generic-library/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge commit 'ce1dacb435460dda1f9d453eaaeac44bd502aca4' into release/1.1

Browse Source 
* commit 'ce1dacb435460dda1f9d453eaaeac44bd502aca4':
  rl2: Avoid a division by zero
  wtv: Add more sanity checks for a length read from the file
  segafilm: Validate the number of audio channels
  qpeg: Add checks for running out of rows in qpeg_decode_inter
  mpegaudiodec: Validate that the number of channels fits at the given offset
  asvdec: Verify the amount of extradata
  idroqdec: Make sure a video stream has been allocated before returning packets
  rv10: Validate the dimensions set from the container
  xmv: Add more sanity checks for parameters read from the bitstream
  ffv1: Make sure at least one slice context is initialized
  truemotion2: Use av_freep properly in an error path
  eacmv: Make sure a reference frame exists before referencing it
  mpeg4videodec: Check the width/height in mpeg4_decode_sprite_trajectory
  ivi_common: Make sure color planes have been initialized
  mov: Don't use a negative duration for setting other fields

Conflicts:
	libavcodec/eacmv.c
	libavcodec/ffv1.c
	libavcodec/mpeg4videodec.c
	libavcodec/mpegaudiodec.c
	libavcodec/qpeg.c
	libavformat/mov.c
	libavformat/wtv.c
	libavformat/xmv.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer
2013-10-08 01:06:45 +02:00
parent af26185bdc ce1dacb435
commit 55aedd679a
14 changed files with 63 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
libavcodec/asvdec.c
View File

@@ -282,6 +282,11 @@ static av_cold int decode_init(AVCodecContext *avctx)
const int scale = avctx->codec_id == AV_CODEC_ID_ASV1 ? 1 : 2;
int i;
if (avctx->extradata_size < 1) {
av_log(avctx, AV_LOG_ERROR, "No extradata provided\n");
return AVERROR_INVALIDDATA;
}
ff_asv_common_init(avctx);
init_vlcs(a);
ff_init_scantable(a->dsp.idct_permutation, &a->scantable, ff_asv_scantab);

5
libavcodec/ivi_common.c
View File

@@ -969,6 +969,11 @@ int ff_ivi_decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
return AVERROR_PATCHWELCOME;
}
if (!ctx->planes[0].bands) {
av_log(avctx, AV_LOG_ERROR, "Color planes not initialized yet\n");
return AVERROR_INVALIDDATA;
}
ctx->switch_buffers(ctx);
//{ START_TIMER;

14
libavcodec/mpeg4videodec.c
View File

@@ -160,7 +160,7 @@ static inline int mpeg4_is_resync(MpegEncContext *s){
return 0;
}
static int mpeg4_decode_sprite_trajectory(MpegEncContext * s, GetBitContext *gb)
static int mpeg4_decode_sprite_trajectory(MpegEncContext *s, GetBitContext *gb)
{
int i;
int a= 2<<s->sprite_warping_accuracy;
@@ -176,8 +176,8 @@ static int mpeg4_decode_sprite_trajectory(MpegEncContext * s, GetBitContext *gb)
int h= s->height;
int min_ab;
if(w<=0 || h<=0)
return -1;
if (w <= 0 || h <= 0)
return AVERROR_INVALIDDATA;
for(i=0; i<s->num_sprite_warping_points; i++){
int length;
@@ -415,8 +415,8 @@ int ff_mpeg4_decode_video_packet_header(MpegEncContext *s)
skip_bits(&s->gb, 3); /* intra dc vlc threshold */
//FIXME don't just ignore everything
if(s->pict_type == AV_PICTURE_TYPE_S && s->vol_sprite_usage==GMC_SPRITE){
if(mpeg4_decode_sprite_trajectory(s, &s->gb) < 0)
return -1;
if (mpeg4_decode_sprite_trajectory(s, &s->gb) < 0)
return AVERROR_INVALIDDATA;
av_log(s->avctx, AV_LOG_ERROR, "untested\n");
}
@@ -2081,8 +2081,8 @@ static int decode_vop_header(MpegEncContext *s, GetBitContext *gb){
}
if(s->pict_type == AV_PICTURE_TYPE_S && (s->vol_sprite_usage==STATIC_SPRITE || s->vol_sprite_usage==GMC_SPRITE)){
if(mpeg4_decode_sprite_trajectory(s, gb) < 0)
return -1;
if (mpeg4_decode_sprite_trajectory(s, gb) < 0)
return AVERROR_INVALIDDATA;
if(s->sprite_brightness_change) av_log(s->avctx, AV_LOG_ERROR, "sprite_brightness_change not supported\n");
if(s->vol_sprite_usage==STATIC_SPRITE) av_log(s->avctx, AV_LOG_ERROR, "static sprite not supported\n");
}

3
libavcodec/mpegaudiodec.c
View File

@@ -1965,7 +1965,8 @@ static int decode_frame_mp3on4(AVCodecContext *avctx, void *data,
avpriv_mpegaudio_decode_header((MPADecodeHeader *)m, header);
if (ch + m->nb_channels > avctx->channels || s->coff[fr] + m->nb_channels > avctx->channels) {
if (ch + m->nb_channels > avctx->channels ||
s->coff[fr] + m->nb_channels > avctx->channels) {
av_log(avctx, AV_LOG_ERROR, "frame channel count exceeds codec "
"channel count\n");
return AVERROR_INVALIDDATA;

4
libavcodec/qpeg.c
View File

@@ -193,7 +193,7 @@ static void qpeg_decode_inter(QpegContext *qctx, uint8_t *dst,
filled = 0;
dst -= stride;
height--;
if(height < 0)
if (height < 0)
break;
}
}
@@ -209,7 +209,7 @@ static void qpeg_decode_inter(QpegContext *qctx, uint8_t *dst,
filled = 0;
dst -= stride;
height--;
if(height < 0)
if (height < 0)
break;
}
}

5
libavcodec/rv10.c
View File

@@ -458,12 +458,15 @@ static av_cold int rv10_decode_init(AVCodecContext *avctx)
RVDecContext *rv = avctx->priv_data;
MpegEncContext *s = &rv->m;
static int done=0;
int major_ver, minor_ver, micro_ver;
int major_ver, minor_ver, micro_ver, ret;
if (avctx->extradata_size < 8) {
av_log(avctx, AV_LOG_ERROR, "Extradata is too small.\n");
return -1;
}
if ((ret = av_image_check_size(avctx->coded_width,
avctx->coded_height, 0, avctx)) < 0)
return ret;
ff_MPV_decode_defaults(s);

16
libavcodec/truemotion2.c
View File

@@ -922,14 +922,14 @@ static av_cold int decode_init(AVCodecContext *avctx){
if (!l->Y1_base || !l->Y2_base || !l->U1_base ||
!l->V1_base || !l->U2_base || !l->V2_base ||
!l->last || !l->clast) {
av_freep(l->Y1_base);
av_freep(l->Y2_base);
av_freep(l->U1_base);
av_freep(l->U2_base);
av_freep(l->V1_base);
av_freep(l->V2_base);
av_freep(l->last);
av_freep(l->clast);
av_freep(&l->Y1_base);
av_freep(&l->Y2_base);
av_freep(&l->U1_base);
av_freep(&l->U2_base);
av_freep(&l->V1_base);
av_freep(&l->V2_base);
av_freep(&l->last);
av_freep(&l->clast);
return AVERROR(ENOMEM);
}
l->Y1 = l->Y1_base + l->y_stride * 4 + 4;

7
libavformat/idroqdec.c
View File

@@ -145,6 +145,8 @@ static int roq_read_packet(AVFormatContext *s,
break;
case RoQ_QUAD_CODEBOOK:
if (roq->video_stream_index < 0)
return AVERROR_INVALIDDATA;
/* packet needs to contain both this codebook and next VQ chunk */
codebook_offset = avio_tell(pb) - RoQ_CHUNK_PREAMBLE_SIZE;
codebook_size = chunk_size;
@@ -194,6 +196,11 @@ static int roq_read_packet(AVFormatContext *s,
st->codec->block_align = st->codec->channels * st->codec->bits_per_coded_sample;
}
case RoQ_QUAD_VQ:
if (chunk_type == RoQ_QUAD_VQ) {
if (roq->video_stream_index < 0)
return AVERROR_INVALIDDATA;
}
/* load up the packet */
if (av_new_packet(pkt, chunk_size + RoQ_CHUNK_PREAMBLE_SIZE))
return AVERROR(EIO);

2
libavformat/mov.c
View File

@@ -3209,7 +3209,7 @@ static int mov_read_header(AVFormatContext *s)
for (i = 0; i < s->nb_streams; i++) {
AVStream *st = s->streams[i];
MOVStreamContext *sc = st->priv_data;
if (st->duration)
if (st->duration > 0)
st->codec->bit_rate = sc->data_size * 8 * sc->time_scale / st->duration;
}
}

4
libavformat/rl2.c
View File

@@ -107,6 +107,10 @@ static av_cold int rl2_read_header(AVFormatContext *s)
rate = avio_rl16(pb);
channels = avio_rl16(pb);
def_sound_size = avio_rl16(pb);
if (!channels || channels > 42) {
av_log(s, AV_LOG_ERROR, "Invalid number of channels: %d\n", channels);
return AVERROR_INVALIDDATA;
}
/** setup video stream */
st = avformat_new_stream(s, NULL);

5
libavformat/segafilm.c
View File

@@ -112,6 +112,11 @@ static int film_read_header(AVFormatContext *s)
return AVERROR(EIO);
film->audio_samplerate = AV_RB16(&scratch[24]);
film->audio_channels = scratch[21];
if (!film->audio_channels || film->audio_channels > 2) {
av_log(s, AV_LOG_ERROR,
"Invalid number of channels: %d\n", film->audio_channels);
return AVERROR_INVALIDDATA;
}
film->audio_bits = scratch[22];
if (scratch[23] == 2 && film->audio_channels > 0)
film->audio_type = AV_CODEC_ID_ADPCM_ADX;

7
libavformat/wtvdec.c
View File

@@ -258,7 +258,12 @@ static AVIOContext * wtvfile_open2(AVFormatContext *s, const uint8_t *buf, int b
dir_length = AV_RL16(buf + 16);
file_length = AV_RL64(buf + 24);
name_size = 2 * AV_RL32(buf + 32);
if (buf + 48 + (int64_t)name_size > buf_end || name_size<0) {
if (name_size < 0) {
av_log(s, AV_LOG_ERROR,
"bad filename length, remaining directory entries ignored\n");
break;
}
if (48 + (int64_t)name_size > buf_end - buf) {
av_log(s, AV_LOG_ERROR, "filename exceeds buffer size; remaining directory entries ignored\n");
break;
}

12
libavformat/xmv.c
View File

@@ -49,6 +49,8 @@
XMV_AUDIO_ADPCM51_FRONTCENTERLOW | \
XMV_AUDIO_ADPCM51_REARLEFTRIGHT)
#define XMV_BLOCK_ALIGN_SIZE 36
/** A video packet with an XMV file. */
typedef struct XMVVideoPacket {
int stream_index; ///< The decoder stream index for this video packet.
@@ -196,15 +198,10 @@ static int xmv_read_header(AVFormatContext *s)
packet->bits_per_sample = avio_rl16(pb);
packet->flags = avio_rl16(pb);
if (!packet->channels) {
av_log(s, AV_LOG_ERROR, "0 channels\n");
return AVERROR(EINVAL);
}
packet->bit_rate = packet->bits_per_sample *
packet->sample_rate *
packet->channels;
packet->block_align = 36 * packet->channels;
packet->block_align = XMV_BLOCK_ALIGN_SIZE * packet->channels;
packet->block_samples = 64;
packet->codec_id = ff_wav_codec_get_id(packet->compression,
packet->bits_per_sample);
@@ -220,7 +217,8 @@ static int xmv_read_header(AVFormatContext *s)
av_log(s, AV_LOG_WARNING, "Unsupported 5.1 ADPCM audio stream "
"(0x%04X)\n", packet->flags);
if (!packet->channels || !packet->sample_rate) {
if (!packet->channels || !packet->sample_rate ||
packet->channels >= UINT16_MAX / XMV_BLOCK_ALIGN_SIZE) {
av_log(s, AV_LOG_ERROR, "Invalid parameters for audio track %d.\n",
audio_track);
ret = AVERROR_INVALIDDATA;