RASCContext *s = avctx->priv_data;
uint8_t *dst = frame->data[0];
+ if (!dst)
+ return;
+
for (int y = 0; y < avctx->height; y++) {
memset(dst, 0, avctx->width * s->bpp);
dst += frame->linesize[0];
int ret;
av_frame_unref(s->frame1);
+ av_frame_unref(s->frame2);
if ((ret = ff_get_buffer(avctx, s->frame1, 0)) < 0)
return ret;
- av_frame_unref(s->frame2);
if ((ret = ff_get_buffer(avctx, s->frame2, 0)) < 0)
return ret;
}
static int decode_fint(AVCodecContext *avctx,
- AVPacket *avpkt, unsigned size)
+ const AVPacket *avpkt, unsigned size)
{
RASCContext *s = avctx->priv_data;
GetByteContext *gb = &s->gb;
clear_plane(avctx, s->frame1);
return 0;
}
+ if (bytestream2_get_bytes_left(gb) < 72)
+ return AVERROR_INVALIDDATA;
bytestream2_skip(gb, 8);
w = bytestream2_get_le32(gb);
return 0;
}
-static int decode_zlib(AVCodecContext *avctx, AVPacket *avpkt,
+static int decode_zlib(AVCodecContext *avctx, const AVPacket *avpkt,
unsigned size, unsigned uncompressed_size)
{
RASCContext *s = avctx->priv_data;
}
static int decode_move(AVCodecContext *avctx,
- AVPacket *avpkt, unsigned size)
+ const AVPacket *avpkt, unsigned size)
{
RASCContext *s = avctx->priv_data;
GetByteContext *gb = &s->gb;
bytestream2_skip(gb, 8);
compression = bytestream2_get_le32(gb);
- if (nb_moves > INT32_MAX / 16)
+ if (nb_moves > INT32_MAX / 16 || nb_moves > avctx->width * avctx->height)
return AVERROR_INVALIDDATA;
uncompressed_size = 16 * nb_moves;
if (!s->frame2->data[0] || !s->frame1->data[0])
return AVERROR_INVALIDDATA;
- b1 = s->frame1->data[0] + s->frame1->linesize[0] * (start_y + h) + start_x * s->bpp;
- b2 = s->frame2->data[0] + s->frame2->linesize[0] * (start_y + h) + start_x * s->bpp;
- e2 = s->frame2->data[0] + s->frame2->linesize[0] * (mov_y + h) + mov_x * s->bpp;
+ b1 = s->frame1->data[0] + s->frame1->linesize[0] * (start_y + h - 1) + start_x * s->bpp;
+ b2 = s->frame2->data[0] + s->frame2->linesize[0] * (start_y + h - 1) + start_x * s->bpp;
+ e2 = s->frame2->data[0] + s->frame2->linesize[0] * (mov_y + h - 1) + mov_x * s->bpp;
if (type == 2) {
for (int j = 0; j < h; j++) {
len--;
static int decode_dlta(AVCodecContext *avctx,
- AVPacket *avpkt, unsigned size)
+ const AVPacket *avpkt, unsigned size)
{
RASCContext *s = avctx->priv_data;
GetByteContext *gb = &s->gb;
compression = bytestream2_get_le32(gb);
if (compression == 1) {
+ if (w * h * s->bpp * 3 < uncompressed_size)
+ return AVERROR_INVALIDDATA;
ret = decode_zlib(avctx, avpkt, size, uncompressed_size);
if (ret < 0)
return ret;
}
static int decode_kfrm(AVCodecContext *avctx,
- AVPacket *avpkt, unsigned size)
+ const AVPacket *avpkt, unsigned size)
{
RASCContext *s = avctx->priv_data;
GetByteContext *gb = &s->gb;
}
static int decode_mous(AVCodecContext *avctx,
- AVPacket *avpkt, unsigned size)
+ const AVPacket *avpkt, unsigned size)
{
RASCContext *s = avctx->priv_data;
GetByteContext *gb = &s->gb;
}
static int decode_mpos(AVCodecContext *avctx,
- AVPacket *avpkt, unsigned size)
+ const AVPacket *avpkt, unsigned size)
{
RASCContext *s = avctx->priv_data;
GetByteContext *gb = &s->gb;
while (bytestream2_get_bytes_left(gb) > 0) {
unsigned type, size = 0;
+ if (bytestream2_get_bytes_left(gb) < 8)
+ return AVERROR_INVALIDDATA;
+
type = bytestream2_get_le32(gb);
if (type == KBND || type == BNDL) {
intra = type == KBND;
return ret;
}
- if ((ret = ff_get_buffer(avctx, s->frame, 0)) < 0)
- return ret;
-
if (!s->frame2->data[0] || !s->frame1->data[0])
return AVERROR_INVALIDDATA;
+ if ((ret = ff_get_buffer(avctx, s->frame, 0)) < 0)
+ return ret;
+
copy_plane(avctx, s->frame2, s->frame);
if (avctx->pix_fmt == AV_PIX_FMT_PAL8)
memcpy(s->frame->data[1], s->frame2->data[1], 1024);
.version = LIBAVUTIL_VERSION_INT,
};
-AVCodec ff_rasc_decoder = {
+const AVCodec ff_rasc_decoder = {
.name = "rasc",
.long_name = NULL_IF_CONFIG_SMALL("RemotelyAnywhere Screen Capture"),
.type = AVMEDIA_TYPE_VIDEO,