Laurent Aimar
39fed2e95b
anm: prevent infinite loop
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net >
(cherry picked from commit 2475f1a83canton@khirnov.net >
2012-03-18 17:50:40 +01:00
Laurent Aimar
7fa13e12e6
avsdemux: check for out of bound writes
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net >
(cherry picked from commit 6de33611c9anton@khirnov.net >
2012-03-18 17:50:40 +01:00
Laurent Aimar
ab201f6f1b
avs: check for out of bound reads
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net >
(cherry picked from commit de049a95f4anton@khirnov.net >
2012-03-18 17:50:40 +01:00
Laurent Aimar
b696d61518
avsdemux: check for corrupted data
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net >
(cherry picked from commit 76c6971a64anton@khirnov.net >
2012-03-18 17:50:40 +01:00
Alex Converse
a23bcc923d
mxfdec: Fix some buffer overreads caused by the misuse of AVPacket related functions.
...
(cherry picked from commit 0c46e958d1anton@khirnov.net >
2012-03-18 17:50:36 +01:00
Gwenole Beauchesne
559261ce49
vaapi: Fix VC-1 decoding (reconstruct bitstream TTFRM correctly).
...
Signed-off-by: Diego Biurrun <diego@biurrun.de >
(cherry picked from commit 53efb758c0anton@khirnov.net >
2012-03-18 17:50:36 +01:00
Mans Rullgard
f9d17e6f54
4xm: fix signed overflow
...
Signed-off-by: Mans Rullgard <mans@mansr.com >
(cherry picked from commit 84dda40762anton@khirnov.net >
2012-03-18 17:50:36 +01:00
Mans Rullgard
0b1ac7bf4f
wmavoice: fix a signed overflow
...
Signed-off-by: Mans Rullgard <mans@mansr.com >
(cherry picked from commit ba3f07d061anton@khirnov.net >
2012-03-18 17:50:36 +01:00
Mans Rullgard
af0a56e6ef
mpegvideo_enc: fix a signed overflow
...
Signed-off-by: Mans Rullgard <mans@mansr.com >
(cherry picked from commit 05795f35beanton@khirnov.net >
2012-03-18 17:50:36 +01:00
Mans Rullgard
5e3ba60e6f
crc: fix signed overflow
...
This fixes a signed overflow from i << 24 when i == 255 by
making i unsigned. The result of the shift is already
assigned to an variable of unsigned type.
Signed-off-by: Mans Rullgard <mans@mansr.com >
(cherry picked from commit 8b19ae0761anton@khirnov.net >
2012-03-18 17:50:35 +01:00
Mans Rullgard
48f9a80072
mpeg12enc: use sign_extend() function
...
Signed-off-by: Mans Rullgard <mans@mansr.com >
(cherry picked from commit 2f329db90eanton@khirnov.net >
2012-03-18 17:50:35 +01:00
Mans Rullgard
2c99aa48d7
lavf: fix signed overflow in avformat_find_stream_info()
...
On the first iteration through this code, last_dts is always
INT64_MIN (AV_NOPTS_VALUE) and the subtraction overflows in
an invalid manner. Although the result is only used if the
input values are valid, performing the subtraction is still
not allowed in a strict environment.
Signed-off-by: Mans Rullgard <mans@mansr.com >
(cherry picked from commit a31e9f68a4anton@khirnov.net >
2012-03-18 17:50:35 +01:00
Mans Rullgard
fdc669fcbb
vp8: fix signed overflows
...
In addition to avoiding undefined behaviour, an unsigned type
makes more sense for packing multiple 8-bit values.
Signed-off-by: Mans Rullgard <mans@mansr.com >
(cherry picked from commit bb59156606anton@khirnov.net >
2012-03-18 17:50:35 +01:00
Mans Rullgard
fe3314a413
motion_est: fix some signed overflows
...
Signed-off-by: Mans Rullgard <mans@mansr.com >
(cherry picked from commit e708afd3c0anton@khirnov.net >
2012-03-18 17:50:35 +01:00
Mans Rullgard
58afe6061a
dca: fix signed overflow in shift
...
Signed-off-by: Mans Rullgard <mans@mansr.com >
(cherry picked from commit 559c244d42anton@khirnov.net >
2012-03-18 17:50:35 +01:00
Mans Rullgard
8c2ae575ad
aacdec: fix undefined shifts
...
Since nnz can be zero, this is needed to avoid a shift by 32.
Signed-off-by: Mans Rullgard <mans@mansr.com >
(cherry picked from commit d12294304aanton@khirnov.net >
2012-03-18 17:50:35 +01:00
Laurent Aimar
9c78fe9360
bink: Check for various out of bound writes
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net >
(cherry picked from commit a00676e48eanton@khirnov.net >
2012-03-18 17:50:35 +01:00
Laurent Aimar
c98d7882d8
bink: Check for out of bound writes when building tree
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net >
(cherry picked from commit 24adf7832banton@khirnov.net >
2012-03-18 17:50:35 +01:00
Mans Rullgard
e52e85ac3a
put_bits: fix invalid shift by 32 in flush_put_bits()
...
If flush_put_bits() is called when the 32-bit buffer is empty,
e.g. after writing a multiple of 32 bits, and invalid shift by
32 is performed. Since flush_put_bits() is called infrequently,
this additional check should have negligible performance impact.
Signed-off-by: Mans Rullgard <mans@mansr.com >
(cherry picked from commit ac6eab1496anton@khirnov.net >
2012-03-18 17:50:35 +01:00
Alex Converse
4faa00b256
mpegps: Use av_get_packet() instead of poorly emulating it.
...
(cherry picked from commit 98ef887a75anton@khirnov.net >
2012-03-18 17:50:31 +01:00
Janne Grunau
90d7146511
motionpixels: decode only the 111 complete frames for fate
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net >
(cherry picked from commit c2f2dfb3ddanton@khirnov.net >
2012-03-18 17:50:31 +01:00
Laurent Aimar
59050c0629
mpc8: Check out of bound bands limit
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net >
(cherry picked from commit 9bd854b1ffanton@khirnov.net >
2012-03-18 17:50:31 +01:00
Laurent Aimar
be2404b06d
xan: Prevent NULL dereference with missing palette
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net >
(cherry picked from commit 7d17a794f0anton@khirnov.net >
2012-03-18 17:50:31 +01:00
Laurent Aimar
49007b494e
xan: Check for out of bound reads in xan_huffman_decode()
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net >
(cherry picked from commit 3db3fdf4c6anton@khirnov.net >
2012-03-18 17:50:31 +01:00
Laurent Aimar
0277c82de2
xan: Fixed out of bound accesses in xan_unpack()
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net >
(cherry picked from commit 3e0757c2a8anton@khirnov.net >
2012-03-18 17:50:31 +01:00
Laurent Aimar
5fa8e43b54
motionpixels: Prevent calling init_vlc() with invalid parameters
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net >
(cherry picked from commit 1cd0a55163anton@khirnov.net >
2012-03-18 17:50:31 +01:00
Laurent Aimar
737bea21b6
shorten: Fix out of bound writes in fix_bitshift()
...
The data pointers s->decoded[*] already take into account s->nwrap.
Signed-off-by: Janne Grunau <janne-libav@jannau.net >
(cherry picked from commit 5f05cf4ea9anton@khirnov.net >
2012-03-18 17:50:31 +01:00
Laurent Aimar
aa9e308580
dsicinav: Check for out of bounds writes
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net >
(cherry picked from commit 1720603287anton@khirnov.net >
2012-03-18 17:50:31 +01:00
Laurent Aimar
d57d039e04
tiertexseqv: Check for out of bound reads
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net >
(cherry picked from commit 64263dd526anton@khirnov.net >
2012-03-18 17:50:31 +01:00
Laurent Aimar
97a1ab4bce
quickdraw: Check for out of bound reads
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net >
(cherry picked from commit 4fd56f842canton@khirnov.net >
2012-03-18 17:50:31 +01:00
Laurent Aimar
914b9b0b2b
dsicinav: Check for out of bounds reads
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net >
(cherry picked from commit e3ca9b93d9anton@khirnov.net >
2012-03-18 17:50:31 +01:00
Laurent Aimar
39de0e008d
motionpixels: Fix the size of workspace buffers
...
Some buffers must be mod 4 in width and/or height.
Signed-off-by: Janne Grunau <janne-libav@jannau.net >
(cherry picked from commit 210c80331eanton@khirnov.net >
2012-03-18 17:50:31 +01:00
Laurent Aimar
f2f2a00d39
motionpixels: Clear FF_INPUT_BUFFER_PADDING_SIZE bytes at the end of the temporary buffer
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net >
(cherry picked from commit d337dd3a90anton@khirnov.net >
2012-03-18 17:50:31 +01:00
Laurent Aimar
905d0633a6
wmavoice: Check for corrupted extra data
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net >
(cherry picked from commit d99427cb8banton@khirnov.net >
2012-03-18 17:50:31 +01:00
Laurent Aimar
95605595b5
wmavoice: Check for out of bound writes
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net >
(cherry picked from commit 1c1449b548anton@khirnov.net >
2012-03-18 17:50:31 +01:00
Laurent Aimar
fb20141563
xan: Prevent NULL dereferences with missing reference frame
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net >
(cherry picked from commit 06be075cdaanton@khirnov.net >
2012-03-18 17:50:31 +01:00
Laurent Aimar
c5766b55c4
bink: Prevent NULL dereferences with missing reference frame
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net >
(cherry picked from commit c7e631986banton@khirnov.net >
2012-03-18 17:50:30 +01:00
Laurent Aimar
d646cce15f
wavpack: Reset internal state on corrupted blocks
...
wavpack_decode_block() supposes that it is called back with the exact
same buffer unless it has returned with an error. With multi-channels
files, wavpack_decode_frame() was breaking this assumption.
Signed-off-by: Janne Grunau <janne-libav@jannau.net >
(cherry picked from commit 2c6cf13940anton@khirnov.net >
2012-03-18 17:50:30 +01:00
Laurent Aimar
04b71cdedd
wmapro: Validate the number of audio channels before using it
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net >
(cherry picked from commit 2c1ba79941anton@khirnov.net >
2012-03-18 17:50:30 +01:00
Laurent Aimar
fce03f8783
mpc8: Fix return value on EOF
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net >
(cherry picked from commit 1e3336de69anton@khirnov.net >
2012-03-18 17:50:30 +01:00
Laurent Aimar
22949c42ed
shorten: Prevent block size from increasing
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net >
(cherry picked from commit 95010d18b2anton@khirnov.net >
2012-03-18 17:50:30 +01:00
Laurent Aimar
8751941030
xan: Prevent out of bound accesses
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net >
(cherry picked from commit 124a16f678anton@khirnov.net >
2012-03-18 17:50:30 +01:00
Laurent Aimar
3e1b5981ba
vp56: Release old pictures after a resolution changes
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net >
(cherry picked from commit 3d09d0017danton@khirnov.net >
2012-03-18 17:50:30 +01:00
Laurent Aimar
efe3fb13a7
vp56: Check for missing reference frame data
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net >
(cherry picked from commit 0ec6d6e9b6anton@khirnov.net >
2012-03-18 17:50:30 +01:00
Laurent Aimar
987f5dc55e
cinepak: Fix invalid read access on extra data
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net >
(cherry picked from commit d239d4b447anton@khirnov.net >
2012-03-18 17:50:30 +01:00
Laurent Aimar
5bb9ce755b
cook: Fix js_vlc_bits value validation for joint stereo
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net >
(cherry picked from commit 3a742470a8anton@khirnov.net >
2012-03-18 17:50:30 +01:00
Laurent Aimar
ea5a5f0908
segafilm: Check for memory allocation failures in segafilm demuxer.
...
Signed-off-by: Janne Grunau <janne-libav@jannau.net >
(cherry picked from commit 1775b92feeanton@khirnov.net >
2012-03-18 17:50:30 +01:00
Laurent Aimar
619aab2f41
Fixed deference of NULL pointer in motionpixels decoder.
...
Some of the arguments given to init_vlc() come from the stream
and can be corrupted.
Signed-off-by: Janne Grunau <janne-libav@jannau.net >
(cherry picked from commit 69a0bce753anton@khirnov.net >
2012-03-18 17:50:30 +01:00
Ronald S. Bultje
8099d77ca4
mpegvideo: set correct offset for edge emulation buffer.
...
Using the old code, half of it was unused and the other half was too
small for e.g. >8bpp interlaced data, causing random buffer overruns.
(cherry picked from commit 330deb7592anton@khirnov.net >
2012-03-18 17:50:30 +01:00
Ronald S. Bultje
bb7fd94eeb
mpegvideo: fix position of bottom edge.
...
It was wrong in colorspaces where horizontal and vertical chroma
subsampling are not the same, e.g. 422.
(cherry picked from commit 0884dd5a1banton@khirnov.net >
2012-03-18 17:50:30 +01:00
