diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2013-09-22 17:31:56 +0200 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2013-09-22 17:35:20 +0200 |
| commit | 49d597f058a9f3a09d272e711d636f5e6829920e (patch) | |
| tree | 0cd8a9554564f8a23afa954782d34a1447b4904b | |
| parent | 44ebb2556d099c8103247b7c2b60eab399f300af (diff) | |
| parent | 9c713f30e4913a28d93eb37ea5db7f62be4c0ef6 (diff) | |
| download | ffmpeg-49d597f058a9f3a09d272e711d636f5e6829920e.tar.gz | |
Merge commit '9c713f30e4913a28d93eb37ea5db7f62be4c0ef6' into release/0.8
* commit '9c713f30e4913a28d93eb37ea5db7f62be4c0ef6':
parser: fix large overreads
dsputil: fix invalid array indexing
shorten: use the unsigned type where needed
Merged-by: Michael Niedermayer <michaelni@gmx.at>
| -rw-r--r-- | libavcodec/dsputil.c | 16 | ||||
| -rw-r--r-- | libavcodec/parser.c | 4 | ||||
| -rw-r--r-- | libavcodec/shorten.c | 8 |
3 files changed, 19 insertions, 9 deletions
diff --git a/libavcodec/dsputil.c b/libavcodec/dsputil.c index 0e596b1b01..89b0d5871e 100644 --- a/libavcodec/dsputil.c +++ b/libavcodec/dsputil.c @@ -2836,7 +2836,7 @@ int ff_check_alignment(void){ av_cold void dsputil_init(DSPContext* c, AVCodecContext *avctx) { - int i; + int i, j; ff_check_alignment(); @@ -3222,11 +3222,15 @@ av_cold void dsputil_init(DSPContext* c, AVCodecContext *avctx) if (ARCH_SH4) dsputil_init_sh4 (c, avctx); if (ARCH_BFIN) dsputil_init_bfin (c, avctx); - for(i=0; i<64; i++){ - if(!c->put_2tap_qpel_pixels_tab[0][i]) - c->put_2tap_qpel_pixels_tab[0][i]= c->put_h264_qpel_pixels_tab[0][i]; - if(!c->avg_2tap_qpel_pixels_tab[0][i]) - c->avg_2tap_qpel_pixels_tab[0][i]= c->avg_h264_qpel_pixels_tab[0][i]; + for (i = 0; i < 4; i++) { + for (j = 0; j < 16; j++) { + if(!c->put_2tap_qpel_pixels_tab[i][j]) + c->put_2tap_qpel_pixels_tab[i][j] = + c->put_h264_qpel_pixels_tab[i][j]; + if(!c->avg_2tap_qpel_pixels_tab[i][j]) + c->avg_2tap_qpel_pixels_tab[i][j] = + c->avg_h264_qpel_pixels_tab[i][j]; + } } c->put_rv30_tpel_pixels_tab[0][0] = c->put_h264_qpel_pixels_tab[0][0]; diff --git a/libavcodec/parser.c b/libavcodec/parser.c index d4a6126611..7f18a26631 100644 --- a/libavcodec/parser.c +++ b/libavcodec/parser.c @@ -260,7 +260,9 @@ int ff_combine_frame(ParseContext *pc, int next, const uint8_t **buf, int *buf_s if(!new_buffer) return AVERROR(ENOMEM); pc->buffer = new_buffer; - memcpy(&pc->buffer[pc->index], *buf, next + FF_INPUT_BUFFER_PADDING_SIZE ); + if (next > -FF_INPUT_BUFFER_PADDING_SIZE) + memcpy(&pc->buffer[pc->index], *buf, + next + FF_INPUT_BUFFER_PADDING_SIZE); pc->index = 0; *buf= pc->buffer; } diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c index 628dd2f385..2f7c13cedc 100644 --- a/libavcodec/shorten.c +++ b/libavcodec/shorten.c @@ -78,7 +78,7 @@ typedef struct ShortenContext { GetBitContext gb; int min_framesize, max_framesize; - int channels; + unsigned channels; int32_t *decoded[MAX_CHANNELS]; int32_t *decoded_base[MAX_CHANNELS]; @@ -342,6 +342,10 @@ static int shorten_decode_frame(AVCodecContext *avctx, s->internal_ftype = get_uint(s, TYPESIZE); s->channels = get_uint(s, CHANSIZE); + if (!s->channels) { + av_log(s->avctx, AV_LOG_ERROR, "No channels reported\n"); + return AVERROR_INVALIDDATA; + } if (s->channels <= 0 || s->channels > MAX_CHANNELS) { av_log(s->avctx, AV_LOG_ERROR, "too many channels: %d\n", s->channels); s->channels = 0; @@ -507,7 +511,7 @@ static int shorten_decode_frame(AVCodecContext *avctx, s->bitshift = get_ur_golomb_shorten(&s->gb, BITSHIFTSIZE); break; case FN_BLOCKSIZE: { - int blocksize = get_uint(s, av_log2(s->blocksize)); + unsigned blocksize = get_uint(s, av_log2(s->blocksize)); if (blocksize > s->blocksize) { av_log(avctx, AV_LOG_ERROR, "Increasing block size is not supported\n"); return AVERROR_PATCHWELCOME; |