RepoMirrors/ffmpeg
1
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2025-02-26 08:41:38 +00:00
Code Issues Projects Releases Wiki Activity

rv10: check size of s->mb_width * s->mb_height

Browse Source 
If it doesn't fit into 12 bits it triggers an assertion.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
This commit is contained in:
Andreas Cadhalpun 2015-03-03 21:31:15 +01:00 committed by Vittorio Giovara
parent c17da32ba2
commit ded9931d16
3 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libavcodec/mpegvideo.h
View File

@ -897,7 +897,7 @@ int ff_h261_get_picture_format(int width, int height);
/* rv10.c */
void ff_rv10_encode_picture_header(MpegEncContext *s, int picture_number);
int ff_rv10_encode_picture_header(MpegEncContext *s, int picture_number);
int ff_rv_decode_dc(MpegEncContext *s, int n);
void ff_rv20_encode_picture_header(MpegEncContext *s, int picture_number);

7
libavcodec/mpegvideo_enc.c
View File

@ -3295,8 +3295,11 @@ static int encode_picture(MpegEncContext *s, int picture_number)
ff_msmpeg4_encode_picture_header(s, picture_number);
else if (CONFIG_MPEG4_ENCODER && s->h263_pred)
ff_mpeg4_encode_picture_header(s, picture_number);
else if (CONFIG_RV10_ENCODER && s->codec_id == AV_CODEC_ID_RV10)
ff_rv10_encode_picture_header(s, picture_number);
else if (CONFIG_RV10_ENCODER && s->codec_id == AV_CODEC_ID_RV10) {
ret = ff_rv10_encode_picture_header(s, picture_number);
if (ret < 0)
return ret;
}
else if (CONFIG_RV20_ENCODER && s->codec_id == AV_CODEC_ID_RV20)
ff_rv20_encode_picture_header(s, picture_number);
else if (CONFIG_FLV_ENCODER && s->codec_id == AV_CODEC_ID_FLV1)

7
libavcodec/rv10enc.c
View File

@ -28,7 +28,7 @@
#include "mpegvideo.h"
#include "put_bits.h"
void ff_rv10_encode_picture_header(MpegEncContext *s, int picture_number)
int ff_rv10_encode_picture_header(MpegEncContext *s, int picture_number)
{
int full_frame= 0;
@ -48,12 +48,17 @@ void ff_rv10_encode_picture_header(MpegEncContext *s, int picture_number)
/* if multiple packets per frame are sent, the position at which
to display the macroblocks is coded here */
if(!full_frame){
if (s->mb_width * s->mb_height >= (1U << 12)) {
av_log_missing_feature(s->avctx, "Encoding frames with 4096 macroblocks or more", 0);
return AVERROR(ENOSYS);
}
put_bits(&s->pb, 6, 0); /* mb_x */
put_bits(&s->pb, 6, 0); /* mb_y */
put_bits(&s->pb, 12, s->mb_width * s->mb_height);
}
put_bits(&s->pb, 3, 0); /* ignored */
return 0;
}
FF_MPV_GENERIC_CLASS(rv10)