15 Commits

Author SHA1 Message Date
Reimar Döffinger
0f199f0ad0 mss2: Fix buffer overflow.
Reported as https://trac.mplayerhq.hu/ticket/2264 but have
not been able to reproduce with FFmpeg-only.
I have no idea what coded_height is used for here exactly,
so this might not be the best fix.
Fixes the following chain of events:
ff_mss12_decode_init sets coded_height while not setting height.
ff_mpv_decode_init then copies coded_height into MpegEncContext height.
This is then used by init_context_frame to allocate the data structures.
However the wmv9rects are validated/initialized based on avctx->height, not
avctx->coded_height.
Thus the decode_wmv9 function will try to decode a larger video that we
allocated data structures for, causing out-of-bounds writes.

Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
2016-02-28 13:32:01 +01:00
Michael Niedermayer
f8ff76199c avcodec/mss12: Use av_malloc_array()
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-01-17 13:01:26 +01:00
Michael Niedermayer
8d024c5107 Merge commit 'cc8163e1a3601a56f722a4720516e860bf1c6198'
* commit 'cc8163e1a3601a56f722a4720516e860bf1c6198':
  avcodec: more correct printf specifiers

Conflicts:
	libavcodec/4xm.c
	libavcodec/alsdec.c
	libavcodec/dfa.c
	libavcodec/h264_ps.c
	libavcodec/jpeg2000dec.c
	libavcodec/lagarith.c
	libavcodec/mpeg12dec.c
	libavcodec/rv10.c
	libavcodec/svq3.c
	libavcodec/wmaprodec.c
	libavcodec/xwddec.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-03-22 18:43:40 +01:00
Diego Biurrun
cc8163e1a3 avcodec: more correct printf specifiers 2014-03-22 14:08:20 +01:00
Michael Niedermayer
ee9151b616 ff_mss12_decode_init: check dimensions
Fixes assertion failure

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-01-24 01:47:20 +01:00
Michael Niedermayer
b12d92efd6 avoid "0xFF << 24" as it is considered a integer overflow in C99
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-10-14 03:26:31 +02:00
Michael Niedermayer
9dcc4c30f9 Merge remote-tracking branch 'qatar/master'
* qatar/master:
  configure: add support for bdver1 and bdver2 CPU types.
  avio: make avio_close NULL the freed buffer
  pixdesc: cosmetics
  proresenc: Don't free a buffer not owned by the codec
  proresenc: Write the full value in one put_bits call
  adpcmenc: Calculate the IMA_QT predictor without overflow
  x86: Add convenience macros to check for CPU extensions and flags
  x86: h264dsp: drop some unnecessary ifdefs around prototype declarations
  mss12: merge decode_pixel() and decode_top_left_pixel()
  mss12: reduce SliceContext size from 1067 to 164 KB
  mss12: move SliceContexts out of the common context into the codec contexts

Conflicts:
	libavformat/aviobuf.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-09-04 17:04:51 +02:00
Alberto Delmás
344fbc47c7 mss12: merge decode_pixel() and decode_top_left_pixel()
No meaningful generated code differences using gcc -O3.

Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>
2012-09-03 14:41:59 +02:00
Alberto Delmás
626c1a33ed mss12: reduce SliceContext size from 1067 to 164 KB
Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>
2012-09-03 14:39:37 +02:00
Alberto Delmás
a97ee41bee mss12: move SliceContexts out of the common context into the codec contexts
Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>
2012-09-03 14:39:19 +02:00
Michael Niedermayer
c617bed34f Merge remote-tracking branch 'qatar/master'
* qatar/master:
  MSS1 and MSS2: set final pixel format after common stuff has been initialised
  MSS2 decoder
  configure: handle --disable-asm before check_deps
  x86: Split inline and external assembly #ifdefs
  configure: x86: Separate inline from standalone assembler capabilities
  pktdumper: Use a custom define instead of PATH_MAX for buffers
  pktdumper: Use av_strlcpy instead of strncpy
  pktdumper: Use sizeof(variable) instead of the direct buffer length

Conflicts:
	Changelog
	configure
	libavcodec/allcodecs.c
	libavcodec/avcodec.h
	libavcodec/codec_desc.c
	libavcodec/dct-test.c
	libavcodec/imgconvert.c
	libavcodec/mss12.c
	libavcodec/version.h
	libavfilter/x86/gradfun.c
	libswscale/x86/yuv2rgb.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-08-31 13:34:32 +02:00
Alberto Delmás
ede3d6400d MSS1 and MSS2: set final pixel format after common stuff has been initialised
This way it won't interfere with WMV9 initialisation inside MSS2 decoder and
avplay will play it fine.

Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>
2012-08-31 08:08:43 +02:00
Alberto Delmás
ee769c6a7c MSS2 decoder
Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>
2012-08-31 07:37:16 +02:00
Michael Niedermayer
416d2f7a12 Merge remote-tracking branch 'qatar/master'
* qatar/master:
  vc1: export some functions
  configure: use HOSTCC_C/O in check_host_cc
  configure: use AS_O setting in check_as
  configure: use LD_O setting in check_ld()
  Revert "dsputil: make {add/put/put_signed}_pixels_clamped() non-static."
  build: Restore dependency of acelp_filters.o on celp_math.o
  celp_math: Replace duplicate ff_dot_productf() by ff_scalarproduct_c()
  celp_math: Move ff_cos() to the only place it is used
  build: Use portable abstraction for linker/hostcc output file syntax
  configure: Fix shared library creation for OpenBSD
  vp56: Don't use DECLARE_ALIGN on a typedef name
  mss1: move code that will be reused by MSS2 decoder into separate file
  mss1: merge decode_intra() and decode_inter()
  avprobe: Get rid of ugly casts in the options table
  vf_hqdn3d: Remove a duplicate inline declaration

Conflicts:
	Makefile
	configure
	ffprobe.c
	libavcodec/Makefile
	libavcodec/amrnbdec.c
	libavcodec/amrwbdec.c
	libavcodec/celp_math.c
	libavcodec/celp_math.h
	libavcodec/dsputil.c
	libavcodec/lsp.c
	libavcodec/mss1.c
	libavcodec/ra288.c
	libavcodec/vc1dec.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-08-28 16:28:48 +02:00
Kostya Shishkov
0de4a563e4 mss1: move code that will be reused by MSS2 decoder into separate file 2012-08-27 18:12:10 +02:00