| Patrick Williams | b48b7b4 | 2016-08-17 15:04:38 -0500 | [diff] [blame^] | 1 | From 8f1457864be8fb9653643519dea1c6492f1dde57 Mon Sep 17 00:00:00 2001 |
| 2 | From: Michael Niedermayer <michaelni@gmx.at> |
| 3 | Date: Fri, 3 Oct 2014 20:15:52 +0200 |
| 4 | Subject: [PATCH] avcodec/gifdec: factorize interleave end handling out |
| 5 | |
| 6 | (Upstream commit 8f1457864be8fb9653643519dea1c6492f1dde57) |
| 7 | |
| 8 | also change it to a loop |
| 9 | Fixes out of array access |
| 10 | Fixes: asan_heap-oob_ca5410_8_asan_heap-oob_ca5410_97_ID_LSD_Size_Less_Then_Data_Inter_3.gif |
| 11 | |
| 12 | Upstream-Status: Backport |
| 13 | |
| 14 | Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind |
| 15 | Signed-off-by: Michael Niedermayer <michaelni@gmx.at> |
| 16 | Signed-off-by: Yue Tao <yue.tao@windriver.com> |
| 17 | --- |
| 18 | libavcodec/gifdec.c | 15 +++++---------- |
| 19 | 1 file changed, 5 insertions(+), 10 deletions(-) |
| 20 | |
| 21 | diff --git a/libavcodec/gifdec.c b/libavcodec/gifdec.c |
| 22 | index dee48f5..90de38b 100644 |
| 23 | --- a/gst-libs/ext/libav/libavcodec/gifdec.c |
| 24 | +++ b/gst-libs/ext/libav/libavcodec/gifdec.c |
| 25 | @@ -271,26 +271,21 @@ static int gif_read_image(GifState *s, AVFrame *frame) |
| 26 | case 1: |
| 27 | y1 += 8; |
| 28 | ptr += linesize * 8; |
| 29 | - if (y1 >= height) { |
| 30 | - y1 = pass ? 2 : 4; |
| 31 | - ptr = ptr1 + linesize * y1; |
| 32 | - pass++; |
| 33 | - } |
| 34 | break; |
| 35 | case 2: |
| 36 | y1 += 4; |
| 37 | ptr += linesize * 4; |
| 38 | - if (y1 >= height) { |
| 39 | - y1 = 1; |
| 40 | - ptr = ptr1 + linesize; |
| 41 | - pass++; |
| 42 | - } |
| 43 | break; |
| 44 | case 3: |
| 45 | y1 += 2; |
| 46 | ptr += linesize * 2; |
| 47 | break; |
| 48 | } |
| 49 | + while (y1 >= height) { |
| 50 | + y1 = 4 >> pass; |
| 51 | + ptr = ptr1 + linesize * y1; |
| 52 | + pass++; |
| 53 | + } |
| 54 | } else { |
| 55 | ptr += linesize; |
| 56 | } |
| 57 | -- |
| 58 | 1.7.9.5 |
| 59 | |