fraps: check overread per sample instead of per line

[ffmpeg] / libavcodec / cinepak.c

diff --git a/libavcodec/cinepak.c b/libavcodec/cinepak.c
index d2e0c26ddcf2e6c42715c6943874f0c96bd9f810..b748f278efd822e9fe45d0f5a24b8dcfd13d9349 100644 (file)
--- a/libavcodec/cinepak.c
+++ b/libavcodec/cinepak.c
@@ -336,7 +336,8 @@ static int cinepak_decode (CinepakContext *s)
              * If the frame header is followed by the bytes FE 00 00 06 00 00 then
              * this is probably one of the two known files that have 6 extra bytes
              * after the frame header. Else, assume 2 extra bytes. */
-            if ((s->data[10] == 0xFE) &&
+            if (s->size >= 16 &&
+                (s->data[10] == 0xFE) &&
                 (s->data[11] == 0x00) &&
                 (s->data[12] == 0x00) &&
                 (s->data[13] == 0x06) &&
@@ -354,6 +355,8 @@ static int cinepak_decode (CinepakContext *s)
     if (num_strips > MAX_STRIPS)
         num_strips = MAX_STRIPS;
 
+    s->frame.key_frame = 0;
+
     for (i=0; i < num_strips; i++) {
         if ((s->data + 12) > eod)
             return -1;
@@ -364,6 +367,9 @@ static int cinepak_decode (CinepakContext *s)
         s->strips[i].y2 = y0 + AV_RB16 (&s->data[8]);
         s->strips[i].x2 = s->avctx->width;
 
+        if (s->strips[i].id == 0x10)
+            s->frame.key_frame = 1;
+
         strip_size = AV_RB24 (&s->data[1]) - 12;
         s->data   += 12;
         strip_size = ((s->data + strip_size) > eod) ? (eod - s->data) : strip_size;
@@ -421,7 +427,7 @@ static int cinepak_decode_frame(AVCodecContext *avctx,
     s->data = buf;
     s->size = buf_size;
 
-    s->frame.reference = 1;
+    s->frame.reference = 3;
     s->frame.buffer_hints = FF_BUFFER_HINTS_VALID | FF_BUFFER_HINTS_PRESERVE |
                             FF_BUFFER_HINTS_REUSABLE;
     if (avctx->reget_buffer(avctx, &s->frame)) {