X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=libavcodec%2Fflashsv.c;h=f429167fe0f34aa662222a927e9a4c2df94d0a8c;hb=8f7b022c8c2f40bf8ddfd90778a4c91424d3a8e5;hp=a5b12941659d534f195c16d4e8f39f6262496da9;hpb=6a85dfc830f51f1f5c2d36d4182d265c1ea3ba25;p=ffmpeg diff --git a/libavcodec/flashsv.c b/libavcodec/flashsv.c index a5b12941659..f429167fe0f 100644 --- a/libavcodec/flashsv.c +++ b/libavcodec/flashsv.c @@ -3,20 +3,20 @@ * Copyright (C) 2004 Alex Beregszaszi * Copyright (C) 2006 Benjamin Larsson * - * This file is part of Libav. + * This file is part of FFmpeg. * - * Libav is free software; you can redistribute it and/or + * FFmpeg is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * - * Libav is distributed in the hope that it will be useful, + * FFmpeg is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public - * License along with Libav; if not, write to the Free Software + * License along with FFmpeg; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ @@ -69,7 +69,7 @@ typedef struct FlashSVContext { int diff_start, diff_height; } FlashSVContext; -static int decode_hybrid(const uint8_t *sptr, uint8_t *dptr, int dx, int dy, +static int decode_hybrid(const uint8_t *sptr, const uint8_t *sptr_end, uint8_t *dptr, int dx, int dy, int h, int w, int stride, const uint32_t *pal) { int x, y; @@ -78,6 +78,8 @@ static int decode_hybrid(const uint8_t *sptr, uint8_t *dptr, int dx, int dy, for (y = dx + h; y > dx; y--) { uint8_t *dst = dptr + (y * stride) + dy * 3; for (x = 0; x < w; x++) { + if (sptr >= sptr_end) + return AVERROR_INVALIDDATA; if (*sptr & 0x80) { /* 15-bit color */ unsigned c = AV_RB16(sptr) & ~0x8000; @@ -107,7 +109,7 @@ static av_cold int flashsv_decode_end(AVCodecContext *avctx) av_frame_free(&s->frame); /* free the tmpblock */ - av_free(s->tmpblock); + av_freep(&s->tmpblock); return 0; } @@ -142,6 +144,9 @@ static int flashsv2_prime(FlashSVContext *s, uint8_t *src, int size) z_stream zs; int zret; // Zlib return code + if (!src) + return AVERROR_INVALIDDATA; + zs.zalloc = NULL; zs.zfree = NULL; zs.opaque = NULL; @@ -152,7 +157,8 @@ static int flashsv2_prime(FlashSVContext *s, uint8_t *src, int size) s->zstream.avail_out = s->block_size * 3; inflate(&s->zstream, Z_SYNC_FLUSH); - deflateInit(&zs, 0); + if (deflateInit(&zs, 0) != Z_OK) + return -1; zs.next_in = s->tmpblock; zs.avail_in = s->block_size * 3 - s->zstream.avail_out; zs.next_out = s->deflate_block; @@ -228,10 +234,15 @@ static int flashsv_decode_block(AVCodecContext *avctx, AVPacket *avpkt, } } else { /* hybrid 15-bit/palette mode */ - decode_hybrid(s->tmpblock, s->frame->data[0], + ret = decode_hybrid(s->tmpblock, s->zstream.next_out, + s->frame->data[0], s->image_height - (y_pos + 1 + s->diff_height), x_pos, s->diff_height, width, s->frame->linesize[0], s->pal); + if (ret < 0) { + av_log(avctx, AV_LOG_ERROR, "decode_hybrid failed\n"); + return ret; + } } skip_bits_long(gb, 8 * block_size); /* skip the consumed bits */ return 0; @@ -260,6 +271,8 @@ static int flashsv_decode_frame(AVCodecContext *avctx, void *data, FlashSVContext *s = avctx->priv_data; int h_blocks, v_blocks, h_part, v_part, i, j, ret; GetBitContext gb; + int last_blockwidth = s->block_width; + int last_blockheight= s->block_height; /* no supplementary picture */ if (buf_size == 0) @@ -267,7 +280,8 @@ static int flashsv_decode_frame(AVCodecContext *avctx, void *data, if (buf_size < 4) return -1; - init_get_bits(&gb, avpkt->data, buf_size * 8); + if ((ret = init_get_bits8(&gb, avpkt->data, buf_size)) < 0) + return ret; /* start to parse the bitstream */ s->block_width = 16 * (get_bits(&gb, 4) + 1); @@ -275,6 +289,10 @@ static int flashsv_decode_frame(AVCodecContext *avctx, void *data, s->block_height = 16 * (get_bits(&gb, 4) + 1); s->image_height = get_bits(&gb, 12); + if ( last_blockwidth != s->block_width + || last_blockheight!= s->block_height) + av_freep(&s->blocks); + if (s->ver == 2) { skip_bits(&gb, 6); if (get_bits1(&gb)) { @@ -322,8 +340,8 @@ static int flashsv_decode_frame(AVCodecContext *avctx, void *data, /* initialize the image size once */ if (avctx->width == 0 && avctx->height == 0) { - avctx->width = s->image_width; - avctx->height = s->image_height; + if ((ret = ff_set_dimensions(avctx, s->image_width, s->image_height)) < 0) + return ret; } /* check for changes of image width and image height */ @@ -342,19 +360,17 @@ static int flashsv_decode_frame(AVCodecContext *avctx, void *data, if ((err = av_reallocp(&s->keyframedata, avpkt->size)) < 0) return err; memcpy(s->keyframedata, avpkt->data, avpkt->size); - if ((err = av_reallocp(&s->blocks, (v_blocks + !!v_part) * - (h_blocks + !!h_part) * sizeof(s->blocks[0]))) < 0) - return err; } + if(s->ver == 2 && !s->blocks) + s->blocks = av_mallocz((v_blocks + !!v_part) * (h_blocks + !!h_part) * + sizeof(s->blocks[0])); ff_dlog(avctx, "image: %dx%d block: %dx%d num: %dx%d part: %dx%d\n", s->image_width, s->image_height, s->block_width, s->block_height, h_blocks, v_blocks, h_part, v_part); - if ((ret = ff_reget_buffer(avctx, s->frame)) < 0) { - av_log(avctx, AV_LOG_ERROR, "reget_buffer() failed\n"); + if ((ret = ff_reget_buffer(avctx, s->frame)) < 0) return ret; - } /* loop over all block columns */ for (j = 0; j < v_blocks + (v_part ? 1 : 0); j++) {