return 0;
}
-static void read_table(AVFormatContext *s, uint32_t *table, uint32_t count)
+static int read_table(AVFormatContext *s, uint32_t *table, uint32_t count)
{
int i;
- for (i = 0; i < count; i++)
+ for (i = 0; i < count; i++) {
+ if (avio_feof(s->pb))
+ return AVERROR_INVALIDDATA;
table[i] = avio_rl32(s->pb);
+ }
avio_skip(s->pb, 4 * (FFALIGN(count, 512) - count));
+ return 0;
}
static int read_header(AVFormatContext *s)
p->start_offset = avio_rl32(pb);
p->max_video_blks = avio_rl32(pb);
p->max_audio_blks = avio_rl32(pb);
+
+ if (avio_feof(pb))
+ return AVERROR_INVALIDDATA;
+
if (p->buffer_size < 175 ||
p->max_audio_blks < 2 ||
p->max_video_blks < 1 ||
p->frame_blks > INT_MAX / sizeof(uint32_t))
return AVERROR_INVALIDDATA;
- p->blocks_count_table = av_mallocz(p->nb_frames *
+ p->blocks_count_table = av_malloc_array(p->nb_frames,
sizeof(*p->blocks_count_table));
- p->frames_offset_table = av_mallocz(p->nb_frames *
+ p->frames_offset_table = av_malloc_array(p->nb_frames,
sizeof(*p->frames_offset_table));
- p->blocks_offset_table = av_mallocz(p->frame_blks *
+ p->blocks_offset_table = av_malloc_array(p->frame_blks,
sizeof(*p->blocks_offset_table));
p->video_size = p->max_video_blks * p->buffer_size;
avio_seek(pb, p->buffer_size, SEEK_SET);
- read_table(s, p->blocks_count_table, p->nb_frames);
- read_table(s, p->frames_offset_table, p->nb_frames);
- read_table(s, p->blocks_offset_table, p->frame_blks);
+ ret = read_table(s, p->blocks_count_table, p->nb_frames);
+ if (ret < 0)
+ goto fail;
+ ret = read_table(s, p->frames_offset_table, p->nb_frames);
+ if (ret < 0)
+ goto fail;
+ ret = read_table(s, p->blocks_offset_table, p->frame_blks);
+ if (ret < 0)
+ goto fail;
p->got_audio = 0;
p->current_frame = 0;
PAFDemuxContext *p = s->priv_data;
AVIOContext *pb = s->pb;
uint32_t count, offset;
- int size, i;
+ int size, i, ret;
if (p->current_frame >= p->nb_frames)
return AVERROR_EOF;
return AVERROR_EOF;
if (p->got_audio) {
- if (av_new_packet(pkt, p->audio_size) < 0)
- return AVERROR(ENOMEM);
+ if ((ret = av_new_packet(pkt, p->audio_size)) < 0)
+ return ret;
memcpy(pkt->data, p->temp_audio_frame, p->audio_size);
pkt->duration = PAF_SOUND_SAMPLES * (p->audio_size / PAF_SOUND_FRAME_SIZE);
size = p->video_size - p->frames_offset_table[p->current_frame];
- if (av_new_packet(pkt, size) < 0)
- return AVERROR(ENOMEM);
+ if ((ret = av_new_packet(pkt, size)) < 0)
+ return ret;
pkt->stream_index = 0;
pkt->duration = 1;