Mercurial > libavcodec.hg

changeset 5635:8ca682e4911d libavcodec

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fix segfault with dracula.4xm closes issue132
author michael
date Wed, 05 Sep 2007 01:14:17 +0000
parents 9960732c7d7b
children 20fc1ce6b106
files 4xm.c
diffstat 1 files changed, 10 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/4xm.c	Wed Sep 05 00:49:09 2007 +0000
+++ b/4xm.c	Wed Sep 05 01:14:17 2007 +0000
@@ -301,11 +301,17 @@
     const int index= size2index[log2h][log2w];
     const int h= 1<<log2h;
     int code= get_vlc2(&f->gb, block_type_vlc[1-f->version][index].table, BLOCK_TYPE_VLC_BITS, 1);
+    uint16_t *start= f->last_picture.data[0];
+    uint16_t *end= start + stride*(f->avctx->height-h+1) - (1<<log2w);
 
     assert(code>=0 && code<=6);
 
     if(code == 0){
         src += f->mv[ *f->bytestream++ ];
+        if(start > src || src > end){
+            av_log(f->avctx, AV_LOG_ERROR, "mv out of pic\n");
+            return;
+        }
         mcdc(dst, src, log2w, h, stride, 1, 0);
     }else if(code == 1){
         log2h--;
@@ -319,6 +325,10 @@
         mcdc(dst, src, log2w, h, stride, 1, 0);
     }else if(code == 4){
         src += f->mv[ *f->bytestream++ ];
+        if(start > src || src > end){
+            av_log(f->avctx, AV_LOG_ERROR, "mv out of pic\n");
+            return;
+        }
         mcdc(dst, src, log2w, h, stride, 1, le2me_16(*f->wordstream++));
     }else if(code == 5){
         mcdc(dst, src, log2w, h, stride, 0, le2me_16(*f->wordstream++));