#include "avcodec.h"
#include "bytestream.h"
+#include "libavutil/avassert.h"
enum BMVFlags{
BMV_NOP = 0,
static int decode_bmv_frame(const uint8_t *source, int src_len, uint8_t *frame, int frame_off)
{
- int val, saved_val = 0;
+ unsigned val, saved_val = 0;
int tmplen = src_len;
const uint8_t *src, *source_end = source + src_len;
uint8_t *frame_end = frame + SCREEN_WIDE * SCREEN_HIGH;
}
if (!(val & 0xC)) {
for (;;) {
+ if(shift>22)
+ return -1;
if (!read_two_nibbles) {
if (src < source || src >= source_end)
return -1;
}
advance_mode = val & 1;
len = (val >> 1) - 1;
+ av_assert0(len>0);
mode += 1 + advance_mode;
if (mode >= 4)
mode -= 3;
case 1:
if (forward) {
if (dst - frame + SCREEN_WIDE < frame_off ||
- frame_end - dst < frame_off + len)
+ dst - frame + SCREEN_WIDE + frame_off < 0 ||
+ frame_end - dst < frame_off + len ||
+ frame_end - dst < len)
return -1;
for (i = 0; i < len; i++)
dst[i] = dst[frame_off + i];
} else {
dst -= len;
if (dst - frame + SCREEN_WIDE < frame_off ||
- frame_end - dst < frame_off + len)
+ dst - frame + SCREEN_WIDE + frame_off < 0 ||
+ frame_end - dst < frame_off + len ||
+ frame_end - dst < len)
return -1;
for (i = len - 1; i >= 0; i--)
dst[i] = dst[frame_off + i];
.init = decode_init,
.close = decode_end,
.decode = decode_frame,
+ .capabilities = CODEC_CAP_DR1,
.long_name = NULL_IF_CONFIG_SMALL("Discworld II BMV video"),
};
projects / ffmpeg / blobdiff