@ -440,7 +440,7 @@ static int decode_p_frame(FourXContext *f, AVFrame *frame,
if ( f - > version > 1 ) {
extra = 20 ;
if ( length < extra )
return - 1 ;
return AVERROR_INVALIDDATA ;
bitstream_size = AV_RL32 ( buf + 8 ) ;
wordstream_size = AV_RL32 ( buf + 12 ) ;
bytestream_size = AV_RL32 ( buf + 16 ) ;
@ -827,27 +827,33 @@ static int decode_frame(AVCodecContext *avctx, void *data,
AVFrame * picture = data ;
int i , frame_4cc , frame_size , ret ;
if ( buf_size < 1 2)
if ( buf_size < 20 )
return AVERROR_INVALIDDATA ;
frame_4cc = AV_RL32 ( buf ) ;
if ( buf_size ! = AV_RL32 ( buf + 4 ) + 8 | | buf_size < 20 )
if ( buf_size < AV_RL32 ( buf + 4 ) + 8 ) {
av_log ( f - > avctx , AV_LOG_ERROR , " size mismatch %d %d \n " ,
buf_size , AV_RL32 ( buf + 4 ) ) ;
return AVERROR_INVALIDDATA ;
}
frame_4cc = AV_RL32 ( buf ) ;
if ( frame_4cc = = AV_RL32 ( " cfrm " ) ) {
int free_index = - 1 ;
int id , whole_size ;
const int data_size = buf_size - 20 ;
const int id = AV_RL32 ( buf + 12 ) ;
const int whole_size = AV_RL32 ( buf + 16 ) ;
CFrameBuffer * cfrm ;
if ( data_size < 0 | | whole_size < 0 ) {
av_log ( f - > avctx , AV_LOG_ERROR , " sizes invali d\n " ) ;
if ( f - > version < = 1 ) {
av_log ( f - > avctx , AV_LOG_ERROR , " cfrm in version % d\n " , f - > version ) ;
return AVERROR_INVALIDDATA ;
}
if ( f - > version < = 1 ) {
av_log ( f - > avctx , AV_LOG_ERROR , " cfrm in version %d \n " , f - > version ) ;
id = AV_RL32 ( buf + 12 ) ;
whole_size = AV_RL32 ( buf + 16 ) ;
if ( data_size < 0 | | whole_size < 0 ) {
av_log ( f - > avctx , AV_LOG_ERROR , " sizes invalid \n " ) ;
return AVERROR_INVALIDDATA ;
}
Michael Niedermayer
12 years ago