summaryrefslogtreecommitdiff
path: root/src/libffmpeg/libavcodec/4xm.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/libffmpeg/libavcodec/4xm.c')
-rw-r--r--src/libffmpeg/libavcodec/4xm.c44
1 files changed, 22 insertions, 22 deletions
diff --git a/src/libffmpeg/libavcodec/4xm.c b/src/libffmpeg/libavcodec/4xm.c
index fd84f8968..6932d52ab 100644
--- a/src/libffmpeg/libavcodec/4xm.c
+++ b/src/libffmpeg/libavcodec/4xm.c
@@ -220,17 +220,12 @@ static void idct(DCTELEM block[64]){
}
static void init_vlcs(FourXContext *f){
- static int done = 0;
int i;
- if (!done) {
- done = 1;
-
- for(i=0; i<4; i++){
- init_vlc(&block_type_vlc[i], BLOCK_TYPE_VLC_BITS, 7,
- &block_type_tab[i][0][1], 2, 1,
- &block_type_tab[i][0][0], 2, 1);
- }
+ for(i=0; i<4; i++){
+ init_vlc(&block_type_vlc[i], BLOCK_TYPE_VLC_BITS, 7,
+ &block_type_tab[i][0][1], 2, 1,
+ &block_type_tab[i][0][0], 2, 1, 1);
}
}
@@ -328,13 +323,19 @@ static int decode_p_frame(FourXContext *f, uint8_t *buf, int length){
uint16_t *src= (uint16_t*)f->last_picture.data[0];
uint16_t *dst= (uint16_t*)f->current_picture.data[0];
const int stride= f->current_picture.linesize[0]>>1;
- const int bitstream_size= get32(buf+8);
- const int bytestream_size= get32(buf+16);
- const int wordstream_size= get32(buf+12);
+ const unsigned int bitstream_size= get32(buf+8);
+ const unsigned int bytestream_size= get32(buf+16);
+ const unsigned int wordstream_size= get32(buf+12);
- if(bitstream_size+ bytestream_size+ wordstream_size + 20 != length)
+ if(bitstream_size+ bytestream_size+ wordstream_size + 20 != length
+ || bitstream_size > (1<<26)
+ || bytestream_size > (1<<26)
+ || wordstream_size > (1<<26)
+ ){
av_log(f->avctx, AV_LOG_ERROR, "lengths %d %d %d %d\n", bitstream_size, bytestream_size, wordstream_size,
bitstream_size+ bytestream_size+ wordstream_size - length);
+ return -1;
+ }
f->bitstream_buffer= av_fast_realloc(f->bitstream_buffer, &f->bitstream_buffer_size, bitstream_size + FF_INPUT_BUFFER_PADDING_SIZE);
f->dsp.bswap_buf((uint32_t*)f->bitstream_buffer, (uint32_t*)(buf + 20), bitstream_size/4);
@@ -544,7 +545,7 @@ static uint8_t *read_huffman_tables(FourXContext *f, uint8_t * const buf){
init_vlc(&f->pre_vlc, ACDC_VLC_BITS, 257,
len_tab , 1, 1,
- bits_tab, 4, 4);
+ bits_tab, 4, 4, 0);
return ptr;
}
@@ -555,13 +556,17 @@ static int decode_i_frame(FourXContext *f, uint8_t *buf, int length){
const int height= f->avctx->height;
uint16_t *dst= (uint16_t*)f->current_picture.data[0];
const int stride= f->current_picture.linesize[0]>>1;
- const int bitstream_size= get32(buf);
+ const unsigned int bitstream_size= get32(buf);
const int token_count __attribute__((unused)) = get32(buf + bitstream_size + 8);
- int prestream_size= 4*get32(buf + bitstream_size + 4);
+ unsigned int prestream_size= 4*get32(buf + bitstream_size + 4);
uint8_t *prestream= buf + bitstream_size + 12;
- if(prestream_size + bitstream_size + 12 != length)
+ if(prestream_size + bitstream_size + 12 != length
+ || bitstream_size > (1<<26)
+ || prestream_size > (1<<26)){
av_log(f->avctx, AV_LOG_ERROR, "size missmatch %d %d %d\n", prestream_size, bitstream_size, length);
+ return -1;
+ }
prestream= read_huffman_tables(f, prestream);
@@ -600,11 +605,6 @@ static int decode_frame(AVCodecContext *avctx,
AVFrame *p, temp;
int i, frame_4cc, frame_size;
- /* special case for last picture */
- if (buf_size == 0) {
- return 0;
- }
-
frame_4cc= get32(buf);
if(buf_size != get32(buf+4)+8){
av_log(f->avctx, AV_LOG_ERROR, "size missmatch %d %d\n", buf_size, get32(buf+4));
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-26 21:32:06 +0000