From 388a221a8ba6f550e8c3a2f8a10e6162d1ce6616 Mon Sep 17 00:00:00 2001
From: Paul B Mahol <onemda@gmail.com>
Date: Thu, 13 Feb 2020 10:11:20 +0100
Subject: [PATCH] avcodec/midivid: improve decoding of widths not multiple of
 32

---
 libavcodec/midivid.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/libavcodec/midivid.c b/libavcodec/midivid.c
index 8d4c3b369e..afa394fca5 100644
--- a/libavcodec/midivid.c
+++ b/libavcodec/midivid.c
@@ -59,16 +59,17 @@ static int decode_mvdv(MidiVidContext *s, AVCodecContext *avctx, AVFrame *frame)
     uint32_t nb_blocks;
 
     nb_vectors = bytestream2_get_le16(gb);
-    intra_flag = bytestream2_get_le16(gb);
+    intra_flag = !!bytestream2_get_le16(gb);
     if (intra_flag) {
         nb_blocks = (avctx->width / 2) * (avctx->height / 2);
     } else {
-        int ret, skip_linesize;
+        int ret, skip_linesize, padding;
 
         nb_blocks = bytestream2_get_le32(gb);
         skip_linesize = avctx->width >> 1;
         mask_start = gb->buffer_start + bytestream2_tell(gb);
-        mask_size = (avctx->width >> 5) * (avctx->height >> 2);
+        mask_size = (FFALIGN(avctx->width, 32) >> 2) * (avctx->height >> 2) >> 3;
+        padding = (FFALIGN(avctx->width, 32) - avctx->width) >> 2;
 
         if (bytestream2_get_bytes_left(gb) < mask_size)
             return AVERROR_INVALIDDATA;
@@ -88,6 +89,7 @@ static int decode_mvdv(MidiVidContext *s, AVCodecContext *avctx, AVFrame *frame)
                 skip[(y*2+1)*skip_linesize + x*2  ] = flag;
                 skip[(y*2+1)*skip_linesize + x*2+1] = flag;
             }
+            skip_bits_long(&mask, padding);
         }
     }
 
@@ -96,10 +98,10 @@ static int decode_mvdv(MidiVidContext *s, AVCodecContext *avctx, AVFrame *frame)
         return AVERROR_INVALIDDATA;
     bytestream2_skip(gb, nb_vectors * 12);
     if (nb_vectors > 256) {
-        if (bytestream2_get_bytes_left(gb) < (nb_blocks + 7) / 8)
+        if (bytestream2_get_bytes_left(gb) < (nb_blocks + 7 * !intra_flag) / 8)
             return AVERROR_INVALIDDATA;
-        bytestream2_init(&idx9, gb->buffer_start + bytestream2_tell(gb), (nb_blocks + 7) / 8);
-        bytestream2_skip(gb, (nb_blocks + 7) / 8);
+        bytestream2_init(&idx9, gb->buffer_start + bytestream2_tell(gb), (nb_blocks + 7 * !intra_flag) / 8);
+        bytestream2_skip(gb, (nb_blocks + 7 * !intra_flag) / 8);
     }
 
     skip = s->skip;