[FFmpeg-devel] [PATCH] VQA-highcolor (15 bit rgb555) decoder by Adam Iglewski

Tue Jan 14 21:38:41 CET 2014

On Tue, Jan 14, 2014 at 02:52:06AM +0100, Michael Niedermayer wrote:
> > +        avctx->pix_fmt = PIX_FMT_PAL8;
> 
> AV_PIX_FMT_*
> 
> also this patch doesnt work on big endian (yes i tested it)
 ------------------
> > +    frame_end = (uint16_t *)frame->data[0] + s->height * stride + s->width;
> 
> stride can be negative, which would break this code
 ------------------
> > +                    av_log(s->avctx, AV_LOG_ERROR, " unknown type in VPTR chunk (%d)\n",type);
> > +                    return;
> 
> this should return some error code like AVERROR_INVALIDDATA or AVERROR_PATCHWELCOME
 ------------------
> > +            if(pixels + s->vector_height * stride + blocks_done * block_inc > frame_end) {  
> 
> this can overflow, consider that the frame would be at  the end of
> the address space so pixels + some big number would return a small
> pointer
 ------------------
> > +                if (av_new_packet(pkt, chunk_size + wsvqa->vqfl_chunk_size))
> 
> the addition could overflow, allocating a too small packet
 ------------------
> > +                av_free(wsvqa->vqfl_chunk_data);
> 
> av_freep() is safer to ensure that no stale pointers remain
 ------------------

Thanks Michael,

I will look into fixing this.

Rl