[Ffmpeg-devel] Possible bug in bmp decoder

Reimar Doeffinger Reimar.Doeffinger
Mon Jan 29 14:52:05 CET 2007


Hello,
On Mon, Jan 29, 2007 at 02:18:47PM +0100, Michel Bardiaux wrote:
> Alex Beregszaszi wrote:
> >>...
> >>     switch(depth){
> >>     case 24:
> >>         for(i = 0; i < avctx->height; i++){
> >>             memcpy(ptr, buf, n);
> >>             buf += n;
> >>             ptr += linesize;
> >>         }
> >>         break;
> >>...
> >>
> >>Should it not be memcpy(ptr, buf, linesize) ?
> >
> >n probably means input linesize, while linesize is the output linesize.
> 
> Yes.
> 
> >I guess 24bit BMP doesnt stores the padding 1 byte.
> 
> Actually it does, see
> 
>     /* Line size in file multiple of 4 */
>     n = (avctx->width * (depth / 8) + 3) & ~3;
> 
> and that's why I am suspicious.

Neither is right, avctx->width * (depth >> 3) is the right value.
Though if avctx->get_buffer guarantees proper alignment of lines (which
I doubt) n would be fine too. linesize certainly isn't though (esp. note
that linesize can be < 0).

Greetings,
Reimar D?ffinger




More information about the ffmpeg-devel mailing list