Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Contribute to GitLab
Sign in / Register
Toggle navigation
F
ffmpeg.wasm-core
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Linshizhi
ffmpeg.wasm-core
Commits
feab761b
Commit
feab761b
authored
Jun 27, 2017
by
Paul B Mahol
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
avcodec/interplayvideo: properly check if there is enough bytes left
Signed-off-by:
Paul B Mahol
<
onemda@gmail.com
>
parent
c4cbaec6
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
10 additions
and
0 deletions
+10
-0
interplayvideo.c
libavcodec/interplayvideo.c
+10
-0
No files found.
libavcodec/interplayvideo.c
View file @
feab761b
...
@@ -1233,6 +1233,10 @@ static int ipvideo_decode_frame(AVCodecContext *avctx,
...
@@ -1233,6 +1233,10 @@ static int ipvideo_decode_frame(AVCodecContext *avctx,
s
->
decoding_map_size
=
((
s
->
avctx
->
width
/
8
)
*
(
s
->
avctx
->
height
/
8
))
*
2
;
s
->
decoding_map_size
=
((
s
->
avctx
->
width
/
8
)
*
(
s
->
avctx
->
height
/
8
))
*
2
;
s
->
decoding_map
=
buf
+
8
+
14
;
/* 14 bits of op data */
s
->
decoding_map
=
buf
+
8
+
14
;
/* 14 bits of op data */
video_data_size
-=
s
->
decoding_map_size
+
14
;
video_data_size
-=
s
->
decoding_map_size
+
14
;
if
(
buf_size
<
8
+
s
->
decoding_map_size
+
14
+
video_data_size
)
return
AVERROR_INVALIDDATA
;
bytestream2_init
(
&
s
->
stream_ptr
,
buf
+
8
+
s
->
decoding_map_size
+
14
,
video_data_size
);
bytestream2_init
(
&
s
->
stream_ptr
,
buf
+
8
+
s
->
decoding_map_size
+
14
,
video_data_size
);
break
;
break
;
...
@@ -1253,6 +1257,9 @@ static int ipvideo_decode_frame(AVCodecContext *avctx,
...
@@ -1253,6 +1257,9 @@ static int ipvideo_decode_frame(AVCodecContext *avctx,
return
AVERROR_INVALIDDATA
;
return
AVERROR_INVALIDDATA
;
}
}
if
(
buf_size
<
8
+
video_data_size
+
s
->
decoding_map_size
+
s
->
skip_map_size
)
return
AVERROR_INVALIDDATA
;
bytestream2_init
(
&
s
->
stream_ptr
,
buf
+
8
,
video_data_size
);
bytestream2_init
(
&
s
->
stream_ptr
,
buf
+
8
,
video_data_size
);
s
->
decoding_map
=
buf
+
8
+
video_data_size
;
s
->
decoding_map
=
buf
+
8
+
video_data_size
;
s
->
skip_map
=
buf
+
8
+
video_data_size
+
s
->
decoding_map_size
;
s
->
skip_map
=
buf
+
8
+
video_data_size
+
s
->
decoding_map_size
;
...
@@ -1270,6 +1277,9 @@ static int ipvideo_decode_frame(AVCodecContext *avctx,
...
@@ -1270,6 +1277,9 @@ static int ipvideo_decode_frame(AVCodecContext *avctx,
return
AVERROR_INVALIDDATA
;
return
AVERROR_INVALIDDATA
;
}
}
if
(
buf_size
<
8
+
video_data_size
+
s
->
decoding_map_size
)
return
AVERROR_INVALIDDATA
;
bytestream2_init
(
&
s
->
stream_ptr
,
buf
+
8
,
video_data_size
);
bytestream2_init
(
&
s
->
stream_ptr
,
buf
+
8
,
video_data_size
);
s
->
decoding_map
=
buf
+
8
+
video_data_size
;
s
->
decoding_map
=
buf
+
8
+
video_data_size
;
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment