From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id 9BC914E45A for ; Tue, 11 Mar 2025 15:04:57 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 094C068E12E; Tue, 11 Mar 2025 17:04:02 +0200 (EET) Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com [209.85.128.47]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 666B568E10F for ; Tue, 11 Mar 2025 17:03:51 +0200 (EET) Received: by mail-wm1-f47.google.com with SMTP id 5b1f17b1804b1-43cf58eea0fso15372905e9.0 for ; Tue, 11 Mar 2025 08:03:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1741705431; x=1742310231; darn=ffmpeg.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=uMFw8XR3v81WnFnqSFOk/H1Boifr3eZBciDeK0UAvfQ=; b=PakYpW9D+YKgjVK7TYTPwSdJY12gGls6f/i7WqLDaV0/rCcclkud1qNv2wH0qZHJRa dezpnYOhLZa28kbT5So/nFYOptriIMOFHYLFIqai7xtoPy9fEUuVxZqi7yUchht36CuK rNjsfknQT30s0XIz14sOrwcoEsNzGqR0SXj6R7QS9sASs14bzdOKLqvDgwCMZM4a4TgY EPD7WAH65JCy3oq56I583OT7q9bD/gbNOwS0lV0deuunbU4bqP6HdxWhTR2gB0geLVIK 2RogTN7ziqHhvawZzSg9r4SbLqzb1jBHPxzR5lWNdsCRC4cpXlbGMCTGIpFiOfHWm909 kopw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741705431; x=1742310231; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=uMFw8XR3v81WnFnqSFOk/H1Boifr3eZBciDeK0UAvfQ=; b=KejawHc/Sq81BMu/P8RpcRyNxES/u4q0f+5ZLMwlUG6Ue2pA/LS39BLfu2vlRifZFG 5K8r+PWcipoKA7qcnMMG8+c+8ZzJN44R4z1ixpwQj4bl/vFASHBrvqcQbrx3Gc2tiOfw EMwLSbf4tXJC5mW24AfYDwREkuldnOXLeT8OCFwTnZeM2SRNRuPb5xxOPeeCeWEvdPn1 u5iw/HUBGsOx94zb8Hrd/Dd40yA+/QAT5YDeVLP8bcsGBdP8OH+f3CDbAHuxoK2HzWJl Cf+YzluwqAdfgUZx509RfbZ+2StfpuvGGMh21sC6dg20RGfNEFRFQ3N3B3s68F4GuuFS YnKQ== X-Gm-Message-State: AOJu0YxJpGg6jBWl7Nfw4wVCqPTtt1gOvMlMlgoMMDtsbR8DOED2lCHT HonTh4gbNn/MQWz8egHybVolpzcxZt2BmgjSjMry6KsQL8/uyM1UN3jEoQ== X-Gm-Gg: ASbGncs/Ek9DodRIy4a9J/pLgiXfNpnGSG73gKRWcWISKFDmYXNafIJ6ISKSxUgev9D o3rUGZ1lS3mt/lf4tKNU92u/9YjBce4mJVZb+YKecxLSZULZeW2esFwj1VQ+yw7bNU8nMuAyGs3 HIFxAiWrjDqv8jTmep0Hp2UdkWnc4UgTPNLXOtslAEu3A96Zf6Imkze6hTSN9WR5dT6H3WkQ/Hd S7lNjIWHXQkG2omIAnq/gl4aNuMFlr3toqJyTcrtJTPhJJRvEvj7TfvREF7LEWNbm/th2qgv7tr /cO6e/iUBcsKvjPLjxfWne2dQ5b+HaFW2rthhY+guZEemkmUV16YALeewIUdc/X/5hTTJJ/MKKp /s25Y79qIuoAzMybFcVE2xWnEG5dAEBECbaPY9a3UMfqDou1ILRdpEgA= X-Google-Smtp-Source: AGHT+IHFZL+qi4cncwo9lyvfGEfrr0q1WtpuibhG7oaw7ptP2KHtseSqBDU7FpZN+iyyLWWkHN3Ozg== X-Received: by 2002:a05:600c:524f:b0:43c:fbba:41ba with SMTP id 5b1f17b1804b1-43d01c25c31mr44268095e9.28.1741705430210; Tue, 11 Mar 2025 08:03:50 -0700 (PDT) Received: from flagship3.deu.mlau.at (p200300c0271f29004c5623f045c27bca.dip0.t-ipconnect.de. [2003:c0:271f:2900:4c56:23f0:45c2:7bca]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-43ceaac390bsm115259215e9.35.2025.03.11.08.03.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 11 Mar 2025 08:03:49 -0700 (PDT) From: Manuel Lauss To: ffmpeg-devel@ffmpeg.org Date: Tue, 11 Mar 2025 16:03:37 +0100 Message-ID: <20250311150341.348678-5-manuel.lauss@gmail.com> X-Mailer: git-send-email 2.48.1 In-Reply-To: <20250311150341.348678-1-manuel.lauss@gmail.com> References: <20250311150341.348678-1-manuel.lauss@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 5/9] avcodec/sanm: FOBJ left/top are signed values X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Manuel Lauss Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: The left/top parameters of a FOBJ are signed values. Adjust codec1 code accordingly to not draw outside the buffer area. Rebel Assault 1 makes heavy use of this. Signed-off-by: Manuel Lauss --- libavcodec/sanm.c | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/libavcodec/sanm.c b/libavcodec/sanm.c index a512810987..310b1a429b 100644 --- a/libavcodec/sanm.c +++ b/libavcodec/sanm.c @@ -558,18 +558,18 @@ static int rle_decode(SANMVideoContext *ctx, uint8_t *dst, const int out_size) static int old_codec1(SANMVideoContext *ctx, int top, int left, int width, int height, int opaque) { - uint8_t *dst = ((uint8_t *)ctx->frm0) + left + top * ctx->pitch; - int i, j, len, flag, code, val, pos, end; + int i, j, len, flag, code, val, end, pxoff; + const int maxpxo = ctx->height * ctx->pitch; + uint8_t *dst = (uint8_t *)ctx->frm0; for (i = 0; i < height; i++) { - pos = 0; - if (bytestream2_get_bytes_left(&ctx->gb) < 2) return AVERROR_INVALIDDATA; len = bytestream2_get_le16u(&ctx->gb); end = bytestream2_tell(&ctx->gb) + len; + pxoff = left + ((top + i) * ctx->pitch); while (bytestream2_tell(&ctx->gb) < end) { if (bytestream2_get_bytes_left(&ctx->gb) < 2) return AVERROR_INVALIDDATA; @@ -577,25 +577,27 @@ static int old_codec1(SANMVideoContext *ctx, int top, code = bytestream2_get_byteu(&ctx->gb); flag = code & 1; code = (code >> 1) + 1; - if (pos + code > width) - return AVERROR_INVALIDDATA; if (flag) { val = bytestream2_get_byteu(&ctx->gb); - if (val || opaque) - memset(dst + pos, val, code); - pos += code; + if (val || opaque) { + for (j = 0; j < code; j++) { + if (pxoff >= 0 && pxoff < maxpxo) + *(dst + pxoff) = val; + pxoff++; + } + } else + pxoff += code; } else { if (bytestream2_get_bytes_left(&ctx->gb) < code) return AVERROR_INVALIDDATA; for (j = 0; j < code; j++) { val = bytestream2_get_byteu(&ctx->gb); - if (val || opaque) - dst[pos] = val; - pos++; + if ((pxoff >= 0 && pxoff < maxpxo) && (val || opaque)) + *(dst + pxoff) = val; + pxoff++; } } } - dst += ctx->pitch; } ctx->rotate_code = 0; @@ -1234,8 +1236,8 @@ static int old_codec48(SANMVideoContext *ctx, int width, int height) static int process_frame_obj(SANMVideoContext *ctx) { uint16_t codec = bytestream2_get_le16u(&ctx->gb); - uint16_t left = bytestream2_get_le16u(&ctx->gb); - uint16_t top = bytestream2_get_le16u(&ctx->gb); + int16_t left = bytestream2_get_le16u(&ctx->gb); + int16_t top = bytestream2_get_le16u(&ctx->gb); uint16_t w = bytestream2_get_le16u(&ctx->gb); uint16_t h = bytestream2_get_le16u(&ctx->gb); -- 2.48.1 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".