From 320d2d46ea97bcc407a41afc8a54f48b4e70198e Mon Sep 17 00:00:00 2001 From: Daniel Kang Date: Sat, 8 Jan 2011 21:17:56 -0500 Subject: [PATCH] cmv sanity check --- libavcodec/eacmv.c | 10 ++++++++-- 1 files changed, 8 insertions(+), 2 deletions(-) diff --git a/libavcodec/eacmv.c b/libavcodec/eacmv.c index f506f7c..5289728 100644 --- a/libavcodec/eacmv.c +++ b/libavcodec/eacmv.c @@ -78,7 +78,7 @@ static void cmv_motcomp(unsigned char *dst, int dst_stride, } } -static void cmv_decode_inter(CmvContext * s, const uint8_t *buf, const uint8_t *buf_end){ +static int cmv_decode_inter(CmvContext * s, const uint8_t *buf, const uint8_t *buf_end){ const uint8_t *raw = buf + (s->avctx->width*s->avctx->height/16); int x,y,i; @@ -97,6 +97,10 @@ static void cmv_decode_inter(CmvContext * s, const uint8_t *buf, const uint8_t * }else if(raw> 4)) - 7; + if (s->last2_frame.data[0] == NULL) { + av_log(s->avctx, AV_LOG_ERROR, "Invalid decode type\n"); + return AVERROR(EINVAL); + } cmv_motcomp(s->frame.data[0], s->frame.linesize[0], s->last2_frame.data[0], s->last2_frame.linesize[0], x*4, y*4, xoffset, yoffset, s->avctx->width, s->avctx->height); @@ -111,6 +115,7 @@ static void cmv_decode_inter(CmvContext * s, const uint8_t *buf, const uint8_t * } i++; } + return 0; } static void cmv_process_header(CmvContext *s, const uint8_t *buf, const uint8_t *buf_end) @@ -177,7 +182,8 @@ static int cmv_decode_frame(AVCodecContext *avctx, buf += EA_PREAMBLE_SIZE; if ((buf[0]&1)) { // subtype - cmv_decode_inter(s, buf+2, buf_end); + int ret = cmv_decode_inter(s, buf+2, buf_end); + if (ret != 0) return ret; s->frame.key_frame = 0; s->frame.pict_type = FF_P_TYPE; }else{ -- 1.7.2.2