Mercurial > libavformat.hg

changeset 1406:c7d4c4279fb7 libavformat

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
avoid crashing when trying to parse invalid files, patch by Andreas Oman, andreas at olebyn dot nu
author bcoudurier
date Sat, 21 Oct 2006 11:17:39 +0000
parents f88bcfcc2f50
children fb4bf3858f77
files tiertexseq.c
diffstat 1 files changed, 7 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/tiertexseq.c	Sat Oct 21 11:08:39 2006 +0000
+++ b/tiertexseq.c	Sat Oct 21 11:17:39 2006 +0000
@@ -122,7 +122,7 @@
 {
     unsigned int offset_table[4], buffer_num[4];
     TiertexSeqFrameBuffer *seq_buffer;
-    int i, e;
+    int i, e, err;
 
     seq->current_frame_offs += SEQ_FRAME_SIZE;
     url_fseek(pb, seq->current_frame_offs, SEEK_SET);
@@ -153,13 +153,18 @@
     for (i = 0; i < 3; i++) {
         if (offset_table[i] != 0) {
             for (e = i + 1; e < 4 && offset_table[e] == 0; e++);
-            seq_fill_buffer(seq, pb, buffer_num[1 + i],
+            err = seq_fill_buffer(seq, pb, buffer_num[1 + i],
               offset_table[i],
               offset_table[e] - offset_table[i]);
+            if (err != 0)
+                return err;
         }
     }
 
     if (buffer_num[0] != 255) {
+        if (buffer_num[0] >= SEQ_NUM_FRAME_BUFFERS)
+            return AVERROR_INVALIDDATA;
+
         seq_buffer = &seq->frame_buffers[buffer_num[0]];
         seq->current_video_data_size = seq_buffer->fill_size;
         seq->current_video_data_ptr  = seq_buffer->data;