Mercurial > libavcodec.hg
comparison pnm.c @ 2422:18b8b2dcc037 libavcodec
various security fixes and precautionary checks
| author | michael |
|---|---|
| date | Wed, 12 Jan 2005 00:16:25 +0000 |
| parents | f7f4f06a55c9 |
| children | f67b63ed036d |
comparison
equal
deleted
inserted
replaced
| 2421:e326490f58c4 | 2422:18b8b2dcc037 |
|---|---|
| 107 } else { | 107 } else { |
| 108 return -1; | 108 return -1; |
| 109 } | 109 } |
| 110 } | 110 } |
| 111 /* check that all tags are present */ | 111 /* check that all tags are present */ |
| 112 if (w <= 0 || h <= 0 || maxval <= 0 || depth <= 0 || tuple_type[0] == '\0') | 112 if (w <= 0 || h <= 0 || maxval <= 0 || depth <= 0 || tuple_type[0] == '\0' || avcodec_check_dimensions(avctx, w, h)) |
| 113 return -1; | 113 return -1; |
| 114 | |
| 114 avctx->width = w; | 115 avctx->width = w; |
| 115 avctx->height = h; | 116 avctx->height = h; |
| 116 if (depth == 1) { | 117 if (depth == 1) { |
| 117 if (maxval == 1) | 118 if (maxval == 1) |
| 118 avctx->pix_fmt = PIX_FMT_MONOWHITE; | 119 avctx->pix_fmt = PIX_FMT_MONOWHITE; |
| 133 avctx->width = atoi(buf1); | 134 avctx->width = atoi(buf1); |
| 134 if (avctx->width <= 0) | 135 if (avctx->width <= 0) |
| 135 return -1; | 136 return -1; |
| 136 pnm_get(s, buf1, sizeof(buf1)); | 137 pnm_get(s, buf1, sizeof(buf1)); |
| 137 avctx->height = atoi(buf1); | 138 avctx->height = atoi(buf1); |
| 138 if (avctx->height <= 0) | 139 if(avcodec_check_dimensions(avctx, avctx->width, avctx->height)) |
| 139 return -1; | 140 return -1; |
| 140 if (avctx->pix_fmt != PIX_FMT_MONOWHITE) { | 141 if (avctx->pix_fmt != PIX_FMT_MONOWHITE) { |
| 141 pnm_get(s, buf1, sizeof(buf1)); | 142 pnm_get(s, buf1, sizeof(buf1)); |
| 142 } | 143 } |
| 143 | 144 |
| 262 AVFrame *pict = data; | 263 AVFrame *pict = data; |
| 263 AVFrame * const p= (AVFrame*)&s->picture; | 264 AVFrame * const p= (AVFrame*)&s->picture; |
| 264 int i, h, h1, c, n, linesize; | 265 int i, h, h1, c, n, linesize; |
| 265 uint8_t *ptr, *ptr1, *ptr2; | 266 uint8_t *ptr, *ptr1, *ptr2; |
| 266 | 267 |
| 268 if(buf_size < avpicture_get_size(avctx->pix_fmt, avctx->width, avctx->height) + 200){ | |
| 269 av_log(avctx, AV_LOG_ERROR, "encoded frame too large\n"); | |
| 270 return -1; | |
| 271 } | |
| 272 | |
| 267 *p = *pict; | 273 *p = *pict; |
| 268 p->pict_type= FF_I_TYPE; | 274 p->pict_type= FF_I_TYPE; |
| 269 p->key_frame= 1; | 275 p->key_frame= 1; |
| 270 | 276 |
| 271 s->bytestream_start= | 277 s->bytestream_start= |
| 336 AVFrame * const p= (AVFrame*)&s->picture; | 342 AVFrame * const p= (AVFrame*)&s->picture; |
| 337 int i, h, w, n, linesize, depth, maxval; | 343 int i, h, w, n, linesize, depth, maxval; |
| 338 const char *tuple_type; | 344 const char *tuple_type; |
| 339 uint8_t *ptr; | 345 uint8_t *ptr; |
| 340 | 346 |
| 347 if(buf_size < avpicture_get_size(avctx->pix_fmt, avctx->width, avctx->height) + 200){ | |
| 348 av_log(avctx, AV_LOG_ERROR, "encoded frame too large\n"); | |
| 349 return -1; | |
| 350 } | |
| 351 | |
| 341 *p = *pict; | 352 *p = *pict; |
| 342 p->pict_type= FF_I_TYPE; | 353 p->pict_type= FF_I_TYPE; |
| 343 p->key_frame= 1; | 354 p->key_frame= 1; |
| 344 | 355 |
| 345 s->bytestream_start= | 356 s->bytestream_start= |