Commit Graph

37 Commits

Author SHA1 Message Date
Andreas Cadhalpun
ae6fd7300b msrledec: use signed pixel_ptr in msrle_decode_pal4
This fixes segmentation faults, when pic->linesize[0] is negative.
In that case 'line * pic->linesize[0] + pixel_ptr' is treated as
unsigned and wraps around.

This reverts commit 7d78a964.
The problem was introduced in commit f7e1367f, which should obsolete
that commit.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-04-16 15:52:22 +02:00
Michael Niedermayer
c20eab5c85 avcodec/msrledec: More verbose error message
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-03-24 16:07:57 +01:00
Michael Niedermayer
f7e1367f58 avcodec/msrledec: restructure msrle_decode_pal4() based on the line number instead of the pixel pointer
Fixes out of array access
Fixes: da14e86d8462be6493eab16bc2d40f88/asan_heap-oob_204cfd2_528_cov_340150052_COMPRESS.BMP

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-03-24 16:07:26 +01:00
Paul B Mahol
e6e26b8a91 msrledec: use memset()
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2013-08-26 19:26:01 +00:00
Paul B Mahol
6638738968 msrledec: use bytestream2_get_bufferu()
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2013-08-26 19:26:00 +00:00
Michael Niedermayer
e398990eb8 msrledec: fix output_end checks
Fixes out of array accesses

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-03-05 03:29:04 +01:00
Michael Niedermayer
ddc3ca2caa Merge commit 'da7baaaae79b4d7d715d35ea6bcfbdd149edc177'
* commit 'da7baaaae79b4d7d715d35ea6bcfbdd149edc177':
  aasc: fix output for msrle compression.
  msrledec: check bounds before constructing a possibly invalid pointer,
  cmdutils: remove ansi from the list of broken codecs.

Conflicts:
	tests/ref/fate/aasc

Also See: e7117f1c10

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2013-02-06 15:16:51 +01:00
Anton Khirnov
9bd6375d5f msrledec: check bounds before constructing a possibly invalid pointer,
CC:libav-stable@libav.org
2013-02-06 10:21:52 +01:00
Michael Niedermayer
d2e0a276d5 msrledec: merge switches
More speedup and fixes 'may be used uninitialized in this function' warnings

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-01-30 16:42:17 +01:00
Michael Niedermayer
dbaae33c2c msrledec: move loop into switch
speeds up code and allows more simplifications

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-01-30 16:39:35 +01:00
Michael Niedermayer
c2992b7053 msrledec: move output pointer test up
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-01-30 16:33:45 +01:00
Michael Niedermayer
ca19862d38 Merge remote-tracking branch 'qatar/master'
* qatar/master:
  libxvid: remove disabled code
  qdm2: make a table static const
  qdm2: simplify bitstream reader setup for some subpacket types
  qdm2: use get_bits_left()
  build: Consistently handle conditional compilation for all optimization OBJS.
  avpacket, bfi, bgmc, rawenc: K&R prettyprinting cosmetics
  msrle: convert MS RLE decoding function to bytestream2.
  x86inc improvements for 64-bit

Conflicts:
	common.mak
	libavcodec/avpacket.c
	libavcodec/bfi.c
	libavcodec/msrledec.c
	libavcodec/qdm2.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-04-13 00:39:19 +02:00
Ronald Bultje
992f71e95d msrle: convert MS RLE decoding function to bytestream2.
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
2012-04-11 16:30:41 -04:00
Michael Niedermayer
04b53746ad Merge remote-tracking branch 'qatar/master'
* qatar/master:
  rtpdec: Use 4 byte startcodes for H.264
  matroskadec: Mark variable as av_unused.
  Move some conditionally used variables into the block where they are used.
  Drop some completely unnecessary av_unused attributes.
  swscale: Remove unused variable alpMmxFilter.
  Drop unnecessary av_uninit attributes from some variable declarations.
  movenc: Support muxing wmapro in ismv/isma
  mpegtsenc: Add an AVOption for forcing a new PAT/PMT/SDT to be written
  swscale: move YUV2PACKED16WRAPPER() macro down to where it is used.
  swscale: handle gray16 as a "planar" YUV format (Y-only, of course).
  swscale: use yuv2packed1() functions for unscaled chroma also.
  swscale: fix incorrect chroma bias in yuv2rgb48_1_c().
  swscale: fix invalid memory accesses in yuvpacked1() functions.
  Move PS2 MMI code below the mips subdirectory, where it belongs.
  mips: Move MMI function declarations to a header.
  build: Set correct dependencies for rtmp* protocols implemented by librtmp.

Conflicts:
	libavcodec/ac3enc_template.c
	libavformat/mpegtsenc.c
	libswscale/output.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-02-14 01:53:31 +01:00
Diego Biurrun
a8798c7eb9 Drop unnecessary av_uninit attributes from some variable declarations.
Recent versions of gcc (4.4+) no longer give false positive warnings.
2012-02-13 19:20:52 +01:00
Michael Niedermayer
c065255bba Merge remote-tracking branch 'qatar/master'
* qatar/master:
  aacenc: Fix LONG_START windowing.
  aacenc: Fix a bug where deinterleaved samples were stored in the wrong place.
  avplay: use the correct array size for stride.
  lavc: extend doxy for avcodec_alloc_context3().
  APIchanges: mention avcodec_alloc_context()/2/3
  avcodec_align_dimensions2: set only 4 linesizes, not AV_NUM_DATA_POINTERS.
  aacsbr: ARM NEON optimised sbrdsp functions
  aacsbr: align some arrays
  aacsbr: move some simdable loops to function pointers
  cosmetics: Remove extra newlines at EOF

Conflicts:
	libavcodec/utils.c
	libavfilter/formats.c
	libavutil/mem.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-29 00:34:59 +01:00
Alex Converse
7181c4edee cosmetics: Remove extra newlines at EOF 2012-01-27 17:19:09 -08:00
Michael Niedermayer
53be37e368 msrledec: Check for overreads
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2011-12-13 15:46:23 +01:00
Michael Niedermayer
8e2bab5d4b Merge remote-tracking branch 'qatar/master'
* qatar/master:
  drawtext: remove typo
  pcm-mpeg: implement new audio decoding api
  w32thread: port fixes to pthread_cond_broadcast() from x264.
  doc: add editor configuration section with Vim and Emacs settings
  dxva2.h: include d3d9.h to define LPDIRECT3DSURFACE9
  avformat/utils: Drop unused goto label.
  doxygen: Replace '\' by '@' in Doxygen markup tags.
  cosmetics: drop some completely pointless parentheses
  cljr: simplify CLJRContext
  drawtext: introduce rand(min, max)
  drawtext: introduce explicit draw/hide variable
  rtmp: Use nb_invokes for all invoke commands

Conflicts:
	libavcodec/mpegvideo.c
	libavfilter/vf_drawtext.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2011-12-08 00:23:37 +01:00
Diego Biurrun
ee41963f19 cosmetics: drop some completely pointless parentheses 2011-12-07 15:29:13 +01:00
Mans Rullgard
2912e87a6c Replace FFmpeg with Libav in licence headers
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-03-19 13:33:20 +00:00
Michael Niedermayer
7d78a96441 Fix possibly exploitable out of buffer writes in msrle_decode_pal4().
This fix is minimalistic, that function should be cleaned up by someone.

Originally committed as revision 25633 to svn://svn.ffmpeg.org/ffmpeg/trunk
2010-11-02 01:19:15 +00:00
Michael Niedermayer
7429783101 Fix possibly exploitable buffer overrun in msrle_decode_8_16_24_32().
Issue has been reported to me by Gynvael Coldwind

Originally committed as revision 25632 to svn://svn.ffmpeg.org/ffmpeg/trunk
2010-11-02 01:19:12 +00:00
Michael Niedermayer
81a646140f remove impossible condition from msrle_decode_pal4()
Originally committed as revision 25631 to svn://svn.ffmpeg.org/ffmpeg/trunk
2010-11-02 01:19:09 +00:00
Michael Niedermayer
94ee6c100d fix indent
Originally committed as revision 25630 to svn://svn.ffmpeg.org/ffmpeg/trunk
2010-11-02 01:19:03 +00:00
Diego Biurrun
ba87f0801d Remove explicit filename from Doxygen @file commands.
Passing an explicit filename to this command is only necessary if the
documentation in the @file block refers to a file different from the
one the block resides in.

Originally committed as revision 22921 to svn://svn.ffmpeg.org/ffmpeg/trunk
2010-04-20 14:45:34 +00:00
Carl Eugen Hoyos
ccd17ea13c Include msrledec.h: It contains the prototype for ff_msrle_decode().
Originally committed as revision 22105 to svn://svn.ffmpeg.org/ffmpeg/trunk
2010-02-28 03:41:59 +00:00
Kostya Shishkov
b08de903cd Make MS RLE decoder produce both bottom-up and top-down pictures
Originally committed as revision 20111 to svn://svn.ffmpeg.org/ffmpeg/trunk
2009-10-01 05:42:55 +00:00
Baptiste Coudurier
25178da302 do not print false error if eof follows eol
Originally committed as revision 18965 to svn://svn.ffmpeg.org/ffmpeg/trunk
2009-05-27 06:43:51 +00:00
Diego Biurrun
607694c77b cosmetics: Fix some typos.
Originally committed as revision 18894 to svn://svn.ffmpeg.org/ffmpeg/trunk
2009-05-22 17:14:22 +00:00
Kostya Shishkov
b3867c93d1 Fix off-by-one error in MS RLE decoder which may result into writing past
picture buffer.

Originally committed as revision 18852 to svn://svn.ffmpeg.org/ffmpeg/trunk
2009-05-16 06:39:08 +00:00
Diego Biurrun
1e4eb387d4 Add av_uninit macro to variables to avoid false positive warnings:
libavcodec/msrledec.c: In function ‘ff_msrle_decode’:
libavcodec/msrledec.c:139: warning: ‘pix32’ may be used uninitialized in this function
libavcodec/msrledec.c:138: warning: ‘pix16’ may be used uninitialized in this function

Originally committed as revision 17156 to svn://svn.ffmpeg.org/ffmpeg/trunk
2009-02-11 14:57:42 +00:00
Diego Biurrun
bad5537e2c Use full internal pathname in doxygen @file directives.
Otherwise doxygen complains about ambiguous filenames when files exist
under the same name in different subdirectories.

Originally committed as revision 16912 to svn://svn.ffmpeg.org/ffmpeg/trunk
2009-02-01 02:00:19 +00:00
Diego Biurrun
6a5d31ac25 Fix build: Add intreadwrite.h and bswap.h #includes where necessary.
Originally committed as revision 16556 to svn://svn.ffmpeg.org/ffmpeg/trunk
2009-01-11 22:19:48 +00:00
Kostya Shishkov
6149cdbe9d Make decoding run of pixels in MS RLE saner.
This is based on patches by Alex Converse and Mans Rullgard
Thread "[PATCH] Fix MSRLE type punning"

Originally committed as revision 16013 to svn://svn.ffmpeg.org/ffmpeg/trunk
2008-12-06 09:05:30 +00:00
Kostya Shishkov
ce60c2d133 Print out some errors found during MS RLE decoding
Originally committed as revision 16012 to svn://svn.ffmpeg.org/ffmpeg/trunk
2008-12-06 09:01:11 +00:00
Kostya Shishkov
44aa9771c9 Factorize out code used for MS RLE format decoding in different decoders.
Originally committed as revision 15356 to svn://svn.ffmpeg.org/ffmpeg/trunk
2008-09-18 05:20:54 +00:00