[FFmpeg-devel] VP6 issues in Swfdec
Benoit Fouet
benoit.fouet
Wed Sep 5 14:06:23 CEST 2007
Hi,
Benjamin Otte wrote:
> Hi,
>
>
[snip]
> Index: libavcodec/vp6.c
> ===================================================================
> --- libavcodec/vp6.c (revision 10398)
> +++ libavcodec/vp6.c (working copy)
> @@ -131,6 +131,10 @@
> "alternative entropy decoding not supported\n");
>
> if (coeff_offset) {
> + if (coeff_offset > buf_size) {
> + av_log(s->avctx, AV_LOG_ERROR, "coeff_offset invalid\n");
> + return 0;
> + }
>
tabs are forbidden in ffmpeg svn
> vp56_init_range_decoder(&s->cc, buf+coeff_offset,
> buf_size-coeff_offset);
> s->ccp = &s->cc;
>
> ------------------------------------------------------------------------
>
> Index: libavcodec/imgresample.c
> ===================================================================
> --- libavcodec/imgresample.c (revision 10398)
> +++ libavcodec/imgresample.c (working copy)
> @@ -647,6 +647,8 @@
> ctx->av_class = av_mallocz(sizeof(AVClass));
> if (!ctx || !ctx->av_class) {
> av_log(NULL, AV_LOG_ERROR, "Cannot allocate a resampling context!\n");
> + if (ctx)
> + av_free(ctx);
>
ditto
>
> return NULL;
> }
>
> ------------------------------------------------------------------------
>
> Index: libavcodec/vp56.h
> ===================================================================
> --- libavcodec/vp56.h (revision 10398)
> +++ libavcodec/vp56.h (working copy)
> @@ -50,6 +50,7 @@
> int high;
> int bits;
> uint8_t *buffer;
> + int buf_size;
> unsigned long code_word;
> } vp56_range_coder_t;
>
> @@ -164,16 +165,21 @@
> * vp56 specific range coder implementation
> */
>
> -static inline void vp56_init_range_decoder(vp56_range_coder_t *c,
> +static void vp56_init_range_decoder(vp56_range_coder_t *c,
>
why did you remove the inlining ?
> uint8_t *buf, int buf_size)
> {
> c->high = 255;
> c->bits = 8;
> c->buffer = buf;
> - c->code_word = bytestream_get_be16(&c->buffer);
> + if (buf_size < 2) {
> + c->buf_size = 0;
> + } else {
> + c->buf_size = buf_size - 2;
> + c->code_word = bytestream_get_be16(&c->buffer);
> + }
>
more tabs
> }
>
> -static inline int vp56_rac_get_prob(vp56_range_coder_t *c, uint8_t prob)
> +static int vp56_rac_get_prob(vp56_range_coder_t *c, uint8_t prob)
>
inline ?
> {
> unsigned int low = 1 + (((c->high - 1) * prob) / 256);
> unsigned int low_shift = low << 8;
> @@ -192,13 +198,16 @@
> c->code_word <<= 1;
> if (--c->bits == 0) {
> c->bits = 8;
> - c->code_word |= *c->buffer++;
> + if (c->buf_size == 0)
> + return 0;
> + c->code_word |= *c->buffer++;
> + c->buf_size--;
>
tabs
and same applies to the remaining of this patch
--
Ben
Purple Labs S.A.
www.purplelabs.com
More information about the ffmpeg-devel
mailing list