In apply_unsharp(), when y is >= height, prevent out-of-buffer reading
from src, read from the last buffer line in src2 instead.
The check was implemented in the original unsharp libmpcodecs code and
lost in the port.
This also fixes output discrepancy between the two filters.
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 998e8519efbc772994c5ba19c0d39573998be9db)
Signed-off-by: Nicolas George <nicolas.george@normalesup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 194c2432eecd97c36914956f3bf7781ac4fc6f3d)
Signed-off-by: Nicolas George <nicolas.george@normalesup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit af84d9bb9e8a69a715fc7596d6cbaa00ad00dc29)
Signed-off-by: Nicolas George <nicolas.george@normalesup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 247a1dc84716cb033b538a5bd5ba8b33de0e8260)
Signed-off-by: Nicolas George <nicolas.george@normalesup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e47cfe9e5c10eee3c8d0b6aff81792c0f10e66e1)
Signed-off-by: Nicolas George <nicolas.george@normalesup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 71e23d39a396f45bbdf258735b02a4bd5e25fd49)
Signed-off-by: Nicolas George <nicolas.george@normalesup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0cc44facf17153454727c26f2f40ee2f77b90df5)
Signed-off-by: Nicolas George <nicolas.george@normalesup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 769298a6869c3b16557280a63f6502409d1b5e49)
Signed-off-by: Nicolas George <nicolas.george@normalesup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 198ed6474d603f930430067b8b56955d443e821c)
av_realloc_f helps avoiding memory-leaks in typical uses of realloc.
Signed-off-by: Nicolas George <nicolas.george@normalesup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5cd754bca290775ec2dbbf88597ab58e0482efca)
av_size_mult helps checking for overflow when computing the size of a memory
area.
Signed-off-by: Nicolas George <nicolas.george@normalesup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b2600509fef4d77645491f208b8113c372a32110)
wavpack_decode_block() supposes that it is called back with the exact
same buffer unless it has returned with an error. With multi-channels
files, wavpack_decode_frame() was breaking this assumption.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c2a016ad4d9c29285813ba5806189e63e063e0fb)
Adds an additional check before reading the next block header and avoids a
potential integer overflow when checking the metadata size against the
remaining buffer size.
(cherry picked from commit 4c5e7b27d57dd2be777780e840eef9be63242158)
Signed-off-by: Mike Scheutzow <mike.scheutzow@alcatel-lucent.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e2dae1faa84ada5746ac2114de7eb68abd824131)
The buffer size and pointer were not checked prior to testing the first
byte of the buffer. These were sometimes checked before calling, but it is
better to add it inside the function as it takes buf and size arguments.
Signed-off-by: Alexander Strasser <eclipse7@gmx.net>
(cherry picked from commit 715f259bf949b06df1b5ed0307606dc258754c99)
Replaces a very hackish hack to fix the same issue (call instruction
overwriting stack variables).
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
(cherry picked from commit 424bcc46b5fb0d662e0fb9ad6319c5b9ef3d770f)
It prevents leaving the state only half initialized.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 91f104496bb7632ed5ff03798e06dd8af014f0d9)
