Projects
Essentials
A_tw-ffmpeg-2
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 3
View file
ffmpeg-2.changes
Changed
@@ -1,12 +1,12 @@ ------------------------------------------------------------------- -Sun Oct 1 15:36:25 UTC 2023 - Manfred Hollstein <manfred.h@gmx.net> +Tue Dec 12 12:12:12 UTC 2023 - olaf@aepfle.de -- Add ffmpeg-x86-mathops.patch +- Version update to 2.8.22 ------------------------------------------------------------------- -Fri Mar 3 03:03:03 UTC 2023 - olaf@aepfle.de +Sun Oct 1 15:36:25 UTC 2023 - Manfred Hollstein <manfred.h@gmx.net> -- Version update to 2.8.21 +- Add ffmpeg-x86-mathops.patch ------------------------------------------------------------------- Mon Feb 11 21:43:44 UTC 2019 - bjorn.lie@gmail.com
View file
ffmpeg-2.spec
Changed
@@ -54,7 +54,7 @@ %define _major_version 2 %define _major_expected 3 Name: ffmpeg-2 -Version: 2.8.21 +Version: 2.8.22 Release: 0 Summary: Library for working with various multimedia formats License: LGPL-2.1-or-later AND GPL-2.0-or-later
View file
_service
Changed
@@ -1,7 +1,7 @@ <services> <service name="tar_scm" mode="disabled"> <param name="filename">ffmpeg-2</param> - <param name="revision">dc8ad5cbcdae23dbc51af1ffd4a4bb5ce7e097a3</param> + <param name="revision">25b3a5ef00605b37f34d49007f5c463bc6882687</param> <param name="scm">git</param> <param name="submodules">disable</param> <param name="url">https://git.ffmpeg.org/ffmpeg.git</param>
View file
ffmpeg-2-2.8.21.tar.xz/CREDITS -> ffmpeg-2-2.8.22.tar.xz/CREDITS
Changed
@@ -1,6 +1,6 @@ -See the Git history of the project (git://source.ffmpeg.org/ffmpeg) to +See the Git history of the project (https://git.ffmpeg.org/ffmpeg) to get the names of people who have contributed to FFmpeg. To check the log, you can type the command "git log" in the FFmpeg source directory, or browse the online repository at -http://source.ffmpeg.org. +https://git.ffmpeg.org/ffmpeg
View file
ffmpeg-2-2.8.21.tar.xz/Changelog -> ffmpeg-2-2.8.22.tar.xz/Changelog
Changed
@@ -1,6 +1,75 @@ Entries are sorted chronologically from oldest to youngest within each release, releases are sorted from youngest to oldest. +2.8.22: + avformat/rtsp: Use rtsp_st->stream_index + avcodec/jpeg2000dec: Check image offset + Update for FFmpeg 2.8.22 + avcodec/xvididct: Make c* unsigned to avoid undefined overflows + avformat/tmv: Check video chunk size + avformat/matroskadec: Check prebuffered_ns for overflow + avformat/wavdec: Check left avio_tell for overflow + avformat/tta: Better totalframes check + avformat/rpl: Check for number_of_chunks overflow + avformat/jacosubdec: Check timeres + avcodec/escape124: Do not return random numbers + avformat/avs: Check if return code is representable + avcodec/lcldec: Make PNG filter addressing match the code afterwards + avformat/westwood_vqa: Check chunk size + avformat/sbgdec: Check for period overflow + avcodec/xvididct: Fix integer overflow in idct_row() + avcodec/celp_math: avoid overflow in shift + avformat/format: Stop reading data at EOF during probing + avcodec/huffyuvdec: avoid undefined behavior with get_vlc2() failure + avcodec/mpeg4videodec: more unsigned in amv computation + avcodec/tta: fix signed overflow in decorrelate + avcodec/xvididct: Fix integer overflow in idct_row() + avcodec/jpeg2000dec: Check for reduction factor and image offset + avutil/softfloat: Basic documentation for av_sincos_sf() + avutil/softfloat: fix av_sincos_sf() + avcodec/utils: fix 2 integer overflows in get_audio_frame_duration() + avcodec/hevcdec: Avoid null pointer dereferences in MC + avcodec: Ignoring errors is only possible before the input end + avformat/wavdec: Check that smv block fits in available space + avcodec/tak: Check remaining bits in ff_tak_decode_frame_header() + avcodec/utils: the IFF_ILBM implementation assumes that there are a multiple of 16 allocated + avcodec/pngdec: Do not pass AVFrame into global header decode + avcodec/vorbisdec: Check codebook float values to be finite + avcodec/lcldec: More space for rgb24 + avcodec/lcldec: Support 4:1:1 and 4:2:2 with odd width + libavcodec/lcldec: width and height should not be unsigned + avcodec/escape124: Check that blocks are allocated before use + avcodec/huffyuvdec: Fix undefined behavior with shift + avcodec/vp3: Check width to avoid assertion failure + avcodec/g729postfilter: Limit shift in long term filter + configure: update copyright year + avcodec/vp3: Add missing check for av_malloc + avcodec/escape124: Fix some return codes + avcodec/escape124: fix signdness of end of input check + Use https for repository links + avcodec/motionpixels: Mask pixels to valid values + avcodec/bink: Avoid undefined out of array end pointers in binkb_decode_plane() + avcodec/bink: Fix off by 1 error in ref end + avcodec/utils: Ensure linesize for SVQ3 + avcodec/utils: allocate a line more for VC1 and WMV3 + avcodec/videodsp_template: Adjust pointers to avoid undefined pointer things + avcodec/pngdec: Check deloco index more exactly + avcodec/ffv1dec: Check that num h/v slices is supported + avformat/mov: Check samplesize and offset to avoid integer overflow + avcodec/pictordec: Remove mid exit branch + avcodec/utils: use 32pixel alignment for bink + avcodec/012v: Order operations for odd size handling + avcodec/eatgq: : Check index increments in tgq_decode_block() + avcodec/sunrast: Fix maplength check + avcodec/wavpack: Avoid undefined shift in get_tail() + avformat/id3v2: Check taglen in read_uslt() + avcodec/ffv1dec: restructure slice coordinate reading a bit + avcodec/mlpdec: Check max matrix instead of max channel in noise check + swscale/input: Use more unsigned intermediates + avcodec/alsdec: The minimal block is at least 7 bits + avformat/replaygain: avoid undefined / negative abs + avcodec/ffv1dec: Fail earlier if prior context is corrupted + version 2.8.21: avformat/rmdec: check tag_size avformat/nutdec: Check fields
View file
ffmpeg-2-2.8.21.tar.xz/RELEASE -> ffmpeg-2-2.8.22.tar.xz/RELEASE
Changed
@@ -1,1 +1,1 @@ -2.8.21 +2.8.22
View file
ffmpeg-2-2.8.21.tar.xz/configure -> ffmpeg-2-2.8.22.tar.xz/configure
Changed
@@ -6144,7 +6144,7 @@ #define FFMPEG_CONFIG_H #define FFMPEG_CONFIGURATION "$(c_escape $FFMPEG_CONFIGURATION)" #define FFMPEG_LICENSE "$(c_escape $license)" -#define CONFIG_THIS_YEAR 2022 +#define CONFIG_THIS_YEAR 2023 #define FFMPEG_DATADIR "$(eval c_escape $datadir)" #define AVCONV_DATADIR "$(eval c_escape $datadir)" #define CC_IDENT "$(c_escape ${cc_ident:-Unknown compiler})"
View file
ffmpeg-2-2.8.21.tar.xz/doc/Doxyfile -> ffmpeg-2-2.8.22.tar.xz/doc/Doxyfile
Changed
@@ -31,7 +31,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 2.8.21 +PROJECT_NUMBER = 2.8.22 # With the PROJECT_LOGO tag one can specify a logo or icon that is included # in the documentation. The maximum height of the logo should not exceed 55
View file
ffmpeg-2-2.8.21.tar.xz/doc/authors.texi -> ffmpeg-2-2.8.22.tar.xz/doc/authors.texi
Changed
@@ -3,9 +3,9 @@ The FFmpeg developers. For details about the authorship, see the Git history of the project -(git://source.ffmpeg.org/ffmpeg), e.g. by typing the command +(https://git.ffmpeg.org/ffmpeg), e.g. by typing the command @command{git log} in the FFmpeg source directory, or browsing the -online repository at @url{http://source.ffmpeg.org}. +online repository at @url{https://git.ffmpeg.org/ffmpeg}. Maintainers for the specific components are listed in the file @file{MAINTAINERS} in the source code tree.
View file
ffmpeg-2-2.8.21.tar.xz/doc/git-howto.texi -> ffmpeg-2-2.8.22.tar.xz/doc/git-howto.texi
Changed
@@ -53,7 +53,7 @@ @section Cloning the source tree @example -git clone git://source.ffmpeg.org/ffmpeg <target> +git clone https://git.ffmpeg.org/ffmpeg.git <target> @end example This will put the FFmpeg sources into the directory @var{<target>}.
View file
ffmpeg-2-2.8.21.tar.xz/libavcodec/012v.c -> ffmpeg-2-2.8.22.tar.xz/libavcodec/012v.c
Changed
@@ -131,8 +131,8 @@ u = x/2 + (uint16_t *)(pic->data1 + line * pic->linesize1); v = x/2 + (uint16_t *)(pic->data2 + line * pic->linesize2); memcpy(y, y_temp, sizeof(*y) * (width - x)); - memcpy(u, u_temp, sizeof(*u) * (width - x + 1) / 2); - memcpy(v, v_temp, sizeof(*v) * (width - x + 1) / 2); + memcpy(u, u_temp, sizeof(*u) * ((width - x + 1) / 2)); + memcpy(v, v_temp, sizeof(*v) * ((width - x + 1) / 2)); } line_end += stride;
View file
ffmpeg-2-2.8.21.tar.xz/libavcodec/alsdec.c -> ffmpeg-2-2.8.22.tar.xz/libavcodec/alsdec.c
Changed
@@ -1013,7 +1013,7 @@ *bd->shift_lsbs = 0; - if (get_bits_left(gb) < 1) + if (get_bits_left(gb) < 7) return AVERROR_INVALIDDATA; // read block type flag and read the samples accordingly
View file
ffmpeg-2-2.8.21.tar.xz/libavcodec/bink.c -> ffmpeg-2-2.8.22.tar.xz/libavcodec/bink.c
Changed
@@ -825,7 +825,7 @@ binkb_init_bundles(c); ref_start = frame->dataplane_idx; - ref_end = frame->dataplane_idx + (bh * frame->linesizeplane_idx + bw) * 8; + ref_end = frame->dataplane_idx + ((bh - 1) * frame->linesizeplane_idx + bw - 1) * 8; for (i = 0; i < 64; i++) coordmapi = (i & 7) + (i >> 3) * stride; @@ -879,7 +879,7 @@ xoff = binkb_get_value(c, BINKB_SRC_X_OFF); yoff = binkb_get_value(c, BINKB_SRC_Y_OFF) + ybias; ref = dst + xoff + yoff * stride; - if (ref < ref_start || ref + 8*stride > ref_end) { + if (ref < ref_start || ref > ref_end) { av_log(c->avctx, AV_LOG_WARNING, "Reference block is out of bounds\n"); } else if (ref + 8*stride < dst || ref >= dst + 8*stride) { c->hdsp.put_pixels_tab10(dst, ref, stride, 8); @@ -895,7 +895,7 @@ xoff = binkb_get_value(c, BINKB_SRC_X_OFF); yoff = binkb_get_value(c, BINKB_SRC_Y_OFF) + ybias; ref = dst + xoff + yoff * stride; - if (ref < ref_start || ref + 8 * stride > ref_end) { + if (ref < ref_start || ref > ref_end) { av_log(c->avctx, AV_LOG_WARNING, "Reference block is out of bounds\n"); } else if (ref + 8*stride < dst || ref >= dst + 8*stride) { c->hdsp.put_pixels_tab10(dst, ref, stride, 8); @@ -925,7 +925,7 @@ xoff = binkb_get_value(c, BINKB_SRC_X_OFF); yoff = binkb_get_value(c, BINKB_SRC_Y_OFF) + ybias; ref = dst + xoff + yoff * stride; - if (ref < ref_start || ref + 8 * stride > ref_end) { + if (ref < ref_start || ref > ref_end) { av_log(c->avctx, AV_LOG_WARNING, "Reference block is out of bounds\n"); } else if (ref + 8*stride < dst || ref >= dst + 8*stride) { c->hdsp.put_pixels_tab10(dst, ref, stride, 8);
View file
ffmpeg-2-2.8.21.tar.xz/libavcodec/celp_math.h -> ffmpeg-2-2.8.22.tar.xz/libavcodec/celp_math.h
Changed
@@ -68,7 +68,7 @@ * * @return value << offset, if offset>=0; value >> -offset - otherwise */ -static inline int bidir_sal(int value, int offset) +static inline unsigned bidir_sal(unsigned value, int offset) { if(offset < 0) return value >> -offset; else return value << offset;
View file
ffmpeg-2-2.8.21.tar.xz/libavcodec/eatgq.c -> ffmpeg-2-2.8.22.tar.xz/libavcodec/eatgq.c
Changed
@@ -58,7 +58,7 @@ return 0; } -static void tgq_decode_block(TgqContext *s, int16_t block64, GetBitContext *gb) +static int tgq_decode_block(TgqContext *s, int16_t block64, GetBitContext *gb) { uint8_t *perm = s->scantable.permutated; int i, j, value; @@ -66,6 +66,8 @@ for (i = 1; i < 64;) { switch (show_bits(gb, 3)) { case 4: + if (i >= 63) + return AVERROR_INVALIDDATA; blockpermi++ = 0; case 0: blockpermi++ = 0; @@ -75,6 +77,8 @@ case 1: skip_bits(gb, 2); value = get_bits(gb, 6); + if (value > 64 - i) + return AVERROR_INVALIDDATA; for (j = 0; j < value; j++) blockpermi++ = 0; break; @@ -102,6 +106,7 @@ } } block0 += 128 << 4; + return 0; } static void tgq_idct_put_mb(TgqContext *s, int16_t (*block)64, AVFrame *frame, @@ -161,8 +166,11 @@ if (ret < 0) return ret; - for (i = 0; i < 6; i++) - tgq_decode_block(s, s->blocki, &gb); + for (i = 0; i < 6; i++) { + int ret = tgq_decode_block(s, s->blocki, &gb); + if (ret < 0) + return ret; + } tgq_idct_put_mb(s, s->block, frame, mb_x, mb_y); bytestream2_skip(&s->gb, mode); } else {
View file
ffmpeg-2-2.8.21.tar.xz/libavcodec/escape124.c -> ffmpeg-2-2.8.22.tar.xz/libavcodec/escape124.c
Changed
@@ -89,11 +89,6 @@ unsigned i, j; CodeBook cb = { 0 }; - if (size >= INT_MAX / 34 || get_bits_left(gb) < size * 34) - return cb; - - if (size >= INT_MAX / sizeof(MacroBlock)) - return cb; cb.blocks = av_malloc(size ? size * sizeof(MacroBlock) : 1); if (!cb.blocks) return cb; @@ -163,7 +158,7 @@ // This condition can occur with invalid bitstreams and // *codebook_index == 2 - if (block_index >= s->codebooks*codebook_index.size) + if (block_index >= s->codebooks*codebook_index.size || !s->codebooks*codebook_index.blocks) return (MacroBlock) { { 0 } }; return s->codebooks*codebook_index.blocksblock_index; @@ -227,7 +222,7 @@ // represent a lower bound of the space needed for skipped superblocks. Non // skipped SBs need more space. if (get_bits_left(&gb) < 64 + s->num_superblocks * 23LL / 4320) - return -1; + return AVERROR_INVALIDDATA; frame_flags = get_bits_long(&gb, 32); frame_size = get_bits_long(&gb, 32); @@ -244,7 +239,7 @@ if ((ret = av_frame_ref(frame, s->frame)) < 0) return ret; - return frame_size; + return 0; } for (i = 0; i < 3; i++) { @@ -273,9 +268,14 @@ } } av_freep(&s->codebooksi.blocks); + if (cb_size >= INT_MAX / 34 || get_bits_left(&gb) < (int)cb_size * 34) + return AVERROR_INVALIDDATA; + + if (cb_size >= INT_MAX / sizeof(MacroBlock)) + return AVERROR_INVALIDDATA; s->codebooksi = unpack_codebook(&gb, cb_depth, cb_size); if (!s->codebooksi.blocks) - return -1; + return AVERROR(ENOMEM); } } @@ -368,7 +368,7 @@ *got_frame = 1; - return frame_size; + return 0; }
View file
ffmpeg-2-2.8.21.tar.xz/libavcodec/ffv1dec.c -> ffmpeg-2-2.8.22.tar.xz/libavcodec/ffv1dec.c
Changed
@@ -284,24 +284,31 @@ RangeCoder *c = &fs->c; uint8_t stateCONTEXT_SIZE; unsigned ps, i, context_count; + int sx, sy, sw, sh; + memset(state, 128, sizeof(state)); + sx = get_symbol(c, state, 0); + sy = get_symbol(c, state, 0); + sw = get_symbol(c, state, 0) + 1U; + sh = get_symbol(c, state, 0) + 1U; av_assert0(f->version > 2); - fs->slice_x = get_symbol(c, state, 0) * f->width ; - fs->slice_y = get_symbol(c, state, 0) * f->height; - fs->slice_width = (get_symbol(c, state, 0) + 1) * f->width + fs->slice_x; - fs->slice_height = (get_symbol(c, state, 0) + 1) * f->height + fs->slice_y; - - fs->slice_x /= f->num_h_slices; - fs->slice_y /= f->num_v_slices; - fs->slice_width = fs->slice_width /f->num_h_slices - fs->slice_x; - fs->slice_height = fs->slice_height/f->num_v_slices - fs->slice_y; - if ((unsigned)fs->slice_width > f->width || (unsigned)fs->slice_height > f->height) - return -1; - if ( (unsigned)fs->slice_x + (uint64_t)fs->slice_width > f->width - || (unsigned)fs->slice_y + (uint64_t)fs->slice_height > f->height) - return -1; + + if (sx < 0 || sy < 0 || sw <= 0 || sh <= 0) + return AVERROR_INVALIDDATA; + if (sx > f->num_h_slices - sw || sy > f->num_v_slices - sh) + return AVERROR_INVALIDDATA; + + fs->slice_x = sx * (int64_t)f->width / f->num_h_slices; + fs->slice_y = sy * (int64_t)f->height / f->num_v_slices; + fs->slice_width = (sx + sw) * (int64_t)f->width / f->num_h_slices - fs->slice_x; + fs->slice_height = (sy + sh) * (int64_t)f->height / f->num_v_slices - fs->slice_y; + + av_assert0((unsigned)fs->slice_width <= f->width && + (unsigned)fs->slice_height <= f->height); + av_assert0 ( (unsigned)fs->slice_x + (uint64_t)fs->slice_width <= f->width + && (unsigned)fs->slice_y + (uint64_t)fs->slice_height <= f->height); for (i = 0; i < f->plane_count; i++) { PlaneContext * const p = &fs->planei; @@ -416,8 +423,11 @@ } if ((ret = ff_ffv1_init_slice_state(f, fs)) < 0) return ret; - if (f->cur->key_frame || fs->slice_reset_contexts) + if (f->cur->key_frame || fs->slice_reset_contexts) { ff_ffv1_clear_slice_state(f, fs); + } else if (fs->slice_damaged) { + return AVERROR_INVALIDDATA; + } width = fs->slice_width; height = fs->slice_height; @@ -569,6 +579,11 @@ return AVERROR_INVALIDDATA; } + if (f->num_h_slices > MAX_SLICES / f->num_v_slices) { + av_log(f->avctx, AV_LOG_ERROR, "slice count unsupported\n"); + return AVERROR_PATCHWELCOME; + } + f->quant_table_count = get_symbol(c, state, 0); if (f->quant_table_count > (unsigned)MAX_QUANT_TABLES || !f->quant_table_count) { av_log(f->avctx, AV_LOG_ERROR, "quant table count %d is invalid\n", f->quant_table_count); @@ -814,21 +829,25 @@ fs->slice_damaged = 0; if (f->version == 2) { - fs->slice_x = get_symbol(c, state, 0) * f->width ; - fs->slice_y = get_symbol(c, state, 0) * f->height; - fs->slice_width = (get_symbol(c, state, 0) + 1) * f->width + fs->slice_x; - fs->slice_height = (get_symbol(c, state, 0) + 1) * f->height + fs->slice_y; - - fs->slice_x /= f->num_h_slices; - fs->slice_y /= f->num_v_slices; - fs->slice_width = fs->slice_width / f->num_h_slices - fs->slice_x; - fs->slice_height = fs->slice_height / f->num_v_slices - fs->slice_y; - if ((unsigned)fs->slice_width > f->width || - (unsigned)fs->slice_height > f->height) + int sx = get_symbol(c, state, 0); + int sy = get_symbol(c, state, 0); + int sw = get_symbol(c, state, 0) + 1U; + int sh = get_symbol(c, state, 0) + 1U; + + if (sx < 0 || sy < 0 || sw <= 0 || sh <= 0) return AVERROR_INVALIDDATA; - if ( (unsigned)fs->slice_x + (uint64_t)fs->slice_width > f->width - || (unsigned)fs->slice_y + (uint64_t)fs->slice_height > f->height) + if (sx > f->num_h_slices - sw || sy > f->num_v_slices - sh) return AVERROR_INVALIDDATA; + + fs->slice_x = sx * (int64_t)f->width / f->num_h_slices; + fs->slice_y = sy * (int64_t)f->height / f->num_v_slices; + fs->slice_width = (sx + sw) * (int64_t)f->width / f->num_h_slices - fs->slice_x; + fs->slice_height = (sy + sh) * (int64_t)f->height / f->num_v_slices - fs->slice_y; + + av_assert0((unsigned)fs->slice_width <= f->width && + (unsigned)fs->slice_height <= f->height); + av_assert0 ( (unsigned)fs->slice_x + (uint64_t)fs->slice_width <= f->width + && (unsigned)fs->slice_y + (uint64_t)fs->slice_height <= f->height); } for (i = 0; i < f->plane_count; i++) {
View file
ffmpeg-2-2.8.21.tar.xz/libavcodec/g729postfilter.c -> ffmpeg-2-2.8.22.tar.xz/libavcodec/g729postfilter.c
Changed
@@ -347,7 +347,7 @@ if (tmp > 0) L_temp0 >>= tmp; else - L_temp1 >>= -tmp; + L_temp1 >>= FFMIN(-tmp, 31); /* Check if longer filter increases the values of R'(k). */ if (L_temp1 > L_temp0) { @@ -574,7 +574,7 @@ int16_t ff_g729_adaptive_gain_control(int gain_before, int gain_after, int16_t *speech, int subframe_size, int16_t gain_prev) { - int gain; // (3.12) + unsigned gain; // (3.12) int n; int exp_before, exp_after; @@ -596,7 +596,7 @@ gain = ((gain_before - gain_after) << 14) / gain_after + 0x4000; gain = bidir_sal(gain, exp_after - exp_before); } - gain = av_clip_int16(gain); + gain = FFMIN(gain, 32767); gain = (gain * G729_AGC_FAC1 + 0x4000) >> 15; // gain * (1-0.9875) } else gain = 0;
View file
ffmpeg-2-2.8.21.tar.xz/libavcodec/h263dec.c -> ffmpeg-2-2.8.22.tar.xz/libavcodec/h263dec.c
Changed
@@ -289,7 +289,7 @@ ff_er_add_slice(&s->er, s->resync_mb_x, s->resync_mb_y, s->mb_x, s->mb_y, ER_MB_ERROR & part_mask); - if (s->avctx->err_recognition & AV_EF_IGNORE_ERR) + if ((s->avctx->err_recognition & AV_EF_IGNORE_ERR) && get_bits_left(&s->gb) > 0) continue; return AVERROR_INVALIDDATA; }
View file
ffmpeg-2-2.8.21.tar.xz/libavcodec/hevc.c -> ffmpeg-2-2.8.22.tar.xz/libavcodec/hevc.c
Changed
@@ -1749,13 +1749,13 @@ if (current_mv.pred_flag & PF_L0) { ref0 = refPicList0.refcurrent_mv.ref_idx0; - if (!ref0) + if (!ref0 || !ref0->frame->data0) return; hevc_await_progress(s, ref0, ¤t_mv.mv0, y0, nPbH); } if (current_mv.pred_flag & PF_L1) { ref1 = refPicList1.refcurrent_mv.ref_idx1; - if (!ref1) + if (!ref1 || !ref1->frame->data0) return; hevc_await_progress(s, ref1, ¤t_mv.mv1, y0, nPbH); }
View file
ffmpeg-2-2.8.21.tar.xz/libavcodec/huffyuvdec.c -> ffmpeg-2-2.8.22.tar.xz/libavcodec/huffyuvdec.c
Changed
@@ -685,9 +685,9 @@ /* TODO instead of restarting the read when the code isn't in the first level * of the joint table, jump into the 2nd level of the individual table. */ #define READ_2PIX_PLANE16(dst0, dst1, plane){\ - dst0 = get_vlc2(&s->gb, s->vlcplane.table, VLC_BITS, 3)<<2;\ + dst0 = get_vlc2(&s->gb, s->vlcplane.table, VLC_BITS, 3)*4;\ dst0 += get_bits(&s->gb, 2);\ - dst1 = get_vlc2(&s->gb, s->vlcplane.table, VLC_BITS, 3)<<2;\ + dst1 = get_vlc2(&s->gb, s->vlcplane.table, VLC_BITS, 3)*4;\ dst1 += get_bits(&s->gb, 2);\ } static void decode_plane_bitstream(HYuvContext *s, int width, int plane) @@ -745,7 +745,7 @@ } } if( width&1 && get_bits_left(&s->gb)>0 ) { - int dst = get_vlc2(&s->gb, s->vlcplane.table, VLC_BITS, 3)<<2; + int dst = (unsigned)get_vlc2(&s->gb, s->vlcplane.table, VLC_BITS, 3)<<2; s->temp160width-1 = dst + get_bits(&s->gb, 2); } }
View file
ffmpeg-2-2.8.21.tar.xz/libavcodec/jpeg2000dec.c -> ffmpeg-2-2.8.22.tar.xz/libavcodec/jpeg2000dec.c
Changed
@@ -308,6 +308,16 @@ return AVERROR_INVALIDDATA; } + if (s->image_offset_x >= s->width || s->image_offset_y >= s->height) { + av_log(s->avctx, AV_LOG_ERROR, "image offsets outside image"); + return AVERROR_INVALIDDATA; + } + + if (s->reduction_factor && (s->image_offset_x || s->image_offset_y) ){ + av_log(s->avctx, AV_LOG_ERROR, "reduction factor with image offsets is not fully implemented"); + return AVERROR_PATCHWELCOME; + } + s->ncomponents = ncomponents; if (s->tile_width <= 0 || s->tile_height <= 0) {
View file
ffmpeg-2-2.8.21.tar.xz/libavcodec/lcldec.c -> ffmpeg-2-2.8.22.tar.xz/libavcodec/lcldec.c
Changed
@@ -151,6 +151,8 @@ if (expected != (unsigned int)c->zstream.total_out) { av_log(avctx, AV_LOG_ERROR, "Decoded size differs (%d != %lu)\n", expected, c->zstream.total_out); + if (expected > (unsigned int)c->zstream.total_out) + return (unsigned int)c->zstream.total_out; return AVERROR_UNKNOWN; } return c->zstream.total_out; @@ -173,8 +175,8 @@ int row, col; unsigned char *encoded = avpkt->data, *outptr; uint8_t *y_out, *u_out, *v_out; - unsigned int width = avctx->width; // Real image width - unsigned int height = avctx->height; // Real image height + int width = avctx->width; // Real image width + int height = avctx->height; // Real image height unsigned int mszh_dlen; unsigned char yq, y1q, uq, vq; int uqvq, ret; @@ -232,16 +234,19 @@ break; case COMP_MSZH_NOCOMP: { int bppx2; + int aligned_width = width; switch (c->imgtype) { case IMGTYPE_YUV111: case IMGTYPE_RGB24: bppx2 = 6; break; case IMGTYPE_YUV422: + aligned_width &= ~3; case IMGTYPE_YUV211: bppx2 = 4; break; case IMGTYPE_YUV411: + aligned_width &= ~3; case IMGTYPE_YUV420: bppx2 = 3; break; @@ -249,7 +254,7 @@ bppx2 = 0; // will error out below break; } - if (len < ((width * height * bppx2) >> 1)) + if (len < ((aligned_width * height * bppx2) >> 1)) return AVERROR_INVALIDDATA; break; } @@ -281,12 +286,13 @@ ret = zlib_decomp(avctx, buf + 8 + mthread_inlen, len - 8 - mthread_inlen, mthread_outlen, mthread_outlen); if (ret < 0) return ret; + len = c->decomp_size; } else { int ret = zlib_decomp(avctx, buf, len, 0, c->decomp_size); if (ret < 0) return ret; + len = ret; } encoded = c->decomp_buf; - len = c->decomp_size; break; #endif default: @@ -314,8 +320,8 @@ } break; case IMGTYPE_YUV422: + pixel_ptr = 0; for (row = 0; row < height; row++) { - pixel_ptr = row * width * 2; yq = uq = vq =0; for (col = 0; col < width/4; col++) { encodedpixel_ptr = yq -= encodedpixel_ptr; @@ -331,8 +337,8 @@ } break; case IMGTYPE_YUV411: + pixel_ptr = 0; for (row = 0; row < height; row++) { - pixel_ptr = row * width / 2 * 3; yq = uq = vq =0; for (col = 0; col < width/4; col++) { encodedpixel_ptr = yq -= encodedpixel_ptr; @@ -406,6 +412,11 @@ v_out col >> 1 = *encoded++ + 128; v_out(col >> 1) + 1 = *encoded++ + 128; } + if (col && col < width) { + u_out col >> 1 = u_out(col>>1) - 1; + v_out col >> 1 = v_out(col>>1) - 1; + } + y_out -= frame->linesize0; u_out -= frame->linesize1; v_out -= frame->linesize2; @@ -427,6 +438,10 @@ u_outcol >> 2 = *encoded++ + 128; v_outcol >> 2 = *encoded++ + 128; } + if (col && col < width) { + u_outcol >> 2 = u_out(col>>2) - 1; + v_outcol >> 2 = v_out(col>>2) - 1; + } y_out -= frame->linesize0; u_out -= frame->linesize1; v_out -= frame->linesize2; @@ -486,6 +501,7 @@ FFALIGN(avctx->height, 4); unsigned int max_decomp_size; int subsample_h, subsample_v; + int partial_h_supported = 0; if (avctx->extradata_size < 8) { av_log(avctx, AV_LOG_ERROR, "Extradata size too small.\n"); @@ -507,26 +523,24 @@ av_log(avctx, AV_LOG_DEBUG, "Image type is YUV 1:1:1.\n"); break; case IMGTYPE_YUV422: - c->decomp_size = basesize * 2; + c->decomp_size = (avctx->width & ~3) * avctx->height * 2; max_decomp_size = max_basesize * 2; avctx->pix_fmt = AV_PIX_FMT_YUV422P; av_log(avctx, AV_LOG_DEBUG, "Image type is YUV 4:2:2.\n"); - if (avctx->width % 4) { - avpriv_request_sample(avctx, "Unsupported dimensions"); - return AVERROR_INVALIDDATA; - } + partial_h_supported = 1; break; case IMGTYPE_RGB24: - c->decomp_size = basesize * 3; + c->decomp_size = FFALIGN(avctx->width*3, 4) * avctx->height; max_decomp_size = max_basesize * 3; avctx->pix_fmt = AV_PIX_FMT_BGR24; av_log(avctx, AV_LOG_DEBUG, "Image type is RGB 24.\n"); break; case IMGTYPE_YUV411: - c->decomp_size = basesize / 2 * 3; + c->decomp_size = (avctx->width & ~3) * avctx->height / 2 * 3; max_decomp_size = max_basesize / 2 * 3; avctx->pix_fmt = AV_PIX_FMT_YUV411P; av_log(avctx, AV_LOG_DEBUG, "Image type is YUV 4:1:1.\n"); + partial_h_supported = 1; break; case IMGTYPE_YUV211: c->decomp_size = basesize * 2; @@ -546,7 +560,7 @@ } av_pix_fmt_get_chroma_sub_sample(avctx->pix_fmt, &subsample_h, &subsample_v); - if (avctx->width % (1<<subsample_h) || avctx->height % (1<<subsample_v)) { + if ((avctx->width % (1<<subsample_h) && !partial_h_supported) || avctx->height % (1<<subsample_v)) { avpriv_request_sample(avctx, "Unsupported dimensions"); return AVERROR_INVALIDDATA; }
View file
ffmpeg-2-2.8.21.tar.xz/libavcodec/mlpdec.c -> ffmpeg-2-2.8.22.tar.xz/libavcodec/mlpdec.c
Changed
@@ -515,7 +515,7 @@ /* This should happen for TrueHD streams with >6 channels and MLP's noise * type. It is not yet known if this is allowed. */ - if (max_channel > MAX_MATRIX_CHANNEL_MLP && !noise_type) { + if (max_matrix_channel > MAX_MATRIX_CHANNEL_MLP && !noise_type) { avpriv_request_sample(m->avctx, "%d channels (more than the " "maximum supported by the decoder)",
View file
ffmpeg-2-2.8.21.tar.xz/libavcodec/motionpixels.c -> ffmpeg-2-2.8.22.tar.xz/libavcodec/motionpixels.c
Changed
@@ -185,7 +185,7 @@ int color; color = *(uint16_t *)&mp->frame->data0y * mp->frame->linesize0 + x * 2; - return mp_rgb_yuv_tablecolor; + return mp_rgb_yuv_tablecolor & 0x7FFF; } static void mp_set_rgb_from_yuv(MotionPixelsContext *mp, int x, int y, const YuvPixel *p)
View file
ffmpeg-2-2.8.21.tar.xz/libavcodec/mpeg4videodec.c -> ffmpeg-2-2.8.22.tar.xz/libavcodec/mpeg4videodec.c
Changed
@@ -555,7 +555,7 @@ for (y = 0; y < 16; y++) { int v; - v = mb_v + dy * y; + v = mb_v + (unsigned)dy * y; // FIXME optimize for (x = 0; x < 16; x++) { sum += v >> shift; @@ -1126,7 +1126,7 @@ if (SHOW_UBITS(re, &s->gb, 1) == 0) { av_log(s->avctx, AV_LOG_ERROR, "1. marker bit missing in 3. esc\n"); - if (!(s->avctx->err_recognition & AV_EF_IGNORE_ERR)) + if (!(s->avctx->err_recognition & AV_EF_IGNORE_ERR) || get_bits_left(&s->gb) <= 0) return -1; } SKIP_CACHE(re, &s->gb, 1); @@ -1137,7 +1137,7 @@ if (SHOW_UBITS(re, &s->gb, 1) == 0) { av_log(s->avctx, AV_LOG_ERROR, "2. marker bit missing in 3. esc\n"); - if (!(s->avctx->err_recognition & AV_EF_IGNORE_ERR)) + if (!(s->avctx->err_recognition & AV_EF_IGNORE_ERR) || get_bits_left(&s->gb) <= 0) return -1; }
View file
ffmpeg-2-2.8.21.tar.xz/libavcodec/pictordec.c -> ffmpeg-2-2.8.22.tar.xz/libavcodec/pictordec.c
Changed
@@ -223,8 +223,6 @@ run = bytestream2_get_le16(&s->g); val = bytestream2_get_byte(&s->g); } - if (!bytestream2_get_bytes_left(&s->g)) - break; if (bits_per_plane == 8) { picmemset_8bpp(s, frame, val, run, &x, &y);
View file
ffmpeg-2-2.8.21.tar.xz/libavcodec/pngdec.c -> ffmpeg-2-2.8.22.tar.xz/libavcodec/pngdec.c
Changed
@@ -306,7 +306,7 @@ static void deloco_ ## NAME(TYPE *dst, int size, int alpha) \ { \ int i; \ - for (i = 0; i < size; i += 3 + alpha) { \ + for (i = 0; i < size - 2; i += 3 + alpha) { \ int g = dst i + 1; \ dsti + 0 += g; \ dsti + 2 += g; \ @@ -618,6 +618,8 @@ int ret; size_t byte_depth = s->bit_depth > 8 ? 2 : 1; + if (!p) + return AVERROR_INVALIDDATA; if (!(s->hdr_state & PNG_IHDR)) { av_log(avctx, AV_LOG_ERROR, "IDAT without IHDR\n"); return AVERROR_INVALIDDATA; @@ -1226,6 +1228,10 @@ } exit_loop: + if (!p) + return AVERROR_INVALIDDATA; + + if (s->bits_per_pixel <= 4) handle_small_bpp(s, p); @@ -1362,7 +1368,7 @@ s->zstream.zfree = ff_png_zfree; bytestream2_init(&s->gb, avctx->extradata, avctx->extradata_size); - if ((ret = decode_frame_common(avctx, s, p, avpkt)) < 0) + if ((ret = decode_frame_common(avctx, s, NULL, avpkt)) < 0) goto end; }
View file
ffmpeg-2-2.8.21.tar.xz/libavcodec/sunrast.c -> ffmpeg-2-2.8.22.tar.xz/libavcodec/sunrast.c
Changed
@@ -19,6 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ +#include "libavutil/avassert.h" #include "libavutil/common.h" #include "libavutil/intreadwrite.h" #include "libavutil/imgutils.h" @@ -75,6 +76,12 @@ return AVERROR_PATCHWELCOME; } + if (maplength > 768) { + av_log(avctx, AV_LOG_WARNING, "invalid colormap length\n"); + return AVERROR_INVALIDDATA; + } + + // This also checks depth to be valid switch (depth) { case 1: avctx->pix_fmt = maplength ? AV_PIX_FMT_PAL8 : AV_PIX_FMT_MONOWHITE; @@ -96,15 +103,23 @@ return AVERROR_INVALIDDATA; } + // This checks w and h to be valid in the sense that bytes of a padded bitmap are addressable with 32bit int ret = ff_set_dimensions(avctx, w, h); if (ret < 0) return ret; + // ensured by ff_set_dimensions() + av_assert0(w <= (INT32_MAX - 7) / depth); + /* scanlines are aligned on 16 bit boundaries */ len = (depth * w + 7) >> 3; alen = len + (len & 1); - if (buf_end - buf < maplength + (len * h) * 3 / 256) + // ensured by ff_set_dimensions() + av_assert0(h <= INT32_MAX / (3 * len)); + + // maplength is limited to 768 and the right term is limited to INT32_MAX / 256 so the add needs no check + if (buf_end - buf < (uint64_t)maplength + (len * h) * 3 / 256) return AVERROR_INVALIDDATA; if ((ret = ff_get_buffer(avctx, p, 0)) < 0) @@ -118,7 +133,7 @@ } else if (maplength) { unsigned int len = maplength / 3; - if (maplength % 3 || maplength > 768) { + if (maplength % 3) { av_log(avctx, AV_LOG_WARNING, "invalid colormap length\n"); return AVERROR_INVALIDDATA; }
View file
ffmpeg-2-2.8.21.tar.xz/libavcodec/tak.c -> ffmpeg-2-2.8.22.tar.xz/libavcodec/tak.c
Changed
@@ -152,6 +152,9 @@ if (ti->flags & TAK_FRAME_FLAG_HAS_METADATA) return AVERROR_INVALIDDATA; + if (get_bits_left(gb) < 24) + return AVERROR_INVALIDDATA; + skip_bits(gb, 24); return 0;
View file
ffmpeg-2-2.8.21.tar.xz/libavcodec/tta.c -> ffmpeg-2-2.8.22.tar.xz/libavcodec/tta.c
Changed
@@ -333,7 +333,7 @@ if (s->channels > 1) { int32_t *r = p - 1; for (*p += *r / 2; r > (int32_t*)p - s->channels; r--) - *r = *(r + 1) - *r; + *r = *(r + 1) - (unsigned)*r; } cur_chan = 0; i++;
View file
ffmpeg-2-2.8.21.tar.xz/libavcodec/utils.c -> ffmpeg-2-2.8.22.tar.xz/libavcodec/utils.c
Changed
@@ -360,6 +360,8 @@ case AV_PIX_FMT_GBRP16BE: w_align = 16; //FIXME assume 16 pixel per macroblock h_align = 16 * 2; // interlaced needs 2 macroblocks height + if (s->codec_id == AV_CODEC_ID_BINKVIDEO) + w_align = 16*2; break; case AV_PIX_FMT_YUV411P: case AV_PIX_FMT_YUVJ411P: @@ -425,12 +427,13 @@ } if (s->codec_id == AV_CODEC_ID_IFF_ILBM || s->codec_id == AV_CODEC_ID_IFF_BYTERUN1) { - w_align = FFMAX(w_align, 8); + w_align = FFMAX(w_align, 16); } *width = FFALIGN(*width, w_align); *height = FFALIGN(*height, h_align); if (s->codec_id == AV_CODEC_ID_H264 || s->lowres || + s->codec_id == AV_CODEC_ID_VC1 || s->codec_id == AV_CODEC_ID_WMV3 || s->codec_id == AV_CODEC_ID_VP5 || s->codec_id == AV_CODEC_ID_VP6 || s->codec_id == AV_CODEC_ID_VP6F || s->codec_id == AV_CODEC_ID_VP6A ) { @@ -444,6 +447,9 @@ // the next rounded up width is 32 *width = FFMAX(*width, 32); } + if (s->codec_id == AV_CODEC_ID_SVQ3) { + *width = FFMAX(*width, 32); + } for (i = 0; i < 4; i++) linesize_aligni = STRIDE_ALIGN; @@ -3479,7 +3485,7 @@ if (sr > 0) { /* calc from sample rate */ if (id == AV_CODEC_ID_TTA) - return 256 * sr / 245; + return 256ll * sr / 245; if (ch > 0) { /* calc from sample rate and channels */
View file
ffmpeg-2-2.8.21.tar.xz/libavcodec/videodsp_template.c -> ffmpeg-2-2.8.22.tar.xz/libavcodec/videodsp_template.c
Changed
@@ -60,7 +60,7 @@ av_assert2(start_x < end_x && block_w); w = end_x - start_x; - src += start_y * src_linesize + start_x * sizeof(pixel); + src += start_y * src_linesize + start_x * (ptrdiff_t)sizeof(pixel); buf += start_x * sizeof(pixel); // top @@ -83,7 +83,7 @@ buf += buf_linesize; } - buf -= block_h * buf_linesize + start_x * sizeof(pixel); + buf -= block_h * buf_linesize + start_x * (ptrdiff_t)sizeof(pixel); while (block_h--) { pixel *bufp = (pixel *) buf;
View file
ffmpeg-2-2.8.21.tar.xz/libavcodec/vorbisdec.c -> ffmpeg-2-2.8.22.tar.xz/libavcodec/vorbisdec.c
Changed
@@ -363,6 +363,10 @@ unsigned codebook_value_bits = get_bits(gb, 4) + 1; unsigned codebook_sequence_p = get_bits1(gb); + if (!isfinite(codebook_minimum_value) || !isfinite(codebook_delta_value)) { + ret = AVERROR_INVALIDDATA; + goto error; + } ff_dlog(NULL, " We expect %d numbers for building the codevectors. \n", codebook_lookup_values); ff_dlog(NULL, " delta %f minmum %f \n",
View file
ffmpeg-2-2.8.21.tar.xz/libavcodec/vp3.c -> ffmpeg-2-2.8.22.tar.xz/libavcodec/vp3.c
Changed
@@ -1747,6 +1747,8 @@ s->avctx = avctx; s->width = FFALIGN(avctx->coded_width, 16); s->height = FFALIGN(avctx->coded_height, 16); + if (s->width < 18) + return AVERROR_PATCHWELCOME; if (avctx->codec_id != AV_CODEC_ID_THEORA) avctx->pix_fmt = AV_PIX_FMT_YUV420P; avctx->chroma_sample_location = AVCHROMA_LOC_CENTER; @@ -2095,8 +2097,13 @@ if (ff_thread_get_buffer(avctx, &s->current_frame, AV_GET_BUFFER_FLAG_REF) < 0) goto error; - if (!s->edge_emu_buffer) + if (!s->edge_emu_buffer) { s->edge_emu_buffer = av_malloc(9 * FFABS(s->current_frame.f->linesize0)); + if (!s->edge_emu_buffer) { + ret = AVERROR(ENOMEM); + goto error; + } + } if (s->keyframe) { if (!s->theora) { @@ -2302,7 +2309,9 @@ /* sanity check */ if (av_image_check_size(visible_width, visible_height, 0, avctx) < 0 || visible_width + offset_x > s->width || - visible_height + offset_y > s->height) { + visible_height + offset_y > s->height || + visible_width < 18 + ) { av_log(avctx, AV_LOG_ERROR, "Invalid frame dimensions - w:%d h:%d x:%d y:%d (%dx%d).\n", visible_width, visible_height, offset_x, offset_y, @@ -2348,6 +2357,8 @@ } else avctx->pix_fmt = AV_PIX_FMT_YUV420P; + if (s->width < 18) + return AVERROR_PATCHWELCOME; ret = ff_set_dimensions(avctx, s->width, s->height); if (ret < 0) return ret;
View file
ffmpeg-2-2.8.21.tar.xz/libavcodec/wavpack.c -> ffmpeg-2-2.8.22.tar.xz/libavcodec/wavpack.c
Changed
@@ -95,7 +95,7 @@ e = (1 << (p + 1)) - k - 1; res = p ? get_bits(gb, p) : 0; if (res >= e) - res = (res << 1) - e + get_bits1(gb); + res = res * 2U - e + get_bits1(gb); return res; }
View file
ffmpeg-2-2.8.21.tar.xz/libavcodec/xvididct.c -> ffmpeg-2-2.8.22.tar.xz/libavcodec/xvididct.c
Changed
@@ -56,37 +56,37 @@ static int idct_row(short *in, const int *const tab, int rnd) { - const int c1 = tab0; - const int c2 = tab1; - const int c3 = tab2; - const int c4 = tab3; - const int c5 = tab4; - const int c6 = tab5; - const int c7 = tab6; + const unsigned c1 = tab0; + const unsigned c2 = tab1; + const unsigned c3 = tab2; + const unsigned c4 = tab3; + const unsigned c5 = tab4; + const unsigned c6 = tab5; + const unsigned c7 = tab6; const int right = in5 | in6 | in7; const int left = in1 | in2 | in3; if (!(right | in4)) { const int k = c4 * in0 + rnd; if (left) { - const int a0 = k + c2 * in2; - const int a1 = k + c6 * in2; - const int a2 = k - c6 * in2; - const int a3 = k - c2 * in2; + const unsigned a0 = k + c2 * in2; + const unsigned a1 = k + c6 * in2; + const unsigned a2 = k - c6 * in2; + const unsigned a3 = k - c2 * in2; const int b0 = c1 * in1 + c3 * in3; const int b1 = c3 * in1 - c7 * in3; const int b2 = c5 * in1 - c1 * in3; const int b3 = c7 * in1 - c5 * in3; - in0 = (a0 + b0) >> ROW_SHIFT; - in1 = (a1 + b1) >> ROW_SHIFT; - in2 = (a2 + b2) >> ROW_SHIFT; - in3 = (a3 + b3) >> ROW_SHIFT; - in4 = (a3 - b3) >> ROW_SHIFT; - in5 = (a2 - b2) >> ROW_SHIFT; - in6 = (a1 - b1) >> ROW_SHIFT; - in7 = (a0 - b0) >> ROW_SHIFT; + in0 = (int)(a0 + b0) >> ROW_SHIFT; + in1 = (int)(a1 + b1) >> ROW_SHIFT; + in2 = (int)(a2 + b2) >> ROW_SHIFT; + in3 = (int)(a3 + b3) >> ROW_SHIFT; + in4 = (int)(a3 - b3) >> ROW_SHIFT; + in5 = (int)(a2 - b2) >> ROW_SHIFT; + in6 = (int)(a1 - b1) >> ROW_SHIFT; + in7 = (int)(a0 - b0) >> ROW_SHIFT; } else { const int a0 = k >> ROW_SHIFT; if (a0) { @@ -102,8 +102,8 @@ return 0; } } else if (!(left | right)) { - const int a0 = (rnd + c4 * (in0 + in4)) >> ROW_SHIFT; - const int a1 = (rnd + c4 * (in0 - in4)) >> ROW_SHIFT; + const int a0 = (int)(rnd + c4 * (in0 + in4)) >> ROW_SHIFT; + const int a1 = (int)(rnd + c4 * (in0 - in4)) >> ROW_SHIFT; in0 = a0; in3 = a0; @@ -114,7 +114,7 @@ in5 = a1; in6 = a1; } else { - const int k = c4 * in0 + rnd; + const unsigned int k = c4 * in0 + rnd; const unsigned int a0 = k + c2 * in2 + c4 * in4 + c6 * in6; const unsigned int a1 = k + c6 * in2 - c4 * in4 - c2 * in6; const unsigned int a2 = k - c6 * in2 - c4 * in4 + c2 * in6;
View file
ffmpeg-2-2.8.21.tar.xz/libavformat/avs.c -> ffmpeg-2-2.8.22.tar.xz/libavformat/avs.c
Changed
@@ -135,6 +135,10 @@ return 0; /* this indicate EOS */ if (ret < 0) return ret; + if (size != (int)size) { + av_packet_unref(pkt); + return AVERROR(EDOM); + } pkt->stream_index = avs->st_audio->index; pkt->flags |= AV_PKT_FLAG_KEY;
View file
ffmpeg-2-2.8.21.tar.xz/libavformat/format.c -> ffmpeg-2-2.8.22.tar.xz/libavformat/format.c
Changed
@@ -251,6 +251,7 @@ int ret = 0, probe_size, buf_offset = 0; int score = 0; int ret2; + int eof = 0; if (!max_probe_size) max_probe_size = PROBE_BUF_MAX; @@ -277,7 +278,7 @@ } #endif - for (probe_size = PROBE_BUF_MIN; probe_size <= max_probe_size && !*fmt; + for (probe_size = PROBE_BUF_MIN; probe_size <= max_probe_size && !*fmt && !eof; probe_size = FFMIN(probe_size << 1, FFMAX(max_probe_size, probe_size + 1))) { score = probe_size < max_probe_size ? AVPROBE_SCORE_RETRY : 0; @@ -293,6 +294,7 @@ score = 0; ret = 0; /* error was end of file, nothing read */ + eof = 1; } buf_offset += ret; if (buf_offset < offset)
View file
ffmpeg-2-2.8.21.tar.xz/libavformat/id3v2.c -> ffmpeg-2-2.8.22.tar.xz/libavformat/id3v2.c
Changed
@@ -375,10 +375,10 @@ lang3 = '\0'; taglen -= 3; - if (decode_str(s, pb, encoding, &descriptor, &taglen) < 0) + if (decode_str(s, pb, encoding, &descriptor, &taglen) < 0 || taglen < 0) goto error; - if (decode_str(s, pb, encoding, &text, &taglen) < 0) + if (decode_str(s, pb, encoding, &text, &taglen) < 0 || taglen < 0) goto error; // FFmpeg does not support hierarchical metadata, so concatenate the keys.
View file
ffmpeg-2-2.8.21.tar.xz/libavformat/jacosubdec.c -> ffmpeg-2-2.8.22.tar.xz/libavformat/jacosubdec.c
Changed
@@ -226,14 +226,17 @@ } av_bprintf(&header, "#S %s", p); break; - case 'T': // ...but must be placed after TIMERES - jacosub->timeres = strtol(p, NULL, 10); - if (!jacosub->timeres) + case 'T': { // ...but must be placed after TIMERES + int64_t timeres = strtol(p, NULL, 10); + if (timeres <= 0 || timeres > UINT32_MAX) { jacosub->timeres = 30; - else + } else { + jacosub->timeres = timeres; av_bprintf(&header, "#T %s", p); + } break; } + } } /* general/essential directives in the extradata */
View file
ffmpeg-2-2.8.21.tar.xz/libavformat/matroskadec.c -> ffmpeg-2-2.8.22.tar.xz/libavformat/matroskadec.c
Changed
@@ -3341,16 +3341,19 @@ int64_t prebuffer_ns = 1000000000; int64_t time_ns = st->index_entriesi.timestamp * matroska->time_scale; double nano_seconds_per_second = 1000000000.0; - int64_t prebuffered_ns = time_ns + prebuffer_ns; + int64_t prebuffered_ns; double prebuffer_bytes = 0.0; int64_t temp_prebuffer_ns = prebuffer_ns; int64_t pre_bytes, pre_ns; double pre_sec, prebuffer, bits_per_second; CueDesc desc_beg = get_cue_desc(s, time_ns, cues_start); - // Start with the first Cue. CueDesc desc_end = desc_beg; + if (time_ns > INT64_MAX - prebuffer_ns) + return -1; + prebuffered_ns = time_ns + prebuffer_ns; + // Figure out how much data we have downloaded for the prebuffer. This will // be used later to adjust the bits per sample to try. while (desc_end.start_time_ns != -1 && desc_end.end_time_ns < prebuffered_ns) {
View file
ffmpeg-2-2.8.21.tar.xz/libavformat/mov.c -> ffmpeg-2-2.8.22.tar.xz/libavformat/mov.c
Changed
@@ -2750,6 +2750,13 @@ if (keyframe) distance = 0; sample_size = sc->stsz_sample_size > 0 ? sc->stsz_sample_size : sc->sample_sizescurrent_sample; + if (current_offset > INT64_MAX - sample_size) { + av_log(mov->fc, AV_LOG_ERROR, "Current offset %"PRId64" or sample size %u is too large\n", + current_offset, + sample_size); + return; + } + if (sc->pseudo_stream_id == -1 || sc->stsc_datastsc_index.id - 1 == sc->pseudo_stream_id) { AVIndexEntry *e;
View file
ffmpeg-2-2.8.21.tar.xz/libavformat/replaygain.c -> ffmpeg-2-2.8.22.tar.xz/libavformat/replaygain.c
Changed
@@ -61,7 +61,7 @@ } } - if (abs(db) > (INT32_MAX - mb) / 100000) + if (llabs(db) > (INT32_MAX - mb) / 100000) return min; return db * 100000 + sign * mb;
View file
ffmpeg-2-2.8.21.tar.xz/libavformat/rpl.c -> ffmpeg-2-2.8.22.tar.xz/libavformat/rpl.c
Changed
@@ -240,6 +240,9 @@ "Video stream will be broken!\n", vst->codec->codec_tag); number_of_chunks = read_line_and_int(pb, &error); // number of chunks in the file + if (number_of_chunks == INT_MAX) + return AVERROR_INVALIDDATA; + // The number in the header is actually the index of the last chunk. number_of_chunks++;
View file
ffmpeg-2-2.8.21.tar.xz/libavformat/rtsp.c -> ffmpeg-2-2.8.22.tar.xz/libavformat/rtsp.c
Changed
@@ -363,7 +363,7 @@ if (rtsp_st->sdp_payload_type == payload_type && rtsp_st->dynamic_handler && rtsp_st->dynamic_handler->parse_sdp_a_line) { - rtsp_st->dynamic_handler->parse_sdp_a_line(s, i, + rtsp_st->dynamic_handler->parse_sdp_a_line(s, rtsp_st->stream_index, rtsp_st->dynamic_protocol_context, line); } }
View file
ffmpeg-2-2.8.21.tar.xz/libavformat/sbgdec.c -> ffmpeg-2-2.8.22.tar.xz/libavformat/sbgdec.c
Changed
@@ -1272,7 +1272,10 @@ /* SBaGen handles the time before and after the extremal events, and the corresponding transitions, as if the sequence were cyclic with a 24-hours period. */ - period = s->eventss->nb_events - 1.ts - s->events0.ts; + period = s->eventss->nb_events - 1.ts - (uint64_t)s->events0.ts; + if (period < 0) + return AVERROR_INVALIDDATA; + period = (period + (DAY_TS - 1)) / DAY_TS * DAY_TS; period = FFMAX(period, DAY_TS);
View file
ffmpeg-2-2.8.21.tar.xz/libavformat/tmv.c -> ffmpeg-2-2.8.22.tar.xz/libavformat/tmv.c
Changed
@@ -103,6 +103,10 @@ char_cols = avio_r8(pb); char_rows = avio_r8(pb); tmv->video_chunk_size = char_cols * char_rows * 2; + if (!tmv->video_chunk_size) { + av_log(s, AV_LOG_ERROR, "invalid video chunk size\n"); + return AVERROR_INVALIDDATA; + } features = avio_r8(pb); if (features & ~(TMV_PADDING | TMV_STEREO)) {
View file
ffmpeg-2-2.8.21.tar.xz/libavformat/tta.c -> ffmpeg-2-2.8.22.tar.xz/libavformat/tta.c
Changed
@@ -96,7 +96,7 @@ c->totalframes = nb_samples / c->frame_size + (c->last_frame_size < c->frame_size); c->currentframe = 0; - if(c->totalframes >= UINT_MAX/sizeof(uint32_t) || c->totalframes <= 0){ + if(c->totalframes >= (INT_MAX - 4)/sizeof(uint32_t) || c->totalframes <= 0){ av_log(s, AV_LOG_ERROR, "totalframes %d invalid\n", c->totalframes); return AVERROR_INVALIDDATA; }
View file
ffmpeg-2-2.8.21.tar.xz/libavformat/wavdec.c -> ffmpeg-2-2.8.22.tar.xz/libavformat/wavdec.c
Changed
@@ -548,6 +548,10 @@ goto smv_out; } size = avio_rl24(s->pb); + if (size > wav->smv_block_size) { + ret = AVERROR_EOF; + goto smv_out; + } ret = av_get_packet(s->pb, pkt, size); if (ret < 0) goto smv_out; @@ -586,6 +590,8 @@ goto smv_retry; return AVERROR_EOF; } + if (INT64_MAX - left < avio_tell(s->pb)) + return AVERROR_INVALIDDATA; wav->data_end = avio_tell(s->pb) + left; }
View file
ffmpeg-2-2.8.21.tar.xz/libavformat/westwood_vqa.c -> ffmpeg-2-2.8.22.tar.xz/libavformat/westwood_vqa.c
Changed
@@ -164,13 +164,15 @@ int ret = -1; uint8_t preambleVQA_PREAMBLE_SIZE; uint32_t chunk_type; - uint32_t chunk_size; - int skip_byte; + int chunk_size; + unsigned skip_byte; while (avio_read(pb, preamble, VQA_PREAMBLE_SIZE) == VQA_PREAMBLE_SIZE) { chunk_type = AV_RB32(&preamble0); chunk_size = AV_RB32(&preamble4); + if (chunk_size < 0) + return AVERROR_INVALIDDATA; skip_byte = chunk_size & 0x01; if ((chunk_type == SND0_TAG) || (chunk_type == SND1_TAG) ||
View file
ffmpeg-2-2.8.21.tar.xz/libavutil/softfloat.c -> ffmpeg-2-2.8.22.tar.xz/libavutil/softfloat.c
Changed
@@ -146,7 +146,7 @@ av_sincos_sf(i*(1ULL<<32)/36/4, &s, &c); errs = (double)s/ (1<<30) - sin(i*M_PI/36); errc = (double)c/ (1<<30) - cos(i*M_PI/36); - if (fabs(errs) > 0.00000002 || fabs(errc) >0.001) { + if (fabs(errs) > 0.000000004 || fabs(errc) >0.000000004) { printf("sincos FAIL %d %f %f %f %f\n", i, (float)s/ (1<<30), (float)c/ (1<<30), sin(i*M_PI/36), cos(i*M_PI/36)); }
View file
ffmpeg-2-2.8.21.tar.xz/libavutil/softfloat.h -> ffmpeg-2-2.8.22.tar.xz/libavutil/softfloat.h
Changed
@@ -215,6 +215,10 @@ /** * Rounding-to-nearest used. + * + * @param a angle in units of (1ULL<<30)/M_PI radians + * @param s pointer to where sine in units of (1<<30) is returned + * @param c pointer to where cosine in units of (1<<30) is returned */ static av_unused void av_sincos_sf(int a, int *s, int *c) { @@ -260,7 +264,7 @@ (int64_t)av_sintbl_4_sf(idx & 0x1f) + 1 * (a & 0x7ff) + 0x400) >> 11); - *c = (int)(((int64_t)cv * ct + (int64_t)sv * st + 0x20000000) >> 30); + *c = (int)(((int64_t)cv * ct - (int64_t)sv * st + 0x20000000) >> 30); *s = (int)(((int64_t)cv * st + (int64_t)sv * ct + 0x20000000) >> 30); }
View file
ffmpeg-2-2.8.21.tar.xz/libswscale/input.c -> ffmpeg-2-2.8.22.tar.xz/libswscale/input.c
Changed
@@ -84,9 +84,9 @@ int32_t rv = rgb2yuvRV_IDX, gv = rgb2yuvGV_IDX, bv = rgb2yuvBV_IDX; av_assert1(src1==src2); for (i = 0; i < width; i++) { - int r_b = (input_pixel(&src18 * i + 0) + input_pixel(&src18 * i + 4) + 1) >> 1; - int g = (input_pixel(&src18 * i + 1) + input_pixel(&src18 * i + 5) + 1) >> 1; - int b_r = (input_pixel(&src18 * i + 2) + input_pixel(&src18 * i + 6) + 1) >> 1; + unsigned r_b = (input_pixel(&src18 * i + 0) + input_pixel(&src18 * i + 4) + 1) >> 1; + unsigned g = (input_pixel(&src18 * i + 1) + input_pixel(&src18 * i + 5) + 1) >> 1; + unsigned b_r = (input_pixel(&src18 * i + 2) + input_pixel(&src18 * i + 6) + 1) >> 1; dstUi= (ru*r + gu*g + bu*b + (0x10001<<(RGB2YUV_SHIFT-1))) >> RGB2YUV_SHIFT; dstVi= (rv*r + gv*g + bv*b + (0x10001<<(RGB2YUV_SHIFT-1))) >> RGB2YUV_SHIFT; @@ -156,9 +156,9 @@ int32_t rv = rgb2yuvRV_IDX, gv = rgb2yuvGV_IDX, bv = rgb2yuvBV_IDX; av_assert1(src1 == src2); for (i = 0; i < width; i++) { - int r_b = input_pixel(&src1i * 3 + 0); - int g = input_pixel(&src1i * 3 + 1); - int b_r = input_pixel(&src1i * 3 + 2); + unsigned r_b = input_pixel(&src1i * 3 + 0); + unsigned g = input_pixel(&src1i * 3 + 1); + unsigned b_r = input_pixel(&src1i * 3 + 2); dstUi = (ru*r + gu*g + bu*b + (0x10001 << (RGB2YUV_SHIFT - 1))) >> RGB2YUV_SHIFT; dstVi = (rv*r + gv*g + bv*b + (0x10001 << (RGB2YUV_SHIFT - 1))) >> RGB2YUV_SHIFT; @@ -178,12 +178,12 @@ int32_t rv = rgb2yuvRV_IDX, gv = rgb2yuvGV_IDX, bv = rgb2yuvBV_IDX; av_assert1(src1 == src2); for (i = 0; i < width; i++) { - int r_b = (input_pixel(&src16 * i + 0) + - input_pixel(&src16 * i + 3) + 1) >> 1; - int g = (input_pixel(&src16 * i + 1) + - input_pixel(&src16 * i + 4) + 1) >> 1; - int b_r = (input_pixel(&src16 * i + 2) + - input_pixel(&src16 * i + 5) + 1) >> 1; + unsigned r_b = (input_pixel(&src16 * i + 0) + + input_pixel(&src16 * i + 3) + 1) >> 1; + unsigned g = (input_pixel(&src16 * i + 1) + + input_pixel(&src16 * i + 4) + 1) >> 1; + unsigned b_r = (input_pixel(&src16 * i + 2) + + input_pixel(&src16 * i + 5) + 1) >> 1; dstUi = (ru*r + gu*g + bu*b + (0x10001 << (RGB2YUV_SHIFT - 1))) >> RGB2YUV_SHIFT; dstVi = (rv*r + gv*g + bv*b + (0x10001 << (RGB2YUV_SHIFT - 1))) >> RGB2YUV_SHIFT;
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.