aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorReimar Döffinger <Reimar.Doeffinger@gmx.de>2011-11-05 22:26:42 +0100
committerReimar Döffinger <Reimar.Doeffinger@gmx.de>2011-11-05 23:25:20 +0100
commit4e6413c67d3f80d24db2caa9ce5f030225e67e2f (patch)
tree92726d2b680bcf40f10ce068c8da58fc9375c8c9
parentfffa4530f92ea29594d4b39cf7c9922aa6a7bab3 (diff)
downloadffmpeg-4e6413c67d3f80d24db2caa9ce5f030225e67e2f.tar.gz
rtjpeg: check get_block return value for error.
This avoids crashes due to reading out-of-bounds. Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
-rw-r--r--libavcodec/rtjpeg.c25
1 files changed, 13 insertions, 12 deletions
diff --git a/libavcodec/rtjpeg.c b/libavcodec/rtjpeg.c
index 1827c9111b..07e4f02e67 100644
--- a/libavcodec/rtjpeg.c
+++ b/libavcodec/rtjpeg.c
@@ -114,24 +114,25 @@ int rtjpeg_decode_frame_yuv420(RTJpegContext *c, AVFrame *f,
init_get_bits(&gb, buf, buf_size * 8);
for (y = 0; y < h; y++) {
for (x = 0; x < w; x++) {
+#define BLOCK(quant, dst, stride) do { \
+ int res = get_block(&gb, block, c->scan, quant); \
+ if (res < 0) \
+ return res; \
+ if (res > 0) \
+ c->dsp->idct_put(dst, stride, block); \
+} while (0)
DCTELEM *block = c->block;
- if (get_block(&gb, block, c->scan, c->lquant) > 0)
- c->dsp->idct_put(y1, f->linesize[0], block);
+ BLOCK(c->lquant, y1, f->linesize[0]);
y1 += 8;
- if (get_block(&gb, block, c->scan, c->lquant) > 0)
- c->dsp->idct_put(y1, f->linesize[0], block);
+ BLOCK(c->lquant, y1, f->linesize[0]);
y1 += 8;
- if (get_block(&gb, block, c->scan, c->lquant) > 0)
- c->dsp->idct_put(y2, f->linesize[0], block);
+ BLOCK(c->lquant, y2, f->linesize[0]);
y2 += 8;
- if (get_block(&gb, block, c->scan, c->lquant) > 0)
- c->dsp->idct_put(y2, f->linesize[0], block);
+ BLOCK(c->lquant, y2, f->linesize[0]);
y2 += 8;
- if (get_block(&gb, block, c->scan, c->cquant) > 0)
- c->dsp->idct_put(u, f->linesize[1], block);
+ BLOCK(c->cquant, u, f->linesize[1]);
u += 8;
- if (get_block(&gb, block, c->scan, c->cquant) > 0)
- c->dsp->idct_put(v, f->linesize[2], block);
+ BLOCK(c->cquant, v, f->linesize[2]);
v += 8;
}
y1 += 2 * 8 * (f->linesize[0] - w);