Commit c5b2fe16 authored by Kostya Shishkov's avatar Kostya Shishkov

Some BMP files have file size declared in the header equal to headers size

without image data, so try to correct that value before conducting checks on
declared file size.

Originally committed as revision 15924 to svn://svn.ffmpeg.org/ffmpeg/trunk
parent e282307b
...@@ -73,18 +73,22 @@ static int bmp_decode_frame(AVCodecContext *avctx, ...@@ -73,18 +73,22 @@ static int bmp_decode_frame(AVCodecContext *avctx,
buf += 2; /* reserved2 */ buf += 2; /* reserved2 */
hsize = bytestream_get_le32(&buf); /* header size */ hsize = bytestream_get_le32(&buf); /* header size */
if(fsize <= hsize){
av_log(avctx, AV_LOG_ERROR, "declared file size is less than header size (%d < %d)\n",
fsize, hsize);
return -1;
}
ihsize = bytestream_get_le32(&buf); /* more header size */ ihsize = bytestream_get_le32(&buf); /* more header size */
if(ihsize + 14 > hsize){ if(ihsize + 14 > hsize){
av_log(avctx, AV_LOG_ERROR, "invalid header size %d\n", hsize); av_log(avctx, AV_LOG_ERROR, "invalid header size %d\n", hsize);
return -1; return -1;
} }
/* sometimes file size is set to some headers size, set a real size in that case */
if(fsize == 14 || fsize == ihsize + 14)
fsize = buf_size - 2;
if(fsize <= hsize){
av_log(avctx, AV_LOG_ERROR, "declared file size is less than header size (%d < %d)\n",
fsize, hsize);
return -1;
}
switch(ihsize){ switch(ihsize){
case 40: // windib v3 case 40: // windib v3
case 64: // OS/2 v2 case 64: // OS/2 v2
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment