* commit '15b4f494fc6bddb8178fdb5aed18b420efc75e22':
mss*: Change type of array stride parameters to ptrdiff_t
Merged-by: James Almer <jamrial@gmail.com>
The code currently reads the coded dimensions from the extradata, but
expects the display dimensions to be set by the caller, and does not
check that they are compatible (i.e. that the displayed size is smaller
than the coded size).
Make sure that when the display dimensions are set, they are also valid.
Fixes possible invalid memory access.
CC: libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Reported as https://trac.mplayerhq.hu/ticket/2264 but have
not been able to reproduce with FFmpeg-only.
I have no idea what coded_height is used for here exactly,
so this might not be the best fix.
Fixes the following chain of events:
ff_mss12_decode_init sets coded_height while not setting height.
ff_mpv_decode_init then copies coded_height into MpegEncContext height.
This is then used by init_context_frame to allocate the data structures.
However the wmv9rects are validated/initialized based on avctx->height, not
avctx->coded_height.
Thus the decode_wmv9 function will try to decode a larger video that we
allocated data structures for, causing out-of-bounds writes.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
* qatar/master:
configure: add support for bdver1 and bdver2 CPU types.
avio: make avio_close NULL the freed buffer
pixdesc: cosmetics
proresenc: Don't free a buffer not owned by the codec
proresenc: Write the full value in one put_bits call
adpcmenc: Calculate the IMA_QT predictor without overflow
x86: Add convenience macros to check for CPU extensions and flags
x86: h264dsp: drop some unnecessary ifdefs around prototype declarations
mss12: merge decode_pixel() and decode_top_left_pixel()
mss12: reduce SliceContext size from 1067 to 164 KB
mss12: move SliceContexts out of the common context into the codec contexts
Conflicts:
libavformat/aviobuf.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
MSS1 and MSS2: set final pixel format after common stuff has been initialised
MSS2 decoder
configure: handle --disable-asm before check_deps
x86: Split inline and external assembly #ifdefs
configure: x86: Separate inline from standalone assembler capabilities
pktdumper: Use a custom define instead of PATH_MAX for buffers
pktdumper: Use av_strlcpy instead of strncpy
pktdumper: Use sizeof(variable) instead of the direct buffer length
Conflicts:
Changelog
configure
libavcodec/allcodecs.c
libavcodec/avcodec.h
libavcodec/codec_desc.c
libavcodec/dct-test.c
libavcodec/imgconvert.c
libavcodec/mss12.c
libavcodec/version.h
libavfilter/x86/gradfun.c
libswscale/x86/yuv2rgb.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This way it won't interfere with WMV9 initialisation inside MSS2 decoder and
avplay will play it fine.
Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>
* qatar/master:
vc1: export some functions
configure: use HOSTCC_C/O in check_host_cc
configure: use AS_O setting in check_as
configure: use LD_O setting in check_ld()
Revert "dsputil: make {add/put/put_signed}_pixels_clamped() non-static."
build: Restore dependency of acelp_filters.o on celp_math.o
celp_math: Replace duplicate ff_dot_productf() by ff_scalarproduct_c()
celp_math: Move ff_cos() to the only place it is used
build: Use portable abstraction for linker/hostcc output file syntax
configure: Fix shared library creation for OpenBSD
vp56: Don't use DECLARE_ALIGN on a typedef name
mss1: move code that will be reused by MSS2 decoder into separate file
mss1: merge decode_intra() and decode_inter()
avprobe: Get rid of ugly casts in the options table
vf_hqdn3d: Remove a duplicate inline declaration
Conflicts:
Makefile
configure
ffprobe.c
libavcodec/Makefile
libavcodec/amrnbdec.c
libavcodec/amrwbdec.c
libavcodec/celp_math.c
libavcodec/celp_math.h
libavcodec/dsputil.c
libavcodec/lsp.c
libavcodec/mss1.c
libavcodec/ra288.c
libavcodec/vc1dec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
