This is similar to the fix in 35cbc98b.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit e9d61de96c113ee0ef8082833c7e682df0e23eec)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit bacf5db1962a6955ce80eea6bbc86c6970d7d360)
Properly forward mp_decode_layer3 errors, mp_decode_layer1 and
mp_decode_layer2 do not return errors.
Based on a patch by Michael Niedermayer.
(cherry picked from commit 0c03cc68386443f1e96ab6fb358220faf67cd5ff)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
The function can return either a parsing error or a memory management
error.
Fixes: CVE-2012-2797
(cherry picked from commit 9ab0874ea8b6774c6f5470dba2b5b4615a610d0d)
Conflicts:
libavcodec/mpegaudiodec.c
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
The value should be always 3, as it follows from the specification.
Fix a stack buffer overflow in exponents_from_scale_factors as reported
by asan. Thanks to Dale Curtis for the sample vector.
(cherry picked from commit 97cfa55eea39cef30abe14682c56c1e4e7f6f10d)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Instead of clipping extrasize based on EXTRABYTES, clip based on the
amount of buffer actually left. Without this fix, there are warbles
and other distortions in the test case below.
http://kevincennis.com/mix/assets/sounds/1901_voxfx.mp3
(cherry picked from commit b7165426917f91ebcad84bdff366824f03b32bfe)
Signed-off-by: Alex Converse <alex.converse@gmail.com>
In some cases, what is left to read from ptr is smaller than EXTRABYTES.
Based on a patch by Thierry Foucu <tfoucu@gmail.com>.
Signed-off-by: Alex Converse <alex.converse@gmail.com>
(cherry picked from commit f372ce119bd2458fa0b4ddfb2af3a36621df99f7)
If bufsize < headersize, init_get_bits() will be called with a negative
number, causing it to fail and any subsequent call to get_bits() will
crash because it reads from a NULL pointer.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 3e13005cac6e076053276b515f5fcf59a3f4b65d)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
The safe bitstream reader does not allow using skip_bits_long() to seek to a
point before the start of the buffer, which was needed by the mp3 decoder.
This change instead calculates the start point of the first valid granule and
skips to that position.
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
The buffer splicing relies on the bitstream reader over-reading
the end of the buffer as declared in init_get_bits(), although
more data is actually present. Manually moving the bitstream
boundary after init_get_bits() allows this to work as expected.
Signed-off-by: Mans Rullgard <mans@mansr.com>
Pass the correct size in bits to mpeg4audio_get_config and add a flag
to disable parsing of the sync extension when the size is not known.
Latm with AudioMuxVersion 0 does not specify the size of the audio
specific config. Data after the audio specific config can be
misinterpreted as sync extension resulting in random and wrong configs.
The documentation for CODEC_CAP_PARSE_ONLY and AVCodecContext.parse_only
indicates that they are utilized through avcodec_parse_frame(), which was
never actually implemented.
Its functionality was removed several years ago, so it doesn't do anything.
AVCodecContext.frame_number could serve the same purpose if someone
wants to debug the frame count.
On frame decoding failure, return an error if the frame is the same size as
the whole packet, otherwise just log an error message and return the number
of bytes consumed.
Some parameters passed to the av_dlog can be either float or int, depending on
the mode the file is being compiled as. Cast those parameters to float and use
appropriate conversion specifiers.
This merges the float and fixed-point versions of the compute_antialias
function, fixes invalid array indexing, and eliminates a dead copy of
csa_table.
Signed-off-by: Mans Rullgard <mans@mansr.com>
These structs are only used in mpegaudiodec.c, so move them there
and remove no longer needed #include lines from mpegaudio.h.
Signed-off-by: Mans Rullgard <mans@mansr.com>
This separation allows these functions to be used in a cleaner
fashion from other codecs (e.g. qdm2) and simplifies creating
optimised versions of them.
Signed-off-by: Mans Rullgard <mans@mansr.com>
This adds a _fixed suffix to the fixed-point versions of things
with both float and fixed-point variants. This makes it more
consistent with other dual-implementation things, e.g. fft.
Signed-off-by: Mans Rullgard <mans@mansr.com>
