[FFmpeg-devel] [PATCH] IFF PBM/ILBM decoder

Michael Niedermayer michaelni
Tue Feb 2 19:06:06 CET 2010


On Mon, Feb 01, 2010 at 11:33:30PM +1100, pross at xvid.org wrote:
> On Thu, Jan 28, 2010 at 09:06:43PM +0100, Michael Niedermayer wrote:
> > On Wed, Jan 27, 2010 at 10:46:14PM +1100, pross at xvid.org wrote:
> > > Hi, the war against Electronic Arts formats continues.
> > > 
> > > samples: /Mplayer/incoming/lbm
> > >          http://samples.mplayerhq.hu/image-samples/ASH.LBM
> > > 
> > > Some identing cleanup is required after applying this patch.
> > > 
> > > -- Peter
> > > (A907 E02F A6E5 0CD2 34CD 20D2 6760 79C5 AC40 DD6B)
> > 
> > [..]
> > [...]
> 
> > > +    for(y = 0; y < avctx->height ; y++ ) {
> > > +        uint8_t *row = &frame->data[0][ y*frame->linesize[0] ];
> > > +        if (avctx->codec_tag == MKTAG('I','L','B','M')) { //interleaved
> > > +            memset(row, 0, avctx->width);
> > > +            for (plane = 0; plane < avctx->bits_per_coded_sample; plane++) {
> > > +                for(x = 0; x < planewidth && buf < buf_end; ) {
> > > +                    char value = *buf++;
> > > +                    int length;
> > > +                    if (value >= 0) {
> > > +                        length = value + 1;
> > > +                        imemcpy(row, buf, x, avctx->bits_per_coded_sample, plane, FFMIN(length, buf_end-buf));
> > > +                        buf += length;
> > > +                    } else if (value > -128) {
> > > +                        length = -value + 1;
> > > +                        imemset(row, *buf++, x, avctx->bits_per_coded_sample, plane, length);
> > 
> > these look like they are missing output buffer size checks
> 
> Fixed.
> 
> -- Peter
> (A907 E02F A6E5 0CD2 34CD 20D2 6760 79C5 AC40 DD6B)

[...]
> +/**
> + * Convert CMAP buffer (stored in extradata) to lavc palette format
> + */
> +int ff_cmap_read_palette(AVCodecContext *avctx, uint32_t *pal)
> +{
> +    int i;
> +
> +    int count = 2 << (avctx->bits_per_coded_sample - 1);

2 << -1 ?
why not
1<< avctx->bits_per_coded_sample
?


> +    if (avctx->extradata_size < count * 3) {
> +        av_log(avctx, AV_LOG_ERROR, "palette data underflow\n");
> +        return AVERROR_INVALIDDATA;
> +    }
> +    for (i=0; i < count; i++) {
> +        pal[i] = AV_RB24( avctx->extradata + i*3 );
> +    }

what if count is bigger than 256 ?

also maybe testing the decoder & demuxer with a fuzzer would be a
good idea


[...]
> +static int decode_frame_ilbm(AVCodecContext *avctx,
> +                            void *data, int *data_size,
> +                            AVPacket *avpkt)
> +{
> +    AVFrame *frame = avctx->priv_data;
> +    const uint8_t *buf = avpkt->data;
> +    int buf_size = avpkt->size;
> +    int planewidth = avctx->width / avctx->bits_per_coded_sample;
> +    int y, plane;
> +
> +    if (avctx->reget_buffer(avctx, frame) < 0){
> +        av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n");
> +        return -1;
> +    }
> +
> +    if (buf_size < avctx->width * avctx->height) {
> +        av_log(avctx, AV_LOG_ERROR, "buffer underflow\n");
> +        return -1;
> +    }
> +
> +    for(y = 0; y < avctx->height; y++ ) {
> +        uint8_t *row = &frame->data[0][ y*frame->linesize[0] ];
> +        memset(row, 0, avctx->width);
> +        for (plane = 0; plane < avctx->bits_per_coded_sample; plane++) {
> +            imemcpy(row, buf, 0, avctx->bits_per_coded_sample, plane, planewidth);
> +            buf += planewidth;
> +        }

can this write outside the array if bits_per_coded_sample is > 8 ?

except these id say your patch is ok

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Concerning the gods, I have no means of knowing whether they exist or not
or of what sort they may be, because of the obscurity of the subject, and
the brevity of human life -- Protagoras
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20100202/ce3d0d5f/attachment.pgp>



More information about the ffmpeg-devel mailing list