Commit Graph

207 Commits

Author SHA1 Message Date
Michael Niedermayer
87ddf9f1ef avcodec/4xm: Check index in decode_i_block() also in the path where its not used.
Fixes: Infinite loop
Fixes: signed integer overflow: 2147483644 + 16 cannot be represented in type 'int'
Fixes: 16169/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5662570416963584
Fixes: 16782/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5743163859271680
Fixes: 17641/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5711603562971136

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-09-26 21:02:34 +02:00
Michael Niedermayer
8f92eb05e0 avcodec/4xm: Check for end of input in decode_p_block()
Fixes: Timeout (81sec -> 0.2sec)
Fixes: 16169/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5662570416963584

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-13 16:48:38 +02:00
Michael Niedermayer
2bbea155bf avcodec/4xm: Fix signed integer overflows in idct()
Fixes: signed integer overflow: 20242 * 121095 cannot be represented in type 'int'
Fixes: 15310/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5737051745419264

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-07-08 09:49:45 +02:00
Michael Niedermayer
55557c6124 avcodec/4xm: Fix vlc memleak
Fixes: memleak
Fixes: 15297/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5746203548975104

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-06-26 21:29:35 +02:00
Michael Niedermayer
07607a1db8 avcodec/4xm: Fix returned error codes
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-01-01 21:11:47 +01:00
Ramiro Polla
4d34205bec avcodec/4xm: fix block alignment
blockdsp requires 32 byte alignment.

Signed-off-by: James Almer <jamrial@gmail.com>
2018-12-26 13:56:20 -03:00
Andreas Cadhalpun
1e660fe88d doc: fix spelling errors
Reviewed-by: Lou Logan <lou@lrcd.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-10-29 20:43:15 +02:00
Michael Niedermayer
29d147c94d Merge commit '059a934806d61f7af9ab3fd9f74994b838ea5eba'
* commit '059a934806d61f7af9ab3fd9f74994b838ea5eba':
  lavc: Consistently prefix input buffer defines

Conflicts:
	doc/examples/decoding_encoding.c
	libavcodec/4xm.c
	libavcodec/aac_adtstoasc_bsf.c
	libavcodec/aacdec.c
	libavcodec/aacenc.c
	libavcodec/ac3dec.h
	libavcodec/asvenc.c
	libavcodec/avcodec.h
	libavcodec/avpacket.c
	libavcodec/dvdec.c
	libavcodec/ffv1enc.c
	libavcodec/g2meet.c
	libavcodec/gif.c
	libavcodec/h264.c
	libavcodec/h264_mp4toannexb_bsf.c
	libavcodec/huffyuvdec.c
	libavcodec/huffyuvenc.c
	libavcodec/jpeglsenc.c
	libavcodec/libxvid.c
	libavcodec/mdec.c
	libavcodec/motionpixels.c
	libavcodec/mpeg4videodec.c
	libavcodec/mpegvideo.c
	libavcodec/noise_bsf.c
	libavcodec/nuv.c
	libavcodec/nvenc.c
	libavcodec/options.c
	libavcodec/parser.c
	libavcodec/pngenc.c
	libavcodec/proresenc_kostya.c
	libavcodec/qsvdec.c
	libavcodec/svq1enc.c
	libavcodec/tiffenc.c
	libavcodec/truemotion2.c
	libavcodec/utils.c
	libavcodec/utvideoenc.c
	libavcodec/vc1dec.c
	libavcodec/wmalosslessdec.c
	libavformat/adxdec.c
	libavformat/aiffdec.c
	libavformat/apc.c
	libavformat/apetag.c
	libavformat/avidec.c
	libavformat/bink.c
	libavformat/cafdec.c
	libavformat/flvdec.c
	libavformat/id3v2.c
	libavformat/isom.c
	libavformat/matroskadec.c
	libavformat/mov.c
	libavformat/mpc.c
	libavformat/mpc8.c
	libavformat/mpegts.c
	libavformat/mvi.c
	libavformat/mxfdec.c
	libavformat/mxg.c
	libavformat/nutdec.c
	libavformat/oggdec.c
	libavformat/oggparsecelt.c
	libavformat/oggparseflac.c
	libavformat/oggparseopus.c
	libavformat/oggparsespeex.c
	libavformat/omadec.c
	libavformat/rawdec.c
	libavformat/riffdec.c
	libavformat/rl2.c
	libavformat/rmdec.c
	libavformat/rtpdec_latm.c
	libavformat/rtpdec_mpeg4.c
	libavformat/rtpdec_qdm2.c
	libavformat/rtpdec_svq3.c
	libavformat/sierravmd.c
	libavformat/smacker.c
	libavformat/smush.c
	libavformat/spdifenc.c
	libavformat/takdec.c
	libavformat/tta.c
	libavformat/utils.c
	libavformat/vqf.c
	libavformat/westwood_vqa.c
	libavformat/xmv.c
	libavformat/xwma.c
	libavformat/yop.c

Merged-by: Michael Niedermayer <michael@niedermayer.cc>
2015-07-27 23:15:19 +02:00
Michael Niedermayer
444e9874a7 Merge commit 'def97856de6021965db86c25a732d78689bd6bb0'
* commit 'def97856de6021965db86c25a732d78689bd6bb0':
  lavc: AV-prefix all codec capabilities

Conflicts:
	cmdutils.c
	ffmpeg.c
	ffplay.c
	libavcodec/8svx.c
	libavcodec/aacenc.c
	libavcodec/ac3dec.c
	libavcodec/adpcm.c
	libavcodec/alac.c
	libavcodec/atrac3plusdec.c
	libavcodec/bink.c
	libavcodec/dnxhddec.c
	libavcodec/dvdec.c
	libavcodec/dvenc.c
	libavcodec/ffv1dec.c
	libavcodec/ffv1enc.c
	libavcodec/fic.c
	libavcodec/flacdec.c
	libavcodec/flacenc.c
	libavcodec/flvdec.c
	libavcodec/fraps.c
	libavcodec/frwu.c
	libavcodec/gifdec.c
	libavcodec/h261dec.c
	libavcodec/hevc.c
	libavcodec/iff.c
	libavcodec/imc.c
	libavcodec/libopenjpegdec.c
	libavcodec/libvo-aacenc.c
	libavcodec/libvorbisenc.c
	libavcodec/libvpxdec.c
	libavcodec/libvpxenc.c
	libavcodec/libx264.c
	libavcodec/mjpegbdec.c
	libavcodec/mjpegdec.c
	libavcodec/mpegaudiodec_float.c
	libavcodec/msmpeg4dec.c
	libavcodec/mxpegdec.c
	libavcodec/nvenc_h264.c
	libavcodec/nvenc_hevc.c
	libavcodec/pngdec.c
	libavcodec/qpeg.c
	libavcodec/ra288.c
	libavcodec/rv10.c
	libavcodec/s302m.c
	libavcodec/sp5xdec.c
	libavcodec/takdec.c
	libavcodec/tiff.c
	libavcodec/tta.c
	libavcodec/utils.c
	libavcodec/v210dec.c
	libavcodec/vp6.c
	libavcodec/vp9.c
	libavcodec/wavpack.c
	libavcodec/yop.c

Merged-by: Michael Niedermayer <michael@niedermayer.cc>
2015-07-27 22:50:18 +02:00
Michael Niedermayer
94d68a41fa Merge commit '7c6eb0a1b7bf1aac7f033a7ec6d8cacc3b5c2615'
* commit '7c6eb0a1b7bf1aac7f033a7ec6d8cacc3b5c2615':
  lavc: AV-prefix all codec flags

Conflicts:
	doc/examples/muxing.c
	ffmpeg.c
	ffmpeg_opt.c
	ffplay.c
	libavcodec/aacdec.c
	libavcodec/aacenc.c
	libavcodec/ac3dec.c
	libavcodec/ac3enc_float.c
	libavcodec/atrac1.c
	libavcodec/atrac3.c
	libavcodec/atrac3plusdec.c
	libavcodec/dcadec.c
	libavcodec/ffv1enc.c
	libavcodec/h264.c
	libavcodec/h264_loopfilter.c
	libavcodec/h264_mb.c
	libavcodec/imc.c
	libavcodec/libmp3lame.c
	libavcodec/libtheoraenc.c
	libavcodec/libtwolame.c
	libavcodec/libvpxenc.c
	libavcodec/libxavs.c
	libavcodec/libxvid.c
	libavcodec/mpeg12dec.c
	libavcodec/mpeg12enc.c
	libavcodec/mpegaudiodec_template.c
	libavcodec/mpegvideo.c
	libavcodec/mpegvideo_enc.c
	libavcodec/mpegvideo_motion.c
	libavcodec/nellymoserdec.c
	libavcodec/nellymoserenc.c
	libavcodec/nvenc.c
	libavcodec/on2avc.c
	libavcodec/options_table.h
	libavcodec/opus_celt.c
	libavcodec/pngenc.c
	libavcodec/ra288.c
	libavcodec/ratecontrol.c
	libavcodec/twinvq.c
	libavcodec/vc1_block.c
	libavcodec/vc1_loopfilter.c
	libavcodec/vc1_mc.c
	libavcodec/vc1dec.c
	libavcodec/vorbisdec.c
	libavcodec/vp3.c
	libavcodec/wma.c
	libavcodec/wmaprodec.c
	libavcodec/x86/hpeldsp_init.c
	libavcodec/x86/me_cmp_init.c

Merged-by: Michael Niedermayer <michael@niedermayer.cc>
2015-07-27 22:10:35 +02:00
Vittorio Giovara
059a934806 lavc: Consistently prefix input buffer defines
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2015-07-27 15:24:59 +01:00
Vittorio Giovara
def97856de lavc: AV-prefix all codec capabilities
Express bitfields more simply.

Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2015-07-27 15:24:58 +01:00
Vittorio Giovara
7c6eb0a1b7 lavc: AV-prefix all codec flags
Convert doxygen to multiline and express bitfields more simply.

Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2015-07-27 15:24:58 +01:00
Michael Niedermayer
4001fc4267 avcodec/4xm: remove duplicate assert
Found-by: carl
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-11-13 19:01:08 +01:00
Michael Niedermayer
64e12aec96 Merge commit '68a35473ed423a14731c418939fba7913647979a'
* commit '68a35473ed423a14731c418939fba7913647979a':
  4xm: more thorought check for negative index and negative shift

Conflicts:
	libavcodec/4xm.c

Mostly not merged, the added checks, check for impossible conditions
for paranoias sake they are replaced by asserts but thats probably overkill
the vlc table does not contain out of range values or holes,
nor does it permit the log2 values to become negative. Whenever a
log2 value reaches 0 the selected table no longer contains an entry to trigger
the case that would decrease it further

Adding such impossible checks would confuse the reader

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-11-13 11:37:59 +01:00
Vittorio Giovara
68a35473ed 4xm: more thorought check for negative index and negative shift
CC: libav-stable@libav.org
Bug-Id: CID 1087094
2014-11-13 01:18:09 +01:00
Vittorio Giovara
0e1ebfebc8 4xm: drop unnecessary check
data_size is always >= 0 in this case.

CC: libav-stable@libav.org
Bug-Id: CID 1238788
2014-11-11 11:41:49 +01:00
Michael Niedermayer
544380aaf0 avcodec/4xm: Make src of decode_p_block() const
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-09-22 18:09:28 +02:00
Michael Niedermayer
35bb74900b Merge commit 'c67b449bebbe0b35c73b203683e77a0a649bc765'
* commit 'c67b449bebbe0b35c73b203683e77a0a649bc765':
  dsputil: Split bswap*_buf() off into a separate context

Conflicts:
	configure
	libavcodec/4xm.c
	libavcodec/ac3dec.c
	libavcodec/ac3dec.h
	libavcodec/apedec.c
	libavcodec/eamad.c
	libavcodec/flacenc.c
	libavcodec/fraps.c
	libavcodec/huffyuv.c
	libavcodec/huffyuvdec.c
	libavcodec/motionpixels.c
	libavcodec/truemotion2.c
	libavcodec/x86/Makefile
	libavcodec/x86/dsputil_init.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-06-23 13:31:26 +02:00
Diego Biurrun
c67b449beb dsputil: Split bswap*_buf() off into a separate context 2014-06-22 18:22:31 -07:00
Michael Niedermayer
2b05db4f81 Merge commit 'e74433a8e6fc00c8dbde293c97a3e45384c2c1d9'
* commit 'e74433a8e6fc00c8dbde293c97a3e45384c2c1d9':
  dsputil: Split clear_block*/fill_block* off into a separate context

Conflicts:
	configure
	libavcodec/asvdec.c
	libavcodec/dnxhddec.c
	libavcodec/dnxhdenc.c
	libavcodec/dsputil.h
	libavcodec/eamad.c
	libavcodec/intrax8.c
	libavcodec/mjpegdec.c
	libavcodec/ppc/dsputil_ppc.c
	libavcodec/vc1dec.c
	libavcodec/x86/dsputil_init.c
	libavcodec/x86/dsputil_mmx.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-06-19 04:54:38 +02:00
Diego Biurrun
e74433a8e6 dsputil: Split clear_block*/fill_block* off into a separate context 2014-06-18 14:07:23 -07:00
Michael Niedermayer
8d024c5107 Merge commit 'cc8163e1a3601a56f722a4720516e860bf1c6198'
* commit 'cc8163e1a3601a56f722a4720516e860bf1c6198':
  avcodec: more correct printf specifiers

Conflicts:
	libavcodec/4xm.c
	libavcodec/alsdec.c
	libavcodec/dfa.c
	libavcodec/h264_ps.c
	libavcodec/jpeg2000dec.c
	libavcodec/lagarith.c
	libavcodec/mpeg12dec.c
	libavcodec/rv10.c
	libavcodec/svq3.c
	libavcodec/wmaprodec.c
	libavcodec/xwddec.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-03-22 18:43:40 +01:00
Diego Biurrun
cc8163e1a3 avcodec: more correct printf specifiers 2014-03-22 14:08:20 +01:00
Michael Niedermayer
d1134ababd Merge commit 'fe80fa53bc4977ef6e8e749a9df8ca5590a09307'
* commit 'fe80fa53bc4977ef6e8e749a9df8ca5590a09307':
  4xm: replace forcing EMU_EDGE by a copy

Conflicts:
	libavcodec/4xm.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-01-06 13:51:01 +01:00
Anton Khirnov
fe80fa53bc 4xm: replace forcing EMU_EDGE by a copy
The decoder currently sets CODEC_FLAG_EMU_EDGE and relies on
get_buffer2() to always provide buffers with linesize == 2 * width.
This is wrong, since we place no such restriction on get_buffer2()
implementations.

Fix this by decoding into internal buffers and copying them to output
frames. Since this is a very obscure decoder, the performance hit should
not be an issue.
2014-01-06 08:14:14 +01:00
Anton Khirnov
fffca3d278 4xm: return a proper error code. 2014-01-06 08:13:50 +01:00
Paul B Mahol
2820562935 avcodec/4xm: use av_fast_padded_malloc()
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2013-10-30 11:04:06 +00:00
Michael Niedermayer
ee77140afa Merge commit 'b2bed9325dbd6be0da1d91ffed3f513c40274fd2'
* commit 'b2bed9325dbd6be0da1d91ffed3f513c40274fd2':
  cosmetics: Group .name and .long_name together in codec/format declarations

Conflicts:
	libavcodec/8svx.c
	libavcodec/alac.c
	libavcodec/cljr.c
	libavcodec/dnxhddec.c
	libavcodec/dnxhdenc.c
	libavcodec/dpxenc.c
	libavcodec/dvdec.c
	libavcodec/dvdsubdec.c
	libavcodec/dvdsubenc.c
	libavcodec/ffv1dec.c
	libavcodec/flacdec.c
	libavcodec/flvdec.c
	libavcodec/fraps.c
	libavcodec/frwu.c
	libavcodec/g726.c
	libavcodec/gif.c
	libavcodec/gifdec.c
	libavcodec/h261dec.c
	libavcodec/h263dec.c
	libavcodec/iff.c
	libavcodec/imc.c
	libavcodec/libopencore-amr.c
	libavcodec/libopenjpegdec.c
	libavcodec/libopenjpegenc.c
	libavcodec/libspeexenc.c
	libavcodec/libvo-amrwbenc.c
	libavcodec/libvorbisenc.c
	libavcodec/libvpxenc.c
	libavcodec/libx264.c
	libavcodec/libxavs.c
	libavcodec/libxvid.c
	libavcodec/ljpegenc.c
	libavcodec/mjpegbdec.c
	libavcodec/mjpegdec.c
	libavcodec/mpeg12dec.c
	libavcodec/mpeg4videodec.c
	libavcodec/msmpeg4dec.c
	libavcodec/pgssubdec.c
	libavcodec/pngdec.c
	libavcodec/pngenc.c
	libavcodec/proresdec_lgpl.c
	libavcodec/proresenc_kostya.c
	libavcodec/ra144enc.c
	libavcodec/rawdec.c
	libavcodec/rv10.c
	libavcodec/sp5xdec.c
	libavcodec/takdec.c
	libavcodec/tta.c
	libavcodec/v210dec.c
	libavcodec/vp6.c
	libavcodec/wavpack.c
	libavcodec/xbmenc.c
	libavcodec/yop.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2013-10-04 12:34:23 +02:00
Diego Biurrun
b2bed9325d cosmetics: Group .name and .long_name together in codec/format declarations 2013-10-03 23:32:01 +02:00
Michael Niedermayer
82654172ce Merge commit '2f034f255c49050e894ab9b88087c09ebe249f3f'
* commit '2f034f255c49050e894ab9b88087c09ebe249f3f':
  4xm: Reject not a multiple of 16 dimension

The newly added checks are redundant and thus replaced by asserts

See: db5b487551
Merged-by: Michael Niedermayer <michaelni@gmx.at>
2013-07-24 11:31:14 +02:00
Luca Barbato
2f034f255c 4xm: Reject not a multiple of 16 dimension
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2013-07-23 23:03:37 +02:00
Michael Niedermayer
68efb1d60a 4xm: Dont ignore dc run errors
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-06-30 01:35:22 +02:00
Michael Niedermayer
13c56e9a9c 4xm: check for invalid zero ac coeffs
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-06-30 01:35:22 +02:00
Michael Niedermayer
a9821bdafb Merge remote-tracking branch 'qatar/master'
* qatar/master:
  4xm: check bitstream_size boundary before using it

Conflicts:
	libavcodec/4xm.c

See: 9c661e95

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2013-06-13 14:51:59 +02:00
Michael Niedermayer
e9f2e9715b Merge commit 'fbd0dacc8d61ab418b3fa8e7be22017558323e56'
* commit 'fbd0dacc8d61ab418b3fa8e7be22017558323e56':
  4xm: refactor decode_p_block

Conflicts:
	libavcodec/4xm.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2013-06-13 14:39:21 +02:00
Michael Niedermayer
27e8298c03 Merge commit '94aefb1932be882fd93f66cf790ceb19ff575c19'
* commit '94aefb1932be882fd93f66cf790ceb19ff575c19':
  4xm: do not overread the source buffer in decode_p_block

Conflicts:
	libavcodec/4xm.c

The checks are replaced by av_assert0() as the conditions should
be impossible. If these asserts fail, there is a bug elsewhere

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2013-06-13 14:10:06 +02:00
Michael Niedermayer
67d5d97cdc Merge commit 'be373cb50d3c411366fec7eef2eb3681abe48f96'
* commit 'be373cb50d3c411366fec7eef2eb3681abe48f96':
  4xm: do not overread the prestream buffer

Conflicts:
	libavcodec/4xm.c

See: 9c661e95
Merged-by: Michael Niedermayer <michaelni@gmx.at>
2013-06-13 13:57:07 +02:00
Michael Niedermayer
dbddd587e1 Merge commit 'de2e5777e225e75813daf2373c95e223651fd89a'
* commit 'de2e5777e225e75813daf2373c95e223651fd89a':
  4xm: validate the buffer size before parsing it

Conflicts:
	libavcodec/4xm.c

See: 9c661e95

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2013-06-13 13:41:27 +02:00
Michael Niedermayer
f13f4d2b08 Merge commit '145023f57262d21474e35b4a6069cf95136339d4'
* commit '145023f57262d21474e35b4a6069cf95136339d4':
  4xm: reject frames not compatible with the declared version

See: c433823750

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2013-06-13 13:14:42 +02:00
Michael Niedermayer
18cb3d355f Merge commit '1f0c6075604c271d5627480f1243d22795f9a315'
* commit '1f0c6075604c271d5627480f1243d22795f9a315':
  4xm: drop pointless assert

Conflicts:
	libavcodec/4xm.c

The added condition is impossible to occur and thus is added to the assert.
The assert is not removed from the default case, as the default case cannot
occur. Thus either it should stay as is or the case as a whole be removed.
For extra safety, to ensure this doesnt change the assert is changed to
av_assert0()

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2013-06-13 13:06:22 +02:00
Michael Niedermayer
e5558391b5 Merge commit 'b8b809908ec547b2609dbac24194f4fd2df61aea'
* commit 'b8b809908ec547b2609dbac24194f4fd2df61aea':
  4xm: forward errors from decode_p_block

Conflicts:
	libavcodec/4xm.c

Impossible to be false check has been replaced by av_assert0()

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2013-06-13 12:24:00 +02:00
Michael Niedermayer
294af51401 Merge commit '50ec1db62d977b6e864f315a53c1c580a6d7efa4'
* commit '50ec1db62d977b6e864f315a53c1c580a6d7efa4':
  4xm: fold last_picture lazy allocation in decode_p_frame

Conflicts:
	libavcodec/4xm.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2013-06-13 12:12:33 +02:00
Michael Niedermayer
60657ee37a Merge commit 'e7a44f87d07655ec0cd31c315936931674434340'
* commit 'e7a44f87d07655ec0cd31c315936931674434340':
  4xm: refactor fourxm_read_header

Conflicts:
	libavformat/4xm.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2013-06-13 10:08:50 +02:00
Michael Niedermayer
5c3e5651dd Merge commit '08859d19b429c522d6494c186656f4a2d3ff8e21'
* commit '08859d19b429c522d6494c186656f4a2d3ff8e21':
  4xm: use the correct logging context
  g2meet: Fix a typo in the height comparison

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2013-06-13 09:41:45 +02:00
Luca Barbato
59d7bb99b6 4xm: check bitstream_size boundary before using it
Prevent buffer overread.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2013-06-12 14:45:46 +02:00
Luca Barbato
fbd0dacc8d 4xm: refactor decode_p_block
Directly return from code 1, 2 and 6 codepaths and simplify the
remaining one to have a single overflow check and a single call to
mcdc.
2013-06-12 14:45:46 +02:00
Luca Barbato
94aefb1932 4xm: do not overread the source buffer in decode_p_block
Check for out of picture macroblocks before calling mcdc.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2013-06-12 14:45:46 +02:00
Luca Barbato
be373cb50d 4xm: do not overread the prestream buffer
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2013-06-12 14:45:46 +02:00
Luca Barbato
de2e5777e2 4xm: validate the buffer size before parsing it
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2013-06-12 14:45:46 +02:00