return src - ssrc;
}
-static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPacket *avpkt)
+static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
+ AVPacket *avpkt)
{
const uint8_t *buf = avpkt->data;
int buf_size = avpkt->size;
src += 2;
chunks = AV_RB16(src); src += 2;
while(chunks--) {
+ if(buf_size - (src - buf) < 12) {
+ av_log(avctx, AV_LOG_ERROR, "Premature end of data!\n");
+ return -1;
+ }
dx = AV_RB16(src); src += 2;
dy = AV_RB16(src); src += 2;
w = AV_RB16(src); src += 2;
size_left = buf_size - (src - buf);
switch(enc) {
case MAGIC_WMVd: // cursor
+ if (w*(int64_t)h*c->bpp2 > INT_MAX/2 - 2) {
+ av_log(avctx, AV_LOG_ERROR, "dimensions too large\n");
+ return AVERROR_INVALIDDATA;
+ }
if(size_left < 2 + w * h * c->bpp2 * 2) {
av_log(avctx, AV_LOG_ERROR, "Premature end of data! (need %i got %i)\n", 2 + w * h * c->bpp2 * 2, size_left);
return -1;
put_cursor(outptr, c->pic.linesize[0], c, c->cur_x, c->cur_y);
}
}
- *data_size = sizeof(AVFrame);
+ *got_frame = 1;
*(AVFrame*)data = c->pic;
/* always report that the buffer was completely consumed */
projects / ffmpeg / blobdiff