Mercurial > libavcodec.hg

comparison 4xm.c @ 3303:68721b62a528 libavcodec

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
sanity checks, some might have been exploitable ...
author michael
date Sat, 13 May 2006 10:45:26 +0000
parents 072dbc669253
children 1843a85123b7
comparison
equal deleted inserted replaced
3302:cb356bfc7e22 3303:68721b62a528
604 AVFrame *picture = data; 604 AVFrame *picture = data;
605 AVFrame *p, temp; 605 AVFrame *p, temp;
606 int i, frame_4cc, frame_size; 606 int i, frame_4cc, frame_size;
607 607
608 frame_4cc= get32(buf); 608 frame_4cc= get32(buf);
609 if(buf_size != get32(buf+4)+8){ 609 if(buf_size != get32(buf+4)+8 || buf_size < 20){
610 av_log(f->avctx, AV_LOG_ERROR, "size mismatch %d %d\n", buf_size, get32(buf+4)); 610 av_log(f->avctx, AV_LOG_ERROR, "size mismatch %d %d\n", buf_size, get32(buf+4));
611 } 611 }
612 612
613 if(frame_4cc == ff_get_fourcc("cfrm")){ 613 if(frame_4cc == ff_get_fourcc("cfrm")){
614 int free_index=-1; 614 int free_index=-1;
632 f->cfrm[i].id= id; 632 f->cfrm[i].id= id;
633 } 633 }
634 cfrm= &f->cfrm[i]; 634 cfrm= &f->cfrm[i];
635 635
636 cfrm->data= av_fast_realloc(cfrm->data, &cfrm->allocated_size, cfrm->size + data_size + FF_INPUT_BUFFER_PADDING_SIZE); 636 cfrm->data= av_fast_realloc(cfrm->data, &cfrm->allocated_size, cfrm->size + data_size + FF_INPUT_BUFFER_PADDING_SIZE);
637 if(!cfrm->data){ //explicit check needed as memcpy below might not catch a NULL
638 av_log(f->avctx, AV_LOG_ERROR, "realloc falure");
639 return -1;
640 }
637 641
638 memcpy(cfrm->data + cfrm->size, buf+20, data_size); 642 memcpy(cfrm->data + cfrm->size, buf+20, data_size);
639 cfrm->size += data_size; 643 cfrm->size += data_size;
640 644
641 if(cfrm->size >= whole_size){ 645 if(cfrm->size >= whole_size){