avcodec/rv10: check size of s->mb_width * s->mb_height
authorAndreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Mon, 2 Mar 2015 19:27:26 +0000 (20:27 +0100)
committerMichael Niedermayer <michaelni@gmx.at>
Tue, 3 Mar 2015 11:36:36 +0000 (12:36 +0100)
If it doesn't fit into 12 bits it triggers an assertion.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
libavcodec/mpegvideo.h
libavcodec/mpegvideo_enc.c
libavcodec/rv10enc.c

index 6215d237f2f16ea0676bc45ba95d21646f6b52a3..0be20241f3563c79a081f432357aa795eaba2c76 100644 (file)
@@ -879,7 +879,7 @@ extern const uint8_t ff_aic_dc_scale_table[32];
 extern const uint8_t ff_h263_chroma_qscale_table[32];
 
 /* rv10.c */
-void ff_rv10_encode_picture_header(MpegEncContext *s, int picture_number);
+int ff_rv10_encode_picture_header(MpegEncContext *s, int picture_number);
 int ff_rv_decode_dc(MpegEncContext *s, int n);
 void ff_rv20_encode_picture_header(MpegEncContext *s, int picture_number);
 
index 16f88aa85d0420ebd93e0556ad4383d3aa0120c1..847b1164b6ed535c08f9dd37033460aa84c522dd 100644 (file)
@@ -3706,8 +3706,11 @@ static int encode_picture(MpegEncContext *s, int picture_number)
             ff_msmpeg4_encode_picture_header(s, picture_number);
         else if (CONFIG_MPEG4_ENCODER && s->h263_pred)
             ff_mpeg4_encode_picture_header(s, picture_number);
-        else if (CONFIG_RV10_ENCODER && s->codec_id == AV_CODEC_ID_RV10)
-            ff_rv10_encode_picture_header(s, picture_number);
+        else if (CONFIG_RV10_ENCODER && s->codec_id == AV_CODEC_ID_RV10) {
+            ret = ff_rv10_encode_picture_header(s, picture_number);
+            if (ret < 0)
+                return ret;
+        }
         else if (CONFIG_RV20_ENCODER && s->codec_id == AV_CODEC_ID_RV20)
             ff_rv20_encode_picture_header(s, picture_number);
         else if (CONFIG_FLV_ENCODER && s->codec_id == AV_CODEC_ID_FLV1)
index 25411322a6632073c1a8ef13b766252a316494be..37efe6cca45d616e2f61caf30f0cd67b4cf2c52d 100644 (file)
@@ -28,7 +28,7 @@
 #include "mpegvideo.h"
 #include "put_bits.h"
 
-void ff_rv10_encode_picture_header(MpegEncContext *s, int picture_number)
+int ff_rv10_encode_picture_header(MpegEncContext *s, int picture_number)
 {
     int full_frame= 0;
 
@@ -48,12 +48,17 @@ void ff_rv10_encode_picture_header(MpegEncContext *s, int picture_number)
     /* if multiple packets per frame are sent, the position at which
        to display the macroblocks is coded here */
     if(!full_frame){
+        if (s->mb_width * s->mb_height >= (1U << 12)) {
+            avpriv_report_missing_feature(s, "Encoding frames with 4096 or more macroblocks");
+            return AVERROR(ENOSYS);
+        }
         put_bits(&s->pb, 6, 0); /* mb_x */
         put_bits(&s->pb, 6, 0); /* mb_y */
         put_bits(&s->pb, 12, s->mb_width * s->mb_height);
     }
 
     put_bits(&s->pb, 3, 0);     /* ignored */
+    return 0;
 }
 
 FF_MPV_GENERIC_CLASS(rv10)