Mercurial > libavcodec.hg
comparison snow.c @ 9370:25fa07ef8e2b libavcodec
Make sure the block array is of the correct size.
This might have been exploitable.
| author | michael |
|---|---|
| date | Thu, 09 Apr 2009 18:47:50 +0000 |
| parents | 539e18dfc86a |
| children | 6de6fb68621c |
comparison
equal
deleted
inserted
replaced
| 9369:539e18dfc86a | 9370:25fa07ef8e2b |
|---|---|
| 1624 int h= -((-s->avctx->height)>>LOG2_MB_SIZE); | 1624 int h= -((-s->avctx->height)>>LOG2_MB_SIZE); |
| 1625 | 1625 |
| 1626 s->b_width = w; | 1626 s->b_width = w; |
| 1627 s->b_height= h; | 1627 s->b_height= h; |
| 1628 | 1628 |
| 1629 av_free(s->block); | |
| 1629 s->block= av_mallocz(w * h * sizeof(BlockNode) << (s->block_max_depth*2)); | 1630 s->block= av_mallocz(w * h * sizeof(BlockNode) << (s->block_max_depth*2)); |
| 1630 return 0; | 1631 return 0; |
| 1631 } | 1632 } |
| 1632 | 1633 |
| 1633 static inline void copy_rac_state(RangeCoder *d, RangeCoder *s){ | 1634 static inline void copy_rac_state(RangeCoder *d, RangeCoder *s){ |
| 4515 p->fast_mc= p->diag_mc && p->htaps==6 && p->hcoeff[0]==40 | 4516 p->fast_mc= p->diag_mc && p->htaps==6 && p->hcoeff[0]==40 |
| 4516 && p->hcoeff[1]==-10 | 4517 && p->hcoeff[1]==-10 |
| 4517 && p->hcoeff[2]==2; | 4518 && p->hcoeff[2]==2; |
| 4518 } | 4519 } |
| 4519 | 4520 |
| 4520 if(!s->block) alloc_blocks(s); | 4521 alloc_blocks(s); |
| 4521 | 4522 |
| 4522 frame_start(s); | 4523 frame_start(s); |
| 4523 //keyframe flag duplication mess FIXME | 4524 //keyframe flag duplication mess FIXME |
| 4524 if(avctx->debug&FF_DEBUG_PICT_INFO) | 4525 if(avctx->debug&FF_DEBUG_PICT_INFO) |
| 4525 av_log(avctx, AV_LOG_ERROR, "keyframe:%d qlog:%d\n", s->keyframe, s->qlog); | 4526 av_log(avctx, AV_LOG_ERROR, "keyframe:%d qlog:%d\n", s->keyframe, s->qlog); |