diff options
author | Paul B Mahol <onemda@gmail.com> | 2012-03-12 14:27:04 +0000 |
---|---|---|
committer | Martin Storsjö <martin@martin.st> | 2012-03-12 17:13:42 +0200 |
commit | 85aded741e03b17b0cc5c588b1f5acbcb25d7996 (patch) | |
tree | 5356287b3b9d86a9a1b8cc42d30fc1396402ceab | |
parent | 947e103a8faf245bf503b15ad9875e917889c0ca (diff) | |
download | ffmpeg-85aded741e03b17b0cc5c588b1f5acbcb25d7996.tar.gz |
c93: convert to bytestream2 API
Protects against overreads.
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Martin Storsjö <martin@martin.st>
-rw-r--r-- | libavcodec/c93.c | 52 |
1 files changed, 27 insertions, 25 deletions
diff --git a/libavcodec/c93.c b/libavcodec/c93.c index ecfd035d75..5990529112 100644 --- a/libavcodec/c93.c +++ b/libavcodec/c93.c @@ -121,8 +121,9 @@ static int decode_frame(AVCodecContext *avctx, void *data, AVFrame * const newpic = &c93->pictures[c93->currentpic]; AVFrame * const oldpic = &c93->pictures[c93->currentpic^1]; AVFrame *picture = data; + GetByteContext gb; uint8_t *out; - int stride, i, x, y, bt = 0; + int stride, i, x, y, b, bt = 0; c93->currentpic ^= 1; @@ -136,7 +137,9 @@ static int decode_frame(AVCodecContext *avctx, void *data, stride = newpic->linesize[0]; - if (buf[0] & C93_FIRST_FRAME) { + bytestream2_init(&gb, buf, buf_size); + b = bytestream2_get_byte(&gb); + if (b & C93_FIRST_FRAME) { newpic->pict_type = AV_PICTURE_TYPE_I; newpic->key_frame = 1; } else { @@ -144,17 +147,6 @@ static int decode_frame(AVCodecContext *avctx, void *data, newpic->key_frame = 0; } - if (*buf++ & C93_HAS_PALETTE) { - uint32_t *palette = (uint32_t *) newpic->data[1]; - const uint8_t *palbuf = buf + buf_size - 768 - 1; - for (i = 0; i < 256; i++) { - palette[i] = bytestream_get_be24(&palbuf); - } - } else { - if (oldpic->data[1]) - memcpy(newpic->data[1], oldpic->data[1], 256 * 4); - } - for (y = 0; y < HEIGHT; y += 8) { out = newpic->data[0] + y * stride; for (x = 0; x < WIDTH; x += 8) { @@ -164,12 +156,12 @@ static int decode_frame(AVCodecContext *avctx, void *data, C93BlockType block_type; if (!bt) - bt = *buf++; + bt = bytestream2_get_byte(&gb); block_type= bt & 0x0F; switch (block_type) { case C93_8X8_FROM_PREV: - offset = bytestream_get_le16(&buf); + offset = bytestream2_get_le16(&gb); if (copy_block(avctx, out, copy_from, offset, 8, stride)) return -1; break; @@ -179,7 +171,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, case C93_4X4_FROM_PREV: for (j = 0; j < 8; j += 4) { for (i = 0; i < 8; i += 4) { - offset = bytestream_get_le16(&buf); + offset = bytestream2_get_le16(&gb); if (copy_block(avctx, &out[j*stride+i], copy_from, offset, 4, stride)) return -1; @@ -188,10 +180,10 @@ static int decode_frame(AVCodecContext *avctx, void *data, break; case C93_8X8_2COLOR: - bytestream_get_buffer(&buf, cols, 2); + bytestream2_get_buffer(&gb, cols, 2); for (i = 0; i < 8; i++) { draw_n_color(out + i*stride, stride, 8, 1, 1, cols, - NULL, *buf++); + NULL, bytestream2_get_byte(&gb)); } break; @@ -202,17 +194,17 @@ static int decode_frame(AVCodecContext *avctx, void *data, for (j = 0; j < 8; j += 4) { for (i = 0; i < 8; i += 4) { if (block_type == C93_4X4_2COLOR) { - bytestream_get_buffer(&buf, cols, 2); + bytestream2_get_buffer(&gb, cols, 2); draw_n_color(out + i + j*stride, stride, 4, 4, - 1, cols, NULL, bytestream_get_le16(&buf)); + 1, cols, NULL, bytestream2_get_le16(&gb)); } else if (block_type == C93_4X4_4COLOR) { - bytestream_get_buffer(&buf, cols, 4); + bytestream2_get_buffer(&gb, cols, 4); draw_n_color(out + i + j*stride, stride, 4, 4, - 2, cols, NULL, bytestream_get_le32(&buf)); + 2, cols, NULL, bytestream2_get_le32(&gb)); } else { - bytestream_get_buffer(&buf, grps, 4); + bytestream2_get_buffer(&gb, grps, 4); draw_n_color(out + i + j*stride, stride, 4, 4, - 1, cols, grps, bytestream_get_le16(&buf)); + 1, cols, grps, bytestream2_get_le16(&gb)); } } } @@ -223,7 +215,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, case C93_8X8_INTRA: for (j = 0; j < 8; j++) - bytestream_get_buffer(&buf, out + j*stride, 8); + bytestream2_get_buffer(&gb, out + j*stride, 8); break; default: @@ -236,6 +228,16 @@ static int decode_frame(AVCodecContext *avctx, void *data, } } + if (b & C93_HAS_PALETTE) { + uint32_t *palette = (uint32_t *) newpic->data[1]; + for (i = 0; i < 256; i++) { + palette[i] = bytestream2_get_be24(&gb); + } + } else { + if (oldpic->data[1]) + memcpy(newpic->data[1], oldpic->data[1], 256 * 4); + } + *picture = *newpic; *data_size = sizeof(AVFrame); |