slice_size < 0 || bytestream2_get_bytes_left(&gb) < slice_end) { av_log(avctx, AV_LOG_ERROR, "Incorrect slice size\n"); return AVERROR_INVALIDDATA; -- cgit v1.2.3