RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

4xm: more thorought check for negative index and negative shift 

CC: libav-stable@libav.org
Bug-Id: CID 1087094
This commit is contained in:
Vittorio Giovara 2014-11-09 08:48:41 +01:00
parent c9c7d59b7d
commit 68a35473ed
1 changed files with 18 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
libavcodec/4xm.c
View File

@ -340,22 +340,29 @@ static inline void mcdc(uint16_t *dst, uint16_t *src, int log2w,
static int decode_p_block(FourXContext *f, uint16_t *dst, uint16_t *src,
int log2w, int log2h, int stride)
{
const int index = size2index[log2h][log2w];
const int h = 1 << log2h;
int code = get_vlc2(&f->gb,
block_type_vlc[1 - (f->version > 1)][index].table,
BLOCK_TYPE_VLC_BITS, 1);
uint16_t *start = f->last_frame_buffer;
uint16_t *end = start + stride * (f->avctx->height - h + 1) - (1 << log2w);
int ret;
int scale = 1;
int index, h, code, ret, scale = 1;
uint16_t *start, *end;
unsigned dc = 0;
if (code < 0 || code > 6 || log2w < 0)
if (log2h < 0 || log2w < 0)
return AVERROR_INVALIDDATA;
index = size2index[log2h][log2w];
if (index < 0)
return AVERROR_INVALIDDATA;
h = 1 << log2h;
code = get_vlc2(&f->gb, block_type_vlc[1 - (f->version > 1)][index].table,
BLOCK_TYPE_VLC_BITS, 1);
if (code < 0 || code > 6)
return AVERROR_INVALIDDATA;
start = f->last_frame_buffer;
end = start + stride * (f->avctx->height - h + 1) - (1 << log2w);
if (code == 1) {
log2h--;
if (--log2h < 0)
return AVERROR_INVALIDDATA;
if ((ret = decode_p_block(f, dst, src, log2w, log2h, stride)) < 0)
return ret;
return decode_p_block(f, dst + (stride << log2h),