Hi Lynne
On Sun, Jan 05, 2025 at 05:59:35PM +0900, Lynne wrote:
> This also cleans up and gives the code some much needed comments.
> ---
> libavcodec/ffv1dec.c | 66 +++++++++++++++++++++++++++++++-------------
> 1 file changed, 47 insertions(+), 19 deletions(-)
>
> diff --git a/libavcodec/ffv1dec.c b/libavcodec/ffv1dec.c
> index b7f235c47f..aa988571bc 100644
> --- a/libavcodec/ffv1dec.c
> +++ b/libavcodec/ffv1dec.c
> @@ -866,6 +866,38 @@ static av_cold int decode_init(AVCodecContext *avctx)
> return 0;
> }
>
> +static int find_next_slice(AVCodecContext *avctx,
> + uint8_t *buf, uint8_t *buf_end, int idx,
> + uint8_t **pos, uint32_t *len)
> +{
> + FFV1Context *f = avctx->priv_data;
> +
> + /* Length field */
> + uint32_t v = buf_end - buf;
> + if (idx || f->version > 2) {
> + /* Three bytes of length, plus flush bit + CRC */
> + uint32_t trailer = 3 + 5*!!f->ec;
> + if (trailer > buf_end - buf)
> + v = INT_MAX;
> + else
> + v = AV_RB24(buf_end - trailer) + trailer;
> + }
> +
> + if (buf_end - buf < v) {
> + av_log(avctx, AV_LOG_ERROR, "Slice pointer chain broken\n");
> + ff_progress_frame_report(&f->picture, INT_MAX);
> + return AVERROR_INVALIDDATA;
> + }
the if() can be moved into the previous if()
the v = buf_end - buf;
is unused in the first if() so it could be set in an else
patch LGTM otherwise
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
"You are 36 times more likely to die in a bathtub than at the hands of a
terrorist. Also, you are 2.5 times more likely to become a president and
2 times more likely to become an astronaut, than to die in a terrorist
attack." -- Thoughty2
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
