diff options
author | Michael Niedermayer <michaelni@gmx.at> | 2008-03-20 16:29:18 +0000 |
---|---|---|
committer | Michael Niedermayer <michaelni@gmx.at> | 2008-03-20 16:29:18 +0000 |
commit | b7c407449b45481cae79dfa74075c9067d559081 (patch) | |
tree | d0ce6e818274051a243f06953e49c33e5ab9bfaa | |
parent | eb61405a077744778e763c1b49dee8715547d6bd (diff) | |
download | ffmpeg-b7c407449b45481cae79dfa74075c9067d559081.tar.gz |
One non functional AVPalette chunk less, one heap overflow less.
Fixes playback of CIMOVI01.avi.
Originally committed as revision 12517 to svn://svn.ffmpeg.org/ffmpeg/trunk
-rw-r--r-- | libavformat/avidec.c | 50 |
1 files changed, 21 insertions, 29 deletions
diff --git a/libavformat/avidec.c b/libavformat/avidec.c index 7634a95e9d..fdd796c55a 100644 --- a/libavformat/avidec.c +++ b/libavformat/avidec.c @@ -43,6 +43,8 @@ typedef struct AVIStream { int prefix; ///< normally 'd'<<8 + 'c' or 'w'<<8 + 'b' int prefix_count; + uint32_t pal[256]; + int has_pal; } AVIStream; typedef struct { @@ -684,6 +686,14 @@ resync: size= ast->remaining; av_get_packet(pb, pkt, size); + if(ast->has_pal && pkt->data && pkt->size<(unsigned)INT_MAX/2){ + ast->has_pal=0; + pkt->size += 4*256; + pkt->data = av_realloc(pkt->data, pkt->size + FF_INPUT_BUFFER_PADDING_SIZE); + if(pkt->data) + memcpy(pkt->data + pkt->size - 4*256, ast->pal, 4*256); + } + if (ENABLE_DV_DEMUXER && avi->dv_demux) { dstr = pkt->destruct; size = dv_produce_packet(avi->dv_demux, pkt, @@ -781,6 +791,17 @@ resync: goto resync; } + if (d[2] == 'p' && d[3] == 'c' && size<=4*256+4) { + int k = get_byte(pb); + int last = (k + get_byte(pb) - 1) & 0xFF; + + get_le16(pb); //flags + + for (; k <= last; k++) + ast->pal[k] = get_be32(pb)>>8;// b + (g << 8) + (r << 16); + ast->has_pal= 1; + goto resync; + } else if( ((ast->prefix_count<5 || sync+9 > i) && d[2]<128 && d[3]<128) || d[2]*256+d[3] == ast->prefix /*|| (d[2] == 'd' && d[3] == 'c') || @@ -807,35 +828,6 @@ resync: goto resync; } } - /* palette changed chunk */ - if ( d[0] >= '0' && d[0] <= '9' - && d[1] >= '0' && d[1] <= '9' - && ((d[2] == 'p' && d[3] == 'c')) - && n < s->nb_streams && i + size <= avi->fsize) { - - AVStream *st; - int first, clr, flags, k, p; - - st = s->streams[n]; - - first = get_byte(pb); - clr = get_byte(pb); - if(!clr) /* all 256 colors used */ - clr = 256; - flags = get_le16(pb); - p = 4; - for (k = first; k < clr + first; k++) { - int r, g, b; - r = get_byte(pb); - g = get_byte(pb); - b = get_byte(pb); - get_byte(pb); - st->codec->palctrl->palette[k] = b + (g << 8) + (r << 16); - } - st->codec->palctrl->palette_changed = 1; - goto resync; - } - } return -1; |