diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2014-03-10 18:06:35 +0100 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2014-03-10 18:06:35 +0100 |
| commit | b7a750f67f68b41d5f3215906a5282b9cb7937d3 (patch) | |
| tree | f08ed568b4c402148c9051f16e389652b85e3fac | |
| parent | 41216ebb9e53bfa25b1bf39b66c15ab7d2902929 (diff) | |
| parent | cb5d0ea0bec119ecbe327bd7d3834987ab42ec1a (diff) | |
| download | ffmpeg-b7a750f67f68b41d5f3215906a5282b9cb7937d3.tar.gz | |
Merge commit 'cb5d0ea0bec119ecbe327bd7d3834987ab42ec1a' into release/0.10
* commit 'cb5d0ea0bec119ecbe327bd7d3834987ab42ec1a':
flashsv: Check diff_start diff_height values
dsputil/pngdsp: fix signed/unsigned type in end comparison
vqavideo: check chunk sizes before reading chunks
avi: directly resync on DV in AVI read failure
get_bits: change the failure condition in init_get_bits
twinvq: Cope with gcc-4.8.2 miscompilation
Conflicts:
libavcodec/dsputil.c
libavcodec/flashsv.c
libavcodec/get_bits.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
| -rw-r--r-- | libavcodec/dsputil.c | 4 | ||||
| -rw-r--r-- | libavcodec/flashsv.c | 4 | ||||
| -rw-r--r-- | libavcodec/get_bits.h | 2 | ||||
| -rw-r--r-- | libavcodec/twinvq.c | 2 | ||||
| -rw-r--r-- | libavcodec/vqavideo.c | 12 | ||||
| -rw-r--r-- | libavformat/avidec.c | 2 |
6 files changed, 21 insertions, 5 deletions
diff --git a/libavcodec/dsputil.c b/libavcodec/dsputil.c index 6264832e56..dab74cced2 100644 --- a/libavcodec/dsputil.c +++ b/libavcodec/dsputil.c @@ -1912,7 +1912,7 @@ void ff_set_cmp(DSPContext* c, me_cmp_func *cmp, int type){ static void add_bytes_c(uint8_t *dst, uint8_t *src, int w){ long i; - for(i=0; i<=w-(int)sizeof(long); i+=sizeof(long)){ + for (i = 0; i <= w - (int) sizeof(long); i += sizeof(long)) { long a = *(long*)(src+i); long b = *(long*)(dst+i); *(long*)(dst+i) = ((a&pb_7f) + (b&pb_7f)) ^ ((a^b)&pb_80); @@ -1937,7 +1937,7 @@ static void diff_bytes_c(uint8_t *dst, uint8_t *src1, uint8_t *src2, int w){ } }else #endif - for(i=0; i<=w-(int)sizeof(long); i+=sizeof(long)){ + for (i = 0; i <= w - (int) sizeof(long); i += sizeof(long)) { long a = *(long*)(src1+i); long b = *(long*)(src2+i); *(long*)(dst+i) = ((a|pb_80) - (b&pb_7f)) ^ ((a^b^pb_80)&pb_80); diff --git a/libavcodec/flashsv.c b/libavcodec/flashsv.c index 7ef4ade58e..e74c318459 100644 --- a/libavcodec/flashsv.c +++ b/libavcodec/flashsv.c @@ -389,7 +389,9 @@ static int flashsv_decode_frame(AVCodecContext *avctx, void *data, s->diff_start = get_bits(&gb, 8); s->diff_height = get_bits(&gb, 8); if (s->diff_start + s->diff_height > cur_blk_height) { - av_log(avctx, AV_LOG_ERROR, "Block parameters invalid\n"); + av_log(avctx, AV_LOG_ERROR, + "Block parameters invalid: %d + %d > %d\n", + s->diff_start, s->diff_height, cur_blk_height); return AVERROR_INVALIDDATA; } av_log(avctx, AV_LOG_DEBUG, diff --git a/libavcodec/get_bits.h b/libavcodec/get_bits.h index afa4f2ac44..38ae4ca1cb 100644 --- a/libavcodec/get_bits.h +++ b/libavcodec/get_bits.h @@ -355,7 +355,7 @@ static inline int init_get_bits(GetBitContext *s, const uint8_t *buffer, int buffer_size; int ret = 0; - if (bit_size > INT_MAX - 7 || bit_size < 0) { + if (bit_size > INT_MAX - 7 || bit_size < 0 || !buffer) { buffer_size = bit_size = 0; buffer = NULL; ret = AVERROR_INVALIDDATA; diff --git a/libavcodec/twinvq.c b/libavcodec/twinvq.c index 6c958d9df1..de53eb338d 100644 --- a/libavcodec/twinvq.c +++ b/libavcodec/twinvq.c @@ -996,7 +996,7 @@ static void linear_perm(int16_t *out, int16_t *in, int n_blocks, int size) out[i] = block_size * (in[i] % n_blocks) + in[i] / n_blocks; } -static av_cold void construct_perm_table(TwinContext *tctx,enum FrameType ftype) +static av_cold void construct_perm_table(TwinContext *tctx, int ftype) { int block_size; const ModeTab *mtab = tctx->mtab; diff --git a/libavcodec/vqavideo.c b/libavcodec/vqavideo.c index 682079dd9a..f3ad4f2fbe 100644 --- a/libavcodec/vqavideo.c +++ b/libavcodec/vqavideo.c @@ -534,6 +534,12 @@ static int vqa_decode_chunk(VqaContext *s) bytestream2_seek(&s->gb, cbp0_chunk, SEEK_SET); chunk_size = bytestream2_get_be32(&s->gb); + if (chunk_size > MAX_CODEBOOK_SIZE - s->next_codebook_buffer_index) { + av_log(s->avctx, AV_LOG_ERROR, "cbp0 chunk too large (%u bytes)\n", + chunk_size); + return AVERROR_INVALIDDATA; + } + /* accumulate partial codebook */ bytestream2_get_buffer(&s->gb, &s->next_codebook_buffer[s->next_codebook_buffer_index], chunk_size); @@ -557,6 +563,12 @@ static int vqa_decode_chunk(VqaContext *s) bytestream2_seek(&s->gb, cbpz_chunk, SEEK_SET); chunk_size = bytestream2_get_be32(&s->gb); + if (chunk_size > MAX_CODEBOOK_SIZE - s->next_codebook_buffer_index) { + av_log(s->avctx, AV_LOG_ERROR, "cbpz chunk too large (%u bytes)\n", + chunk_size); + return AVERROR_INVALIDDATA; + } + /* accumulate partial codebook */ bytestream2_get_buffer(&s->gb, &s->next_codebook_buffer[s->next_codebook_buffer_index], chunk_size); diff --git a/libavformat/avidec.c b/libavformat/avidec.c index 1d4bcf7cbb..5a8d5a7741 100644 --- a/libavformat/avidec.c +++ b/libavformat/avidec.c @@ -1051,6 +1051,8 @@ static int avi_read_packet(AVFormatContext *s, AVPacket *pkt) int size = avpriv_dv_get_packet(avi->dv_demux, pkt); if (size >= 0) return size; + else + goto resync; } if(avi->non_interleaved){ |