14381 Commits

Author SHA1 Message Date
Mans Rullgard
581810f502 mpeg4dec: use unsigned type for startcode in ff_mpeg4_decode_picture_header
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-09 23:28:54 +01:00
Mans Rullgard
aa498fef0d mpeg124: use sign_extend() function
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-09 23:22:14 +01:00
Mans Rullgard
633ddb8519 ac3dec: use get_sbits() instead of manually sign-extending
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-09 23:21:31 +01:00
Mans Rullgard
84dda40762 4xm: fix signed overflow
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-09 23:13:35 +01:00
Mans Rullgard
ba3f07d061 wmavoice: fix a signed overflow
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-09 23:04:03 +01:00
Mans Rullgard
05795f35be mpegvideo_enc: fix a signed overflow
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-09 23:03:46 +01:00
Mans Rullgard
282847ba80 zmbv: remove memcpy() of decoded frame
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-09 13:58:19 +01:00
Mans Rullgard
2f329db90e mpeg12enc: use sign_extend() function
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-09 13:58:17 +01:00
Mans Rullgard
60f10e0ad3 h264pred: use unsigned types for pixel values, fix signed overflows
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-09 12:27:19 +01:00
Mans Rullgard
4d1418cd4f h264: fix signed overflows in x*0x01010101 expressions
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-09 12:27:19 +01:00
Mans Rullgard
d66b9dec11 h264pred: remove unused variables
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-09 12:27:19 +01:00
Mans Rullgard
bb59156606 vp8: fix signed overflows
In addition to avoiding undefined behaviour, an unsigned type
makes more sense for packing multiple 8-bit values.

Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-08 20:03:55 +01:00
Mans Rullgard
e708afd3c0 motion_est: fix some signed overflows
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-08 20:03:55 +01:00
Mans Rullgard
559c244d42 dca: fix signed overflow in shift
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-08 20:03:55 +01:00
Mans Rullgard
d12294304a aacdec: fix undefined shifts
Since nnz can be zero, this is needed to avoid a shift by 32.

Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-08 20:03:55 +01:00
Laurent Aimar
a00676e48e bink: Check for various out of bound writes
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-08 16:32:01 +02:00
Laurent Aimar
24adf7832b bink: Check for out of bound writes when building tree
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-08 16:25:56 +02:00
Mans Rullgard
ac6eab1496 put_bits: fix invalid shift by 32 in flush_put_bits()
If flush_put_bits() is called when the 32-bit buffer is empty,
e.g. after writing a multiple of 32 bits, and invalid shift by
32 is performed.  Since flush_put_bits() is called infrequently,
this additional check should have negligible performance impact.

Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-08 02:41:58 +01:00
Laurent Aimar
9bd854b1ff mpc8: Check out of bound bands limit
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 17:15:45 +02:00
Laurent Aimar
7d17a794f0 xan: Prevent NULL dereference with missing palette
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 17:15:31 +02:00
Laurent Aimar
3db3fdf4c6 xan: Check for out of bound reads in xan_huffman_decode()
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:32 +02:00
Laurent Aimar
3e0757c2a8 xan: Fixed out of bound accesses in xan_unpack()
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:32 +02:00
Laurent Aimar
1cd0a55163 motionpixels: Prevent calling init_vlc() with invalid parameters
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:32 +02:00
Laurent Aimar
5f05cf4ea9 shorten: Fix out of bound writes in fix_bitshift()
The data pointers s->decoded[*] already take into account s->nwrap.

Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
1720603287 dsicinav: Check for out of bounds writes
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
64263dd526 tiertexseqv: Check for out of bound reads
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
4fd56f842c quickdraw: Check for out of bound reads
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
e3ca9b93d9 dsicinav: Check for out of bounds reads
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
210c80331e motionpixels: Fix the size of workspace buffers
Some buffers must be mod 4 in width and/or height.

Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
d337dd3a90 motionpixels: Clear FF_INPUT_BUFFER_PADDING_SIZE bytes at the end of the temporary buffer
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
d99427cb8b wmavoice: Check for corrupted extra data
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
1c1449b548 wmavoice: Check for out of bound writes
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
06be075cda xan: Prevent NULL dereferences with missing reference frame
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
c7e631986b bink: Prevent NULL dereferences with missing reference frame
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
2c6cf13940 wavpack: Reset internal state on corrupted blocks
wavpack_decode_block() supposes that it is called back with the exact
same buffer unless it has returned with an error. With multi-channels
files, wavpack_decode_frame() was breaking this assumption.

Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
2c1ba79941 wmapro: Validate the number of audio channels before using it
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:30 +02:00
Laurent Aimar
95010d18b2 shorten: Prevent block size from increasing
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:30 +02:00
Laurent Aimar
124a16f678 xan: Prevent out of bound accesses
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:30 +02:00
Michael Niedermayer
14c21c1ff5 H264: Only wait before triggering ff_thread_setup_complete() until the next slice that contains a start-of-field/frame macroblock
This allows concurrent decoding of the last field/frame, rather than
only the last slice, of data packets with multiple NAL units packed
together.

This will fix the slowdown reported in e.g. bug 52.

Signed-off-by: Anton Khirnov <anton@khirnov.net>
2011-10-07 14:23:26 +02:00
Laurent Aimar
a72cad0a6c vp6: Reset the internal state when aborting key frames header parsing
It prevents leaving the state only half initialized.

Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 00:37:32 +02:00
Laurent Aimar
3d09d0017d vp56: Release old pictures after a resolution changes
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 00:27:24 +02:00
Laurent Aimar
066fff755a vp6: Check for huffman tree build errors
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 00:27:03 +02:00
Laurent Aimar
0ec6d6e9b6 vp56: Check for missing reference frame data
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 00:25:43 +02:00
Laurent Aimar
d239d4b447 cinepak: Fix invalid read access on extra data
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-06 23:35:29 +02:00
Laurent Aimar
c0cbe36b18 vmd: fix segfaults on corruped streams
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-06 23:33:09 +02:00
Laurent Aimar
3a742470a8 cook: Fix js_vlc_bits value validation for joint stereo
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-06 23:31:06 +02:00
Laurent Aimar
69a0bce753 Fixed deference of NULL pointer in motionpixels decoder.
Some of the arguments given to init_vlc() come from the stream
and can be corrupted.

Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-06 22:29:12 +02:00
Anton Khirnov
d97efd7f87 libx264: support 9- and 10-bit output. 2011-10-06 09:16:06 +02:00
Ronald S. Bultje
4418aa9cb3 h264: correct implicit_weight for field-interlaced pictures. 2011-10-05 04:01:23 -07:00
Ronald S. Bultje
330deb7592 mpegvideo: set correct offset for edge emulation buffer.
Using the old code, half of it was unused and the other half was too
small for e.g. >8bpp interlaced data, causing random buffer overruns.
2011-10-05 04:01:23 -07:00