[FFmpeg-cvslog] Revert "4xm: Prevent buffer overreads."
Ronald S. Bultje
git at videolan.org
Fri Jan 6 02:53:06 CET 2012
ffmpeg | branch: master | Ronald S. Bultje <rsbultje at gmail.com> | Wed Jan 4 21:27:31 2012 -0800| [3fa646e8590cf86d3006e76047daa255a7ecc3f7] | committer: Ronald S. Bultje
Revert "4xm: Prevent buffer overreads."
This reverts commit 295a7c0238e84b0ffa8f21ed938d45f51f54a4cd. The
patch breaks decoding of regular files (e.g. fate-4xm-2).
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3fa646e8590cf86d3006e76047daa255a7ecc3f7
---
libavcodec/4xm.c | 14 +++-----------
1 files changed, 3 insertions(+), 11 deletions(-)
diff --git a/libavcodec/4xm.c b/libavcodec/4xm.c
index d16c232..cfb8279 100644
--- a/libavcodec/4xm.c
+++ b/libavcodec/4xm.c
@@ -614,24 +614,16 @@ static int decode_i2_frame(FourXContext *f, const uint8_t *buf, int length){
int x, y, x2, y2;
const int width= f->avctx->width;
const int height= f->avctx->height;
- const int mbs = FFALIGN(width, 16) * FFALIGN(height, 16);
uint16_t *dst= (uint16_t*)f->current_picture.data[0];
const int stride= f->current_picture.linesize[0]>>1;
- GetByteContext g3;
-
- if(length < mbs * 8) {
- av_log(f->avctx, AV_LOG_ERROR, "packet size too small\n");
- return AVERROR_INVALIDDATA;
- }
- bytestream2_init(&g3, buf, length);
for(y=0; y<height; y+=16){
for(x=0; x<width; x+=16){
unsigned int color[4], bits;
memset(color, 0, sizeof(color));
//warning following is purely guessed ...
- color[0]= bytestream2_get_le16u(&g3);
- color[1]= bytestream2_get_le16u(&g3);
+ color[0]= bytestream_get_le16(&buf);
+ color[1]= bytestream_get_le16(&buf);
if(color[0]&0x8000) av_log(NULL, AV_LOG_ERROR, "unk bit 1\n");
if(color[1]&0x8000) av_log(NULL, AV_LOG_ERROR, "unk bit 2\n");
@@ -639,7 +631,7 @@ static int decode_i2_frame(FourXContext *f, const uint8_t *buf, int length){
color[2]= mix(color[0], color[1]);
color[3]= mix(color[1], color[0]);
- bits= bytestream2_get_le32u(&g3);
+ bits= bytestream_get_le32(&buf);
for(y2=0; y2<16; y2++){
for(x2=0; x2<16; x2++){
int index= 2*(x2>>2) + 8*(y2>>2);
More information about the ffmpeg-cvslog
mailing list