while (bytestream2_get_bytes_left_p(pb) > 0 && bytestream2_get_bytes_left(gb) > 0) {
int tag = read_bits2(&bits, gb);
+ if (bytestream2_get_bytes_left(gb) < 1)
+ return AVERROR_INVALIDDATA;
if (tag == 0) {
bytestream2_put_byte(pb, bytestream2_get_byte(gb));
} else if (tag == 1) {
int len;
int b = bytestream2_get_byte(gb);
if (b == 0) {
- break;
+ return 0;
}
if (b != 0xFF) {
len = b;
lz_copy(pb, g2, off, len);
}
}
+ if (bytestream2_get_bytes_left_p(pb) > 0)
+ return AVERROR_INVALIDDATA;
return 0;
}
}
}
+ if (bytestream2_get_bytes_left_p(pb) > 0)
+ return AVERROR_INVALIDDATA;
+
return 0;
}
if (pal && pal_size == AVPALETTE_SIZE)
memcpy(gdv->pal, pal, AVPALETTE_SIZE);
+ if (compression < 2 && bytestream2_get_bytes_left(gb) < 256*3)
+ return AVERROR_INVALIDDATA;
rescale(gdv, gdv->frame, avctx->width, avctx->height,
!!(flags & 0x10), !!(flags & 0x20));
case 1:
memset(gdv->frame + PREAMBLE_SIZE, 0, gdv->frame_size - PREAMBLE_SIZE);
case 0:
- if (bytestream2_get_bytes_left(gb) < 256*3)
- return AVERROR_INVALIDDATA;
for (i = 0; i < 256; i++) {
unsigned r = bytestream2_get_byte(gb);
unsigned g = bytestream2_get_byte(gb);
projects / ffmpeg / blobdiff