31288 Commits

Author SHA1 Message Date
Mans Rullgard
a31e9f68a4 lavf: fix signed overflow in avformat_find_stream_info()
On the first iteration through this code, last_dts is always
INT64_MIN (AV_NOPTS_VALUE) and the subtraction overflows in
an invalid manner.  Although the result is only used if the
input values are valid, performing the subtraction is still
not allowed in a strict environment.

Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-08 20:04:22 +01:00
Mans Rullgard
bb59156606 vp8: fix signed overflows
In addition to avoiding undefined behaviour, an unsigned type
makes more sense for packing multiple 8-bit values.

Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-08 20:03:55 +01:00
Mans Rullgard
e708afd3c0 motion_est: fix some signed overflows
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-08 20:03:55 +01:00
Mans Rullgard
559c244d42 dca: fix signed overflow in shift
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-08 20:03:55 +01:00
Mans Rullgard
d12294304a aacdec: fix undefined shifts
Since nnz can be zero, this is needed to avoid a shift by 32.

Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-08 20:03:55 +01:00
Laurent Aimar
a00676e48e bink: Check for various out of bound writes
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-08 16:32:01 +02:00
Laurent Aimar
24adf7832b bink: Check for out of bound writes when building tree
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-08 16:25:56 +02:00
Mans Rullgard
ac6eab1496 put_bits: fix invalid shift by 32 in flush_put_bits()
If flush_put_bits() is called when the 32-bit buffer is empty,
e.g. after writing a multiple of 32 bits, and invalid shift by
32 is performed.  Since flush_put_bits() is called infrequently,
this additional check should have negligible performance impact.

Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-08 02:41:58 +01:00
Alex Converse
98ef887a75 mpegps: Use av_get_packet() instead of poorly emulating it. 2011-10-07 17:04:14 -07:00
Janne Grunau
c2f2dfb3dd motionpixels: decode only the 111 complete frames for fate
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 19:32:07 +02:00
Laurent Aimar
9bd854b1ff mpc8: Check out of bound bands limit
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 17:15:45 +02:00
Laurent Aimar
7d17a794f0 xan: Prevent NULL dereference with missing palette
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 17:15:31 +02:00
Laurent Aimar
3db3fdf4c6 xan: Check for out of bound reads in xan_huffman_decode()
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:32 +02:00
Laurent Aimar
3e0757c2a8 xan: Fixed out of bound accesses in xan_unpack()
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:32 +02:00
Laurent Aimar
1cd0a55163 motionpixels: Prevent calling init_vlc() with invalid parameters
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:32 +02:00
Laurent Aimar
5f05cf4ea9 shorten: Fix out of bound writes in fix_bitshift()
The data pointers s->decoded[*] already take into account s->nwrap.

Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
1720603287 dsicinav: Check for out of bounds writes
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
64263dd526 tiertexseqv: Check for out of bound reads
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
4fd56f842c quickdraw: Check for out of bound reads
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
e3ca9b93d9 dsicinav: Check for out of bounds reads
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
210c80331e motionpixels: Fix the size of workspace buffers
Some buffers must be mod 4 in width and/or height.

Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
d337dd3a90 motionpixels: Clear FF_INPUT_BUFFER_PADDING_SIZE bytes at the end of the temporary buffer
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
d99427cb8b wmavoice: Check for corrupted extra data
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
1c1449b548 wmavoice: Check for out of bound writes
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
06be075cda xan: Prevent NULL dereferences with missing reference frame
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
c7e631986b bink: Prevent NULL dereferences with missing reference frame
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
2c6cf13940 wavpack: Reset internal state on corrupted blocks
wavpack_decode_block() supposes that it is called back with the exact
same buffer unless it has returned with an error. With multi-channels
files, wavpack_decode_frame() was breaking this assumption.

Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
2c1ba79941 wmapro: Validate the number of audio channels before using it
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:30 +02:00
Laurent Aimar
1e3336de69 mpc8: Fix return value on EOF
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:30 +02:00
Laurent Aimar
95010d18b2 shorten: Prevent block size from increasing
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:30 +02:00
Laurent Aimar
124a16f678 xan: Prevent out of bound accesses
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:30 +02:00
Michael Niedermayer
14c21c1ff5 H264: Only wait before triggering ff_thread_setup_complete() until the next slice that contains a start-of-field/frame macroblock
This allows concurrent decoding of the last field/frame, rather than
only the last slice, of data packets with multiple NAL units packed
together.

This will fix the slowdown reported in e.g. bug 52.

Signed-off-by: Anton Khirnov <anton@khirnov.net>
2011-10-07 14:23:26 +02:00
Laurent Aimar
a72cad0a6c vp6: Reset the internal state when aborting key frames header parsing
It prevents leaving the state only half initialized.

Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 00:37:32 +02:00
Laurent Aimar
3d09d0017d vp56: Release old pictures after a resolution changes
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 00:27:24 +02:00
Laurent Aimar
066fff755a vp6: Check for huffman tree build errors
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 00:27:03 +02:00
Laurent Aimar
0ec6d6e9b6 vp56: Check for missing reference frame data
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 00:25:43 +02:00
Laurent Aimar
d239d4b447 cinepak: Fix invalid read access on extra data
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-06 23:35:29 +02:00
Laurent Aimar
c0cbe36b18 vmd: fix segfaults on corruped streams
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-06 23:33:09 +02:00
Laurent Aimar
3a742470a8 cook: Fix js_vlc_bits value validation for joint stereo
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-06 23:31:06 +02:00
Laurent Aimar
1775b92fee segafilm: Check for memory allocation failures in segafilm demuxer.
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-06 23:19:45 +02:00
Laurent Aimar
762ffa6861 segafilm: Fix potential division by 0 on corrupted streams in the demuxer
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-06 23:01:45 +02:00
Laurent Aimar
790f4dd5c9 Fixed segfault on corrupted sega streams in the demuxer.
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-06 22:32:02 +02:00
Laurent Aimar
69a0bce753 Fixed deference of NULL pointer in motionpixels decoder.
Some of the arguments given to init_vlc() come from the stream
and can be corrupted.

Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-06 22:29:12 +02:00
Anton Khirnov
d97efd7f87 libx264: support 9- and 10-bit output. 2011-10-06 09:16:06 +02:00
Ronald S. Bultje
4418aa9cb3 h264: correct implicit_weight for field-interlaced pictures. 2011-10-05 04:01:23 -07:00
Ronald S. Bultje
330deb7592 mpegvideo: set correct offset for edge emulation buffer.
Using the old code, half of it was unused and the other half was too
small for e.g. >8bpp interlaced data, causing random buffer overruns.
2011-10-05 04:01:23 -07:00
Ronald S. Bultje
0884dd5a1b mpegvideo: fix position of bottom edge.
It was wrong in colorspaces where horizontal and vertical chroma
subsampling are not the same, e.g. 422.
2011-10-05 04:01:23 -07:00
Diego Biurrun
e83c2ddebf Fix 'heigth' vs. 'height' typos. 2011-10-05 11:12:01 +02:00
Anton Khirnov
a4ea00d021 lavc/lavf: use unique private classes.
This is needed by the new AVOptions API.
2011-10-05 07:52:30 +02:00
Anton Khirnov
0ba1e1978d lavc: use designated initializers for av_codec_context_class 2011-10-05 07:52:05 +02:00