generic-library/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge commit '44079902c49e526f464bb4eb855665e1af867e91' into release/1.1

Browse Source 
* commit '44079902c49e526f464bb4eb855665e1af867e91':
  mov: Free intermediate arrays in the normal cleanup function
  segafilm: fix leaks if reading the header fails
  h264_cavlc: check the size of the intra PCM data.
  h263: Check init_get_bits return value
  cavsdec: check ff_get_buffer() return value

Conflicts:
	libavcodec/cavsdec.c
	libavcodec/h263dec.c
	libavformat/mov.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer
2014-02-04 06:17:49 +01:00
parent 9ac7d8f85d 44079902c4
commit e2781db62a
5 changed files with 48 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
libavcodec/cavsdec.c
View File

@@ -979,7 +979,8 @@ static int decode_pic(AVSContext *h)
if (h->cur.f->data[0])
h->avctx->release_buffer(h->avctx, h->cur.f);
if ((ret = ff_get_buffer(h->avctx, h->cur.f)) < 0)
ret = ff_get_buffer(h->avctx, h->cur.f);
if (ret < 0)
return ret;
if (!h->edge_emu_buffer) {

28
libavcodec/h263dec.c
View File

@@ -392,7 +392,6 @@ uint64_t time= rdtsc();
return buf_size;
}
retry:
if(s->divx_packed && s->bitstream_buffer_size){
int i;
@@ -407,16 +406,20 @@ retry:
}
}
if(s->bitstream_buffer_size && (s->divx_packed || buf_size<20)){ //divx 5.01+/xvid frame reorder
init_get_bits(&s->gb, s->bitstream_buffer, s->bitstream_buffer_size*8);
}else
init_get_bits(&s->gb, buf, buf_size*8);
s->bitstream_buffer_size=0;
if (s->bitstream_buffer_size && (s->divx_packed || buf_size < 20)) // divx 5.01+/xvid frame reorder
ret = init_get_bits8(&s->gb, s->bitstream_buffer,
s->bitstream_buffer_size);
else
ret = init_get_bits8(&s->gb, buf, buf_size);
if (!s->context_initialized) {
if ((ret = ff_MPV_common_init(s)) < 0) //we need the idct permutaton for reading a custom matrix
s->bitstream_buffer_size=0;
if (ret < 0)
return ret;
if (!s->context_initialized)
// we need the idct permutaton for reading a custom matrix
if ((ret = ff_MPV_common_init(s)) < 0)
return ret;
}
/* We need to set current_picture_ptr before reading the header,
* otherwise we cannot store anyting in there */
@@ -436,8 +439,11 @@ retry:
if(s->avctx->extradata_size && s->picture_number==0){
GetBitContext gb;
init_get_bits(&gb, s->avctx->extradata, s->avctx->extradata_size*8);
ret = ff_mpeg4_decode_picture_header(s, &gb);
ret = init_get_bits8(&gb, s->avctx->extradata,
s->avctx->extradata_size);
if (ret < 0)
return ret;
ff_mpeg4_decode_picture_header(s, &gb);
}
ret = ff_mpeg4_decode_picture_header(s, &s->gb);
} else if (CONFIG_H263I_DECODER && s->codec_id == AV_CODEC_ID_H263I) {

4
libavcodec/h264_cavlc.c
View File

@@ -771,6 +771,10 @@ decode_intra_mb:
// We assume these blocks are very rare so we do not optimize it.
align_get_bits(&s->gb);
if (get_bits_left(&s->gb) < mb_size) {
av_log(s->avctx, AV_LOG_ERROR, "Not enough data for an intra PCM block.\n");
return AVERROR_INVALIDDATA;
}
// The pixels are stored in the same order as levels in h->mb array.
for(x=0; x < mb_size; x++){

8
libavformat/mov.c
View File

@@ -3089,13 +3089,15 @@ static int mov_read_close(AVFormatContext *s)
av_freep(&sc->drefs);
if (sc->pb && sc->pb != s->pb)
avio_close(sc->pb);
sc->pb = NULL;
av_freep(&sc->chunk_offsets);
av_freep(&sc->keyframes);
av_freep(&sc->sample_sizes);
av_freep(&sc->stps_data);
av_freep(&sc->stsc_data);
av_freep(&sc->sample_sizes);
av_freep(&sc->keyframes);
av_freep(&sc->stts_data);
av_freep(&sc->stps_data);
av_freep(&sc->rap_group);
}
if (mov->dv_demux) {

35
libavformat/segafilm.c
View File

@@ -76,13 +76,23 @@ static int film_probe(AVProbeData *p)
return AVPROBE_SCORE_MAX;
}
static int film_read_close(AVFormatContext *s)
{
FilmDemuxContext *film = s->priv_data;
av_freep(&film->sample_table);
av_freep(&film->stereo_buffer);
return 0;
}
static int film_read_header(AVFormatContext *s)
{
FilmDemuxContext *film = s->priv_data;
AVIOContext *pb = s->pb;
AVStream *st;
unsigned char scratch[256];
int i;
int i, ret;
unsigned int data_offset;
unsigned int audio_frame_counter;
@@ -214,14 +224,16 @@ static int film_read_header(AVFormatContext *s)
for (i = 0; i < film->sample_count; i++) {
/* load the next sample record and transfer it to an internal struct */
if (avio_read(pb, scratch, 16) != 16) {
av_free(film->sample_table);
return AVERROR(EIO);
ret = AVERROR(EIO);
goto fail;
}
film->sample_table[i].sample_offset =
data_offset + AV_RB32(&scratch[0]);
film->sample_table[i].sample_size = AV_RB32(&scratch[4]);
if (film->sample_table[i].sample_size > INT_MAX / 4)
return AVERROR_INVALIDDATA;
if (film->sample_table[i].sample_size > INT_MAX / 4) {
ret = AVERROR_INVALIDDATA;
goto fail;
}
if (AV_RB32(&scratch[8]) == 0xFFFFFFFF) {
film->sample_table[i].stream = film->audio_stream_index;
film->sample_table[i].pts = audio_frame_counter;
@@ -242,6 +254,9 @@ static int film_read_header(AVFormatContext *s)
film->current_sample = 0;
return 0;
fail:
film_read_close(s);
return ret;
}
static int film_read_packet(AVFormatContext *s,
@@ -322,16 +337,6 @@ static int film_read_packet(AVFormatContext *s,
return ret;
}
static int film_read_close(AVFormatContext *s)
{
FilmDemuxContext *film = s->priv_data;
av_free(film->sample_table);
av_free(film->stereo_buffer);
return 0;
}
AVInputFormat ff_segafilm_demuxer = {
.name = "film_cpk",
.long_name = NULL_IF_CONFIG_SMALL("Sega FILM / CPK"),