diff options
| author | Michael Niedermayer <[email protected]> | 2011-11-06 01:50:29 +0100 |
|---|---|---|
| committer | Michael Niedermayer <[email protected]> | 2011-11-06 01:50:29 +0100 |
| commit | 603a282f8ff1a84677fc0279b6d83e4a23729675 (patch) | |
| tree | 08060d5f3901ac2b7373f0d97854d457519956ee /libavformat | |
| parent | 39c8434bced9a860388628e624170665ddff0e44 (diff) | |
| parent | 973d752dfbfb3286c6494f99744f386b98fda4d7 (diff) | |
Merge remote-tracking branch 'qatar/release/0.6' into release/0.6
* qatar/release/0.6:
update version
Release notes and changelog for 0.6.3
Fix memory (re)allocation in matroskadec.c, related to MSVR-11-0080.
cavs: fix some crashes with invalid bitstreams
libvo-aacenc: Sync up with 0.7.2
Fix MMX rgb24 to yuv conversion with gcc 4.6
oggdec: prevent heap corruption.
Fix ff_imdct_calc_sse() on gcc-4.6
backport libvo-aacenc wrapper for aac encoding
Conflicts:
Changelog
VERSION
Merged-by: Michael Niedermayer <[email protected]>
Diffstat (limited to 'libavformat')
| -rw-r--r-- | libavformat/matroskadec.c | 37 | ||||
| -rw-r--r-- | libavformat/oggdec.c | 10 |
2 files changed, 34 insertions, 13 deletions
diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index e254a31416..9745585ca5 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -759,11 +759,15 @@ static int ebml_parse_elem(MatroskaDemuxContext *matroska, uint32_t id = syntax->id; uint64_t length; int res; + void *newelem; data = (char *)data + syntax->data_offset; if (syntax->list_elem_size) { EbmlList *list = data; - list->elem = av_realloc(list->elem, (list->nb_elem+1)*syntax->list_elem_size); + newelem = av_realloc(list->elem, (list->nb_elem+1)*syntax->list_elem_size); + if (!newelem) + return AVERROR(ENOMEM); + list->elem = newelem; data = (char*)list->elem + list->nb_elem*syntax->list_elem_size; memset(data, 0, syntax->list_elem_size); list->nb_elem++; @@ -883,6 +887,7 @@ static int matroska_decode_buffer(uint8_t** buf, int* buf_size, uint8_t* data = *buf; int isize = *buf_size; uint8_t* pkt_data = NULL; + uint8_t* newpktdata; int pkt_size = isize; int result = 0; int olen; @@ -909,7 +914,12 @@ static int matroska_decode_buffer(uint8_t** buf, int* buf_size, zstream.avail_in = isize; do { pkt_size *= 3; - pkt_data = av_realloc(pkt_data, pkt_size); + newpktdata = av_realloc(pkt_data, pkt_size); + if (!newpktdata) { + inflateEnd(&zstream); + goto failed; + } + pkt_data = newpktdata; zstream.avail_out = pkt_size - zstream.total_out; zstream.next_out = pkt_data + zstream.total_out; result = inflate(&zstream, Z_NO_FLUSH); @@ -930,7 +940,12 @@ static int matroska_decode_buffer(uint8_t** buf, int* buf_size, bzstream.avail_in = isize; do { pkt_size *= 3; - pkt_data = av_realloc(pkt_data, pkt_size); + newpktdata = av_realloc(pkt_data, pkt_size); + if (!newpktdata) { + BZ2_bzDecompressEnd(&bzstream); + goto failed; + } + pkt_data = newpktdata; bzstream.avail_out = pkt_size - bzstream.total_out_lo32; bzstream.next_out = pkt_data + bzstream.total_out_lo32; result = BZ2_bzDecompress(&bzstream); @@ -985,13 +1000,17 @@ static void matroska_fix_ass_packet(MatroskaDemuxContext *matroska, } } -static void matroska_merge_packets(AVPacket *out, AVPacket *in) +static int matroska_merge_packets(AVPacket *out, AVPacket *in) { - out->data = av_realloc(out->data, out->size+in->size); + void *newdata = av_realloc(out->data, out->size+in->size); + if (!newdata) + return AVERROR(ENOMEM); + out->data = newdata; memcpy(out->data+out->size, in->data, in->size); out->size += in->size; av_destruct_packet(in); av_free(in); + return 0; } static void matroska_convert_tag(AVFormatContext *s, EbmlList *list, @@ -1494,11 +1513,13 @@ static int matroska_deliver_packet(MatroskaDemuxContext *matroska, memcpy(pkt, matroska->packets[0], sizeof(AVPacket)); av_free(matroska->packets[0]); if (matroska->num_packets > 1) { + void *newpackets; memmove(&matroska->packets[0], &matroska->packets[1], (matroska->num_packets - 1) * sizeof(AVPacket *)); - matroska->packets = - av_realloc(matroska->packets, (matroska->num_packets - 1) * - sizeof(AVPacket *)); + newpackets = av_realloc(matroska->packets, + (matroska->num_packets - 1) * sizeof(AVPacket *)); + if (newpackets) + matroska->packets = newpackets; } else { av_freep(&matroska->packets); } diff --git a/libavformat/oggdec.c b/libavformat/oggdec.c index 3161e68c6c..76b28ab212 100644 --- a/libavformat/oggdec.c +++ b/libavformat/oggdec.c @@ -577,20 +577,19 @@ ogg_read_close (AVFormatContext * s) } -static int64_t -ogg_read_timestamp (AVFormatContext * s, int stream_index, int64_t * pos_arg, - int64_t pos_limit) +static int64_t ogg_read_timestamp (AVFormatContext * s, int stream_index, + int64_t * pos_arg, int64_t pos_limit) { struct ogg *ogg = s->priv_data; - struct ogg_stream *os = ogg->streams + stream_index; ByteIOContext *bc = s->pb; int64_t pts = AV_NOPTS_VALUE; - int i; + int i = -1; url_fseek(bc, *pos_arg, SEEK_SET); ogg_reset(ogg); while (url_ftell(bc) < pos_limit && !ogg_packet(s, &i, NULL, NULL, pos_arg)) { if (i == stream_index) { + struct ogg_stream *os = ogg->streams + stream_index; pts = ogg_calc_pts(s, i, NULL); if (os->keyframe_seek && !(os->pflags & AV_PKT_FLAG_KEY)) pts = AV_NOPTS_VALUE; @@ -615,6 +614,7 @@ static int ogg_read_seek(AVFormatContext *s, int stream_index, int64_t timestamp os->keyframe_seek = 1; ret = av_seek_frame_binary(s, stream_index, timestamp, flags); + os = ogg->streams + stream_index; if (ret < 0) os->keyframe_seek = 0; return ret; |