Skip to content

F
ffmpeg.wasm-core
Commit 4401958f authored by Michael Niedermayer's avatar Michael Niedermayer
Browse files
Options

motionpixels: Propagate errors in vlc table init 

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
parent e149127b
Hide whitespace changes
Inline Side-by-side
Showing with 14 additions and 7 deletions
libavcodec/motionpixels.c
View file @ 4401958f
...@@ -101,38 +101,44 @@ static void mp_read_changes_map(MotionPixelsContext *mp, GetBitContext *gb, int ...@@ -101,38 +101,44 @@ static void mp_read_changes_map(MotionPixelsContext *mp, GetBitContext *gb, int
} }
} }
static void mp_get_code(MotionPixelsContext *mp, GetBitContext *gb, int size, int code) static int mp_get_code(MotionPixelsContext *mp, GetBitContext *gb, int size, int code)
{ {
while (get_bits1(gb)) { while (get_bits1(gb)) {
++size; ++size;
if (size > mp->max_codes_bits) { if (size > mp->max_codes_bits) {
av_log(mp->avctx, AV_LOG_ERROR, "invalid code size %d/%d\n", size, mp->max_codes_bits); av_log(mp->avctx, AV_LOG_ERROR, "invalid code size %d/%d\n", size, mp->max_codes_bits);
return; return AVERROR_INVALIDDATA;
} }
code <<= 1; code <<= 1;
mp_get_code(mp, gb, size, code + 1); if (mp_get_code(mp, gb, size, code + 1) < 0)
return AVERROR_INVALIDDATA;
} }
if (mp->current_codes_count >= MAX_HUFF_CODES) { if (mp->current_codes_count >= MAX_HUFF_CODES) {
av_log(mp->avctx, AV_LOG_ERROR, "too many codes\n"); av_log(mp->avctx, AV_LOG_ERROR, "too many codes\n");
return; return AVERROR_INVALIDDATA;
} }
mp->codes[mp->current_codes_count ].code = code; mp->codes[mp->current_codes_count ].code = code;
mp->codes[mp->current_codes_count++].size = size; mp->codes[mp->current_codes_count++].size = size;
return 0;
} }
static void mp_read_codes_table(MotionPixelsContext *mp, GetBitContext *gb) static int mp_read_codes_table(MotionPixelsContext *mp, GetBitContext *gb)
{ {
if (mp->codes_count == 1) { if (mp->codes_count == 1) {
mp->codes[0].delta = get_bits(gb, 4); mp->codes[0].delta = get_bits(gb, 4);
} else { } else {
int i; int i;
int ret;
mp->max_codes_bits = get_bits(gb, 4); mp->max_codes_bits = get_bits(gb, 4);
for (i = 0; i < mp->codes_count; ++i) for (i = 0; i < mp->codes_count; ++i)
mp->codes[i].delta = get_bits(gb, 4); mp->codes[i].delta = get_bits(gb, 4);
mp->current_codes_count = 0; mp->current_codes_count = 0;
mp_get_code(mp, gb, 0, 0); if ((ret = mp_get_code(mp, gb, 0, 0)) < 0)
return ret;
} }
return 0;
} }
static int mp_gradient(MotionPixelsContext *mp, int component, int v) static int mp_gradient(MotionPixelsContext *mp, int component, int v)
...@@ -287,7 +293,8 @@ static int mp_decode_frame(AVCodecContext *avctx, ...@@ -287,7 +293,8 @@ static int mp_decode_frame(AVCodecContext *avctx,
*(uint16_t *)mp->frame.data[0] = get_bits(&gb, 15); *(uint16_t *)mp->frame.data[0] = get_bits(&gb, 15);
mp->changes_map[0] = 1; mp->changes_map[0] = 1;
} }
mp_read_codes_table(mp, &gb); if (mp_read_codes_table(mp, &gb) < 0)
goto end;
sz = get_bits(&gb, 18); sz = get_bits(&gb, 18);
if (avctx->extradata[0] != 5) if (avctx->extradata[0] != 5)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment