mirror of
https://git.ffmpeg.org/ffmpeg.git
synced 2025-01-08 16:19:33 +00:00
avcodec/mscc: move frame allocates to later
Fixes: Timeout Fixes: 66964/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SRGC_fuzzer-5413170363564032 Fixes: 69373/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSCC_fuzzer-5239787748392960 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
parent
b248dace92
commit
664fbfb9ac
@ -149,28 +149,6 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
|
|||||||
if (avpkt->size < 3)
|
if (avpkt->size < 3)
|
||||||
return buf_size;
|
return buf_size;
|
||||||
|
|
||||||
if ((ret = ff_get_buffer(avctx, frame, 0)) < 0)
|
|
||||||
return ret;
|
|
||||||
|
|
||||||
if (avctx->pix_fmt == AV_PIX_FMT_PAL8) {
|
|
||||||
size_t size;
|
|
||||||
const uint8_t *pal = av_packet_get_side_data(avpkt, AV_PKT_DATA_PALETTE, &size);
|
|
||||||
|
|
||||||
if (pal && size == AVPALETTE_SIZE) {
|
|
||||||
#if FF_API_PALETTE_HAS_CHANGED
|
|
||||||
FF_DISABLE_DEPRECATION_WARNINGS
|
|
||||||
frame->palette_has_changed = 1;
|
|
||||||
FF_ENABLE_DEPRECATION_WARNINGS
|
|
||||||
#endif
|
|
||||||
for (j = 0; j < 256; j++)
|
|
||||||
s->pal[j] = 0xFF000000 | AV_RL32(pal + j * 4);
|
|
||||||
} else if (pal) {
|
|
||||||
av_log(avctx, AV_LOG_ERROR,
|
|
||||||
"Palette size %"SIZE_SPECIFIER" is wrong\n", size);
|
|
||||||
}
|
|
||||||
memcpy(frame->data[1], s->pal, AVPALETTE_SIZE);
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = inflateReset(zstream);
|
ret = inflateReset(zstream);
|
||||||
if (ret != Z_OK) {
|
if (ret != Z_OK) {
|
||||||
av_log(avctx, AV_LOG_ERROR, "Inflate reset error: %d\n", ret);
|
av_log(avctx, AV_LOG_ERROR, "Inflate reset error: %d\n", ret);
|
||||||
@ -198,6 +176,27 @@ inflate_error:
|
|||||||
av_log(avctx, AV_LOG_ERROR, "Inflate error: %d\n", ret);
|
av_log(avctx, AV_LOG_ERROR, "Inflate error: %d\n", ret);
|
||||||
return AVERROR_UNKNOWN;
|
return AVERROR_UNKNOWN;
|
||||||
}
|
}
|
||||||
|
if ((ret = ff_get_buffer(avctx, frame, 0)) < 0)
|
||||||
|
return ret;
|
||||||
|
|
||||||
|
if (avctx->pix_fmt == AV_PIX_FMT_PAL8) {
|
||||||
|
size_t size;
|
||||||
|
const uint8_t *pal = av_packet_get_side_data(avpkt, AV_PKT_DATA_PALETTE, &size);
|
||||||
|
|
||||||
|
if (pal && size == AVPALETTE_SIZE) {
|
||||||
|
#if FF_API_PALETTE_HAS_CHANGED
|
||||||
|
FF_DISABLE_DEPRECATION_WARNINGS
|
||||||
|
frame->palette_has_changed = 1;
|
||||||
|
FF_ENABLE_DEPRECATION_WARNINGS
|
||||||
|
#endif
|
||||||
|
for (j = 0; j < 256; j++)
|
||||||
|
s->pal[j] = 0xFF000000 | AV_RL32(pal + j * 4);
|
||||||
|
} else if (pal) {
|
||||||
|
av_log(avctx, AV_LOG_ERROR,
|
||||||
|
"Palette size %"SIZE_SPECIFIER" is wrong\n", size);
|
||||||
|
}
|
||||||
|
memcpy(frame->data[1], s->pal, AVPALETTE_SIZE);
|
||||||
|
}
|
||||||
|
|
||||||
bytestream2_init(&gb, s->decomp_buf, zstream->total_out);
|
bytestream2_init(&gb, s->decomp_buf, zstream->total_out);
|
||||||
bytestream2_init_writer(&pb, s->uncomp_buf, s->uncomp_size);
|
bytestream2_init_writer(&pb, s->uncomp_buf, s->uncomp_size);
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user