h264: rewrite has_b_frame calculation code,

[ffmpeg] / libavcodec / eacmv.c

diff --git a/libavcodec/eacmv.c b/libavcodec/eacmv.c
index 76de9c981000e2bab8e5c38ad1bb3d5a271c80f2..8a8d6a9cef31d64286bb1143a71351a4a5709a21 100644 (file)
--- a/libavcodec/eacmv.c
+++ b/libavcodec/eacmv.c
@@ -56,7 +56,7 @@ static void cmv_decode_intra(CmvContext * s, const uint8_t *buf, const uint8_t *
     unsigned char *dst = s->frame.data[0];
     int i;
 
-    for (i=0; i < s->avctx->height && buf+s->avctx->width<=buf_end; i++) {
+    for (i=0; i < s->avctx->height && buf_end - buf >= s->avctx->width; i++) {
         memcpy(dst, buf, s->avctx->width);
         dst += s->frame.linesize[0];
         buf += s->avctx->width;
@@ -88,7 +88,7 @@ static void cmv_decode_inter(CmvContext * s, const uint8_t *buf, const uint8_t *
 
     i = 0;
     for(y=0; y<s->avctx->height/4; y++)
-    for(x=0; x<s->avctx->width/4 && buf+i<buf_end; x++) {
+    for(x=0; x<s->avctx->width/4 && buf_end - buf > i; x++) {
         if (buf[i]==0xFF) {
             unsigned char *dst = s->frame.data[0] + (y*4)*s->frame.linesize[0] + x*4;
             if (raw+16<buf_end && *raw==0xFF) { /* intra */
@@ -110,9 +110,10 @@ static void cmv_decode_inter(CmvContext * s, const uint8_t *buf, const uint8_t *
         }else{  /* inter using last frame as reference */
             int xoffset = (buf[i] & 0xF) - 7;
             int yoffset = ((buf[i] >> 4)) - 7;
-            cmv_motcomp(s->frame.data[0], s->frame.linesize[0],
-                      s->last_frame.data[0], s->last_frame.linesize[0],
-                      x*4, y*4, xoffset, yoffset, s->avctx->width, s->avctx->height);
+            if (s->last_frame.data[0])
+                cmv_motcomp(s->frame.data[0], s->frame.linesize[0],
+                          s->last_frame.data[0], s->last_frame.linesize[0],
+                          x*4, y*4, xoffset, yoffset, s->avctx->width, s->avctx->height);
         }
         i++;
     }
@@ -122,7 +123,7 @@ static void cmv_process_header(CmvContext *s, const uint8_t *buf, const uint8_t
 {
     int pal_start, pal_count, i;
 
-    if(buf+16>=buf_end) {
+    if(buf_end - buf < 16) {
         av_log(s->avctx, AV_LOG_WARNING, "truncated header\n");
         return;
     }
@@ -139,8 +140,8 @@ static void cmv_process_header(CmvContext *s, const uint8_t *buf, const uint8_t
     pal_count = AV_RL16(&buf[14]);
 
     buf += 16;
-    for (i=pal_start; i<pal_start+pal_count && i<AVPALETTE_COUNT && buf+2<buf_end; i++) {
-        s->palette[i] = AV_RB24(buf);
+    for (i=pal_start; i<pal_start+pal_count && i<AVPALETTE_COUNT && buf_end - buf >= 3; i++) {
+        s->palette[i] = 0xFF << 24 | AV_RB24(buf);
         buf += 3;
     }
 }
@@ -157,6 +158,9 @@ static int cmv_decode_frame(AVCodecContext *avctx,
     CmvContext *s = avctx->priv_data;
     const uint8_t *buf_end = buf + buf_size;
 
+    if (buf_end - buf < EA_PREAMBLE_SIZE)
+        return AVERROR_INVALIDDATA;
+
     if (AV_RL32(buf)==MVIh_TAG||AV_RB32(buf)==MVIh_TAG) {
         cmv_process_header(s, buf+EA_PREAMBLE_SIZE, buf_end);
         return buf_size;
@@ -171,8 +175,10 @@ static int cmv_decode_frame(AVCodecContext *avctx,
     FFSWAP(AVFrame, s->last_frame, s->last2_frame);
     FFSWAP(AVFrame, s->frame, s->last_frame);
 
-    s->frame.reference = 1;
-    s->frame.buffer_hints = FF_BUFFER_HINTS_VALID;
+    s->frame.reference = 3;
+    s->frame.buffer_hints = FF_BUFFER_HINTS_VALID |
+                            FF_BUFFER_HINTS_READABLE |
+                            FF_BUFFER_HINTS_PRESERVE;
     if (avctx->get_buffer(avctx, &s->frame)<0) {
         av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n");
         return -1;