Commit 78faca46 authored by Christophe Massiot's avatar Christophe Massiot

* libmpeg2/slice.c: Fix crash with malformed stream, patch courtesy of

   Lionel Debroux (http://sam.zoy.org/zzuf/lol-mplayer.m2v)
parent bb5d2c8e
......@@ -1587,6 +1587,16 @@ do { \
} \
} while (0)
/**
* Dummy motion decoding function, to avoid calling NULL in
* case of malformed streams.
*/
static void motion_dummy (mpeg2_decoder_t * const decoder,
motion_t * const motion,
mpeg2_mc_fct * const * const table)
{
}
void mpeg2_init_fbuf (mpeg2_decoder_t * decoder, uint8_t * current_fbuf[3],
uint8_t * forward_fbuf[3], uint8_t * backward_fbuf[3])
{
......@@ -1644,7 +1654,9 @@ void mpeg2_init_fbuf (mpeg2_decoder_t * decoder, uint8_t * current_fbuf[3],
if (decoder->mpeg1) {
decoder->motion_parser[0] = motion_zero_420;
decoder->motion_parser[MC_FRAME] = motion_mp1;
decoder->motion_parser[MC_FIELD] = motion_dummy;
decoder->motion_parser[MC_FRAME] = motion_mp1;
decoder->motion_parser[MC_DMV] = motion_dummy;
decoder->motion_parser[4] = motion_reuse_420;
} else if (decoder->picture_structure == FRAME_PICTURE) {
if (decoder->chroma_format == 0) {
......@@ -1869,6 +1881,14 @@ void mpeg2_slice (mpeg2_decoder_t * const decoder, const int code,
motion_parser_t * parser;
if ( ((macroblock_modes >> MOTION_TYPE_SHIFT) < 0)
|| ((macroblock_modes >> MOTION_TYPE_SHIFT) >=
(int)(sizeof(decoder->motion_parser)
/ sizeof(decoder->motion_parser[0])))
) {
break; // Illegal !
}
parser =
decoder->motion_parser[macroblock_modes >> MOTION_TYPE_SHIFT];
MOTION_CALL (parser, macroblock_modes);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment