Cells starting at a position aligned to 8 pixels but wider than
4 blocks are copied with 3 blocks per loop. This creates problems on the
next loop iterations since the routine copying 2 blocks requires the
same alignment on some architectures like ARM NEON.
The data offsets are relative to the bistream header, which is 16 bytes
after the start of the data.
Fixes invalid reads with corrupted files.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
Also add an additional sanity check to the alt_quant table.
Fixes invalid reads with corrupted files.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
Internally chroma planes have multiple of four height while allocated image
planes might be smaller if CODEC_FLAG_EMU_EDGE is set. Thus we should not
output more lines of chroma than frame can accept.
Also the decoder can be safely switched to direct rendering now.
The index of the motion vector has to be checked before being
multiplied by 2 for the array index.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Splits at borders of cells are invalid, since it leaves one of the
cells with a width/height of zero. Also, propagate errors on buffer
allocation failures, so we don't continue decoding (which crashes).
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
The new decoder is much smaller and has better code quality.
Cleanup and fixes courtesy of Kostya Shishkov.
Signed-off-by: Diego Biurrun <diego@biurrun.de>
It is pretty hopeless that other considerable projects will adopt
libavutil alone in other projects. Projects that need small footprint
are better off with more specialized libraries such as gnulib or rather
just copy the necessary parts that they need. With this in mind, nobody
is helped by having libavutil and libavcore split. In order to ease
maintenance inside and around FFmpeg and to reduce confusion where to
put common code, avcore's functionality is merged (back) to avutil.
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Other parts of FFmpeg use NE (native endian) rather than ME (machine).
This makes it consistent.
Originally committed as revision 24169 to svn://svn.ffmpeg.org/ffmpeg/trunk
Fixes out-of-bounds reads and writes with i32/smclocki32.avi.1.0 from issue 1240.
Originally committed as revision 19359 to svn://svn.ffmpeg.org/ffmpeg/trunk