diff --git a/libavcodec/cook.c b/libavcodec/cook.c index a5da74efcc..14614c9316 100644 --- a/libavcodec/cook.c +++ b/libavcodec/cook.c @@ -1086,6 +1086,11 @@ static av_cold int cook_decode_init(AVCodecContext *avctx) if (extradata_size >= 8){ bytestream_get_be32(&edata_ptr); //Unknown unused q->subpacket[s].js_subband_start = bytestream_get_be16(&edata_ptr); + if (q->subpacket[s].js_subband_start >= 51) { + av_log(avctx, AV_LOG_ERROR, "js_subband_start %d is too large\n", q->subpacket[s].js_subband_start); + return AVERROR_INVALIDDATA; + } + q->subpacket[s].js_vlc_bits = bytestream_get_be16(&edata_ptr); extradata_size -= 8; } diff --git a/libavcodec/qdm2_tablegen.h b/libavcodec/qdm2_tablegen.h index f215b15ffc..38adb97dc5 100644 --- a/libavcodec/qdm2_tablegen.h +++ b/libavcodec/qdm2_tablegen.h @@ -37,7 +37,7 @@ #include "libavcodec/qdm2_tables.h" #else static uint16_t softclip_table[HARDCLIP_THRESHOLD - SOFTCLIP_THRESHOLD + 1]; -static float noise_table[4096]; +static float noise_table[4096 + 20]; static uint8_t random_dequant_index[256][5]; static uint8_t random_dequant_type24[128][3]; static float noise_samples[128]; diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c index 2ca6d5ca62..d26135ecda 100644 --- a/libavcodec/tiff.c +++ b/libavcodec/tiff.c @@ -360,6 +360,11 @@ static int tiff_decode_tag(TiffContext *s, const uint8_t *start, const uint8_t * "Samples per pixel requires a single value, many provided\n"); return AVERROR_INVALIDDATA; } + if (value > 4U) { + av_log(s->avctx, AV_LOG_ERROR, + "Samples per pixel %d is too large\n", value); + return AVERROR_INVALIDDATA; + } if (s->bppcount == 1) s->bpp *= value; s->bppcount = value; diff --git a/libavcodec/utils.c b/libavcodec/utils.c index 0098e2bdbb..8eca9c67eb 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -177,9 +177,10 @@ void avcodec_align_dimensions2(AVCodecContext *s, int *width, int *height, int l case PIX_FMT_PAL8: case PIX_FMT_BGR8: case PIX_FMT_RGB8: - if(s->codec_id == CODEC_ID_SMC){ - w_align=4; - h_align=4; + if (s->codec_id == CODEC_ID_SMC || + s->codec_id == CODEC_ID_CINEPAK) { + w_align = 4; + h_align = 4; } break; case PIX_FMT_BGR24: @@ -188,6 +189,12 @@ void avcodec_align_dimensions2(AVCodecContext *s, int *width, int *height, int l h_align=4; } break; + case PIX_FMT_RGB24: + if (s->codec_id == CODEC_ID_CINEPAK) { + w_align = 4; + h_align = 4; + } + break; default: w_align= 1; h_align= 1; diff --git a/libavcodec/vqavideo.c b/libavcodec/vqavideo.c index 6e1ce6c0d2..e7b2cae26a 100644 --- a/libavcodec/vqavideo.c +++ b/libavcodec/vqavideo.c @@ -529,7 +529,7 @@ static void vqa_decode_chunk(VqaContext *s) if (chunk_size > MAX_CODEBOOK_SIZE - s->next_codebook_buffer_index) { av_log(s->avctx, AV_LOG_ERROR, "cbp0 chunk too large (0x%X bytes)\n", chunk_size); - return AVERROR_INVALIDDATA; + return; } /* accumulate partial codebook */ @@ -557,7 +557,7 @@ static void vqa_decode_chunk(VqaContext *s) if (chunk_size > MAX_CODEBOOK_SIZE - s->next_codebook_buffer_index) { av_log(s->avctx, AV_LOG_ERROR, "cbpz chunk too large (0x%X bytes)\n", chunk_size); - return AVERROR_INVALIDDATA; + return; } /* accumulate partial codebook */ diff --git a/libavcodec/wma.c b/libavcodec/wma.c index feb121b591..2e8ac979a5 100644 --- a/libavcodec/wma.c +++ b/libavcodec/wma.c @@ -177,6 +177,10 @@ int ff_wma_init(AVCodecContext *avctx, int flags2) bps = (float)s->bit_rate / (float)(s->nb_channels * s->sample_rate); s->byte_offset_bits = av_log2((int)(bps * s->frame_len / 8.0 + 0.5)) + 2; + if (s->byte_offset_bits + 3 > MIN_CACHE_BITS) { + av_log(avctx, AV_LOG_ERROR, "byte_offset_bits %d is too large\n", s->byte_offset_bits); + return AVERROR_PATCHWELCOME; + } /* compute high frequency value and choose if noise coding should be activated */