Mercurial > libavformat.hg
comparison avidec.c @ 3157:27c5bc69a1f9 libavformat
One non functional AVPalette chunk less, one heap overflow less.
Fixes playback of CIMOVI01.avi.
| author | michael |
|---|---|
| date | Thu, 20 Mar 2008 16:29:18 +0000 |
| parents | 2b9c6bfc04a5 |
| children | f5ee8f2afc83 |
comparison
equal
deleted
inserted
replaced
| 3156:487b1979f195 | 3157:27c5bc69a1f9 |
|---|---|
| 41 | 41 |
| 42 int64_t cum_len; /* temporary storage (used during seek) */ | 42 int64_t cum_len; /* temporary storage (used during seek) */ |
| 43 | 43 |
| 44 int prefix; ///< normally 'd'<<8 + 'c' or 'w'<<8 + 'b' | 44 int prefix; ///< normally 'd'<<8 + 'c' or 'w'<<8 + 'b' |
| 45 int prefix_count; | 45 int prefix_count; |
| 46 uint32_t pal[256]; | |
| 47 int has_pal; | |
| 46 } AVIStream; | 48 } AVIStream; |
| 47 | 49 |
| 48 typedef struct { | 50 typedef struct { |
| 49 int64_t riff_end; | 51 int64_t riff_end; |
| 50 int64_t movi_end; | 52 int64_t movi_end; |
| 682 | 684 |
| 683 if(size > ast->remaining) | 685 if(size > ast->remaining) |
| 684 size= ast->remaining; | 686 size= ast->remaining; |
| 685 av_get_packet(pb, pkt, size); | 687 av_get_packet(pb, pkt, size); |
| 686 | 688 |
| 689 if(ast->has_pal && pkt->data && pkt->size<(unsigned)INT_MAX/2){ | |
| 690 ast->has_pal=0; | |
| 691 pkt->size += 4*256; | |
| 692 pkt->data = av_realloc(pkt->data, pkt->size + FF_INPUT_BUFFER_PADDING_SIZE); | |
| 693 if(pkt->data) | |
| 694 memcpy(pkt->data + pkt->size - 4*256, ast->pal, 4*256); | |
| 695 } | |
| 696 | |
| 687 if (ENABLE_DV_DEMUXER && avi->dv_demux) { | 697 if (ENABLE_DV_DEMUXER && avi->dv_demux) { |
| 688 dstr = pkt->destruct; | 698 dstr = pkt->destruct; |
| 689 size = dv_produce_packet(avi->dv_demux, pkt, | 699 size = dv_produce_packet(avi->dv_demux, pkt, |
| 690 pkt->data, pkt->size); | 700 pkt->data, pkt->size); |
| 691 pkt->destruct = dstr; | 701 pkt->destruct = dstr; |
| 779 else ast->frame_offset++; | 789 else ast->frame_offset++; |
| 780 url_fskip(pb, size); | 790 url_fskip(pb, size); |
| 781 goto resync; | 791 goto resync; |
| 782 } | 792 } |
| 783 | 793 |
| 794 if (d[2] == 'p' && d[3] == 'c' && size<=4*256+4) { | |
| 795 int k = get_byte(pb); | |
| 796 int last = (k + get_byte(pb) - 1) & 0xFF; | |
| 797 | |
| 798 get_le16(pb); //flags | |
| 799 | |
| 800 for (; k <= last; k++) | |
| 801 ast->pal[k] = get_be32(pb)>>8;// b + (g << 8) + (r << 16); | |
| 802 ast->has_pal= 1; | |
| 803 goto resync; | |
| 804 } else | |
| 784 if( ((ast->prefix_count<5 || sync+9 > i) && d[2]<128 && d[3]<128) || | 805 if( ((ast->prefix_count<5 || sync+9 > i) && d[2]<128 && d[3]<128) || |
| 785 d[2]*256+d[3] == ast->prefix /*|| | 806 d[2]*256+d[3] == ast->prefix /*|| |
| 786 (d[2] == 'd' && d[3] == 'c') || | 807 (d[2] == 'd' && d[3] == 'c') || |
| 787 (d[2] == 'w' && d[3] == 'b')*/) { | 808 (d[2] == 'w' && d[3] == 'b')*/) { |
| 788 | 809 |
| 805 } | 826 } |
| 806 } | 827 } |
| 807 goto resync; | 828 goto resync; |
| 808 } | 829 } |
| 809 } | 830 } |
| 810 /* palette changed chunk */ | |
| 811 if ( d[0] >= '0' && d[0] <= '9' | |
| 812 && d[1] >= '0' && d[1] <= '9' | |
| 813 && ((d[2] == 'p' && d[3] == 'c')) | |
| 814 && n < s->nb_streams && i + size <= avi->fsize) { | |
| 815 | |
| 816 AVStream *st; | |
| 817 int first, clr, flags, k, p; | |
| 818 | |
| 819 st = s->streams[n]; | |
| 820 | |
| 821 first = get_byte(pb); | |
| 822 clr = get_byte(pb); | |
| 823 if(!clr) /* all 256 colors used */ | |
| 824 clr = 256; | |
| 825 flags = get_le16(pb); | |
| 826 p = 4; | |
| 827 for (k = first; k < clr + first; k++) { | |
| 828 int r, g, b; | |
| 829 r = get_byte(pb); | |
| 830 g = get_byte(pb); | |
| 831 b = get_byte(pb); | |
| 832 get_byte(pb); | |
| 833 st->codec->palctrl->palette[k] = b + (g << 8) + (r << 16); | |
| 834 } | |
| 835 st->codec->palctrl->palette_changed = 1; | |
| 836 goto resync; | |
| 837 } | |
| 838 | |
| 839 } | 831 } |
| 840 | 832 |
| 841 return -1; | 833 return -1; |
| 842 } | 834 } |
| 843 | 835 |