Vittorio Giovara
31dc73e92a
vorbisdec: Check memory allocations
10 years ago
Diego Biurrun
7f9f771eac
avcodec: Don't anonymously typedef structs
10 years ago
Michael Niedermayer
ad2deb02e5
avcodec/xiph: mark returned header pointers const from avpriv_split_xiph_headers()
...
Reviewed-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
10 years ago
Michael Niedermayer
51f2422c2b
avcodec/vorbisdec: Use avpriv_float_dsp_alloc()
...
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
10 years ago
Michael Niedermayer
b530e2e351
avcodec/vorbisdec: use av_freep(), do not leave stale pointers in memory
...
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
10 years ago
Michael Niedermayer
8c50704ebf
avcodec/vorbisdec: Fix off by 1 error in ptns_to_read
...
Fixes read of uninitialized memory
Fixes: asan_heap-uaf_18dac2b_9_asan_heap-uaf_22eb375_208_beta3_test_small.ogg
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
10 years ago
Michael Niedermayer
5a376976a0
avcodec/vorbisdec: Reset first_frame
...
This avoids returning a initial frame after seeking which does
not match what would be received when decoding from the begin.
Suggested-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
11 years ago
Michael Niedermayer
f0c78b0769
avcodec/vorbisdec: use av_malloc(z)_array()
...
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
11 years ago
Michael Niedermayer
0a266cb55a
avcodec/vorbisdec: try to workaround libvorbisenc bug
...
Fixes Ticket3590
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
11 years ago
Michael Niedermayer
5171ae781a
avcodec/vorbisdec: use the stored previous window type only when the actual previous is not known
...
Fixes Ticket3432
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
11 years ago
Diego Biurrun
b2bed9325d
cosmetics: Group .name and .long_name together in codec/format declarations
11 years ago
Michael Niedermayer
709cae2bcb
vorbisdec: Check VLC tables during use instead of setup
...
Fixes regression and Ticket2720
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
12 years ago
Michael Niedermayer
ae038c0914
vorbisdec: propagate errors from setup_classifs()
...
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
12 years ago
Luca Barbato
92b3caa108
vorbis: return meaningful errors
12 years ago
Luca Barbato
db347280eb
vorbis: fallback to normal division instead of crashing
...
The use of ff_inverse speeds up slightly arches + compilers that
do not provide a division faster than the whole machinery, such
as ppc32 + gcc4.7, but has operational limits.
Drop the always-enable assert and provide a fallback.
12 years ago
Luca Barbato
ddf1b4a2f8
vorbis: simplify the inner loop in setup_classifs
12 years ago
Luca Barbato
36f1038004
vorbis: use normal integer values for iterators
...
No need to use fixed-size integers.
12 years ago
Luca Barbato
98186578a2
vorbis: refactor vorbis_residue_decode_internal
12 years ago
Michael Niedermayer
e6b6ae4695
vorbisdec: check codebook entry count
...
Fixes assertion failure
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
12 years ago
Clément Bœsch
1ec94b0f06
lavc: factorize ff_{thread_,re,}get_buffer error messages.
...
Coccinelle profile used:
@@
expression r, ctx, f, loglevel, str, flags;
@@
-if ((r = ff_get_buffer(ctx, f, flags)) < 0) {
- av_log(ctx, loglevel, str);
- return r;
-}
+if ((r = ff_get_buffer(ctx, f, flags)) < 0)
+ return r;
@@
expression r, ctx, f, loglevel, str;
@@
-if ((r = ff_reget_buffer(ctx, f)) < 0) {
- av_log(ctx, loglevel, str);
- return r;
-}
+if ((r = ff_reget_buffer(ctx, f)) < 0)
+ return r;
@@
expression r, ctx, f, loglevel, str, flags;
@@
-if ((r = ff_thread_get_buffer(ctx, f, flags)) < 0) {
- av_log(ctx, loglevel, str);
- return r;
-}
+if ((r = ff_thread_get_buffer(ctx, f, flags)) < 0)
+ return r;
...along with some manual patches for the remaining ones.
12 years ago
Hendrik Leppkes
cde1e7db3e
vorbis: unref the skipped first frame.
...
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
12 years ago
Anton Khirnov
e2c2974120
vorbisdec: do not leak the first frame.
12 years ago
Anton Khirnov
759001c534
lavc decoders: work with refcounted frames.
12 years ago
Luca Barbato
02055b6d40
vorbisdec: check memory allocations
12 years ago
Justin Ruggles
e951b6d94c
vorbisdec: cosmetics: rename variable avccontext to avctx
...
This is consistent with the rest of libavcodec.
12 years ago
Luca Barbato
23bd9ef4b2
vorbisdec: Accept 0 amplitude_bits
...
The specification does not prevent an encoder to write the amplitude 0
as 0 amplitude_bits.
Our get_bits() implementation might not support a zero sized read
properly, thus the additional branch.
12 years ago
Luca Barbato
5b47c19bfd
vorbisdec: Add missing checks
...
Rate and order must not be 0 even if the specification does not say that
explicitly.
12 years ago
Luca Barbato
fc386f2eea
vorbisdec: cosmetics
...
Use the commonly used "if (!var)" instead of "if (var == 0)".
12 years ago
Michael Niedermayer
11dcecfcca
vorbisdec: Error on bark_map_size equal to 0.
...
The value is used to calculate output LSP curve and a division by zero
and out of array accesses would occur.
CVE-2013-0894
CC: libav-stable@libav.org
Reported-by: Dale Curtis <dalecurtis@chromium.org>
Found-by: inferno@chromium.org
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
12 years ago
Justin Ruggles
ee6ca11b65
vorbis: decode directly to the user-provided AVFrame
12 years ago
Ronald S. Bultje
1768e43ceb
vorbisdsp: change block_size type from int to intptr_t.
...
This saves one instruction in the x86-64 assembly.
12 years ago
Ronald S. Bultje
fef906c77c
Move vorbis_inverse_coupling from dsputil to vorbisdspcontext.
...
Conveniently (together with Justin's earlier patches), this makes
our vorbis decoder entirely independent of dsputil.
12 years ago
Justin Ruggles
e034cc6c60
lavc: Move vector_fmul_window to AVFloatDSPContext
...
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
12 years ago
Michael Niedermayer
e9ffee23f3
vorbisdec: handle midstream parameter changes
...
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
12 years ago
Michael Niedermayer
778069c832
vorbisdec: support freeing partially allocated contexts.
...
Fixes null pointer derefernces
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
12 years ago
Michael Niedermayer
2c16bf2de0
vorbisdec: Check bark_map_size.
...
This fixes potential divisions by zero and out of array accesses.
Reported-by: Dale Curtis <dalecurtis@chromium.org>
Found-by: inferno@chromium.org
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
12 years ago
Diego Biurrun
511cf612ac
miscellaneous typo fixes
12 years ago
Anton Khirnov
594d4d5df3
lavc: add a wrapper for AVCodecContext.get_buffer().
...
It will be useful in the upcoming transition to refcounted AVFrames.
12 years ago
Justin Ruggles
79b7747556
vorbisdec: use float planar sample format
12 years ago
Luca Barbato
714508bcb9
vorbisdec: ensure FASTDIV denominator is never 1
...
In both usages of FASTDIV the denominator might be 1.
Using a branch could make the function slower than using a normal
division.
Both denominator and numerator can be multiplied by 2 safely and
using shifts is faster than using a branch.
12 years ago
Mans Rullgard
4855022aa1
vorbisdec: remove some pointless comments
...
Signed-off-by: Mans Rullgard <mans@mansr.com>
13 years ago
Anton Khirnov
36ef5369ee
Replace all CODEC_ID_* with AV_CODEC_ID_*
13 years ago
Michael Niedermayer
8cac86e091
vorbisdec: fix heap buffer overflow.
...
Found-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
13 years ago
Michael Niedermayer
5f298c6791
vorbisdec: switch to av_assert
...
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
13 years ago
Mans Rullgard
9fcda25e35
vorbisdec: replace div/mod in loop with a counter
...
2x speedup of surround decoding on Cortex-A9.
Signed-off-by: Mans Rullgard <mans@mansr.com>
13 years ago
Justin Ruggles
d5a7229ba4
Add a float DSP framework to libavutil
...
Move vector_fmul() from DSPContext to AVFloatDSPContext.
13 years ago
Alex Converse
ecf79c4d3e
vorbis: Validate that the floor 1 X values contain no duplicates.
...
Duplicate values in this vector are explicitly banned by the Vorbis I spec
and cause divide-by-zero crashes later on.
13 years ago
Reimar Döffinger
4561feb4bf
vorbisdec: use correct channels variable.
...
All code should use the local variable, the
AVCodecContext might not yet have the updated value.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
13 years ago
Martin Storsjö
00c3b67b8a
cosmetics: Align codec declarations
...
Also break some long lines, remove codec function placeholder comments
and add spaces in sample/pixel format lists.
Signed-off-by: Martin Storsjö <martin@martin.st>
13 years ago
Aaron Colwell
12623a8026
vorbisdec: avoid invalid memory access
...
This fixes some invalid memory access caused later in the function
by res_chan[] not being set for all channels. This happens when a
channel doesn't appear a submap. This change simply returns a
decoder error when this situation is detected.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
13 years ago