---
libavcodec/4xm.c | 8 +++++++-
1 files changed, 7 insertions(+), 1 deletions(-)
diff --git a/libavcodec/4xm.c b/libavcodec/4xm.c
index 21bde52..841adbb 100644
--- a/libavcodec/4xm.c
+++ b/libavcodec/4xm.c
@@ -132,7 +132,8 @@ typedef struct FourXContext{
AVFrame current_picture, last_picture;
GetBitContext pre_gb; ///< ac/dc prefix
GetBitContext gb;
- const uint8_t *bytestream;
+ const uint8_t *bytestream ;
+ const uint8_t *bytestream_end;
const uint16_t *wordstream;
int mv[256];
VLC pre_vlc;
@@ -328,6 +329,8 @@ static void decode_p_block(FourXContext *f, uint16_t *dst,
uint16_t *src, int lo
assert(code>=0 && code<=6);
if(code == 0){
+ if (f->bytestream > f->bytestream_end)
+ return;
src += f->mv[ *f->bytestream++ ];
if(start > src || src > end){
av_log(f->avctx, AV_LOG_ERROR, "mv out of pic\n");
@@ -345,6 +348,8 @@ static void decode_p_block(FourXContext *f, uint16_t *dst,
uint16_t *src, int lo
}else if(code == 3 && f->version<2){
mcdc(dst, src, log2w, h, stride, 1, 0);
}else if(code == 4){
+ if (f->bytestream > f->bytestream_end)
+ return;
src += f->mv[ *f->bytestream++ ];
if(start > src || src > end){
av_log(f->avctx, AV_LOG_ERROR, "mv out of pic\n");
@@ -717,6 +722,7 @@ static int decode_frame(AVCodecContext *avctx,
if(buf_size != AV_RL32(buf+4)+8 || buf_size < 20){
av_log(f->avctx, AV_LOG_ERROR, "size mismatch %d %d\n", buf_size,
AV_RL32(buf+4));
}
+ f->bytestream_end = buf + buf_size;
if(frame_4cc == AV_RL32("cfrm")){
int free_index=-1;
--
1.7.4.1
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
