On Tue, Mar 06, 2012 at 04:50:46PM -0800, Ronald S. Bultje wrote:
> From: "Ronald S. Bultje" <rsbul...@gmail.com>
>
> Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
> CC: libav-sta...@libav.org
> ---
> libavcodec/smc.c | 74
> +++++++++++++++++++++++-------------------------------
> 1 file changed, 32 insertions(+), 42 deletions(-)
>
> diff --git a/libavcodec/smc.c b/libavcodec/smc.c
> index f4a0b6a..2bd3176 100644
> --- a/libavcodec/smc.c
> +++ b/libavcodec/smc.c
> @@ -34,6 +34,7 @@
>
> #include "libavutil/intreadwrite.h"
> #include "avcodec.h"
> +#include "bytestream.h"
>
> #define CPAIR 2
> #define CQUAD 4
> @@ -46,8 +47,7 @@ typedef struct SmcContext {
> AVCodecContext *avctx;
> AVFrame frame;
>
> - const unsigned char *buf;
> - int size;
> + GetByteContext gb;
>
> /* SMC color tables */
> unsigned char color_pairs[COLORS_PER_TABLE * CPAIR];
> @@ -58,7 +58,7 @@ typedef struct SmcContext {
> } SmcContext;
>
> #define GET_BLOCK_COUNT() \
> - (opcode & 0x10) ? (1 + s->buf[stream_ptr++]) : 1 + (opcode & 0x0F);
> + (opcode & 0x10) ? (1 + bytestream2_get_byte(&s->gb)) : 1 + (opcode & 0x0F);
>
> #define ADVANCE_BLOCK() \
> { \
> @@ -82,8 +82,8 @@ static void smc_decode_stream(SmcContext *s)
> int height = s->avctx->height;
> int stride = s->frame.linesize[0];
> int i;
> - int stream_ptr = 0;
> int chunk_size;
> + int buf_size = (int) (s->gb.buffer_end - s->gb.buffer_start);
> unsigned char opcode;
> int n_blocks;
> unsigned int color_flags;
> @@ -113,24 +113,18 @@ static void smc_decode_stream(SmcContext *s)
> /* make the palette available */
> memcpy(s->frame.data[1], s->pal, AVPALETTE_SIZE);
>
> - chunk_size = AV_RB32(&s->buf[stream_ptr]) & 0x00FFFFFF;
> - stream_ptr += 4;
> - if (chunk_size != s->size)
> + bytestream2_skip(&s->gb, 1);
> + chunk_size = bytestream2_get_be24(&s->gb);
> + if (chunk_size != buf_size)
> av_log(s->avctx, AV_LOG_INFO, "warning: MOV chunk size != encoded
> chunk size (%d != %d); using MOV chunk size\n",
> - chunk_size, s->size);
> + chunk_size, buf_size);
>
> - chunk_size = s->size;
> + chunk_size = buf_size;
> total_blocks = ((s->avctx->width + 3) / 4) * ((s->avctx->height + 3) /
> 4);
>
> /* traverse through the blocks */
> while (total_blocks) {
> /* sanity checks */
> - /* make sure stream ptr hasn't gone out of bounds */
> - if (stream_ptr > chunk_size) {
> - av_log(s->avctx, AV_LOG_INFO, "SMC decoder just went out of
> bounds (stream ptr = %d, chunk size = %d)\n",
> - stream_ptr, chunk_size);
> - return;
> - }
nit: why is this check dropped instead of being converted to bytestream2 as
well?
overall looks OK
_______________________________________________
libav-devel mailing list
libav-devel@libav.org
https://lists.libav.org/mailman/listinfo/libav-devel
