Add a function rtsp_setup_output_streams for announcing the SDP

[ffmpeg] / libavformat / sierravmd.c

diff --git a/libavformat/sierravmd.c b/libavformat/sierravmd.c
index 52f05826d503a2bedf1d560f1925d09d240f7207..9d069fdff6632ba0c65973e65af9645957dfa9af 100644 (file)
--- a/libavformat/sierravmd.c
+++ b/libavformat/sierravmd.c
@@ -61,10 +61,17 @@ typedef struct VmdDemuxContext {
 
 static int vmd_probe(AVProbeData *p)
 {
+    int w, h;
+    if (p->buf_size < 16)
+        return 0;
     /* check if the first 2 bytes of the file contain the appropriate size
      * of a VMD header chunk */
     if (AV_RL16(&p->buf[0]) != VMD_HEADER_SIZE - 2)
         return 0;
+    w = AV_RL16(&p->buf[12]);
+    h = AV_RL16(&p->buf[14]);
+    if (!w || w > 2048 || !h || h > 2048)
+        return 0;
 
     /* only return half certainty since this check is a bit sketchy */
     return AVPROBE_SCORE_MAX / 2;
@@ -154,7 +161,7 @@ static int vmd_read_header(AVFormatContext *s,
     vmd->frame_table = NULL;
     sound_buffers = AV_RL16(&vmd->vmd_header[808]);
     raw_frame_table_size = vmd->frame_count * 6;
-    if(vmd->frame_count * vmd->frames_per_block  >= UINT_MAX / sizeof(vmd_frame)){
+    if(vmd->frame_count * vmd->frames_per_block >= UINT_MAX / sizeof(vmd_frame) - sound_buffers){
         av_log(s, AV_LOG_ERROR, "vmd->frame_count * vmd->frames_per_block too large\n");
         return -1;
     }