aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Niedermayer <michaelni@gmx.at>2013-09-26 00:18:12 +0200
committerMichael Niedermayer <michaelni@gmx.at>2013-09-26 00:18:12 +0200
commitc8ca38567669278dde3a50d2d7e4fa2f831ef044 (patch)
treed87070f53eeaa55bd2b6989b1e0c8bff41f41cec
parentc6a4397410ab5f1b22cbc9f1ccb3126b3e5d6125 (diff)
parentb0ca5fef09d1b1268ea0c8f89bf53cd38aaa85e7 (diff)
downloadffmpeg-c8ca38567669278dde3a50d2d7e4fa2f831ef044.tar.gz
Merge commit 'b0ca5fef09d1b1268ea0c8f89bf53cd38aaa85e7' into release/0.10
* commit 'b0ca5fef09d1b1268ea0c8f89bf53cd38aaa85e7': dv: Add a guard to not overread the ppcm array mpegvideo: Avoid 32-bit wrapping of linesize multiplications mjpegb: Detect changing number of planes in interlaced video matroskadec: Check that .lang was allocated and set before reading it ape demuxer: check for EOF in potentially long loops lavf: avoid integer overflow when estimating bitrate pictordec: break out of both decoding loops when y drops below 0 ac3: Return proper error codes Conflicts: libavcodec/pictordec.c Merged-by: Michael Niedermayer <michaelni@gmx.at>
-rw-r--r--libavcodec/ac3dec.c30
-rw-r--r--libavcodec/mjpegdec.c7
-rw-r--r--libavcodec/mpegvideo_common.h3
-rw-r--r--libavcodec/pictordec.c3
-rw-r--r--libavformat/ape.c4
-rw-r--r--libavformat/dv.c4
-rw-r--r--libavformat/matroskadec.c3
-rw-r--r--libavformat/utils.c9
8 files changed, 41 insertions, 22 deletions
diff --git a/libavcodec/ac3dec.c b/libavcodec/ac3dec.c
index ffcfd3bb6b..5e2c41a07b 100644
--- a/libavcodec/ac3dec.c
+++ b/libavcodec/ac3dec.c
@@ -297,7 +297,7 @@ static int parse_frame_header(AC3DecodeContext *s)
return ff_eac3_parse_header(s);
} else {
av_log(s->avctx, AV_LOG_ERROR, "E-AC-3 support not compiled in\n");
- return -1;
+ return AVERROR(ENOSYS);
}
}
@@ -822,12 +822,12 @@ static int decode_audio_block(AC3DecodeContext *s, int blk)
if (start_subband >= end_subband) {
av_log(s->avctx, AV_LOG_ERROR, "invalid spectral extension "
"range (%d >= %d)\n", start_subband, end_subband);
- return -1;
+ return AVERROR_INVALIDDATA;
}
if (dst_start_freq >= src_start_freq) {
av_log(s->avctx, AV_LOG_ERROR, "invalid spectral extension "
"copy start bin (%d >= %d)\n", dst_start_freq, src_start_freq);
- return -1;
+ return AVERROR_INVALIDDATA;
}
s->spx_dst_start_freq = dst_start_freq;
@@ -904,7 +904,7 @@ static int decode_audio_block(AC3DecodeContext *s, int blk)
if (channel_mode < AC3_CHMODE_STEREO) {
av_log(s->avctx, AV_LOG_ERROR, "coupling not allowed in mono or dual-mono\n");
- return -1;
+ return AVERROR_INVALIDDATA;
}
/* check for enhanced coupling */
@@ -934,7 +934,7 @@ static int decode_audio_block(AC3DecodeContext *s, int blk)
if (cpl_start_subband >= cpl_end_subband) {
av_log(s->avctx, AV_LOG_ERROR, "invalid coupling range (%d >= %d)\n",
cpl_start_subband, cpl_end_subband);
- return -1;
+ return AVERROR_INVALIDDATA;
}
s->start_freq[CPL_CH] = cpl_start_subband * 12 + 37;
s->end_freq[CPL_CH] = cpl_end_subband * 12 + 37;
@@ -956,7 +956,7 @@ static int decode_audio_block(AC3DecodeContext *s, int blk)
if (!blk) {
av_log(s->avctx, AV_LOG_ERROR, "new coupling strategy must "
"be present in block 0\n");
- return -1;
+ return AVERROR_INVALIDDATA;
} else {
s->cpl_in_use[blk] = s->cpl_in_use[blk-1];
}
@@ -986,7 +986,7 @@ static int decode_audio_block(AC3DecodeContext *s, int blk)
} else if (!blk) {
av_log(s->avctx, AV_LOG_ERROR, "new coupling coordinates must "
"be present in block 0\n");
- return -1;
+ return AVERROR_INVALIDDATA;
}
} else {
/* channel not in coupling */
@@ -1041,7 +1041,7 @@ static int decode_audio_block(AC3DecodeContext *s, int blk)
int bandwidth_code = get_bits(gbc, 6);
if (bandwidth_code > 60) {
av_log(s->avctx, AV_LOG_ERROR, "bandwidth code = %d > 60\n", bandwidth_code);
- return -1;
+ return AVERROR_INVALIDDATA;
}
s->end_freq[ch] = bandwidth_code * 3 + 73;
}
@@ -1064,7 +1064,7 @@ static int decode_audio_block(AC3DecodeContext *s, int blk)
s->num_exp_groups[ch], s->dexps[ch][0],
&s->dexps[ch][s->start_freq[ch]+!!ch])) {
av_log(s->avctx, AV_LOG_ERROR, "exponent out-of-range\n");
- return -1;
+ return AVERROR_INVALIDDATA;
}
if (ch != CPL_CH && ch != s->lfe_ch)
skip_bits(gbc, 2); /* skip gainrng */
@@ -1084,7 +1084,7 @@ static int decode_audio_block(AC3DecodeContext *s, int blk)
} else if (!blk) {
av_log(s->avctx, AV_LOG_ERROR, "new bit allocation info must "
"be present in block 0\n");
- return -1;
+ return AVERROR_INVALIDDATA;
}
}
@@ -1115,7 +1115,7 @@ static int decode_audio_block(AC3DecodeContext *s, int blk)
}
} else if (!s->eac3 && !blk) {
av_log(s->avctx, AV_LOG_ERROR, "new snr offsets must be present in block 0\n");
- return -1;
+ return AVERROR_INVALIDDATA;
}
}
@@ -1154,7 +1154,7 @@ static int decode_audio_block(AC3DecodeContext *s, int blk)
} else if (!s->eac3 && !blk) {
av_log(s->avctx, AV_LOG_ERROR, "new coupling leak info must "
"be present in block 0\n");
- return -1;
+ return AVERROR_INVALIDDATA;
}
s->first_cpl_leak = 0;
}
@@ -1166,7 +1166,7 @@ static int decode_audio_block(AC3DecodeContext *s, int blk)
s->dba_mode[ch] = get_bits(gbc, 2);
if (s->dba_mode[ch] == DBA_RESERVED) {
av_log(s->avctx, AV_LOG_ERROR, "delta bit allocation strategy reserved\n");
- return -1;
+ return AVERROR_INVALIDDATA;
}
bit_alloc_stages[ch] = FFMAX(bit_alloc_stages[ch], 2);
}
@@ -1207,7 +1207,7 @@ static int decode_audio_block(AC3DecodeContext *s, int blk)
s->dba_offsets[ch], s->dba_lengths[ch],
s->dba_values[ch], s->mask[ch])) {
av_log(s->avctx, AV_LOG_ERROR, "error in bit allocation\n");
- return -1;
+ return AVERROR_INVALIDDATA;
}
}
if (bit_alloc_stages[ch] > 0) {
@@ -1328,7 +1328,7 @@ static int ac3_decode_frame(AVCodecContext * avctx, void *data,
switch (err) {
case AAC_AC3_PARSE_ERROR_SYNC:
av_log(avctx, AV_LOG_ERROR, "frame sync error\n");
- return -1;
+ return AVERROR_INVALIDDATA;
case AAC_AC3_PARSE_ERROR_BSID:
av_log(avctx, AV_LOG_ERROR, "invalid bitstream id\n");
break;
diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index dd437ebefd..662f0b4674 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -255,6 +255,13 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s)
if (nb_components <= 0 ||
nb_components > MAX_COMPONENTS)
return -1;
+ if (s->interlaced && (s->bottom_field == !s->interlace_polarity)) {
+ if (nb_components != s->nb_components) {
+ av_log(s->avctx, AV_LOG_ERROR,
+ "nb_components changing in interlaced picture\n");
+ return AVERROR_INVALIDDATA;
+ }
+ }
if (s->ls && !(s->bits <= 8 || nb_components == 1)) {
av_log(s->avctx, AV_LOG_ERROR,
"only <= 8 bits/component or 16-bit gray accepted for JPEG-LS\n");
diff --git a/libavcodec/mpegvideo_common.h b/libavcodec/mpegvideo_common.h
index 947112b4be..debd6bae17 100644
--- a/libavcodec/mpegvideo_common.h
+++ b/libavcodec/mpegvideo_common.h
@@ -244,7 +244,8 @@ void mpeg_motion_internal(MpegEncContext *s,
{
uint8_t *ptr_y, *ptr_cb, *ptr_cr;
int dxy, uvdxy, mx, my, src_x, src_y,
- uvsrc_x, uvsrc_y, v_edge_pos, uvlinesize, linesize;
+ uvsrc_x, uvsrc_y, v_edge_pos;
+ ptrdiff_t uvlinesize, linesize;
#if 0
if(s->quarter_sample)
diff --git a/libavcodec/pictordec.c b/libavcodec/pictordec.c
index d788e6474c..247e7f178b 100644
--- a/libavcodec/pictordec.c
+++ b/libavcodec/pictordec.c
@@ -235,6 +235,8 @@ static int decode_frame(AVCodecContext *avctx,
if (bits_per_plane == 8) {
picmemset_8bpp(s, val, run, &x, &y);
+ if (y < 0)
+ goto finish;
} else {
picmemset(s, val, run, &x, &y, &plane, bits_per_plane);
}
@@ -247,6 +249,7 @@ static int decode_frame(AVCodecContext *avctx,
y--;
}
}
+finish:
*data_size = sizeof(AVFrame);
*(AVFrame*)data = s->frame;
diff --git a/libavformat/ape.c b/libavformat/ape.c
index 016638b54e..d712331fb1 100644
--- a/libavformat/ape.c
+++ b/libavformat/ape.c
@@ -276,7 +276,9 @@ static int ape_read_header(AVFormatContext * s, AVFormatParameters * ap)
ape->seektable = av_malloc(ape->seektablelength);
if (!ape->seektable)
return AVERROR(ENOMEM);
- for (i = 0; i < ape->seektablelength / sizeof(uint32_t); i++)
+ for (i = 0;
+ i < ape->seektablelength / sizeof(uint32_t) && !pb->eof_reached;
+ i++)
ape->seektable[i] = avio_rl32(pb);
}else{
av_log(s, AV_LOG_ERROR, "Missing seektable\n");
diff --git a/libavformat/dv.c b/libavformat/dv.c
index 1275b1971f..9e016391c5 100644
--- a/libavformat/dv.c
+++ b/libavformat/dv.c
@@ -106,7 +106,7 @@ static const uint8_t* dv_extract_pack(uint8_t* frame, enum dv_pack_type t)
* 3. Audio is always returned as 16bit linear samples: 12bit nonlinear samples
* are converted into 16bit linear ones.
*/
-static int dv_extract_audio(uint8_t* frame, uint8_t* ppcm[4],
+static int dv_extract_audio(uint8_t *frame, uint8_t **ppcm,
const DVprofile *sys)
{
int size, chan, i, j, d, of, smpls, freq, quant, half_ch;
@@ -374,7 +374,7 @@ int avpriv_dv_produce_packet(DVDemuxContext *c, AVPacket *pkt,
uint8_t* buf, int buf_size, int64_t pos)
{
int size, i;
- uint8_t *ppcm[4] = {0};
+ uint8_t *ppcm[5] = { 0 };
if (buf_size < DV_PROFILE_BYTES ||
!(c->sys = avpriv_dv_frame_profile(c->sys, buf, buf_size)) ||
diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index 3cba90fd6d..32c6af1d81 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -1114,7 +1114,8 @@ static void matroska_convert_tag(AVFormatContext *s, EbmlList *list,
int i;
for (i=0; i < list->nb_elem; i++) {
- const char *lang = strcmp(tags[i].lang, "und") ? tags[i].lang : NULL;
+ const char *lang = tags[i].lang && strcmp(tags[i].lang, "und") ?
+ tags[i].lang : NULL;
if (!tags[i].name) {
av_log(s, AV_LOG_WARNING, "Skipping invalid tag with no TagName.\n");
diff --git a/libavformat/utils.c b/libavformat/utils.c
index aee3179dee..3141b9d5e8 100644
--- a/libavformat/utils.c
+++ b/libavformat/utils.c
@@ -2057,8 +2057,13 @@ static void estimate_timings_from_bit_rate(AVFormatContext *ic)
bit_rate = 0;
for(i=0;i<ic->nb_streams;i++) {
st = ic->streams[i];
- if (st->codec->bit_rate > 0)
- bit_rate += st->codec->bit_rate;
+ if (st->codec->bit_rate > 0) {
+ if (INT_MAX - st->codec->bit_rate > bit_rate) {
+ bit_rate = 0;
+ break;
+ }
+ bit_rate += st->codec->bit_rate;
+ }
}
ic->bit_rate = bit_rate;
}