msrledec: fix output_end checks

author Michael Niedermayer <michaelni@gmx.at>

Tue, 5 Mar 2013 01:19:12 +0000 (02:19 +0100)

committer Michael Niedermayer <michaelni@gmx.at>

Tue, 5 Mar 2013 02:29:04 +0000 (03:29 +0100)
author Michael Niedermayer <michaelni@gmx.at>
Tue, 5 Mar 2013 01:19:12 +0000 (02:19 +0100)
committer Michael Niedermayer <michaelni@gmx.at>
Tue, 5 Mar 2013 02:29:04 +0000 (03:29 +0100)
diff --git a/libavcodec/msrledec.c b/libavcodec/msrledec.c

index cd0a73d..83d7d13 100644 (file)
--- a/libavcodec/msrledec.c
+++ b/libavcodec/msrledec.c
@@ -138,7 +138,8 @@ static int msrle_decode_8_16_24_32(AVCodecContext *avctx, AVPicture *pic,
      unsigned int width= FFABS(pic->linesize[0]) / (depth >> 3);
  
      output     = pic->data[0] + (avctx->height - 1) * pic->linesize[0];
-    output_end = pic->data[0] +  avctx->height      * pic->linesize[0];
+    output_end = output + FFABS(pic->linesize[0]);
+
      while (bytestream2_get_bytes_left(gb) > 0) {
          p1 = bytestream2_get_byteu(gb);
          if(p1 == 0) { //Escape code
@@ -155,6 +156,7 @@ static int msrle_decode_8_16_24_32(AVCodecContext *avctx, AVPicture *pic,
                      }
                  }
                  output = pic->data[0] + line * pic->linesize[0];
+                output_end = output + FFABS(pic->linesize[0]);
                  pos = 0;
                  continue;
              } else if(p2 == 1) { //End-of-picture
@@ -169,11 +171,11 @@ static int msrle_decode_8_16_24_32(AVCodecContext *avctx, AVPicture *pic,
                      return -1;
                  }
                  output = pic->data[0] + line * pic->linesize[0] + pos * (depth >> 3);
+                output_end = pic->data[0] + line * pic->linesize[0] + FFABS(pic->linesize[0]);
                  continue;
              }
              // Copy data
-            if ((pic->linesize[0] > 0 && output + p2 * (depth >> 3) > output_end) ||
-                (pic->linesize[0] < 0 && output + p2 * (depth >> 3) < output_end)) {
+            if (output + p2 * (depth >> 3) > output_end) {
                  bytestream2_skip(gb, 2 * (depth >> 3));
                  continue;
              } else if (bytestream2_get_bytes_left(gb) < p2 * (depth >> 3)) {
@@ -203,8 +205,7 @@ static int msrle_decode_8_16_24_32(AVCodecContext *avctx, AVPicture *pic,
              pos += p2;
          } else { //run of pixels
              uint8_t pix[3]; //original pixel
-            if ((pic->linesize[0] > 0 && output + p1 * (depth >> 3) > output_end) ||
-                (pic->linesize[0] < 0 && output + p1 * (depth >> 3) < output_end))
+            if (output + p1 * (depth >> 3) > output_end)
                  continue;
  
              switch(depth){
author	Michael Niedermayer <michaelni@gmx.at>
	Tue, 5 Mar 2013 01:19:12 +0000 (02:19 +0100)
committer	Michael Niedermayer <michaelni@gmx.at>
	Tue, 5 Mar 2013 02:29:04 +0000 (03:29 +0100)