X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=libavcodec%2Fqtrle.c;h=6155b4f3e3c979fcae1eb0ca6ac92421c4041992;hb=ed5680f37ed30a01933c0158b21e3bb3c8acfe4a;hp=1b0d2016b586f03f63c2bb3771e9007e4db85b27;hpb=0cc8e34a94c84132cf5b0f6472c5f61c8a66cee1;p=ffmpeg diff --git a/libavcodec/qtrle.c b/libavcodec/qtrle.c index 1b0d2016b58..6155b4f3e3c 100644 --- a/libavcodec/qtrle.c +++ b/libavcodec/qtrle.c @@ -155,6 +155,8 @@ static inline void qtrle_decode_2n4bpp(QtrleContext *s, int row_ptr, CHECK_PIXEL_PTR(0); while ((rle_code = (int8_t)bytestream2_get_byte(&s->g)) != -1) { + if (bytestream2_get_bytes_left(&s->g) < 1) + return; if (rle_code == 0) { /* there's another skip code in the stream */ pixel_ptr += (num_pixels * (bytestream2_get_byte(&s->g) - 1)); @@ -210,6 +212,8 @@ static void qtrle_decode_8bpp(QtrleContext *s, int row_ptr, int lines_to_change) CHECK_PIXEL_PTR(0); while ((rle_code = (int8_t)bytestream2_get_byte(&s->g)) != -1) { + if (bytestream2_get_bytes_left(&s->g) < 1) + return; if (rle_code == 0) { /* there's another skip code in the stream */ pixel_ptr += (4 * (bytestream2_get_byte(&s->g) - 1)); @@ -259,6 +263,8 @@ static void qtrle_decode_16bpp(QtrleContext *s, int row_ptr, int lines_to_change CHECK_PIXEL_PTR(0); while ((rle_code = (int8_t)bytestream2_get_byte(&s->g)) != -1) { + if (bytestream2_get_bytes_left(&s->g) < 1) + return; if (rle_code == 0) { /* there's another skip code in the stream */ pixel_ptr += (bytestream2_get_byte(&s->g) - 1) * 2; @@ -303,6 +309,8 @@ static void qtrle_decode_24bpp(QtrleContext *s, int row_ptr, int lines_to_change CHECK_PIXEL_PTR(0); while ((rle_code = (int8_t)bytestream2_get_byte(&s->g)) != -1) { + if (bytestream2_get_bytes_left(&s->g) < 1) + return; if (rle_code == 0) { /* there's another skip code in the stream */ pixel_ptr += (bytestream2_get_byte(&s->g) - 1) * 3; @@ -350,6 +358,8 @@ static void qtrle_decode_32bpp(QtrleContext *s, int row_ptr, int lines_to_change CHECK_PIXEL_PTR(0); while ((rle_code = (int8_t)bytestream2_get_byte(&s->g)) != -1) { + if (bytestream2_get_bytes_left(&s->g) < 1) + return; if (rle_code == 0) { /* there's another skip code in the stream */ pixel_ptr += (bytestream2_get_byte(&s->g) - 1) * 4; @@ -433,12 +443,10 @@ static int qtrle_decode_frame(AVCodecContext *avctx, int ret; bytestream2_init(&s->g, avpkt->data, avpkt->size); - if ((ret = ff_reget_buffer(avctx, s->frame)) < 0) - return ret; /* check if this frame is even supposed to change */ if (avpkt->size < 8) - goto done; + return avpkt->size; /* start after the chunk size */ bytestream2_seek(&s->g, 4, SEEK_SET); @@ -449,17 +457,20 @@ static int qtrle_decode_frame(AVCodecContext *avctx, /* if a header is present, fetch additional decoding parameters */ if (header & 0x0008) { if (avpkt->size < 14) - goto done; + return avpkt->size; start_line = bytestream2_get_be16(&s->g); bytestream2_skip(&s->g, 2); height = bytestream2_get_be16(&s->g); bytestream2_skip(&s->g, 2); if (height > s->avctx->height - start_line) - goto done; + return avpkt->size; } else { start_line = 0; height = s->avctx->height; } + if ((ret = ff_reget_buffer(avctx, s->frame)) < 0) + return ret; + row_ptr = s->frame->linesize[0] * start_line; switch (avctx->bits_per_coded_sample) { @@ -520,7 +531,6 @@ static int qtrle_decode_frame(AVCodecContext *avctx, memcpy(s->frame->data[1], s->pal, AVPALETTE_SIZE); } -done: if ((ret = av_frame_ref(data, s->frame)) < 0) return ret; *got_frame = 1;