Skip to content

F
ffmpeg.wasm-core
Commit 2578a546 authored by Andreas Cadhalpun's avatar Andreas Cadhalpun Committed by Michael Niedermayer
Browse files
Options

avcodec/rv10: check size of s->mb_width * s->mb_height 

If it doesn't fit into 12 bits it triggers an assertion.
Signed-off-by: 's avatarAndreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
parent 618021ea
Show whitespace changes
Inline Side-by-side
Showing with 12 additions and 4 deletions
libavcodec/mpegvideo.h
View file @ 2578a546
...@@ -879,7 +879,7 @@ extern const uint8_t ff_aic_dc_scale_table[32]; ...@@ -879,7 +879,7 @@ extern const uint8_t ff_aic_dc_scale_table[32];
extern const uint8_t ff_h263_chroma_qscale_table[32]; extern const uint8_t ff_h263_chroma_qscale_table[32];
/* rv10.c */ /* rv10.c */
void ff_rv10_encode_picture_header(MpegEncContext *s, int picture_number); int ff_rv10_encode_picture_header(MpegEncContext *s, int picture_number);
int ff_rv_decode_dc(MpegEncContext *s, int n); int ff_rv_decode_dc(MpegEncContext *s, int n);
void ff_rv20_encode_picture_header(MpegEncContext *s, int picture_number); void ff_rv20_encode_picture_header(MpegEncContext *s, int picture_number);
......
libavcodec/mpegvideo_enc.c
View file @ 2578a546
...@@ -3706,8 +3706,11 @@ static int encode_picture(MpegEncContext *s, int picture_number) ...@@ -3706,8 +3706,11 @@ static int encode_picture(MpegEncContext *s, int picture_number)
ff_msmpeg4_encode_picture_header(s, picture_number); ff_msmpeg4_encode_picture_header(s, picture_number);
else if (CONFIG_MPEG4_ENCODER && s->h263_pred) else if (CONFIG_MPEG4_ENCODER && s->h263_pred)
ff_mpeg4_encode_picture_header(s, picture_number); ff_mpeg4_encode_picture_header(s, picture_number);
else if (CONFIG_RV10_ENCODER && s->codec_id == AV_CODEC_ID_RV10) else if (CONFIG_RV10_ENCODER && s->codec_id == AV_CODEC_ID_RV10) {
ff_rv10_encode_picture_header(s, picture_number); ret = ff_rv10_encode_picture_header(s, picture_number);
if (ret < 0)
return ret;
}
else if (CONFIG_RV20_ENCODER && s->codec_id == AV_CODEC_ID_RV20) else if (CONFIG_RV20_ENCODER && s->codec_id == AV_CODEC_ID_RV20)
ff_rv20_encode_picture_header(s, picture_number); ff_rv20_encode_picture_header(s, picture_number);
else if (CONFIG_FLV_ENCODER && s->codec_id == AV_CODEC_ID_FLV1) else if (CONFIG_FLV_ENCODER && s->codec_id == AV_CODEC_ID_FLV1)
......
libavcodec/rv10enc.c
View file @ 2578a546
...@@ -28,7 +28,7 @@ ...@@ -28,7 +28,7 @@
#include "mpegvideo.h" #include "mpegvideo.h"
#include "put_bits.h" #include "put_bits.h"
void ff_rv10_encode_picture_header(MpegEncContext *s, int picture_number) int ff_rv10_encode_picture_header(MpegEncContext *s, int picture_number)
{ {
int full_frame= 0; int full_frame= 0;
...@@ -48,12 +48,17 @@ void ff_rv10_encode_picture_header(MpegEncContext *s, int picture_number) ...@@ -48,12 +48,17 @@ void ff_rv10_encode_picture_header(MpegEncContext *s, int picture_number)
/* if multiple packets per frame are sent, the position at which /* if multiple packets per frame are sent, the position at which
to display the macroblocks is coded here */ to display the macroblocks is coded here */
if(!full_frame){ if(!full_frame){
if (s->mb_width * s->mb_height >= (1U << 12)) {
avpriv_report_missing_feature(s, "Encoding frames with 4096 or more macroblocks");
return AVERROR(ENOSYS);
}
put_bits(&s->pb, 6, 0); /* mb_x */ put_bits(&s->pb, 6, 0); /* mb_x */
put_bits(&s->pb, 6, 0); /* mb_y */ put_bits(&s->pb, 6, 0); /* mb_y */
put_bits(&s->pb, 12, s->mb_width * s->mb_height); put_bits(&s->pb, 12, s->mb_width * s->mb_height);
} }
put_bits(&s->pb, 3, 0); /* ignored */ put_bits(&s->pb, 3, 0); /* ignored */
return 0;
} }
FF_MPV_GENERIC_CLASS(rv10) FF_MPV_GENERIC_CLASS(rv10)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment