highperfocused/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge commit '7b8c5b263bc680eff5710bee5994de39d47fc15e'

Browse Source 
* commit '7b8c5b263bc680eff5710bee5994de39d47fc15e':
  vc1dec: prevent a crash due missing pred_flag parameter
  matroska: Fix use after free

Merged-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2013-01-11 12:43:45 +01:00
commit 6fc0648932
2 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
libavcodec/vc1dec.c
View File

@ -1149,8 +1149,12 @@ static av_always_inline void get_mvdata_interlaced(VC1Context *v, int *dmv_x,
*dmv_x = get_bits(gb, v->k_x); *dmv_x = get_bits(gb, v->k_x);
*dmv_y = get_bits(gb, v->k_y); *dmv_y = get_bits(gb, v->k_y);
if (v->numref) { if (v->numref) {
*pred_flag = *dmv_y & 1; if (pred_flag) {
*dmv_y = (*dmv_y + *pred_flag) >> 1; *pred_flag = *dmv_y & 1;
*dmv_y = (*dmv_y + *pred_flag) >> 1;
} else {
*dmv_y = (*dmv_y + (*dmv_y & 1)) >> 1;
}
} }
} }
else { else {
@ -1177,7 +1181,7 @@ static av_always_inline void get_mvdata_interlaced(VC1Context *v, int *dmv_x,
*dmv_y = (sign ^ ((val >> 1) + offs_tab[index1 >> v->numref])) - sign; *dmv_y = (sign ^ ((val >> 1) + offs_tab[index1 >> v->numref])) - sign;
} else } else
*dmv_y = 0; *dmv_y = 0;
if (v->numref) if (v->numref && pred_flag)
*pred_flag = index1 & 1; *pred_flag = index1 & 1;
} }
} }

2
libavformat/matroskadec.c
View File

@ -1881,6 +1881,7 @@ static int matroska_deliver_packet(MatroskaDemuxContext *matroska,
*/ */
static void matroska_clear_queue(MatroskaDemuxContext *matroska) static void matroska_clear_queue(MatroskaDemuxContext *matroska)
{ {
matroska->prev_pkt = NULL;
if (matroska->packets) { if (matroska->packets) {
int n; int n;
for (n = 0; n < matroska->num_packets; n++) { for (n = 0; n < matroska->num_packets; n++) {
@ -2388,7 +2389,6 @@ static int matroska_read_seek(AVFormatContext *s, int stream_index,
avio_seek(s->pb, st->index_entries[st->nb_index_entries-1].pos, SEEK_SET); avio_seek(s->pb, st->index_entries[st->nb_index_entries-1].pos, SEEK_SET);
matroska->current_id = 0; matroska->current_id = 0;
while ((index = av_index_search_timestamp(st, timestamp, flags)) < 0) { while ((index = av_index_search_timestamp(st, timestamp, flags)) < 0) {
matroska->prev_pkt = NULL;
matroska_clear_queue(matroska); matroska_clear_queue(matroska);
if (matroska_parse_cluster(matroska) < 0) if (matroska_parse_cluster(matroska) < 0)
break; break;