RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge commit 'fc739b3eefa0b58d64e7661621da94a94dbc8a82' 

* commit 'fc739b3eefa0b58d64e7661621da94a94dbc8a82':
  xan: Only read within the data that actually was initialized

Conflicts:
	libavcodec/xan.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2013-09-30 01:21:30 +02:00
parent b6dfb82913 fc739b3eef
commit 7d7fb61e0d
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
libavcodec/xan.c
View File

@ -110,6 +110,7 @@ static int xan_huffman_decode(uint8_t *dest, int dest_len,
int ptr_len = src_len - 1 - byte*2;
uint8_t val = ival;
uint8_t *dest_end = dest + dest_len;
uint8_t *dest_start = dest;
GetBitContext gb;
if (ptr_len < 0)
@ -125,13 +126,13 @@ static int xan_huffman_decode(uint8_t *dest, int dest_len,
if (val < 0x16) {
if (dest >= dest_end)
return 0;
return dest_len;
*dest++ = val;
val = ival;
}
}
return 0;
return dest - dest_start;
}
/**
@ -291,7 +292,7 @@ static int xan_wc3_decode_frame(XanContext *s, AVFrame *frame)
uint8_t flag = 0;
int size = 0;
int motion_x, motion_y;
int x, y;
int x, y, ret;
uint8_t *opcode_buffer = s->buffer1;
uint8_t *opcode_buffer_end = s->buffer1 + s->buffer1_size;
@ -325,9 +326,10 @@ static int xan_wc3_decode_frame(XanContext *s, AVFrame *frame)
bytestream2_init(&vector_segment, s->buf + vector_offset, s->size - vector_offset);
imagedata_segment = s->buf + imagedata_offset;
if (xan_huffman_decode(opcode_buffer, opcode_buffer_size,
huffman_segment, s->size - huffman_offset) < 0)
if ((ret = xan_huffman_decode(opcode_buffer, opcode_buffer_size,
huffman_segment, s->size - huffman_offset)) < 0)
return AVERROR_INVALIDDATA;
opcode_buffer_end = opcode_buffer + ret;
if (imagedata_segment[0] == 2) {
xan_unpack(s->buffer2, s->buffer2_size,