Mercurial > libavcodec.hg

comparison utils.c @ 2422:18b8b2dcc037 libavcodec

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
various security fixes and precautionary checks
author michael
date Wed, 12 Jan 2005 00:16:25 +0000
parents 82af834636c2
children 87b7fbed8609
comparison
equal deleted inserted replaced
2421:e326490f58c4 2422:18b8b2dcc037
80 void *av_fast_realloc(void *ptr, unsigned int *size, unsigned int min_size) 80 void *av_fast_realloc(void *ptr, unsigned int *size, unsigned int min_size)
81 { 81 {
82 if(min_size < *size) 82 if(min_size < *size)
83 return ptr; 83 return ptr;
84 84
85 *size= 17*min_size/16 + 32; 85 *size= FFMAX(17*min_size/16 + 32, min_size);
86 86
87 return av_realloc(ptr, *size); 87 return av_realloc(ptr, *size);
88 } 88 }
89 89
90 90
99 { 99 {
100 void *ptr = av_mallocz(size); 100 void *ptr = av_mallocz(size);
101 101
102 if(ptr){ 102 if(ptr){
103 array_static =av_fast_realloc(array_static, &allocated_static, sizeof(void*)*(last_static+1)); 103 array_static =av_fast_realloc(array_static, &allocated_static, sizeof(void*)*(last_static+1));
104 if(!array_static)
105 return NULL;
104 array_static[last_static++] = ptr; 106 array_static[last_static++] = ptr;
105 } 107 }
106 108
107 return ptr; 109 return ptr;
108 } 110 }
231 233
232 *width = ALIGN(*width , w_align); 234 *width = ALIGN(*width , w_align);
233 *height= ALIGN(*height, h_align); 235 *height= ALIGN(*height, h_align);
234 } 236 }
235 237
238 int avcodec_check_dimensions(void *av_log_ctx, unsigned int w, unsigned int h){
239 if((int)w>0 && (int)h>0 && (w+128)*(uint64_t)(h+128) < INT_MAX/4)
240 return 0;
241
242 av_log(av_log_ctx, AV_LOG_ERROR, "picture size invalid (%ux%u)\n", w, h);
243 return -1;
244 }
245
236 int avcodec_default_get_buffer(AVCodecContext *s, AVFrame *pic){ 246 int avcodec_default_get_buffer(AVCodecContext *s, AVFrame *pic){
237 int i; 247 int i;
238 int w= s->width; 248 int w= s->width;
239 int h= s->height; 249 int h= s->height;
240 InternalBuffer *buf; 250 InternalBuffer *buf;
241 int *picture_number; 251 int *picture_number;
242 252
243 assert(pic->data[0]==NULL); 253 assert(pic->data[0]==NULL);
244 assert(INTERNAL_BUFFER_SIZE > s->internal_buffer_count); 254 assert(INTERNAL_BUFFER_SIZE > s->internal_buffer_count);
255
256 if(avcodec_check_dimensions(s,w,h))
257 return -1;
245 258
246 if(s->internal_buffer==NULL){ 259 if(s->internal_buffer==NULL){
247 s->internal_buffer= av_mallocz(INTERNAL_BUFFER_SIZE*sizeof(InternalBuffer)); 260 s->internal_buffer= av_mallocz(INTERNAL_BUFFER_SIZE*sizeof(InternalBuffer));
248 } 261 }
249 #if 0 262 #if 0
507 if(avctx->coded_width && avctx->coded_height) 520 if(avctx->coded_width && avctx->coded_height)
508 avcodec_set_dimensions(avctx, avctx->coded_width, avctx->coded_height); 521 avcodec_set_dimensions(avctx, avctx->coded_width, avctx->coded_height);
509 else if(avctx->width && avctx->height) 522 else if(avctx->width && avctx->height)
510 avcodec_set_dimensions(avctx, avctx->width, avctx->height); 523 avcodec_set_dimensions(avctx, avctx->width, avctx->height);
511 524
525 if((avctx->coded_width||avctx->coded_height) && avcodec_check_dimensions(avctx,avctx->coded_width,avctx->coded_height)){
526 av_freep(&avctx->priv_data);
527 return -1;
528 }
529
512 ret = avctx->codec->init(avctx); 530 ret = avctx->codec->init(avctx);
513 if (ret < 0) { 531 if (ret < 0) {
514 av_freep(&avctx->priv_data); 532 av_freep(&avctx->priv_data);
515 return ret; 533 return ret;
516 } 534 }
518 } 536 }
519 537
520 int avcodec_encode_audio(AVCodecContext *avctx, uint8_t *buf, int buf_size, 538 int avcodec_encode_audio(AVCodecContext *avctx, uint8_t *buf, int buf_size,
521 const short *samples) 539 const short *samples)
522 { 540 {
541 if(buf_size < FF_MIN_BUFFER_SIZE && 0){
542 av_log(avctx, AV_LOG_ERROR, "buffer smaller then minimum size\n");
543 return -1;
544 }
523 if((avctx->codec->capabilities & CODEC_CAP_DELAY) || samples){ 545 if((avctx->codec->capabilities & CODEC_CAP_DELAY) || samples){
524 int ret = avctx->codec->encode(avctx, buf, buf_size, (void *)samples); 546 int ret = avctx->codec->encode(avctx, buf, buf_size, (void *)samples);
525 avctx->frame_number++; 547 avctx->frame_number++;
526 return ret; 548 return ret;
527 }else 549 }else
529 } 551 }
530 552
531 int avcodec_encode_video(AVCodecContext *avctx, uint8_t *buf, int buf_size, 553 int avcodec_encode_video(AVCodecContext *avctx, uint8_t *buf, int buf_size,
532 const AVFrame *pict) 554 const AVFrame *pict)
533 { 555 {
556 if(buf_size < FF_MIN_BUFFER_SIZE){
557 av_log(avctx, AV_LOG_ERROR, "buffer smaller then minimum size\n");
558 return -1;
559 }
560 if(avcodec_check_dimensions(avctx,avctx->width,avctx->height))
561 return -1;
534 if((avctx->codec->capabilities & CODEC_CAP_DELAY) || pict){ 562 if((avctx->codec->capabilities & CODEC_CAP_DELAY) || pict){
535 int ret = avctx->codec->encode(avctx, buf, buf_size, (void *)pict); 563 int ret = avctx->codec->encode(avctx, buf, buf_size, (void *)pict);
536 avctx->frame_number++; 564 avctx->frame_number++;
537 emms_c(); //needed to avoid a emms_c() call before every return; 565 emms_c(); //needed to avoid a emms_c() call before every return;
538 566
555 uint8_t *buf, int buf_size) 583 uint8_t *buf, int buf_size)
556 { 584 {
557 int ret; 585 int ret;
558 586
559 *got_picture_ptr= 0; 587 *got_picture_ptr= 0;
588 if((avctx->coded_width||avctx->coded_height) && avcodec_check_dimensions(avctx,avctx->coded_width,avctx->coded_height))
589 return -1;
560 ret = avctx->codec->decode(avctx, picture, got_picture_ptr, 590 ret = avctx->codec->decode(avctx, picture, got_picture_ptr,
561 buf, buf_size); 591 buf, buf_size);
562 592
563 emms_c(); //needed to avoid a emms_c() call before every return; 593 emms_c(); //needed to avoid a emms_c() call before every return;
564 594