[FFmpeg-cvslog] avcodec/rpza: Perform pointer advance and checks before using the pointers
Michael Niedermayer
git at videolan.org
Sun Aug 25 21:04:39 CEST 2013
ffmpeg | branch: release/1.2 | Michael Niedermayer <michaelni at gmx.at> | Thu Aug 22 01:07:32 2013 +0200| [9d8795e59814b8d2381ca51359cfe3f588f1ca0a] | committer: Michael Niedermayer
avcodec/rpza: Perform pointer advance and checks before using the pointers
Fixes out of array accesses
Fixes Ticket2850
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 3819db745da2ac7fb3faacb116788c32f4753f34)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9d8795e59814b8d2381ca51359cfe3f588f1ca0a
---
libavcodec/rpza.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/libavcodec/rpza.c b/libavcodec/rpza.c
index a5da967..1e15e8f 100644
--- a/libavcodec/rpza.c
+++ b/libavcodec/rpza.c
@@ -84,7 +84,7 @@ static void rpza_decode_stream(RpzaContext *s)
unsigned short *pixels = (unsigned short *)s->frame.data[0];
int row_ptr = 0;
- int pixel_ptr = 0;
+ int pixel_ptr = -4;
int block_ptr;
int pixel_x, pixel_y;
int total_blocks;
@@ -140,6 +140,7 @@ static void rpza_decode_stream(RpzaContext *s)
colorA = AV_RB16 (&s->buf[stream_ptr]);
stream_ptr += 2;
while (n_blocks--) {
+ ADVANCE_BLOCK()
block_ptr = row_ptr + pixel_ptr;
for (pixel_y = 0; pixel_y < 4; pixel_y++) {
for (pixel_x = 0; pixel_x < 4; pixel_x++){
@@ -148,7 +149,6 @@ static void rpza_decode_stream(RpzaContext *s)
}
block_ptr += row_inc;
}
- ADVANCE_BLOCK();
}
break;
@@ -187,6 +187,7 @@ static void rpza_decode_stream(RpzaContext *s)
if (s->size - stream_ptr < n_blocks * 4)
return;
while (n_blocks--) {
+ ADVANCE_BLOCK();
block_ptr = row_ptr + pixel_ptr;
for (pixel_y = 0; pixel_y < 4; pixel_y++) {
index = s->buf[stream_ptr++];
@@ -197,7 +198,6 @@ static void rpza_decode_stream(RpzaContext *s)
}
block_ptr += row_inc;
}
- ADVANCE_BLOCK();
}
break;
@@ -205,6 +205,7 @@ static void rpza_decode_stream(RpzaContext *s)
case 0x00:
if (s->size - stream_ptr < 16)
return;
+ ADVANCE_BLOCK();
block_ptr = row_ptr + pixel_ptr;
for (pixel_y = 0; pixel_y < 4; pixel_y++) {
for (pixel_x = 0; pixel_x < 4; pixel_x++){
@@ -218,7 +219,6 @@ static void rpza_decode_stream(RpzaContext *s)
}
block_ptr += row_inc;
}
- ADVANCE_BLOCK();
break;
/* Unknown opcode */
More information about the ffmpeg-cvslog
mailing list