Fixes a floating-point exception further down.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
The square is always passed as 1 whenever the function is called and
thus the if block never gets executed.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
SHOW_UBITS() is only defined up to n_bits is 25, therefore forbid
values larger than this in get_vlc2() (max_bits). tokens[][] can be
used as an index in deltas[], which has a size of 64, so ensure the
values are smaller than that.
This prevents crashes on corrupt bitstreams.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Looks like some LAME versions produce dual stereo mode MP3s with
flags for intensity and middle stereo set. In this mode those flags
should be ignored like the reference decoder and derived ones do.
A call to decode_packet() does not always decode a complete WMA packet.
Moreover, this is not the correct place to document calls that are part
of the public API.
Signed-off-by: Diego Biurrun <diego@biurrun.de>
Also use correct buffer sizes in calls to tm2_read_stream(). Together,
this prevents overreads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Version from vqa header does not dictate which sound chunks may
appear in file.
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
Also remove some write-only variables or write-only variable
assignments, remove internal colorspace conversion to native
endianness (that can be done by swscale much more efficiently),
and some cosmetics.
Prevents running error resilience on a previous frame which will write
to the pic->mb_type[] array of the previous image. The array might
already be re-used for a new image in a subsequent thread, thus cause
two threads to write to the same pic->mb_type[] array, causing a race
condition which can crash in rv34_decode_cbp(), called by
rv34_decode_inter_mb_header() (which accesses mb_type[] twice,
assuming values are maintained, which the race condition breaks).
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org