From 97cfa55eea39cef30abe14682c56c1e4e7f6f10d Mon Sep 17 00:00:00 2001 From: Luca Barbato Date: Fri, 28 Sep 2012 14:38:13 +0200 Subject: [PATCH 01/13] mpegaudiodec: fix short_start calculation The value should be always 3, as it follows from the specification. Fix a stack buffer overflow in exponents_from_scale_factors as reported by asan. Thanks to Dale Curtis for the sample vector. --- libavcodec/mpegaudiodec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mpegaudiodec.c b/libavcodec/mpegaudiodec.c index 03094f6260..ead0e1d958 100644 --- a/libavcodec/mpegaudiodec.c +++ b/libavcodec/mpegaudiodec.c @@ -211,7 +211,7 @@ static void ff_compute_band_indexes(MPADecodeContext *s, GranuleDef *g) else g->long_end = 6; - g->short_start = 2 + (s->sample_rate_index != 8); + g->short_start = 3; } else { g->long_end = 0; g->short_start = 0; From 791b5954bc8fe7c0077d7eb959ebd17e40d0a7c6 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 27 Sep 2012 14:06:54 +0000 Subject: [PATCH 02/13] dsputil_mmx: fix reading prior of the src array in sub_hfyu_median_prediction() This should fix the utvideoenc valgrind failure Signed-off-by: Michael Niedermayer --- libavcodec/x86/dsputilenc_mmx.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavcodec/x86/dsputilenc_mmx.c b/libavcodec/x86/dsputilenc_mmx.c index 7dcc73175c..b7d88f0f36 100644 --- a/libavcodec/x86/dsputilenc_mmx.c +++ b/libavcodec/x86/dsputilenc_mmx.c @@ -849,8 +849,9 @@ static void sub_hfyu_median_prediction_mmx2(uint8_t *dst, const uint8_t *src1, c uint8_t l, lt; __asm__ volatile( + "movq (%1, %0), %%mm0 \n\t" // LT + "psllq $8, %%mm0 \n\t" "1: \n\t" - "movq -1(%1, %0), %%mm0 \n\t" // LT "movq (%1, %0), %%mm1 \n\t" // T "movq -1(%2, %0), %%mm2 \n\t" // L "movq (%2, %0), %%mm3 \n\t" // X @@ -865,6 +866,7 @@ static void sub_hfyu_median_prediction_mmx2(uint8_t *dst, const uint8_t *src1, c "psubb %%mm4, %%mm3 \n\t" // dst - pred "movq %%mm3, (%3, %0) \n\t" "add $8, %0 \n\t" + "movq -1(%1, %0), %%mm0 \n\t" // LT "cmp %4, %0 \n\t" " jb 1b \n\t" : "+r" (i) From 6a3078bb89b7cd37953d7f561db0b19d38b6396d Mon Sep 17 00:00:00 2001 From: Derek Buitenhuis Date: Thu, 27 Sep 2012 18:38:59 +0000 Subject: [PATCH 03/13] doc/platform: Mention MinGW-w64 This is the toolchain most, including Libav's nightlies, use to build. Signed-off-by: Derek Buitenhuis --- doc/platform.texi | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/doc/platform.texi b/doc/platform.texi index 0ed8e07637..271f1092fd 100644 --- a/doc/platform.texi +++ b/doc/platform.texi @@ -77,10 +77,11 @@ For information about compiling Libav on OS/2 see @section Native Windows compilation -Libav can be built to run natively on Windows using the MinGW tools. Install -the latest versions of MSYS and MinGW from @url{http://www.mingw.org/}. -You can find detailed installation -instructions in the download section and the FAQ. +Libav can be built to run natively on Windows using the MinGW or MinGW-w64 +toolchains. Install the latest versions of MSYS and MinGW or MinGW-w64 from +@url{http://www.mingw.org/} or @url{http://mingw-w64.sourceforge.net/}. +You can find detailed installation instructions in the download section and +the FAQ. Libav does not build out-of-the-box with the packages the automated MinGW installer provides. It also requires coreutils to be installed and many other From 55254a3f7f1311b549654c79ee54e1151c193840 Mon Sep 17 00:00:00 2001 From: Derek Buitenhuis Date: Thu, 27 Sep 2012 18:39:00 +0000 Subject: [PATCH 04/13] doc/platform: Remove false claim about MinGW installer This works just fine, and has for quite a while, using the mingw-get installer. Signed-off-by: Derek Buitenhuis --- doc/platform.texi | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/doc/platform.texi b/doc/platform.texi index 271f1092fd..e24c5da03e 100644 --- a/doc/platform.texi +++ b/doc/platform.texi @@ -83,21 +83,6 @@ toolchains. Install the latest versions of MSYS and MinGW or MinGW-w64 from You can find detailed installation instructions in the download section and the FAQ. -Libav does not build out-of-the-box with the packages the automated MinGW -installer provides. It also requires coreutils to be installed and many other -packages updated to the latest version. The minimum versions for some packages -are listed below: - -@itemize -@item bash 3.1 -@item msys-make 3.81-2 (note: not mingw32-make) -@item w32api 3.13 -@item mingw-runtime 3.15 -@end itemize - -Libav automatically passes @code{-fno-common} to the compiler to work around -a GCC bug (see @url{http://gcc.gnu.org/bugzilla/show_bug.cgi?id=37216}). - Notes: @itemize From 3e071551af1027ac535bed13ed35a5ca1c1a0268 Mon Sep 17 00:00:00 2001 From: Derek Buitenhuis Date: Thu, 27 Sep 2012 18:39:01 +0000 Subject: [PATCH 05/13] doc/platform: Nuke section on linking static MinGW-built libs with MSVC This practice is not supported by the MinGW developers, and even requires patching the MinGW runtimes in newer versions. Furthermore, we now support build with MSVC, so this section is rendered useless. Signed-off-by: Derek Buitenhuis --- doc/platform.texi | 59 ----------------------------------------------- 1 file changed, 59 deletions(-) diff --git a/doc/platform.texi b/doc/platform.texi index e24c5da03e..ac4b871545 100644 --- a/doc/platform.texi +++ b/doc/platform.texi @@ -115,65 +115,6 @@ This description of how to use the Libav libraries with MSVC++ is based on Microsoft Visual C++ 2005 Express Edition. If you have a different version, you might have to modify the procedures slightly. -@subsection Using static libraries - -Assuming you have just built and installed Libav in @file{/usr/local}: - -@enumerate - -@item Create a new console application ("File / New / Project") and then -select "Win32 Console Application". On the appropriate page of the -Application Wizard, uncheck the "Precompiled headers" option. - -@item Write the source code for your application, or, for testing, just -copy the code from an existing sample application into the source file -that MSVC++ has already created for you. For example, you can copy -@file{libavformat/output-example.c} from the Libav distribution. - -@item Open the "Project / Properties" dialog box. In the "Configuration" -combo box, select "All Configurations" so that the changes you make will -affect both debug and release builds. In the tree view on the left hand -side, select "C/C++ / General", then edit the "Additional Include -Directories" setting to contain the path where the Libav includes were -installed (i.e. @file{c:\msys\1.0\local\include}). -Do not add MinGW's include directory here, or the include files will -conflict with MSVC's. - -@item Still in the "Project / Properties" dialog box, select -"Linker / General" from the tree view and edit the -"Additional Library Directories" setting to contain the @file{lib} -directory where Libav was installed (i.e. @file{c:\msys\1.0\local\lib}), -the directory where MinGW libs are installed (i.e. @file{c:\mingw\lib}), -and the directory where MinGW's GCC libs are installed -(i.e. @file{C:\mingw\lib\gcc\mingw32\4.2.1-sjlj}). Then select -"Linker / Input" from the tree view, and add the files @file{libavformat.a}, -@file{libavcodec.a}, @file{libavutil.a}, @file{libmingwex.a}, -@file{libgcc.a}, and any other libraries you used (i.e. @file{libz.a}) -to the end of "Additional Dependencies". - -@item Now, select "C/C++ / Code Generation" from the tree view. Select -"Debug" in the "Configuration" combo box. Make sure that "Runtime -Library" is set to "Multi-threaded Debug DLL". Then, select "Release" in -the "Configuration" combo box and make sure that "Runtime Library" is -set to "Multi-threaded DLL". - -@item Click "OK" to close the "Project / Properties" dialog box. - -@item MSVC++ lacks some C99 header files that are fundamental for Libav. -Get msinttypes from @url{http://code.google.com/p/msinttypes/downloads/list} -and install it in MSVC++'s include directory -(i.e. @file{C:\Program Files\Microsoft Visual Studio 8\VC\include}). - -@item MSVC++ also does not understand the @code{inline} keyword used by -Libav, so you must add this line before @code{#include}ing libav*: -@example -#define inline _inline -@end example - -@item Build your application, everything should work. - -@end enumerate - @subsection Using shared libraries This is how to create DLL and LIB files that are compatible with MSVC++: From f45b54437a5f3ac28dc96f3b2551b4c602ec10e5 Mon Sep 17 00:00:00 2001 From: Derek Buitenhuis Date: Thu, 27 Sep 2012 18:39:02 +0000 Subject: [PATCH 06/13] doc/platform: Replace Visual Studio section with build instructions Signed-off-by: Derek Buitenhuis --- doc/platform.texi | 81 +++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 68 insertions(+), 13 deletions(-) diff --git a/doc/platform.texi b/doc/platform.texi index ac4b871545..a16bb467ca 100644 --- a/doc/platform.texi +++ b/doc/platform.texi @@ -75,7 +75,7 @@ For information about compiling Libav on OS/2 see @chapter Windows -@section Native Windows compilation +@section Native Windows compilation using MinGW or MinGW-w64 Libav can be built to run natively on Windows using the MinGW or MinGW-w64 toolchains. Install the latest versions of MSYS and MinGW or MinGW-w64 from @@ -101,21 +101,76 @@ you can build all libraries as DLLs. @end itemize -@section Microsoft Visual C++ compatibility +@section Microsoft Visual C++ -As stated in the FAQ, Libav will not compile under MSVC++. However, if you -want to use the libav* libraries in your own applications, you can still -compile those applications using MSVC++. But the libav* libraries you link -to @emph{must} be built with MinGW. However, you will not be able to debug -inside the libav* libraries, since MSVC++ does not recognize the debug -symbols generated by GCC. -We strongly recommend you to move over from MSVC++ to MinGW tools. +Libav can be built with MSVC using a C99-to-C89 conversion utility and +wrapper. At this time, only static builds are supported. -This description of how to use the Libav libraries with MSVC++ is based on -Microsoft Visual C++ 2005 Express Edition. If you have a different version, -you might have to modify the procedures slightly. +You will need the following prerequisites: -@subsection Using shared libraries +@itemize +@item @uref{https://github.com/rbultje/c99-to-c89/, C99-to-C89 Converter & Wrapper} +@item @uref{http://code.google.com/p/msinttypes/, msinttypes} +@item @uref{http://www.mingw.org/, MSYS} +@item @uref{http://yasm.tortall.net/, YASM} +@item @uref{http://gnuwin32.sourceforge.net/packages/bc.htm, bc for Windows} if +you want to run @uref{fate.html, FATE}. +@end itemize + +To set up a proper MSVC environment in MSYS, you simply need to run +@code{msys.bat} from the Visual Studio command prompt. + +Caveat: Run @code{which link} to see which link you are using. If it is located +at @code{/bin/link.exe}, then you have the wrong link in your @code{PATH}. +Either move/remove that copy, or make sure MSVC's link.exe is higher up in your +@code{PATH} than coreutils'. + +Place @code{c99wrap.exe}, @code{c99conv.exe}, and @code{yasm.exe} somewhere +in your @code{PATH}. + +Next, make sure @code{inttypes.h} and any other headers and libs you want to use +are located in a spot that MSVC can see. Do so by modifying the @code{LIB} and +@code{INCLUDE} environment variables to include the @strong{Windows} paths to +these directories. Alternatively, you can try and use the +@code{--extra-cflags}/@code{--extra-ldflags} configure options. + +Finally, run: + +@example +./configure --toolchain=msvc +make +make install +@end example + +Notes: + +@itemize + +@item If you wish to build with zlib support, you will have to grab a compatible +zlib binary from somewhere, with an MSVC import lib, or if you wish to link +statically, you can follow the instructions below to build a compatible +@code{zlib.lib} with MSVC. Regardless of which method you use, you must still +follow step 3, or compilation will fail. +@enumerate +@item Grab the @uref{http://zlib.net/, zlib sources}. +@item Edit @code{win32/Makefile.msc} so that it uses -MT instead of -MD, since +this is how Libav is built as well. +@item Edit @code{zconf.h} and remove its inclusion of @code{unistd.h}. This gets +erroneously included when building Libav. +@item Run @code{nmake -f win32/Makefile.msc}. +@item Move @code{zlib.lib}, @code{zconf.h}, and @code{zlib.h} to somewhere MSVC +can see. +@end enumerate + +@item Libav has been tested with Visual Studio 2010 and 2012, Pro and Express. +Anything else is not officially supported. + +@end itemize + +@subsection Using shared libraries built with MinGW in Visual Studio + +Currently, if you want to build shared libraries on Windows, you need to +use MinGW. This is how to create DLL and LIB files that are compatible with MSVC++: From ed8a2ddeea4c0f812a6d46607562f23db2543044 Mon Sep 17 00:00:00 2001 From: Derek Buitenhuis Date: Thu, 27 Sep 2012 19:02:28 +0000 Subject: [PATCH 07/13] doc/faq: Change the Visual Studio entry to reflect current status Signed-off-by: Derek Buitenhuis --- doc/faq.texi | 23 ++--------------------- 1 file changed, 2 insertions(+), 21 deletions(-) diff --git a/doc/faq.texi b/doc/faq.texi index 7c5373c437..79ef3b5feb 100644 --- a/doc/faq.texi +++ b/doc/faq.texi @@ -302,27 +302,8 @@ with @code{#ifdef}s related to the compiler. @section Is Microsoft Visual C++ supported? -No. Microsoft Visual C++ is not compliant to the C99 standard and does -not - among other things - support the inline assembly used in Libav. -If you wish to use MSVC++ for your -project then you can link the MSVC++ code with libav* as long as -you compile the latter with a working C compiler. For more information, see -the @emph{Microsoft Visual C++ compatibility} section in the Libav -documentation. - -There have been efforts to make Libav compatible with MSVC++ in the -past. However, they have all been rejected as too intrusive, especially -since MinGW does the job adequately. None of the core developers -work with MSVC++ and thus this item is low priority. Should you find -the silver bullet that solves this problem, feel free to shoot it at us. - -We strongly recommend you to move over from MSVC++ to MinGW tools. - -@section Can I use Libav under Windows? - -Yes, but the Cygwin or MinGW tools @emph{must} be used to compile Libav. -Read the @emph{Windows} section in the Libav documentation to find more -information. +Yes. Please see the @uref{platform.html, Microsoft Visual C++} +section in the Libav documentation. @section Can you add automake, libtool or autoconf support? From 7d1d4469902bbbdcb225eedd64f84c884cffbc2d Mon Sep 17 00:00:00 2001 From: Derek Buitenhuis Date: Fri, 28 Sep 2012 01:52:34 +0000 Subject: [PATCH 08/13] doc/platform: Rework the Visual Studio linking section Signed-off-by: Derek Buitenhuis --- doc/platform.texi | 61 ++++++++++++++++------------------------------- 1 file changed, 20 insertions(+), 41 deletions(-) diff --git a/doc/platform.texi b/doc/platform.texi index a16bb467ca..3bb9f79e90 100644 --- a/doc/platform.texi +++ b/doc/platform.texi @@ -167,54 +167,33 @@ Anything else is not officially supported. @end itemize -@subsection Using shared libraries built with MinGW in Visual Studio +@subsection Linking to Libav with Microsoft Visual C++ -Currently, if you want to build shared libraries on Windows, you need to -use MinGW. - -This is how to create DLL and LIB files that are compatible with MSVC++: - -Within the MSYS shell, build Libav with - -@example -./configure --enable-shared -make -make install -@end example - -Your install path (@file{/usr/local/} by default) should now have the -necessary DLL and LIB files under the @file{bin} directory. - -Alternatively, build the libraries with a cross compiler, according to -the instructions below in @ref{Cross compilation for Windows with Linux}. - -To use those files with MSVC++, do the same as you would do with -the static libraries, as described above. But in Step 4, -you should only need to add the directory where the LIB files are installed -(i.e. @file{c:\msys\usr\local\bin}). This is not a typo, the LIB files are -installed in the @file{bin} directory. And instead of adding the static -libraries (@file{libxxx.a} files) you should add the MSVC import libraries -(@file{avcodec.lib}, @file{avformat.lib}, and -@file{avutil.lib}). Note that you should not use the GCC import -libraries (@file{libxxx.dll.a} files), as these will give you undefined -reference errors. There should be no need for @file{libmingwex.a}, -@file{libgcc.a}, and @file{wsock32.lib}, nor any other external library -statically linked into the DLLs. +If you plan to link with MSVC-built static libraries, you will need +to make sure you have @code{Runtime Library} set to +@code{Multi-threaded (/MT)} in your project's settings. Libav headers do not declare global data for Windows DLLs through the usual dllexport/dllimport interface. Such data will be exported properly while -building, but to use them in your MSVC++ code you will have to edit the +building, but to use them in your MSVC code you will have to edit the appropriate headers and mark the data as dllimport. For example, in libavutil/pixdesc.h you should have: @example extern __declspec(dllimport) const AVPixFmtDescriptor av_pix_fmt_descriptors[]; @end example -Note that using import libraries created by dlltool requires -the linker optimization option to be set to -"References: Keep Unreferenced Data (@code{/OPT:NOREF})", otherwise -the resulting binaries will fail during runtime. This isn't -required when using import libraries generated by lib.exe. +You will also need to define @code{inline} to something MSVC understands: +@example +#define inline __inline +@end example + +Also note, that as stated in @strong{Microsoft Visual C++}, you will need +an MSVC-compatible @uref{http://code.google.com/p/msinttypes/, inttypes.h}. + +If you plan on using import libraries created by dlltool, you must +set @code{References} to @code{No (/OPT:NOREF)} under the linker optimization +settings, otherwise the resulting binaries will fail during runtime. +This is not required when using import libraries generated by @code{lib.exe}. This issue is reported upstream at @url{http://sourceware.org/bugzilla/show_bug.cgi?id=12633}. @@ -223,12 +202,12 @@ To create import libraries that work with the @code{/OPT:REF} option @enumerate -@item Open @emph{Visual Studio 2005 Command Prompt}. +@item Open the @emph{Visual Studio Command Prompt}. Alternatively, in a normal command line prompt, call @file{vcvars32.bat} which sets up the environment variables for the Visual C++ tools -(the standard location for this file is -@file{C:\Program Files\Microsoft Visual Studio 8\VC\bin\vcvars32.bat}). +(the standard location for this file is something like +@file{C:\Program Files (x86_\Microsoft Visual Studio 10.0\VC\bin\vcvars32.bat}). @item Enter the @file{bin} directory where the created LIB and DLL files are stored. From 12e1e834611afed8121ccc368a83e7eb5c564565 Mon Sep 17 00:00:00 2001 From: Anton Khirnov Date: Fri, 28 Sep 2012 20:46:20 +0200 Subject: [PATCH 09/13] lavc: set channel count from channel layout in avcodec_open2(). Some decoders (e.g. nellymoser) only set channel_layout and do not set channel count. --- libavcodec/utils.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index c08bad5e02..7c02d332b9 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -856,10 +856,15 @@ int attribute_align_arg avcodec_open2(AVCodecContext *avctx, const AVCodec *code if (av_codec_is_decoder(avctx->codec)) { /* validate channel layout from the decoder */ - if (avctx->channel_layout && - av_get_channel_layout_nb_channels(avctx->channel_layout) != avctx->channels) { - av_log(avctx, AV_LOG_WARNING, "channel layout does not match number of channels\n"); - avctx->channel_layout = 0; + if (avctx->channel_layout) { + int channels = av_get_channel_layout_nb_channels(avctx->channel_layout); + if (!avctx->channels) + avctx->channels = channels; + else if (channels != avctx->channels) { + av_log(avctx, AV_LOG_WARNING, + "channel layout does not match number of channels\n"); + avctx->channel_layout = 0; + } } } end: From c20a69630619d14ae92c5541d52c579d7c8f3e94 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 24 Mar 2012 02:40:24 +0100 Subject: [PATCH 10/13] cavsdec: check for changing w/h. Our decoder does not support changing w/h. Fixes CVE-2012-2777 and CVE-2012-2784. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Anton Khirnov --- libavcodec/cavsdec.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/libavcodec/cavsdec.c b/libavcodec/cavsdec.c index 33e639b9ae..e55e4f6e07 100644 --- a/libavcodec/cavsdec.c +++ b/libavcodec/cavsdec.c @@ -1056,12 +1056,21 @@ static int decode_pic(AVSContext *h) { static int decode_seq_header(AVSContext *h) { MpegEncContext *s = &h->s; int frame_rate_code; + int width, height; h->profile = get_bits(&s->gb,8); h->level = get_bits(&s->gb,8); skip_bits1(&s->gb); //progressive sequence - s->width = get_bits(&s->gb,14); - s->height = get_bits(&s->gb,14); + + width = get_bits(&s->gb, 14); + height = get_bits(&s->gb, 14); + if ((s->width || s->height) && (s->width != width || s->height != height)) { + av_log_missing_feature(s, "Width/height changing in CAVS is", 0); + return AVERROR_PATCHWELCOME; + } + s->width = width; + s->height = height; + skip_bits(&s->gb,2); //chroma format skip_bits(&s->gb,3); //sample_precision h->aspect_ratio = get_bits(&s->gb,4); From 891918431db628db17885ed947ee387b29826a64 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 24 Mar 2012 17:43:55 +0100 Subject: [PATCH 11/13] indeo5dec: Make sure we have had a valid gop header. This prevents decoding happening on a half initialized context. Fixes CVE-2012-2779 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Anton Khirnov --- libavcodec/indeo5.c | 8 ++++++-- libavcodec/ivi_common.c | 2 ++ libavcodec/ivi_common.h | 2 ++ 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/libavcodec/indeo5.c b/libavcodec/indeo5.c index 47437aecd4..4f8e0d8e96 100644 --- a/libavcodec/indeo5.c +++ b/libavcodec/indeo5.c @@ -304,8 +304,12 @@ static int decode_pic_hdr(IVI45DecContext *ctx, AVCodecContext *avctx) ctx->frame_num = get_bits(&ctx->gb, 8); if (ctx->frame_type == FRAMETYPE_INTRA) { - if (decode_gop_header(ctx, avctx)) - return -1; + ctx->gop_invalid = 1; + if (decode_gop_header(ctx, avctx)) { + av_log(avctx, AV_LOG_ERROR, "Invalid GOP header, skipping frames.\n"); + return AVERROR_INVALIDDATA; + } + ctx->gop_invalid = 0; } if (ctx->frame_type != FRAMETYPE_NULL) { diff --git a/libavcodec/ivi_common.c b/libavcodec/ivi_common.c index 715a536d38..5ebbf56d3c 100644 --- a/libavcodec/ivi_common.c +++ b/libavcodec/ivi_common.c @@ -739,6 +739,8 @@ int ff_ivi_decode_frame(AVCodecContext *avctx, void *data, int *data_size, "Error while decoding picture header: %d\n", result); return -1; } + if (ctx->gop_invalid) + return AVERROR_INVALIDDATA; if (ctx->gop_flags & IVI5_IS_PROTECTED) { av_log(avctx, AV_LOG_ERROR, "Password-protected clip!\n"); diff --git a/libavcodec/ivi_common.h b/libavcodec/ivi_common.h index 1ba431b4ed..edbe96a1ee 100644 --- a/libavcodec/ivi_common.h +++ b/libavcodec/ivi_common.h @@ -248,6 +248,8 @@ typedef struct IVI45DecContext { int (*decode_mb_info) (struct IVI45DecContext *ctx, IVIBandDesc *band, IVITile *tile, AVCodecContext *avctx); void (*switch_buffers) (struct IVI45DecContext *ctx); int (*is_nonnull_frame)(struct IVI45DecContext *ctx); + + int gop_invalid; } IVI45DecContext; /** compare some properties of two pictures */ From ee715f49a06bf3898246d01b056284a9bb1bcbb9 Mon Sep 17 00:00:00 2001 From: Anton Khirnov Date: Fri, 28 Sep 2012 14:47:56 +0200 Subject: [PATCH 12/13] dfa: check that the caller set width/height properly. Fixes CVE-2012-2786. --- libavcodec/dfa.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libavcodec/dfa.c b/libavcodec/dfa.c index 5beae7f1a4..c6f09c89a7 100644 --- a/libavcodec/dfa.c +++ b/libavcodec/dfa.c @@ -22,6 +22,8 @@ #include "avcodec.h" #include "bytestream.h" + +#include "libavutil/imgutils.h" #include "libavutil/lzo.h" // for av_memcpy_backptr typedef struct DfaContext { @@ -34,9 +36,13 @@ typedef struct DfaContext { static av_cold int dfa_decode_init(AVCodecContext *avctx) { DfaContext *s = avctx->priv_data; + int ret; avctx->pix_fmt = PIX_FMT_PAL8; + if ((ret = av_image_check_size(avctx->width, avctx->height, 0, avctx)) < 0) + return ret; + s->frame_buf = av_mallocz(avctx->width * avctx->height + AV_LZO_OUTPUT_PADDING); if (!s->frame_buf) return AVERROR(ENOMEM); From b146d74730ab9ec5abede9066f770ad851e45fbc Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 14 Apr 2012 20:04:05 +0200 Subject: [PATCH 13/13] indeo4: update AVCodecContext width/height on size change Fixes CVE-2012-2787 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Anton Khirnov --- libavcodec/ivi_common.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/ivi_common.c b/libavcodec/ivi_common.c index 5ebbf56d3c..6ff0f8028b 100644 --- a/libavcodec/ivi_common.c +++ b/libavcodec/ivi_common.c @@ -780,6 +780,7 @@ int ff_ivi_decode_frame(AVCodecContext *avctx, void *data, int *data_size, avctx->release_buffer(avctx, &ctx->frame); ctx->frame.reference = 0; + avcodec_set_dimensions(avctx, ctx->planes[0].width, ctx->planes[0].height); if ((result = avctx->get_buffer(avctx, &ctx->frame)) < 0) { av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n"); return result;