Compare commits
25 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
07d508e4f5 | ||
|
|
b089b58250 | ||
|
|
a7dd37169c | ||
|
|
3032291b3a | ||
|
|
f9bbc26e69 | ||
|
|
b895e29941 | ||
|
|
3d71024f8a | ||
|
|
b834dc14da | ||
|
|
d0041dc8c4 | ||
|
|
b3c082412c | ||
|
|
918ed73b70 | ||
|
|
2791eba1d7 | ||
|
|
0d3a07852c | ||
|
|
c7a2ac6b6b | ||
|
|
0ce35b8ce8 | ||
|
|
25312a427b | ||
|
|
9143ab0e5a | ||
|
|
022bfd3dd4 | ||
|
|
e0a12b3dc3 | ||
|
|
252ba4a925 | ||
|
|
5bb31e856d | ||
|
|
eac0451e47 | ||
|
|
68c6347089 | ||
|
|
bcd7f35717 | ||
|
|
93cbdcd4d3 |
17
Changelog
17
Changelog
@@ -1,6 +1,23 @@
|
||||
Entries are sorted chronologically from oldest to youngest within each release,
|
||||
releases are sorted from youngest to oldest.
|
||||
|
||||
version 2.5.3:
|
||||
- vp9: fix parser return values in error case
|
||||
- ffmpeg: Clear error message array at init.
|
||||
- avcodec/dvdsubdec: fix accessing dangling pointers
|
||||
- avcodec/dvdsubdec: error on bitmaps with size 0
|
||||
- cmdutils: Use 64bit for file size/offset related variable in cmdutils_read_file()
|
||||
- mov: Fix negative size calculation in mov_read_default().
|
||||
- avformat/mov: fix integer overflow in mov_read_udta_string()
|
||||
- mov: Fix overflow and error handling in read_tfra().
|
||||
- mov: Avoid overflow with mov_metadata_raw()
|
||||
- avcodec/dvdsubdec: fix out of bounds accesses
|
||||
- avfilter/vf_sab: fix filtering tiny images
|
||||
- avformat/flvdec: Increase string array size
|
||||
- avformat/flvdec: do not inject dts=0 metadata packets which failed to be parsed into a new data stream
|
||||
- avformat/cdxl: Fix integer overflow of image_size
|
||||
- libavformat: Build hevc.o when building the RTP muxer
|
||||
|
||||
version 2.5.2:
|
||||
- avcodec/indeo3: ensure offsets are non negative
|
||||
- avcodec/h264: Check *log2_weight_denom
|
||||
|
||||
@@ -1860,7 +1860,7 @@ int read_yesno(void)
|
||||
|
||||
int cmdutils_read_file(const char *filename, char **bufptr, size_t *size)
|
||||
{
|
||||
int ret;
|
||||
int64_t ret;
|
||||
FILE *f = av_fopen_utf8(filename, "rb");
|
||||
|
||||
if (!f) {
|
||||
|
||||
2
configure
vendored
2
configure
vendored
@@ -5678,7 +5678,7 @@ cat > $TMPH <<EOF
|
||||
#define FFMPEG_CONFIG_H
|
||||
#define FFMPEG_CONFIGURATION "$(c_escape $FFMPEG_CONFIGURATION)"
|
||||
#define FFMPEG_LICENSE "$(c_escape $license)"
|
||||
#define CONFIG_THIS_YEAR 2014
|
||||
#define CONFIG_THIS_YEAR 2015
|
||||
#define FFMPEG_DATADIR "$(eval c_escape $datadir)"
|
||||
#define AVCONV_DATADIR "$(eval c_escape $datadir)"
|
||||
#define CC_IDENT "$(c_escape ${cc_ident:-Unknown compiler})"
|
||||
|
||||
@@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg
|
||||
# This could be handy for archiving the generated documentation or
|
||||
# if some version control system is used.
|
||||
|
||||
PROJECT_NUMBER = 2.5.2
|
||||
PROJECT_NUMBER = 2.5.3
|
||||
|
||||
# With the PROJECT_LOGO tag one can specify a logo or icon that is included
|
||||
# in the documentation. The maximum height of the logo should not exceed 55
|
||||
|
||||
@@ -29,6 +29,7 @@ OBJS=$(addsuffix .o,$(EXAMPLES))
|
||||
|
||||
# the following examples make explicit use of the math library
|
||||
avcodec: LDLIBS += -lm
|
||||
decoding_encoding: LDLIBS += -lm
|
||||
muxing: LDLIBS += -lm
|
||||
resampling_audio: LDLIBS += -lm
|
||||
|
||||
|
||||
2
ffmpeg.c
2
ffmpeg.c
@@ -2521,7 +2521,7 @@ static int transcode_init(void)
|
||||
AVFormatContext *oc;
|
||||
OutputStream *ost;
|
||||
InputStream *ist;
|
||||
char error[1024];
|
||||
char error[1024] = {0};
|
||||
int want_sdp = 1;
|
||||
|
||||
for (i = 0; i < nb_filtergraphs; i++) {
|
||||
|
||||
@@ -39,7 +39,7 @@ typedef struct DVDSubContext
|
||||
int has_palette;
|
||||
uint8_t colormap[4];
|
||||
uint8_t alpha[256];
|
||||
uint8_t *buf;
|
||||
uint8_t buf[0x10000];
|
||||
int buf_size;
|
||||
int forced_subs_only;
|
||||
#ifdef DEBUG
|
||||
@@ -108,6 +108,12 @@ static int decode_rle(uint8_t *bitmap, int linesize, int w, int h,
|
||||
int x, y, len, color;
|
||||
uint8_t *d;
|
||||
|
||||
if (start >= buf_size)
|
||||
return -1;
|
||||
|
||||
if (w <= 0 || h <= 0)
|
||||
return -1;
|
||||
|
||||
bit_len = (buf_size - start) * 8;
|
||||
init_get_bits(&gb, buf + start, bit_len);
|
||||
|
||||
@@ -359,10 +365,12 @@ static int decode_dvd_subtitles(DVDSubContext *ctx, AVSubtitle *sub_header,
|
||||
sub_header->rects[0] = av_mallocz(sizeof(AVSubtitleRect));
|
||||
sub_header->num_rects = 1;
|
||||
sub_header->rects[0]->pict.data[0] = bitmap;
|
||||
decode_rle(bitmap, w * 2, w, (h + 1) / 2,
|
||||
buf, offset1, buf_size, is_8bit);
|
||||
decode_rle(bitmap + w, w * 2, w, h / 2,
|
||||
buf, offset2, buf_size, is_8bit);
|
||||
if (decode_rle(bitmap, w * 2, w, (h + 1) / 2,
|
||||
buf, offset1, buf_size, is_8bit) < 0)
|
||||
goto fail;
|
||||
if (decode_rle(bitmap + w, w * 2, w, h / 2,
|
||||
buf, offset2, buf_size, is_8bit) < 0)
|
||||
goto fail;
|
||||
sub_header->rects[0]->pict.data[1] = av_mallocz(AVPALETTE_SIZE);
|
||||
if (is_8bit) {
|
||||
if (!yuv_palette)
|
||||
@@ -501,15 +509,11 @@ static int append_to_cached_buf(AVCodecContext *avctx,
|
||||
{
|
||||
DVDSubContext *ctx = avctx->priv_data;
|
||||
|
||||
if (ctx->buf_size > 0xffff - buf_size) {
|
||||
if (ctx->buf_size >= sizeof(ctx->buf) - buf_size) {
|
||||
av_log(avctx, AV_LOG_WARNING, "Attempt to reconstruct "
|
||||
"too large SPU packets aborted.\n");
|
||||
av_freep(&ctx->buf);
|
||||
return AVERROR_INVALIDDATA;
|
||||
}
|
||||
ctx->buf = av_realloc(ctx->buf, ctx->buf_size + buf_size);
|
||||
if (!ctx->buf)
|
||||
return AVERROR(ENOMEM);
|
||||
memcpy(ctx->buf + ctx->buf_size, buf, buf_size);
|
||||
ctx->buf_size += buf_size;
|
||||
return 0;
|
||||
@@ -525,7 +529,7 @@ static int dvdsub_decode(AVCodecContext *avctx,
|
||||
AVSubtitle *sub = data;
|
||||
int is_menu;
|
||||
|
||||
if (ctx->buf) {
|
||||
if (ctx->buf_size) {
|
||||
int ret = append_to_cached_buf(avctx, buf, buf_size);
|
||||
if (ret < 0) {
|
||||
*data_size = 0;
|
||||
@@ -567,7 +571,6 @@ static int dvdsub_decode(AVCodecContext *avctx,
|
||||
}
|
||||
#endif
|
||||
|
||||
av_freep(&ctx->buf);
|
||||
ctx->buf_size = 0;
|
||||
*data_size = 1;
|
||||
return buf_size;
|
||||
@@ -711,7 +714,6 @@ static av_cold int dvdsub_init(AVCodecContext *avctx)
|
||||
static av_cold int dvdsub_close(AVCodecContext *avctx)
|
||||
{
|
||||
DVDSubContext *ctx = avctx->priv_data;
|
||||
av_freep(&ctx->buf);
|
||||
ctx->buf_size = 0;
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -77,6 +77,8 @@ static int parse(AVCodecParserContext *ctx,
|
||||
idx += a; \
|
||||
if (sz > size) { \
|
||||
s->n_frames = 0; \
|
||||
*out_size = 0; \
|
||||
*out_data = data; \
|
||||
av_log(avctx, AV_LOG_ERROR, \
|
||||
"Superframe packet size too big: %u > %d\n", \
|
||||
sz, size); \
|
||||
|
||||
@@ -496,6 +496,8 @@ static av_cold int init(AVFilterContext *ctx)
|
||||
snprintf(name, sizeof(name), "input%d", i);
|
||||
pad.type = AVMEDIA_TYPE_AUDIO;
|
||||
pad.name = av_strdup(name);
|
||||
if (!pad.name)
|
||||
return AVERROR(ENOMEM);
|
||||
pad.filter_frame = filter_frame;
|
||||
|
||||
ff_insert_inpad(ctx, i, &pad);
|
||||
|
||||
@@ -214,6 +214,8 @@ static av_cold int join_init(AVFilterContext *ctx)
|
||||
snprintf(name, sizeof(name), "input%d", i);
|
||||
pad.type = AVMEDIA_TYPE_AUDIO;
|
||||
pad.name = av_strdup(name);
|
||||
if (!pad.name)
|
||||
return AVERROR(ENOMEM);
|
||||
pad.filter_frame = filter_frame;
|
||||
|
||||
pad.needs_fifo = 1;
|
||||
|
||||
@@ -52,6 +52,8 @@ static av_cold int split_init(AVFilterContext *ctx)
|
||||
snprintf(name, sizeof(name), "output%d", i);
|
||||
pad.type = ctx->filter->inputs[0].type;
|
||||
pad.name = av_strdup(name);
|
||||
if (!pad.name)
|
||||
return AVERROR(ENOMEM);
|
||||
|
||||
ff_insert_outpad(ctx, i, &pad);
|
||||
}
|
||||
|
||||
@@ -289,6 +289,8 @@ static av_cold int movie_common_init(AVFilterContext *ctx)
|
||||
snprintf(name, sizeof(name), "out%d", i);
|
||||
pad.type = movie->st[i].st->codec->codec_type;
|
||||
pad.name = av_strdup(name);
|
||||
if (!pad.name)
|
||||
return AVERROR(ENOMEM);
|
||||
pad.config_props = movie_config_output_props;
|
||||
pad.request_frame = movie_request_frame;
|
||||
ff_insert_outpad(ctx, i, &pad);
|
||||
|
||||
@@ -220,6 +220,19 @@ static int config_props(AVFilterLink *inlink)
|
||||
|
||||
#define NB_PLANES 4
|
||||
|
||||
static inline int mirror(int x, int w)
|
||||
{
|
||||
if (!w)
|
||||
return 0;
|
||||
|
||||
while ((unsigned)x > (unsigned)w) {
|
||||
x = -x;
|
||||
if (x < 0)
|
||||
x += 2 * w;
|
||||
}
|
||||
return x;
|
||||
}
|
||||
|
||||
static void blur(uint8_t *dst, const int dst_linesize,
|
||||
const uint8_t *src, const int src_linesize,
|
||||
const int w, const int h, FilterParam *fp)
|
||||
@@ -253,8 +266,7 @@ static void blur(uint8_t *dst, const int dst_linesize,
|
||||
for (dy = 0; dy < radius*2 + 1; dy++) {
|
||||
int dx;
|
||||
int iy = y+dy - radius;
|
||||
if (iy < 0) iy = -iy;
|
||||
else if (iy >= h) iy = h+h-iy-1;
|
||||
iy = mirror(iy, h-1);
|
||||
|
||||
for (dx = 0; dx < radius*2 + 1; dx++) {
|
||||
const int ix = x+dx - radius;
|
||||
@@ -265,13 +277,11 @@ static void blur(uint8_t *dst, const int dst_linesize,
|
||||
for (dy = 0; dy < radius*2+1; dy++) {
|
||||
int dx;
|
||||
int iy = y+dy - radius;
|
||||
if (iy < 0) iy = -iy;
|
||||
else if (iy >= h) iy = h+h-iy-1;
|
||||
iy = mirror(iy, h-1);
|
||||
|
||||
for (dx = 0; dx < radius*2 + 1; dx++) {
|
||||
int ix = x+dx - radius;
|
||||
if (ix < 0) ix = -ix;
|
||||
else if (ix >= w) ix = w+w-ix-1;
|
||||
ix = mirror(ix, w-1);
|
||||
UPDATE_FACTOR;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -377,7 +377,7 @@ OBJS-$(CONFIG_RTP_MUXER) += rtp.o \
|
||||
rtpenc_h264.o \
|
||||
rtpenc_vp8.o \
|
||||
rtpenc_xiph.o \
|
||||
avc.o
|
||||
avc.o hevc.o
|
||||
OBJS-$(CONFIG_RTSP_DEMUXER) += rtsp.o rtspdec.o httpauth.o \
|
||||
urldecode.o
|
||||
OBJS-$(CONFIG_RTSP_MUXER) += rtsp.o rtspenc.o httpauth.o \
|
||||
|
||||
@@ -127,6 +127,8 @@ static int cdxl_read_packet(AVFormatContext *s, AVPacket *pkt)
|
||||
height = AV_RB16(&cdxl->header[16]);
|
||||
palette_size = AV_RB16(&cdxl->header[20]);
|
||||
audio_size = AV_RB16(&cdxl->header[22]);
|
||||
if (FFALIGN(width, 16) * (uint64_t)height * cdxl->header[19] > INT_MAX)
|
||||
return AVERROR_INVALIDDATA;
|
||||
image_size = FFALIGN(width, 16) * height * cdxl->header[19] / 8;
|
||||
video_size = palette_size + image_size;
|
||||
|
||||
|
||||
@@ -390,7 +390,7 @@ static int amf_parse_object(AVFormatContext *s, AVStream *astream,
|
||||
FLVContext *flv = s->priv_data;
|
||||
AVIOContext *ioc;
|
||||
AMFDataType amf_type;
|
||||
char str_val[256];
|
||||
char str_val[1024];
|
||||
double num_val;
|
||||
|
||||
num_val = 0;
|
||||
@@ -558,13 +558,13 @@ static int flv_read_metabody(AVFormatContext *s, int64_t next_pos)
|
||||
type = avio_r8(ioc);
|
||||
if (type != AMF_DATA_TYPE_STRING ||
|
||||
amf_get_string(ioc, buffer, sizeof(buffer)) < 0)
|
||||
return -1;
|
||||
return 2;
|
||||
|
||||
if (!strcmp(buffer, "onTextData"))
|
||||
return 1;
|
||||
|
||||
if (strcmp(buffer, "onMetaData") && strcmp(buffer, "onCuePoint"))
|
||||
return -1;
|
||||
return 2;
|
||||
|
||||
// find the streams now so that amf_parse_object doesn't need to do
|
||||
// the lookup every time it is called.
|
||||
@@ -822,7 +822,7 @@ static int flv_read_packet(AVFormatContext *s, AVPacket *pkt)
|
||||
stream_type=FLV_STREAM_TYPE_DATA;
|
||||
if (size > 13 + 1 + 4 && dts == 0) { // Header-type metadata stuff
|
||||
meta_pos = avio_tell(s->pb);
|
||||
if (flv_read_metabody(s, next) == 0) {
|
||||
if (flv_read_metabody(s, next) <= 0) {
|
||||
goto skip;
|
||||
}
|
||||
avio_seek(s->pb, meta_pos, SEEK_SET);
|
||||
|
||||
@@ -1080,7 +1080,7 @@ static void ebml_free(EbmlSyntax *syntax, void *data)
|
||||
for (j = 0; j < list->nb_elem;
|
||||
j++, ptr += syntax[i].list_elem_size)
|
||||
ebml_free(syntax[i].def.n, ptr);
|
||||
av_free(list->elem);
|
||||
av_freep(&list->elem);
|
||||
} else
|
||||
ebml_free(syntax[i].def.n, data_off);
|
||||
default:
|
||||
@@ -2134,7 +2134,7 @@ static int matroska_deliver_packet(MatroskaDemuxContext *matroska,
|
||||
{
|
||||
if (matroska->num_packets > 0) {
|
||||
memcpy(pkt, matroska->packets[0], sizeof(AVPacket));
|
||||
av_free(matroska->packets[0]);
|
||||
av_freep(&matroska->packets[0]);
|
||||
if (matroska->num_packets > 1) {
|
||||
void *newpackets;
|
||||
memmove(&matroska->packets[0], &matroska->packets[1],
|
||||
@@ -2165,7 +2165,7 @@ static void matroska_clear_queue(MatroskaDemuxContext *matroska)
|
||||
int n;
|
||||
for (n = 0; n < matroska->num_packets; n++) {
|
||||
av_free_packet(matroska->packets[n]);
|
||||
av_free(matroska->packets[n]);
|
||||
av_freep(&matroska->packets[n]);
|
||||
}
|
||||
av_freep(&matroska->packets);
|
||||
matroska->num_packets = 0;
|
||||
@@ -3003,7 +3003,7 @@ static int matroska_read_close(AVFormatContext *s)
|
||||
|
||||
for (n = 0; n < matroska->tracks.nb_elem; n++)
|
||||
if (tracks[n].type == MATROSKA_TRACK_TYPE_AUDIO)
|
||||
av_free(tracks[n].audio.buf);
|
||||
av_freep(&tracks[n].audio.buf);
|
||||
ebml_free(matroska_cluster, &matroska->current_cluster);
|
||||
ebml_free(matroska_segment, matroska);
|
||||
|
||||
|
||||
@@ -210,7 +210,11 @@ static int mov_read_covr(MOVContext *c, AVIOContext *pb, int type, int len)
|
||||
static int mov_metadata_raw(MOVContext *c, AVIOContext *pb,
|
||||
unsigned len, const char *key)
|
||||
{
|
||||
char *value = av_malloc(len + 1);
|
||||
char *value;
|
||||
// Check for overflow.
|
||||
if (len >= INT_MAX)
|
||||
return AVERROR(EINVAL);
|
||||
value = av_malloc(len + 1);
|
||||
if (!value)
|
||||
return AVERROR(ENOMEM);
|
||||
avio_read(pb, value, len);
|
||||
@@ -352,7 +356,7 @@ static int mov_read_udta_string(MOVContext *c, AVIOContext *pb, MOVAtom atom)
|
||||
|
||||
if (!key)
|
||||
return 0;
|
||||
if (atom.size < 0)
|
||||
if (atom.size < 0 || str_size >= INT_MAX/2)
|
||||
return AVERROR_INVALIDDATA;
|
||||
|
||||
str_size_alloc = str_size << 1; // worst-case requirement for output string in case of utf8 coded input
|
||||
@@ -1150,7 +1154,7 @@ static int mov_read_wave(MOVContext *c, AVIOContext *pb, MOVAtom atom)
|
||||
st->codec->codec_id == AV_CODEC_ID_QDMC ||
|
||||
st->codec->codec_id == AV_CODEC_ID_SPEEX) {
|
||||
// pass all frma atom to codec, needed at least for QDMC and QDM2
|
||||
av_free(st->codec->extradata);
|
||||
av_freep(&st->codec->extradata);
|
||||
if (ff_get_extradata(st->codec, pb, atom.size) < 0)
|
||||
return AVERROR(ENOMEM);
|
||||
} else if (atom.size > 8) { /* to read frma, esds atoms */
|
||||
@@ -1190,7 +1194,7 @@ static int mov_read_glbl(MOVContext *c, AVIOContext *pb, MOVAtom atom)
|
||||
av_log(c, AV_LOG_WARNING, "ignoring multiple glbl\n");
|
||||
return 0;
|
||||
}
|
||||
av_free(st->codec->extradata);
|
||||
av_freep(&st->codec->extradata);
|
||||
if (ff_get_extradata(st->codec, pb, atom.size) < 0)
|
||||
return AVERROR(ENOMEM);
|
||||
|
||||
@@ -1215,7 +1219,7 @@ static int mov_read_dvc1(MOVContext *c, AVIOContext *pb, MOVAtom atom)
|
||||
return 0;
|
||||
|
||||
avio_seek(pb, 6, SEEK_CUR);
|
||||
av_free(st->codec->extradata);
|
||||
av_freep(&st->codec->extradata);
|
||||
if ((ret = ff_get_extradata(st->codec, pb, atom.size - 7)) < 0)
|
||||
return ret;
|
||||
|
||||
@@ -1241,7 +1245,7 @@ static int mov_read_strf(MOVContext *c, AVIOContext *pb, MOVAtom atom)
|
||||
return AVERROR_INVALIDDATA;
|
||||
|
||||
avio_skip(pb, 40);
|
||||
av_free(st->codec->extradata);
|
||||
av_freep(&st->codec->extradata);
|
||||
if (ff_get_extradata(st->codec, pb, atom.size - 40) < 0)
|
||||
return AVERROR(ENOMEM);
|
||||
return 0;
|
||||
@@ -3428,7 +3432,7 @@ static int mov_read_default(MOVContext *c, AVIOContext *pb, MOVAtom atom)
|
||||
}
|
||||
}
|
||||
total_size += 8;
|
||||
if (a.size == 1) { /* 64 bit extended size */
|
||||
if (a.size == 1 && total_size + 8 <= atom.size) { /* 64 bit extended size */
|
||||
a.size = avio_rb64(pb) - 8;
|
||||
total_size += 8;
|
||||
}
|
||||
@@ -3779,35 +3783,39 @@ static void export_orphan_timecode(AVFormatContext *s)
|
||||
static int read_tfra(MOVContext *mov, AVIOContext *f)
|
||||
{
|
||||
MOVFragmentIndex* index = NULL;
|
||||
int version, fieldlength, i, j, err;
|
||||
int version, fieldlength, i, j;
|
||||
int64_t pos = avio_tell(f);
|
||||
uint32_t size = avio_rb32(f);
|
||||
void *tmp;
|
||||
|
||||
if (avio_rb32(f) != MKBETAG('t', 'f', 'r', 'a')) {
|
||||
return -1;
|
||||
return 1;
|
||||
}
|
||||
av_log(mov->fc, AV_LOG_VERBOSE, "found tfra\n");
|
||||
index = av_mallocz(sizeof(MOVFragmentIndex));
|
||||
if (!index) {
|
||||
return AVERROR(ENOMEM);
|
||||
}
|
||||
mov->fragment_index_count++;
|
||||
if ((err = av_reallocp(&mov->fragment_index_data,
|
||||
mov->fragment_index_count *
|
||||
sizeof(MOVFragmentIndex*))) < 0) {
|
||||
|
||||
tmp = av_realloc_array(mov->fragment_index_data,
|
||||
mov->fragment_index_count + 1,
|
||||
sizeof(MOVFragmentIndex*));
|
||||
if (!tmp) {
|
||||
av_freep(&index);
|
||||
return err;
|
||||
return AVERROR(ENOMEM);
|
||||
}
|
||||
mov->fragment_index_data[mov->fragment_index_count - 1] =
|
||||
index;
|
||||
mov->fragment_index_data = tmp;
|
||||
mov->fragment_index_data[mov->fragment_index_count++] = index;
|
||||
|
||||
version = avio_r8(f);
|
||||
avio_rb24(f);
|
||||
index->track_id = avio_rb32(f);
|
||||
fieldlength = avio_rb32(f);
|
||||
index->item_count = avio_rb32(f);
|
||||
index->items = av_mallocz(
|
||||
index->item_count * sizeof(MOVFragmentIndexItem));
|
||||
index->items = av_mallocz_array(
|
||||
index->item_count, sizeof(MOVFragmentIndexItem));
|
||||
if (!index->items) {
|
||||
index->item_count = 0;
|
||||
return AVERROR(ENOMEM);
|
||||
}
|
||||
for (i = 0; i < index->item_count; i++) {
|
||||
@@ -3861,11 +3869,13 @@ static int mov_read_mfra(MOVContext *c, AVIOContext *f)
|
||||
av_log(c->fc, AV_LOG_DEBUG, "doesn't look like mfra (tag mismatch)\n");
|
||||
goto fail;
|
||||
}
|
||||
ret = 0;
|
||||
av_log(c->fc, AV_LOG_VERBOSE, "stream has mfra\n");
|
||||
while (!read_tfra(c, f)) {
|
||||
/* Empty */
|
||||
}
|
||||
do {
|
||||
ret = read_tfra(c, f);
|
||||
if (ret < 0)
|
||||
goto fail;
|
||||
} while (!ret);
|
||||
ret = 0;
|
||||
fail:
|
||||
seek_ret = avio_seek(f, original_pos, SEEK_SET);
|
||||
if (seek_ret < 0) {
|
||||
@@ -4104,7 +4114,7 @@ static int mov_read_packet(AVFormatContext *s, AVPacket *pkt)
|
||||
#if CONFIG_DV_DEMUXER
|
||||
if (mov->dv_demux && sc->dv_audio_container) {
|
||||
avpriv_dv_produce_packet(mov->dv_demux, pkt, pkt->data, pkt->size, pkt->pos);
|
||||
av_free(pkt->data);
|
||||
av_freep(&pkt->data);
|
||||
pkt->size = 0;
|
||||
ret = avpriv_dv_get_packet(mov->dv_demux, pkt);
|
||||
if (ret < 0)
|
||||
|
||||
@@ -2499,7 +2499,8 @@ static int mov_write_mvhd_tag(AVIOContext *pb, MOVMuxContext *mov)
|
||||
}
|
||||
|
||||
version = max_track_len < UINT32_MAX ? 0 : 1;
|
||||
(version == 1) ? avio_wb32(pb, 120) : avio_wb32(pb, 108); /* size */
|
||||
avio_wb32(pb, version == 1 ? 120 : 108); /* size */
|
||||
|
||||
ffio_wfourcc(pb, "mvhd");
|
||||
avio_w8(pb, version);
|
||||
avio_wb24(pb, 0); /* flags */
|
||||
|
||||
@@ -343,7 +343,7 @@ static int segment_end(AVFormatContext *s, int write_trailer, int is_last)
|
||||
if (seg->list_size && seg->segment_count >= seg->list_size) {
|
||||
entry = seg->segment_list_entries;
|
||||
seg->segment_list_entries = seg->segment_list_entries->next;
|
||||
av_free(entry->filename);
|
||||
av_freep(&entry->filename);
|
||||
av_freep(&entry);
|
||||
}
|
||||
|
||||
@@ -501,10 +501,10 @@ static int open_null_ctx(AVIOContext **ctx)
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void close_null_ctx(AVIOContext *pb)
|
||||
static void close_null_ctxp(AVIOContext **pb)
|
||||
{
|
||||
av_free(pb->buffer);
|
||||
av_free(pb);
|
||||
av_freep(&(*pb)->buffer);
|
||||
av_freep(pb);
|
||||
}
|
||||
|
||||
static int select_reference_stream(AVFormatContext *s)
|
||||
@@ -687,7 +687,7 @@ static int seg_write_header(AVFormatContext *s)
|
||||
s->avoid_negative_ts = 1;
|
||||
|
||||
if (!seg->write_header_trailer) {
|
||||
close_null_ctx(oc->pb);
|
||||
close_null_ctxp(&oc->pb);
|
||||
if ((ret = avio_open2(&oc->pb, oc->filename, AVIO_FLAG_WRITE,
|
||||
&s->interrupt_callback, NULL)) < 0)
|
||||
goto fail;
|
||||
@@ -820,7 +820,7 @@ static int seg_write_trailer(struct AVFormatContext *s)
|
||||
goto fail;
|
||||
open_null_ctx(&oc->pb);
|
||||
ret = av_write_trailer(oc);
|
||||
close_null_ctx(oc->pb);
|
||||
close_null_ctxp(&oc->pb);
|
||||
} else {
|
||||
ret = segment_end(s, 1, 1);
|
||||
}
|
||||
@@ -836,7 +836,7 @@ fail:
|
||||
cur = seg->segment_list_entries;
|
||||
while (cur) {
|
||||
next = cur->next;
|
||||
av_free(cur->filename);
|
||||
av_freep(&cur->filename);
|
||||
av_free(cur);
|
||||
cur = next;
|
||||
}
|
||||
|
||||
@@ -2829,6 +2829,7 @@ int ff_alloc_extradata(AVCodecContext *avctx, int size)
|
||||
int ret;
|
||||
|
||||
if (size < 0 || size >= INT32_MAX - FF_INPUT_BUFFER_PADDING_SIZE) {
|
||||
avctx->extradata = NULL;
|
||||
avctx->extradata_size = 0;
|
||||
return AVERROR(EINVAL);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user