mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2024-11-21 10:55:51 +02:00
63c9b30f98
This fixes segmentation faults due to out of bounds writes, when color_start is interpreted as negative number. This regression was introduced in commit 57631f. Reviewed-by: Mats Peterson <matsp888@yahoo.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
117 lines
4.2 KiB
C
117 lines
4.2 KiB
C
/*
|
|
* QuickTime palette handling
|
|
* Copyright (c) 2001 Fabrice Bellard
|
|
* Copyright (c) 2009 Baptiste Coudurier <baptiste dot coudurier at gmail dot com>
|
|
* Copyright (c) 2015 Mats Peterson
|
|
*
|
|
* This file is part of FFmpeg.
|
|
*
|
|
* FFmpeg is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation; either
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
*
|
|
* FFmpeg is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with FFmpeg; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
|
*/
|
|
|
|
#include <stdio.h>
|
|
#include <stdint.h>
|
|
|
|
#include "avformat.h"
|
|
#include "libavutil/intreadwrite.h"
|
|
#include "qtpalette.h"
|
|
|
|
int ff_get_qtpalette(int codec_id, AVIOContext *pb, uint32_t *palette)
|
|
{
|
|
int tmp, bit_depth, color_table_id, greyscale, i;
|
|
|
|
avio_seek(pb, 82, SEEK_CUR);
|
|
|
|
/* Get the bit depth and greyscale state */
|
|
tmp = avio_rb16(pb);
|
|
bit_depth = tmp & 0x1F;
|
|
greyscale = tmp & 0x20;
|
|
|
|
/* Get the color table ID */
|
|
color_table_id = avio_rb16(pb);
|
|
|
|
/* Do not create a greyscale palette for Cinepak */
|
|
if (greyscale && codec_id == AV_CODEC_ID_CINEPAK)
|
|
return 0;
|
|
|
|
/* If the depth is 1, 2, 4, or 8 bpp, file is palettized. */
|
|
if ((bit_depth == 1 || bit_depth == 2 || bit_depth == 4 || bit_depth == 8)) {
|
|
uint32_t color_count, color_start, color_end;
|
|
uint32_t a, r, g, b;
|
|
|
|
/* Ignore the greyscale bit for 1-bit video and sample
|
|
* descriptions containing a color table. */
|
|
if (greyscale && bit_depth > 1 && color_table_id) {
|
|
int color_index, color_dec;
|
|
/* compute the greyscale palette */
|
|
color_count = 1 << bit_depth;
|
|
color_index = 255;
|
|
color_dec = 256 / (color_count - 1);
|
|
for (i = 0; i < color_count; i++) {
|
|
r = g = b = color_index;
|
|
palette[i] = (0xFFU << 24) | (r << 16) | (g << 8) | (b);
|
|
color_index -= color_dec;
|
|
if (color_index < 0)
|
|
color_index = 0;
|
|
}
|
|
} else if (color_table_id) {
|
|
/* The color table ID is non-zero. Interpret this as
|
|
* being -1, which means use the default Macintosh
|
|
* color table */
|
|
const uint8_t *color_table;
|
|
color_count = 1 << bit_depth;
|
|
if (bit_depth == 1)
|
|
color_table = ff_qt_default_palette_2;
|
|
else if (bit_depth == 2)
|
|
color_table = ff_qt_default_palette_4;
|
|
else if (bit_depth == 4)
|
|
color_table = ff_qt_default_palette_16;
|
|
else
|
|
color_table = ff_qt_default_palette_256;
|
|
for (i = 0; i < color_count; i++) {
|
|
r = color_table[i * 3 + 0];
|
|
g = color_table[i * 3 + 1];
|
|
b = color_table[i * 3 + 2];
|
|
palette[i] = (0xFFU << 24) | (r << 16) | (g << 8) | (b);
|
|
}
|
|
} else {
|
|
/* The color table ID is 0; the color table is in the sample
|
|
* description */
|
|
color_start = avio_rb32(pb);
|
|
avio_rb16(pb); /* color table flags */
|
|
color_end = avio_rb16(pb);
|
|
if ((color_start <= 255) && (color_end <= 255)) {
|
|
for (i = color_start; i <= color_end; i++) {
|
|
/* each A, R, G, or B component is 16 bits;
|
|
* only use the top 8 bits */
|
|
a = avio_r8(pb);
|
|
avio_r8(pb);
|
|
r = avio_r8(pb);
|
|
avio_r8(pb);
|
|
g = avio_r8(pb);
|
|
avio_r8(pb);
|
|
b = avio_r8(pb);
|
|
avio_r8(pb);
|
|
palette[i] = (a << 24 ) | (r << 16) | (g << 8) | (b);
|
|
}
|
|
}
|
|
}
|
|
|
|
return 1;
|
|
}
|
|
|
|
return 0;
|
|
}
|