1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00

avcodec/anm: Check extradata length before allocating frame

Then one doesn't need to free the frame in case the length turns out to
be insufficient.

Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
This commit is contained in:
Andreas Rheinhardt 2020-05-30 05:25:06 +02:00
parent 4aa07d1a74
commit 45c3502266

View File

@ -40,6 +40,9 @@ static av_cold int decode_init(AVCodecContext *avctx)
AnmContext *s = avctx->priv_data; AnmContext *s = avctx->priv_data;
int i; int i;
if (avctx->extradata_size < 16 * 8 + 4 * 256)
return AVERROR_INVALIDDATA;
avctx->pix_fmt = AV_PIX_FMT_PAL8; avctx->pix_fmt = AV_PIX_FMT_PAL8;
s->frame = av_frame_alloc(); s->frame = av_frame_alloc();
@ -47,11 +50,6 @@ static av_cold int decode_init(AVCodecContext *avctx)
return AVERROR(ENOMEM); return AVERROR(ENOMEM);
bytestream2_init(&s->gb, avctx->extradata, avctx->extradata_size); bytestream2_init(&s->gb, avctx->extradata, avctx->extradata_size);
if (bytestream2_get_bytes_left(&s->gb) < 16 * 8 + 4 * 256) {
av_frame_free(&s->frame);
return AVERROR_INVALIDDATA;
}
bytestream2_skipu(&s->gb, 16 * 8); bytestream2_skipu(&s->gb, 16 * 8);
for (i = 0; i < 256; i++) for (i = 0; i < 256; i++)
s->palette[i] = (0xFFU << 24) | bytestream2_get_le32u(&s->gb); s->palette[i] = (0xFFU << 24) | bytestream2_get_le32u(&s->gb);