[FFmpeg-devel] [PATCH] avcodec: add mvdv video decoder

Sun Nov 24 13:35:43 EET 2019

On 11/24/19, Tomas Härdin <tjoppen at acc.umu.se> wrote:
> sön 2019-11-24 klockan 11:12 +0100 skrev Paul B Mahol:
>> +static ptrdiff_t lzss_uncompress(MidiVidContext *s, GetByteContext *gb,
>> uint8_t *dst, int size)
>> +{
>> +    uint8_t *dst_start = dst;
>> +    uint8_t *dst_end = dst + size;
>> +
>> +    for (;bytestream2_get_bytes_left(gb) > 0;) {
>
> bytestream2_get_bytes_left(gb) >= 3 perhaps?

Changed.

>
>> +        int op = bytestream2_get_le16(gb);
>> +
>> +        for (int i = 0; i < 16; i++) {
>> +            if (op & 1) {
>> +                int s0 = bytestream2_get_byte(gb);
>> +                int s1 = bytestream2_get_byte(gb);
>> +                int offset = ((s0 & 0xF0) << 4) | s1;
>> +                int length = (s0 & 0xF) + 3;
>> +
>> +                if (dst + length >= dst_end ||
>
> Seems to be dst + length > dst_end should be enough

Changed.

>
>> +                    dst - offset < dst_start)
>> +                    return AVERROR_INVALIDDATA;
>> +                for (int j = 0; j < length; j++) {
>> +                    dst[j] = dst[j - offset];
>

> This is UB if offset == 0

Changed.

>
>> +                }
>> +                dst += length;
>> +            } else {
>> +                if (dst >= dst_end)
>> +                    return AVERROR_INVALIDDATA;
>> +                *dst++ = bytestream2_get_byte(gb);
>> +            }
>> +            op >>= 1;
>> +        }
>> +    }
>> +
>> +    return dst - dst_start;
>> +}
>> +
>> +static int decode_frame(AVCodecContext *avctx, void *data,
>> +                        int *got_frame, AVPacket *avpkt)
>> +{
>> +    MidiVidContext *s = avctx->priv_data;
>> +    GetByteContext *gb = &s->gb;
>> +    AVFrame *frame = s->frame;
>> +    int ret, key, uncompressed;
>> +
>> +    if (avpkt->size <= 13)
>> +        return AVERROR_INVALIDDATA;
>> +
>> +    bytestream2_init(gb, avpkt->data, avpkt->size);
>> +    bytestream2_skip(gb, 8);
>> +    uncompressed = bytestream2_get_le32(gb);
>> +
>> +    if ((ret = ff_reget_buffer(avctx, s->frame, 0)) < 0)
>> +        return ret;
>> +
>> +    if (uncompressed) {
>> +        ret = decode_mvdv(s, avctx, frame);
>> +    } else {
>> +        av_fast_padded_malloc(&s->uncompressed, &s->uncompressed_size,
>> 16LL * (avpkt->size - 12));
>
> Can avpkt->size be > LLONG_MAX/16+12 here?

No.

>
> /Tomas
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".