* Electronic Arts TGV Video Decoder
* Copyright (c) 2007-2008 Peter Ross
*
- * This file is part of Libav.
+ * This file is part of FFmpeg.
*
- * Libav is free software; you can redistribute it and/or
+ * FFmpeg is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
- * Libav is distributed in the hope that it will be useful,
+ * FFmpeg is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
- * License along with Libav; if not, write to the Free Software
+ * License along with FFmpeg; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
s->avctx = avctx;
avctx->time_base = (AVRational){1, 15};
avctx->pix_fmt = PIX_FMT_PAL8;
+ avcodec_get_frame_defaults(&s->frame);
+ avcodec_get_frame_defaults(&s->last_frame);
return 0;
}
else
src += 2;
- if (src+3>src_end)
+ if (src_end - src < 3)
return -1;
size = AV_RB24(src);
src += 3;
int mvbits;
const unsigned char *blocks_raw;
- if(buf+12>buf_end)
+ if(buf_end - buf < 12)
return -1;
num_mvs = AV_RL16(&buf[0]);
vector_bits = AV_RL16(&buf[6]);
buf += 12;
+ if (vector_bits > MIN_CACHE_BITS || !vector_bits) {
+ av_log(s->avctx, AV_LOG_ERROR,
+ "Invalid value for motion vector bits: %d\n", vector_bits);
+ return AVERROR_INVALIDDATA;
+ }
+
/* allocate codebook buffers as necessary */
if (num_mvs > s->num_mvs) {
s->mv_codebook = av_realloc(s->mv_codebook, num_mvs*2*sizeof(int));
/* read motion vectors */
mvbits = (num_mvs*2*10+31) & ~31;
- if (buf+(mvbits>>3)+16*num_blocks_raw+8*num_blocks_packed>buf_end)
+ if (buf_end - buf < (mvbits>>3)+16*num_blocks_raw+8*num_blocks_packed)
return -1;
init_get_bits(&gb, buf, mvbits);
int my = y * 4 + s->mv_codebook[vector][1];
if ( mx < 0 || mx + 4 > s->avctx->width
- || my < 0 || my + 4 > s->avctx->height)
+ || my < 0 || my + 4 > s->avctx->height) {
+ av_log(s->avctx, AV_LOG_ERROR, "MV %d %d out of picture\n", mx, my);
continue;
+ }
src = s->last_frame.data[0] + mx + my * s->last_frame.linesize[0];
src_stride = s->last_frame.linesize[0];
const uint8_t *buf_end = buf + buf_size;
int chunk_type;
+ if (buf_end - buf < EA_PREAMBLE_SIZE)
+ return AVERROR_INVALIDDATA;
+
chunk_type = AV_RL32(&buf[0]);
buf += EA_PREAMBLE_SIZE;
if (chunk_type==kVGT_TAG) {
int pal_count, i;
- if(buf+12>buf_end) {
+ if(buf_end - buf < 12) {
av_log(avctx, AV_LOG_WARNING, "truncated header\n");
return -1;
}
pal_count = AV_RL16(&buf[6]);
buf += 12;
- for(i=0; i<pal_count && i<AVPALETTE_COUNT && buf+2<buf_end; i++) {
- s->palette[i] = AV_RB24(buf);
+ for(i=0; i<pal_count && i<AVPALETTE_COUNT && buf_end - buf >= 3; i++) {
+ s->palette[i] = 0xFF << 24 | AV_RB24(buf);
buf += 3;
}
}
/* shuffle */
FFSWAP(AVFrame, s->frame, s->last_frame);
if (!s->frame.data[0]) {
- s->frame.reference = 1;
+ s->frame.reference = 3;
s->frame.buffer_hints = FF_BUFFER_HINTS_VALID;
s->frame.linesize[0] = s->width;
projects / ffmpeg / blobdiff