aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Niedermayer <michaelni@gmx.at>2013-10-06 18:49:35 +0200
committerMichael Niedermayer <michaelni@gmx.at>2013-10-06 19:04:27 +0200
commit0ca3dbbfcef0de304b6c6458787edbefc7a004d1 (patch)
tree71d80ecb8a5aefb75b6c3d2831db0e2ba9f449a0
parent82c6b76d701a44941da47fb60ddf13d94769b91e (diff)
parenta248117f2618e9e4de3c87e685bce44578b11657 (diff)
downloadffmpeg-0ca3dbbfcef0de304b6c6458787edbefc7a004d1.tar.gz
Merge tag 'n0.8.15' into release/0.7
FFmpeg 0.8.15 release * tag 'n0.8.15': (49 commits) update for 0.8.15 avcodec/ffv1enc: update buffer check for 16bps avcodec/dsputil: fix signedness in sizeof() comparissions avcodec/pngdsp: fix (un)signed type in end comparission matroska_read_seek: Fix used streams for subtitle index compensation jpeg2000: check log2_cblk dimensions avcodec/rpza: Perform pointer advance and checks before using the pointers update all trac links to use the trac subdomain doc/APIchanges: List merge commit hashes and version numbers apichanges: fix 2 wrong hashes avcodec/parser: reset indexes on realloc failure mpeg12dec: avoid reinitialization on PS changes when possible. mpegts: only reopen pmt_cb filter if its different from the previous. Autodetect idcin only if audio properties allow decoding. alacenc: Fix missing sign_extend() h264_cavlc: fix reading skip run Update changelog for 0.7.8 release aac: check the maximum number of channels oggdec: fix faulty cleanup prototype qdm2: check that the FFT size is a power of 2 ... Conflicts: Doxyfile RELEASE VERSION libavformat/matroskadec.c Merged-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat
-rw-r--r--doc/APIchanges120
-rw-r--r--doc/filters.texi2
-rw-r--r--doc/issue_tracker.txt2
-rw-r--r--libavcodec/aacdec.c2
-rw-r--r--libavcodec/atrac3.c7
-rw-r--r--libavcodec/dfa.c2
-rw-r--r--libavcodec/dsputil.c20
-rw-r--r--libavcodec/ffv1.c2
-rw-r--r--libavcodec/h264.c6
-rw-r--r--libavcodec/indeo5.c1
-rw-r--r--libavcodec/j2kdec.c8
-rw-r--r--libavcodec/parser.c14
-rw-r--r--libavcodec/pngdec.c2
-rw-r--r--libavcodec/qdm2.c4
-rw-r--r--libavcodec/rpza.c8
-rw-r--r--libavcodec/rv10.c5
-rw-r--r--libavcodec/shorten.c27
-rw-r--r--libavcodec/vorbisdec.c5
-rw-r--r--libavcodec/wmadec.c5
-rw-r--r--libavcodec/wmaprodec.c12
-rw-r--r--libavcodec/xxan.c2
-rw-r--r--libavfilter/avfiltergraph.c7
-rw-r--r--libavfilter/graphparser.c3
-rw-r--r--libavformat/flacdec.c8
-rw-r--r--libavformat/iff.c5
-rw-r--r--libavformat/matroskadec.c9
-rw-r--r--libavformat/oggdec.c4
-rw-r--r--libavformat/oggdec.h5
-rw-r--r--libavformat/oggparsevorbis.c14
-rw-r--r--libavformat/utils.c3
-rw-r--r--libavutil/lzo.c3
31 files changed, 206 insertions, 111 deletions
diff --git a/doc/APIchanges b/doc/APIchanges
index b81c5bf8d9..d030f820d2 100644
--- a/doc/APIchanges
+++ b/doc/APIchanges
@@ -66,16 +66,16 @@ API changes, most recent first:
2011-06-10 - c381960 - lavfi 2.15.0 - avfilter_get_audio_buffer_ref_from_arrays
Add avfilter_get_audio_buffer_ref_from_arrays() to avfilter.h.
-2011-06-09 - d9f80ea - lavu 51.8.0 - AVMetadata
+2011-06-09 - f9ecb84 / d9f80ea - lavu 51.8.0 - AVMetadata
Move AVMetadata from lavf to lavu and rename it to
AVDictionary -- new installed header dict.h.
All av_metadata_* functions renamed to av_dict_*.
-2011-06-07 - a6703fa - lavu 51.8.0 - av_get_bytes_per_sample()
+2011-06-07 - d552f61 / a6703fa - lavu 51.8.0 - av_get_bytes_per_sample()
Add av_get_bytes_per_sample() in libavutil/samplefmt.h.
Deprecate av_get_bits_per_sample_fmt().
-2011-06-xx - b39b062 - lavu 51.8.0 - opt.h
+2011-06-xx - f956924 / b39b062 - lavu 51.8.0 - opt.h
Add av_opt_free convenience function.
2011-06-06 - 95a0242 - lavfi 2.14.0 - AVFilterBufferRefAudioProps
@@ -105,7 +105,7 @@ API changes, most recent first:
Add av_get_pix_fmt_name() in libavutil/pixdesc.h, and deprecate
avcodec_get_pix_fmt_name() in libavcodec/avcodec.h in its favor.
-2011-05-25 - 30315a8 - lavf 53.3.0 - avformat.h
+2011-05-25 - 39e4206 / 30315a8 - lavf 53.3.0 - avformat.h
Add fps_probe_size to AVFormatContext.
2011-05-22 - 5ecdfd0 - lavf 53.2.0 - avformat.h
@@ -121,10 +121,10 @@ API changes, most recent first:
2011-05-14 - 9fdf772 - lavfi 2.6.0 - avcodec.h
Add avfilter_get_video_buffer_ref_from_frame() to libavfilter/avcodec.h.
-2011-05-18 - 64150ff - lavc 53.7.0 - AVCodecContext.request_sample_fmt
+2011-05-18 - 75a37b5 / 64150ff - lavc 53.7.0 - AVCodecContext.request_sample_fmt
Add request_sample_fmt field to AVCodecContext.
-2011-05-10 - 188dea1 - lavc 53.6.0 - avcodec.h
+2011-05-10 - 59eb12f / 188dea1 - lavc 53.6.0 - avcodec.h
Deprecate AVLPCType and the following fields in
AVCodecContext: lpc_coeff_precision, prediction_order_method,
min_partition_order, max_partition_order, lpc_type, lpc_passes.
@@ -154,81 +154,81 @@ API changes, most recent first:
Add av_dynarray_add function for adding
an element to a dynamic array.
-2011-04-26 - bebe72f - lavu 51.1.0 - avutil.h
+2011-04-26 - d7e5aeb / bebe72f - lavu 51.1.0 - avutil.h
Add AVPictureType enum and av_get_picture_type_char(), deprecate
FF_*_TYPE defines and av_get_pict_type_char() defined in
libavcodec/avcodec.h.
-2011-04-26 - 10d3940 - lavfi 2.3.0 - avfilter.h
+2011-04-26 - d7e5aeb / 10d3940 - lavfi 2.3.0 - avfilter.h
Add pict_type and key_frame fields to AVFilterBufferRefVideo.
-2011-04-26 - 7a11c82 - lavfi 2.2.0 - vsrc_buffer
+2011-04-26 - d7e5aeb / 7a11c82 - lavfi 2.2.0 - vsrc_buffer
Add sample_aspect_ratio fields to vsrc_buffer arguments
-2011-04-21 - 94f7451 - lavc 53.1.0 - avcodec.h
+2011-04-21 - 8772156 / 94f7451 - lavc 53.1.0 - avcodec.h
Add CODEC_CAP_SLICE_THREADS for codecs supporting sliced threading.
2011-04-15 - lavc 52.120.0 - avcodec.h
AVPacket structure got additional members for passing side information:
- 4de339e introduce side information for AVPacket
- 2d8591c make containers pass palette change in AVPacket
+ c407984 / 4de339e introduce side information for AVPacket
+ c407984 / 2d8591c make containers pass palette change in AVPacket
2011-04-12 - lavf 52.107.0 - avio.h
Avio cleanup, part II - deprecate the entire URLContext API:
- 175389c add avio_check as a replacement for url_exist
- ff1ec0c add avio_pause and avio_seek_time as replacements
+ c55780d / 175389c add avio_check as a replacement for url_exist
+ 9891004 / ff1ec0c add avio_pause and avio_seek_time as replacements
for _av_url_read_fseek/fpause
- cdc6a87 deprecate av_protocol_next(), avio_enum_protocols
+ d4d0932 / cdc6a87 deprecate av_protocol_next(), avio_enum_protocols
should be used instead.
- 80c6e23 rename url_set_interrupt_cb->avio_set_interrupt_cb.
- f87b1b3 rename open flags: URL_* -> AVIO_*
- f8270bb add avio_enum_protocols.
- 5593f03 deprecate URLProtocol.
- c486dad deprecate URLContext.
- 026e175 deprecate the typedef for URLInterruptCB
- 8e76a19 deprecate av_register_protocol2.
- b840484 deprecate URL_PROTOCOL_FLAG_NESTED_SCHEME
- 1305d93 deprecate av_url_read_seek
- fa104e1 deprecate av_url_read_pause
- 727c7aa deprecate url_get_filename().
- 5958df3 deprecate url_max_packet_size().
- 1869ea0 deprecate url_get_file_handle().
- 32a97d4 deprecate url_filesize().
- e52a914 deprecate url_close().
- 58a48c6 deprecate url_seek().
- 925e908 deprecate url_write().
- dce3756 deprecate url_read_complete().
- bc371ac deprecate url_read().
- 0589da0 deprecate url_open().
- 62eaaea deprecate url_connect.
- 5652bb9 deprecate url_alloc.
- 333e894 deprecate url_open_protocol
- e230705 deprecate url_poll and URLPollEntry
+ c88caa5 / 80c6e23 rename url_set_interrupt_cb->avio_set_interrupt_cb.
+ c88caa5 / f87b1b3 rename open flags: URL_* -> AVIO_*
+ d4d0932 / f8270bb add avio_enum_protocols.
+ d4d0932 / 5593f03 deprecate URLProtocol.
+ d4d0932 / c486dad deprecate URLContext.
+ d4d0932 / 026e175 deprecate the typedef for URLInterruptCB
+ c88caa5 / 8e76a19 deprecate av_register_protocol2.
+ 11d7841 / b840484 deprecate URL_PROTOCOL_FLAG_NESTED_SCHEME
+ 11d7841 / 1305d93 deprecate av_url_read_seek
+ 11d7841 / fa104e1 deprecate av_url_read_pause
+ 434f248 / 727c7aa deprecate url_get_filename().
+ 434f248 / 5958df3 deprecate url_max_packet_size().
+ 434f248 / 1869ea0 deprecate url_get_file_handle().
+ 434f248 / 32a97d4 deprecate url_filesize().
+ 434f248 / e52a914 deprecate url_close().
+ 434f248 / 58a48c6 deprecate url_seek().
+ 434f248 / 925e908 deprecate url_write().
+ 434f248 / dce3756 deprecate url_read_complete().
+ 434f248 / bc371ac deprecate url_read().
+ 434f248 / 0589da0 deprecate url_open().
+ 434f248 / 62eaaea deprecate url_connect.
+ 434f248 / 5652bb9 deprecate url_alloc.
+ 434f248 / 333e894 deprecate url_open_protocol
+ 434f248 / e230705 deprecate url_poll and URLPollEntry
2011-04-08 - lavf 52.106.0 - avformat.h
Minor avformat.h cleanup:
- a9bf9d8 deprecate av_guess_image2_codec
- c3675df rename avf_sdp_create->av_sdp_create
+ d4d0932 / a9bf9d8 deprecate av_guess_image2_codec
+ d4d0932 / c3675df rename avf_sdp_create->av_sdp_create
2011-04-03 - lavf 52.105.0 - avio.h
Large-scale renaming/deprecating of AVIOContext-related functions:
- 724f6a0 deprecate url_fdopen
- 403ee83 deprecate url_open_dyn_packet_buf
- 6dc7d80 rename url_close_dyn_buf -> avio_close_dyn_buf
- b92c545 rename url_open_dyn_buf -> avio_open_dyn_buf
- 8978fed introduce an AVIOContext.seekable field as a replacement for
+ 2cae980 / 724f6a0 deprecate url_fdopen
+ 2cae980 / 403ee83 deprecate url_open_dyn_packet_buf
+ 2cae980 / 6dc7d80 rename url_close_dyn_buf -> avio_close_dyn_buf
+ 2cae980 / b92c545 rename url_open_dyn_buf -> avio_open_dyn_buf
+ 2cae980 / 8978fed introduce an AVIOContext.seekable field as a replacement for
AVIOContext.is_streamed and url_is_streamed()
- b64030f deprecate get_checksum()
- 4c4427a deprecate init_checksum()
- 4ec153b deprecate udp_set_remote_url/get_local_port
- 933e90a deprecate av_url_read_fseek/fpause
- 8d9769a deprecate url_fileno
- b7f2fdd rename put_flush_packet -> avio_flush
- 35f1023 deprecate url_close_buf
- 83fddae deprecate url_open_buf
- d9d86e0 rename url_fprintf -> avio_printf
- 59f65d9 deprecate url_setbufsize
- 3e68b3b deprecate url_ferror
+ 1caa412 / b64030f deprecate get_checksum()
+ 1caa412 / 4c4427a deprecate init_checksum()
+ 2fd41c9 / 4ec153b deprecate udp_set_remote_url/get_local_port
+ 4fa0e24 / 933e90a deprecate av_url_read_fseek/fpause
+ 4fa0e24 / 8d9769a deprecate url_fileno
+ 0fecf26 / b7f2fdd rename put_flush_packet -> avio_flush
+ 0fecf26 / 35f1023 deprecate url_close_buf
+ 0fecf26 / 83fddae deprecate url_open_buf
+ 0fecf26 / d9d86e0 rename url_fprintf -> avio_printf
+ 0fecf26 / 59f65d9 deprecate url_setbufsize
+ 6947b0c / 3e68b3b deprecate url_ferror
66e5b1d deprecate url_feof
e8bb2e2 deprecate url_fget_max_packet_size
76aa876 rename url_fsize -> avio_size
@@ -250,7 +250,7 @@ API changes, most recent first:
b3db9ce deprecate get_partial_buffer
8d9ac96 rename av_alloc_put_byte -> avio_alloc_context
-2011-03-25 - 34b47d7 - lavc 52.115.0 - AVCodecContext.audio_service_type
+2011-03-25 - 27ef7b1 / 34b47d7 - lavc 52.115.0 - AVCodecContext.audio_service_type
Add audio_service_type field to AVCodecContext.
2011-03-17 - e309fdc - lavu 50.40.0 - pixfmt.h
@@ -288,11 +288,11 @@ API changes, most recent first:
2011-02-10 - 12c14cd - lavf 52.99.0 - AVStream.disposition
Add AV_DISPOSITION_HEARING_IMPAIRED and AV_DISPOSITION_VISUAL_IMPAIRED.
-2011-02-09 - 5592734 - lavc 52.112.0 - avcodec_thread_init()
+2011-02-09 - c0b102c - lavc 52.112.0 - avcodec_thread_init()
Deprecate avcodec_thread_init()/avcodec_thread_free() use; instead
set thread_count before calling avcodec_open.
-2011-02-09 - 778b08a - lavc 52.111.0 - threading API
+2011-02-09 - 37b00b4 - lavc 52.111.0 - threading API
Add CODEC_CAP_FRAME_THREADS with new restrictions on get_buffer()/
release_buffer()/draw_horiz_band() callbacks for appropriate codecs.
Add thread_type and active_thread_type fields to AVCodecContext.
diff --git a/doc/filters.texi b/doc/filters.texi
index b0c8023bac..1ebaac1adf 100644
--- a/doc/filters.texi
+++ b/doc/filters.texi
@@ -82,7 +82,7 @@ Follows a BNF description for the filtergraph syntax:
@var{LINKLABEL} ::= "[" @var{NAME} "]"
@var{LINKLABELS} ::= @var{LINKLABEL} [@var{LINKLABELS}]
@var{FILTER_ARGUMENTS} ::= sequence of chars (eventually quoted)
-@var{FILTER} ::= [@var{LINKNAMES}] @var{NAME} ["=" @var{ARGUMENTS}] [@var{LINKNAMES}]
+@var{FILTER} ::= [@var{LINKLABELS}] @var{NAME} ["=" @var{FILTER_ARGUMENTS}] [@var{LINKLABELS}]
@var{FILTERCHAIN} ::= @var{FILTER} [,@var{FILTERCHAIN}]
@var{FILTERGRAPH} ::= @var{FILTERCHAIN} [;@var{FILTERGRAPH}]
@end example
diff --git a/doc/issue_tracker.txt b/doc/issue_tracker.txt
index a41b8e5044..32a2c8c59c 100644
--- a/doc/issue_tracker.txt
+++ b/doc/issue_tracker.txt
@@ -15,7 +15,7 @@ be properly added to the respective issue.
The subscription URL for the ffmpeg-trac list is:
http(s)://ffmpeg.org/mailman/listinfo/ffmpeg-trac
The URL of the webinterface of the tracker is:
-http(s)://ffmpeg.org/trac/ffmpeg
+http(s)://trac.ffmpeg.org
NOTE: issue = (bug report || patch || feature request)
diff --git a/libavcodec/aacdec.c b/libavcodec/aacdec.c
index 78176d0053..41c4ea262b 100644
--- a/libavcodec/aacdec.c
+++ b/libavcodec/aacdec.c
@@ -183,6 +183,8 @@ static av_cold int che_configure(AACContext *ac,
enum ChannelPosition che_pos[4][MAX_ELEM_ID],
int type, int id, int *channels)
{
+ if (*channels >= MAX_CHANNELS)
+ return AVERROR_INVALIDDATA;
if (che_pos[type][id]) {
if (!ac->che[type][id] && !(ac->che[type][id] = av_mallocz(sizeof(ChannelElement))))
return AVERROR(ENOMEM);
diff --git a/libavcodec/atrac3.c b/libavcodec/atrac3.c
index d80cec41ec..dc1a7e0972 100644
--- a/libavcodec/atrac3.c
+++ b/libavcodec/atrac3.c
@@ -179,8 +179,11 @@ static int decode_bytes(const uint8_t* inbuffer, uint8_t* out, int bytes){
uint32_t* obuf = (uint32_t*) out;
off = (intptr_t)inbuffer & 3;
- buf = (const uint32_t*) (inbuffer - off);
- c = av_be2ne32((0x537F6103 >> (off*8)) | (0x537F6103 << (32-(off*8))));
+ buf = (const uint32_t *)(inbuffer - off);
+ if (off)
+ c = av_be2ne32((0x537F6103U >> (off * 8)) | (0x537F6103U << (32 - (off * 8))));
+ else
+ c = av_be2ne32(0x537F6103U);
bytes += 3 + off;
for (i = 0; i < bytes/4; i++)
obuf[i] = c ^ buf[i];
diff --git a/libavcodec/dfa.c b/libavcodec/dfa.c
index 4ebd1d71c0..aacdecc447 100644
--- a/libavcodec/dfa.c
+++ b/libavcodec/dfa.c
@@ -263,6 +263,8 @@ static int decode_wdlt(uint8_t *frame, int width, int height,
segments = bytestream_get_le16(&src);
}
line_ptr = frame;
+ if (frame_end - frame < width)
+ return AVERROR_INVALIDDATA;
frame += width;
y++;
while (segments--) {
diff --git a/libavcodec/dsputil.c b/libavcodec/dsputil.c
index 0e596b1b01..e7efde3945 100644
--- a/libavcodec/dsputil.c
+++ b/libavcodec/dsputil.c
@@ -1914,7 +1914,7 @@ void ff_set_cmp(DSPContext* c, me_cmp_func *cmp, int type){
static void add_bytes_c(uint8_t *dst, uint8_t *src, int w){
long i;
- for(i=0; i<=w-sizeof(long); i+=sizeof(long)){
+ for(i=0; i<=w-(int)sizeof(long); i+=sizeof(long)){
long a = *(long*)(src+i);
long b = *(long*)(dst+i);
*(long*)(dst+i) = ((a&pb_7f) + (b&pb_7f)) ^ ((a^b)&pb_80);
@@ -1939,7 +1939,7 @@ static void diff_bytes_c(uint8_t *dst, uint8_t *src1, uint8_t *src2, int w){
}
}else
#endif
- for(i=0; i<=w-sizeof(long); i+=sizeof(long)){
+ for(i=0; i<=w-(int)sizeof(long); i+=sizeof(long)){
long a = *(long*)(src1+i);
long b = *(long*)(src2+i);
*(long*)(dst+i) = ((a|pb_80) - (b&pb_7f)) ^ ((a^b^pb_80)&pb_80);
@@ -2836,7 +2836,7 @@ int ff_check_alignment(void){
av_cold void dsputil_init(DSPContext* c, AVCodecContext *avctx)
{
- int i;
+ int i, j;
ff_check_alignment();
@@ -3222,11 +3222,15 @@ av_cold void dsputil_init(DSPContext* c, AVCodecContext *avctx)
if (ARCH_SH4) dsputil_init_sh4 (c, avctx);
if (ARCH_BFIN) dsputil_init_bfin (c, avctx);
- for(i=0; i<64; i++){
- if(!c->put_2tap_qpel_pixels_tab[0][i])
- c->put_2tap_qpel_pixels_tab[0][i]= c->put_h264_qpel_pixels_tab[0][i];
- if(!c->avg_2tap_qpel_pixels_tab[0][i])
- c->avg_2tap_qpel_pixels_tab[0][i]= c->avg_h264_qpel_pixels_tab[0][i];
+ for (i = 0; i < 4; i++) {
+ for (j = 0; j < 16; j++) {
+ if(!c->put_2tap_qpel_pixels_tab[i][j])
+ c->put_2tap_qpel_pixels_tab[i][j] =
+ c->put_h264_qpel_pixels_tab[i][j];
+ if(!c->avg_2tap_qpel_pixels_tab[i][j])
+ c->avg_2tap_qpel_pixels_tab[i][j] =
+ c->avg_h264_qpel_pixels_tab[i][j];
+ }
}
c->put_rv30_tpel_pixels_tab[0][0] = c->put_h264_qpel_pixels_tab[0][0];
diff --git a/libavcodec/ffv1.c b/libavcodec/ffv1.c
index 8fe725f78a..ebf3a57569 100644
--- a/libavcodec/ffv1.c
+++ b/libavcodec/ffv1.c
@@ -522,7 +522,7 @@ static av_always_inline int encode_line(FFV1Context *s, int w,
int run_mode=0;
if(s->ac){
- if(c->bytestream_end - c->bytestream < w*20){
+ if(c->bytestream_end - c->bytestream < w*35){
av_log(s->avctx, AV_LOG_ERROR, "encoded frame too large\n");
return -1;
}
diff --git a/libavcodec/h264.c b/libavcodec/h264.c
index 86d5e5c53b..7bdee39351 100644
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@@ -3890,6 +3890,12 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size){
if(avctx->has_b_frames < 2)
avctx->has_b_frames= !s->low_delay;
+ if (h->sps.bit_depth_luma != h->sps.bit_depth_chroma) {
+ av_log_missing_feature(s->avctx,
+ "Different bit depth between chroma and luma", 1);
+ return AVERROR_PATCHWELCOME;
+ }
+
if (avctx->bits_per_raw_sample != h->sps.bit_depth_luma) {
if (h->sps.bit_depth_luma >= 8 && h->sps.bit_depth_luma <= 10) {
avctx->bits_per_raw_sample = h->sps.bit_depth_luma;
diff --git a/libavcodec/indeo5.c b/libavcodec/indeo5.c
index 15fad5872b..1f454a32c2 100644
--- a/libavcodec/indeo5.c
+++ b/libavcodec/indeo5.c
@@ -804,6 +804,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size,
avctx->release_buffer(avctx, &ctx->frame);
ctx->frame.reference = 0;
+ avcodec_set_dimensions(avctx, ctx->planes[0].width, ctx->planes[0].height);
if (avctx->get_buffer(avctx, &ctx->frame) < 0) {
av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n");
return -1;
diff --git a/libavcodec/j2kdec.c b/libavcodec/j2kdec.c
index 3315a835d7..2b6929d18e 100644
--- a/libavcodec/j2kdec.c
+++ b/libavcodec/j2kdec.c
@@ -28,6 +28,7 @@
#include "avcodec.h"
#include "bytestream.h"
#include "j2k.h"
+#include "libavutil/avassert.h"
#include "libavutil/common.h"
#define JP2_SIG_TYPE 0x6A502020
@@ -283,6 +284,10 @@ static int get_cox(J2kDecoderContext *s, J2kCodingStyle *c)
c->log2_cblk_width = bytestream_get_byte(&s->buf) + 2; // cblk width
c->log2_cblk_height = bytestream_get_byte(&s->buf) + 2; // cblk height
+ if (c->log2_cblk_width > 6 || c->log2_cblk_height > 6) {
+ return AVERROR_PATCHWELCOME;
+ }
+
c->cblk_style = bytestream_get_byte(&s->buf);
if (c->cblk_style != 0){ // cblk style
av_log(s->avctx, AV_LOG_WARNING, "extra cblk styles %X\n", c->cblk_style);
@@ -699,6 +704,9 @@ static int decode_cblk(J2kDecoderContext *s, J2kCodingStyle *codsty, J2kT1Contex
int bpass_csty_symbol = J2K_CBLK_BYPASS & codsty->cblk_style;
int vert_causal_ctx_csty_symbol = J2K_CBLK_VSC & codsty->cblk_style;
+ av_assert0(width <= J2K_MAX_CBLKW);
+ av_assert0(height <= J2K_MAX_CBLKH);
+
for (y = 0; y < height+2; y++)
memset(t1->flags[y], 0, (width+2)*sizeof(int));
diff --git a/libavcodec/parser.c b/libavcodec/parser.c
index ff0842fb5d..e4dc040603 100644
--- a/libavcodec/parser.c
+++ b/libavcodec/parser.c
@@ -279,8 +279,10 @@ int ff_combine_frame(ParseContext *pc, int next, const uint8_t **buf, int *buf_s
if(next == END_NOT_FOUND){
void* new_buffer = av_fast_realloc(pc->buffer, &pc->buffer_size, (*buf_size) + pc->index + FF_INPUT_BUFFER_PADDING_SIZE);
- if(!new_buffer)
+ if(!new_buffer) {
+ pc->index = 0;
return AVERROR(ENOMEM);
+ }
pc->buffer = new_buffer;
memcpy(&pc->buffer[pc->index], *buf, *buf_size);
pc->index += *buf_size;
@@ -293,11 +295,15 @@ int ff_combine_frame(ParseContext *pc, int next, const uint8_t **buf, int *buf_s
/* append to buffer */
if(pc->index){
void* new_buffer = av_fast_realloc(pc->buffer, &pc->buffer_size, next + pc->index + FF_INPUT_BUFFER_PADDING_SIZE);
-
- if(!new_buffer)
+ if(!new_buffer) {
+ pc->overread_index =
+ pc->index = 0;
return AVERROR(ENOMEM);
+ }
pc->buffer = new_buffer;
- memcpy(&pc->buffer[pc->index], *buf, next + FF_INPUT_BUFFER_PADDING_SIZE );
+ if (next > -FF_INPUT_BUFFER_PADDING_SIZE)
+ memcpy(&pc->buffer[pc->index], *buf,
+ next + FF_INPUT_BUFFER_PADDING_SIZE);
pc->index = 0;
*buf= pc->buffer;
}
diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c
index ae932991d3..9afa0932e1 100644
--- a/libavcodec/pngdec.c
+++ b/libavcodec/pngdec.c
@@ -107,7 +107,7 @@ static void png_put_interlaced_row(uint8_t *dst, int width,
static void add_bytes_l2_c(uint8_t *dst, uint8_t *src1, uint8_t *src2, int w)
{
long i;
- for(i=0; i<=w-sizeof(long); i+=sizeof(long)){
+ for(i=0; i<=w-(int)sizeof(long); i+=sizeof(long)){
long a = *(long*)(src1+i);
long b = *(long*)(src2+i);
*(long*)(dst+i) = ((a&pb_7f) + (b&pb_7f)) ^ ((a^b)&pb_80);
diff --git a/libavcodec/qdm2.c b/libavcodec/qdm2.c
index e311afdeee..6f0c896b56 100644
--- a/libavcodec/qdm2.c
+++ b/libavcodec/qdm2.c
@@ -1884,6 +1884,10 @@ static av_cold int qdm2_decode_init(AVCodecContext *avctx)
av_log(avctx, AV_LOG_ERROR, "Unknown FFT order (%d), contact the developers!\n", s->fft_order);
return -1;
}
+ if (s->fft_size != (1 << (s->fft_order - 1))) {
+ av_log(avctx, AV_LOG_ERROR, "FFT size %d not power of 2.\n", s->fft_size);
+ return AVERROR_INVALIDDATA;
+ }
ff_rdft_init(&s->rdft_ctx, s->fft_order, IDFT_C2R);
ff_mpadsp_init(&s->mpadsp);
diff --git a/libavcodec/rpza.c b/libavcodec/rpza.c
index d8082f6d8e..f7240ab330 100644
--- a/libavcodec/rpza.c
+++ b/libavcodec/rpza.c
@@ -83,7 +83,7 @@ static void rpza_decode_stream(RpzaContext *s)
unsigned short *pixels = (unsigned short *)s->frame.data[0];
int row_ptr = 0;
- int pixel_ptr = 0;
+ int pixel_ptr = -4;
int block_ptr;
int pixel_x, pixel_y;
int total_blocks;
@@ -139,6 +139,7 @@ static void rpza_decode_stream(RpzaContext *s)
colorA = AV_RB16 (&s->buf[stream_ptr]);
stream_ptr += 2;
while (n_blocks--) {
+ ADVANCE_BLOCK()
block_ptr = row_ptr + pixel_ptr;
for (pixel_y = 0; pixel_y < 4; pixel_y++) {
for (pixel_x = 0; pixel_x < 4; pixel_x++){
@@ -147,7 +148,6 @@ static void rpza_decode_stream(RpzaContext *s)
}
block_ptr += row_inc;
}
- ADVANCE_BLOCK();
}
break;
@@ -186,6 +186,7 @@ static void rpza_decode_stream(RpzaContext *s)
if (s->size - stream_ptr < n_blocks * 4)
return;
while (n_blocks--) {
+ ADVANCE_BLOCK();
block_ptr = row_ptr + pixel_ptr;
for (pixel_y = 0; pixel_y < 4; pixel_y++) {
index = s->buf[stream_ptr++];
@@ -196,7 +197,6 @@ static void rpza_decode_stream(RpzaContext *s)
}
block_ptr += row_inc;
}
- ADVANCE_BLOCK();
}
break;
@@ -204,6 +204,7 @@ static void rpza_decode_stream(RpzaContext *s)
case 0x00:
if (s->size - stream_ptr < 16)
return;
+ ADVANCE_BLOCK();
block_ptr = row_ptr + pixel_ptr;
for (pixel_y = 0; pixel_y < 4; pixel_y++) {
for (pixel_x = 0; pixel_x < 4; pixel_x++){
@@ -217,7 +218,6 @@ static void rpza_decode_stream(RpzaContext *s)
}
block_ptr += row_inc;
}
- ADVANCE_BLOCK();
break;
/* Unknown opcode */
diff --git a/libavcodec/rv10.c b/libavcodec/rv10.c
index a8f42e351b..17f1357718 100644
--- a/libavcodec/rv10.c
+++ b/libavcodec/rv10.c
@@ -362,6 +362,11 @@ static int rv20_decode_picture_header(MpegEncContext *s)
f= get_bits(&s->gb, av_log2(v)+1);
if(f){
+ if (s->avctx->extradata_size < 8 + 2 * f) {
+ av_log(s->avctx, AV_LOG_ERROR, "Extradata too small.\n");
+ return AVERROR_INVALIDDATA;
+ }
+
new_w= 4*((uint8_t*)s->avctx->extradata)[6+2*f];
new_h= 4*((uint8_t*)s->avctx->extradata)[7+2*f];
}else{
diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c
index 50332aaf68..2f7c13cedc 100644
--- a/libavcodec/shorten.c
+++ b/libavcodec/shorten.c
@@ -78,7 +78,7 @@ typedef struct ShortenContext {
GetBitContext gb;
int min_framesize, max_framesize;
- int channels;
+ unsigned channels;
int32_t *decoded[MAX_CHANNELS];
int32_t *decoded_base[MAX_CHANNELS];
@@ -119,11 +119,11 @@ static int allocate_buffers(ShortenContext *s)
for (chan=0; chan<s->channels; chan++) {
if(FFMAX(1, s->nmean) >= UINT_MAX/sizeof(int32_t)){
av_log(s->avctx, AV_LOG_ERROR, "nmean too large\n");
- return -1;
+ return AVERROR_INVALIDDATA;
}
if(s->blocksize + s->nwrap >= UINT_MAX/sizeof(int32_t) || s->blocksize + s->nwrap <= (unsigned)s->nwrap){
av_log(s->avctx, AV_LOG_ERROR, "s->blocksize + s->nwrap too large\n");
- return -1;
+ return AVERROR_INVALIDDATA;
}
tmp_ptr = av_realloc(s->offset[chan], sizeof(int32_t)*FFMAX(1, s->nmean));
@@ -209,14 +209,14 @@ static int decode_wave_header(AVCodecContext *avctx, uint8_t *header, int header
init_get_bits(&hb, header, header_size*8);
if (get_le32(&hb) != MKTAG('R','I','F','F')) {
av_log(avctx, AV_LOG_ERROR, "missing RIFF tag\n");
- return -1;
+ return AVERROR_INVALIDDATA;
}
skip_bits_long(&hb, 32); /* chunk_size */
if (get_le32(&hb) != MKTAG('W','A','V','E')) {
av_log(avctx, AV_LOG_ERROR, "missing WAVE tag\n");
- return -1;
+ return AVERROR_INVALIDDATA;
}
while (get_le32(&hb) != MKTAG('f','m','t',' ')) {
@@ -227,7 +227,7 @@ static int decode_wave_header(AVCodecContext *avctx, uint8_t *header, int header
if (len < 16) {
av_log(avctx, AV_LOG_ERROR, "fmt chunk was too short\n");
- return -1;
+ return AVERROR_INVALIDDATA;
}
wave_format = get_le16(&hb);
@@ -237,7 +237,7 @@ static int decode_wave_header(AVCodecContext *avctx, uint8_t *header, int header
break;
default:
av_log(avctx, AV_LOG_ERROR, "unsupported wave format\n");
- return -1;
+ return AVERROR(ENOSYS);
}
avctx->channels = get_le16(&hb);
@@ -248,7 +248,7 @@ static int decode_wave_header(AVCodecContext *avctx, uint8_t *header, int header
if (avctx->bits_per_coded_sample != 16) {
av_log(avctx, AV_LOG_ERROR, "unsupported number of bits per sample\n");
- return -1;
+ return AVERROR(ENOSYS);
}
len -= 16;
@@ -342,8 +342,13 @@ static int shorten_decode_frame(AVCodecContext *avctx,
s->internal_ftype = get_uint(s, TYPESIZE);
s->channels = get_uint(s, CHANSIZE);
- if (s->channels > MAX_CHANNELS) {
+ if (!s->channels) {
+ av_log(s->avctx, AV_LOG_ERROR, "No channels reported\n");
+ return AVERROR_INVALIDDATA;
+ }
+ if (s->channels <= 0 || s->channels > MAX_CHANNELS) {
av_log(s->avctx, AV_LOG_ERROR, "too many channels: %d\n", s->channels);
+ s->channels = 0;
return -1;
}
@@ -506,7 +511,7 @@ static int shorten_decode_frame(AVCodecContext *avctx,
s->bitshift = get_ur_golomb_shorten(&s->gb, BITSHIFTSIZE);
break;
case FN_BLOCKSIZE: {
- int blocksize = get_uint(s, av_log2(s->blocksize));
+ unsigned blocksize = get_uint(s, av_log2(s->blocksize));
if (blocksize > s->blocksize) {
av_log(avctx, AV_LOG_ERROR, "Increasing block size is not supported\n");
return AVERROR_PATCHWELCOME;
@@ -534,7 +539,7 @@ frame_done:
av_log(s->avctx, AV_LOG_ERROR, "overread: %d\n", i - buf_size);
s->bitstream_size=0;
s->bitstream_index=0;
- return -1;
+ return AVERROR_INVALIDDATA;
}
if (s->bitstream_size) {
s->bitstream_index += i;
diff --git a/libavcodec/vorbisdec.c b/libavcodec/vorbisdec.c
index b5351229a4..a266cdbc40 100644
--- a/libavcodec/vorbisdec.c
+++ b/libavcodec/vorbisdec.c
@@ -572,6 +572,11 @@ static int vorbis_parse_setup_hdr_floors(vorbis_context *vc)
floor_setup->data.t0.order = get_bits(gb, 8);
floor_setup->data.t0.rate = get_bits(gb, 16);
floor_setup->data.t0.bark_map_size = get_bits(gb, 16);
+ if (floor_setup->data.t0.bark_map_size == 0) {
+ av_log(vc->avccontext, AV_LOG_ERROR,
+ "Floor 0 bark map size is 0.\n");
+ return AVERROR_INVALIDDATA;
+ }
floor_setup->data.t0.amplitude_bits = get_bits(gb, 6);
/* zero would result in a div by zero later *
* 2^0 - 1 == 0 */
diff --git a/libavcodec/wmadec.c b/libavcodec/wmadec.c
index 11740203fb..16ef54e378 100644
--- a/libavcodec/wmadec.c
+++ b/libavcodec/wmadec.c
@@ -85,6 +85,11 @@ static int wma_decode_init(AVCodecContext * avctx)
int i, flags2;
uint8_t *extradata;
+ if (!avctx->block_align) {
+ av_log(avctx, AV_LOG_ERROR, "block_align is not set\n");
+ return AVERROR(EINVAL);
+ }
+
s->avctx = avctx;
/* extract flag infos */
diff --git a/libavcodec/wmaprodec.c b/libavcodec/wmaprodec.c
index 11059a596a..816d95ffc0 100644
--- a/libavcodec/wmaprodec.c
+++ b/libavcodec/wmaprodec.c
@@ -277,6 +277,11 @@ static av_cold int decode_init(AVCodecContext *avctx)
int log2_max_num_subframes;
int num_possible_block_sizes;
+ if (!avctx->block_align) {
+ av_log(avctx, AV_LOG_ERROR, "block_align is not set\n");
+ return AVERROR(EINVAL);
+ }
+
s->avctx = avctx;
dsputil_init(&s->dsp, avctx);
init_put_bits(&s->pb, s->frame_data, MAX_FRAMESIZE);
@@ -1502,8 +1507,11 @@ static int decode_packet(AVCodecContext *avctx,
s->packet_done = 0;
/** sanity check for the buffer length */
- if (buf_size < avctx->block_align)
- return 0;
+ if (buf_size < avctx->block_align) {
+ av_log(avctx, AV_LOG_ERROR, "Input packet too small (%d < %d)\n",
+ buf_size, avctx->block_align);
+ return AVERROR_INVALIDDATA;
+ }
s->next_packet_start = buf_size - avctx->block_align;
buf_size = avctx->block_align;
diff --git a/libavcodec/xxan.c b/libavcodec/xxan.c
index c93ff43663..bc35c9542e 100644
--- a/libavcodec/xxan.c
+++ b/libavcodec/xxan.c
@@ -301,7 +301,7 @@ static int xan_decode_frame_type0(AVCodecContext *avctx, AVPacket *avpkt)
corr_end = avpkt->size;
if (chroma_off > corr_off)
corr_end = chroma_off;
- dec_size = xan_unpack(s->scratch_buffer, s->buffer_size,
+ dec_size = xan_unpack(s->scratch_buffer, s->buffer_size / 2,
avpkt->data + 8 + corr_off,
corr_end - corr_off);
if (dec_size < 0)
diff --git a/libavfilter/avfiltergraph.c b/libavfilter/avfiltergraph.c
index 04768617de..10f5fa856c 100644
--- a/libavfilter/avfiltergraph.c
+++ b/libavfilter/avfiltergraph.c
@@ -23,6 +23,7 @@
#include <ctype.h>
#include <string.h>
+#include "libavutil/avstring.h"
#include "avfilter.h"
#include "avfiltergraph.h"
#include "internal.h"
@@ -163,7 +164,11 @@ static int query_formats(AVFilterGraph *graph, AVClass *log_ctx)
/* couldn't merge format lists. auto-insert scale filter */
snprintf(inst_name, sizeof(inst_name), "auto-inserted scaler %d",
scaler_count++);
- snprintf(scale_args, sizeof(scale_args), "0:0:%s", graph->scale_sws_opts);
+ av_strlcpy(scale_args, "0:0", sizeof(scale_args));
+ if (graph->scale_sws_opts) {
+ av_strlcat(scale_args, ":", sizeof(scale_args));
+ av_strlcat(scale_args, graph->scale_sws_opts, sizeof(scale_args));
+ }
if ((ret = avfilter_graph_create_filter(&scale, avfilter_get_by_name("scale"),
inst_name, scale_args, NULL, graph)) < 0)
return ret;
diff --git a/libavfilter/graphparser.c b/libavfilter/graphparser.c
index 5178eea4c6..1cc8285ad6 100644
--- a/libavfilter/graphparser.c
+++ b/libavfilter/graphparser.c
@@ -121,7 +121,8 @@ static int create_filter(AVFilterContext **filt_ctx, AVFilterGraph *ctx, int ind
return ret;
}
- if (!strcmp(filt_name, "scale") && args && !strstr(args, "flags")) {
+ if (!strcmp(filt_name, "scale") && args && !strstr(args, "flags") &&
+ ctx->scale_sws_opts) {
snprintf(tmp_args, sizeof(tmp_args), "%s:%s",
args, ctx->scale_sws_opts);
args = tmp_args;
diff --git a/libavformat/flacdec.c b/libavformat/flacdec.c
index 3dd3e1f70f..3d2550f54d 100644
--- a/libavformat/flacdec.c
+++ b/libavformat/flacdec.c
@@ -116,11 +116,9 @@ static int flac_read_header(AVFormatContext *s,
static int flac_probe(AVProbeData *p)
{
- uint8_t *bufptr = p->buf;
- uint8_t *end = p->buf + p->buf_size;
-
- if(bufptr > end-4 || memcmp(bufptr, "fLaC", 4)) return 0;
- else return AVPROBE_SCORE_MAX/2;
+ if (p->buf_size < 4 || memcmp(p->buf, "fLaC", 4))
+ return 0;
+ return AVPROBE_SCORE_MAX/2;
}
AVInputFormat ff_flac_demuxer = {
diff --git a/libavformat/iff.c b/libavformat/iff.c
index db988a6ecd..cd5695e9b7 100644
--- a/libavformat/iff.c
+++ b/libavformat/iff.c
@@ -185,6 +185,11 @@ static int iff_read_header(AVFormatContext *s,
break;
case ID_CMAP:
+ if (data_size < 3 || data_size > 768 || data_size % 3) {
+ av_log(s, AV_LOG_ERROR, "Invalid CMAP chunk size %d\n",
+ data_size);
+ return AVERROR_INVALIDDATA;
+ }
st->codec->extradata_size = data_size + IFF_EXTRA_VIDEO_SIZE;
st->codec->extradata = av_malloc(data_size + IFF_EXTRA_VIDEO_SIZE + FF_INPUT_BUFFER_PADDING_SIZE);
if (!st->codec->extradata)
diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index b11f5c31ae..2fe1db5301 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -2028,10 +2028,11 @@ static int matroska_read_seek(AVFormatContext *s, int stream_index,
if (tracks[i].type == MATROSKA_TRACK_TYPE_SUBTITLE
&& !tracks[i].stream->discard != AVDISCARD_ALL) {
index_sub = av_index_search_timestamp(tracks[i].stream, st->index_entries[index].timestamp, AVSEEK_FLAG_BACKWARD);
- if (index_sub >= 0
- && st->index_entries[index_sub].pos < st->index_entries[index_min].pos
- && st->index_entries[index].timestamp - st->index_entries[index_sub].timestamp < 30000000000/matroska->time_scale)
- index_min = index_sub;
+ while(index_sub >= 0
+ && index_min >= 0
+ && tracks[i].stream->index_entries[index_sub].pos < st->index_entries[index_min].pos
+ && st->index_entries[index].timestamp - tracks[i].stream->index_entries[index_sub].timestamp < 30000000000/matroska->time_scale)
+ index_min--;
}
}
diff --git a/libavformat/oggdec.c b/libavformat/oggdec.c
index 88b297f481..e103290056 100644
--- a/libavformat/oggdec.c
+++ b/libavformat/oggdec.c
@@ -518,6 +518,10 @@ static int ogg_read_close(AVFormatContext *s)
for (i = 0; i < ogg->nstreams; i++) {
av_free(ogg->streams[i].buf);
+ if (ogg->streams[i].codec &&
+ ogg->streams[i].codec->cleanup) {
+ ogg->streams[i].codec->cleanup(s, i);
+ }
av_free(ogg->streams[i].private);
}
av_free(ogg->streams);
diff --git a/libavformat/oggdec.h b/libavformat/oggdec.h
index 184a628622..1a702c32d2 100644
--- a/libavformat/oggdec.h
+++ b/libavformat/oggdec.h
@@ -51,6 +51,11 @@ struct ogg_codec {
* 0 if granule is the end time of the associated packet.
*/
int granule_is_start;
+ /**
+ * Number of expected headers
+ */
+ int nb_header;
+ void (*cleanup)(AVFormatContext *s, int idx);
};
struct ogg_stream {
diff --git a/libavformat/oggparsevorbis.c b/libavformat/oggparsevorbis.c
index 86951f3e2f..514ed9ff28 100644
--- a/libavformat/oggparsevorbis.c
+++ b/libavformat/oggparsevorbis.c
@@ -188,6 +188,16 @@ fixup_vorbis_headers(AVFormatContext * as, struct oggvorbis_private *priv,
return offset;
}
+static void vorbis_cleanup(AVFormatContext *s, int idx)
+{
+ struct ogg *ogg = s->priv_data;
+ struct ogg_stream *os = ogg->streams + idx;
+ struct oggvorbis_private *priv = os->private;
+ int i;
+ if (os->private)
+ for (i = 0; i < 3; i++)
+ av_freep(&priv->packet[i]);
+}
static int
vorbis_header (AVFormatContext * s, int idx)
@@ -278,5 +288,7 @@ vorbis_header (AVFormatContext * s, int idx)
const struct ogg_codec ff_vorbis_codec = {
.magic = "\001vorbis",
.magicsize = 7,
- .header = vorbis_header
+ .header = vorbis_header,
+ .cleanup= vorbis_cleanup,
+ .nb_header = 3,
};
diff --git a/libavformat/utils.c b/libavformat/utils.c
index 79381ab485..d90047b199 100644
--- a/libavformat/utils.c
+++ b/libavformat/utils.c
@@ -1897,7 +1897,7 @@ int avformat_seek_file(AVFormatContext *s, int stream_index, int64_t min_ts, int
//Fallback to old API if new is not implemented but old is
//Note the old has somewat different sematics
if(s->iformat->read_seek || 1)
- return av_seek_frame(s, stream_index, ts, flags | (ts - min_ts > (uint64_t)(max_ts - ts) ? AVSEEK_FLAG_BACKWARD : 0));
+ return av_seek_frame(s, stream_index, ts, flags | ((uint64_t)ts - min_ts > (uint64_t)max_ts - ts ? AVSEEK_FLAG_BACKWARD : 0));
// try some generic seek like av_seek_frame_generic() but with new ts semantics
}
@@ -2739,6 +2739,7 @@ void avformat_free_context(AVFormatContext *s)
av_free_packet(&st->cur_pkt);
}
av_dict_free(&st->metadata);
+ av_freep(&st->probe_data.buf);
av_freep(&st->index_entries);
av_freep(&st->codec->extradata);
av_freep(&st->codec->subtitle_header);
diff --git a/libavutil/lzo.c b/libavutil/lzo.c
index 8407d7d376..d2e86bc30a 100644
--- a/libavutil/lzo.c
+++ b/libavutil/lzo.c
@@ -119,9 +119,8 @@ static inline void memcpy_backptr(uint8_t *dst, int back, int cnt);
* thus creating a repeating pattern with a period length of back.
*/
static inline void copy_backptr(LZOContext *c, int back, int cnt) {
- register const uint8_t *src = &c->out[-back];
register uint8_t *dst = c->out;
- if (src < c->out_start || src > dst) {
+ if (dst - c->out_start < back) {
c->error |= AV_LZO_INVALID_BACKPTR;
return;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-21 22:52:57 +0000