[FFmpeg-devel] [PATCH 2/2] lavf/swfdec: support DefineBitsLossless{, 2} tag.

Clément Bœsch ubitux at gmail.com
Wed Oct 17 07:46:32 CEST 2012


On Wed, Oct 17, 2012 at 02:37:59AM +0200, Michael Niedermayer wrote:
> On Tue, Oct 16, 2012 at 09:15:40PM +0200, Clément Bœsch wrote:
> > On Sun, Oct 14, 2012 at 04:22:22AM +0200, Michael Niedermayer wrote:
> > > On Fri, Oct 12, 2012 at 11:21:05PM +0200, Clément Bœsch wrote:
> > > > ---
> > > >  libavformat/swfdec.c | 114 +++++++++++++++++++++++++++++++++++++++++++++++++++
> > > >  1 file changed, 114 insertions(+)
> > > > 
> > > > diff --git a/libavformat/swfdec.c b/libavformat/swfdec.c
> > > > index 48a2156..3fe31d4 100644
> > > > --- a/libavformat/swfdec.c
> > > > +++ b/libavformat/swfdec.c
> > > > @@ -20,6 +20,7 @@
> > > >   * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
> > > >   */
> > > >  
> > > > +#include "libavutil/avassert.h"
> > > >  #include "libavutil/intreadwrite.h"
> > > >  #include "swf.h"
> > > >  
> > > > @@ -253,6 +254,119 @@ static int swf_read_packet(AVFormatContext *s, AVPacket *pkt)
> > > >                      return pkt->size;
> > > >                  }
> > > >              }
> > > > +        } else if (tag == TAG_DEFINEBITSLOSSLESS || tag == TAG_DEFINEBITSLOSSLESS2) {
> > > > +#if CONFIG_ZLIB
> > > > +            long out_len;
> > > > +            uint8_t *buf, *zbuf, *pal;
> > > > +            uint32_t colormap[AVPALETTE_COUNT] = {0};
> > > > +            const int alpha_bmp = tag == TAG_DEFINEBITSLOSSLESS2;
> > > > +            const int colormapbpp = 3 + alpha_bmp;
> > > > +            int linesize, colormapsize = 0;
> > > > +
> > > > +            const int ch_id   = avio_rl16(pb);
> > > > +            const int bmp_fmt = avio_r8(pb);
> > > > +            const int width   = avio_rl16(pb);
> > > > +            const int height  = avio_rl16(pb);
> > > > +
> > > > +            len -= 2+1+2+2;
> > > > +
> > > > +            switch (bmp_fmt) {
> > > > +            case 3: // PAL-8
> > > > +                linesize = width;
> > > > +                colormapsize = avio_r8(pb) + 1;
> > > > +                len--;
> > > > +                break;
> > > > +            case 4: // RGB15
> > > > +                linesize = width * 2;
> > > > +                break;
> > > > +            case 5: // RGB24 (0RGB)
> > > > +                linesize = width * 4;
> > > > +                break;
> > > > +            default:
> > > > +                av_log(s, AV_LOG_ERROR, "invalid bitmap format %d, skipped\n", bmp_fmt);
> > > > +                goto bitmap_end_skip;
> > > > +            }
> > > > +
> > > > +            linesize = FFALIGN(linesize, 4);
> > > 
> > > > +            out_len = colormapsize * colormapbpp + linesize * height;
> > > 
> > > this can overflow
> > > 
> > > also len can be negative here maybe, if so it maybe should be checked
> > > 
> > > also width/height could be 0
> > > 
> > 
> > Added some checks. Hopefully it will be enough, see attached.
> 
> should be ok
> 

Applied, thanks.

-- 
Clément B.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20121017/735b28ac/attachment.asc>


More information about the ffmpeg-devel mailing list