Merge commit '494f2d4f9e834db1eaf1a7d0160d497f9802013d' into release/1.1
* commit '494f2d4f9e834db1eaf1a7d0160d497f9802013d': vc1dec: Make sure last_picture is initialized in vc1_decode_skip_blocks r3d: Add more input value validation fraps: Make the input buffer size checks more strict svq3: Avoid a division by zero rmdec: Validate the fps value twinvqdec: Check the ibps parameter separately asfdec: Check the return value of asf_read_stream_properties mxfdec: set audio timebase to 1/samplerate Conflicts: libavcodec/fraps.c libavcodec/svq3.c libavformat/mxfdec.c tests/ref/fate/mxf-demux tests/ref/seek/lavf-mxf tests/ref/seek/lavf-mxf_d10 Merged-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer
@@ -145,6 +145,11 @@ static int decode_frame(AVCodecContext *avctx,
|
|||||||
enum AVPixelFormat pix_fmt;
|
enum AVPixelFormat pix_fmt;
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
|
if (buf_size < 4) {
|
||||||
|
av_log(avctx, AV_LOG_ERROR, "Packet is too short\n");
|
||||||
|
return AVERROR_INVALIDDATA;
|
||||||
|
}
|
||||||
|
|
||||||
header = AV_RL32(buf);
|
header = AV_RL32(buf);
|
||||||
version = header & 0xff;
|
version = header & 0xff;
|
||||||
header_size = (header & (1<<30))? 8 : 4; /* bit 30 means pad to 8 bytes */
|
header_size = (header & (1<<30))? 8 : 4; /* bit 30 means pad to 8 bytes */
|
||||||
@@ -216,7 +221,7 @@ static int decode_frame(AVCodecContext *avctx,
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
switch(version) {
|
switch (version) {
|
||||||
case 0:
|
case 0:
|
||||||
default:
|
default:
|
||||||
/* Fraps v0 is a reordered YUV420 */
|
/* Fraps v0 is a reordered YUV420 */
|
||||||
@@ -226,13 +231,13 @@ static int decode_frame(AVCodecContext *avctx,
|
|||||||
return AVERROR_INVALIDDATA;
|
return AVERROR_INVALIDDATA;
|
||||||
}
|
}
|
||||||
|
|
||||||
buf32=(const uint32_t*)buf;
|
buf32 = (const uint32_t*)buf;
|
||||||
for(y=0; y<avctx->height/2; y++){
|
for (y = 0; y < avctx->height / 2; y++) {
|
||||||
luma1=(uint32_t*)&f->data[0][ y*2*f->linesize[0] ];
|
luma1 = (uint32_t*)&f->data[0][ y * 2 * f->linesize[0] ];
|
||||||
luma2=(uint32_t*)&f->data[0][ (y*2+1)*f->linesize[0] ];
|
luma2 = (uint32_t*)&f->data[0][ (y * 2 + 1) * f->linesize[0] ];
|
||||||
cr=(uint32_t*)&f->data[1][ y*f->linesize[1] ];
|
cr = (uint32_t*)&f->data[1][ y * f->linesize[1] ];
|
||||||
cb=(uint32_t*)&f->data[2][ y*f->linesize[2] ];
|
cb = (uint32_t*)&f->data[2][ y * f->linesize[2] ];
|
||||||
for(x=0; x<avctx->width; x+=8){
|
for(x=0; x<avctx->width; x+=8) {
|
||||||
*luma1++ = *buf32++;
|
*luma1++ = *buf32++;
|
||||||
*luma1++ = *buf32++;
|
*luma1++ = *buf32++;
|
||||||
*luma2++ = *buf32++;
|
*luma2++ = *buf32++;
|
||||||
@@ -245,10 +250,10 @@ static int decode_frame(AVCodecContext *avctx,
|
|||||||
|
|
||||||
case 1:
|
case 1:
|
||||||
/* Fraps v1 is an upside-down BGR24 */
|
/* Fraps v1 is an upside-down BGR24 */
|
||||||
for(y=0; y<avctx->height; y++)
|
for (y = 0; y < avctx->height; y++)
|
||||||
memcpy(&f->data[0][ (avctx->height - y -1) * f->linesize[0]],
|
memcpy(&f->data[0][ (avctx->height - y - 1) * f->linesize[0]],
|
||||||
&buf[y*avctx->width*3],
|
&buf[y * avctx->width * 3],
|
||||||
3*avctx->width);
|
3 * avctx->width);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 2:
|
case 2:
|
||||||
|
|||||||
@@ -962,7 +962,8 @@ static av_cold int svq3_decode_init(AVCodecContext *avctx)
|
|||||||
int offset = get_bits_count(&gb) + 7 >> 3;
|
int offset = get_bits_count(&gb) + 7 >> 3;
|
||||||
uint8_t *buf;
|
uint8_t *buf;
|
||||||
|
|
||||||
if (watermark_height <= 0 || (uint64_t)watermark_width*4 > UINT_MAX/watermark_height)
|
if (watermark_height <= 0 ||
|
||||||
|
(uint64_t)watermark_width * 4 > UINT_MAX / watermark_height)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
buf = av_malloc(buf_len);
|
buf = av_malloc(buf_len);
|
||||||
|
|||||||
@@ -1142,12 +1142,12 @@ static av_cold int twin_decode_init(AVCodecContext *avctx)
|
|||||||
AV_CH_LAYOUT_STEREO;
|
AV_CH_LAYOUT_STEREO;
|
||||||
|
|
||||||
ibps = avctx->bit_rate / (1000 * avctx->channels);
|
ibps = avctx->bit_rate / (1000 * avctx->channels);
|
||||||
|
if (ibps < 8 || ibps > 48) {
|
||||||
if (ibps > 255U) {
|
av_log(avctx, AV_LOG_ERROR, "Bad bitrate per channel value %d\n", ibps);
|
||||||
av_log(avctx, AV_LOG_ERROR, "unsupported per channel bitrate %dkbps\n", ibps);
|
|
||||||
return AVERROR_INVALIDDATA;
|
return AVERROR_INVALIDDATA;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
switch ((isampf << 8) + ibps) {
|
switch ((isampf << 8) + ibps) {
|
||||||
case (8 <<8) + 8: tctx->mtab = &mode_08_08; break;
|
case (8 <<8) + 8: tctx->mtab = &mode_08_08; break;
|
||||||
case (11<<8) + 8: tctx->mtab = &mode_11_08; break;
|
case (11<<8) + 8: tctx->mtab = &mode_11_08; break;
|
||||||
|
|||||||
@@ -4750,6 +4750,9 @@ static void vc1_decode_skip_blocks(VC1Context *v)
|
|||||||
{
|
{
|
||||||
MpegEncContext *s = &v->s;
|
MpegEncContext *s = &v->s;
|
||||||
|
|
||||||
|
if (!v->s.last_picture.f.data[0])
|
||||||
|
return;
|
||||||
|
|
||||||
ff_er_add_slice(s, 0, s->start_mb_y, s->mb_width - 1, s->end_mb_y - 1, ER_MB_END);
|
ff_er_add_slice(s, 0, s->start_mb_y, s->mb_width - 1, s->end_mb_y - 1, ER_MB_END);
|
||||||
s->first_slice_line = 1;
|
s->first_slice_line = 1;
|
||||||
for (s->mb_y = s->start_mb_y; s->mb_y < s->end_mb_y; s->mb_y++) {
|
for (s->mb_y = s->start_mb_y; s->mb_y < s->end_mb_y; s->mb_y++) {
|
||||||
|
|||||||
@@ -718,7 +718,9 @@ static int asf_read_header(AVFormatContext *s)
|
|||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
return ret;
|
return ret;
|
||||||
} else if (!ff_guidcmp(&g, &ff_asf_stream_header)) {
|
} else if (!ff_guidcmp(&g, &ff_asf_stream_header)) {
|
||||||
asf_read_stream_properties(s, gsize);
|
int ret = asf_read_stream_properties(s, gsize);
|
||||||
|
if (ret < 0)
|
||||||
|
return ret;
|
||||||
} else if (!ff_guidcmp(&g, &ff_asf_comment_header)) {
|
} else if (!ff_guidcmp(&g, &ff_asf_comment_header)) {
|
||||||
asf_read_content_desc(s, gsize);
|
asf_read_content_desc(s, gsize);
|
||||||
} else if (!ff_guidcmp(&g, &ff_asf_language_guid)) {
|
} else if (!ff_guidcmp(&g, &ff_asf_language_guid)) {
|
||||||
|
|||||||
@@ -1562,11 +1562,13 @@ static int mxf_parse_structural_metadata(MXFContext *mxf)
|
|||||||
st->codec->bits_per_coded_sample = descriptor->bits_per_sample;
|
st->codec->bits_per_coded_sample = descriptor->bits_per_sample;
|
||||||
|
|
||||||
if (descriptor->sample_rate.den > 0) {
|
if (descriptor->sample_rate.den > 0) {
|
||||||
avpriv_set_pts_info(st, 64, descriptor->sample_rate.den, descriptor->sample_rate.num);
|
|
||||||
st->codec->sample_rate = descriptor->sample_rate.num / descriptor->sample_rate.den;
|
st->codec->sample_rate = descriptor->sample_rate.num / descriptor->sample_rate.den;
|
||||||
|
avpriv_set_pts_info(st, 64, descriptor->sample_rate.den, descriptor->sample_rate.num);
|
||||||
} else {
|
} else {
|
||||||
av_log(mxf->fc, AV_LOG_WARNING, "invalid sample rate (%d/%d) found for stream #%d, time base forced to 1/48000\n",
|
av_log(mxf->fc, AV_LOG_WARNING, "invalid sample rate (%d/%d) "
|
||||||
descriptor->sample_rate.num, descriptor->sample_rate.den, st->index);
|
"found for stream #%d, time base forced to 1/48000\n",
|
||||||
|
descriptor->sample_rate.num, descriptor->sample_rate.den,
|
||||||
|
st->index);
|
||||||
avpriv_set_pts_info(st, 64, 1, 48000);
|
avpriv_set_pts_info(st, 64, 1, 48000);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -87,7 +87,7 @@ static int r3d_read_red1(AVFormatContext *s)
|
|||||||
|
|
||||||
framerate.num = avio_rb16(s->pb);
|
framerate.num = avio_rb16(s->pb);
|
||||||
framerate.den = avio_rb16(s->pb);
|
framerate.den = avio_rb16(s->pb);
|
||||||
if (framerate.num && framerate.den) {
|
if (framerate.num > 0 && framerate.den > 0) {
|
||||||
#if FF_API_R_FRAME_RATE
|
#if FF_API_R_FRAME_RATE
|
||||||
st->r_frame_rate =
|
st->r_frame_rate =
|
||||||
#endif
|
#endif
|
||||||
@@ -285,6 +285,10 @@ static int r3d_read_reda(AVFormatContext *s, AVPacket *pkt, Atom *atom)
|
|||||||
dts = avio_rb32(s->pb);
|
dts = avio_rb32(s->pb);
|
||||||
|
|
||||||
st->codec->sample_rate = avio_rb32(s->pb);
|
st->codec->sample_rate = avio_rb32(s->pb);
|
||||||
|
if (st->codec->sample_rate <= 0) {
|
||||||
|
av_log(s, AV_LOG_ERROR, "Bad sample rate\n");
|
||||||
|
return AVERROR_INVALIDDATA;
|
||||||
|
}
|
||||||
|
|
||||||
samples = avio_rb32(s->pb);
|
samples = avio_rb32(s->pb);
|
||||||
|
|
||||||
|
|||||||
@@ -375,8 +375,13 @@ ff_rm_read_mdpr_codecdata (AVFormatContext *s, AVIOContext *pb,
|
|||||||
if ((ret = rm_read_extradata(pb, st->codec, codec_data_size - (avio_tell(pb) - codec_pos))) < 0)
|
if ((ret = rm_read_extradata(pb, st->codec, codec_data_size - (avio_tell(pb) - codec_pos))) < 0)
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
av_reduce(&st->avg_frame_rate.den, &st->avg_frame_rate.num,
|
if (fps > 0) {
|
||||||
0x10000, fps, (1 << 30) - 1);
|
av_reduce(&st->avg_frame_rate.den, &st->avg_frame_rate.num,
|
||||||
|
0x10000, fps, (1 << 30) - 1);
|
||||||
|
} else if (s->error_recognition & AV_EF_EXPLODE) {
|
||||||
|
av_log(s, AV_LOG_ERROR, "Invalid framerate\n");
|
||||||
|
return AVERROR_INVALIDDATA;
|
||||||
|
}
|
||||||
#if FF_API_R_FRAME_RATE
|
#if FF_API_R_FRAME_RATE
|
||||||
st->r_frame_rate = st->avg_frame_rate;
|
st->r_frame_rate = st->avg_frame_rate;
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
Reference in New Issue
Block a user