From: "Ronald S. Bultje" <rsbul...@gmail.com>
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-sta...@libav.org
---
libavcodec/dvdata.c | 30 ++++++++++++++++--------------
1 file changed, 16 insertions(+), 14 deletions(-)
diff --git a/libavcodec/dvdata.c b/libavcodec/dvdata.c
index e9929d0..7a82424 100644
--- a/libavcodec/dvdata.c
+++ b/libavcodec/dvdata.c
@@ -286,26 +286,28 @@ static const DVprofile dv_profiles[] = {
const DVprofile* avpriv_dv_frame_profile(const DVprofile *sys,
const uint8_t* frame, unsigned buf_size)
{
- int i;
+ int i, dsf, stype;
- int dsf = (frame[3] & 0x80) >> 7;
+ if (buf_size < 80*5 + 48 + 4)
+ return NULL;
- int stype = frame[80*5 + 48 + 3] & 0x1f;
+ dsf = (frame[3] & 0x80) >> 7;
+ stype = frame[80*5 + 48 + 3] & 0x1f;
- /* 576i50 25Mbps 4:1:1 is a special case */
- if (dsf == 1 && stype == 0 && frame[4] & 0x07 /* the APT field */) {
- return &dv_profiles[2];
- }
+ /* 576i50 25Mbps 4:1:1 is a special case */
+ if (dsf == 1 && stype == 0 && frame[4] & 0x07 /* the APT field */) {
+ return &dv_profiles[2];
+ }
- for (i=0; i<FF_ARRAY_ELEMS(dv_profiles); i++)
- if (dsf == dv_profiles[i].dsf && stype == dv_profiles[i].video_stype)
- return &dv_profiles[i];
+ for (i=0; i<FF_ARRAY_ELEMS(dv_profiles); i++)
+ if (dsf == dv_profiles[i].dsf && stype == dv_profiles[i].video_stype)
+ return &dv_profiles[i];
- /* check if old sys matches and assumes corrupted input */
- if (sys && buf_size == sys->frame_size)
- return sys;
+ /* check if old sys matches and assumes corrupted input */
+ if (sys && buf_size == sys->frame_size)
+ return sys;
- return NULL;
+ return NULL;
}
const DVprofile* avpriv_dv_codec_profile(AVCodecContext* codec)
--
1.7.9.2
_______________________________________________
libav-devel mailing list
libav-devel@libav.org
https://lists.libav.org/mailman/listinfo/libav-devel
