Commit e1065924 authored by Anton Khirnov's avatar Anton Khirnov

qtrle: add more checks against pixel_ptr being negative.

CC:libav-stable@libav.org
parent 4f3b058c
...@@ -117,6 +117,7 @@ static inline void qtrle_decode_2n4bpp(QtrleContext *s, int row_ptr, ...@@ -117,6 +117,7 @@ static inline void qtrle_decode_2n4bpp(QtrleContext *s, int row_ptr,
while (lines_to_change--) { while (lines_to_change--) {
pixel_ptr = row_ptr + (num_pixels * (bytestream2_get_byte(&s->g) - 1)); pixel_ptr = row_ptr + (num_pixels * (bytestream2_get_byte(&s->g) - 1));
CHECK_PIXEL_PTR(0);
while ((rle_code = (signed char)bytestream2_get_byte(&s->g)) != -1) { while ((rle_code = (signed char)bytestream2_get_byte(&s->g)) != -1) {
if (rle_code == 0) { if (rle_code == 0) {
...@@ -171,6 +172,7 @@ static void qtrle_decode_8bpp(QtrleContext *s, int row_ptr, int lines_to_change) ...@@ -171,6 +172,7 @@ static void qtrle_decode_8bpp(QtrleContext *s, int row_ptr, int lines_to_change)
while (lines_to_change--) { while (lines_to_change--) {
pixel_ptr = row_ptr + (4 * (bytestream2_get_byte(&s->g) - 1)); pixel_ptr = row_ptr + (4 * (bytestream2_get_byte(&s->g) - 1));
CHECK_PIXEL_PTR(0);
while ((rle_code = (signed char)bytestream2_get_byte(&s->g)) != -1) { while ((rle_code = (signed char)bytestream2_get_byte(&s->g)) != -1) {
if (rle_code == 0) { if (rle_code == 0) {
...@@ -220,6 +222,7 @@ static void qtrle_decode_16bpp(QtrleContext *s, int row_ptr, int lines_to_change ...@@ -220,6 +222,7 @@ static void qtrle_decode_16bpp(QtrleContext *s, int row_ptr, int lines_to_change
while (lines_to_change--) { while (lines_to_change--) {
pixel_ptr = row_ptr + (bytestream2_get_byte(&s->g) - 1) * 2; pixel_ptr = row_ptr + (bytestream2_get_byte(&s->g) - 1) * 2;
CHECK_PIXEL_PTR(0);
while ((rle_code = (signed char)bytestream2_get_byte(&s->g)) != -1) { while ((rle_code = (signed char)bytestream2_get_byte(&s->g)) != -1) {
if (rle_code == 0) { if (rle_code == 0) {
...@@ -263,6 +266,7 @@ static void qtrle_decode_24bpp(QtrleContext *s, int row_ptr, int lines_to_change ...@@ -263,6 +266,7 @@ static void qtrle_decode_24bpp(QtrleContext *s, int row_ptr, int lines_to_change
while (lines_to_change--) { while (lines_to_change--) {
pixel_ptr = row_ptr + (bytestream2_get_byte(&s->g) - 1) * 3; pixel_ptr = row_ptr + (bytestream2_get_byte(&s->g) - 1) * 3;
CHECK_PIXEL_PTR(0);
while ((rle_code = (signed char)bytestream2_get_byte(&s->g)) != -1) { while ((rle_code = (signed char)bytestream2_get_byte(&s->g)) != -1) {
if (rle_code == 0) { if (rle_code == 0) {
...@@ -309,6 +313,7 @@ static void qtrle_decode_32bpp(QtrleContext *s, int row_ptr, int lines_to_change ...@@ -309,6 +313,7 @@ static void qtrle_decode_32bpp(QtrleContext *s, int row_ptr, int lines_to_change
while (lines_to_change--) { while (lines_to_change--) {
pixel_ptr = row_ptr + (bytestream2_get_byte(&s->g) - 1) * 4; pixel_ptr = row_ptr + (bytestream2_get_byte(&s->g) - 1) * 4;
CHECK_PIXEL_PTR(0);
while ((rle_code = (signed char)bytestream2_get_byte(&s->g)) != -1) { while ((rle_code = (signed char)bytestream2_get_byte(&s->g)) != -1) {
if (rle_code == 0) { if (rle_code == 0) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment