}
align_get_bits(&s->gb);
b->coeff_data = s->gb.buffer + get_bits_count(&s->gb)/8;
- b->length = FFMIN(b->length, FFMAX(get_bits_left(&s->gb)/8, 0));
+ if (b->length > FFMAX(get_bits_left(&s->gb)/8, 0)) {
+ b->length = FFMAX(get_bits_left(&s->gb)/8, 0);
+ damaged_count ++;
+ }
skip_bits_long(&s->gb, b->length*8);
}
}
s->num_y = get_interleaved_ue_golomb(gb);
if (s->num_x * s->num_y == 0 || s->num_x * (uint64_t)s->num_y > INT_MAX ||
s->num_x * (uint64_t)s->avctx->width > INT_MAX ||
- s->num_y * (uint64_t)s->avctx->height > INT_MAX
+ s->num_y * (uint64_t)s->avctx->height > INT_MAX ||
+ s->num_x > s->avctx->width ||
+ s->num_y > s->avctx->height
) {
av_log(s->avctx,AV_LOG_ERROR,"Invalid numx/y\n");
s->num_x = s->num_y = 0;
int *b = s->globalmc[ref].pan_tilt;
int *c = s->globalmc[ref].perspective;
- int m = (1<<ep) - (c[0]*x + c[1]*y);
- int64_t mx = m * (int64_t)((A[0][0] * (int64_t)x + A[0][1]*(int64_t)y) + (1<<ez) * b[0]);
- int64_t my = m * (int64_t)((A[1][0] * (int64_t)x + A[1][1]*(int64_t)y) + (1<<ez) * b[1]);
+ int64_t m = (1<<ep) - (c[0]*(int64_t)x + c[1]*(int64_t)y);
+ int64_t mx = m * (int64_t)((A[0][0] * (int64_t)x + A[0][1]*(int64_t)y) + (1LL<<ez) * b[0]);
+ int64_t my = m * (int64_t)((A[1][0] * (int64_t)x + A[1][1]*(int64_t)y) + (1LL<<ez) * b[1]);
block->u.mv[ref][0] = (mx + (1<<(ez+ep))) >> (ez+ep);
block->u.mv[ref][1] = (my + (1<<(ez+ep))) >> (ez+ep);
}
}
+ for (i = 0; i < 4 + 2*s->num_refs; i++) {
+ if (arith[i].error)
+ return arith[i].error;
+ }
+
return 0;
}
projects / ffmpeg / blobdiff