Browse Source
check if frame size matches old sys and assumes corrupted input, fixes #1192
Originally committed as revision 19192 to svn://svn.ffmpeg.org/ffmpeg/trunktags/v0.6
Baptiste Coudurier
16 years ago
3 changed files with 10 additions and 4 deletions
Unified View
Diff Options
-
+1 -1libavcodec/dv.c
-
+7 -1libavcodec/dvdata.h
-
+2 -2libavformat/dv.c
+ 1
- 1
libavcodec/dv.c
View File
| @@ -1119,7 +1119,7 @@ static int dvvideo_decode_frame(AVCodecContext *avctx, | |||||
| int buf_size = avpkt->size; | int buf_size = avpkt->size; | ||||
| DVVideoContext *s = avctx->priv_data; | DVVideoContext *s = avctx->priv_data; | ||||
| s->sys = dv_frame_profile(buf); | |||||
| s->sys = dv_frame_profile(s->sys, buf, buf_size); | |||||
| if (!s->sys || buf_size < s->sys->frame_size || dv_init_dynamic_tables(s->sys)) | if (!s->sys || buf_size < s->sys->frame_size || dv_init_dynamic_tables(s->sys)) | ||||
| return -1; /* NOTE: we only accept several full frames */ | return -1; /* NOTE: we only accept several full frames */ | ||||
+ 7
- 1
libavcodec/dvdata.h
View File
| @@ -698,7 +698,9 @@ enum dv_pack_type { | |||||
| */ | */ | ||||
| #define DV_MAX_BPM 8 | #define DV_MAX_BPM 8 | ||||
| static inline const DVprofile* dv_frame_profile(const uint8_t* frame) | |||||
| static inline | |||||
| const DVprofile* dv_frame_profile(const DVprofile *sys, | |||||
| const uint8_t* frame, unsigned buf_size) | |||||
| { | { | ||||
| int i; | int i; | ||||
| @@ -715,6 +717,10 @@ static inline const DVprofile* dv_frame_profile(const uint8_t* frame) | |||||
| if (dsf == dv_profiles[i].dsf && stype == dv_profiles[i].video_stype) | if (dsf == dv_profiles[i].dsf && stype == dv_profiles[i].video_stype) | ||||
| return &dv_profiles[i]; | return &dv_profiles[i]; | ||||
| /* check if old sys matches and assumes corrupted input */ | |||||
| if (sys && buf_size == sys->frame_size) | |||||
| return sys; | |||||
| return NULL; | return NULL; | ||||
| } | } | ||||
+ 2
- 2
libavformat/dv.c
View File
| @@ -322,7 +322,7 @@ int dv_produce_packet(DVDemuxContext *c, AVPacket *pkt, | |||||
| uint8_t *ppcm[4] = {0}; | uint8_t *ppcm[4] = {0}; | ||||
| if (buf_size < DV_PROFILE_BYTES || | if (buf_size < DV_PROFILE_BYTES || | ||||
| !(c->sys = dv_frame_profile(buf)) || | |||||
| !(c->sys = dv_frame_profile(c->sys, buf, buf_size)) || | |||||
| buf_size < c->sys->frame_size) { | buf_size < c->sys->frame_size) { | ||||
| return -1; /* Broken frame, or not enough data */ | return -1; /* Broken frame, or not enough data */ | ||||
| } | } | ||||
| @@ -421,7 +421,7 @@ static int dv_read_header(AVFormatContext *s, | |||||
| url_fseek(s->pb, -DV_PROFILE_BYTES, SEEK_CUR) < 0) | url_fseek(s->pb, -DV_PROFILE_BYTES, SEEK_CUR) < 0) | ||||
| return AVERROR(EIO); | return AVERROR(EIO); | ||||
| c->dv_demux->sys = dv_frame_profile(c->buf); | |||||
| c->dv_demux->sys = dv_frame_profile(c->dv_demux->sys, c->buf, DV_PROFILE_BYTES); | |||||
| if (!c->dv_demux->sys) { | if (!c->dv_demux->sys) { | ||||
| av_log(s, AV_LOG_ERROR, "Can't determine profile of DV input stream.\n"); | av_log(s, AV_LOG_ERROR, "Can't determine profile of DV input stream.\n"); | ||||
| return -1; | return -1; | ||||