Commit Graph

36328 Commits

Author SHA1 Message Date
Luca Barbato
aa99cb15f6 atrac3: Error on impossible encoding/channel combinations
Joint stereo encoded mono is impossible.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 50cf5a7fb7)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-08-24 11:32:37 +02:00
Luca Barbato
67a8a1c202 atrac3: set the getbits context the right buffer_end
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 22e76ec635)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-08-24 11:32:26 +02:00
Luca Barbato
8f3fe7c696 atrac3: fix error handling
decode_tonal_components returns a proper AVERROR.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 874c8a17ac)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-08-24 11:32:15 +02:00
Luca Barbato
64bcb5d350 qdm2: check and reset dithering index per channel
Checking per subband would have the index exceed the
dithering noise table size.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 744a11c996)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-08-24 11:28:11 +02:00
Luca Barbato
998a0389d3 qdm2: formatting cosmetics
Apply the usual style plus drop few unnecessary return at the end
of void functions.

(cherry picked from commit 76efedeadb)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-08-24 11:28:11 +02:00
Luca Barbato
86eec54c94 qdm2: use init_static_data
(cherry picked from commit f054e309c5)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-08-24 11:28:11 +02:00
Luca Barbato
e7800543fe westwood_vqa: do not free extradata on error in read_header
The extradata is already freed by avformat_open_input on
failure.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 76f5dfbfd9)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-08-24 11:28:10 +02:00
Luca Barbato
fb1823e178 vqavideo: check the version
Prevent out of buffer write.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit c4abc9098c)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-08-24 11:28:07 +02:00
Michael Niedermayer
a747cf8873 rmdec: Use the AVIOContext given as parameter in rm_read_metadata()
This fixes crashes when playing back certain RealRTSP streams.

When invoked from the RTP depacketizer, the full realmedia
demuxer isn't invoked, but only certain functions from it, where
a separate AVIOContext is passed in as parameter (for the buffer
containing the data to parse). The functions called from within
those entry points should only be using that parameter, not
s->pb. In the depacketizer case, s is the RTSP context, where ->pb
is null.

Cc: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit d35b6cd377)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-08-24 11:07:52 +02:00
Michael Niedermayer
002ca3e099 avio: Handle AVERROR_EOF in the same way as the return value 0
This makes sure the ffurl_read_complete function actually
returns the number of bytes read, as the documentation of the
function says, even if the underlying protocol uses AVERROR_EOF
instead of 0.

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 5d876be87a)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-08-24 11:06:55 +02:00
Luca Barbato
fa6eef4210 wtv: Mark attachment with a negative stream id
A sid 0 would be mismatched to the attachment.

Prevent NULL pointer dereference.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit f5e646a00a)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-08-24 11:06:33 +02:00
Anton Khirnov
3f5824aa18 avconv: do not use lavfi direct rendering with -deinterlace
-deinterlace allocates a temporary buffer that is freed immediately
after the frame is sent to lavfi, which results in use after free.

Disable direct rendering when -deinterlace is used.

CC:libav-stable@libav.org
Bug-id: 479
2013-08-04 18:57:39 +02:00
Luca Barbato
c2c9b7297f avidec: Let the inner dv demuxer take care of discarding
(cherry picked from commit c8f0b20b4a)

CC: libav-stable@libav.org
2013-07-27 16:32:32 +02:00
Reinhard Tartler
9aaca159bd Update Changelog 2013-07-06 15:06:47 +02:00
Luca Barbato
258eea3f2e kmvc: Clip pixel position to valid range
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 4e7f0b082d)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-07-06 15:06:31 +02:00
Luca Barbato
1c2bd6fe5f kmvc: use fixed sized arrays in the context
Avoid some boilerplate code to dynamically allocate and then free the
buffers.
(cherry picked from commit 8f68977054)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>

Conflicts:
	libavcodec/kmvc.c
2013-07-06 15:06:31 +02:00
Luca Barbato
73d5d7acb0 indeo: reject negative array indexes
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org

(cherry picked from commit 6a10142faa)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-07-06 15:06:31 +02:00
Luca Barbato
80d73b4ada indeo: Cosmetic formatting
Trim some overly long lines.

(cherry picked from commit 6dfacd7ab1)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-07-06 15:06:31 +02:00
Luca Barbato
b9892e1813 indeo: Refactor ff_ivi_init_tiles and ivi_decode_blocks
Spin large and mostly self contained blocks into stand alone
functions.

(cherry picked from commit 62256010e9)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-07-06 15:06:31 +02:00
Luca Barbato
d76480e6ba indeo: Refactor ff_ivi_dec_huff_desc
Spare an indentation level.

(cherry picked from commit f6f36ca8ca)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-07-06 15:06:31 +02:00
Luca Barbato
33388299fb indeo: use a typedef for the mc function pointer
(cherry picked from commit e6d8acf6a8)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-07-06 15:06:31 +02:00
Luca Barbato
d8dab6c3b8 indeo: use proper error code
(cherry picked from commit dd3754a488)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-07-06 15:06:31 +02:00
Reinhard Tartler
c8fb5d0f38 Update Changelog 2013-07-06 13:20:57 +02:00
Luca Barbato
5f7944a308 indeo: check for reference when inheriting mvs
The same is done already for qdelta.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit b36e1893ef)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-07-04 22:06:13 +02:00
Luca Barbato
f518fa6bee indeo: use proper error code
(cherry picked from commit dd3754a488)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-07-04 22:05:48 +02:00
Luca Barbato
51a23b0e95 indeo: Properly forward the error codes
If the tile data size does not match the buffer size it did not
return an AVERROR_INVALIDDATA causing futher corruption later.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 7388c0c586)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-07-04 22:05:15 +02:00
Luca Barbato
2cdc976320 mjpeg: Check the unescaped size for overflows
And contextually check init_get_bits success and fix the reporting
message.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 6765ee7b9c)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>

Conflicts:
	libavcodec/mjpegdec.c
2013-06-30 16:03:27 +02:00
Luca Barbato
efcfd50c9f wmapro: error out on impossible scale factor offsets
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 02ec656af7)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-06-30 16:03:27 +02:00
Luca Barbato
8bd0372937 wmapro: check the min_samples_per_subframe
Must be at least WMAPRO_BLOCK_MIN_SIZE.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit d4a217a408)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-06-30 16:03:27 +02:00
Luca Barbato
9761abffb6 wmapro: return early on unsupported condition
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 6652338f43)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>

Conflicts:
	libavcodec/wmaprodec.c
2013-06-30 16:03:27 +02:00
Luca Barbato
fbeae4a951 wmapro: check num_vec_coeffs against the actual available buffer
Prevent yet another buffer overwrite.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 3822936252)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-06-30 16:03:27 +02:00
Luca Barbato
88433979c2 wmapro: make sure there is room to store the current packet
Prevent horrid and hard to trace struct overwrite.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit e30b068ef7)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-06-30 16:03:27 +02:00
Luca Barbato
9d1b173aae lavc: move put_bits_left in put_bits.h
(cherry picked from commit afe03092dd)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-06-30 16:03:27 +02:00
Luca Barbato
c7934c6c0b 4xm: do not overread the source buffer in decode_p_block
Check for out of picture macroblocks before calling mcdc.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 94aefb1932)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-06-30 16:03:27 +02:00
Luca Barbato
04c29196ad 4xm: check bitstream_size boundary before using it
Prevent buffer overread.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 59d7bb99b6)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-06-30 16:03:27 +02:00
Reinhard Tartler
5c54fc6195 Prepare for 9.8 RELEASE 2013-06-30 16:03:27 +02:00
Reinhard Tartler
5d2e4c918f update Changelog 2013-06-16 19:32:07 +02:00
Kostya Shishkov
7e326d52a7 smacker: check frame size validity
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 07423ad7836325e03894f2f87ba46a531a1cc0b3)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-06-16 15:58:29 +02:00
Kostya Shishkov
71b8ef938c smacker: pad the extradata allocation
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 4c22baf65363433f8c20efd1022b4ba2d8cf2288)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-06-16 15:58:27 +02:00
Kostya Shishkov
5e6122ddad smacker: check the return value of smacker_decode_tree
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit a2f9937bb04b23a341b0ec0eb1d923bbeb420277)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-06-16 15:58:26 +02:00
Kostya Shishkov
1a0cdd18b0 smacker: fix an off by one in huff.length computation
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit ee205588b250fe5cae0681be8eba51a5403c3272)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-06-16 15:58:22 +02:00
Luca Barbato
d33b0f7224 4xm: do not overread the prestream buffer
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit be373cb50d)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-06-16 15:54:23 +02:00
Luca Barbato
6ddc1eb037 4xm: validate the buffer size before parsing it
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit de2e5777e2)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-06-16 15:54:15 +02:00
Luca Barbato
ded74ab5d1 4xm: reject frames not compatible with the declared version
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 145023f572)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-06-16 15:54:06 +02:00
Luca Barbato
f82e9deec2 4xm: drop pointless assert
Make sure the value of wlog2 is always between 0 and 3.
(cherry picked from commit 1f0c607560)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-06-16 15:53:55 +02:00
Luca Barbato
d0cabcc789 4xm: forward errors from decode_p_block
Partially mitigate out of memory writes.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit b8b809908e)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-06-16 15:53:44 +02:00
Luca Barbato
dac0d4f354 4xm: fold last_picture lazy allocation in decode_p_frame
(cherry picked from commit 50ec1db62d)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

Conflicts:
	libavcodec/4xm.c
2013-06-16 15:53:33 +02:00
Luca Barbato
3f71c0c1b0 4xm: do not overread while parsing header
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 42d73f7f6b)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-06-16 15:53:18 +02:00
Luca Barbato
ea56f6e5a7 4xm: refactor fourxm_read_header
Split sound and video tag parsing in separate functions.
(cherry picked from commit e7a44f87d0)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

Conflicts:
	libavcodec/4xm.c
2013-06-16 15:53:04 +02:00
Luca Barbato
9ac3c6c2c6 4xm: K&R formatting cosmetics
(cherry picked from commit e6496ea7e7)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-06-16 15:15:18 +02:00