virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-10-30 23:18:11 +02:00
Code Issues Releases Activity

check if frame size matches old sys and assumes corrupted input, fixes #1192

Browse Source 
Originally committed as revision 19192 to svn://svn.ffmpeg.org/ffmpeg/trunk
This commit is contained in:
Baptiste Coudurier
2009-06-14 22:34:28 +00:00
parent 90b4f09177
commit d509c743b7
3 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libavcodec/dv.c
View File

@@ -1119,7 +1119,7 @@ static int dvvideo_decode_frame(AVCodecContext *avctx,
int buf_size = avpkt->size;
DVVideoContext *s = avctx->priv_data;
s->sys = dv_frame_profile(buf);
s->sys = dv_frame_profile(s->sys, buf, buf_size);
if (!s->sys || buf_size < s->sys->frame_size || dv_init_dynamic_tables(s->sys))
return -1; /* NOTE: we only accept several full frames */

8
libavcodec/dvdata.h
View File

@@ -698,7 +698,9 @@ enum dv_pack_type {
*/
#define DV_MAX_BPM 8
static inline const DVprofile* dv_frame_profile(const uint8_t* frame)
static inline
const DVprofile* dv_frame_profile(const DVprofile *sys,
const uint8_t* frame, unsigned buf_size)
{
int i;
@@ -715,6 +717,10 @@ static inline const DVprofile* dv_frame_profile(const uint8_t* frame)
if (dsf == dv_profiles[i].dsf && stype == dv_profiles[i].video_stype)
return &dv_profiles[i];
/* check if old sys matches and assumes corrupted input */
if (sys && buf_size == sys->frame_size)
return sys;
return NULL;
}

4
libavformat/dv.c
View File

@@ -322,7 +322,7 @@ int dv_produce_packet(DVDemuxContext *c, AVPacket *pkt,
uint8_t *ppcm[4] = {0};
if (buf_size < DV_PROFILE_BYTES ||
!(c->sys = dv_frame_profile(buf)) ||
!(c->sys = dv_frame_profile(c->sys, buf, buf_size)) ||
buf_size < c->sys->frame_size) {
return -1; /* Broken frame, or not enough data */
}
@@ -421,7 +421,7 @@ static int dv_read_header(AVFormatContext *s,
url_fseek(s->pb, -DV_PROFILE_BYTES, SEEK_CUR) < 0)
return AVERROR(EIO);
c->dv_demux->sys = dv_frame_profile(c->buf);
c->dv_demux->sys = dv_frame_profile(c->dv_demux->sys, c->buf, DV_PROFILE_BYTES);
if (!c->dv_demux->sys) {
av_log(s, AV_LOG_ERROR, "Can't determine profile of DV input stream.\n");
return -1;