[FFmpeg-cvslog] svq1dec: update w/h only if the header is successfully parsed.

Michael Niedermayer git at videolan.org
Sat Dec 1 20:21:27 CET 2012


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Sat Dec  1 19:16:19 2012 +0100| [7389bb12e6b3ec3660592fde370d9dd4fe816d2b] | committer: Michael Niedermayer

svq1dec: update w/h only if the header is successfully parsed.

Prevents inconsistency and out of array accesses.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7389bb12e6b3ec3660592fde370d9dd4fe816d2b
---

 libavcodec/svq1dec.c |   14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/libavcodec/svq1dec.c b/libavcodec/svq1dec.c
index e231eac..27e9606 100644
--- a/libavcodec/svq1dec.c
+++ b/libavcodec/svq1dec.c
@@ -505,6 +505,8 @@ static void svq1_parse_string(GetBitContext *bitbuf, uint8_t *out)
 static int svq1_decode_frame_header(GetBitContext *bitbuf, MpegEncContext *s)
 {
     int frame_size_code;
+    int width  = s->width;
+    int height = s->height;
 
     skip_bits(bitbuf, 8); /* temporal_reference */
 
@@ -544,15 +546,15 @@ static int svq1_decode_frame_header(GetBitContext *bitbuf, MpegEncContext *s)
 
         if (frame_size_code == 7) {
             /* load width, height (12 bits each) */
-            s->width  = get_bits(bitbuf, 12);
-            s->height = get_bits(bitbuf, 12);
+            width  = get_bits(bitbuf, 12);
+            height = get_bits(bitbuf, 12);
 
-            if (!s->width || !s->height)
+            if (!width || !height)
                 return AVERROR_INVALIDDATA;
         } else {
             /* get width, height from table */
-            s->width  = ff_svq1_frame_size_table[frame_size_code].width;
-            s->height = ff_svq1_frame_size_table[frame_size_code].height;
+            width  = ff_svq1_frame_size_table[frame_size_code].width;
+            height = ff_svq1_frame_size_table[frame_size_code].height;
         }
     }
 
@@ -575,6 +577,8 @@ static int svq1_decode_frame_header(GetBitContext *bitbuf, MpegEncContext *s)
             skip_bits(bitbuf, 8);
     }
 
+    s->width  = width;
+    s->height = height;
     return 0;
 }
 



More information about the ffmpeg-cvslog mailing list