[Ffmpeg-devel] [PATCH] ported SGI decoder to the new API

Michael Niedermayer michaelni
Thu Mar 29 19:01:18 CEST 2007


Hi

On Thu, Mar 29, 2007 at 06:54:19PM +0800, Xiaohui Sun wrote:
[...]
> +/**
> + * expand an RLE row into a channel
> + * @param buff input buffer
> + * @param optr output buffer
> + * @param chan_offset offsets into input buffer
> + * @param pixelstride pixel stride of input buffer
> + * @return Size of output in bytes
> + */
> +static int expand_rle_row(uint8_t *buf, unsigned char *optr,
> +        int chan_offset, int pixelstride)
> +{
> +    unsigned char pixel, count;
> +    int length = 0;
> +    optr += chan_offset;
> +
> +    while (1) {
> +        pixel = bytestream_get_byte(&buf);
> +        if (!(count = (pixel & 0x7f))) {
> +            return length;
> +        }
> +        if (pixel & 0x80) {
> +            while (count--) {
> +                *optr = bytestream_get_byte(&buf);
> +                length++;
> +                optr += pixelstride;
> +            }
> +        } else {
> +            pixel = bytestream_get_byte(&buf);
> +
> +            while (count--) {
> +                *optr = pixel;
> +                length++;
> +                optr += pixelstride;
> +            }
> +        }
> +    }
> +}

this code lacks checks against buffer overflows

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

it is not once nor twice but times without number that the same ideas make
their appearance in the world. -- Aristotle
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20070329/9c8a1d09/attachment.pgp>



More information about the ffmpeg-devel mailing list