Michael Niedermayer
b530e2e351
avcodec/vorbisdec: use av_freep(), do not leave stale pointers in memory
...
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
10 years ago
Michael Niedermayer
8c50704ebf
avcodec/vorbisdec: Fix off by 1 error in ptns_to_read
...
Fixes read of uninitialized memory
Fixes: asan_heap-uaf_18dac2b_9_asan_heap-uaf_22eb375_208_beta3_test_small.ogg
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
10 years ago
Michael Niedermayer
5a376976a0
avcodec/vorbisdec: Reset first_frame
...
This avoids returning a initial frame after seeking which does
not match what would be received when decoding from the begin.
Suggested-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
11 years ago
Michael Niedermayer
f0c78b0769
avcodec/vorbisdec: use av_malloc(z)_array()
...
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
11 years ago
Michael Niedermayer
0a266cb55a
avcodec/vorbisdec: try to workaround libvorbisenc bug
...
Fixes Ticket3590
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
11 years ago
Michael Niedermayer
5171ae781a
avcodec/vorbisdec: use the stored previous window type only when the actual previous is not known
...
Fixes Ticket3432
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
11 years ago
Diego Biurrun
b2bed9325d
cosmetics: Group .name and .long_name together in codec/format declarations
11 years ago
Michael Niedermayer
709cae2bcb
vorbisdec: Check VLC tables during use instead of setup
...
Fixes regression and Ticket2720
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
12 years ago
Michael Niedermayer
ae038c0914
vorbisdec: propagate errors from setup_classifs()
...
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
12 years ago
Luca Barbato
92b3caa108
vorbis: return meaningful errors
12 years ago
Luca Barbato
db347280eb
vorbis: fallback to normal division instead of crashing
...
The use of ff_inverse speeds up slightly arches + compilers that
do not provide a division faster than the whole machinery, such
as ppc32 + gcc4.7, but has operational limits.
Drop the always-enable assert and provide a fallback.
12 years ago
Luca Barbato
ddf1b4a2f8
vorbis: simplify the inner loop in setup_classifs
12 years ago
Luca Barbato
36f1038004
vorbis: use normal integer values for iterators
...
No need to use fixed-size integers.
12 years ago
Luca Barbato
98186578a2
vorbis: refactor vorbis_residue_decode_internal
12 years ago
Michael Niedermayer
e6b6ae4695
vorbisdec: check codebook entry count
...
Fixes assertion failure
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
12 years ago
Clément Bœsch
1ec94b0f06
lavc: factorize ff_{thread_,re,}get_buffer error messages.
...
Coccinelle profile used:
@@
expression r, ctx, f, loglevel, str, flags;
@@
-if ((r = ff_get_buffer(ctx, f, flags)) < 0) {
- av_log(ctx, loglevel, str);
- return r;
-}
+if ((r = ff_get_buffer(ctx, f, flags)) < 0)
+ return r;
@@
expression r, ctx, f, loglevel, str;
@@
-if ((r = ff_reget_buffer(ctx, f)) < 0) {
- av_log(ctx, loglevel, str);
- return r;
-}
+if ((r = ff_reget_buffer(ctx, f)) < 0)
+ return r;
@@
expression r, ctx, f, loglevel, str, flags;
@@
-if ((r = ff_thread_get_buffer(ctx, f, flags)) < 0) {
- av_log(ctx, loglevel, str);
- return r;
-}
+if ((r = ff_thread_get_buffer(ctx, f, flags)) < 0)
+ return r;
...along with some manual patches for the remaining ones.
12 years ago
Hendrik Leppkes
cde1e7db3e
vorbis: unref the skipped first frame.
...
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
12 years ago
Anton Khirnov
e2c2974120
vorbisdec: do not leak the first frame.
12 years ago
Anton Khirnov
759001c534
lavc decoders: work with refcounted frames.
12 years ago
Luca Barbato
02055b6d40
vorbisdec: check memory allocations
12 years ago
Justin Ruggles
e951b6d94c
vorbisdec: cosmetics: rename variable avccontext to avctx
...
This is consistent with the rest of libavcodec.
12 years ago
Luca Barbato
23bd9ef4b2
vorbisdec: Accept 0 amplitude_bits
...
The specification does not prevent an encoder to write the amplitude 0
as 0 amplitude_bits.
Our get_bits() implementation might not support a zero sized read
properly, thus the additional branch.
12 years ago
Luca Barbato
5b47c19bfd
vorbisdec: Add missing checks
...
Rate and order must not be 0 even if the specification does not say that
explicitly.
12 years ago
Luca Barbato
fc386f2eea
vorbisdec: cosmetics
...
Use the commonly used "if (!var)" instead of "if (var == 0)".
12 years ago
Michael Niedermayer
11dcecfcca
vorbisdec: Error on bark_map_size equal to 0.
...
The value is used to calculate output LSP curve and a division by zero
and out of array accesses would occur.
CVE-2013-0894
CC: libav-stable@libav.org
Reported-by: Dale Curtis <dalecurtis@chromium.org>
Found-by: inferno@chromium.org
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
12 years ago
Justin Ruggles
ee6ca11b65
vorbis: decode directly to the user-provided AVFrame
12 years ago
Ronald S. Bultje
1768e43ceb
vorbisdsp: change block_size type from int to intptr_t.
...
This saves one instruction in the x86-64 assembly.
12 years ago
Ronald S. Bultje
fef906c77c
Move vorbis_inverse_coupling from dsputil to vorbisdspcontext.
...
Conveniently (together with Justin's earlier patches), this makes
our vorbis decoder entirely independent of dsputil.
12 years ago
Justin Ruggles
e034cc6c60
lavc: Move vector_fmul_window to AVFloatDSPContext
...
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
12 years ago
Michael Niedermayer
e9ffee23f3
vorbisdec: handle midstream parameter changes
...
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
12 years ago
Michael Niedermayer
778069c832
vorbisdec: support freeing partially allocated contexts.
...
Fixes null pointer derefernces
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
12 years ago
Michael Niedermayer
2c16bf2de0
vorbisdec: Check bark_map_size.
...
This fixes potential divisions by zero and out of array accesses.
Reported-by: Dale Curtis <dalecurtis@chromium.org>
Found-by: inferno@chromium.org
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
12 years ago
Diego Biurrun
511cf612ac
miscellaneous typo fixes
12 years ago
Anton Khirnov
594d4d5df3
lavc: add a wrapper for AVCodecContext.get_buffer().
...
It will be useful in the upcoming transition to refcounted AVFrames.
12 years ago
Justin Ruggles
79b7747556
vorbisdec: use float planar sample format
12 years ago
Luca Barbato
714508bcb9
vorbisdec: ensure FASTDIV denominator is never 1
...
In both usages of FASTDIV the denominator might be 1.
Using a branch could make the function slower than using a normal
division.
Both denominator and numerator can be multiplied by 2 safely and
using shifts is faster than using a branch.
12 years ago
Mans Rullgard
4855022aa1
vorbisdec: remove some pointless comments
...
Signed-off-by: Mans Rullgard <mans@mansr.com>
13 years ago
Anton Khirnov
36ef5369ee
Replace all CODEC_ID_* with AV_CODEC_ID_*
13 years ago
Michael Niedermayer
8cac86e091
vorbisdec: fix heap buffer overflow.
...
Found-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
13 years ago
Michael Niedermayer
5f298c6791
vorbisdec: switch to av_assert
...
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
13 years ago
Mans Rullgard
9fcda25e35
vorbisdec: replace div/mod in loop with a counter
...
2x speedup of surround decoding on Cortex-A9.
Signed-off-by: Mans Rullgard <mans@mansr.com>
13 years ago
Justin Ruggles
d5a7229ba4
Add a float DSP framework to libavutil
...
Move vector_fmul() from DSPContext to AVFloatDSPContext.
13 years ago
Alex Converse
ecf79c4d3e
vorbis: Validate that the floor 1 X values contain no duplicates.
...
Duplicate values in this vector are explicitly banned by the Vorbis I spec
and cause divide-by-zero crashes later on.
13 years ago
Reimar Döffinger
4561feb4bf
vorbisdec: use correct channels variable.
...
All code should use the local variable, the
AVCodecContext might not yet have the updated value.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
13 years ago
Martin Storsjö
00c3b67b8a
cosmetics: Align codec declarations
...
Also break some long lines, remove codec function placeholder comments
and add spaces in sample/pixel format lists.
Signed-off-by: Martin Storsjö <martin@martin.st>
13 years ago
Aaron Colwell
12623a8026
vorbisdec: avoid invalid memory access
...
This fixes some invalid memory access caused later in the function
by res_chan[] not being set for all channels. This happens when a
channel doesn't appear a submap. This change simply returns a
decoder error when this situation is detected.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
13 years ago
Justin Ruggles
5602a464c9
avcodec: add a Vorbis parser to get packet duration
...
This also allows for removing some of the Vorbis-related hacks.
13 years ago
Justin Ruggles
737ca4482b
vorbisdec: read the previous window flag for long windows
...
When reading sequentially, we are using the actual flag from the previous
frame, but when seeking we do not know what the previous window flag was, so
we need to read it from the bitstream.
13 years ago
Justin Ruggles
19adb0bc2d
vorbisdec: add a flush() function
...
clear MDCT overlap buffer and reset previous window mode when seeking
13 years ago
Martin Storsjö
27cfdc3e4f
vorbis: Add ff_ prefix to nonstatic symbols
...
Signed-off-by: Martin Storsjö <martin@martin.st>
13 years ago