avformat/argo_asf: fix enforcement of chunk count

[ffmpeg] / libavcodec / cinepak.c

diff --git a/libavcodec/cinepak.c b/libavcodec/cinepak.c
index d26c505222a7a8e3578afee3cc16be62619090af..9c5b254231b30cbd79208038b08ff49c14df4f95 100644 (file)
--- a/libavcodec/cinepak.c
+++ b/libavcodec/cinepak.c
@@ -323,6 +323,9 @@ static int cinepak_predecode_check (CinepakContext *s)
     num_strips  = AV_RB16 (&s->data[8]);
     encoded_buf_size = AV_RB24(&s->data[1]);
 
+    if (s->size < encoded_buf_size * (int64_t)(100 - s->avctx->discard_damaged_percentage) / 100)
+        return AVERROR_INVALIDDATA;
+
     /* if this is the first frame, check for deviant Sega FILM data */
     if (s->sega_film_skip_bytes == -1) {
         if (!encoded_buf_size) {
@@ -354,7 +357,7 @@ static int cinepak_predecode_check (CinepakContext *s)
         return AVERROR_INVALIDDATA;
 
     if (num_strips) {
-        uint8_t *data = s->data + 10 + s->sega_film_skip_bytes;
+        const uint8_t *data = s->data + 10 + s->sega_film_skip_bytes;
         int strip_size = AV_RB24 (data + 1);
         if (strip_size < 12 || strip_size > encoded_buf_size)
             return AVERROR_INVALIDDATA;
@@ -470,7 +473,7 @@ static int cinepak_decode_frame(AVCodecContext *avctx,
         return ret;
     }
 
-    if ((ret = ff_reget_buffer(avctx, s->frame)) < 0)
+    if ((ret = ff_reget_buffer(avctx, s->frame, 0)) < 0)
         return ret;
 
     if (s->palette_video) {