From 63d33cf4390a9280b1ba42ee722f3140cf1cad3e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 17 Dec 2005 11:31:56 +0000 Subject: [PATCH] bitstream related fixes from [PATCH] from DivX, Part 9: bitstream crashes by (Steve Lhomme | slhomme divxcorp com) Originally committed as revision 4747 to svn://svn.ffmpeg.org/ffmpeg/trunk --- libavcodec/h263.c | 14 ++++++++------ libavcodec/svq3.c | 2 +- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/libavcodec/h263.c b/libavcodec/h263.c index fa1a15954d..e890ac0f4e 100644 --- a/libavcodec/h263.c +++ b/libavcodec/h263.c @@ -5744,10 +5744,10 @@ static int decode_user_data(MpegEncContext *s, GetBitContext *gb){ char buf[256]; int i; int e; - int ver, build, ver2, ver3; + int ver = 0, build = 0, ver2 = 0, ver3 = 0; char last; - for(i=0; i<255; i++){ + for(i=0; i<255 && gb->index < gb->size_in_bits; i++){ if(show_bits(gb, 23) == 0) break; buf[i]= get_bits(gb, 8); } @@ -5769,7 +5769,8 @@ static int decode_user_data(MpegEncContext *s, GetBitContext *gb){ e=sscanf(buf, "FFmpeg v%d.%d.%d / libavcodec build: %d", &ver, &ver2, &ver3, &build); if(e!=4){ e=sscanf(buf, "Lavc%d.%d.%d", &ver, &ver2, &ver3)+1; - build= (ver<<16) + (ver2<<8) + ver3; + if (e>1) + build= (ver<<16) + (ver2<<8) + ver3; } if(e!=4){ if(strcmp(buf, "ffmpeg")==0){ @@ -6013,9 +6014,6 @@ int ff_mpeg4_decode_picture_header(MpegEncContext * s, GetBitContext *gb) startcode = 0xff; for(;;) { - v = get_bits(gb, 8); - startcode = ((startcode << 8) | v) & 0xffffffff; - if(get_bits_count(gb) >= gb->size_in_bits){ if(gb->size_in_bits==8 && (s->divx_version || s->xvid_build)){ av_log(s->avctx, AV_LOG_ERROR, "frame skip %d\n", gb->size_in_bits); @@ -6024,6 +6022,10 @@ int ff_mpeg4_decode_picture_header(MpegEncContext * s, GetBitContext *gb) return -1; //end of stream } + /* use the bits after the test */ + v = get_bits(gb, 8); + startcode = ((startcode << 8) | v) & 0xffffffff; + if((startcode&0xFFFFFF00) != 0x100) continue; //no startcode diff --git a/libavcodec/svq3.c b/libavcodec/svq3.c index f0f995acfa..9f80ee0282 100644 --- a/libavcodec/svq3.c +++ b/libavcodec/svq3.c @@ -829,7 +829,7 @@ static int svq3_decode_frame (AVCodecContext *avctx, GetBitContext gb; size = BE_32(&extradata[4]); - init_get_bits (&gb, extradata + 8, size); + init_get_bits (&gb, extradata + 8, size*8); /* 'frame size code' and optional 'width, height' */ if (get_bits (&gb, 3) == 7) {