Luca Barbato
59d7bb99b6
4xm: check bitstream_size boundary before using it
...
Prevent buffer overread.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
12 years ago
Luca Barbato
fbd0dacc8d
4xm: refactor decode_p_block
...
Directly return from code 1, 2 and 6 codepaths and simplify the
remaining one to have a single overflow check and a single call to
mcdc.
12 years ago
Luca Barbato
94aefb1932
4xm: do not overread the source buffer in decode_p_block
...
Check for out of picture macroblocks before calling mcdc.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
12 years ago
Luca Barbato
be373cb50d
4xm: do not overread the prestream buffer
...
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
12 years ago
Luca Barbato
de2e5777e2
4xm: validate the buffer size before parsing it
...
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
12 years ago
Luca Barbato
145023f572
4xm: reject frames not compatible with the declared version
...
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
12 years ago
Luca Barbato
1f0c607560
4xm: drop pointless assert
...
Make sure the value of wlog2 is always between 0 and 3.
12 years ago
Luca Barbato
b8b809908e
4xm: forward errors from decode_p_block
...
Partially mitigate out of memory writes.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
12 years ago
Luca Barbato
50ec1db62d
4xm: fold last_picture lazy allocation in decode_p_frame
12 years ago
Luca Barbato
e7a44f87d0
4xm: refactor fourxm_read_header
...
Split sound and video tag parsing in separate functions.
12 years ago
Luca Barbato
08859d19b4
4xm: use the correct logging context
12 years ago
Diego Biurrun
2832ea26f3
Remove commented-out debug #define cruft
12 years ago
Clément Bœsch
1ec94b0f06
lavc: factorize ff_{thread_,re,}get_buffer error messages.
...
Coccinelle profile used:
@@
expression r, ctx, f, loglevel, str, flags;
@@
-if ((r = ff_get_buffer(ctx, f, flags)) < 0) {
- av_log(ctx, loglevel, str);
- return r;
-}
+if ((r = ff_get_buffer(ctx, f, flags)) < 0)
+ return r;
@@
expression r, ctx, f, loglevel, str;
@@
-if ((r = ff_reget_buffer(ctx, f)) < 0) {
- av_log(ctx, loglevel, str);
- return r;
-}
+if ((r = ff_reget_buffer(ctx, f)) < 0)
+ return r;
@@
expression r, ctx, f, loglevel, str, flags;
@@
-if ((r = ff_thread_get_buffer(ctx, f, flags)) < 0) {
- av_log(ctx, loglevel, str);
- return r;
-}
+if ((r = ff_thread_get_buffer(ctx, f, flags)) < 0)
+ return r;
...along with some manual patches for the remaining ones.
12 years ago
Anton Khirnov
759001c534
lavc decoders: work with refcounted frames.
12 years ago
Anton Khirnov
8097fc9a2d
4xm: check the return value of read_huffman_tables().
...
CC:libav-stable@libav.org
12 years ago
Michael Niedermayer
cfc7b9cfff
4xm: remove avcodec_get_frame_defaults() calls
...
They are not needed anymore
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
12 years ago
Michael Niedermayer
d73b65ed0e
4xm: add assert to check that the pointer from read_huffman_tables is within the array
...
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
12 years ago
Michael Niedermayer
53a3fdbfc5
4xm: Check available space in read_huffman_tables()
...
Fixes integer overflow and out of array accesses
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
12 years ago
Diego Biurrun
88bd7fdc82
Drop DCTELEM typedef
...
It does not help as an abstraction and adds dsputil dependencies.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
12 years ago
Anton Khirnov
aa15afb7ce
4xm: simplify code with FFSWAP
12 years ago
Anton Khirnov
10c26e928a
4xm: return meaningful error codes
12 years ago
Anton Khirnov
f7d15d2f42
4xm: operate with pointers to AVFrames instead of whole structs.
...
This is more correct and avoids breaking extended_data.
12 years ago
Anton Khirnov
85383d139a
4xm: eliminate a pointless indirection
12 years ago
Anton Khirnov
b047c68783
4xm: don't rely on get_buffer() initializing the frame.
12 years ago
Michael Niedermayer
5ffb5e7a2d
4xm: check the correct stream, fix fate
...
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
12 years ago
Paul B Mahol
44fe118e0a
lavc/4xm: use bytestream2_get_bytes_left
...
Also replace relevant bytestream2 functions with unchecked variants due
code that already checks for overreads.
Signed-off-by: Paul B Mahol <onemda@gmail.com>
12 years ago
Diego Biurrun
511cf612ac
miscellaneous typo fixes
12 years ago
Anton Khirnov
df9b956751
lavc: fix decode_frame() third parameter semantics for video decoders
...
It's got_frame, not data size
12 years ago
Anton Khirnov
594d4d5df3
lavc: add a wrapper for AVCodecContext.get_buffer().
...
It will be useful in the upcoming transition to refcounted AVFrames.
12 years ago
Paul B Mahol
a5e382ad7f
4xm: return error code if decode_init() failed
...
Signed-off-by: Paul B Mahol <onemda@gmail.com>
12 years ago
Michael Niedermayer
aed128f07d
4xmdec: fix integer overflow, null ptr dereference
...
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
12 years ago
Michael Niedermayer
c433823750
4xmdec: test version for cfrms, fix out of array accesses
...
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
12 years ago
Anton Khirnov
716d413c13
Replace PIX_FMT_* -> AV_PIX_FMT_*, PixelFormat -> AVPixelFormat
12 years ago
Piotr Bandurski
53241b5dc7
lavc: add missing new line to some messages
...
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
12 years ago
Anton Khirnov
36ef5369ee
Replace all CODEC_ID_* with AV_CODEC_ID_*
12 years ago
Michael Niedermayer
7925f923a5
4xm: use av_assert()
...
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
13 years ago
Mans Rullgard
acb2c79c21
4xm: fix invalid array indexing
...
Indexing outside arrays is invalid and breaks with gcc 4.8.
Signed-off-by: Mans Rullgard <mans@mansr.com>
13 years ago
Diego Biurrun
a92be9b856
Replace memset(0) by zero initializations.
...
Also remove one pointless zero initialization in rangecoder.c.
13 years ago
Michael Niedermayer
ae76c1af16
4xm: make mcdc() src const
...
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
13 years ago
Martin Storsjö
9cf0841ef3
dsputil: Add ff_ prefix to the dsputil*_init* functions
...
Signed-off-by: Martin Storsjö <martin@martin.st>
13 years ago
Martin Storsjö
e96b4a53df
vlc/rl: Add ff_ prefix to the nonstatic symbols
...
Signed-off-by: Martin Storsjö <martin@martin.st>
13 years ago
Yordan Makariev
0c5d78a898
4xm, timefilter: K&R formatting cosmetics
...
Signed-off-by: Diego Biurrun <diego@biurrun.de>
13 years ago
Alex Converse
7181c4edee
cosmetics: Remove extra newlines at EOF
13 years ago
Aneesh Dogra
9b55b4bb3a
4xm: Prevent buffer overreads.
...
4xm decoder while decoding i2 frames can overread the buffer if proper checks
are not made.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
13 years ago
Ronald S. Bultje
3fa646e859
Revert "4xm: Prevent buffer overreads."
...
This reverts commit 295a7c0238
. The
patch breaks decoding of regular files (e.g. fate-4xm-2).
13 years ago
Aneesh Dogra
295a7c0238
4xm: Prevent buffer overreads.
...
4xm decoder while decoding i2 frames can overread the buffer if proper checks
are not made.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
13 years ago
Aneesh Dogra
4b84f68223
4xm: pass the correct remaining buffer size to decode_i2_frame().
...
frame_size is the number of bytes left in the packet, so if we are passing
buf-4 we can safely read frame_size+4 bytes.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
13 years ago
Aneesh Dogra
893f137679
4xm: fix calculation of the next output line position in decode_i2_frame().
...
The current code doesn't work unless width is an exact multiple of 16.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
13 years ago
Anton Khirnov
d09298f0d6
4xm: remove unused variables.
13 years ago
Shitiz Garg
355d917c0b
4xm: Add a check in decode_i_frame to prevent buffer overreads
...
Fixes bugzilla #135
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
13 years ago