X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=libavcodec%2F4xm.c;h=e628edde4323b93ec0c0a6d80504f2caadb4b745;hb=a247ac640df3da573cd661065bf53f37863e2b46;hp=2b88c899d0a5d0f55eb0ca87874a2946df0360ec;hpb=c2631dfd0a0a12050cc1765fd41702c5e93abee5;p=ffmpeg

diff --git a/libavcodec/4xm.c b/libavcodec/4xm.c
index 2b88c899d0a..e628edde432 100644
--- a/libavcodec/4xm.c
+++ b/libavcodec/4xm.c
@@ -30,6 +30,7 @@
 #include "libavutil/frame.h"
 #include "libavutil/imgutils.h"
 #include "libavutil/intreadwrite.h"
+#include "libavutil/mem_internal.h"
 #include "avcodec.h"
 #include "blockdsp.h"
 #include "bswapdsp.h"
@@ -158,7 +159,7 @@ typedef struct FourXContext {
 #define FIX_1_847759065 121095
 #define FIX_2_613125930 171254
 
-#define MULTIPLY(var, const) (((var) * (const)) >> 16)
+#define MULTIPLY(var, const) ((int)((var) * (unsigned)(const)) >> 16)
 
 static void idct(int16_t block[64])
 {
@@ -351,6 +352,8 @@ static int decode_p_block(FourXContext *f, uint16_t *dst, const uint16_t *src,
     index = size2index[log2h][log2w];
     av_assert0(index >= 0);
 
+    if (get_bits_left(&f->gb) < 1)
+        return AVERROR_INVALIDDATA;
     h     = 1 << log2h;
     code  = get_vlc2(&f->gb, block_type_vlc[1 - (f->version > 1)][index].table,
                      BLOCK_TYPE_VLC_BITS, 1);
@@ -496,8 +499,8 @@ static int decode_i_block(FourXContext *f, int16_t *block)
 {
     int code, i, j, level, val;
 
-    if (get_bits_left(&f->gb) < 2){
-        av_log(f->avctx, AV_LOG_ERROR, "%d bits left before decode_i_block()\n", get_bits_left(&f->gb));
+    if (get_bits_left(&f->pre_gb) < 2) {
+        av_log(f->avctx, AV_LOG_ERROR, "%d bits left before decode_i_block()\n", get_bits_left(&f->pre_gb));
         return AVERROR_INVALIDDATA;
     }
 
@@ -523,6 +526,10 @@ static int decode_i_block(FourXContext *f, int16_t *block)
             break;
         if (code == 0xf0) {
             i += 16;
+            if (i >= 64) {
+                av_log(f->avctx, AV_LOG_ERROR, "run %d overflow\n", i);
+                return 0;
+            }
         } else {
             if (code & 0xf) {
                 level = get_xbits(&f->gb, code & 0xf);
@@ -697,6 +704,7 @@ static const uint8_t *read_huffman_tables(FourXContext *f,
         len_tab[j]  = len;
     }
 
+    ff_free_vlc(&f->pre_vlc);
     if (init_vlc(&f->pre_vlc, ACDC_VLC_BITS, 257, len_tab, 1, 1,
                  bits_tab, 4, 4, 0))
         return NULL;
@@ -1017,7 +1025,7 @@ static av_cold int decode_init(AVCodecContext *avctx)
     return 0;
 }
 
-AVCodec ff_fourxm_decoder = {
+const AVCodec ff_fourxm_decoder = {
     .name           = "4xm",
     .long_name      = NULL_IF_CONFIG_SMALL("4X Movie"),
     .type           = AVMEDIA_TYPE_VIDEO,