annotate h263_parser.c @ 12381:2ba9068e748d libavcodec

Fix buffer overrun if idx is negative (it can be down to -23>>4), by prepending two padding zeroes before it. Should fix fate failures on openBSD and crashes on MacOSX (that I cannot reproduce).
author rbultje
date Mon, 09 Aug 2010 13:54:59 +0000
parents 7dd2a45249a9
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4938
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
1 /*
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
2 * H.263 parser
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
3 * Copyright (c) 2002-2004 Michael Niedermayer <michaelni@gmx.at>
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
4 *
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
5 * This file is part of FFmpeg.
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
6 *
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
7 * FFmpeg is free software; you can redistribute it and/or
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
8 * modify it under the terms of the GNU Lesser General Public
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
9 * License as published by the Free Software Foundation; either
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
10 * version 2.1 of the License, or (at your option) any later version.
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
11 *
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
12 * FFmpeg is distributed in the hope that it will be useful,
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
15 * Lesser General Public License for more details.
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
16 *
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
17 * You should have received a copy of the GNU Lesser General Public
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
18 * License along with FFmpeg; if not, write to the Free Software
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
20 */
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
21
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
22 /**
11644
7dd2a45249a9 Remove explicit filename from Doxygen @file commands.
diego
parents: 11313
diff changeset
23 * @file
4938
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
24 * H.263 parser
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
25 */
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
26
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
27 #include "parser.h"
11313
367119ffda3f Include h263_parser.h: It contains the prototype for
cehoyos
parents: 8718
diff changeset
28 #include "h263_parser.h"
4938
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
29
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
30 int ff_h263_find_frame_end(ParseContext *pc, const uint8_t *buf, int buf_size){
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
31 int vop_found, i;
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
32 uint32_t state;
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
33
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
34 vop_found= pc->frame_start_found;
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
35 state= pc->state;
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
36
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
37 i=0;
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
38 if(!vop_found){
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
39 for(i=0; i<buf_size; i++){
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
40 state= (state<<8) | buf[i];
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
41 if(state>>(32-22) == 0x20){
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
42 i++;
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
43 vop_found=1;
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
44 break;
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
45 }
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
46 }
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
47 }
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
48
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
49 if(vop_found){
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
50 for(; i<buf_size; i++){
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
51 state= (state<<8) | buf[i];
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
52 if(state>>(32-22) == 0x20){
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
53 pc->frame_start_found=0;
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
54 pc->state=-1;
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
55 return i-3;
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
56 }
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
57 }
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
58 }
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
59 pc->frame_start_found= vop_found;
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
60 pc->state= state;
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
61
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
62 return END_NOT_FOUND;
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
63 }
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
64
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
65 static int h263_parse(AVCodecParserContext *s,
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
66 AVCodecContext *avctx,
5156
387979b83884 correct type for h263_parse()
mru
parents: 4938
diff changeset
67 const uint8_t **poutbuf, int *poutbuf_size,
4938
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
68 const uint8_t *buf, int buf_size)
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
69 {
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
70 ParseContext *pc = s->priv_data;
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
71 int next;
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
72
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
73 next= ff_h263_find_frame_end(pc, buf, buf_size);
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
74
5258
4372aeade5dc trivial warning fixes
mru
parents: 5156
diff changeset
75 if (ff_combine_frame(pc, next, &buf, &buf_size) < 0) {
4938
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
76 *poutbuf = NULL;
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
77 *poutbuf_size = 0;
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
78 return buf_size;
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
79 }
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
80
6305
4bc09f4a0885 don't cast const away
aurel
parents: 5258
diff changeset
81 *poutbuf = buf;
4938
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
82 *poutbuf_size = buf_size;
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
83 return next;
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
84 }
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
85
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
86 AVCodecParser h263_parser = {
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
87 { CODEC_ID_H263 },
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
88 sizeof(ParseContext),
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
89 NULL,
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
90 h263_parse,
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
91 ff_parse_close,
ee6c1ce06470 Move H.263 parser to its own file.
diego
parents:
diff changeset
92 };