diff options
author | Nicolas George <nicolas.george@normalesup.org> | 2012-07-29 00:12:27 +0200 |
---|---|---|
committer | Nicolas George <nicolas.george@normalesup.org> | 2012-07-31 17:25:36 +0200 |
commit | 91ec1c6cc35e3c7950fa5acf80568672ad538f14 (patch) | |
tree | 371ab6d0a680212e25a0c3aa23a812a2fb6129b3 /libavcodec/loco.c | |
parent | b2814b034ee287691a133f11a7443516549f572f (diff) | |
download | ffmpeg-91ec1c6cc35e3c7950fa5acf80568672ad538f14.tar.gz |
loco: take decode overflow into account.
Commit 2bf0982 introduced an overflow check in loco_decode_plane,
but the error code is never taken into account, leading to
completely idiotic return values.
Diffstat (limited to 'libavcodec/loco.c')
-rw-r--r-- | libavcodec/loco.c | 23 |
1 files changed, 14 insertions, 9 deletions
diff --git a/libavcodec/loco.c b/libavcodec/loco.c index 9f14757612..cc8ce21c12 100644 --- a/libavcodec/loco.c +++ b/libavcodec/loco.c @@ -179,51 +179,56 @@ static int decode_frame(AVCodecContext *avctx, } p->key_frame = 1; +#define ADVANCE_BY_DECODED do { \ + if (decoded < 0) goto stop; \ + buf += decoded; buf_size -= decoded; \ +} while(0) switch(l->mode) { case LOCO_CYUY2: case LOCO_YUY2: case LOCO_UYVY: decoded = loco_decode_plane(l, p->data[0], avctx->width, avctx->height, p->linesize[0], buf, buf_size, 1); - buf += decoded; buf_size -= decoded; + ADVANCE_BY_DECODED; decoded = loco_decode_plane(l, p->data[1], avctx->width / 2, avctx->height, p->linesize[1], buf, buf_size, 1); - buf += decoded; buf_size -= decoded; + ADVANCE_BY_DECODED; decoded = loco_decode_plane(l, p->data[2], avctx->width / 2, avctx->height, p->linesize[2], buf, buf_size, 1); break; case LOCO_CYV12: case LOCO_YV12: decoded = loco_decode_plane(l, p->data[0], avctx->width, avctx->height, p->linesize[0], buf, buf_size, 1); - buf += decoded; buf_size -= decoded; + ADVANCE_BY_DECODED; decoded = loco_decode_plane(l, p->data[2], avctx->width / 2, avctx->height / 2, p->linesize[2], buf, buf_size, 1); - buf += decoded; buf_size -= decoded; + ADVANCE_BY_DECODED; decoded = loco_decode_plane(l, p->data[1], avctx->width / 2, avctx->height / 2, p->linesize[1], buf, buf_size, 1); break; case LOCO_CRGB: case LOCO_RGB: decoded = loco_decode_plane(l, p->data[0] + p->linesize[0]*(avctx->height-1), avctx->width, avctx->height, -p->linesize[0], buf, buf_size, 3); - buf += decoded; buf_size -= decoded; + ADVANCE_BY_DECODED; decoded = loco_decode_plane(l, p->data[0] + p->linesize[0]*(avctx->height-1) + 1, avctx->width, avctx->height, -p->linesize[0], buf, buf_size, 3); - buf += decoded; buf_size -= decoded; + ADVANCE_BY_DECODED; decoded = loco_decode_plane(l, p->data[0] + p->linesize[0]*(avctx->height-1) + 2, avctx->width, avctx->height, -p->linesize[0], buf, buf_size, 3); break; case LOCO_CRGBA: case LOCO_RGBA: decoded = loco_decode_plane(l, p->data[0], avctx->width, avctx->height, p->linesize[0], buf, buf_size, 4); - buf += decoded; buf_size -= decoded; + ADVANCE_BY_DECODED; decoded = loco_decode_plane(l, p->data[0] + 1, avctx->width, avctx->height, p->linesize[0], buf, buf_size, 4); - buf += decoded; buf_size -= decoded; + ADVANCE_BY_DECODED; decoded = loco_decode_plane(l, p->data[0] + 2, avctx->width, avctx->height, p->linesize[0], buf, buf_size, 4); - buf += decoded; buf_size -= decoded; + ADVANCE_BY_DECODED; decoded = loco_decode_plane(l, p->data[0] + 3, avctx->width, avctx->height, p->linesize[0], buf, buf_size, 4); break; } +stop: *data_size = sizeof(AVFrame); *(AVFrame*)data = l->pic; |