Luca Barbato
e6cf47ee9e
8bps: Bound-check the input buffer
...
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit bd7b4da0f4
2013-08-24 15:43:13 +02:00
Luca Barbato
f8602ef717
4xm: Reject not a multiple of 16 dimension
...
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 2f034f255c
2013-08-24 15:13:01 +02:00
Luca Barbato
a5bdec1c75
alsdec: Clean up error paths
...
Fix at least a memory leak.
CC: libav-stable@libav.org
(cherry picked from commit ca488ad480
2013-08-24 12:18:17 +02:00
Luca Barbato
dcbfba3bb6
alsdec: Fix the clipping range
...
mcc_weightings is only 32 elements.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 70ecc175c7
2013-08-24 12:18:08 +02:00
Luca Barbato
068bc633f2
dsicinav: Clip the source size to the expected maximum
...
A packet larger than cin->bitmap_size does not make sense.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit fd81899321
2013-08-24 12:17:39 +02:00
Luca Barbato
95275723ae
dsicinav: Bound-check the source buffer when needed
...
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit dd0bfc3a6a
2013-08-24 12:17:28 +02:00
Luca Barbato
47cb05d783
dsicinav: K&R formatting cosmetics
...
(cherry picked from commit fcae3ff124
2013-08-24 12:17:24 +02:00
Martin Storsjö
9680f84a31
ac3dec: Don't consume more data than the actual input packet size
...
This was handled properly in the normal return case at the end
of the function, but not in this special case.
Returning a value larger than the input packet size can cause
problems for certain library users.
Returning the actual input buffer size unconditionally, since
it is not guaranteed that frame_size is set to a sensible
value at this point.
Cc: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 8f24c12be7
2013-08-24 12:11:57 +02:00
Luca Barbato
505415b985
indeo: Reject impossible FRAMETYPE_NULL
...
A frame marked FRAMETYPE_NULL cannot be scalable and requires a
previous frame successfully decoded.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 5b2a29552c
2013-08-24 12:11:57 +02:00
Luca Barbato
d55f7a174d
indeo: Do not reference mismatched tiles
...
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit f9e5261cab
2013-08-24 12:11:57 +02:00
Luca Barbato
fbbe487b1c
indeo: Sanitize ff_ivi_init_planes fail paths
...
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 28dda8a691
2013-08-24 12:11:57 +02:00
Luca Barbato
cf738340d0
indeo5: return proper error codes
...
(cherry picked from commit b0eeb9d442
2013-08-24 12:11:52 +02:00
Luca Barbato
861526bbd1
indeo: Bound-check before applying motion compensation
...
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 25a6666f6c
2013-08-24 12:09:02 +02:00
Luca Barbato
7514868cb0
indeo: Bound-check before applying transform
...
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit dc79685195
2013-08-24 12:09:02 +02:00
Luca Barbato
4ec5c35850
indeo4: Validate scantable dimension
...
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit cd78e934c2
2013-08-24 12:09:02 +02:00
Luca Barbato
be71990da6
indeo4: Check the quantization matrix index
...
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 6255ccf7d5
2013-08-24 12:08:59 +02:00
Luca Barbato
99d82a07e7
indeo4: Do not access missing reference MV
...
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 8435bca087
2013-08-24 12:03:47 +02:00
Martin Storsjö
96f9b18497
ac3dec: Increment channel pointers only once per channel
...
If the channel mapping map multiple output channels to one
input channel, we should only increment the actual pointer once.
Cc: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 68e57cde68
2013-08-24 12:03:47 +02:00
Luca Barbato
c03533ace2
dca: Respect the current limits in the downmixing capabilities
...
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 3802833bc1
2013-08-24 12:03:43 +02:00
Luca Barbato
423ce8830e
dca: Error out on missing DSYNC
...
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit f261e50845
2013-08-24 11:51:26 +02:00
Luca Barbato
5e46ad33eb
pcm: always use codec->id instead of codec_id
...
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit c82da343e6
2013-08-24 11:50:52 +02:00
Luca Barbato
cbc1212499
mlpdec: Do not set invalid context in read_restart_header
...
The faulty values rippled further down the codepath causing a
hard-to-track segfault in the assembly code.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit e9d394f3fa
2013-08-24 11:49:01 +02:00
Luca Barbato
64867f3cb5
pcx: Do not overread source buffer in pcx_rle_decode
...
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 3abde1a3b4
2013-08-24 11:45:56 +02:00
Luca Barbato
d6a65735f9
wmavoice: conceal clearly corrupted blocks
...
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit d14a26edb7
2013-08-24 11:39:15 +02:00
Luca Barbato
c4e2758eec
iff: Do not read over the source buffer
...
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 7d65e960c7
2013-08-24 11:38:48 +02:00
Luca Barbato
9f1c3cd5ad
qdm2: Conceal broken samples
...
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 4ecdb5ed44
2013-08-24 11:34:04 +02:00
Luca Barbato
160910acdb
qdm2: refactor joined stereo support
...
qdm2 does support only two channels. Loop over the run once.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit adadc3f244
2013-08-24 11:33:45 +02:00
Luca Barbato
c02d4c1a98
adpcm: Write the correct number of samples for ima-dk4
...
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 12576afe20
2013-08-24 11:33:21 +02:00
Luca Barbato
6d2a92c467
imc: Catch a division by zero
...
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit bbf6a4aa20
2013-08-24 11:32:58 +02:00
Luca Barbato
aa99cb15f6
atrac3: Error on impossible encoding/channel combinations
...
Joint stereo encoded mono is impossible.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 50cf5a7fb7
2013-08-24 11:32:37 +02:00
Luca Barbato
67a8a1c202
atrac3: set the getbits context the right buffer_end
...
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 22e76ec635
2013-08-24 11:32:26 +02:00
Luca Barbato
8f3fe7c696
atrac3: fix error handling
...
decode_tonal_components returns a proper AVERROR.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 874c8a17ac
2013-08-24 11:32:15 +02:00
Luca Barbato
64bcb5d350
qdm2: check and reset dithering index per channel
...
Checking per subband would have the index exceed the
dithering noise table size.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 744a11c996
2013-08-24 11:28:11 +02:00
Luca Barbato
998a0389d3
qdm2: formatting cosmetics
...
Apply the usual style plus drop few unnecessary return at the end
of void functions.
(cherry picked from commit 76efedeadb
2013-08-24 11:28:11 +02:00
Luca Barbato
86eec54c94
qdm2: use init_static_data
...
(cherry picked from commit f054e309c5
2013-08-24 11:28:11 +02:00
Luca Barbato
fb1823e178
vqavideo: check the version
...
Prevent out of buffer write.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit c4abc9098c
2013-08-24 11:28:07 +02:00
Luca Barbato
258eea3f2e
kmvc: Clip pixel position to valid range
...
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 4e7f0b082d
2013-07-06 15:06:31 +02:00
Luca Barbato
1c2bd6fe5f
kmvc: use fixed sized arrays in the context
...
Avoid some boilerplate code to dynamically allocate and then free the
buffers.
(cherry picked from commit 8f68977054
2013-07-06 15:06:31 +02:00
Luca Barbato
73d5d7acb0
indeo: reject negative array indexes
...
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 6a10142faa
2013-07-06 15:06:31 +02:00
Luca Barbato
80d73b4ada
indeo: Cosmetic formatting
...
Trim some overly long lines.
(cherry picked from commit 6dfacd7ab1
2013-07-06 15:06:31 +02:00
Luca Barbato
b9892e1813
indeo: Refactor ff_ivi_init_tiles and ivi_decode_blocks
...
Spin large and mostly self contained blocks into stand alone
functions.
(cherry picked from commit 62256010e9
2013-07-06 15:06:31 +02:00
Luca Barbato
d76480e6ba
indeo: Refactor ff_ivi_dec_huff_desc
...
Spare an indentation level.
(cherry picked from commit f6f36ca8ca
2013-07-06 15:06:31 +02:00
Luca Barbato
33388299fb
indeo: use a typedef for the mc function pointer
...
(cherry picked from commit e6d8acf6a8
2013-07-06 15:06:31 +02:00
Luca Barbato
d8dab6c3b8
indeo: use proper error code
...
(cherry picked from commit dd3754a488
2013-07-06 15:06:31 +02:00
Luca Barbato
5f7944a308
indeo: check for reference when inheriting mvs
...
The same is done already for qdelta.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit b36e1893ef
2013-07-04 22:06:13 +02:00
Luca Barbato
f518fa6bee
indeo: use proper error code
...
(cherry picked from commit dd3754a488
2013-07-04 22:05:48 +02:00
Luca Barbato
51a23b0e95
indeo: Properly forward the error codes
...
If the tile data size does not match the buffer size it did not
return an AVERROR_INVALIDDATA causing futher corruption later.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 7388c0c586
2013-07-04 22:05:15 +02:00
Luca Barbato
2cdc976320
mjpeg: Check the unescaped size for overflows
...
And contextually check init_get_bits success and fix the reporting
message.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 6765ee7b9c
2013-06-30 16:03:27 +02:00
Luca Barbato
efcfd50c9f
wmapro: error out on impossible scale factor offsets
...
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 02ec656af7
2013-06-30 16:03:27 +02:00
Luca Barbato
8bd0372937
wmapro: check the min_samples_per_subframe
...
Must be at least WMAPRO_BLOCK_MIN_SIZE.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit d4a217a408
2013-06-30 16:03:27 +02:00
