Commit Graph

30223 Commits

Author SHA1 Message Date
Laurent Aimar
5f05cf4ea9 shorten: Fix out of bound writes in fix_bitshift()
The data pointers s->decoded[*] already take into account s->nwrap.

Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
1720603287 dsicinav: Check for out of bounds writes
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
64263dd526 tiertexseqv: Check for out of bound reads
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
4fd56f842c quickdraw: Check for out of bound reads
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
e3ca9b93d9 dsicinav: Check for out of bounds reads
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
210c80331e motionpixels: Fix the size of workspace buffers
Some buffers must be mod 4 in width and/or height.

Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
d337dd3a90 motionpixels: Clear FF_INPUT_BUFFER_PADDING_SIZE bytes at the end of the temporary buffer
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
d99427cb8b wmavoice: Check for corrupted extra data
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
1c1449b548 wmavoice: Check for out of bound writes
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
06be075cda xan: Prevent NULL dereferences with missing reference frame
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
c7e631986b bink: Prevent NULL dereferences with missing reference frame
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
2c6cf13940 wavpack: Reset internal state on corrupted blocks
wavpack_decode_block() supposes that it is called back with the exact
same buffer unless it has returned with an error. With multi-channels
files, wavpack_decode_frame() was breaking this assumption.

Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:31 +02:00
Laurent Aimar
2c1ba79941 wmapro: Validate the number of audio channels before using it
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:30 +02:00
Laurent Aimar
1e3336de69 mpc8: Fix return value on EOF
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:30 +02:00
Laurent Aimar
95010d18b2 shorten: Prevent block size from increasing
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:30 +02:00
Laurent Aimar
124a16f678 xan: Prevent out of bound accesses
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 16:25:30 +02:00
Michael Niedermayer
14c21c1ff5 H264: Only wait before triggering ff_thread_setup_complete() until the next slice that contains a start-of-field/frame macroblock
This allows concurrent decoding of the last field/frame, rather than
only the last slice, of data packets with multiple NAL units packed
together.

This will fix the slowdown reported in e.g. bug 52.

Signed-off-by: Anton Khirnov <anton@khirnov.net>
2011-10-07 14:23:26 +02:00
Laurent Aimar
a72cad0a6c vp6: Reset the internal state when aborting key frames header parsing
It prevents leaving the state only half initialized.

Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 00:37:32 +02:00
Laurent Aimar
3d09d0017d vp56: Release old pictures after a resolution changes
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 00:27:24 +02:00
Laurent Aimar
066fff755a vp6: Check for huffman tree build errors
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 00:27:03 +02:00
Laurent Aimar
0ec6d6e9b6 vp56: Check for missing reference frame data
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-07 00:25:43 +02:00
Laurent Aimar
d239d4b447 cinepak: Fix invalid read access on extra data
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-06 23:35:29 +02:00
Laurent Aimar
c0cbe36b18 vmd: fix segfaults on corruped streams
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-06 23:33:09 +02:00
Laurent Aimar
3a742470a8 cook: Fix js_vlc_bits value validation for joint stereo
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-06 23:31:06 +02:00
Laurent Aimar
1775b92fee segafilm: Check for memory allocation failures in segafilm demuxer.
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-06 23:19:45 +02:00
Laurent Aimar
762ffa6861 segafilm: Fix potential division by 0 on corrupted streams in the demuxer
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-06 23:01:45 +02:00
Laurent Aimar
790f4dd5c9 Fixed segfault on corrupted sega streams in the demuxer.
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-06 22:32:02 +02:00
Laurent Aimar
69a0bce753 Fixed deference of NULL pointer in motionpixels decoder.
Some of the arguments given to init_vlc() come from the stream
and can be corrupted.

Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2011-10-06 22:29:12 +02:00
Anton Khirnov
d97efd7f87 libx264: support 9- and 10-bit output. 2011-10-06 09:16:06 +02:00
Ronald S. Bultje
4418aa9cb3 h264: correct implicit_weight for field-interlaced pictures. 2011-10-05 04:01:23 -07:00
Ronald S. Bultje
330deb7592 mpegvideo: set correct offset for edge emulation buffer.
Using the old code, half of it was unused and the other half was too
small for e.g. >8bpp interlaced data, causing random buffer overruns.
2011-10-05 04:01:23 -07:00
Ronald S. Bultje
0884dd5a1b mpegvideo: fix position of bottom edge.
It was wrong in colorspaces where horizontal and vertical chroma
subsampling are not the same, e.g. 422.
2011-10-05 04:01:23 -07:00
Diego Biurrun
e83c2ddebf Fix 'heigth' vs. 'height' typos. 2011-10-05 11:12:01 +02:00
Anton Khirnov
a4ea00d021 lavc/lavf: use unique private classes.
This is needed by the new AVOptions API.
2011-10-05 07:52:30 +02:00
Anton Khirnov
0ba1e1978d lavc: use designated initializers for av_codec_context_class 2011-10-05 07:52:05 +02:00
Justin Ruggles
dd376b1a12 qcelpdec: cosmetics: do not add line break before opening bracket in 'for',
'while', 'if/else', and 'switch' statements.

also fixes some spacing, but only if already changing a line
2011-10-04 17:10:11 -04:00
Justin Ruggles
e43dd3d2a8 qcelp: check output buffer size before decoding 2011-10-04 17:10:11 -04:00
Chris Rankin
bde2570013 qcelpdec: fix the return value of qcelp_decode_frame().
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
2011-10-04 17:09:53 -04:00
Justin Ruggles
1b5a189f06 sipr: fix the output data size check and only calculate it once. 2011-10-04 16:13:20 -04:00
Diego Biurrun
12bd8532cf Synchronize various 4CCs and codec tags from FFmpeg. 2011-10-04 11:58:53 +02:00
Justin Ruggles
7d49f79f1c qdm2: check output buffer size before decoding 2011-10-03 21:34:19 -04:00
Laurent Aimar
5a19acb17c Fix out of bound reads in the QDM2 decoder.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
2011-10-03 21:34:19 -04:00
Laurent Aimar
291d74a46d Check for out of bound writes in the QDM2 decoder.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
2011-10-03 21:34:19 -04:00
Justin Ruggles
fc2dd2c7ac ogg/celt: do not set sample_fmt in the demuxer 2011-10-03 21:23:22 -04:00
Anton Khirnov
60df6b0048 id3v2: remove pointless casts 2011-10-03 13:06:51 +02:00
Anton Khirnov
d2961e4ebf id3v2: read TXXX frames with two calls to decode_str() instead of one.
Read the key in the first, value in the second.

This allows to avoid pointless strdups and simplify decode_str() by
dropping two of its parameters.
2011-10-03 13:06:51 +02:00
Anton Khirnov
1e18d32d01 id3v2: don't discard the whole tag when encountering empty frames.
While they're technically invalid, it's better to skip them and try to
read the rest of the tag.
2011-10-03 13:06:41 +02:00
Anton Khirnov
24ec9ac475 libvpx: fix build with older libvpx versions.
VPX_ERROR_RESILIENT_DEFAULT and VPX_ERROR_RESILIENT_PARTITIONS weren't
defined before 4cb0ebe5b27d35ccc2a78c1d16f2622ddef21f74 (CommitDate: Tue
Jun 28 11:10:17 2011)
2011-10-03 13:06:24 +02:00
Mans Rullgard
6308729e68 ARM: check for inline asm 'y' operand modifier support
The inline asm added in bf5d46d uses the 'y' modifier which
is only supported from gcc 4.5.  This check allows building
with older compilers.

Signed-off-by: Mans Rullgard <mans@mansr.com>
2011-10-03 08:56:24 +01:00
Justin Ruggles
5674d4b0a3 mpc8: check output buffer size before decoding 2011-10-02 10:34:39 -04:00