On 08/03/2018 01:17, Michael Niedermayer wrote:
In the cases where the error is about a scalar value, that value should
be printed in the error message (unless it was alread printed elsewhere)
Patch modified, showing the scalar value.
From 13db9fc4da1d0e531e516bd87d084233e231f0e7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Martinez?= <jer...@mediaarea.net>
Date: Thu, 8 Mar 2018 02:40:21 +0100
Subject: [PATCH] avcodec/ffv1dec: add missing error messages when a frame is
invalid
---
libavcodec/ffv1dec.c | 39 +++++++++++++++++++++++++++++++--------
1 file changed, 31 insertions(+), 8 deletions(-)
diff --git a/libavcodec/ffv1dec.c b/libavcodec/ffv1dec.c
index 3d2ee2569f..06509dae60 100644
--- a/libavcodec/ffv1dec.c
+++ b/libavcodec/ffv1dec.c
@@ -182,11 +182,22 @@ static int decode_slice_header(FFV1Context *f,
FFV1Context *fs)
fs->slice_y /= f->num_v_slices;
fs->slice_width = fs->slice_width /f->num_h_slices - fs->slice_x;
fs->slice_height = fs->slice_height/f->num_v_slices - fs->slice_y;
- if ((unsigned)fs->slice_width > f->width || (unsigned)fs->slice_height >
f->height)
+ if ((unsigned)fs->slice_width > f->width) {
+ av_log(f->avctx, AV_LOG_ERROR, "slice_width %d out of range\n",
(unsigned)fs->slice_width);
return -1;
- if ( (unsigned)fs->slice_x + (uint64_t)fs->slice_width > f->width
- || (unsigned)fs->slice_y + (uint64_t)fs->slice_height > f->height)
+ }
+ if ((unsigned)fs->slice_height > f->height) {
+ av_log(f->avctx, AV_LOG_ERROR, "slice_height %d out of range\n",
(unsigned)fs->slice_height);
+ return -1;
+ }
+ if ((unsigned)fs->slice_x + (uint64_t)fs->slice_width > f->width) {
+ av_log(f->avctx, AV_LOG_ERROR, "slice_x+slice_width %lld out of
range\n", (unsigned)fs->slice_x + (uint64_t)fs->slice_width,
(unsigned)fs->slice_y);
return -1;
+ }
+ if ((unsigned)fs->slice_y + (uint64_t)fs->slice_height > f->height) {
+ av_log(f->avctx, AV_LOG_ERROR, "slice_y+slice_height %lld out of
range\n", (unsigned)fs->slice_y + (uint64_t)fs->slice_height);
+ return -1;
+ }
for (i = 0; i < f->plane_count; i++) {
PlaneContext * const p = &fs->plane[i];
@@ -432,8 +443,10 @@ static int read_extra_header(FFV1Context *f)
if (f->version > 2) {
c->bytestream_end -= 4;
f->micro_version = get_symbol(c, state, 0);
- if (f->micro_version < 0)
+ if (f->micro_version < 0) {
+ av_log(f->avctx, AV_LOG_ERROR, "Invalid micro_version %i in global
header\n", f->micro_version);
return AVERROR_INVALIDDATA;
+ }
}
f->ac = get_symbol(c, state, 0);
@@ -758,12 +771,22 @@ static int read_header(FFV1Context *f)
fs->slice_y /= f->num_v_slices;
fs->slice_width = fs->slice_width / f->num_h_slices -
fs->slice_x;
fs->slice_height = fs->slice_height / f->num_v_slices -
fs->slice_y;
- if ((unsigned)fs->slice_width > f->width ||
- (unsigned)fs->slice_height > f->height)
+ if ((unsigned)fs->slice_width > f->width) {
+ av_log(f->avctx, AV_LOG_ERROR, "slice_width %d out of
range\n", (unsigned)fs->slice_width);
return AVERROR_INVALIDDATA;
- if ( (unsigned)fs->slice_x + (uint64_t)fs->slice_width >
f->width
- || (unsigned)fs->slice_y + (uint64_t)fs->slice_height >
f->height)
+ }
+ if ((unsigned)fs->slice_height > f->height) {
+ av_log(f->avctx, AV_LOG_ERROR, "slice_height %d out of
range\n", (unsigned)fs->slice_height);
+ return AVERROR_INVALIDDATA;
+ }
+ if ((unsigned)fs->slice_x + (uint64_t)fs->slice_width > f->width)
{
+ av_log(f->avctx, AV_LOG_ERROR, "slice_x+slice_width %lld out
of range\n", (unsigned)fs->slice_x + (uint64_t)fs->slice_width,
(unsigned)fs->slice_y);
return AVERROR_INVALIDDATA;
+ }
+ if ((unsigned)fs->slice_y + (uint64_t)fs->slice_height >
f->height) {
+ av_log(f->avctx, AV_LOG_ERROR, "slice_y+slice_height %lld out
of range\n", (unsigned)fs->slice_y + (uint64_t)fs->slice_height);
+ return AVERROR_INVALIDDATA;
+ }
}
for (i = 0; i < f->plane_count; i++) {
--
2.13.3.windows.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
