[FFmpeg-cvslog] avcodec/msrledec: restructure msrle_decode_pal4() based on the line number instead of the pixel pointer
ffmpeg | branch: release/2.5 | Michael Niedermayer michae...@gmx.at | Tue Mar
24 15:50:12 2015 +0100| [a376ef4a17edb947bbcf54171daa914bd4585a4f] | committer:
Michael Niedermayer
avcodec/msrledec: restructure msrle_decode_pal4() based on the line number
instead of the pixel pointer
Fixes out of array access
Fixes:
da14e86d8462be6493eab16bc2d40f88/asan_heap-oob_204cfd2_528_cov_340150052_COMPRESS.BMP
Found-by: Mateusz j00ru Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer michae...@gmx.at
(cherry picked from commit f7e1367f58263593e6cee3c282f7277d7ee9d553)
Signed-off-by: Michael Niedermayer michae...@gmx.at
http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a376ef4a17edb947bbcf54171daa914bd4585a4f
---
libavcodec/msrledec.c | 25 +++--
1 file changed, 11 insertions(+), 14 deletions(-)
diff --git a/libavcodec/msrledec.c b/libavcodec/msrledec.c
index 4d3da5b..deb6f86 100644
--- a/libavcodec/msrledec.c
+++ b/libavcodec/msrledec.c
@@ -37,16 +37,14 @@ static int msrle_decode_pal4(AVCodecContext *avctx,
AVPicture *pic,
unsigned char extra_byte, odd_pixel;
unsigned char stream_byte;
unsigned int pixel_ptr = 0;
-int row_dec = pic-linesize[0];
-int row_ptr = (avctx-height - 1) * row_dec;
-int frame_size = row_dec * avctx-height;
+int line = avctx-height - 1;
int i;
-while (row_ptr = 0) {
+while (line = 0 pixel_ptr = avctx-width) {
if (bytestream2_get_bytes_left(gb) = 0) {
av_log(avctx, AV_LOG_ERROR,
- MS RLE: bytestream overrun, %d rows left\n,
- row_ptr);
+ MS RLE: bytestream overrun, %dx%d left\n,
+ avctx-width - pixel_ptr, line);
return AVERROR_INVALIDDATA;
}
rle_code = stream_byte = bytestream2_get_byteu(gb);
@@ -55,7 +53,7 @@ static int msrle_decode_pal4(AVCodecContext *avctx, AVPicture
*pic,
stream_byte = bytestream2_get_byte(gb);
if (stream_byte == 0) {
/* line is done, goto the next one */
-row_ptr -= row_dec;
+line--;
pixel_ptr = 0;
} else if (stream_byte == 1) {
/* decode is done */
@@ -65,13 +63,12 @@ static int msrle_decode_pal4(AVCodecContext *avctx,
AVPicture *pic,
stream_byte = bytestream2_get_byte(gb);
pixel_ptr += stream_byte;
stream_byte = bytestream2_get_byte(gb);
-row_ptr -= stream_byte * row_dec;
} else {
// copy pixels from encoded stream
odd_pixel = stream_byte 1;
rle_code = (stream_byte + 1) / 2;
extra_byte = rle_code 0x01;
-if (row_ptr + pixel_ptr + stream_byte frame_size ||
+if (pixel_ptr + 2*rle_code - odd_pixel avctx-width ||
bytestream2_get_bytes_left(gb) rle_code) {
av_log(avctx, AV_LOG_ERROR,
MS RLE: frame/stream ptr just went out of bounds
(copy)\n);
@@ -82,13 +79,13 @@ static int msrle_decode_pal4(AVCodecContext *avctx,
AVPicture *pic,
if (pixel_ptr = avctx-width)
break;
stream_byte = bytestream2_get_byteu(gb);
-pic-data[0][row_ptr + pixel_ptr] = stream_byte 4;
+pic-data[0][line * pic-linesize[0] + pixel_ptr] =
stream_byte 4;
pixel_ptr++;
if (i + 1 == rle_code odd_pixel)
break;
if (pixel_ptr = avctx-width)
break;
-pic-data[0][row_ptr + pixel_ptr] = stream_byte 0x0F;
+pic-data[0][line * pic-linesize[0] + pixel_ptr] =
stream_byte 0x0F;
pixel_ptr++;
}
@@ -98,7 +95,7 @@ static int msrle_decode_pal4(AVCodecContext *avctx, AVPicture
*pic,
}
} else {
// decode a run of data
-if (row_ptr + pixel_ptr + stream_byte frame_size) {
+if (pixel_ptr + rle_code avctx-width + 1) {
av_log(avctx, AV_LOG_ERROR,
MS RLE: frame ptr just went out of bounds (run)\n);
return AVERROR_INVALIDDATA;
@@ -108,9 +105,9 @@ static int msrle_decode_pal4(AVCodecContext *avctx,
AVPicture *pic,
if (pixel_ptr = avctx-width)
break;
if ((i 1) == 0)
-pic-data[0][row_ptr + pixel_ptr] = stream_byte 4;
+pic-data[0][line * pic-linesize[0] + pixel_ptr] =
stream_byte 4;
else
-pic-data[0][row_ptr + pixel_ptr] = stream_byte 0x0F;
+pic-data[0][line * pic-linesize[0] + pixel_ptr] =
stream_byte 0x0F;
pixel_ptr++;
}
}
[FFmpeg-cvslog] avcodec/msrledec: restructure msrle_decode_pal4() based on the line number instead of the pixel pointer
ffmpeg | branch: release/2.2 | Michael Niedermayer michae...@gmx.at | Tue Mar
24 15:50:12 2015 +0100| [33877cd276f99fc234b5269d9d158ce71e50d363] | committer:
Michael Niedermayer
avcodec/msrledec: restructure msrle_decode_pal4() based on the line number
instead of the pixel pointer
Fixes out of array access
Fixes:
da14e86d8462be6493eab16bc2d40f88/asan_heap-oob_204cfd2_528_cov_340150052_COMPRESS.BMP
Found-by: Mateusz j00ru Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer michae...@gmx.at
(cherry picked from commit f7e1367f58263593e6cee3c282f7277d7ee9d553)
Signed-off-by: Michael Niedermayer michae...@gmx.at
http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=33877cd276f99fc234b5269d9d158ce71e50d363
---
libavcodec/msrledec.c | 25 +++--
1 file changed, 11 insertions(+), 14 deletions(-)
diff --git a/libavcodec/msrledec.c b/libavcodec/msrledec.c
index 4d3da5b..deb6f86 100644
--- a/libavcodec/msrledec.c
+++ b/libavcodec/msrledec.c
@@ -37,16 +37,14 @@ static int msrle_decode_pal4(AVCodecContext *avctx,
AVPicture *pic,
unsigned char extra_byte, odd_pixel;
unsigned char stream_byte;
unsigned int pixel_ptr = 0;
-int row_dec = pic-linesize[0];
-int row_ptr = (avctx-height - 1) * row_dec;
-int frame_size = row_dec * avctx-height;
+int line = avctx-height - 1;
int i;
-while (row_ptr = 0) {
+while (line = 0 pixel_ptr = avctx-width) {
if (bytestream2_get_bytes_left(gb) = 0) {
av_log(avctx, AV_LOG_ERROR,
- MS RLE: bytestream overrun, %d rows left\n,
- row_ptr);
+ MS RLE: bytestream overrun, %dx%d left\n,
+ avctx-width - pixel_ptr, line);
return AVERROR_INVALIDDATA;
}
rle_code = stream_byte = bytestream2_get_byteu(gb);
@@ -55,7 +53,7 @@ static int msrle_decode_pal4(AVCodecContext *avctx, AVPicture
*pic,
stream_byte = bytestream2_get_byte(gb);
if (stream_byte == 0) {
/* line is done, goto the next one */
-row_ptr -= row_dec;
+line--;
pixel_ptr = 0;
} else if (stream_byte == 1) {
/* decode is done */
@@ -65,13 +63,12 @@ static int msrle_decode_pal4(AVCodecContext *avctx,
AVPicture *pic,
stream_byte = bytestream2_get_byte(gb);
pixel_ptr += stream_byte;
stream_byte = bytestream2_get_byte(gb);
-row_ptr -= stream_byte * row_dec;
} else {
// copy pixels from encoded stream
odd_pixel = stream_byte 1;
rle_code = (stream_byte + 1) / 2;
extra_byte = rle_code 0x01;
-if (row_ptr + pixel_ptr + stream_byte frame_size ||
+if (pixel_ptr + 2*rle_code - odd_pixel avctx-width ||
bytestream2_get_bytes_left(gb) rle_code) {
av_log(avctx, AV_LOG_ERROR,
MS RLE: frame/stream ptr just went out of bounds
(copy)\n);
@@ -82,13 +79,13 @@ static int msrle_decode_pal4(AVCodecContext *avctx,
AVPicture *pic,
if (pixel_ptr = avctx-width)
break;
stream_byte = bytestream2_get_byteu(gb);
-pic-data[0][row_ptr + pixel_ptr] = stream_byte 4;
+pic-data[0][line * pic-linesize[0] + pixel_ptr] =
stream_byte 4;
pixel_ptr++;
if (i + 1 == rle_code odd_pixel)
break;
if (pixel_ptr = avctx-width)
break;
-pic-data[0][row_ptr + pixel_ptr] = stream_byte 0x0F;
+pic-data[0][line * pic-linesize[0] + pixel_ptr] =
stream_byte 0x0F;
pixel_ptr++;
}
@@ -98,7 +95,7 @@ static int msrle_decode_pal4(AVCodecContext *avctx, AVPicture
*pic,
}
} else {
// decode a run of data
-if (row_ptr + pixel_ptr + stream_byte frame_size) {
+if (pixel_ptr + rle_code avctx-width + 1) {
av_log(avctx, AV_LOG_ERROR,
MS RLE: frame ptr just went out of bounds (run)\n);
return AVERROR_INVALIDDATA;
@@ -108,9 +105,9 @@ static int msrle_decode_pal4(AVCodecContext *avctx,
AVPicture *pic,
if (pixel_ptr = avctx-width)
break;
if ((i 1) == 0)
-pic-data[0][row_ptr + pixel_ptr] = stream_byte 4;
+pic-data[0][line * pic-linesize[0] + pixel_ptr] =
stream_byte 4;
else
-pic-data[0][row_ptr + pixel_ptr] = stream_byte 0x0F;
+pic-data[0][line * pic-linesize[0] + pixel_ptr] =
stream_byte 0x0F;
pixel_ptr++;
}
}
[FFmpeg-cvslog] avcodec/msrledec: restructure msrle_decode_pal4() based on the line number instead of the pixel pointer
ffmpeg | branch: release/2.4 | Michael Niedermayer michae...@gmx.at | Tue Mar
24 15:50:12 2015 +0100| [539172c85b13796fe5ce2a7482f436b6e9b33cf6] | committer:
Michael Niedermayer
avcodec/msrledec: restructure msrle_decode_pal4() based on the line number
instead of the pixel pointer
Fixes out of array access
Fixes:
da14e86d8462be6493eab16bc2d40f88/asan_heap-oob_204cfd2_528_cov_340150052_COMPRESS.BMP
Found-by: Mateusz j00ru Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer michae...@gmx.at
(cherry picked from commit f7e1367f58263593e6cee3c282f7277d7ee9d553)
Signed-off-by: Michael Niedermayer michae...@gmx.at
http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=539172c85b13796fe5ce2a7482f436b6e9b33cf6
---
libavcodec/msrledec.c | 25 +++--
1 file changed, 11 insertions(+), 14 deletions(-)
diff --git a/libavcodec/msrledec.c b/libavcodec/msrledec.c
index 4d3da5b..deb6f86 100644
--- a/libavcodec/msrledec.c
+++ b/libavcodec/msrledec.c
@@ -37,16 +37,14 @@ static int msrle_decode_pal4(AVCodecContext *avctx,
AVPicture *pic,
unsigned char extra_byte, odd_pixel;
unsigned char stream_byte;
unsigned int pixel_ptr = 0;
-int row_dec = pic-linesize[0];
-int row_ptr = (avctx-height - 1) * row_dec;
-int frame_size = row_dec * avctx-height;
+int line = avctx-height - 1;
int i;
-while (row_ptr = 0) {
+while (line = 0 pixel_ptr = avctx-width) {
if (bytestream2_get_bytes_left(gb) = 0) {
av_log(avctx, AV_LOG_ERROR,
- MS RLE: bytestream overrun, %d rows left\n,
- row_ptr);
+ MS RLE: bytestream overrun, %dx%d left\n,
+ avctx-width - pixel_ptr, line);
return AVERROR_INVALIDDATA;
}
rle_code = stream_byte = bytestream2_get_byteu(gb);
@@ -55,7 +53,7 @@ static int msrle_decode_pal4(AVCodecContext *avctx, AVPicture
*pic,
stream_byte = bytestream2_get_byte(gb);
if (stream_byte == 0) {
/* line is done, goto the next one */
-row_ptr -= row_dec;
+line--;
pixel_ptr = 0;
} else if (stream_byte == 1) {
/* decode is done */
@@ -65,13 +63,12 @@ static int msrle_decode_pal4(AVCodecContext *avctx,
AVPicture *pic,
stream_byte = bytestream2_get_byte(gb);
pixel_ptr += stream_byte;
stream_byte = bytestream2_get_byte(gb);
-row_ptr -= stream_byte * row_dec;
} else {
// copy pixels from encoded stream
odd_pixel = stream_byte 1;
rle_code = (stream_byte + 1) / 2;
extra_byte = rle_code 0x01;
-if (row_ptr + pixel_ptr + stream_byte frame_size ||
+if (pixel_ptr + 2*rle_code - odd_pixel avctx-width ||
bytestream2_get_bytes_left(gb) rle_code) {
av_log(avctx, AV_LOG_ERROR,
MS RLE: frame/stream ptr just went out of bounds
(copy)\n);
@@ -82,13 +79,13 @@ static int msrle_decode_pal4(AVCodecContext *avctx,
AVPicture *pic,
if (pixel_ptr = avctx-width)
break;
stream_byte = bytestream2_get_byteu(gb);
-pic-data[0][row_ptr + pixel_ptr] = stream_byte 4;
+pic-data[0][line * pic-linesize[0] + pixel_ptr] =
stream_byte 4;
pixel_ptr++;
if (i + 1 == rle_code odd_pixel)
break;
if (pixel_ptr = avctx-width)
break;
-pic-data[0][row_ptr + pixel_ptr] = stream_byte 0x0F;
+pic-data[0][line * pic-linesize[0] + pixel_ptr] =
stream_byte 0x0F;
pixel_ptr++;
}
@@ -98,7 +95,7 @@ static int msrle_decode_pal4(AVCodecContext *avctx, AVPicture
*pic,
}
} else {
// decode a run of data
-if (row_ptr + pixel_ptr + stream_byte frame_size) {
+if (pixel_ptr + rle_code avctx-width + 1) {
av_log(avctx, AV_LOG_ERROR,
MS RLE: frame ptr just went out of bounds (run)\n);
return AVERROR_INVALIDDATA;
@@ -108,9 +105,9 @@ static int msrle_decode_pal4(AVCodecContext *avctx,
AVPicture *pic,
if (pixel_ptr = avctx-width)
break;
if ((i 1) == 0)
-pic-data[0][row_ptr + pixel_ptr] = stream_byte 4;
+pic-data[0][line * pic-linesize[0] + pixel_ptr] =
stream_byte 4;
else
-pic-data[0][row_ptr + pixel_ptr] = stream_byte 0x0F;
+pic-data[0][line * pic-linesize[0] + pixel_ptr] =
stream_byte 0x0F;
pixel_ptr++;
}
}
[FFmpeg-cvslog] avcodec/msrledec: restructure msrle_decode_pal4() based on the line number instead of the pixel pointer
ffmpeg | branch: release/2.6 | Michael Niedermayer michae...@gmx.at | Tue Mar
24 15:50:12 2015 +0100| [dfce316c12d867400fb132ff5094163e3d2634a3] | committer:
Michael Niedermayer
avcodec/msrledec: restructure msrle_decode_pal4() based on the line number
instead of the pixel pointer
Fixes out of array access
Fixes:
da14e86d8462be6493eab16bc2d40f88/asan_heap-oob_204cfd2_528_cov_340150052_COMPRESS.BMP
Found-by: Mateusz j00ru Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer michae...@gmx.at
(cherry picked from commit f7e1367f58263593e6cee3c282f7277d7ee9d553)
Signed-off-by: Michael Niedermayer michae...@gmx.at
http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=dfce316c12d867400fb132ff5094163e3d2634a3
---
libavcodec/msrledec.c | 25 +++--
1 file changed, 11 insertions(+), 14 deletions(-)
diff --git a/libavcodec/msrledec.c b/libavcodec/msrledec.c
index 4d3da5b..deb6f86 100644
--- a/libavcodec/msrledec.c
+++ b/libavcodec/msrledec.c
@@ -37,16 +37,14 @@ static int msrle_decode_pal4(AVCodecContext *avctx,
AVPicture *pic,
unsigned char extra_byte, odd_pixel;
unsigned char stream_byte;
unsigned int pixel_ptr = 0;
-int row_dec = pic-linesize[0];
-int row_ptr = (avctx-height - 1) * row_dec;
-int frame_size = row_dec * avctx-height;
+int line = avctx-height - 1;
int i;
-while (row_ptr = 0) {
+while (line = 0 pixel_ptr = avctx-width) {
if (bytestream2_get_bytes_left(gb) = 0) {
av_log(avctx, AV_LOG_ERROR,
- MS RLE: bytestream overrun, %d rows left\n,
- row_ptr);
+ MS RLE: bytestream overrun, %dx%d left\n,
+ avctx-width - pixel_ptr, line);
return AVERROR_INVALIDDATA;
}
rle_code = stream_byte = bytestream2_get_byteu(gb);
@@ -55,7 +53,7 @@ static int msrle_decode_pal4(AVCodecContext *avctx, AVPicture
*pic,
stream_byte = bytestream2_get_byte(gb);
if (stream_byte == 0) {
/* line is done, goto the next one */
-row_ptr -= row_dec;
+line--;
pixel_ptr = 0;
} else if (stream_byte == 1) {
/* decode is done */
@@ -65,13 +63,12 @@ static int msrle_decode_pal4(AVCodecContext *avctx,
AVPicture *pic,
stream_byte = bytestream2_get_byte(gb);
pixel_ptr += stream_byte;
stream_byte = bytestream2_get_byte(gb);
-row_ptr -= stream_byte * row_dec;
} else {
// copy pixels from encoded stream
odd_pixel = stream_byte 1;
rle_code = (stream_byte + 1) / 2;
extra_byte = rle_code 0x01;
-if (row_ptr + pixel_ptr + stream_byte frame_size ||
+if (pixel_ptr + 2*rle_code - odd_pixel avctx-width ||
bytestream2_get_bytes_left(gb) rle_code) {
av_log(avctx, AV_LOG_ERROR,
MS RLE: frame/stream ptr just went out of bounds
(copy)\n);
@@ -82,13 +79,13 @@ static int msrle_decode_pal4(AVCodecContext *avctx,
AVPicture *pic,
if (pixel_ptr = avctx-width)
break;
stream_byte = bytestream2_get_byteu(gb);
-pic-data[0][row_ptr + pixel_ptr] = stream_byte 4;
+pic-data[0][line * pic-linesize[0] + pixel_ptr] =
stream_byte 4;
pixel_ptr++;
if (i + 1 == rle_code odd_pixel)
break;
if (pixel_ptr = avctx-width)
break;
-pic-data[0][row_ptr + pixel_ptr] = stream_byte 0x0F;
+pic-data[0][line * pic-linesize[0] + pixel_ptr] =
stream_byte 0x0F;
pixel_ptr++;
}
@@ -98,7 +95,7 @@ static int msrle_decode_pal4(AVCodecContext *avctx, AVPicture
*pic,
}
} else {
// decode a run of data
-if (row_ptr + pixel_ptr + stream_byte frame_size) {
+if (pixel_ptr + rle_code avctx-width + 1) {
av_log(avctx, AV_LOG_ERROR,
MS RLE: frame ptr just went out of bounds (run)\n);
return AVERROR_INVALIDDATA;
@@ -108,9 +105,9 @@ static int msrle_decode_pal4(AVCodecContext *avctx,
AVPicture *pic,
if (pixel_ptr = avctx-width)
break;
if ((i 1) == 0)
-pic-data[0][row_ptr + pixel_ptr] = stream_byte 4;
+pic-data[0][line * pic-linesize[0] + pixel_ptr] =
stream_byte 4;
else
-pic-data[0][row_ptr + pixel_ptr] = stream_byte 0x0F;
+pic-data[0][line * pic-linesize[0] + pixel_ptr] =
stream_byte 0x0F;
pixel_ptr++;
}
}
[FFmpeg-cvslog] avcodec/msrledec: restructure msrle_decode_pal4() based on the line number instead of the pixel pointer
ffmpeg | branch: master | Michael Niedermayer michae...@gmx.at | Tue Mar 24
15:50:12 2015 +0100| [f7e1367f58263593e6cee3c282f7277d7ee9d553] | committer:
Michael Niedermayer
avcodec/msrledec: restructure msrle_decode_pal4() based on the line number
instead of the pixel pointer
Fixes out of array access
Fixes:
da14e86d8462be6493eab16bc2d40f88/asan_heap-oob_204cfd2_528_cov_340150052_COMPRESS.BMP
Found-by: Mateusz j00ru Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer michae...@gmx.at
http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f7e1367f58263593e6cee3c282f7277d7ee9d553
---
libavcodec/msrledec.c | 25 +++--
1 file changed, 11 insertions(+), 14 deletions(-)
diff --git a/libavcodec/msrledec.c b/libavcodec/msrledec.c
index 4d3da5b..deb6f86 100644
--- a/libavcodec/msrledec.c
+++ b/libavcodec/msrledec.c
@@ -37,16 +37,14 @@ static int msrle_decode_pal4(AVCodecContext *avctx,
AVPicture *pic,
unsigned char extra_byte, odd_pixel;
unsigned char stream_byte;
unsigned int pixel_ptr = 0;
-int row_dec = pic-linesize[0];
-int row_ptr = (avctx-height - 1) * row_dec;
-int frame_size = row_dec * avctx-height;
+int line = avctx-height - 1;
int i;
-while (row_ptr = 0) {
+while (line = 0 pixel_ptr = avctx-width) {
if (bytestream2_get_bytes_left(gb) = 0) {
av_log(avctx, AV_LOG_ERROR,
- MS RLE: bytestream overrun, %d rows left\n,
- row_ptr);
+ MS RLE: bytestream overrun, %dx%d left\n,
+ avctx-width - pixel_ptr, line);
return AVERROR_INVALIDDATA;
}
rle_code = stream_byte = bytestream2_get_byteu(gb);
@@ -55,7 +53,7 @@ static int msrle_decode_pal4(AVCodecContext *avctx, AVPicture
*pic,
stream_byte = bytestream2_get_byte(gb);
if (stream_byte == 0) {
/* line is done, goto the next one */
-row_ptr -= row_dec;
+line--;
pixel_ptr = 0;
} else if (stream_byte == 1) {
/* decode is done */
@@ -65,13 +63,12 @@ static int msrle_decode_pal4(AVCodecContext *avctx,
AVPicture *pic,
stream_byte = bytestream2_get_byte(gb);
pixel_ptr += stream_byte;
stream_byte = bytestream2_get_byte(gb);
-row_ptr -= stream_byte * row_dec;
} else {
// copy pixels from encoded stream
odd_pixel = stream_byte 1;
rle_code = (stream_byte + 1) / 2;
extra_byte = rle_code 0x01;
-if (row_ptr + pixel_ptr + stream_byte frame_size ||
+if (pixel_ptr + 2*rle_code - odd_pixel avctx-width ||
bytestream2_get_bytes_left(gb) rle_code) {
av_log(avctx, AV_LOG_ERROR,
MS RLE: frame/stream ptr just went out of bounds
(copy)\n);
@@ -82,13 +79,13 @@ static int msrle_decode_pal4(AVCodecContext *avctx,
AVPicture *pic,
if (pixel_ptr = avctx-width)
break;
stream_byte = bytestream2_get_byteu(gb);
-pic-data[0][row_ptr + pixel_ptr] = stream_byte 4;
+pic-data[0][line * pic-linesize[0] + pixel_ptr] =
stream_byte 4;
pixel_ptr++;
if (i + 1 == rle_code odd_pixel)
break;
if (pixel_ptr = avctx-width)
break;
-pic-data[0][row_ptr + pixel_ptr] = stream_byte 0x0F;
+pic-data[0][line * pic-linesize[0] + pixel_ptr] =
stream_byte 0x0F;
pixel_ptr++;
}
@@ -98,7 +95,7 @@ static int msrle_decode_pal4(AVCodecContext *avctx, AVPicture
*pic,
}
} else {
// decode a run of data
-if (row_ptr + pixel_ptr + stream_byte frame_size) {
+if (pixel_ptr + rle_code avctx-width + 1) {
av_log(avctx, AV_LOG_ERROR,
MS RLE: frame ptr just went out of bounds (run)\n);
return AVERROR_INVALIDDATA;
@@ -108,9 +105,9 @@ static int msrle_decode_pal4(AVCodecContext *avctx,
AVPicture *pic,
if (pixel_ptr = avctx-width)
break;
if ((i 1) == 0)
-pic-data[0][row_ptr + pixel_ptr] = stream_byte 4;
+pic-data[0][line * pic-linesize[0] + pixel_ptr] =
stream_byte 4;
else
-pic-data[0][row_ptr + pixel_ptr] = stream_byte 0x0F;
+pic-data[0][line * pic-linesize[0] + pixel_ptr] =
stream_byte 0x0F;
pixel_ptr++;
}
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
