targa: fix potential buffer overreads

[ffmpeg] / libavcodec / cljr.c

diff --git a/libavcodec/cljr.c b/libavcodec/cljr.c
index bb8ae2c7b52c2085c6add713f6c365f5d766a523..36b6cbbb94a5dbacf6379b75a7c360925179d0e4 100644 (file)
--- a/libavcodec/cljr.c
+++ b/libavcodec/cljr.c
@@ -20,13 +20,13 @@
  */
 
 /**
- * @file cljr.c
+ * @file
  * Cirrus Logic AccuPak codec.
  */
 
 #include "avcodec.h"
 #include "dsputil.h"
-#include "bitstream.h"
+#include "get_bits.h"
 
 /* Disable the encoder. */
 #undef CONFIG_CLJR_ENCODER
@@ -42,8 +42,10 @@ typedef struct CLJRContext{
 
 static int decode_frame(AVCodecContext *avctx,
                         void *data, int *data_size,
-                        const uint8_t *buf, int buf_size)
+                        AVPacket *avpkt)
 {
+    const uint8_t *buf = avpkt->data;
+    int buf_size = avpkt->size;
     CLJRContext * const a = avctx->priv_data;
     AVFrame *picture = data;
     AVFrame * const p= (AVFrame*)&a->picture;
@@ -52,6 +54,11 @@ static int decode_frame(AVCodecContext *avctx,
     if(p->data[0])
         avctx->release_buffer(avctx, p);
 
+    if(buf_size/avctx->height < avctx->width) {
+        av_log(avctx, AV_LOG_ERROR, "Resolution larger than buffer size. Invalid header?\n");
+        return -1;
+    }
+
     p->reference= 0;
     if(avctx->get_buffer(avctx, p) < 0){
         av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n");
@@ -91,7 +98,6 @@ static int encode_frame(AVCodecContext *avctx, unsigned char *buf, int buf_size,
     AVFrame *pict = data;
     AVFrame * const p= (AVFrame*)&a->picture;
     int size;
-    int mb_x, mb_y;
 
     *p = *pict;
     p->pict_type= FF_I_TYPE;
@@ -134,9 +140,9 @@ static av_cold int encode_init(AVCodecContext *avctx){
 }
 #endif
 
-AVCodec cljr_decoder = {
+AVCodec ff_cljr_decoder = {
     "cljr",
-    CODEC_TYPE_VIDEO,
+    AVMEDIA_TYPE_VIDEO,
     CODEC_ID_CLJR,
     sizeof(CLJRContext),
     decode_init,
@@ -148,10 +154,10 @@ AVCodec cljr_decoder = {
 };
 
 #if CONFIG_CLJR_ENCODER
-AVCodec cljr_encoder = {
+AVCodec ff_cljr_encoder = {
     "cljr",
-    CODEC_TYPE_VIDEO,
-    CODEC_ID_cljr,
+    AVMEDIA_TYPE_VIDEO,
+    CODEC_ID_CLJR,
     sizeof(CLJRContext),
     encode_init,
     encode_frame,