Mercurial > libavcodec.hg

comparison gifdec.c @ 4718:9962405d2d18 libavcodec

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
add some length checks
author bcoudurier
date Sat, 24 Mar 2007 23:57:42 +0000
parents dd9ad0da0a51
children 524ef62965bf
comparison
equal deleted inserted replaced
4717:dd9ad0da0a51 4718:9962405d2d18
46 /* delay during which the frame is shown */ 46 /* delay during which the frame is shown */
47 int gce_delay; 47 int gce_delay;
48 48
49 /* LZW compatible decoder */ 49 /* LZW compatible decoder */
50 uint8_t *bytestream; 50 uint8_t *bytestream;
51 uint8_t *bytestream_end;
51 LZWState *lzw; 52 LZWState *lzw;
52 53
53 /* aux buffers */ 54 /* aux buffers */
54 uint8_t global_palette[256 * 3]; 55 uint8_t global_palette[256 * 3];
55 uint8_t local_palette[256 * 3]; 56 uint8_t local_palette[256 * 3];
207 { 208 {
208 uint8_t sig[6]; 209 uint8_t sig[6];
209 int v, n; 210 int v, n;
210 int has_global_palette; 211 int has_global_palette;
211 212
213 if (s->bytestream_end < s->bytestream + 13)
214 return -1;
215
212 /* read gif signature */ 216 /* read gif signature */
213 bytestream_get_buffer(&s->bytestream, sig, 6); 217 bytestream_get_buffer(&s->bytestream, sig, 6);
214 if (memcmp(sig, gif87a_sig, 6) != 0 && 218 if (memcmp(sig, gif87a_sig, 6) != 0 &&
215 memcmp(sig, gif89a_sig, 6) != 0) 219 memcmp(sig, gif89a_sig, 6) != 0)
216 return -1; 220 return -1;
236 s->screen_width, s->screen_height, s->bits_per_pixel, 240 s->screen_width, s->screen_height, s->bits_per_pixel,
237 has_global_palette); 241 has_global_palette);
238 #endif 242 #endif
239 if (has_global_palette) { 243 if (has_global_palette) {
240 n = 1 << s->bits_per_pixel; 244 n = 1 << s->bits_per_pixel;
245 if (s->bytestream_end < s->bytestream + n * 3)
246 return -1;
241 bytestream_get_buffer(&s->bytestream, s->global_palette, n * 3); 247 bytestream_get_buffer(&s->bytestream, s->global_palette, n * 3);
242 } 248 }
243 return 0; 249 return 0;
244 } 250 }
245 251
246 static int gif_parse_next_image(GifState *s) 252 static int gif_parse_next_image(GifState *s)
247 { 253 {
248 for (;;) { 254 while (s->bytestream < s->bytestream_end) {
249 int code = bytestream_get_byte(&s->bytestream); 255 int code = bytestream_get_byte(&s->bytestream);
250 #ifdef DEBUG 256 #ifdef DEBUG
251 dprintf(s->avctx, "gif: code=%02x '%c'\n", code, code); 257 dprintf(s->avctx, "gif: code=%02x '%c'\n", code, code);
252 #endif 258 #endif
253 switch (code) { 259 switch (code) {
287 GifState *s = avctx->priv_data; 293 GifState *s = avctx->priv_data;
288 AVFrame *picture = data; 294 AVFrame *picture = data;
289 int ret; 295 int ret;
290 296
291 s->bytestream = buf; 297 s->bytestream = buf;
298 s->bytestream_end = buf + buf_size;
292 if (gif_read_header1(s) < 0) 299 if (gif_read_header1(s) < 0)
293 return -1; 300 return -1;
294 301
295 avctx->pix_fmt = PIX_FMT_PAL8; 302 avctx->pix_fmt = PIX_FMT_PAL8;
296 if (avcodec_check_dimensions(avctx, s->screen_width, s->screen_height)) 303 if (avcodec_check_dimensions(avctx, s->screen_width, s->screen_height))