[FFmpeg-cvslog] loco: take decode overflow into account.

Nicolas George git at videolan.org
Tue Jul 31 17:35:57 CEST 2012


ffmpeg | branch: master | Nicolas George <nicolas.george at normalesup.org> | Sun Jul 29 00:12:27 2012 +0200| [91ec1c6cc35e3c7950fa5acf80568672ad538f14] | committer: Nicolas George

loco: take decode overflow into account.

Commit 2bf0982 introduced an overflow check in loco_decode_plane,
but the error code is never taken into account, leading to
completely idiotic return values.

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=91ec1c6cc35e3c7950fa5acf80568672ad538f14
---

 libavcodec/loco.c |   23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/libavcodec/loco.c b/libavcodec/loco.c
index 9f14757..cc8ce21 100644
--- a/libavcodec/loco.c
+++ b/libavcodec/loco.c
@@ -179,51 +179,56 @@ static int decode_frame(AVCodecContext *avctx,
     }
     p->key_frame = 1;
 
+#define ADVANCE_BY_DECODED do { \
+    if (decoded < 0) goto stop; \
+    buf += decoded; buf_size -= decoded; \
+} while(0)
     switch(l->mode) {
     case LOCO_CYUY2: case LOCO_YUY2: case LOCO_UYVY:
         decoded = loco_decode_plane(l, p->data[0], avctx->width, avctx->height,
                                     p->linesize[0], buf, buf_size, 1);
-        buf += decoded; buf_size -= decoded;
+        ADVANCE_BY_DECODED;
         decoded = loco_decode_plane(l, p->data[1], avctx->width / 2, avctx->height,
                                     p->linesize[1], buf, buf_size, 1);
-        buf += decoded; buf_size -= decoded;
+        ADVANCE_BY_DECODED;
         decoded = loco_decode_plane(l, p->data[2], avctx->width / 2, avctx->height,
                                     p->linesize[2], buf, buf_size, 1);
         break;
     case LOCO_CYV12: case LOCO_YV12:
         decoded = loco_decode_plane(l, p->data[0], avctx->width, avctx->height,
                                     p->linesize[0], buf, buf_size, 1);
-        buf += decoded; buf_size -= decoded;
+        ADVANCE_BY_DECODED;
         decoded = loco_decode_plane(l, p->data[2], avctx->width / 2, avctx->height / 2,
                                     p->linesize[2], buf, buf_size, 1);
-        buf += decoded; buf_size -= decoded;
+        ADVANCE_BY_DECODED;
         decoded = loco_decode_plane(l, p->data[1], avctx->width / 2, avctx->height / 2,
                                     p->linesize[1], buf, buf_size, 1);
         break;
     case LOCO_CRGB: case LOCO_RGB:
         decoded = loco_decode_plane(l, p->data[0] + p->linesize[0]*(avctx->height-1), avctx->width, avctx->height,
                                     -p->linesize[0], buf, buf_size, 3);
-        buf += decoded; buf_size -= decoded;
+        ADVANCE_BY_DECODED;
         decoded = loco_decode_plane(l, p->data[0] + p->linesize[0]*(avctx->height-1) + 1, avctx->width, avctx->height,
                                     -p->linesize[0], buf, buf_size, 3);
-        buf += decoded; buf_size -= decoded;
+        ADVANCE_BY_DECODED;
         decoded = loco_decode_plane(l, p->data[0] + p->linesize[0]*(avctx->height-1) + 2, avctx->width, avctx->height,
                                     -p->linesize[0], buf, buf_size, 3);
         break;
     case LOCO_CRGBA: case LOCO_RGBA:
         decoded = loco_decode_plane(l, p->data[0], avctx->width, avctx->height,
                                     p->linesize[0], buf, buf_size, 4);
-        buf += decoded; buf_size -= decoded;
+        ADVANCE_BY_DECODED;
         decoded = loco_decode_plane(l, p->data[0] + 1, avctx->width, avctx->height,
                                     p->linesize[0], buf, buf_size, 4);
-        buf += decoded; buf_size -= decoded;
+        ADVANCE_BY_DECODED;
         decoded = loco_decode_plane(l, p->data[0] + 2, avctx->width, avctx->height,
                                     p->linesize[0], buf, buf_size, 4);
-        buf += decoded; buf_size -= decoded;
+        ADVANCE_BY_DECODED;
         decoded = loco_decode_plane(l, p->data[0] + 3, avctx->width, avctx->height,
                                     p->linesize[0], buf, buf_size, 4);
         break;
     }
+stop:
 
     *data_size = sizeof(AVFrame);
     *(AVFrame*)data = l->pic;



More information about the ffmpeg-cvslog mailing list