Mans Rullgard
a31e9f68a4
lavf: fix signed overflow in avformat_find_stream_info()
...
On the first iteration through this code, last_dts is always
INT64_MIN (AV_NOPTS_VALUE) and the subtraction overflows in
an invalid manner. Although the result is only used if the
input values are valid, performing the subtraction is still
not allowed in a strict environment.
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-08 20:04:22 +01:00
Mans Rullgard
bb59156606
vp8: fix signed overflows
...
In addition to avoiding undefined behaviour, an unsigned type
makes more sense for packing multiple 8-bit values.
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-08 20:03:55 +01:00
Mans Rullgard
e708afd3c0
motion_est: fix some signed overflows
...
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-08 20:03:55 +01:00
Mans Rullgard
559c244d42
dca: fix signed overflow in shift
...
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-08 20:03:55 +01:00
Mans Rullgard
d12294304a
aacdec: fix undefined shifts
...
Since nnz can be zero, this is needed to avoid a shift by 32.
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-08 20:03:55 +01:00
Laurent Aimar
a00676e48e
bink: Check for various out of bound writes
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-08 16:32:01 +02:00
Laurent Aimar
24adf7832b
bink: Check for out of bound writes when building tree
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-08 16:25:56 +02:00
Mans Rullgard
ac6eab1496
put_bits: fix invalid shift by 32 in flush_put_bits()
...
If flush_put_bits() is called when the 32-bit buffer is empty,
e.g. after writing a multiple of 32 bits, and invalid shift by
32 is performed. Since flush_put_bits() is called infrequently,
this additional check should have negligible performance impact.
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-08 02:41:58 +01:00
Alex Converse
98ef887a75
mpegps: Use av_get_packet() instead of poorly emulating it.
2011-10-07 17:04:14 -07:00
Janne Grunau
c2f2dfb3dd
motionpixels: decode only the 111 complete frames for fate
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 19:32:07 +02:00
Laurent Aimar
9bd854b1ff
mpc8: Check out of bound bands limit
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 17:15:45 +02:00
Laurent Aimar
7d17a794f0
xan: Prevent NULL dereference with missing palette
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 17:15:31 +02:00
Laurent Aimar
3db3fdf4c6
xan: Check for out of bound reads in xan_huffman_decode()
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:32 +02:00
Laurent Aimar
3e0757c2a8
xan: Fixed out of bound accesses in xan_unpack()
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:32 +02:00
Laurent Aimar
1cd0a55163
motionpixels: Prevent calling init_vlc() with invalid parameters
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:32 +02:00
Laurent Aimar
5f05cf4ea9
shorten: Fix out of bound writes in fix_bitshift()
...
The data pointers s->decoded[*] already take into account s->nwrap.
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
1720603287
dsicinav: Check for out of bounds writes
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
64263dd526
tiertexseqv: Check for out of bound reads
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
4fd56f842c
quickdraw: Check for out of bound reads
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
e3ca9b93d9
dsicinav: Check for out of bounds reads
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
210c80331e
motionpixels: Fix the size of workspace buffers
...
Some buffers must be mod 4 in width and/or height.
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
d337dd3a90
motionpixels: Clear FF_INPUT_BUFFER_PADDING_SIZE bytes at the end of the temporary buffer
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
d99427cb8b
wmavoice: Check for corrupted extra data
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
1c1449b548
wmavoice: Check for out of bound writes
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
06be075cda
xan: Prevent NULL dereferences with missing reference frame
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
c7e631986b
bink: Prevent NULL dereferences with missing reference frame
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
2c6cf13940
wavpack: Reset internal state on corrupted blocks
...
wavpack_decode_block() supposes that it is called back with the exact
same buffer unless it has returned with an error. With multi-channels
files, wavpack_decode_frame() was breaking this assumption.
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
2c1ba79941
wmapro: Validate the number of audio channels before using it
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:30 +02:00
Laurent Aimar
1e3336de69
mpc8: Fix return value on EOF
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:30 +02:00
Laurent Aimar
95010d18b2
shorten: Prevent block size from increasing
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:30 +02:00
Laurent Aimar
124a16f678
xan: Prevent out of bound accesses
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:30 +02:00
Michael Niedermayer
14c21c1ff5
H264: Only wait before triggering ff_thread_setup_complete() until the next slice that contains a start-of-field/frame macroblock
...
This allows concurrent decoding of the last field/frame, rather than
only the last slice, of data packets with multiple NAL units packed
together.
This will fix the slowdown reported in e.g. bug 52.
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2011-10-07 14:23:26 +02:00
Laurent Aimar
a72cad0a6c
vp6: Reset the internal state when aborting key frames header parsing
...
It prevents leaving the state only half initialized.
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 00:37:32 +02:00
Laurent Aimar
3d09d0017d
vp56: Release old pictures after a resolution changes
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 00:27:24 +02:00
Laurent Aimar
066fff755a
vp6: Check for huffman tree build errors
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 00:27:03 +02:00
Laurent Aimar
0ec6d6e9b6
vp56: Check for missing reference frame data
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 00:25:43 +02:00
Laurent Aimar
d239d4b447
cinepak: Fix invalid read access on extra data
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-06 23:35:29 +02:00
Laurent Aimar
c0cbe36b18
vmd: fix segfaults on corruped streams
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-06 23:33:09 +02:00
Laurent Aimar
3a742470a8
cook: Fix js_vlc_bits value validation for joint stereo
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-06 23:31:06 +02:00
Laurent Aimar
1775b92fee
segafilm: Check for memory allocation failures in segafilm demuxer.
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-06 23:19:45 +02:00
Laurent Aimar
762ffa6861
segafilm: Fix potential division by 0 on corrupted streams in the demuxer
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-06 23:01:45 +02:00
Laurent Aimar
790f4dd5c9
Fixed segfault on corrupted sega streams in the demuxer.
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-06 22:32:02 +02:00
Laurent Aimar
69a0bce753
Fixed deference of NULL pointer in motionpixels decoder.
...
Some of the arguments given to init_vlc() come from the stream
and can be corrupted.
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-06 22:29:12 +02:00
Anton Khirnov
d97efd7f87
libx264: support 9- and 10-bit output.
2011-10-06 09:16:06 +02:00
Ronald S. Bultje
4418aa9cb3
h264: correct implicit_weight for field-interlaced pictures.
2011-10-05 04:01:23 -07:00
Ronald S. Bultje
330deb7592
mpegvideo: set correct offset for edge emulation buffer.
...
Using the old code, half of it was unused and the other half was too
small for e.g. >8bpp interlaced data, causing random buffer overruns.
2011-10-05 04:01:23 -07:00
Ronald S. Bultje
0884dd5a1b
mpegvideo: fix position of bottom edge.
...
It was wrong in colorspaces where horizontal and vertical chroma
subsampling are not the same, e.g. 422.
2011-10-05 04:01:23 -07:00
Diego Biurrun
e83c2ddebf
Fix 'heigth' vs. 'height' typos.
2011-10-05 11:12:01 +02:00
Anton Khirnov
a4ea00d021
lavc/lavf: use unique private classes.
...
This is needed by the new AVOptions API.
2011-10-05 07:52:30 +02:00
Anton Khirnov
0ba1e1978d
lavc: use designated initializers for av_codec_context_class
2011-10-05 07:52:05 +02:00