Merge commit '221402c1c88b9d12130c6f5834029b535ee0e0c5'
authorClément Bœsch <u@pkh.me>
Sun, 19 Mar 2017 16:54:08 +0000 (17:54 +0100)
committerClément Bœsch <u@pkh.me>
Sun, 19 Mar 2017 16:55:06 +0000 (17:55 +0100)
* commit '221402c1c88b9d12130c6f5834029b535ee0e0c5':
  pcx: check that the packet is large enough before reading the header

See 8cd1c0febe88b757e915e9af15559575c21ca728

Merged-by: Clément Bœsch <u@pkh.me>
1  2 
libavcodec/pcx.c

  #include "get_bits.h"
  #include "internal.h"
  
 -/**
 - * @return advanced src pointer
 - */
 -static const uint8_t *pcx_rle_decode(const uint8_t *src,
 -                                     const uint8_t *end,
 -                                     uint8_t *dst,
 -                                     unsigned int bytes_per_scanline,
 -                                     int compressed)
+ #define PCX_HEADER_SIZE 128
 +static void pcx_rle_decode(GetByteContext *gb,
 +                           uint8_t *dst,
 +                           unsigned int bytes_per_scanline,
 +                           int compressed)
  {
      unsigned int i = 0;
      unsigned char run, value;
@@@ -66,20 -75,24 +68,22 @@@ static void pcx_palette(GetByteContext 
  static int pcx_decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
                              AVPacket *avpkt)
  {
 -    const uint8_t *buf = avpkt->data;
 -    int buf_size       = avpkt->size;
 -    AVFrame *const p   = data;
 +    GetByteContext gb;
 +    AVFrame * const p  = data;
      int compressed, xmin, ymin, xmax, ymax;
 +    int ret;
      unsigned int w, h, bits_per_pixel, bytes_per_line, nplanes, stride, y, x,
                   bytes_per_scanline;
 -    uint8_t *ptr;
 -    const uint8_t *buf_end = buf + buf_size;
 -    const uint8_t *bufstart = buf;
 -    uint8_t *scanline;
 -    int ret = -1;
 +    uint8_t *ptr, *scanline;
  
-     if (avpkt->size < 128)
 -    if (buf_size < PCX_HEADER_SIZE) {
++    if (avpkt->size < PCX_HEADER_SIZE) {
+         av_log(avctx, AV_LOG_ERROR, "Packet too small\n");
          return AVERROR_INVALIDDATA;
+     }
  
 -    if (buf[0] != 0x0a || buf[1] > 5) {
 +    bytestream2_init(&gb, avpkt->data, avpkt->size);
 +
 +    if (bytestream2_get_byteu(&gb) != 0x0a || bytestream2_get_byteu(&gb) > 5) {
          av_log(avctx, AV_LOG_ERROR, "this is not PCX encoded data\n");
          return AVERROR_INVALIDDATA;
      }