On Mon, Dec 12, 2011 at 12:36:03AM +0530, Shitiz Garg wrote:
> ---
> libavcodec/qtrle.c | 40 +++++++++++++++++++++++++++++++++++-----
> 1 files changed, 35 insertions(+), 5 deletions(-)
>
> diff --git a/libavcodec/qtrle.c b/libavcodec/qtrle.c
> index 0c74798..ea3cc05 100644
> --- a/libavcodec/qtrle.c
> +++ b/libavcodec/qtrle.c
> @@ -117,7 +117,7 @@ static inline void qtrle_decode_2n4bpp(QtrleContext *s,
> int stream_ptr,
> int row_ptr, int lines_to_change, int bpp)
> {
> int rle_code, i;
> - int pixel_ptr;
> + int pixel_ptr = -1;
> int row_inc = s->frame.linesize[0];
> unsigned char pi[16]; /* 16 palette indices */
> unsigned char *rgb = s->frame.data[0];
> @@ -126,6 +126,12 @@ static inline void qtrle_decode_2n4bpp(QtrleContext *s,
> int stream_ptr,
>
> while (lines_to_change--) {
> CHECK_STREAM_PTR(2);
> +
> + if (s->buf[stream_ptr] == 0) {
> + av_log(s->avctx, AV_LOG_ERROR, "buffer value cannot be zero\n");
> + return;
> + }
> +
> pixel_ptr = row_ptr + (num_pixels * (s->buf[stream_ptr++] - 1));
>
> while ((rle_code = (signed char)s->buf[stream_ptr++]) != -1) {
As I've previously mentioned, there's a similar construct below, please add a
check there too. Current approach looks good to me though.
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
