avcodec/dnxhddec: treat pix_fmt like width/height
Fixes out of array accesses
Fixes: asan_heap-oob_22c9a39_16_015.mxf
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f3c0e0bf6f)
Conflicts:
libavcodec/dnxhddec.c
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer
@ -39,6 +39,7 @@ typedef struct DNXHDContext {
|
|||||||
GetBitContext gb;
|
GetBitContext gb;
|
||||||
int64_t cid; ///< compression id
|
int64_t cid; ///< compression id
|
||||||
unsigned int width, height;
|
unsigned int width, height;
|
||||||
|
enum AVPixelFormat pix_fmt;
|
||||||
unsigned int mb_width, mb_height;
|
unsigned int mb_width, mb_height;
|
||||||
uint32_t mb_scan_index[68]; /* max for 1080p */
|
uint32_t mb_scan_index[68]; /* max for 1080p */
|
||||||
int cur_field; ///< current interlaced field
|
int cur_field; ///< current interlaced field
|
||||||
@ -135,7 +136,7 @@ static int dnxhd_decode_header(DNXHDContext *ctx, const uint8_t *buf, int buf_si
|
|||||||
av_dlog(ctx->avctx, "width %d, height %d\n", ctx->width, ctx->height);
|
av_dlog(ctx->avctx, "width %d, height %d\n", ctx->width, ctx->height);
|
||||||
|
|
||||||
if (buf[0x21] & 0x40) {
|
if (buf[0x21] & 0x40) {
|
||||||
ctx->avctx->pix_fmt = AV_PIX_FMT_YUV422P10;
|
ctx->pix_fmt = AV_PIX_FMT_YUV422P10;
|
||||||
ctx->avctx->bits_per_raw_sample = 10;
|
ctx->avctx->bits_per_raw_sample = 10;
|
||||||
if (ctx->bit_depth != 10) {
|
if (ctx->bit_depth != 10) {
|
||||||
ff_dsputil_init(&ctx->dsp, ctx->avctx);
|
ff_dsputil_init(&ctx->dsp, ctx->avctx);
|
||||||
@ -143,7 +144,7 @@ static int dnxhd_decode_header(DNXHDContext *ctx, const uint8_t *buf, int buf_si
|
|||||||
ctx->decode_dct_block = dnxhd_decode_dct_block_10;
|
ctx->decode_dct_block = dnxhd_decode_dct_block_10;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
ctx->avctx->pix_fmt = AV_PIX_FMT_YUV422P;
|
ctx->pix_fmt = AV_PIX_FMT_YUV422P;
|
||||||
ctx->avctx->bits_per_raw_sample = 8;
|
ctx->avctx->bits_per_raw_sample = 8;
|
||||||
if (ctx->bit_depth != 8) {
|
if (ctx->bit_depth != 8) {
|
||||||
ff_dsputil_init(&ctx->dsp, ctx->avctx);
|
ff_dsputil_init(&ctx->dsp, ctx->avctx);
|
||||||
@ -381,9 +382,15 @@ static int dnxhd_decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
|
|||||||
avctx->width, avctx->height, ctx->width, ctx->height);
|
avctx->width, avctx->height, ctx->width, ctx->height);
|
||||||
first_field = 1;
|
first_field = 1;
|
||||||
}
|
}
|
||||||
|
if (avctx->pix_fmt != AV_PIX_FMT_NONE && avctx->pix_fmt != ctx->pix_fmt) {
|
||||||
|
av_log(avctx, AV_LOG_WARNING, "pix_fmt changed: %s -> %s\n",
|
||||||
|
av_get_pix_fmt_name(avctx->pix_fmt), av_get_pix_fmt_name(ctx->pix_fmt));
|
||||||
|
first_field = 1;
|
||||||
|
}
|
||||||
|
|
||||||
if (av_image_check_size(ctx->width, ctx->height, 0, avctx))
|
if (av_image_check_size(ctx->width, ctx->height, 0, avctx))
|
||||||
return -1;
|
return -1;
|
||||||
|
avctx->pix_fmt = ctx->pix_fmt;
|
||||||
avcodec_set_dimensions(avctx, ctx->width, ctx->height);
|
avcodec_set_dimensions(avctx, ctx->width, ctx->height);
|
||||||
|
|
||||||
if (first_field) {
|
if (first_field) {
|
||||||
|
|||||||
Reference in New Issue
Block a user