]> git.sesse.net Git - vlc/blobdiff - modules/codec/cinepak.c
projects / vlc / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Avoid integer overflow. Patch by Drew Yao.
[vlc] / modules / codec / cinepak.c
diff --git a/modules/codec/cinepak.c b/modules/codec/cinepak.c
index 8bad531df24964d102feb539f86213d9bf1240d9..97f52334996a39cb36c8375b1f76eea474e9834f 100644 (file)
--- a/modules/codec/cinepak.c
+++ b/modules/codec/cinepak.c
@@ -24,9 +24,13 @@
 /*****************************************************************************
  * Preamble
  *****************************************************************************/
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
 #include <vlc/vlc.h>
-#include <vlc/vout.h>
-#include <vlc/decoder.h>
+#include <vlc_vout.h>
+#include <vlc_codec.h>
 
 /*****************************************************************************
  * Module descriptor
@@ -225,9 +229,6 @@ static void CloseDecoder( vlc_object_t *p_this )
 #define GET4BYTES( p ) \
     GetDWBE( p ); p+= 4;
 
-#define FREE( p ) \
-    if( p ) free( p )
-
 static void cinepak_LoadCodebook( cinepak_codebook_t *p_codebook,
                                   uint8_t *p_data, int b_grayscale )
 {
@@ -277,7 +278,7 @@ static void cinepak_LoadCodebook( cinepak_codebook_t *p_codebook,
 
 static void cinepak_Getv4( cinepak_context_t *p_context,
                            int i_strip, int i_x, int i_y,
-                           int i_x2, int i_y2, uint8_t *p_data )
+                           uint8_t *p_data )
 {
     uint8_t i_index[4];
     int i,j;
@@ -324,7 +325,7 @@ static void cinepak_Getv4( cinepak_context_t *p_context,
 
 static void cinepak_Getv1( cinepak_context_t *p_context,
                            int i_strip, int i_x,  int i_y,
-                           int i_x2, int i_y2, uint8_t *p_data )
+                           uint8_t *p_data )
 {
     uint8_t i_index;
     int i,j;
@@ -396,7 +397,8 @@ static int cinepak_decode_frame( cinepak_context_t *p_context,
     i_height = GET2BYTES( p_data );
     i_frame_strips = GET2BYTES( p_data );
 
-    if( !i_frame_size || !i_width || !i_height )
+    if( !i_frame_size || !i_width || !i_height ||
+        i_width > 0xffff-3 || i_height > 0xffff-3)
     {
         /* Broken header */
         return( -1 );
@@ -409,7 +411,7 @@ static int cinepak_decode_frame( cinepak_context_t *p_context,
         int i;
         for( i = 0; i < 3; i++ )
         {
-            FREE( p_context->p_pix[i] );
+            free( p_context->p_pix[i] );
         }
 
         p_context->i_width = i_width;
@@ -458,7 +460,7 @@ static int cinepak_decode_frame( cinepak_context_t *p_context,
         i_strip_id   = GET2BYTES( p_data );
         i_strip_size = GET2BYTES( p_data );
         i_strip_size = __MIN( i_strip_size, i_length );
-        /* FIXME I don't really understand how it's work; */
+        /* FIXME I don't really understand how it works; */
         i_strip_y1  = i_strip_y2 + GET2BYTES( p_data );
         i_strip_x1  = GET2BYTES( p_data );
         i_strip_y2  = i_strip_y2 + GET2BYTES( p_data );
@@ -586,7 +588,6 @@ static int cinepak_decode_frame( cinepak_context_t *p_context,
                                            i_strip,
                                            i_strip_x1 + i_x,
                                            i_strip_y1 + i_y,
-                                           i_strip_x2, i_strip_y2,
                                            p_data );
                             p_data += 4;
                             i_chunk_size -= 4;
@@ -597,7 +598,6 @@ static int cinepak_decode_frame( cinepak_context_t *p_context,
                                            i_strip,
                                            i_strip_x1 + i_x,
                                            i_strip_y1 + i_y,
-                                           i_strip_x2, i_strip_y2,
                                            p_data );
                             p_data++;
                             i_chunk_size--;
@@ -645,7 +645,6 @@ static int cinepak_decode_frame( cinepak_context_t *p_context,
                                                i_strip,
                                                i_strip_x1 + i_x,
                                                i_strip_y1 + i_y,
-                                               i_strip_x2, i_strip_y2,
                                                p_data );
                                 p_data += 4;
                                 i_chunk_size -= 4;
@@ -657,7 +656,6 @@ static int cinepak_decode_frame( cinepak_context_t *p_context,
                                                i_strip,
                                                i_strip_x1 + i_x,
                                                i_strip_y1 + i_y,
-                                               i_strip_x2, i_strip_y2,
                                                p_data );
                                 p_data++;
                                 i_chunk_size--;
@@ -683,7 +681,6 @@ static int cinepak_decode_frame( cinepak_context_t *p_context,
                                    i_strip,
                                    i_strip_x1 + i_x,
                                    i_strip_y1 + i_y,
-                                   i_strip_x2, i_strip_y2,
                                    p_data );
                     p_data++;
                     i_chunk_size--;
Unnamed repository; edit this file 'description' to name the repository.