[FFmpeg-cvslog] c93: convert to bytestream2 API

Paul B Mahol git at videolan.org
Tue Mar 13 02:22:16 CET 2012 

ffmpeg | branch: master | Paul B Mahol <onemda at gmail.com> | Mon Mar 12 14:27:04 2012 +0000| [85aded741e03b17b0cc5c588b1f5acbcb25d7996] | committer: Martin Storsjö

c93: convert to bytestream2 API

Protects against overreads.

Signed-off-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Martin Storsjö <martin at martin.st>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=85aded741e03b17b0cc5c588b1f5acbcb25d7996
---

 libavcodec/c93.c |   52 +++++++++++++++++++++++++++-------------------------
 1 files changed, 27 insertions(+), 25 deletions(-)

diff --git a/libavcodec/c93.c b/libavcodec/c93.c
index ecfd035..5990529 100644
--- a/libavcodec/c93.c
+++ b/libavcodec/c93.c
@@ -121,8 +121,9 @@ static int decode_frame(AVCodecContext *avctx, void *data,
     AVFrame * const newpic = &c93->pictures[c93->currentpic];
     AVFrame * const oldpic = &c93->pictures[c93->currentpic^1];
     AVFrame *picture = data;
+    GetByteContext gb;
     uint8_t *out;
-    int stride, i, x, y, bt = 0;
+    int stride, i, x, y, b, bt = 0;
 
     c93->currentpic ^= 1;
 
@@ -136,7 +137,9 @@ static int decode_frame(AVCodecContext *avctx, void *data,
 
     stride = newpic->linesize[0];
 
-    if (buf[0] & C93_FIRST_FRAME) {
+    bytestream2_init(&gb, buf, buf_size);
+    b = bytestream2_get_byte(&gb);
+    if (b & C93_FIRST_FRAME) {
         newpic->pict_type = AV_PICTURE_TYPE_I;
         newpic->key_frame = 1;
     } else {
@@ -144,17 +147,6 @@ static int decode_frame(AVCodecContext *avctx, void *data,
         newpic->key_frame = 0;
     }
 
-    if (*buf++ & C93_HAS_PALETTE) {
-        uint32_t *palette = (uint32_t *) newpic->data[1];
-        const uint8_t *palbuf = buf + buf_size - 768 - 1;
-        for (i = 0; i < 256; i++) {
-            palette[i] = bytestream_get_be24(&palbuf);
-        }
-    } else {
-        if (oldpic->data[1])
-            memcpy(newpic->data[1], oldpic->data[1], 256 * 4);
-    }
-
     for (y = 0; y < HEIGHT; y += 8) {
         out = newpic->data[0] + y * stride;
         for (x = 0; x < WIDTH; x += 8) {
@@ -164,12 +156,12 @@ static int decode_frame(AVCodecContext *avctx, void *data,
             C93BlockType block_type;
 
             if (!bt)
-                bt = *buf++;
+                bt = bytestream2_get_byte(&gb);
 
             block_type= bt & 0x0F;
             switch (block_type) {
             case C93_8X8_FROM_PREV:
-                offset = bytestream_get_le16(&buf);
+                offset = bytestream2_get_le16(&gb);
                 if (copy_block(avctx, out, copy_from, offset, 8, stride))
                     return -1;
                 break;
@@ -179,7 +171,7 @@ static int decode_frame(AVCodecContext *avctx, void *data,
             case C93_4X4_FROM_PREV:
                 for (j = 0; j < 8; j += 4) {
                     for (i = 0; i < 8; i += 4) {
-                        offset = bytestream_get_le16(&buf);
+                        offset = bytestream2_get_le16(&gb);
                         if (copy_block(avctx, &out[j*stride+i],
                                            copy_from, offset, 4, stride))
                             return -1;
@@ -188,10 +180,10 @@ static int decode_frame(AVCodecContext *avctx, void *data,
                 break;
 
             case C93_8X8_2COLOR:
-                bytestream_get_buffer(&buf, cols, 2);
+                bytestream2_get_buffer(&gb, cols, 2);
                 for (i = 0; i < 8; i++) {
                     draw_n_color(out + i*stride, stride, 8, 1, 1, cols,
-                                     NULL, *buf++);
+                                     NULL, bytestream2_get_byte(&gb));
                 }
 
                 break;
@@ -202,17 +194,17 @@ static int decode_frame(AVCodecContext *avctx, void *data,
                 for (j = 0; j < 8; j += 4) {
                     for (i = 0; i < 8; i += 4) {
                         if (block_type == C93_4X4_2COLOR) {
-                            bytestream_get_buffer(&buf, cols, 2);
+                            bytestream2_get_buffer(&gb, cols, 2);
                             draw_n_color(out + i + j*stride, stride, 4, 4,
-                                    1, cols, NULL, bytestream_get_le16(&buf));
+                                    1, cols, NULL, bytestream2_get_le16(&gb));
                         } else if (block_type == C93_4X4_4COLOR) {
-                            bytestream_get_buffer(&buf, cols, 4);
+                            bytestream2_get_buffer(&gb, cols, 4);
                             draw_n_color(out + i + j*stride, stride, 4, 4,
-                                    2, cols, NULL, bytestream_get_le32(&buf));
+                                    2, cols, NULL, bytestream2_get_le32(&gb));
                         } else {
-                            bytestream_get_buffer(&buf, grps, 4);
+                            bytestream2_get_buffer(&gb, grps, 4);
                             draw_n_color(out + i + j*stride, stride, 4, 4,
-                                    1, cols, grps, bytestream_get_le16(&buf));
+                                    1, cols, grps, bytestream2_get_le16(&gb));
                         }
                     }
                 }
@@ -223,7 +215,7 @@ static int decode_frame(AVCodecContext *avctx, void *data,
 
             case C93_8X8_INTRA:
                 for (j = 0; j < 8; j++)
-                    bytestream_get_buffer(&buf, out + j*stride, 8);
+                    bytestream2_get_buffer(&gb, out + j*stride, 8);
                 break;
 
             default:
@@ -236,6 +228,16 @@ static int decode_frame(AVCodecContext *avctx, void *data,
         }
     }
 
+    if (b & C93_HAS_PALETTE) {
+        uint32_t *palette = (uint32_t *) newpic->data[1];
+        for (i = 0; i < 256; i++) {
+            palette[i] = bytestream2_get_be24(&gb);
+        }
+    } else {
+        if (oldpic->data[1])
+            memcpy(newpic->data[1], oldpic->data[1], 256 * 4);
+    }
+
     *picture = *newpic;
     *data_size = sizeof(AVFrame);

More information about the ffmpeg-cvslog mailing list