generic-library/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

rv10: check size of s->mb_width * s->mb_height

Browse Source 
If it doesn't fit into 12 bits it triggers an assertion.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
This commit is contained in:
Andreas Cadhalpun
2015-03-03 21:31:15 +01:00
committed by Vittorio Giovara
parent c17da32ba2
commit ded9931d16
3 changed files with 12 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libavcodec/mpegvideo.h
View File

@@ -897,7 +897,7 @@ int ff_h261_get_picture_format(int width, int height);
/* rv10.c */ /* rv10.c */
void ff_rv10_encode_picture_header(MpegEncContext *s, int picture_number); int ff_rv10_encode_picture_header(MpegEncContext *s, int picture_number);
int ff_rv_decode_dc(MpegEncContext *s, int n); int ff_rv_decode_dc(MpegEncContext *s, int n);
void ff_rv20_encode_picture_header(MpegEncContext *s, int picture_number); void ff_rv20_encode_picture_header(MpegEncContext *s, int picture_number);

7
libavcodec/mpegvideo_enc.c
View File

@@ -3295,8 +3295,11 @@ static int encode_picture(MpegEncContext *s, int picture_number)
ff_msmpeg4_encode_picture_header(s, picture_number); ff_msmpeg4_encode_picture_header(s, picture_number);
else if (CONFIG_MPEG4_ENCODER && s->h263_pred) else if (CONFIG_MPEG4_ENCODER && s->h263_pred)
ff_mpeg4_encode_picture_header(s, picture_number); ff_mpeg4_encode_picture_header(s, picture_number);
else if (CONFIG_RV10_ENCODER && s->codec_id == AV_CODEC_ID_RV10) else if (CONFIG_RV10_ENCODER && s->codec_id == AV_CODEC_ID_RV10) {
ff_rv10_encode_picture_header(s, picture_number); ret = ff_rv10_encode_picture_header(s, picture_number);
if (ret < 0)
return ret;
}
else if (CONFIG_RV20_ENCODER && s->codec_id == AV_CODEC_ID_RV20) else if (CONFIG_RV20_ENCODER && s->codec_id == AV_CODEC_ID_RV20)
ff_rv20_encode_picture_header(s, picture_number); ff_rv20_encode_picture_header(s, picture_number);
else if (CONFIG_FLV_ENCODER && s->codec_id == AV_CODEC_ID_FLV1) else if (CONFIG_FLV_ENCODER && s->codec_id == AV_CODEC_ID_FLV1)

7
libavcodec/rv10enc.c
View File

@@ -28,7 +28,7 @@
#include "mpegvideo.h" #include "mpegvideo.h"
#include "put_bits.h" #include "put_bits.h"
void ff_rv10_encode_picture_header(MpegEncContext *s, int picture_number) int ff_rv10_encode_picture_header(MpegEncContext *s, int picture_number)
{ {
int full_frame= 0; int full_frame= 0;
@@ -48,12 +48,17 @@ void ff_rv10_encode_picture_header(MpegEncContext *s, int picture_number)
/* if multiple packets per frame are sent, the position at which /* if multiple packets per frame are sent, the position at which
to display the macroblocks is coded here */ to display the macroblocks is coded here */
if(!full_frame){ if(!full_frame){
if (s->mb_width * s->mb_height >= (1U << 12)) {
av_log_missing_feature(s->avctx, "Encoding frames with 4096 macroblocks or more", 0);
return AVERROR(ENOSYS);
}
put_bits(&s->pb, 6, 0); /* mb_x */ put_bits(&s->pb, 6, 0); /* mb_x */
put_bits(&s->pb, 6, 0); /* mb_y */ put_bits(&s->pb, 6, 0); /* mb_y */
put_bits(&s->pb, 12, s->mb_width * s->mb_height); put_bits(&s->pb, 12, s->mb_width * s->mb_height);
} }
put_bits(&s->pb, 3, 0); /* ignored */ put_bits(&s->pb, 3, 0); /* ignored */
return 0;
} }
FF_MPV_GENERIC_CLASS(rv10) FF_MPV_GENERIC_CLASS(rv10)