diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2013-02-21 03:28:00 +0100 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2013-02-21 03:28:00 +0100 |
| commit | a92cdd8963459d108d701ea7a77a4e2074278276 (patch) | |
| tree | 02b8bc86af730a88834ad084dba71cd1fbbeda48 | |
| parent | f86da592c3399c749442d8e70d9aef346dac3464 (diff) | |
| parent | dfeef3a209ecb3dcf01a1ad14e7fc4586e630e93 (diff) | |
| download | ffmpeg-a92cdd8963459d108d701ea7a77a4e2074278276.tar.gz | |
Merge branch 'release/0.8' into release/0.7
* release/0.8:
cook: check js_subband_start for validity
avcodec_align_dimensions2: Ensure cinepak has large enough buffers.
Update for 0.8.14
qdm2: increase noise_table size
wma: check byte_offset_bits
tiff: check bppcount
vqavideo: fix return type
Conflicts:
Doxyfile
RELEASE
VERSION
Merged-by: Michael Niedermayer <michaelni@gmx.at>
| -rw-r--r-- | libavcodec/cook.c | 5 | ||||
| -rw-r--r-- | libavcodec/qdm2_tablegen.h | 2 | ||||
| -rw-r--r-- | libavcodec/tiff.c | 5 | ||||
| -rw-r--r-- | libavcodec/utils.c | 13 | ||||
| -rw-r--r-- | libavcodec/vqavideo.c | 4 | ||||
| -rw-r--r-- | libavcodec/wma.c | 4 |
6 files changed, 27 insertions, 6 deletions
diff --git a/libavcodec/cook.c b/libavcodec/cook.c index a5da74efcc..14614c9316 100644 --- a/libavcodec/cook.c +++ b/libavcodec/cook.c @@ -1086,6 +1086,11 @@ static av_cold int cook_decode_init(AVCodecContext *avctx) if (extradata_size >= 8){ bytestream_get_be32(&edata_ptr); //Unknown unused q->subpacket[s].js_subband_start = bytestream_get_be16(&edata_ptr); + if (q->subpacket[s].js_subband_start >= 51) { + av_log(avctx, AV_LOG_ERROR, "js_subband_start %d is too large\n", q->subpacket[s].js_subband_start); + return AVERROR_INVALIDDATA; + } + q->subpacket[s].js_vlc_bits = bytestream_get_be16(&edata_ptr); extradata_size -= 8; } diff --git a/libavcodec/qdm2_tablegen.h b/libavcodec/qdm2_tablegen.h index f215b15ffc..38adb97dc5 100644 --- a/libavcodec/qdm2_tablegen.h +++ b/libavcodec/qdm2_tablegen.h @@ -37,7 +37,7 @@ #include "libavcodec/qdm2_tables.h" #else static uint16_t softclip_table[HARDCLIP_THRESHOLD - SOFTCLIP_THRESHOLD + 1]; -static float noise_table[4096]; +static float noise_table[4096 + 20]; static uint8_t random_dequant_index[256][5]; static uint8_t random_dequant_type24[128][3]; static float noise_samples[128]; diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c index 2ca6d5ca62..d26135ecda 100644 --- a/libavcodec/tiff.c +++ b/libavcodec/tiff.c @@ -360,6 +360,11 @@ static int tiff_decode_tag(TiffContext *s, const uint8_t *start, const uint8_t * "Samples per pixel requires a single value, many provided\n"); return AVERROR_INVALIDDATA; } + if (value > 4U) { + av_log(s->avctx, AV_LOG_ERROR, + "Samples per pixel %d is too large\n", value); + return AVERROR_INVALIDDATA; + } if (s->bppcount == 1) s->bpp *= value; s->bppcount = value; diff --git a/libavcodec/utils.c b/libavcodec/utils.c index 0098e2bdbb..8eca9c67eb 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -177,9 +177,10 @@ void avcodec_align_dimensions2(AVCodecContext *s, int *width, int *height, int l case PIX_FMT_PAL8: case PIX_FMT_BGR8: case PIX_FMT_RGB8: - if(s->codec_id == CODEC_ID_SMC){ - w_align=4; - h_align=4; + if (s->codec_id == CODEC_ID_SMC || + s->codec_id == CODEC_ID_CINEPAK) { + w_align = 4; + h_align = 4; } break; case PIX_FMT_BGR24: @@ -188,6 +189,12 @@ void avcodec_align_dimensions2(AVCodecContext *s, int *width, int *height, int l h_align=4; } break; + case PIX_FMT_RGB24: + if (s->codec_id == CODEC_ID_CINEPAK) { + w_align = 4; + h_align = 4; + } + break; default: w_align= 1; h_align= 1; diff --git a/libavcodec/vqavideo.c b/libavcodec/vqavideo.c index 6e1ce6c0d2..e7b2cae26a 100644 --- a/libavcodec/vqavideo.c +++ b/libavcodec/vqavideo.c @@ -529,7 +529,7 @@ static void vqa_decode_chunk(VqaContext *s) if (chunk_size > MAX_CODEBOOK_SIZE - s->next_codebook_buffer_index) { av_log(s->avctx, AV_LOG_ERROR, "cbp0 chunk too large (0x%X bytes)\n", chunk_size); - return AVERROR_INVALIDDATA; + return; } /* accumulate partial codebook */ @@ -557,7 +557,7 @@ static void vqa_decode_chunk(VqaContext *s) if (chunk_size > MAX_CODEBOOK_SIZE - s->next_codebook_buffer_index) { av_log(s->avctx, AV_LOG_ERROR, "cbpz chunk too large (0x%X bytes)\n", chunk_size); - return AVERROR_INVALIDDATA; + return; } /* accumulate partial codebook */ diff --git a/libavcodec/wma.c b/libavcodec/wma.c index feb121b591..2e8ac979a5 100644 --- a/libavcodec/wma.c +++ b/libavcodec/wma.c @@ -177,6 +177,10 @@ int ff_wma_init(AVCodecContext *avctx, int flags2) bps = (float)s->bit_rate / (float)(s->nb_channels * s->sample_rate); s->byte_offset_bits = av_log2((int)(bps * s->frame_len / 8.0 + 0.5)) + 2; + if (s->byte_offset_bits + 3 > MIN_CACHE_BITS) { + av_log(avctx, AV_LOG_ERROR, "byte_offset_bits %d is too large\n", s->byte_offset_bits); + return AVERROR_PATCHWELCOME; + } /* compute high frequency value and choose if noise coding should be activated */ |