[FFmpeg-cvslog] loco: check that there is data left after decoding a plane.
Anton Khirnov
git at videolan.org
Tue Feb 26 03:39:00 CET 2013
ffmpeg | branch: release/1.1 | Anton Khirnov <anton at khirnov.net> | Thu Feb 14 09:08:35 2013 +0100| [b786ddc0f2ead744364d9de2caa64723b52da965] | committer: Reinhard Tartler
loco: check that there is data left after decoding a plane.
CC:libav-stable at libav.org
(cherry picked from commit 067432c1c95882c7221e694f33d9f3bdbe46de7f)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b786ddc0f2ead744364d9de2caa64723b52da965
---
libavcodec/loco.c | 30 ++++++++++++++++++++++++++++++
1 file changed, 30 insertions(+)
diff --git a/libavcodec/loco.c b/libavcodec/loco.c
index 6f49992..f783636 100644
--- a/libavcodec/loco.c
+++ b/libavcodec/loco.c
@@ -181,43 +181,70 @@ static int decode_frame(AVCodecContext *avctx,
case LOCO_CYUY2: case LOCO_YUY2: case LOCO_UYVY:
decoded = loco_decode_plane(l, p->data[0], avctx->width, avctx->height,
p->linesize[0], buf, buf_size, 1);
+ if (decoded >= buf_size)
+ goto buf_too_small;
buf += decoded; buf_size -= decoded;
+
decoded = loco_decode_plane(l, p->data[1], avctx->width / 2, avctx->height,
p->linesize[1], buf, buf_size, 1);
+ if (decoded >= buf_size)
+ goto buf_too_small;
buf += decoded; buf_size -= decoded;
+
decoded = loco_decode_plane(l, p->data[2], avctx->width / 2, avctx->height,
p->linesize[2], buf, buf_size, 1);
break;
case LOCO_CYV12: case LOCO_YV12:
decoded = loco_decode_plane(l, p->data[0], avctx->width, avctx->height,
p->linesize[0], buf, buf_size, 1);
+ if (decoded >= buf_size)
+ goto buf_too_small;
buf += decoded; buf_size -= decoded;
+
decoded = loco_decode_plane(l, p->data[2], avctx->width / 2, avctx->height / 2,
p->linesize[2], buf, buf_size, 1);
+ if (decoded >= buf_size)
+ goto buf_too_small;
buf += decoded; buf_size -= decoded;
+
decoded = loco_decode_plane(l, p->data[1], avctx->width / 2, avctx->height / 2,
p->linesize[1], buf, buf_size, 1);
break;
case LOCO_CRGB: case LOCO_RGB:
decoded = loco_decode_plane(l, p->data[0] + p->linesize[0]*(avctx->height-1), avctx->width, avctx->height,
-p->linesize[0], buf, buf_size, 3);
+ if (decoded >= buf_size)
+ goto buf_too_small;
buf += decoded; buf_size -= decoded;
+
decoded = loco_decode_plane(l, p->data[0] + p->linesize[0]*(avctx->height-1) + 1, avctx->width, avctx->height,
-p->linesize[0], buf, buf_size, 3);
+ if (decoded >= buf_size)
+ goto buf_too_small;
buf += decoded; buf_size -= decoded;
+
decoded = loco_decode_plane(l, p->data[0] + p->linesize[0]*(avctx->height-1) + 2, avctx->width, avctx->height,
-p->linesize[0], buf, buf_size, 3);
break;
case LOCO_RGBA:
decoded = loco_decode_plane(l, p->data[0], avctx->width, avctx->height,
p->linesize[0], buf, buf_size, 4);
+ if (decoded >= buf_size)
+ goto buf_too_small;
buf += decoded; buf_size -= decoded;
+
decoded = loco_decode_plane(l, p->data[0] + 1, avctx->width, avctx->height,
p->linesize[0], buf, buf_size, 4);
+ if (decoded >= buf_size)
+ goto buf_too_small;
buf += decoded; buf_size -= decoded;
+
decoded = loco_decode_plane(l, p->data[0] + 2, avctx->width, avctx->height,
p->linesize[0], buf, buf_size, 4);
+ if (decoded >= buf_size)
+ goto buf_too_small;
buf += decoded; buf_size -= decoded;
+
decoded = loco_decode_plane(l, p->data[0] + 3, avctx->width, avctx->height,
p->linesize[0], buf, buf_size, 4);
break;
@@ -227,6 +254,9 @@ static int decode_frame(AVCodecContext *avctx,
*(AVFrame*)data = l->pic;
return buf_size;
+buf_too_small:
+ av_log(avctx, AV_LOG_ERROR, "Input data too small.\n");
+ return AVERROR(EINVAL);
}
static av_cold int decode_init(AVCodecContext *avctx){
More information about the ffmpeg-cvslog
mailing list