On Thursday 14 May 2015 01:47:54 pm Michael Niedermayer wrote:
> > Attached patch fixes reading valid pict files with non-zero user data.
> This wont work with files that have a different version
I don't think such files exist.
New patch for reading valid files attached, tested with ImageMagick and
Preview.
I also attached a patch that fixes an overread in the rle function.
Please comment, Carl Eugen
diff --git a/libavcodec/qdrw.c b/libavcodec/qdrw.c
index 6c920aa..85aa5f4 100644
--- a/libavcodec/qdrw.c
+++ b/libavcodec/qdrw.c
@@ -149,9 +151,7 @@ static int decode_frame(AVCodecContext *avctx,
bytestream2_init(&gbc, avpkt->data, avpkt->size);
if ( bytestream2_get_bytes_left(&gbc) >= 552
- && !check_header(gbc.buffer , bytestream2_get_bytes_left(&gbc))
- && check_header(gbc.buffer + 512, bytestream2_get_bytes_left(&gbc)
- 512)
- )
+ && AV_RB32(&avpkt->data[522]) == 0x001102FF)
bytestream2_skip(&gbc, 512);
ver = check_header(gbc.buffer, bytestream2_get_bytes_left(&gbc));
diff --git a/libavcodec/qdrw.c b/libavcodec/qdrw.c
index 6c920aa..85aa5f4 100644
--- a/libavcodec/qdrw.c
+++ b/libavcodec/qdrw.c
@@ -95,6 +95,8 @@ static int decode_rle(AVCodecContext *avctx, AVFrame *p,
GetByteContext *gbc,
pos -= offset;
pos++;
}
+ if (pos >= offset)
+ return AVERROR_INVALIDDATA;
}
left -= 2;
} else { /* copy */
@@ -149,9 +151,7 @@ static int decode_frame(AVCodecContext *avctx,
bytestream2_init(&gbc, avpkt->data, avpkt->size);
if ( bytestream2_get_bytes_left(&gbc) >= 552
- && !check_header(gbc.buffer , bytestream2_get_bytes_left(&gbc))
- && check_header(gbc.buffer + 512, bytestream2_get_bytes_left(&gbc)
- 512)
- )
+ && AV_RB32(&avpkt->data[522]) == 0x001102FF)
bytestream2_skip(&gbc, 512);
ver = check_header(gbc.buffer, bytestream2_get_bytes_left(&gbc));
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
