diff options
| author | Aneesh Dogra <lionaneesh@gmail.com> | 2012-01-10 23:38:03 +0530 |
|---|---|---|
| committer | Ronald S. Bultje <rsbultje@gmail.com> | 2012-01-10 10:34:16 -0800 |
| commit | 29112db8c0f65886e69cbbd6f4e5c44d2d14d238 (patch) | |
| tree | 4b438a62440154f9ea4e8d5243c04a8ea9c980e9 /libavcodec/bethsoftvideo.c | |
| parent | 84e5159e25d2fd35bdceef4678c199e27d1b88ce (diff) | |
| download | ffmpeg-29112db8c0f65886e69cbbd6f4e5c44d2d14d238.tar.gz | |
bethsoftvideo: Use bytestream2 functions to prevent buffer overreads.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
Diffstat (limited to 'libavcodec/bethsoftvideo.c')
| -rw-r--r-- | libavcodec/bethsoftvideo.c | 36 |
1 files changed, 19 insertions, 17 deletions
diff --git a/libavcodec/bethsoftvideo.c b/libavcodec/bethsoftvideo.c index f4020d6ee5..fa0457cc66 100644 --- a/libavcodec/bethsoftvideo.c +++ b/libavcodec/bethsoftvideo.c @@ -34,6 +34,7 @@ typedef struct BethsoftvidContext { AVFrame frame; + GetByteContext g; } BethsoftvidContext; static av_cold int bethsoftvid_decode_init(AVCodecContext *avctx) @@ -46,18 +47,18 @@ static av_cold int bethsoftvid_decode_init(AVCodecContext *avctx) return 0; } -static int set_palette(AVFrame * frame, const uint8_t * palette_buffer, int buf_size) +static int set_palette(BethsoftvidContext *ctx) { - uint32_t * palette = (uint32_t *)frame->data[1]; + uint32_t *palette = (uint32_t *)ctx->frame.data[1]; int a; - if (buf_size < 256*3) + if (bytestream2_get_bytes_left(&ctx->g) < 256*3) return AVERROR_INVALIDDATA; for(a = 0; a < 256; a++){ - palette[a] = AV_RB24(&palette_buffer[a * 3]) * 4; + palette[a] = bytestream2_get_be24u(&ctx->g) * 4; } - frame->palette_has_changed = 1; + ctx->frame.palette_has_changed = 1; return 256*3; } @@ -65,8 +66,6 @@ static int bethsoftvid_decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPacket *avpkt) { - const uint8_t *buf = avpkt->data; - int buf_size = avpkt->size; BethsoftvidContext * vid = avctx->priv_data; char block_type; uint8_t * dst; @@ -80,29 +79,32 @@ static int bethsoftvid_decode_frame(AVCodecContext *avctx, av_log(avctx, AV_LOG_ERROR, "reget_buffer() failed\n"); return -1; } + + bytestream2_init(&vid->g, avpkt->data, avpkt->size); dst = vid->frame.data[0]; frame_end = vid->frame.data[0] + vid->frame.linesize[0] * avctx->height; - switch(block_type = *buf++){ - case PALETTE_BLOCK: - return set_palette(&vid->frame, buf, buf_size); + switch(block_type = bytestream2_get_byte(&vid->g)){ + case PALETTE_BLOCK: { + return set_palette(vid); + } case VIDEO_YOFF_P_FRAME: - yoffset = bytestream_get_le16(&buf); + yoffset = bytestream2_get_le16(&vid->g); if(yoffset >= avctx->height) return -1; dst += vid->frame.linesize[0] * yoffset; } // main code - while((code = *buf++)){ + while((code = bytestream2_get_byte(&vid->g))){ int length = code & 0x7f; // copy any bytes starting at the current position, and ending at the frame width while(length > remaining){ if(code < 0x80) - bytestream_get_buffer(&buf, dst, remaining); + bytestream2_get_buffer(&vid->g, dst, remaining); else if(block_type == VIDEO_I_FRAME) - memset(dst, buf[0], remaining); + memset(dst, bytestream2_peek_byte(&vid->g), remaining); length -= remaining; // decrement the number of bytes to be copied dst += remaining + wrap_to_next_line; // skip over extra bytes at end of frame remaining = avctx->width; @@ -112,9 +114,9 @@ static int bethsoftvid_decode_frame(AVCodecContext *avctx, // copy any remaining bytes after / if line overflows if(code < 0x80) - bytestream_get_buffer(&buf, dst, length); + bytestream2_get_buffer(&vid->g, dst, length); else if(block_type == VIDEO_I_FRAME) - memset(dst, *buf++, length); + memset(dst, bytestream2_get_byte(&vid->g), length); remaining -= length; dst += length; } @@ -123,7 +125,7 @@ static int bethsoftvid_decode_frame(AVCodecContext *avctx, *data_size = sizeof(AVFrame); *(AVFrame*)data = vid->frame; - return buf_size; + return avpkt->size; } static av_cold int bethsoftvid_decode_end(AVCodecContext *avctx) |