Commit Graph

30240 Commits

Author SHA1 Message Date
Mans Rullgard 4d1418cd4f h264: fix signed overflows in x*0x01010101 expressions
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-09 12:27:19 +01:00
Mans Rullgard d66b9dec11 h264pred: remove unused variables
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-09 12:27:19 +01:00
Mans Rullgard a31e9f68a4 lavf: fix signed overflow in avformat_find_stream_info()
On the first iteration through this code, last_dts is always
INT64_MIN (AV_NOPTS_VALUE) and the subtraction overflows in
an invalid manner.  Although the result is only used if the
input values are valid, performing the subtraction is still
not allowed in a strict environment.

Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-08 20:04:22 +01:00
Mans Rullgard bb59156606 vp8: fix signed overflows
In addition to avoiding undefined behaviour, an unsigned type
makes more sense for packing multiple 8-bit values.

Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-08 20:03:55 +01:00
Mans Rullgard e708afd3c0 motion_est: fix some signed overflows
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-08 20:03:55 +01:00
Mans Rullgard 559c244d42 dca: fix signed overflow in shift
Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-08 20:03:55 +01:00
Mans Rullgard d12294304a aacdec: fix undefined shifts
Since nnz can be zero, this is needed to avoid a shift by 32.

Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-08 20:03:55 +01:00
Laurent Aimar a00676e48e bink: Check for various out of bound writes
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-08 16:32:01 +02:00
Laurent Aimar 24adf7832b bink: Check for out of bound writes when building tree
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-08 16:25:56 +02:00
Mans Rullgard ac6eab1496 put_bits: fix invalid shift by 32 in flush_put_bits()
If flush_put_bits() is called when the 32-bit buffer is empty,
e.g. after writing a multiple of 32 bits, and invalid shift by
32 is performed.  Since flush_put_bits() is called infrequently,
this additional check should have negligible performance impact.

Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-08 02:41:58 +01:00
Alex Converse 98ef887a75 mpegps: Use av_get_packet() instead of poorly emulating it. 2011-10-07 17:04:14 -07:00
Janne Grunau c2f2dfb3dd motionpixels: decode only the 111 complete frames for fate
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 19:32:07 +02:00
Laurent Aimar 9bd854b1ff mpc8: Check out of bound bands limit
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 17:15:45 +02:00
Laurent Aimar 7d17a794f0 xan: Prevent NULL dereference with missing palette
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 17:15:31 +02:00
Laurent Aimar 3db3fdf4c6 xan: Check for out of bound reads in xan_huffman_decode()
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:32 +02:00
Laurent Aimar 3e0757c2a8 xan: Fixed out of bound accesses in xan_unpack()
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:32 +02:00
Laurent Aimar 1cd0a55163 motionpixels: Prevent calling init_vlc() with invalid parameters
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:32 +02:00
Laurent Aimar 5f05cf4ea9 shorten: Fix out of bound writes in fix_bitshift()
The data pointers s->decoded[*] already take into account s->nwrap.

Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar 1720603287 dsicinav: Check for out of bounds writes
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar 64263dd526 tiertexseqv: Check for out of bound reads
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar 4fd56f842c quickdraw: Check for out of bound reads
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar e3ca9b93d9 dsicinav: Check for out of bounds reads
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar 210c80331e motionpixels: Fix the size of workspace buffers
Some buffers must be mod 4 in width and/or height.

Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar d337dd3a90 motionpixels: Clear FF_INPUT_BUFFER_PADDING_SIZE bytes at the end of the temporary buffer
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar d99427cb8b wmavoice: Check for corrupted extra data
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar 1c1449b548 wmavoice: Check for out of bound writes
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar 06be075cda xan: Prevent NULL dereferences with missing reference frame
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar c7e631986b bink: Prevent NULL dereferences with missing reference frame
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar 2c6cf13940 wavpack: Reset internal state on corrupted blocks
wavpack_decode_block() supposes that it is called back with the exact
same buffer unless it has returned with an error. With multi-channels
files, wavpack_decode_frame() was breaking this assumption.

Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar 2c1ba79941 wmapro: Validate the number of audio channels before using it
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:30 +02:00
Laurent Aimar 1e3336de69 mpc8: Fix return value on EOF
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:30 +02:00
Laurent Aimar 95010d18b2 shorten: Prevent block size from increasing
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:30 +02:00
Laurent Aimar 124a16f678 xan: Prevent out of bound accesses
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:30 +02:00
Michael Niedermayer 14c21c1ff5 H264: Only wait before triggering ff_thread_setup_complete() until the next slice that contains a start-of-field/frame macroblock
This allows concurrent decoding of the last field/frame, rather than
only the last slice, of data packets with multiple NAL units packed
together.

This will fix the slowdown reported in e.g. bug 52.

Signed-off-by: Anton Khirnov <anton@khirnov.net>
2011-10-07 14:23:26 +02:00
Laurent Aimar a72cad0a6c vp6: Reset the internal state when aborting key frames header parsing
It prevents leaving the state only half initialized.

Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 00:37:32 +02:00
Laurent Aimar 3d09d0017d vp56: Release old pictures after a resolution changes
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 00:27:24 +02:00
Laurent Aimar 066fff755a vp6: Check for huffman tree build errors
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 00:27:03 +02:00
Laurent Aimar 0ec6d6e9b6 vp56: Check for missing reference frame data
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 00:25:43 +02:00
Laurent Aimar d239d4b447 cinepak: Fix invalid read access on extra data
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-06 23:35:29 +02:00
Laurent Aimar c0cbe36b18 vmd: fix segfaults on corruped streams
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-06 23:33:09 +02:00
Laurent Aimar 3a742470a8 cook: Fix js_vlc_bits value validation for joint stereo
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-06 23:31:06 +02:00
Laurent Aimar 1775b92fee segafilm: Check for memory allocation failures in segafilm demuxer.
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-06 23:19:45 +02:00
Laurent Aimar 762ffa6861 segafilm: Fix potential division by 0 on corrupted streams in the demuxer
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-06 23:01:45 +02:00
Laurent Aimar 790f4dd5c9 Fixed segfault on corrupted sega streams in the demuxer.
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-06 22:32:02 +02:00
Laurent Aimar 69a0bce753 Fixed deference of NULL pointer in motionpixels decoder.
Some of the arguments given to init_vlc() come from the stream
and can be corrupted.

Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-06 22:29:12 +02:00
Anton Khirnov d97efd7f87 libx264: support 9- and 10-bit output. 2011-10-06 09:16:06 +02:00
Ronald S. Bultje 4418aa9cb3 h264: correct implicit_weight for field-interlaced pictures. 2011-10-05 04:01:23 -07:00
Ronald S. Bultje 330deb7592 mpegvideo: set correct offset for edge emulation buffer.
Using the old code, half of it was unused and the other half was too
small for e.g. >8bpp interlaced data, causing random buffer overruns.
2011-10-05 04:01:23 -07:00
Ronald S. Bultje 0884dd5a1b mpegvideo: fix position of bottom edge.
It was wrong in colorspaces where horizontal and vertical chroma
subsampling are not the same, e.g. 422.
2011-10-05 04:01:23 -07:00
Diego Biurrun e83c2ddebf Fix 'heigth' vs. 'height' typos. 2011-10-05 11:12:01 +02:00