buffer overflows

author Michael Niedermayer <michaelni@gmx.at>

Thu, 17 Feb 2005 19:00:42 +0000 (19:00 +0000)

committer Michael Niedermayer <michaelni@gmx.at>

Thu, 17 Feb 2005 19:00:42 +0000 (19:00 +0000)
author Michael Niedermayer <michaelni@gmx.at>
Thu, 17 Feb 2005 19:00:42 +0000 (19:00 +0000)
committer Michael Niedermayer <michaelni@gmx.at>
Thu, 17 Feb 2005 19:00:42 +0000 (19:00 +0000)
diff --git a/libavcodec/huffyuv.c b/libavcodec/huffyuv.c

index 723a7fad6b61fccd80ed4fbe231192eeb60b2553..b03043610b8dfe80028a456712185823ebf76528 100644 (file)
--- a/libavcodec/huffyuv.c
+++ b/libavcodec/huffyuv.c
@@ -348,9 +348,20 @@ static int read_old_huffman_tables(HYuvContext *s){
  #endif
  }
  
+static void alloc_temp(HYuvContext *s){
+    int i;
+    
+    if(s->bitstream_bpp<24){
+        for(i=0; i<3; i++){
+            s->temp[i]= av_malloc(s->width + 16);
+        }
+    }else{
+        s->temp[0]= av_malloc(4*s->width + 16);
+    }
+}
+
  static int common_init(AVCodecContext *avctx){
      HYuvContext *s = avctx->priv_data;
-    int i;
  
      s->avctx= avctx;
      s->flags= avctx->flags;
@@ -360,10 +371,7 @@ static int common_init(AVCodecContext *avctx){
      s->width= avctx->width;
      s->height= avctx->height;
      assert(s->width>0 && s->height>0);
-    
-    for(i=0; i<3; i++){
-        s->temp[i]= av_malloc(avctx->width + 16);
-    }
+        
      return 0;
  }
  
@@ -456,6 +464,8 @@ s->bgr32=1;
          assert(0);
      }
      
+    alloc_temp(s);
+    
  //    av_log(NULL, AV_LOG_DEBUG, "pred:%d bpp:%d hbpp:%d il:%d\n", s->predictor, s->bitstream_bpp, avctx->bits_per_sample, s->interlaced);
  
      return 0;
@@ -599,6 +609,8 @@ static int encode_init(AVCodecContext *avctx)
      
  //    printf("pred:%d bpp:%d hbpp:%d il:%d\n", s->predictor, s->bitstream_bpp, avctx->bits_per_sample, s->interlaced);
  
+    alloc_temp(s);
+
      s->picture_number=0;
  
      return 0;
@@ -1148,11 +1160,11 @@ static int encode_frame(AVCodecContext *avctx, unsigned char *buf, int buf_size,
                  if(s->predictor == PLANE && s->interlaced < cy){
                      s->dsp.diff_bytes(s->temp[1], ydst, ydst - fake_ystride, width);
                      s->dsp.diff_bytes(s->temp[2], udst, udst - fake_ustride, width2);
-                    s->dsp.diff_bytes(s->temp[2] + 1250, vdst, vdst - fake_vstride, width2);
+                    s->dsp.diff_bytes(s->temp[2] + width2, vdst, vdst - fake_vstride, width2);
  
                      lefty= sub_left_prediction(s, s->temp[0], s->temp[1], width , lefty);
                      leftu= sub_left_prediction(s, s->temp[1], s->temp[2], width2, leftu);
-                    leftv= sub_left_prediction(s, s->temp[2], s->temp[2] + 1250, width2, leftv);
+                    leftv= sub_left_prediction(s, s->temp[2], s->temp[2] + width2, width2, leftv);
                  }else{
                      lefty= sub_left_prediction(s, s->temp[0], ydst, width , lefty);
                      leftu= sub_left_prediction(s, s->temp[1], udst, width2, leftu);
author	Michael Niedermayer <michaelni@gmx.at>
	Thu, 17 Feb 2005 19:00:42 +0000 (19:00 +0000)
committer	Michael Niedermayer <michaelni@gmx.at>
	Thu, 17 Feb 2005 19:00:42 +0000 (19:00 +0000)