summaryrefslogtreecommitdiff
path: root/libavformat/avidec.c
diff options
context:
space:
mode:
authorMichael Niedermayer <michaelni@gmx.at>2008-03-20 16:29:18 +0000
committerMichael Niedermayer <michaelni@gmx.at>2008-03-20 16:29:18 +0000
commitb7c407449b45481cae79dfa74075c9067d559081 (patch)
treed0ce6e818274051a243f06953e49c33e5ab9bfaa /libavformat/avidec.c
parenteb61405a077744778e763c1b49dee8715547d6bd (diff)
downloadffmpeg-b7c407449b45481cae79dfa74075c9067d559081.tar.gz
One non functional AVPalette chunk less, one heap overflow less.
Fixes playback of CIMOVI01.avi. Originally committed as revision 12517 to svn://svn.ffmpeg.org/ffmpeg/trunk
Diffstat (limited to 'libavformat/avidec.c')
-rw-r--r--libavformat/avidec.c50
1 files changed, 21 insertions, 29 deletions
diff --git a/libavformat/avidec.c b/libavformat/avidec.c
index 7634a95e9d..fdd796c55a 100644
--- a/libavformat/avidec.c
+++ b/libavformat/avidec.c
@@ -43,6 +43,8 @@ typedef struct AVIStream {
int prefix; ///< normally 'd'<<8 + 'c' or 'w'<<8 + 'b'
int prefix_count;
+ uint32_t pal[256];
+ int has_pal;
} AVIStream;
typedef struct {
@@ -684,6 +686,14 @@ resync:
size= ast->remaining;
av_get_packet(pb, pkt, size);
+ if(ast->has_pal && pkt->data && pkt->size<(unsigned)INT_MAX/2){
+ ast->has_pal=0;
+ pkt->size += 4*256;
+ pkt->data = av_realloc(pkt->data, pkt->size + FF_INPUT_BUFFER_PADDING_SIZE);
+ if(pkt->data)
+ memcpy(pkt->data + pkt->size - 4*256, ast->pal, 4*256);
+ }
+
if (ENABLE_DV_DEMUXER && avi->dv_demux) {
dstr = pkt->destruct;
size = dv_produce_packet(avi->dv_demux, pkt,
@@ -781,6 +791,17 @@ resync:
goto resync;
}
+ if (d[2] == 'p' && d[3] == 'c' && size<=4*256+4) {
+ int k = get_byte(pb);
+ int last = (k + get_byte(pb) - 1) & 0xFF;
+
+ get_le16(pb); //flags
+
+ for (; k <= last; k++)
+ ast->pal[k] = get_be32(pb)>>8;// b + (g << 8) + (r << 16);
+ ast->has_pal= 1;
+ goto resync;
+ } else
if( ((ast->prefix_count<5 || sync+9 > i) && d[2]<128 && d[3]<128) ||
d[2]*256+d[3] == ast->prefix /*||
(d[2] == 'd' && d[3] == 'c') ||
@@ -807,35 +828,6 @@ resync:
goto resync;
}
}
- /* palette changed chunk */
- if ( d[0] >= '0' && d[0] <= '9'
- && d[1] >= '0' && d[1] <= '9'
- && ((d[2] == 'p' && d[3] == 'c'))
- && n < s->nb_streams && i + size <= avi->fsize) {
-
- AVStream *st;
- int first, clr, flags, k, p;
-
- st = s->streams[n];
-
- first = get_byte(pb);
- clr = get_byte(pb);
- if(!clr) /* all 256 colors used */
- clr = 256;
- flags = get_le16(pb);
- p = 4;
- for (k = first; k < clr + first; k++) {
- int r, g, b;
- r = get_byte(pb);
- g = get_byte(pb);
- b = get_byte(pb);
- get_byte(pb);
- st->codec->palctrl->palette[k] = b + (g << 8) + (r << 16);
- }
- st->codec->palctrl->palette_changed = 1;
- goto resync;
- }
-
}
return -1;