Commit 153a8ae7 authored by Matthew Waters's avatar Matthew Waters 🐨

flxdec: rewrite logic based on GstByteReader/Writer

Solves overreading/writing the given arrays and will error out if the
streams asks to do that.

Also does more error checking that the stream is valid and won't
overrun any allocated arrays.  Also mitigate integer overflow errors
calculating allocation sizes.

https://bugzilla.gnome.org/show_bug.cgi?id=774859
parent 45dcd0b9
......@@ -101,7 +101,6 @@ flx_set_palette_vector (FlxColorSpaceConverter * flxpal, guint start, guint num,
} else {
memcpy (&flxpal->palvec[start * 3], newpal, grab * 3);
}
}
void
......
......@@ -123,78 +123,6 @@ typedef struct _FlxFrameType
} FlxFrameType;
#define FlxFrameTypeSize 10
#if G_BYTE_ORDER == G_BIG_ENDIAN
#define LE_TO_BE_16(i16) ((guint16) (((i16) << 8) | ((i16) >> 8)))
#define LE_TO_BE_32(i32) \
(((guint32) (LE_TO_BE_16((guint16) (i32))) << 16) | (LE_TO_BE_16((i32) >> 16)))
#define FLX_FRAME_TYPE_FIX_ENDIANNESS(frm_type_p) \
do { \
(frm_type_p)->chunks = LE_TO_BE_16((frm_type_p)->chunks); \
(frm_type_p)->delay = LE_TO_BE_16((frm_type_p)->delay); \
} while(0)
#define FLX_HUFFMAN_TABLE_FIX_ENDIANNESS(hffmn_table_p) \
do { \
(hffmn_table_p)->codelength = \
LE_TO_BE_16((hffmn_table_p)->codelength); \
(hffmn_table_p)->numcodes = LE_TO_BE_16((hffmn_table_p)->numcodes); \
} while(0)
#define FLX_SEGMENT_TABLE_FIX_ENDIANNESS(sgmnt_table_p) \
((sgmnt_table_p)->segments = LE_TO_BE_16((sgmnt_table_p)->segments))
#define FLX_PREFIX_CHUNK_FIX_ENDIANNESS(prfx_chnk_p) \
do { \
(prfx_chnk_p)->chunks = LE_TO_BE_16((prfx_chnk_p)->chunks); \
} while(0)
#define FLX_FRAME_CHUNK_FIX_ENDIANNESS(frm_chnk_p) \
do { \
(frm_chnk_p)->size = LE_TO_BE_32((frm_chnk_p)->size); \
(frm_chnk_p)->id = LE_TO_BE_16((frm_chnk_p)->id); \
} while(0)
#define FLX_HDR_FIX_ENDIANNESS(hdr_p) \
do { \
(hdr_p)->size = LE_TO_BE_32((hdr_p)->size); \
(hdr_p)->type = LE_TO_BE_16((hdr_p)->type); \
(hdr_p)->frames = LE_TO_BE_16((hdr_p)->frames); \
(hdr_p)->width = LE_TO_BE_16((hdr_p)->width); \
(hdr_p)->height = LE_TO_BE_16((hdr_p)->height); \
(hdr_p)->depth = LE_TO_BE_16((hdr_p)->depth); \
(hdr_p)->flags = LE_TO_BE_16((hdr_p)->flags); \
(hdr_p)->speed = LE_TO_BE_32((hdr_p)->speed); \
(hdr_p)->reserved1 = LE_TO_BE_16((hdr_p)->reserved1); \
(hdr_p)->created = LE_TO_BE_32((hdr_p)->created); \
(hdr_p)->creator = LE_TO_BE_32((hdr_p)->creator); \
(hdr_p)->updated = LE_TO_BE_32((hdr_p)->updated); \
(hdr_p)->updater = LE_TO_BE_32((hdr_p)->updater); \
(hdr_p)->aspect_dx = LE_TO_BE_16((hdr_p)->aspect_dx); \
(hdr_p)->aspect_dy = LE_TO_BE_16((hdr_p)->aspect_dy); \
(hdr_p)->ext_flags = LE_TO_BE_16((hdr_p)->ext_flags); \
(hdr_p)->keyframes = LE_TO_BE_16((hdr_p)->keyframes); \
(hdr_p)->totalframes = LE_TO_BE_16((hdr_p)->totalframes); \
(hdr_p)->req_memory = LE_TO_BE_32((hdr_p)->req_memory); \
(hdr_p)->max_regions = LE_TO_BE_16((hdr_p)->max_regions); \
(hdr_p)->transp_num = LE_TO_BE_16((hdr_p)->transp_num); \
(hdr_p)->oframe1 = LE_TO_BE_32((hdr_p)->oframe1); \
(hdr_p)->oframe2 = LE_TO_BE_32((hdr_p)->oframe2); \
} while(0)
#else
#define LE_TO_BE_16(i16) ((i16))
#define LE_TO_BE_32(i32) ((i32))
#define FLX_FRAME_TYPE_FIX_ENDIANNESS(frm_type_p)
#define FLX_HUFFMAN_TABLE_FIX_ENDIANNESS(hffmn_table_p)
#define FLX_SEGMENT_TABLE_FIX_ENDIANNESS(sgmnt_table_p)
#define FLX_PREFIX_CHUNK_FIX_ENDIANNESS(prfx_chnk_p)
#define FLX_FRAME_CHUNK_FIX_ENDIANNESS(frm_chnk_p)
#define FLX_HDR_FIX_ENDIANNESS(hdr_p)
#endif /* G_BYTE_ORDER == G_BIG_ENDIAN */
G_END_DECLS
#endif /* __GST_FLX_FMT_H__ */
This diff is collapsed.
......@@ -23,6 +23,8 @@
#include <gst/gst.h>
#include <gst/base/gstadapter.h>
#include <gst/base/gstbytereader.h>
#include <gst/base/gstbytewriter.h>
#include "flx_color.h"
G_BEGIN_DECLS
......@@ -45,7 +47,7 @@ struct _GstFlxDec {
guint8 *delta_data, *frame_data;
GstAdapter *adapter;
gulong size;
gsize size;
GstFlxDecState state;
gint64 frame_time;
gint64 next_time;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment