GetBitContext gb;
AVDiracSeqHeader seq;
int seen_sequence_header;
- int frame_number; /* number of the next frame to display */
+ int64_t frame_number; /* number of the next frame to display */
Plane plane[3];
int chroma_x_shift;
int chroma_y_shift;
for (slice_x = 0; bufsize > 0 && slice_x < s->num_x; slice_x++) {
bytes = (slice_num+1) * (int64_t)s->lowdelay.bytes.num / s->lowdelay.bytes.den
- slice_num * (int64_t)s->lowdelay.bytes.num / s->lowdelay.bytes.den;
+ if (bytes >= INT_MAX || bytes*8 > bufsize) {
+ av_log(s->avctx, AV_LOG_ERROR, "too many bytes\n");
+ return AVERROR_INVALIDDATA;
+ }
slices[slice_num].bytes = bytes;
slices[slice_num].slice_x = slice_x;
slices[slice_num].slice_y = slice_y;
else {
s->num_x = get_interleaved_ue_golomb(gb);
s->num_y = get_interleaved_ue_golomb(gb);
- if (s->num_x * s->num_y == 0 || s->num_x * (uint64_t)s->num_y > INT_MAX) {
+ if (s->num_x * s->num_y == 0 || s->num_x * (uint64_t)s->num_y > INT_MAX ||
+ s->num_x * (uint64_t)s->avctx->width > INT_MAX ||
+ s->num_y * (uint64_t)s->avctx->height > INT_MAX
+ ) {
av_log(s->avctx,AV_LOG_ERROR,"Invalid numx/y\n");
s->num_x = s->num_y = 0;
return AVERROR_INVALIDDATA;
int *c = s->globalmc[ref].perspective;
int m = (1<<ep) - (c[0]*x + c[1]*y);
- int64_t mx = m * (int64_t)((A[0][0] * x + A[0][1]*y) + (1<<ez) * b[0]);
- int64_t my = m * (int64_t)((A[1][0] * x + A[1][1]*y) + (1<<ez) * b[1]);
+ int64_t mx = m * (int64_t)((A[0][0] * (int64_t)x + A[0][1]*(int64_t)y) + (1<<ez) * b[0]);
+ int64_t my = m * (int64_t)((A[1][0] * (int64_t)x + A[1][1]*(int64_t)y) + (1<<ez) * b[1]);
block->u.mv[ref][0] = (mx + (1<<(ez+ep))) >> (ez+ep);
block->u.mv[ref][1] = (my + (1<<(ez+ep))) >> (ez+ep);
}
if (*got_frame)
- s->frame_number = picture->display_picture_number + 1;
+ s->frame_number = picture->display_picture_number + 1LL;
return buf_idx;
}
projects / ffmpeg / blobdiff