[01/18] idroqdec: Make sure a video stream has been allocated before returning packets

Message ID 1379358389-64839-1-git-send-email-martin@martin.st
State Committed
Commit bcbe4f3ceb6ee0210d3a401963518906c8b9b230
Headers show

Commit Message

Martin Storsjö Sept. 16, 2013, 7:06 p.m.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
---
 libavformat/idroqdec.c |    7 +++++++
 1 file changed, 7 insertions(+)

Comments

Martin Storsjö Sept. 18, 2013, 7:29 p.m. | #1
On Mon, 16 Sep 2013, Martin Storsjö wrote:

> Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
> CC: libav-stable@libav.org
> ---
> libavformat/idroqdec.c |    7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/libavformat/idroqdec.c b/libavformat/idroqdec.c
> index eeaafec..82eff24 100644
> --- a/libavformat/idroqdec.c
> +++ b/libavformat/idroqdec.c
> @@ -142,6 +142,8 @@ static int roq_read_packet(AVFormatContext *s,
>             break;
>
>         case RoQ_QUAD_CODEBOOK:
> +            if (roq->video_stream_index < 0)
> +                return AVERROR_INVALIDDATA;
>             /* packet needs to contain both this codebook and next VQ chunk */
>             codebook_offset = avio_tell(pb) - RoQ_CHUNK_PREAMBLE_SIZE;
>             codebook_size = chunk_size;
> @@ -191,6 +193,11 @@ static int roq_read_packet(AVFormatContext *s,
>                 st->codec->block_align = st->codec->channels * st->codec->bits_per_coded_sample;
>             }
>         case RoQ_QUAD_VQ:
> +            if (chunk_type == RoQ_QUAD_VQ) {
> +                if (roq->video_stream_index < 0)
> +                    return AVERROR_INVALIDDATA;
> +            }
> +
>             /* load up the packet */
>             if (av_new_packet(pkt, chunk_size + RoQ_CHUNK_PREAMBLE_SIZE))
>                 return AVERROR(EIO);
> -- 
> 1.7.9.4

Ok'd by Luca on irc.

// Martin

Patch

diff --git a/libavformat/idroqdec.c b/libavformat/idroqdec.c
index eeaafec..82eff24 100644
--- a/libavformat/idroqdec.c
+++ b/libavformat/idroqdec.c
@@ -142,6 +142,8 @@  static int roq_read_packet(AVFormatContext *s,
             break;
 
         case RoQ_QUAD_CODEBOOK:
+            if (roq->video_stream_index < 0)
+                return AVERROR_INVALIDDATA;
             /* packet needs to contain both this codebook and next VQ chunk */
             codebook_offset = avio_tell(pb) - RoQ_CHUNK_PREAMBLE_SIZE;
             codebook_size = chunk_size;
@@ -191,6 +193,11 @@  static int roq_read_packet(AVFormatContext *s,
                 st->codec->block_align = st->codec->channels * st->codec->bits_per_coded_sample;
             }
         case RoQ_QUAD_VQ:
+            if (chunk_type == RoQ_QUAD_VQ) {
+                if (roq->video_stream_index < 0)
+                    return AVERROR_INVALIDDATA;
+            }
+
             /* load up the packet */
             if (av_new_packet(pkt, chunk_size + RoQ_CHUNK_PREAMBLE_SIZE))
                 return AVERROR(EIO);