Skip to content

Commit

Permalink
avcodec/utvideodec: Set pro flag based on fourcc
Browse files Browse the repository at this point in the history 
This avoids mixing 8bit variants with pro and 10bit with non pro mode.
Fixes: out of array read
Fixes: poc_03_30.avi

Found-by: GwanYeong Kim <gy741.kim@gmail.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
  • Loading branch information
@michaelni
michaelni committed Apr 1, 2018
1 parent 8c980b1 commit 47b7c68
Showing 1 changed file with 5 additions and 3 deletions.
8 changes: 5 additions & 3 deletions libavcodec/utvideodec.c
View file
Expand Up @@ -949,14 +949,17 @@ static av_cold int decode_init(AVCodecContext *avctx)
break; break;
case MKTAG('U', 'Q', 'Y', '2'): case MKTAG('U', 'Q', 'Y', '2'):
c->planes = 3; c->planes = 3;
c->pro = 1;
avctx->pix_fmt = AV_PIX_FMT_YUV422P10; avctx->pix_fmt = AV_PIX_FMT_YUV422P10;
break; break;
case MKTAG('U', 'Q', 'R', 'G'): case MKTAG('U', 'Q', 'R', 'G'):
c->planes = 3; c->planes = 3;
c->pro = 1;
avctx->pix_fmt = AV_PIX_FMT_GBRP10; avctx->pix_fmt = AV_PIX_FMT_GBRP10;
break; break;
case MKTAG('U', 'Q', 'R', 'A'): case MKTAG('U', 'Q', 'R', 'A'):
c->planes = 4; c->planes = 4;
c->pro = 1;
avctx->pix_fmt = AV_PIX_FMT_GBRAP10; avctx->pix_fmt = AV_PIX_FMT_GBRAP10;
break; break;
case MKTAG('U', 'L', 'H', '0'): case MKTAG('U', 'L', 'H', '0'):
Expand Down Expand Up @@ -1031,7 +1034,7 @@ static av_cold int decode_init(AVCodecContext *avctx)
if (c->compression != 2) if (c->compression != 2)
avpriv_request_sample(avctx, "Unknown compression type"); avpriv_request_sample(avctx, "Unknown compression type");
c->slices = avctx->extradata[9] + 1; c->slices = avctx->extradata[9] + 1;
} else if (avctx->extradata_size >= 16) { } else if (!c->pro && avctx->extradata_size >= 16) {
av_log(avctx, AV_LOG_DEBUG, "Encoder version %d.%d.%d.%d\n", av_log(avctx, AV_LOG_DEBUG, "Encoder version %d.%d.%d.%d\n",
avctx->extradata[3], avctx->extradata[2], avctx->extradata[3], avctx->extradata[2],
avctx->extradata[1], avctx->extradata[0]); avctx->extradata[1], avctx->extradata[0]);
Expand All @@ -1046,14 +1049,13 @@ static av_cold int decode_init(AVCodecContext *avctx)
c->slices = (c->flags >> 24) + 1; c->slices = (c->flags >> 24) + 1;
c->compression = c->flags & 1; c->compression = c->flags & 1;
c->interlaced = c->flags & 0x800; c->interlaced = c->flags & 0x800;
} else if (avctx->extradata_size == 8) { } else if (c->pro && avctx->extradata_size == 8) {
av_log(avctx, AV_LOG_DEBUG, "Encoder version %d.%d.%d.%d\n", av_log(avctx, AV_LOG_DEBUG, "Encoder version %d.%d.%d.%d\n",
avctx->extradata[3], avctx->extradata[2], avctx->extradata[3], avctx->extradata[2],
avctx->extradata[1], avctx->extradata[0]); avctx->extradata[1], avctx->extradata[0]);
av_log(avctx, AV_LOG_DEBUG, "Original format %"PRIX32"\n", av_log(avctx, AV_LOG_DEBUG, "Original format %"PRIX32"\n",
AV_RB32(avctx->extradata + 4)); AV_RB32(avctx->extradata + 4));
c->interlaced = 0; c->interlaced = 0;
c->pro = 1;
c->frame_info_size = 4; c->frame_info_size = 4;
} else { } else {
av_log(avctx, AV_LOG_ERROR, av_log(avctx, AV_LOG_ERROR,
Expand Down

0 comments on commit 47b7c68

Please sign in to comment.