The check `start + res < start' is broken since pointer overflow is
undefined behavior in C. Many compilers such as gcc/clang optimize
away this check.
Use `res > end - start' instead. Also change `res' to unsigned int
to avoid signed left-shift overflow.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Martin Storsjö <martin@martin.st>
A negative `size' will bypass FFMIN(). In the subsequent memcpy() call,
`size' will be considered as a large positive value, leading to a buffer
overflow.
Change the type of `size' to unsigned int to avoid buffer overflow, and
simplify overflow checks accordingly. Also change a literal buffer
size to use sizeof, and limit the amount of data copied in another
memcpy call as well.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Martin Storsjö <martin@martin.st>
Sanity checks like `data + size >= data_end || data + size < data' are
broken, because `data + size < data' assumes pointer overflow, which is
undefined behavior in C. Many compilers such as gcc/clang optimize such
checks away.
Use `size < 0 || size >= data_end - data' instead.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Martin Storsjö <martin@martin.st>
This makes sure that the restrict keyword is mapped to whatever
keyword the compiler prefers/supports. This fixes building on MSVC
(and possibly on GCC 2.x as well).
Signed-off-by: Martin Storsjö <martin@martin.st>
Allows users to configure the output based on what's actually decoded, rather than the full native layout.
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
Also stop storing the channel arrangement in the header info, as it's unused outside of ff_mlp_read_major_sync.
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
CC:libav-stable@libav.org
Now, nellymoserenc and aacenc no longer depends on dsputil. Independent
of this patch, wmaprodec also does not depend on dsputil, so I removed
it from there also.
Expose the current sequence number via an AVOption - this can
be used both for setting the initial sequence number, or for
querying the current number.
Signed-off-by: Martin Storsjö <martin@martin.st>
Use AVERROR_INVALIDDATA on invalid inputs, and AVERROR_EOF when no more
frames are available in an interleaved AVI.
Signed-off-by: Jindrich Makovicka <makovick@gmail.com>
Signed-off-by: Diego Biurrun <diego@biurrun.de>
This allows us to get rid of them on the next major bump. All of the
above are functionally irrelevant, and most of them are unused, except
the vp3 one, which is used wrongly in the bfin arch optimizations.
This allows us to remove FF_IDCT_WMV2, which serves no practical purpose
other than to be able to select the WMV2 IDCT for MPEG (or vice versa)
and get corrupt output.
Fate tests for all wmv2-related tests change, because (for some obscure
reason) they forced use of the MPEG IDCT. You would get the same changes
previously by not using -idct simple in the fate test (or replacing it
with -idct auto).
The theoretical minimum for a (not totally well formed) RTCP packet
is 8 bytes, so we shouldn't require 12 bytes as minimum input.
Also return AVERROR_INVALIDDATA instead of 0 if something that is
not a proper packet is given.
Signed-off-by: Martin Storsjö <martin@martin.st>
This clarifies where the limit number comes from, and only
requires exactly as much padding space as will be needed.
Signed-off-by: Martin Storsjö <martin@martin.st>
The main difference to the existing suites from RFC 4568 is
that the version with a 32 bit HMAC still uses 80 bit HMAC
for RTCP packets.
Signed-off-by: Martin Storsjö <martin@martin.st>
