int size, offset, start = 0;
offset = bytestream2_get_le16(gb);
- if (offset > s->nb_blocks)
+ if (offset >= s->nb_blocks)
return AVERROR_INVALIDDATA;
size = bytestream2_get_le16(gb);
}
s->nb_blocks = s->xb * s->yb;
+ if (!s->nb_blocks)
+ return AVERROR_INVALIDDATA;
+
s->blocks = av_calloc(s->nb_blocks, sizeof(*s->blocks));
if (!s->blocks)
return AVERROR(ENOMEM);
s->bpp = avctx->bits_per_coded_sample >> 3;
s->buffer_size = avctx->width * avctx->height * 4;
s->pbuffer_size = avctx->width * avctx->height * 4;
- s->buffer = av_malloc(s->buffer_size);
- s->pbuffer = av_malloc(s->pbuffer_size);
+ s->buffer = av_mallocz(s->buffer_size);
+ s->pbuffer = av_mallocz(s->pbuffer_size);
if (!s->buffer || !s->pbuffer)
return AVERROR(ENOMEM);