This prevents certain tags with a default value assigned to them (as per
the EBML syntax elements) from ever being assigned a NULL value. Other
parts of the code rely on these being non-NULL (i.e. they don't check for
NULL before e.g. using the string in strcmp() or similar), and thus in
effect this prevents crashes when reading of such specific tags fails,
either because of low memory or because of targeted file corruption.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit cd40c31ee9ad2cca6f3635950b002fd46be07e98)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
The MDCT buffers in the decoder are only sized for up to 11 bits. The
reverse engineered documentation for WMA1/2 headers say that that for
all samplerates above 32kHz 11 bits are used. 12 and 13 bit support
were added for WMAPro. I was unable to make any Microsoft tools generate
a test file at a samplerate above 48kHz.
Discovered by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit d78bb1a4b2a3a415b68e4e6dd448779eccec64e3)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
If attribute_deprecated is used in an enum declaration, it
should follow the 'enum' keyword, otherwise it's ignored
silently. This is the only case of attribute_deprecated for
enum declarations currently.
Currently, this attribute_deprecated doesn't have any effect.
If moved to the right place, it emits a warning every single
time avcodec.h is included, like this:
avcodec.h:2827: warning: ‘AVLPCType’ is deprecated (declared at avcodec.h:543)
There is already a working attribute_deprecated for the
corresponding field in AVCodecContext, so therefore this
one shouldn't be needed.
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 1b6da627d49e98fe7661c9aa9ec4e16ab04dfda4)
Signed-off-by: Martin Storsjö <martin@martin.st>
These additions might overflow the signed range for large
input values. Converting to unsigned before the addition
rather than after avoids such undefined behaviour. The
result under normal two's complement wraparound remains
unchanged.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit 88d1e2b2b0a129365a62efd666db0394e8ffbe08)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Zero-length get_bits() is undefined, must check before calling.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit c79d2a20bad59298188171f1316a830d563a41ee)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
The way this value is used, it should be an unsigned type.
While the numerical value has no meaning, unsigned wraparound
is relied upon.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit cb668476ab1343d27e03edc0b32f57ca7a187471)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
(cherry picked from commit 1b1182ce97db7a97914bb7713eba66fee5d93937)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
(cherry picked from commit 79964745b3ed5a700f4f0dda56c7360497328c88)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
(cherry picked from commit 8d518a9c4fe92e2497565f1765da7f913be8b1e7)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
(cherry picked from commit dc64f203a62083c3d5f81e8201018279c29581af)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
(cherry picked from commit 04a845caa7cdcdd1457f8c0dde52a7b2085ed92f)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
(cherry picked from commit 46cb2f6a2928a7fa4bee3f09b0475ccb8cdd2064)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
(cherry picked from commit 8df8a87e3fd5bd0c3dabc676aae8fd84992932dc)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
(cherry picked from commit c7f89064e2f0fef8198aadf64b0daf12787404ee)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
(cherry picked from commit 2475f1a83ccf313d828b25f1769e3a37442ecf64)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
(cherry picked from commit 6de33611c918e6ad5bbc878840a59607cb42b8c0)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
(cherry picked from commit de049a95f4a8089b2878c7fcef6cac7e88a8f1bf)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
(cherry picked from commit 76c6971a6464705f263fc30e537b370a3a7c853b)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Diego Biurrun <diego@biurrun.de>
(cherry picked from commit 53efb758c045900f512c947074900c0dbc988685)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit 84dda407628e298f33d610e9e04a8b2945d24665)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit ba3f07d0611d9a6c10eaa90b3c058ecdffe76676)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit 05795f35be4b479bfa8d60ed3eb13e0f89e439c0)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
This fixes a signed overflow from i << 24 when i == 255 by
making i unsigned. The result of the shift is already
assigned to an variable of unsigned type.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit 8b19ae07616bbd18969b94cbf5d74308a8f2bbdf)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit 2f329db90e5d72ad383a0ba05fde3641a34ef73b)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
On the first iteration through this code, last_dts is always
INT64_MIN (AV_NOPTS_VALUE) and the subtraction overflows in
an invalid manner. Although the result is only used if the
input values are valid, performing the subtraction is still
not allowed in a strict environment.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit a31e9f68a426f634e002282885c6c2eb1bfbea44)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
In addition to avoiding undefined behaviour, an unsigned type
makes more sense for packing multiple 8-bit values.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit bb59156606e00057a706ed30165bc7329db3823f)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit e708afd3c026a9eb547dab07781320a7e2564312)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit 559c244d42be7a02c23976216b47fd63b80d6c7f)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Since nnz can be zero, this is needed to avoid a shift by 32.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit d12294304acd82cb219e3f66ca9cd6efb2194fa4)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
(cherry picked from commit a00676e48e49a3d794d6d2063ceca539e945a4a4)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
(cherry picked from commit 24adf7832b8370f3c1febbef6c686f574d360d32)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
If flush_put_bits() is called when the 32-bit buffer is empty,
e.g. after writing a multiple of 32 bits, and invalid shift by
32 is performed. Since flush_put_bits() is called infrequently,
this additional check should have negligible performance impact.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit ac6eab1496aad6f8b09deabbef4fe5fd829e142d)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
(cherry picked from commit c2f2dfb3dd20e036b8b08c0fd1486a3044e8f02a)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
(cherry picked from commit 9bd854b1ff342f82efa6d2ad4e8fefddce5fa731)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
(cherry picked from commit 7d17a794f0348ba40d5cda7d969564cb83981001)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
(cherry picked from commit 3db3fdf4c669aed9379be430c17f151d4d0697c5)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
(cherry picked from commit 3e0757c2a87c8cf3e452f67bca279001c64cedff)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
(cherry picked from commit 1cd0a5516396bd6fb54e4df1e7c88ed18416299b)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
The data pointers s->decoded[*] already take into account s->nwrap.
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
(cherry picked from commit 5f05cf4ea9aaafed8edcabe785c2719786103ec1)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
(cherry picked from commit 172060328771d149b076f00352b004b5b5272d38)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
