Commit Graph

17171 Commits

Author SHA1 Message Date
Luca Barbato
aa99cb15f6 atrac3: Error on impossible encoding/channel combinations
Joint stereo encoded mono is impossible.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 50cf5a7fb7)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-08-24 11:32:37 +02:00
Luca Barbato
67a8a1c202 atrac3: set the getbits context the right buffer_end
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 22e76ec635)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-08-24 11:32:26 +02:00
Luca Barbato
8f3fe7c696 atrac3: fix error handling
decode_tonal_components returns a proper AVERROR.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 874c8a17ac)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-08-24 11:32:15 +02:00
Luca Barbato
64bcb5d350 qdm2: check and reset dithering index per channel
Checking per subband would have the index exceed the
dithering noise table size.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 744a11c996)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-08-24 11:28:11 +02:00
Luca Barbato
998a0389d3 qdm2: formatting cosmetics
Apply the usual style plus drop few unnecessary return at the end
of void functions.

(cherry picked from commit 76efedeadb)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-08-24 11:28:11 +02:00
Luca Barbato
86eec54c94 qdm2: use init_static_data
(cherry picked from commit f054e309c5)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-08-24 11:28:11 +02:00
Luca Barbato
fb1823e178 vqavideo: check the version
Prevent out of buffer write.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit c4abc9098c)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-08-24 11:28:07 +02:00
Luca Barbato
258eea3f2e kmvc: Clip pixel position to valid range
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 4e7f0b082d)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-07-06 15:06:31 +02:00
Luca Barbato
1c2bd6fe5f kmvc: use fixed sized arrays in the context
Avoid some boilerplate code to dynamically allocate and then free the
buffers.
(cherry picked from commit 8f68977054)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>

Conflicts:
	libavcodec/kmvc.c
2013-07-06 15:06:31 +02:00
Luca Barbato
73d5d7acb0 indeo: reject negative array indexes
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org

(cherry picked from commit 6a10142faa)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-07-06 15:06:31 +02:00
Luca Barbato
80d73b4ada indeo: Cosmetic formatting
Trim some overly long lines.

(cherry picked from commit 6dfacd7ab1)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-07-06 15:06:31 +02:00
Luca Barbato
b9892e1813 indeo: Refactor ff_ivi_init_tiles and ivi_decode_blocks
Spin large and mostly self contained blocks into stand alone
functions.

(cherry picked from commit 62256010e9)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-07-06 15:06:31 +02:00
Luca Barbato
d76480e6ba indeo: Refactor ff_ivi_dec_huff_desc
Spare an indentation level.

(cherry picked from commit f6f36ca8ca)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-07-06 15:06:31 +02:00
Luca Barbato
33388299fb indeo: use a typedef for the mc function pointer
(cherry picked from commit e6d8acf6a8)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-07-06 15:06:31 +02:00
Luca Barbato
d8dab6c3b8 indeo: use proper error code
(cherry picked from commit dd3754a488)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-07-06 15:06:31 +02:00
Luca Barbato
5f7944a308 indeo: check for reference when inheriting mvs
The same is done already for qdelta.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit b36e1893ef)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-07-04 22:06:13 +02:00
Luca Barbato
f518fa6bee indeo: use proper error code
(cherry picked from commit dd3754a488)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-07-04 22:05:48 +02:00
Luca Barbato
51a23b0e95 indeo: Properly forward the error codes
If the tile data size does not match the buffer size it did not
return an AVERROR_INVALIDDATA causing futher corruption later.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 7388c0c586)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-07-04 22:05:15 +02:00
Luca Barbato
2cdc976320 mjpeg: Check the unescaped size for overflows
And contextually check init_get_bits success and fix the reporting
message.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 6765ee7b9c)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>

Conflicts:
	libavcodec/mjpegdec.c
2013-06-30 16:03:27 +02:00
Luca Barbato
efcfd50c9f wmapro: error out on impossible scale factor offsets
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 02ec656af7)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-06-30 16:03:27 +02:00
Luca Barbato
8bd0372937 wmapro: check the min_samples_per_subframe
Must be at least WMAPRO_BLOCK_MIN_SIZE.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit d4a217a408)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-06-30 16:03:27 +02:00
Luca Barbato
9761abffb6 wmapro: return early on unsupported condition
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 6652338f43)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>

Conflicts:
	libavcodec/wmaprodec.c
2013-06-30 16:03:27 +02:00
Luca Barbato
fbeae4a951 wmapro: check num_vec_coeffs against the actual available buffer
Prevent yet another buffer overwrite.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 3822936252)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-06-30 16:03:27 +02:00
Luca Barbato
88433979c2 wmapro: make sure there is room to store the current packet
Prevent horrid and hard to trace struct overwrite.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit e30b068ef7)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-06-30 16:03:27 +02:00
Luca Barbato
9d1b173aae lavc: move put_bits_left in put_bits.h
(cherry picked from commit afe03092dd)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-06-30 16:03:27 +02:00
Luca Barbato
c7934c6c0b 4xm: do not overread the source buffer in decode_p_block
Check for out of picture macroblocks before calling mcdc.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 94aefb1932)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-06-30 16:03:27 +02:00
Luca Barbato
04c29196ad 4xm: check bitstream_size boundary before using it
Prevent buffer overread.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 59d7bb99b6)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-06-30 16:03:27 +02:00
Kostya Shishkov
5e6122ddad smacker: check the return value of smacker_decode_tree
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit a2f9937bb04b23a341b0ec0eb1d923bbeb420277)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-06-16 15:58:26 +02:00
Kostya Shishkov
1a0cdd18b0 smacker: fix an off by one in huff.length computation
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit ee205588b250fe5cae0681be8eba51a5403c3272)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-06-16 15:58:22 +02:00
Luca Barbato
d33b0f7224 4xm: do not overread the prestream buffer
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit be373cb50d)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-06-16 15:54:23 +02:00
Luca Barbato
6ddc1eb037 4xm: validate the buffer size before parsing it
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit de2e5777e2)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-06-16 15:54:15 +02:00
Luca Barbato
ded74ab5d1 4xm: reject frames not compatible with the declared version
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 145023f572)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-06-16 15:54:06 +02:00
Luca Barbato
f82e9deec2 4xm: drop pointless assert
Make sure the value of wlog2 is always between 0 and 3.
(cherry picked from commit 1f0c607560)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-06-16 15:53:55 +02:00
Luca Barbato
d0cabcc789 4xm: forward errors from decode_p_block
Partially mitigate out of memory writes.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit b8b809908e)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-06-16 15:53:44 +02:00
Luca Barbato
dac0d4f354 4xm: fold last_picture lazy allocation in decode_p_frame
(cherry picked from commit 50ec1db62d)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

Conflicts:
	libavcodec/4xm.c
2013-06-16 15:53:33 +02:00
Luca Barbato
04c506e912 4xm: use the correct logging context
(cherry picked from commit 08859d19b4)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-06-16 15:15:11 +02:00
Luca Barbato
8eb7c2566c tiff: do not overread the source buffer
At least 2 bytes from the source are read every loop.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 9c22169769)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>

Conflicts:
	libavcodec/tiff.c
2013-06-08 16:31:54 +02:00
Luca Barbato
5fed47b94f vmd: refactor the inner decode loop
Simplify a little, assume empty frames are acceptable and
do not pointlessly reinit the bytestream2 contexts using
possibly wrong size values.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 676da248ca)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

Conflicts:
	libavcodec/vmdav.c
2013-06-01 15:28:19 +02:00
Luca Barbato
5a01ab0e62 vmd: use the PALETTE_COUNT constant uniformly
While at it drop useless parentheses.
(cherry picked from commit 91a6944e56)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-06-01 05:38:38 +02:00
Luca Barbato
dbaf3f7b0b vmd: drop incomplete chunks and spurious samples
Odd chunk size makes no sense for stereo and incomplete chunks are
not supported.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 701966730c)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-05-31 23:14:01 +02:00
Luca Barbato
5a8dcc993d vmd: return meaningful errors
CC: libav-stable@libav.org
(cherry picked from commit c8f3cb9119)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>

Conflicts:
	libavcodec/vmdav.c
2013-05-31 23:00:31 +02:00
Alexandra Khirnova
4f6fbe47a9 vmdav: convert to bytestream2
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 0afcf97e1e)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>

Conflicts:
	libavcodec/vmdav.c
2013-05-31 23:00:31 +02:00
Luca Barbato
7251de3032 wavpack: use bytestream2 in wavpack_decode_block
Prevent most out of buffer reads.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 3f0b6d7a62)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>

Conflicts:
	libavcodec/wavpack.c
2013-05-31 23:00:31 +02:00
Luca Barbato
5ba83e9091 wavpack: return meaningful errors
And forward those that were already meaningful.
(cherry picked from commit 8c34558131)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>

Conflicts:
	libavcodec/wavpack.c
2013-05-31 23:00:31 +02:00
Luca Barbato
93fbf034c9 wavpack: check packet size early
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit fd06291239)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-05-31 23:00:31 +02:00
Luca Barbato
aed12df7fe mjpegdec: validate parameters in mjpeg_decode_scan_progressive_ac
Prevent out of buffer write when decoding broken samples.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit cfbd98abe8)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-05-31 23:00:31 +02:00
Luca Barbato
7923a25fdd mjpeg: Validate sampling factors
They must be non-zero.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 8aa3500905)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-05-31 23:00:31 +02:00
Luca Barbato
510a96a211 ljpeg: use the correct number of components in yuv
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit a030279a67)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-05-31 23:00:31 +02:00
Luca Barbato
c340319559 wavpack: validate samples size parsed in wavpack_decode_block
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit ed50673066)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>

Conflicts:
	libavcodec/wavpack.c
2013-05-31 23:00:30 +02:00
Luca Barbato
0af5a774eb jpegls: check the scan offset
Prevent an out of array bound write.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit abad374909)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>

Conflicts:
	libavcodec/jpeglsdec.c
2013-05-31 23:00:30 +02:00