This prevents certain tags with a default value assigned to them (as per
the EBML syntax elements) from ever being assigned a NULL value. Other
parts of the code rely on these being non-NULL (i.e. they don't check for
NULL before e.g. using the string in strcmp() or similar), and thus in
effect this prevents crashes when reading of such specific tags fails,
either because of low memory or because of targeted file corruption.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit cd40c31ee9)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
The MDCT buffers in the decoder are only sized for up to 11 bits. The
reverse engineered documentation for WMA1/2 headers say that that for
all samplerates above 32kHz 11 bits are used. 12 and 13 bit support
were added for WMAPro. I was unable to make any Microsoft tools generate
a test file at a samplerate above 48kHz.
Discovered by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit d78bb1a4b2)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
If attribute_deprecated is used in an enum declaration, it
should follow the 'enum' keyword, otherwise it's ignored
silently. This is the only case of attribute_deprecated for
enum declarations currently.
Currently, this attribute_deprecated doesn't have any effect.
If moved to the right place, it emits a warning every single
time avcodec.h is included, like this:
avcodec.h:2827: warning: ‘AVLPCType’ is deprecated (declared at avcodec.h:543)
There is already a working attribute_deprecated for the
corresponding field in AVCodecContext, so therefore this
one shouldn't be needed.
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 1b6da627d4)
Signed-off-by: Martin Storsjö <martin@martin.st>
These additions might overflow the signed range for large
input values. Converting to unsigned before the addition
rather than after avoids such undefined behaviour. The
result under normal two's complement wraparound remains
unchanged.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit 88d1e2b2b0)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Zero-length get_bits() is undefined, must check before calling.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit c79d2a20ba)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
The way this value is used, it should be an unsigned type.
While the numerical value has no meaning, unsigned wraparound
is relied upon.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit cb668476ab)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
This fixes a signed overflow from i << 24 when i == 255 by
making i unsigned. The result of the shift is already
assigned to an variable of unsigned type.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit 8b19ae0761)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
On the first iteration through this code, last_dts is always
INT64_MIN (AV_NOPTS_VALUE) and the subtraction overflows in
an invalid manner. Although the result is only used if the
input values are valid, performing the subtraction is still
not allowed in a strict environment.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit a31e9f68a4)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
In addition to avoiding undefined behaviour, an unsigned type
makes more sense for packing multiple 8-bit values.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit bb59156606)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Since nnz can be zero, this is needed to avoid a shift by 32.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit d12294304a)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
If flush_put_bits() is called when the 32-bit buffer is empty,
e.g. after writing a multiple of 32 bits, and invalid shift by
32 is performed. Since flush_put_bits() is called infrequently,
this additional check should have negligible performance impact.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit ac6eab1496)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
The data pointers s->decoded[*] already take into account s->nwrap.
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
(cherry picked from commit 5f05cf4ea9)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
