ALS spec:
11.6.3.1.1 Quantization and encoding of parcor coefficients
...
In all cases the resulting quantized values ak are restricted to the range [-64,63].
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
Values that fail this check will cause failure of decode_rice()
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
Fixes out of array write in quant_cof.
Also make sure no invalid opt_order stays in the context.
Fixes CVE-2012-2775
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
The warning is:
libavfilter/avfiltergraph.c: In function ‘avfilter_graph_config’:
libavfilter/avfiltergraph.c:528:9: warning: ‘best_idx’ may be used uninitialized in this function [-Wuninitialized]
libavfilter/avfiltergraph.c:479:13: note: ‘best_idx’ was declared here
Initialize it to an invalid value and add an assert that it's properly
set later.
It would have been done anyway in the av_dict_set() call.
This simplifies the code and avoid a warning because of assigning a
const string from ff_id3v1_genre_str to a non-const variable.
Signed-off-by: Anton Khirnov <anton@khirnov.net>
* qatar/master:
avconv: flush filtered frames before reconfiguring filters
mov: stsd entries must be at least 16 byte
mov: detect EOF in mov_read_dref()
file: return proper error on seek failures
Conflicts:
libavformat/file.c
libavformat/mov.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
According to POSIX, strptime() should consume whitespaces in the date
string everytime a whitespace conversion specification is found in the
date format specification. Make av_small_strptime() conform with this
behavior.
In particular, should fix trac ticket #1739.
Fix near infinite loop in stsd parsing.
Bug found by: Diana Elena Muscalu
The size is unsigned according the specification.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Avoid a near infinite loop.
Issue discovered by cosminamironesei.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
* qatar/master:
mpegvideo: drop unnecessary arguments to hpel_motion()
mpegvideo: drop 'inline' from some functions
nellymoserdec: drop support for s16 output.
bmpdec: only initialize palette for pal8.
build: Properly remove object files while cleaning
flacdsp: arm optimised lpc filter
compat/vsnprintf: return number of bytes required on truncation.
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '3f7fd59d151a2773f0e2e93e56b6b13ec6e5334b':
avformat: fix typo in avformat_close_input
mp3enc: write Xing TOC
mp3enc: support MPEG-2 and MPEG-2.5 in Xing header.
mp3enc: downgrade some errors in writing Xing frame to warnings
lavf: flush the output AVIOContext in av_write_trailer().
lavf: cosmetics, reformat av_write_trailer().
avio: flush the internal buffer in avio_close()
Enhance doc on asyncts audiofilter
cmdutils: avoid setting data pointers to invalid values in alloc_buffer()
libavcodec: remove av_destruct_packet_nofree()
Conflicts:
libavcodec/avpacket.c
libavformat/mp3enc.c
libavformat/nutenc.c
libavformat/utils.c
libavformat/version.h
tests/ref/lavf/voc
tests/ref/lavf/voc_s16
Merged-by: Michael Niedermayer <michaelni@gmx.at>
These arguments are either constants or copies of MpegEncContext
fields just as easily accessed within the function.
Signed-off-by: Mans Rullgard <mans@mansr.com>
These functions do not benefit from being inlined. They are large,
and there are no opportunities for constant propagation.
Signed-off-by: Mans Rullgard <mans@mansr.com>
Some implementations of sscanf do not handle a space before a trailing %n
properly.
As an example, MSVC's does this for the second insatnce in this patch, for
an input of "0x3:c0=c1:c1=c0":
1) Match the final "c0" or "c1".
2) Realize it's at the end of the string.
3) Check for %n.
4) There is no %n, but a space instead.
5) Leave 'len' unitilialized.
So, move it out of the sscanf format strings, and call skip_spaces instead.
This bug does not affect skip_spaces since %n is the first and only formatting
string.
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
A proper implementation was introduced in
ba53720280 for MSVC, and
MinGW already has vsnprintf.
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Thilo Borgmann
Michael Niedermayer
Anton Khirnov
Clément Bœsch
Mans Rullgard
Stefano Sabatini
Janne Grunau
Marton Balint
Carl Eugen Hoyos
Luca Barbato
Hendrik Leppkes
Derek Buitenhuis