1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-11-26 19:01:44 +02:00
FFmpeg/libavcodec/ptx.c
Laurent Aimar dc64f203a6 ptx: check for out of bound reads
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-10 21:37:15 +02:00

127 lines
3.5 KiB
C

/*
* V.Flash PTX (.ptx) image decoder
* Copyright (c) 2007 Ivo van Poorten
*
* This file is part of Libav.
*
* Libav is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* Libav is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with Libav; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
#include "libavutil/intreadwrite.h"
#include "libavutil/imgutils.h"
#include "avcodec.h"
typedef struct PTXContext {
AVFrame picture;
} PTXContext;
static av_cold int ptx_init(AVCodecContext *avctx) {
PTXContext *s = avctx->priv_data;
avcodec_get_frame_defaults(&s->picture);
avctx->coded_frame= &s->picture;
return 0;
}
static int ptx_decode_frame(AVCodecContext *avctx, void *data, int *data_size,
AVPacket *avpkt) {
const uint8_t *buf = avpkt->data;
const uint8_t *buf_end = avpkt->data + avpkt->size;
PTXContext * const s = avctx->priv_data;
AVFrame *picture = data;
AVFrame * const p = &s->picture;
unsigned int offset, w, h, y, stride, bytes_per_pixel;
uint8_t *ptr;
if (buf_end - buf < 14)
return AVERROR_INVALIDDATA;
offset = AV_RL16(buf);
w = AV_RL16(buf+8);
h = AV_RL16(buf+10);
bytes_per_pixel = AV_RL16(buf+12) >> 3;
if (bytes_per_pixel != 2) {
av_log_ask_for_sample(avctx, "Image format is not RGB15.\n");
return -1;
}
avctx->pix_fmt = PIX_FMT_RGB555;
if (buf_end - buf < offset)
return AVERROR_INVALIDDATA;
if (offset != 0x2c)
av_log_ask_for_sample(avctx, "offset != 0x2c\n");
buf += offset;
if (p->data[0])
avctx->release_buffer(avctx, p);
if (av_image_check_size(w, h, 0, avctx))
return -1;
if (w != avctx->width || h != avctx->height)
avcodec_set_dimensions(avctx, w, h);
if (avctx->get_buffer(avctx, p) < 0) {
av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n");
return -1;
}
p->pict_type = AV_PICTURE_TYPE_I;
ptr = p->data[0];
stride = p->linesize[0];
for (y=0; y<h; y++) {
if (buf_end - buf < w * bytes_per_pixel)
break;
#if HAVE_BIGENDIAN
unsigned int x;
for (x=0; x<w*bytes_per_pixel; x+=bytes_per_pixel)
AV_WN16(ptr+x, AV_RL16(buf+x));
#else
memcpy(ptr, buf, w*bytes_per_pixel);
#endif
ptr += stride;
buf += w*bytes_per_pixel;
}
*picture = s->picture;
*data_size = sizeof(AVPicture);
return offset + w*h*bytes_per_pixel;
}
static av_cold int ptx_end(AVCodecContext *avctx) {
PTXContext *s = avctx->priv_data;
if(s->picture.data[0])
avctx->release_buffer(avctx, &s->picture);
return 0;
}
AVCodec ff_ptx_decoder = {
.name = "ptx",
.type = AVMEDIA_TYPE_VIDEO,
.id = CODEC_ID_PTX,
.priv_data_size = sizeof(PTXContext),
.init = ptx_init,
.close = ptx_end,
.decode = ptx_decode_frame,
.capabilities = CODEC_CAP_DR1,
.long_name = NULL_IF_CONFIG_SMALL("V.Flash PTX image"),
};