Mans Rullgard
581810f502
mpeg4dec: use unsigned type for startcode in ff_mpeg4_decode_picture_header
...
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-09 23:28:54 +01:00
Mans Rullgard
aa498fef0d
mpeg124: use sign_extend() function
...
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-09 23:22:14 +01:00
Mans Rullgard
633ddb8519
ac3dec: use get_sbits() instead of manually sign-extending
...
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-09 23:21:31 +01:00
Mans Rullgard
84dda40762
4xm: fix signed overflow
...
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-09 23:13:35 +01:00
Mans Rullgard
ba3f07d061
wmavoice: fix a signed overflow
...
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-09 23:04:03 +01:00
Mans Rullgard
05795f35be
mpegvideo_enc: fix a signed overflow
...
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-09 23:03:46 +01:00
Mans Rullgard
282847ba80
zmbv: remove memcpy() of decoded frame
...
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-09 13:58:19 +01:00
Mans Rullgard
2f329db90e
mpeg12enc: use sign_extend() function
...
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-09 13:58:17 +01:00
Mans Rullgard
60f10e0ad3
h264pred: use unsigned types for pixel values, fix signed overflows
...
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-09 12:27:19 +01:00
Mans Rullgard
4d1418cd4f
h264: fix signed overflows in x*0x01010101 expressions
...
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-09 12:27:19 +01:00
Mans Rullgard
d66b9dec11
h264pred: remove unused variables
...
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-09 12:27:19 +01:00
Mans Rullgard
bb59156606
vp8: fix signed overflows
...
In addition to avoiding undefined behaviour, an unsigned type
makes more sense for packing multiple 8-bit values.
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-08 20:03:55 +01:00
Mans Rullgard
e708afd3c0
motion_est: fix some signed overflows
...
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-08 20:03:55 +01:00
Mans Rullgard
559c244d42
dca: fix signed overflow in shift
...
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-08 20:03:55 +01:00
Mans Rullgard
d12294304a
aacdec: fix undefined shifts
...
Since nnz can be zero, this is needed to avoid a shift by 32.
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-08 20:03:55 +01:00
Laurent Aimar
a00676e48e
bink: Check for various out of bound writes
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-08 16:32:01 +02:00
Laurent Aimar
24adf7832b
bink: Check for out of bound writes when building tree
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-08 16:25:56 +02:00
Mans Rullgard
ac6eab1496
put_bits: fix invalid shift by 32 in flush_put_bits()
...
If flush_put_bits() is called when the 32-bit buffer is empty,
e.g. after writing a multiple of 32 bits, and invalid shift by
32 is performed. Since flush_put_bits() is called infrequently,
this additional check should have negligible performance impact.
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-08 02:41:58 +01:00
Laurent Aimar
9bd854b1ff
mpc8: Check out of bound bands limit
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 17:15:45 +02:00
Laurent Aimar
7d17a794f0
xan: Prevent NULL dereference with missing palette
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 17:15:31 +02:00
Laurent Aimar
3db3fdf4c6
xan: Check for out of bound reads in xan_huffman_decode()
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:32 +02:00
Laurent Aimar
3e0757c2a8
xan: Fixed out of bound accesses in xan_unpack()
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:32 +02:00
Laurent Aimar
1cd0a55163
motionpixels: Prevent calling init_vlc() with invalid parameters
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:32 +02:00
Laurent Aimar
5f05cf4ea9
shorten: Fix out of bound writes in fix_bitshift()
...
The data pointers s->decoded[*] already take into account s->nwrap.
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
1720603287
dsicinav: Check for out of bounds writes
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
64263dd526
tiertexseqv: Check for out of bound reads
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
4fd56f842c
quickdraw: Check for out of bound reads
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
e3ca9b93d9
dsicinav: Check for out of bounds reads
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
210c80331e
motionpixels: Fix the size of workspace buffers
...
Some buffers must be mod 4 in width and/or height.
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
d337dd3a90
motionpixels: Clear FF_INPUT_BUFFER_PADDING_SIZE bytes at the end of the temporary buffer
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
d99427cb8b
wmavoice: Check for corrupted extra data
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
1c1449b548
wmavoice: Check for out of bound writes
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
06be075cda
xan: Prevent NULL dereferences with missing reference frame
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
c7e631986b
bink: Prevent NULL dereferences with missing reference frame
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
2c6cf13940
wavpack: Reset internal state on corrupted blocks
...
wavpack_decode_block() supposes that it is called back with the exact
same buffer unless it has returned with an error. With multi-channels
files, wavpack_decode_frame() was breaking this assumption.
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
2c1ba79941
wmapro: Validate the number of audio channels before using it
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:30 +02:00
Laurent Aimar
95010d18b2
shorten: Prevent block size from increasing
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:30 +02:00
Laurent Aimar
124a16f678
xan: Prevent out of bound accesses
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:30 +02:00
Michael Niedermayer
14c21c1ff5
H264: Only wait before triggering ff_thread_setup_complete() until the next slice that contains a start-of-field/frame macroblock
...
This allows concurrent decoding of the last field/frame, rather than
only the last slice, of data packets with multiple NAL units packed
together.
This will fix the slowdown reported in e.g. bug 52.
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2011-10-07 14:23:26 +02:00
Laurent Aimar
a72cad0a6c
vp6: Reset the internal state when aborting key frames header parsing
...
It prevents leaving the state only half initialized.
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 00:37:32 +02:00
Laurent Aimar
3d09d0017d
vp56: Release old pictures after a resolution changes
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 00:27:24 +02:00
Laurent Aimar
066fff755a
vp6: Check for huffman tree build errors
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 00:27:03 +02:00
Laurent Aimar
0ec6d6e9b6
vp56: Check for missing reference frame data
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 00:25:43 +02:00
Laurent Aimar
d239d4b447
cinepak: Fix invalid read access on extra data
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-06 23:35:29 +02:00
Laurent Aimar
c0cbe36b18
vmd: fix segfaults on corruped streams
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-06 23:33:09 +02:00
Laurent Aimar
3a742470a8
cook: Fix js_vlc_bits value validation for joint stereo
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-06 23:31:06 +02:00
Laurent Aimar
69a0bce753
Fixed deference of NULL pointer in motionpixels decoder.
...
Some of the arguments given to init_vlc() come from the stream
and can be corrupted.
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-06 22:29:12 +02:00
Anton Khirnov
d97efd7f87
libx264: support 9- and 10-bit output.
2011-10-06 09:16:06 +02:00
Ronald S. Bultje
4418aa9cb3
h264: correct implicit_weight for field-interlaced pictures.
2011-10-05 04:01:23 -07:00
Ronald S. Bultje
330deb7592
mpegvideo: set correct offset for edge emulation buffer.
...
Using the old code, half of it was unused and the other half was too
small for e.g. >8bpp interlaced data, causing random buffer overruns.
2011-10-05 04:01:23 -07:00