diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2013-09-22 17:36:39 +0200 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2013-09-22 17:36:39 +0200 |
| commit | 70a1182a484402fc893d7fe4530d7bb9d636524a (patch) | |
| tree | fc5d2389e4f6e5a8fadb38c734cc713578054bb8 | |
| parent | 49d597f058a9f3a09d272e711d636f5e6829920e (diff) | |
| parent | f844cb9bced3148fca2db5bbb092929526108005 (diff) | |
| download | ffmpeg-70a1182a484402fc893d7fe4530d7bb9d636524a.tar.gz | |
Merge commit 'f844cb9bced3148fca2db5bbb092929526108005' into release/0.8
* commit 'f844cb9bced3148fca2db5bbb092929526108005':
iff: validate CMAP palette size
wmaprodec: require block_align to be set.
lzo: fix overflow checking in copy_backptr()
flacdec: simplify bounds checking in flac_probe()
atrac3: avoid oversized shifting in decode_bytes()
lavf: fix arithmetic overflows in avformat_seek_file()
Conflicts:
libavformat/iff.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
| -rw-r--r-- | libavcodec/atrac3.c | 7 | ||||
| -rw-r--r-- | libavcodec/wmaprodec.c | 5 | ||||
| -rw-r--r-- | libavformat/flacdec.c | 8 | ||||
| -rw-r--r-- | libavformat/iff.c | 5 | ||||
| -rw-r--r-- | libavformat/utils.c | 2 | ||||
| -rw-r--r-- | libavutil/lzo.c | 3 |
6 files changed, 20 insertions, 10 deletions
diff --git a/libavcodec/atrac3.c b/libavcodec/atrac3.c index d80cec41ec..dc1a7e0972 100644 --- a/libavcodec/atrac3.c +++ b/libavcodec/atrac3.c @@ -179,8 +179,11 @@ static int decode_bytes(const uint8_t* inbuffer, uint8_t* out, int bytes){ uint32_t* obuf = (uint32_t*) out; off = (intptr_t)inbuffer & 3; - buf = (const uint32_t*) (inbuffer - off); - c = av_be2ne32((0x537F6103 >> (off*8)) | (0x537F6103 << (32-(off*8)))); + buf = (const uint32_t *)(inbuffer - off); + if (off) + c = av_be2ne32((0x537F6103U >> (off * 8)) | (0x537F6103U << (32 - (off * 8)))); + else + c = av_be2ne32(0x537F6103U); bytes += 3 + off; for (i = 0; i < bytes/4; i++) obuf[i] = c ^ buf[i]; diff --git a/libavcodec/wmaprodec.c b/libavcodec/wmaprodec.c index 6b3d476a53..816d95ffc0 100644 --- a/libavcodec/wmaprodec.c +++ b/libavcodec/wmaprodec.c @@ -277,6 +277,11 @@ static av_cold int decode_init(AVCodecContext *avctx) int log2_max_num_subframes; int num_possible_block_sizes; + if (!avctx->block_align) { + av_log(avctx, AV_LOG_ERROR, "block_align is not set\n"); + return AVERROR(EINVAL); + } + s->avctx = avctx; dsputil_init(&s->dsp, avctx); init_put_bits(&s->pb, s->frame_data, MAX_FRAMESIZE); diff --git a/libavformat/flacdec.c b/libavformat/flacdec.c index 3dd3e1f70f..3d2550f54d 100644 --- a/libavformat/flacdec.c +++ b/libavformat/flacdec.c @@ -116,11 +116,9 @@ static int flac_read_header(AVFormatContext *s, static int flac_probe(AVProbeData *p) { - uint8_t *bufptr = p->buf; - uint8_t *end = p->buf + p->buf_size; - - if(bufptr > end-4 || memcmp(bufptr, "fLaC", 4)) return 0; - else return AVPROBE_SCORE_MAX/2; + if (p->buf_size < 4 || memcmp(p->buf, "fLaC", 4)) + return 0; + return AVPROBE_SCORE_MAX/2; } AVInputFormat ff_flac_demuxer = { diff --git a/libavformat/iff.c b/libavformat/iff.c index db988a6ecd..cd5695e9b7 100644 --- a/libavformat/iff.c +++ b/libavformat/iff.c @@ -185,6 +185,11 @@ static int iff_read_header(AVFormatContext *s, break; case ID_CMAP: + if (data_size < 3 || data_size > 768 || data_size % 3) { + av_log(s, AV_LOG_ERROR, "Invalid CMAP chunk size %d\n", + data_size); + return AVERROR_INVALIDDATA; + } st->codec->extradata_size = data_size + IFF_EXTRA_VIDEO_SIZE; st->codec->extradata = av_malloc(data_size + IFF_EXTRA_VIDEO_SIZE + FF_INPUT_BUFFER_PADDING_SIZE); if (!st->codec->extradata) diff --git a/libavformat/utils.c b/libavformat/utils.c index 9e6678f007..ccc7540e96 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -1828,7 +1828,7 @@ int avformat_seek_file(AVFormatContext *s, int stream_index, int64_t min_ts, int //Fallback to old API if new is not implemented but old is //Note the old has somewat different sematics if(s->iformat->read_seek || 1) - return av_seek_frame(s, stream_index, ts, flags | (ts - min_ts > (uint64_t)(max_ts - ts) ? AVSEEK_FLAG_BACKWARD : 0)); + return av_seek_frame(s, stream_index, ts, flags | ((uint64_t)ts - min_ts > (uint64_t)max_ts - ts ? AVSEEK_FLAG_BACKWARD : 0)); // try some generic seek like av_seek_frame_generic() but with new ts semantics } diff --git a/libavutil/lzo.c b/libavutil/lzo.c index 8407d7d376..d2e86bc30a 100644 --- a/libavutil/lzo.c +++ b/libavutil/lzo.c @@ -119,9 +119,8 @@ static inline void memcpy_backptr(uint8_t *dst, int back, int cnt); * thus creating a repeating pattern with a period length of back. */ static inline void copy_backptr(LZOContext *c, int back, int cnt) { - register const uint8_t *src = &c->out[-back]; register uint8_t *dst = c->out; - if (src < c->out_start || src > dst) { + if (dst - c->out_start < back) { c->error |= AV_LZO_INVALID_BACKPTR; return; } |