X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=libavcodec%2Fpnm.c;h=aad23c7ae2806d4c66ed07f02f7ebbe9e15fa954;hb=042af30303ead6a094c6608ca6f5419bb130ce88;hp=17926f256f4d7a88ddb85af57f0530820b7232f0;hpb=79025da3f2e7ab047c8f3c0c817952a98480b26b;p=ffmpeg

diff --git a/libavcodec/pnm.c b/libavcodec/pnm.c
index 17926f256f4..aad23c7ae28 100644
--- a/libavcodec/pnm.c
+++ b/libavcodec/pnm.c
@@ -22,7 +22,9 @@
 #include <stdlib.h>
 #include <string.h>
 
+#include "libavutil/avassert.h"
 #include "libavutil/imgutils.h"
+#include "libavutil/avstring.h"
 #include "avcodec.h"
 #include "internal.h"
 #include "pnm.h"
@@ -52,9 +54,8 @@ static void pnm_get(PNMContext *sc, char *str, int buf_size)
     }
 
     s = str;
-    while (bs < end && !pnm_space(c)) {
-        if ((s - str)  < buf_size - 1)
-            *s++ = c;
+    while (bs < end && !pnm_space(c) && (s - str) < buf_size - 1) {
+        *s++ = c;
         c = *bs++;
     }
     *s = '\0';
@@ -67,12 +68,21 @@ int ff_pnm_decode_header(AVCodecContext *avctx, PNMContext * const s)
     int h, w, depth, maxval;
     int ret;
 
-    pnm_get(s, buf1, sizeof(buf1));
-    if(buf1[0] != 'P')
+    if (s->bytestream_end - s->bytestream < 3 ||
+        s->bytestream[0] != 'P' ||
+        (s->bytestream[1] < '1' ||
+         s->bytestream[1] > '7' &&
+         s->bytestream[1] != 'F')) {
+        s->bytestream += s->bytestream_end > s->bytestream;
+        s->bytestream += s->bytestream_end > s->bytestream;
         return AVERROR_INVALIDDATA;
+    }
+    pnm_get(s, buf1, sizeof(buf1));
     s->type= buf1[1]-'0';
 
-    if (s->type==1 || s->type==4) {
+    if (buf1[1] == 'F') {
+        avctx->pix_fmt = AV_PIX_FMT_GBRPF32;
+    } else if (s->type==1 || s->type==4) {
         avctx->pix_fmt = AV_PIX_FMT_MONOWHITE;
     } else if (s->type==2 || s->type==5) {
         if (avctx->codec_id == AV_CODEC_ID_PGMYUV)
@@ -111,6 +121,9 @@ int ff_pnm_decode_header(AVCodecContext *avctx, PNMContext * const s)
                 return AVERROR_INVALIDDATA;
             }
         }
+        if (!pnm_space(s->bytestream[-1]))
+            return AVERROR_INVALIDDATA;
+
         /* check that all tags are present */
         if (w <= 0 || h <= 0 || maxval <= 0 || maxval > UINT16_MAX || depth <= 0 || tuple_type[0] == '\0' ||
             av_image_check_size(w, h, 0, avctx) || s->bytestream >= s->bytestream_end)
@@ -151,7 +164,7 @@ int ff_pnm_decode_header(AVCodecContext *avctx, PNMContext * const s)
         }
         return 0;
     } else {
-        return AVERROR_INVALIDDATA;
+        av_assert0(0);
     }
     pnm_get(s, buf1, sizeof(buf1));
     w = atoi(buf1);
@@ -164,7 +177,16 @@ int ff_pnm_decode_header(AVCodecContext *avctx, PNMContext * const s)
     if (ret < 0)
         return ret;
 
-    if (avctx->pix_fmt != AV_PIX_FMT_MONOWHITE && avctx->pix_fmt != AV_PIX_FMT_MONOBLACK) {
+    if (avctx->pix_fmt == AV_PIX_FMT_GBRPF32) {
+        pnm_get(s, buf1, sizeof(buf1));
+        if (av_sscanf(buf1, "%f", &s->scale) != 1 || s->scale == 0.0 || !isfinite(s->scale)) {
+            av_log(avctx, AV_LOG_ERROR, "Invalid scale.\n");
+            return AVERROR_INVALIDDATA;
+        }
+        s->endian = s->scale < 0.f;
+        s->scale = fabsf(s->scale);
+        s->maxval = (1ULL << 32) - 1;
+    } else if (avctx->pix_fmt != AV_PIX_FMT_MONOWHITE && avctx->pix_fmt != AV_PIX_FMT_MONOBLACK) {
         pnm_get(s, buf1, sizeof(buf1));
         s->maxval = atoi(buf1);
         if (s->maxval <= 0 || s->maxval > UINT16_MAX) {
@@ -191,6 +213,10 @@ int ff_pnm_decode_header(AVCodecContext *avctx, PNMContext * const s)
         }
     }else
         s->maxval=1;
+
+    if (!pnm_space(s->bytestream[-1]))
+        return AVERROR_INVALIDDATA;
+
     /* more check if YUV420 */
     if (av_pix_fmt_desc_get(avctx->pix_fmt)->flags & AV_PIX_FMT_FLAG_PLANAR) {
         if ((avctx->width & 1) != 0)