On Wed, Feb 22, 2012 at 11:40:09PM +0100, Diego Biurrun wrote:
> On Wed, Feb 22, 2012 at 02:24:23PM -0800, Ronald S. Bultje wrote:
> >
> > --- a/libavcodec/lcldec.c
> > +++ b/libavcodec/lcldec.c
> > @@ -224,6 +224,34 @@ static int decode_frame(AVCodecContext *avctx, void
> > *data, int *data_size, AVPac
> > case COMP_MSZH_NOCOMP:
> > + switch (c->imgtype) {
> > + case IMGTYPE_YUV111:
> > + if (len < width * height * 3)
> > + return AVERROR_INVALIDDATA;
> > + break;
> > + case IMGTYPE_YUV422:
> > + if (len < width * height * 2)
> > + return AVERROR_INVALIDDATA;
> > + break;
> > + case IMGTYPE_RGB24:
> > + if (len < width * height * 3)
> > + return AVERROR_INVALIDDATA;
> > + break;
> > + case IMGTYPE_YUV411:
> > + if (len < ((width * height * 3) >> 1))
> > + return AVERROR_INVALIDDATA;
> > + break;
> > + case IMGTYPE_YUV211:
> > + if (len < width * height * 2)
> > + return AVERROR_INVALIDDATA;
> > + break;
> > + case IMGTYPE_YUV420:
> > + if (len < ((width * height * 3) >> 1))
> > + return AVERROR_INVALIDDATA;
> > + break;
> > + default:
> > + break;
> > + }
>
> You can make three cases out of these six:
>
> case IMGTYPE_YUV111:
> case IMGTYPE_RGB24:
> if (len < width * height * 3)
> return AVERROR_INVALIDDATA;
> break;
>
> Same for the others.
+1
or even just record bpp and check size once
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
