diff options
| author | Michael Niedermayer <[email protected]> | 2013-09-22 17:43:33 +0200 |
|---|---|---|
| committer | Michael Niedermayer <[email protected]> | 2013-09-22 17:43:33 +0200 |
| commit | 9b0736c08ac59ae5da598ef32e9165ddf5c3f645 (patch) | |
| tree | 5754125f2b943c08708b94e111b55e8af597ab0c | |
| parent | 70a1182a484402fc893d7fe4530d7bb9d636524a (diff) | |
| parent | 3197a9c4fa46972077e12065047c3d52ef4b40f6 (diff) | |
Merge remote-tracking branch 'qatar/release/0.7' into release/0.8
* qatar/release/0.7:
Update changelog for 0.7.8 release
aac: check the maximum number of channels
oggdec: fix faulty cleanup prototype
qdm2: check that the FFT size is a power of 2
rv10: check that extradata is large enough
lavf: make sure stream probe data gets freed.
dfa: check for invalid access in decode_wdlt().
avfiltergraph: check for sws opts being non-NULL before using them.
Conflicts:
Changelog
libavformat/utils.c
Merged-by: Michael Niedermayer <[email protected]>
| -rw-r--r-- | libavcodec/aacdec.c | 2 | ||||
| -rw-r--r-- | libavcodec/dfa.c | 2 | ||||
| -rw-r--r-- | libavcodec/qdm2.c | 4 | ||||
| -rw-r--r-- | libavcodec/rv10.c | 5 | ||||
| -rw-r--r-- | libavfilter/avfiltergraph.c | 7 | ||||
| -rw-r--r-- | libavfilter/graphparser.c | 3 | ||||
| -rw-r--r-- | libavformat/oggparsevorbis.c | 2 | ||||
| -rw-r--r-- | libavformat/utils.c | 1 |
8 files changed, 23 insertions, 3 deletions
diff --git a/libavcodec/aacdec.c b/libavcodec/aacdec.c index 78176d0053..41c4ea262b 100644 --- a/libavcodec/aacdec.c +++ b/libavcodec/aacdec.c @@ -183,6 +183,8 @@ static av_cold int che_configure(AACContext *ac, enum ChannelPosition che_pos[4][MAX_ELEM_ID], int type, int id, int *channels) { + if (*channels >= MAX_CHANNELS) + return AVERROR_INVALIDDATA; if (che_pos[type][id]) { if (!ac->che[type][id] && !(ac->che[type][id] = av_mallocz(sizeof(ChannelElement)))) return AVERROR(ENOMEM); diff --git a/libavcodec/dfa.c b/libavcodec/dfa.c index 4ebd1d71c0..aacdecc447 100644 --- a/libavcodec/dfa.c +++ b/libavcodec/dfa.c @@ -263,6 +263,8 @@ static int decode_wdlt(uint8_t *frame, int width, int height, segments = bytestream_get_le16(&src); } line_ptr = frame; + if (frame_end - frame < width) + return AVERROR_INVALIDDATA; frame += width; y++; while (segments--) { diff --git a/libavcodec/qdm2.c b/libavcodec/qdm2.c index e311afdeee..6f0c896b56 100644 --- a/libavcodec/qdm2.c +++ b/libavcodec/qdm2.c @@ -1884,6 +1884,10 @@ static av_cold int qdm2_decode_init(AVCodecContext *avctx) av_log(avctx, AV_LOG_ERROR, "Unknown FFT order (%d), contact the developers!\n", s->fft_order); return -1; } + if (s->fft_size != (1 << (s->fft_order - 1))) { + av_log(avctx, AV_LOG_ERROR, "FFT size %d not power of 2.\n", s->fft_size); + return AVERROR_INVALIDDATA; + } ff_rdft_init(&s->rdft_ctx, s->fft_order, IDFT_C2R); ff_mpadsp_init(&s->mpadsp); diff --git a/libavcodec/rv10.c b/libavcodec/rv10.c index a8f42e351b..17f1357718 100644 --- a/libavcodec/rv10.c +++ b/libavcodec/rv10.c @@ -362,6 +362,11 @@ static int rv20_decode_picture_header(MpegEncContext *s) f= get_bits(&s->gb, av_log2(v)+1); if(f){ + if (s->avctx->extradata_size < 8 + 2 * f) { + av_log(s->avctx, AV_LOG_ERROR, "Extradata too small.\n"); + return AVERROR_INVALIDDATA; + } + new_w= 4*((uint8_t*)s->avctx->extradata)[6+2*f]; new_h= 4*((uint8_t*)s->avctx->extradata)[7+2*f]; }else{ diff --git a/libavfilter/avfiltergraph.c b/libavfilter/avfiltergraph.c index 04768617de..10f5fa856c 100644 --- a/libavfilter/avfiltergraph.c +++ b/libavfilter/avfiltergraph.c @@ -23,6 +23,7 @@ #include <ctype.h> #include <string.h> +#include "libavutil/avstring.h" #include "avfilter.h" #include "avfiltergraph.h" #include "internal.h" @@ -163,7 +164,11 @@ static int query_formats(AVFilterGraph *graph, AVClass *log_ctx) /* couldn't merge format lists. auto-insert scale filter */ snprintf(inst_name, sizeof(inst_name), "auto-inserted scaler %d", scaler_count++); - snprintf(scale_args, sizeof(scale_args), "0:0:%s", graph->scale_sws_opts); + av_strlcpy(scale_args, "0:0", sizeof(scale_args)); + if (graph->scale_sws_opts) { + av_strlcat(scale_args, ":", sizeof(scale_args)); + av_strlcat(scale_args, graph->scale_sws_opts, sizeof(scale_args)); + } if ((ret = avfilter_graph_create_filter(&scale, avfilter_get_by_name("scale"), inst_name, scale_args, NULL, graph)) < 0) return ret; diff --git a/libavfilter/graphparser.c b/libavfilter/graphparser.c index 5178eea4c6..1cc8285ad6 100644 --- a/libavfilter/graphparser.c +++ b/libavfilter/graphparser.c @@ -121,7 +121,8 @@ static int create_filter(AVFilterContext **filt_ctx, AVFilterGraph *ctx, int ind return ret; } - if (!strcmp(filt_name, "scale") && args && !strstr(args, "flags")) { + if (!strcmp(filt_name, "scale") && args && !strstr(args, "flags") && + ctx->scale_sws_opts) { snprintf(tmp_args, sizeof(tmp_args), "%s:%s", args, ctx->scale_sws_opts); args = tmp_args; diff --git a/libavformat/oggparsevorbis.c b/libavformat/oggparsevorbis.c index f276a131af..514ed9ff28 100644 --- a/libavformat/oggparsevorbis.c +++ b/libavformat/oggparsevorbis.c @@ -188,7 +188,7 @@ fixup_vorbis_headers(AVFormatContext * as, struct oggvorbis_private *priv, return offset; } -static int vorbis_cleanup(AVFormatContext *s, int idx) +static void vorbis_cleanup(AVFormatContext *s, int idx) { struct ogg *ogg = s->priv_data; struct ogg_stream *os = ogg->streams + idx; diff --git a/libavformat/utils.c b/libavformat/utils.c index ccc7540e96..3b4ea46a99 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -2670,6 +2670,7 @@ void avformat_free_context(AVFormatContext *s) av_free_packet(&st->cur_pkt); } av_dict_free(&st->metadata); + av_freep(&st->probe_data.buf); av_freep(&st->index_entries); av_freep(&st->codec->extradata); av_freep(&st->codec->subtitle_header); |