openharmony/third_party_ffmpeg
1
0
Fork 0
mirror of https://gitee.com/openharmony/third_party_ffmpeg synced 2024-11-23 11:19:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

ffmpeg upgrade to 4.3.2

Browse Source 
Signed-off-by: gg0907 <guohui_1701@163.com>
This commit is contained in:
gg0907 2022-03-31 16:02:22 +08:00
parent 3c2931b6ec
commit 3786ef72b5
157 changed files with 1691 additions and 623 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

255
Changelog
View File

@ -1,6 +1,261 @@
Entries are sorted chronologically from oldest to youngest within each release,
releases are sorted from youngest to oldest.
version 4.3.2:
avcodec/hapdec: Change compressed_offset to unsigned 32bit
avformat/rmdec: Check codec_length without overflow
avformat/mov: Check element count in mov_metadata_hmmt()
avcodec/vp8: Move end check into MB loop in vp78_decode_mv_mb_modes()
avcodec/fits: Check gcount and pcount being non negative
avformat/nutdec: Check timebase count against main header length
avformat/electronicarts: Clear partial_packet on error
avformat/r3d: Check samples before computing duration
avcodec/pnm_parser: Check av_image_get_buffer_size() for failure
avformat/wavdec: Consider AV_INPUT_BUFFER_PADDING_SIZE in set_spdif()
avformat/rmdec: Check remaining space in debug av_log() loop
avformat/flvdec: Treat high ts byte as unsigned
avformat/samidec: Sanity check pts
avcodec/jpeg2000dec: Check atom_size in jp2_find_codestream()
avformat/avidec: Use 64bit in get_duration()
avformat/mov: Check for duplicate st3d
avformat/mvdec: Check for EOF in read_index()
avcodec/jpeglsdec: Fix k=16 in ls_get_code_regular()
avformat/id3v2: Check the return from avio_get_str()
avcodec/hevc_sei: Check payload size in decode_nal_sei_message()
libavutil/eval: Remove CONFIG_TRAPV special handling
avformat/wtvdec: Check len in parse_chunks() to avoid overflow
avformat/asfdec_f: Add an additional check for the extradata size
avformat/3dostr: Check sample_rate
avformat/4xm: Make audio_frame_count 64bit
avformat/mov: Use av_mul_q() to avoid integer overflows
avcodec/vp9dsp_template: Fix integer overflows in itxfm_wrapper
avformat/rmdec: Reorder operations to avoid overflow
avcodec/mxpegdec: fix SOF counting
avcodec/rscc: Check inflated_buf size whan it is used
avformat/mvdec: Sanity check SAMPLE_WIDTH
avcodec/nvenc: fix timestamp offset ticks logic
avformat/rmdec: Fix codecdata_length overflow check
avcodec/simple_idct: Fix undefined integer overflow in idct4row()
avformat/wavdec: Check block_align vs. channels before combining them
avformat/tta: Use 64bit intermediate for index
avformat/soxdec: Check channels to be positive
avformat/smacker: Check for too small pts_inc
avformat/sbgdec: Use av_sat_add64() in str_to_time()
avcodec/cscd: Check output len in zlib as in lzo
avcodec/vp3: Check input amount in theora_decode_header()
avformat/wavdec: Check avio_get_str16le() for failure
avformat/flvdec: Check for EOF in amf_skip_tag()
avformat/aiffdec: Check size before subtraction in get_aiff_header()
avformat/electronicarts: More chunk_size checks
avcodec/cfhd: check peak.offset
avformat/tedcaptionsdec: Check for overflow in parse_int()
avformat/nuv: Check channels
avcodec/siren: Increase noise category 5 and 6
avformat/mpc8: Check size before implicitly converting to int
avformat/nutdec: Fix integer overflow in count computation
avformat/mvi: Use 64bit for testing dimensions
avformat/utils: Check dts in update_initial_timestamps() more
avformat/mpsubdec: Use av_sat_add/sub64() in fracval handling
avformat/flvdec: Check for avio_read() failure in amf_get_string()
avformat/flvdec: Check for nesting depth in amf_skip_tag()
avformat/flvdec: Check for nesting depth in amf_parse_object()
avformat/asfdec_o: Check for EOF in asf_read_marker()
avformat/flvdec: Use av_sat_add64() for pts computation
avformat/utils: Check dts - (1<<pts_wrap_bits) overflow
avformat/bfi: Check chunk_header
avformat/ads: Check size
avformat/iff: Check block align also for ID_MAUD
avcodec/utils: Check for integer overflow in get_audio_frame_duration() for ADPCM_DTK
avformat/fitsdec: Better size checks
avformat/mxfdec: Fix integer overflow in next position in mxf_read_local_tags()
avformat/avidec: dv does not support palettes
avformat/dhav: Break out of infinite dhav search loop
libavformat/utils: consider avio_size() failure in ffio_limit()
avformat/nistspheredec: Check bits_per_coded_sample and channels
avformat/asfdec_o: Check size vs. offset in detect_unknown_subobject()
avformat/utils: check for integer overflow in av_get_frame_filename2()
avutil/timecode: Avoid undefined behavior with large framenum
avformat/mov: Check a.size before computing next_root_atom
avformat/sbgdec: Reduce the amount of floating point in str_to_time()
avformat/mxfdec: Free all types for both Descriptors
uavformat/rsd: check for EOF in extradata
avcodec/wmaprodec: Check packet size
avformat/dhav: Check position for overflow
avcodec/rasc: Check frame before clearing
avformat/vividas: Check number of audio channels
avcodec/alsdec: Fix integer overflow with quant_cof
avformat/mpegts: Fix argument type for av_log
avformat/cafdec: clip sample rate
avcodec/ffv1dec: Fix off by 1 error with quant tables
avformat/mpegts: Increase pcr_incr width to 64bit
avcodec/utils: Check bitrate for overflow in get_bit_rate()
avformat/mov: Check if hoov is at the end
avcodec/hevc_ps: check scaling_list_dc_coef
avformat/iff: Check data_size
avformat/matroskadec: Sanity check codec_id/track type
avformat/rpl: Check the number of streams
avformat/vividas: Check sample_rate
avformat/vividas: Make len signed
avcodec/h264idct_template: Fix integer overflow in ff_h264_chroma422_dc_dequant_idct()
avformat/dsfdec: Check block_align more completely
avformat/mpc8: Check remaining space in mpc8_parse_seektable()
avformat/id3v2: Sanity check tlen before alloc and uncompress
avformat/vqf: Check len for COMM chunks
avformat/mov: Avoid overflow in end computation in mov_read_custom()
avcodec/hevc_cabac: Limit value in coeff_abs_level_remaining_decode() tighter
avformat/cafdec: Check the return code from av_add_index_entry()
avformat/cafdec: Check for EOF in index read loop
avformat/cafdec: Check that bytes_per_packet and frames_per_packet are non negative
avformat/mpc8: correct integer overflow in mpc8_parse_seektable()
avformat/mpc8: correct 32bit timestamp truncation
avcodec/exr: Check ymin vs. h
avformat/avs: Use 64bit for the avio_tell() output
avformat/wavdec: More complete size check in find_guid()
avcodec/mv30: Use unsigned in idct_1d()
avformat/iff: Check size before skip
avformat/rmdec: Check for EOF in index packet reading
avcodec/vp3dsp: Use unsigned constant to avoid undefined integer overflow in ff_vp3dsp_set_bounding_values()
avformat/icodec: Check for zero streams and stream creation failure
avformat/icodec: Factor failure code out in read_header()
avformat/bintext: Check width
avformat/sbgdec: Check that end is not before start
avformat/lvfdec: Check stream_index before use
avformat/au: cleanup on EOF return in au_read_annotation()
avformat/mpegts: Limit copied data to space
avformat/bintext: Check width in idf_read_header()
avformat/iff: check size against INT64_MAX
avformat/vividas: improve extradata packing checks in track_header()
avformat/paf: Check for EOF in read_table()
avformat/gxf: Check pkt_len
avformat/aiffdec: Check packet size
avformat/concatdec: use av_strstart()
avformat/wavdec: Refuse to read chunks bigger than the filesize in w64_read_header()
avformat/rsd: Check size and start before computing duration
avformat/vividas: better check of current_sb_entry
avformat/iff: More completely check body_size
avformat/vividas use avpriv_set_pts_info()
avformat/xwma: Check for EOF in dpds_table read code
avcodec/utils: Check sample rate before use for AV_CODEC_ID_BINKAUDIO_DCT in get_audio_frame_duration()
avcodec/dirac_parser: do not offset AV_NOPTS_OFFSET
avformat/rmdec: Make expected_len 64bit
avformat/pcm: Check block_align
avformat/lrcdec: Clip timestamps
avutil/mathematics: Use av_sat_add64() for the last addition in av_add_stable()
avformat/electronicarts: Check for EOF in each iteration of the loop in ea_read_packet()
avformat/ifv: Check that total frames do not overflow
avcodec/vp9dsp_template: Fix some overflows in iadst8_1d()
avcodec/fits: Check bscale
avformat/nistspheredec: Check bps
avformat/jacosubdec: Use 64bit inside get_shift()
avformat/genh: Check block_align
avformat/mvi: Check count for overflow
avcodec/magicyuv: Check slice size before reading flags and pred
avformat/asfdec_f: Check for negative ext_len
avformat/bethsoftvid: Check image dimensions before use
avformat/genh: Check block_align for how it will be used in SDX2_DPCM
avformat/au: Check for EOF in au_read_annotation()
avformat/vividas: Check for zero v_size
avformat/segafilm: Do not assume AV_CODEC_ID_NONE is 0
avformat/segafilm: Check that there is a stream
avformat/wtvdec: Check dir_length
avformat/ffmetadec: finalize AVBPrint on errors
avcodec/decode/ff_get_buffer: Check for overflow in FFALIGN()
avcodec/exr: Check limits to avoid overflow in delta computation
avformat/boadec: Check that channels and block_align are set
avformat/asfdec_f: Check name_len for overflow
avcodec/h264idct_template: Fix integer overflow in ff_h264_chroma422_dc_dequant_idct()
avformat/sbgdec: Check for timestamp overflow in parse_time_sequence()
avcodec/aacdec_fixed: Limit index in vector_pow43()
avformat/kvag: Fix integer overflow in bitrate computation
avcodec/h264_slice: fix undefined integer overflow with POC in error concealment
avformat/rmdec: sanity check coded_framesize
avformat/flvdec: Check for EOF in amf_parse_object()
avcodec/mv30: Fix multiple integer overflows
avcodec/smacker: Check remaining bits in SMK_BLK_FULL
avcodec/cook: Check subpacket index against max
avcodec/utils: Check for overflow with ATRAC* in get_audio_frame_duration()
avcodec/hevcpred_template: Fix diagonal chroma availability in 4:2:2 edge case in intra_pred
avformat/icodec: Change order of operations to avoid NULL dereference
avcodec/exr: Fix overflow with many blocks
avcodec/vp9dsp_template: Fix integer overflows in idct16_1d()
avcodec/ansi: Check initial dimensions
avcodec/hevcdec: Check slice_cb_qp_offset / slice_cr_qp_offset
avcodec/sonic: Check for overread
avformat/subviewerdec: fail on AV_NOPTS_VALUE
avcodec/exr: Check line size for overflow
avcodec/exr: Check xdelta, ydelta
avcodec/celp_filters: Avoid invalid negation in ff_celp_lp_synthesis_filter()
avcodec/takdsp: Fix negative shift in decorrelate_sf()
avcodec/dxtory: Fix negative stride shift in dx2_decode_slice_420()
avformat/asfdec_f: Change order or operations slightly
avformat/dxa: Use av_rescale() for duration computation
avcodec/vc1_block: Fix integer overflow in ac value
avcodec/mv30: Fix several integer overflows in idct_1d()
avformat/iff: Check data_size not overflowing int64
avcodec/dxtory: Fix negative shift in dx2_decode_slice_410()
avcodec/sonic: Check channels before deallocating
avformat/vividas: Check for EOF in first loop in track_header()
avformat/wvdec: Check rate for overflow
avcodec/ansi: Check nb_args for overflow
avformat/wc3movie: Cleanup on wc3_read_header() failure
avformat/wc3movie: Move wc3_read_close() up
avcodec/tiff: Fix default white level
avcodec/diracdsp: Fix integer anomaly in dequant_subband_*
avutil/fixed_dsp: Fix integer overflows in butterflies_fixed_c()
avcodec/mv30: Check remaining mask in decode_inter()
avcodec/wmalosslessdec: Check remaining space before padding and channel residue
avformat/cdg: Fix integer overflow in duration computation
avcodec/mpc: Fix multiple numerical overflows in ff_mpc_dequantize_and_synth()
avcodec/agm: Fix off by 1 error in decode_inter_plane()
avformat/electronicarts: Check if there are any streams
avcodec/ffwavesynth: Fix integer overflow in wavesynth_synth_sample / WS_SINE
avcodec/vp9dsp_template: Fix integer overflow in iadst8_1d()
avformat/avidec: Fix io_fsize overflow
avcodec/cfhd: Check transform type
avcodec/tiff: Check jpeg context against jpeg frame parameters
avcodec/tiff: Restrict tag order based on specification
avcodec/tiff: Avoid abort with DNG RAW TIFF with YA8
avcodec/tiff: Check the linearization table size
avformat/siff: Reject audio packets without audio stream
avformat/mpeg: Check avio_read() return value in get_pts()
avcodec/tiff: Check bpp/bppcount for 0
avcodec/snowdec: Sanity check hcoeff
avformat/mov: Check comp_brand_size
avformat/ape: Error out in case of EOF in the header
avcodec/alac: Check decorr_shift to avoid invalid shift
avcodec/tdsc: Fix tile checks
opusdec: do not fail when LBRR frames are present
configure: update copyright year
avfilter/vf_framerate: fix infinite loop with 1-frame input
avformat/url: Change () position in ff_make_absolute_url()
avformat/mpegts: make sure mpegts_read_header always stops at the first pmt
avformat/alp: fix handling of TUN files
avformat/argo_asf: fix handling of v1.1 files
swscale/x86/yuv2rgb: fix crashes when loading alpha from unaligned buffers
lavf/url: fix relative url parsing when the query string or fragment has a colon
avformat/libsrt: fix cleanups on failed libsrt_open() and libsrt_setup()
avcodec/cuviddec: backport extradata fixes
avcodec/cuviddec: handle arbitrarily sized extradata
lavf/srt: fix build fail when used the libsrt 1.4.1
avformat/libsrt: close listen fd in listener mode
lavf/url: rewrite ff_make_absolute_url() using ff_url_decompose().
lavf/url: add ff_url_decompose().
avcodec/cbs_av1: fix setting FrameWidth in frame_size_with_refs()
avcodec/cbs_av1: use a more appropiate AV1ReferenceFrameState pointer variable name
avcodec/cbs_av1: fix handling reference frames on show_existing_frame frames
avcodec/cbs_av1: infer frame_type in show_existing_frame frames earlier
avcodec/cbs_av1: add OrderHint to CodedBitstreamAV1Context
avcodec/cbs_av1: infer frame_type when parsing a show_existing_frame frame
cbs_av1: Fix test for presence of buffer_removal_time element
avcodec/cbs_av1: fix storage size for render_{width,height}_minus_1
lavc: Lower MediaFoundation audio encoder priority.
x86/yuv2rgb: fix crashes when storing data on unaligned buffers
checkasm/vf_blend: use the correct depth parameters to initialize the blend modes
x86/vf_blend: fix warnings about trailing empty parameters
x86/h264_deblock: fix warning about trailing empty parameter
avutil/x86inc: fix warnings when assembling with Nasm 2.15
version 4.3.1:
avcodec/tiff: Check input space in dng_decode_jpeg()
avcodec/mjpeg_parser: Adjust size rejection threshold

2
RELEASE
View File

@ -1 +1 @@
4.3.1
4.3.2

2
configure vendored
View File

@ -7513,7 +7513,7 @@ cat > $TMPH <<EOF
#define FFMPEG_CONFIG_H
#define FFMPEG_CONFIGURATION "$(c_escape $FFMPEG_CONFIGURATION)"
#define FFMPEG_LICENSE "$(c_escape $license)"
#define CONFIG_THIS_YEAR 2020
#define CONFIG_THIS_YEAR 2021
#define FFMPEG_DATADIR "$(eval c_escape $datadir)"
#define AVCONV_DATADIR "$(eval c_escape $datadir)"
#define CC_IDENT "$(c_escape ${cc_ident:-Unknown compiler})"

2
doc/Doxyfile
View File

@ -38,7 +38,7 @@ PROJECT_NAME = FFmpeg
# could be handy for archiving the generated documentation or if some version
# control system is used.
PROJECT_NUMBER = 4.3.1
PROJECT_NUMBER = 4.3.2
# Using the PROJECT_BRIEF tag one can provide an optional one line description
# for a project that appears at the top of each page and should give viewer a

1
fftools/ffmpeg.c
View File

@ -528,7 +528,6 @@ static void ffmpeg_cleanup(int ret)
for (j = 0; j < fg->nb_outputs; j++) {
OutputFilter *ofilter = fg->outputs[j];
avfilter_inout_free(&ofilter->out_tmp);
av_freep(&ofilter->name);
av_freep(&ofilter->formats);
av_freep(&ofilter->channel_layouts);

4
libavcodec/aacdec_fixed.c
View File

@ -155,9 +155,9 @@ static void vector_pow43(int *coefs, int len)
for (i=0; i<len; i++) {
coef = coefs[i];
if (coef < 0)
coef = -(int)ff_cbrt_tab_fixed[-coef];
coef = -(int)ff_cbrt_tab_fixed[(-coef) & 8191];
else
coef = (int)ff_cbrt_tab_fixed[coef];
coef = (int)ff_cbrt_tab_fixed[ coef & 8191];
coefs[i] = coef;
}
}

4
libavcodec/agm.c
View File

@ -423,8 +423,8 @@ static int decode_inter_plane(AGMContext *s, GetBitContext *gb, int size,
int map = s->map[x];
if (orig_mv_x >= -32) {
if (y * 8 + mv_y < 0 || y * 8 + mv_y + 8 >= h ||
x * 8 + mv_x < 0 || x * 8 + mv_x + 8 >= w)
if (y * 8 + mv_y < 0 || y * 8 + mv_y + 8 > h ||
x * 8 + mv_x < 0 || x * 8 + mv_x + 8 > w)
return AVERROR_INVALIDDATA;
copy_block8(frame->data[plane] + (s->blocks_h - 1 - y) * 8 * frame->linesize[plane] + x * 8,

3
libavcodec/alac.c
View File

@ -302,6 +302,9 @@ static int decode_element(AVCodecContext *avctx, AVFrame *frame, int ch_index,
decorr_shift = get_bits(&alac->gb, 8);
decorr_left_weight = get_bits(&alac->gb, 8);
if (channels == 2 && decorr_left_weight && decorr_shift > 31)
return AVERROR_INVALIDDATA;
for (ch = 0; ch < channels; ch++) {
prediction_type[ch] = get_bits(&alac->gb, 4);
lpc_quant[ch] = get_bits(&alac->gb, 4);

6
libavcodec/allcodecs.c
View File

@ -679,9 +679,7 @@ extern AVCodec ff_xsub_decoder;
/* external libraries */
extern AVCodec ff_aac_at_encoder;
extern AVCodec ff_aac_at_decoder;
extern AVCodec ff_aac_mf_encoder;
extern AVCodec ff_ac3_at_decoder;
extern AVCodec ff_ac3_mf_encoder;
extern AVCodec ff_adpcm_ima_qt_at_decoder;
extern AVCodec ff_alac_at_encoder;
extern AVCodec ff_alac_at_decoder;
@ -693,7 +691,6 @@ extern AVCodec ff_ilbc_at_decoder;
extern AVCodec ff_mp1_at_decoder;
extern AVCodec ff_mp2_at_decoder;
extern AVCodec ff_mp3_at_decoder;
extern AVCodec ff_mp3_mf_encoder;
extern AVCodec ff_pcm_alaw_at_encoder;
extern AVCodec ff_pcm_alaw_at_decoder;
extern AVCodec ff_pcm_mulaw_at_encoder;
@ -757,6 +754,8 @@ extern AVCodec ff_idf_decoder;
/* external libraries, that shouldn't be used by default if one of the
* above is available */
extern AVCodec ff_aac_mf_encoder;
extern AVCodec ff_ac3_mf_encoder;
extern AVCodec ff_h263_v4l2m2m_encoder;
extern AVCodec ff_libaom_av1_decoder;
extern AVCodec ff_libopenh264_encoder;
@ -789,6 +788,7 @@ extern AVCodec ff_mjpeg_cuvid_decoder;
extern AVCodec ff_mjpeg_qsv_encoder;
extern AVCodec ff_mjpeg_qsv_decoder;
extern AVCodec ff_mjpeg_vaapi_encoder;
extern AVCodec ff_mp3_mf_encoder;
extern AVCodec ff_mpeg1_cuvid_decoder;
extern AVCodec ff_mpeg2_cuvid_decoder;
extern AVCodec ff_mpeg2_qsv_encoder;

2
libavcodec/alsdec.c
View File

@ -762,7 +762,7 @@ static int read_var_block_data(ALSDecContext *ctx, ALSBlockData *bd)
}
for (k = 2; k < opt_order; k++)
quant_cof[k] = (quant_cof[k] * (1 << 14)) + (add_base << 13);
quant_cof[k] = (quant_cof[k] * (1U << 14)) + (add_base << 13);
}
}

7
libavcodec/ansi.c
View File

@ -431,6 +431,7 @@ static int decode_frame(AVCodecContext *avctx,
s->args[s->nb_args] = FFMAX(s->args[s->nb_args], 0) * 10 + buf[0] - '0';
break;
case ';':
if (s->nb_args < MAX_NB_ARGS)
s->nb_args++;
if (s->nb_args < MAX_NB_ARGS)
s->args[s->nb_args] = 0;
@ -474,6 +475,11 @@ static av_cold int decode_close(AVCodecContext *avctx)
return 0;
}
static const AVCodecDefault ansi_defaults[] = {
{ "max_pixels", "640*480" },
{ NULL },
};
AVCodec ff_ansi_decoder = {
.name = "ansi",
.long_name = NULL_IF_CONFIG_SMALL("ASCII/ANSI art"),
@ -485,4 +491,5 @@ AVCodec ff_ansi_decoder = {
.decode = decode_frame,
.capabilities = AV_CODEC_CAP_DR1,
.caps_internal = FF_CODEC_CAP_INIT_THREADSAFE,
.defaults = ansi_defaults,
};

5
libavcodec/cbs_av1.h
View File

@ -158,8 +158,8 @@ typedef struct AV1RawFrameHeader {
uint8_t use_superres;
uint8_t coded_denom;
uint8_t render_and_frame_size_different;
uint8_t render_width_minus_1;
uint8_t render_height_minus_1;
uint16_t render_width_minus_1;
uint16_t render_height_minus_1;
uint8_t found_ref[AV1_REFS_PER_FRAME];
@ -429,6 +429,7 @@ typedef struct CodedBitstreamAV1Context {
int operating_point_idc;
int bit_depth;
int order_hint;
int frame_width;
int frame_height;
int upscaled_width;

52
libavcodec/cbs_av1_syntax_template.c
View File

@ -366,7 +366,7 @@ static int FUNC(set_frame_refs)(CodedBitstreamContext *ctx, RWContext *rw,
for (i = 0; i < AV1_NUM_REF_FRAMES; i++)
shifted_order_hints[i] = cur_frame_hint +
cbs_av1_get_relative_dist(seq, priv->ref[i].order_hint,
current->order_hint);
priv->order_hint);
latest_order_hint = shifted_order_hints[current->last_frame_idx];
earliest_order_hint = shifted_order_hints[current->golden_frame_idx];
@ -541,7 +541,7 @@ static int FUNC(frame_size_with_refs)(CodedBitstreamContext *ctx, RWContext *rw,
}
priv->upscaled_width = ref->upscaled_width;
priv->frame_width = ref->frame_width;
priv->frame_width = priv->upscaled_width;
priv->frame_height = ref->frame_height;
priv->render_width = ref->render_width;
priv->render_height = ref->render_height;
@ -993,7 +993,7 @@ static int FUNC(skip_mode_params)(CodedBitstreamContext *ctx, RWContext *rw,
for (i = 0; i < AV1_REFS_PER_FRAME; i++) {
ref_hint = priv->ref[current->ref_frame_idx[i]].order_hint;
dist = cbs_av1_get_relative_dist(seq, ref_hint,
current->order_hint);
priv->order_hint);
if (dist < 0) {
if (forward_idx < 0 ||
cbs_av1_get_relative_dist(seq, ref_hint,
@ -1261,10 +1261,10 @@ static int FUNC(uncompressed_header)(CodedBitstreamContext *ctx, RWContext *rw,
flag(show_existing_frame);
if (current->show_existing_frame) {
AV1ReferenceFrameState *frame;
AV1ReferenceFrameState *ref;
fb(3, frame_to_show_map_idx);
frame = &priv->ref[current->frame_to_show_map_idx];
ref = &priv->ref[current->frame_to_show_map_idx];
if (seq->decoder_model_info_present_flag &&
!seq->timing_info.equal_picture_interval) {
@ -1275,12 +1275,24 @@ static int FUNC(uncompressed_header)(CodedBitstreamContext *ctx, RWContext *rw,
if (seq->frame_id_numbers_present_flag)
fb(id_len, display_frame_id);
if (frame->frame_type == AV1_FRAME_KEY)
infer(frame_type, ref->frame_type);
if (current->frame_type == AV1_FRAME_KEY) {
infer(refresh_frame_flags, all_frames);
else
// Section 7.21
infer(current_frame_id, ref->frame_id);
priv->upscaled_width = ref->upscaled_width;
priv->frame_width = ref->frame_width;
priv->frame_height = ref->frame_height;
priv->render_width = ref->render_width;
priv->render_height = ref->render_height;
priv->bit_depth = ref->bit_depth;
priv->order_hint = ref->order_hint;
} else
infer(refresh_frame_flags, 0);
return 0;
// Section 7.20
goto update_refs;
}
fb(2, frame_type);
@ -1366,6 +1378,7 @@ static int FUNC(uncompressed_header)(CodedBitstreamContext *ctx, RWContext *rw,
fb(order_hint_bits, order_hint);
else
infer(order_hint, 0);
priv->order_hint = current->order_hint;
if (frame_is_intra || current->error_resilient_mode)
infer(primary_ref_frame, AV1_PRIMARY_REF_NONE);
@ -1381,7 +1394,7 @@ static int FUNC(uncompressed_header)(CodedBitstreamContext *ctx, RWContext *rw,
int in_temporal_layer = (op_pt_idc >> priv->temporal_id ) & 1;
int in_spatial_layer = (op_pt_idc >> (priv->spatial_id + 8)) & 1;
if (seq->operating_point_idc[i] == 0 ||
in_temporal_layer || in_spatial_layer) {
(in_temporal_layer && in_spatial_layer)) {
fbs(seq->decoder_model_info.buffer_removal_time_length_minus_1 + 1,
buffer_removal_time[i], 1, i);
}
@ -1541,6 +1554,16 @@ static int FUNC(uncompressed_header)(CodedBitstreamContext *ctx, RWContext *rw,
CHECK(FUNC(film_grain_params)(ctx, rw, current));
av_log(ctx->log_ctx, AV_LOG_DEBUG, "Frame %d: size %dx%d "
"upscaled %d render %dx%d subsample %dx%d "
"bitdepth %d tiles %dx%d.\n", priv->order_hint,
priv->frame_width, priv->frame_height, priv->upscaled_width,
priv->render_width, priv->render_height,
seq->color_config.subsampling_x + 1,
seq->color_config.subsampling_y + 1, priv->bit_depth,
priv->tile_rows, priv->tile_cols);
update_refs:
for (i = 0; i < AV1_NUM_REF_FRAMES; i++) {
if (current->refresh_frame_flags & (1 << i)) {
priv->ref[i] = (AV1ReferenceFrameState) {
@ -1555,20 +1578,11 @@ static int FUNC(uncompressed_header)(CodedBitstreamContext *ctx, RWContext *rw,
.subsampling_x = seq->color_config.subsampling_x,
.subsampling_y = seq->color_config.subsampling_y,
.bit_depth = priv->bit_depth,
.order_hint = current->order_hint,
.order_hint = priv->order_hint,
};
}
}
av_log(ctx->log_ctx, AV_LOG_DEBUG, "Frame %d: size %dx%d "
"upscaled %d render %dx%d subsample %dx%d "
"bitdepth %d tiles %dx%d.\n", current->order_hint,
priv->frame_width, priv->frame_height, priv->upscaled_width,
priv->render_width, priv->render_height,
seq->color_config.subsampling_x + 1,
seq->color_config.subsampling_y + 1, priv->bit_depth,
priv->tile_rows, priv->tile_cols);
return 0;
}

6
libavcodec/celp_filters.c
View File

@ -65,11 +65,11 @@ int ff_celp_lp_synthesis_filter(int16_t *out, const int16_t *filter_coeffs,
int i,n;
for (n = 0; n < buffer_length; n++) {
int sum = -rounder, sum1;
int sum = rounder, sum1;
for (i = 1; i <= filter_length; i++)
sum += (unsigned)(filter_coeffs[i-1] * out[n-i]);
sum -= (unsigned)(filter_coeffs[i-1] * out[n-i]);
sum1 = ((-sum >> 12) + in[n]) >> shift;
sum1 = ((sum >> 12) + in[n]) >> shift;
sum = av_clip_int16(sum1);
if (stop_on_overflow && sum != sum1)

10
libavcodec/cfhd.c
View File

@ -503,6 +503,10 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, int *got_frame,
avpriv_report_missing_feature(avctx, "Transform type of %"PRIu16, data);
ret = AVERROR_PATCHWELCOME;
break;
} else if (data == 1) {
av_log(avctx, AV_LOG_ERROR, "unsupported transform type\n");
ret = AVERROR_PATCHWELCOME;
break;
}
av_log(avctx, AV_LOG_DEBUG, "Transform-type? %"PRIu16"\n", data);
} else if (abstag >= 0x4000 && abstag <= 0x40ff) {
@ -607,6 +611,12 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, int *got_frame,
s->peak.level = 0;
} else if (tag == -74 && s->peak.offset) {
s->peak.level = data;
if (s->peak.offset < 4 - bytestream2_tell(&s->peak.base) ||
s->peak.offset > 4 + bytestream2_get_bytes_left(&s->peak.base)
) {
ret = AVERROR_INVALIDDATA;
goto end;
}
bytestream2_seek(&s->peak.base, s->peak.offset - 4, SEEK_CUR);
} else
av_log(avctx, AV_LOG_DEBUG, "Unknown tag %i data %x\n", tag, data);

8
libavcodec/cook.c
View File

@ -1084,6 +1084,10 @@ static av_cold int cook_decode_init(AVCodecContext *avctx)
ff_audiodsp_init(&q->adsp);
while (bytestream2_get_bytes_left(&gb)) {
if (s >= FFMIN(MAX_SUBPACKETS, avctx->block_align)) {
avpriv_request_sample(avctx, "subpackets > %d", FFMIN(MAX_SUBPACKETS, avctx->block_align));
return AVERROR_PATCHWELCOME;
}
/* 8 for mono, 16 for stereo, ? for multichannel
Swap to right endianness so we don't need to care later on. */
q->subpacket[s].cookversion = bytestream2_get_be32(&gb);
@ -1215,10 +1219,6 @@ static av_cold int cook_decode_init(AVCodecContext *avctx)
q->num_subpackets++;
s++;
if (s > FFMIN(MAX_SUBPACKETS, avctx->block_align)) {
avpriv_request_sample(avctx, "subpackets > %d", FFMIN(MAX_SUBPACKETS, avctx->block_align));
return AVERROR_PATCHWELCOME;
}
}
/* Try to catch some obviously faulty streams, otherwise it might be exploitable */

2
libavcodec/cscd.c
View File

@ -93,7 +93,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
case 1: { // zlib compression
#if CONFIG_ZLIB
unsigned long dlen = c->decomp_size;
if (uncompress(c->decomp_buf, &dlen, &buf[2], buf_size - 2) != Z_OK) {
if (uncompress(c->decomp_buf, &dlen, &buf[2], buf_size - 2) != Z_OK || dlen != c->decomp_size) {
av_log(avctx, AV_LOG_ERROR, "error during zlib decompression\n");
return AVERROR_INVALIDDATA;
}

43
libavcodec/cuviddec.c
View File

@ -88,7 +88,7 @@ typedef struct CuvidContext
CUVIDDECODECAPS caps8, caps10, caps12;
CUVIDPARSERPARAMS cuparseinfo;
CUVIDEOFORMATEX cuparse_ext;
CUVIDEOFORMATEX *cuparse_ext;
CudaFunctions *cudl;
CuvidFunctions *cvdl;
@ -684,6 +684,7 @@ static av_cold int cuvid_decode_end(AVCodecContext *avctx)
av_buffer_unref(&ctx->hwdevice);
av_freep(&ctx->key_frame);
av_freep(&ctx->cuparse_ext);
cuvid_free_functions(&ctx->cvdl);
@ -793,6 +794,8 @@ static av_cold int cuvid_decode_init(AVCodecContext *avctx)
CUVIDSOURCEDATAPACKET seq_pkt;
CUcontext cuda_ctx = NULL;
CUcontext dummy;
uint8_t *extradata;
int extradata_size;
int ret = 0;
enum AVPixelFormat pix_fmts[3] = { AV_PIX_FMT_CUDA,
@ -889,11 +892,8 @@ static av_cold int cuvid_decode_init(AVCodecContext *avctx)
ctx->cudl = device_hwctx->internal->cuda_dl;
memset(&ctx->cuparseinfo, 0, sizeof(ctx->cuparseinfo));
memset(&ctx->cuparse_ext, 0, sizeof(ctx->cuparse_ext));
memset(&seq_pkt, 0, sizeof(seq_pkt));
ctx->cuparseinfo.pExtVideoInfo = &ctx->cuparse_ext;
switch (avctx->codec->id) {
#if CONFIG_H264_CUVID_DECODER
case AV_CODEC_ID_H264:
@ -947,17 +947,26 @@ static av_cold int cuvid_decode_init(AVCodecContext *avctx)
if (avctx->codec->bsfs) {
const AVCodecParameters *par = avctx->internal->bsf->par_out;
ctx->cuparse_ext.format.seqhdr_data_length = par->extradata_size;
memcpy(ctx->cuparse_ext.raw_seqhdr_data,
par->extradata,
FFMIN(sizeof(ctx->cuparse_ext.raw_seqhdr_data), par->extradata_size));
} else if (avctx->extradata_size > 0) {
ctx->cuparse_ext.format.seqhdr_data_length = avctx->extradata_size;
memcpy(ctx->cuparse_ext.raw_seqhdr_data,
avctx->extradata,
FFMIN(sizeof(ctx->cuparse_ext.raw_seqhdr_data), avctx->extradata_size));
extradata = par->extradata;
extradata_size = par->extradata_size;
} else {
extradata = avctx->extradata;
extradata_size = avctx->extradata_size;
}
ctx->cuparse_ext = av_mallocz(sizeof(*ctx->cuparse_ext)
+ FFMAX(extradata_size - (int)sizeof(ctx->cuparse_ext->raw_seqhdr_data), 0));
if (!ctx->cuparse_ext) {
ret = AVERROR(ENOMEM);
goto error;
}
if (extradata_size > 0)
memcpy(ctx->cuparse_ext->raw_seqhdr_data, extradata, extradata_size);
ctx->cuparse_ext->format.seqhdr_data_length = extradata_size;
ctx->cuparseinfo.pExtVideoInfo = ctx->cuparse_ext;
ctx->key_frame = av_mallocz(ctx->nb_surfaces * sizeof(int));
if (!ctx->key_frame) {
ret = AVERROR(ENOMEM);
@ -986,8 +995,8 @@ static av_cold int cuvid_decode_init(AVCodecContext *avctx)
if (ret < 0)
goto error;
seq_pkt.payload = ctx->cuparse_ext.raw_seqhdr_data;
seq_pkt.payload_size = ctx->cuparse_ext.format.seqhdr_data_length;
seq_pkt.payload = ctx->cuparse_ext->raw_seqhdr_data;
seq_pkt.payload_size = ctx->cuparse_ext->format.seqhdr_data_length;
if (seq_pkt.payload && seq_pkt.payload_size) {
ret = CHECK_CU(ctx->cvdl->cuvidParseVideoData(ctx->cuparser, &seq_pkt));
@ -1046,8 +1055,8 @@ static void cuvid_flush(AVCodecContext *avctx)
if (ret < 0)
goto error;
seq_pkt.payload = ctx->cuparse_ext.raw_seqhdr_data;
seq_pkt.payload_size = ctx->cuparse_ext.format.seqhdr_data_length;
seq_pkt.payload = ctx->cuparse_ext->raw_seqhdr_data;
seq_pkt.payload_size = ctx->cuparse_ext->format.seqhdr_data_length;
if (seq_pkt.payload && seq_pkt.payload_size) {
ret = CHECK_CU(ctx->cvdl->cuvidParseVideoData(ctx->cuparser, &seq_pkt));

3
libavcodec/decode.c
View File

@ -1858,7 +1858,8 @@ int ff_get_buffer(AVCodecContext *avctx, AVFrame *frame, int flags)
int ret;
if (avctx->codec_type == AVMEDIA_TYPE_VIDEO) {
if ((ret = av_image_check_size2(FFALIGN(avctx->width, STRIDE_ALIGN), avctx->height, avctx->max_pixels, AV_PIX_FMT_NONE, 0, avctx)) < 0 || avctx->pix_fmt<0) {
if ((unsigned)avctx->width > INT_MAX - STRIDE_ALIGN ||
(ret = av_image_check_size2(FFALIGN(avctx->width, STRIDE_ALIGN), avctx->height, avctx->max_pixels, AV_PIX_FMT_NONE, 0, avctx)) < 0 || avctx->pix_fmt<0) {
av_log(avctx, AV_LOG_ERROR, "video_get_buffer: image parameters invalid\n");
ret = AVERROR(EINVAL);
goto fail;

2
libavcodec/dirac_parser.c
View File

@ -215,7 +215,7 @@ static int dirac_combine_frame(AVCodecParserContext *s, AVCodecContext *avctx,
int64_t pts = AV_RB32(cur_pu + 13);
if (s->last_pts == 0 && s->last_dts == 0)
s->dts = pts - 1;
else
else if (s->last_dts != AV_NOPTS_VALUE)
s->dts = s->last_dts + 1;
s->pts = pts;
if (!avctx->has_b_frames && (cur_pu[4] & 0x03))

6
libavcodec/diracdsp.c
View File

@ -198,9 +198,9 @@ static void dequant_subband_ ## PX ## _c(uint8_t *src, uint8_t *dst, ptrdiff_t s
PX c, sign, *src_r = (PX *)src, *dst_r = (PX *)dst; \
for (i = 0; i < tot_h; i++) { \
c = *src_r++; \
sign = FFSIGN(c)*(!!c); \
c = (FFABS(c)*(unsigned)qf + qs) >> 2; \
*dst_r++ = c*sign; \
if (c < 0) c = -((-(unsigned)c*qf + qs) >> 2); \
else if(c > 0) c = (( (unsigned)c*qf + qs) >> 2); \
*dst_r++ = c; \
} \
src += tot_h << (sizeof(PX) >> 1); \
dst += stride; \

4
libavcodec/dxtory.c
View File

@ -456,7 +456,7 @@ static int dx2_decode_slice_410(GetBitContext *gb, AVFrame *frame,
V[x >> 2] = decode_sym(gb, lru[2]) ^ 0x80;
}
Y += ystride << 2;
Y += ystride * 4;
U += ustride;
V += vstride;
}
@ -501,7 +501,7 @@ static int dx2_decode_slice_420(GetBitContext *gb, AVFrame *frame,
V[x >> 1] = decode_sym(gb, lru[2]) ^ 0x80;
}
Y += ystride << 1;
Y += ystride * 2;
U += ustride;
V += vstride;
}

32
libavcodec/exr.c
View File

@ -1051,6 +1051,9 @@ static int decode_block(AVCodecContext *avctx, void *tdata,
if ((col + td->xsize) != s->xdelta)/* not the last tile of the line */
axmax = 0; /* doesn't add pixel at the right of the datawindow */
if (td->xsize * (uint64_t)s->current_channel_offset > INT_MAX)
return AVERROR_INVALIDDATA;
td->channel_line_size = td->xsize * s->current_channel_offset;/* uncompress size of one line */
uncompressed_size = td->channel_line_size * (uint64_t)td->ysize;/* uncompress size of the block */
} else {
@ -1070,6 +1073,9 @@ static int decode_block(AVCodecContext *avctx, void *tdata,
td->ysize = FFMIN(s->scan_lines_per_block, s->ymax - line + 1); /* s->ydelta - line ?? */
td->xsize = s->xdelta;
if (td->xsize * (uint64_t)s->current_channel_offset > INT_MAX)
return AVERROR_INVALIDDATA;
td->channel_line_size = td->xsize * s->current_channel_offset;/* uncompress size of one line */
uncompressed_size = td->channel_line_size * (uint64_t)td->ysize;/* uncompress size of the block */
@ -1493,15 +1499,27 @@ static int decode_header(EXRContext *s, AVFrame *frame)
continue;
} else if ((var_size = check_header_variable(s, "dataWindow", "box2i",
31)) >= 0) {
int xmin, ymin, xmax, ymax;
if (!var_size) {
ret = AVERROR_INVALIDDATA;
goto fail;
}
s->xmin = bytestream2_get_le32(&s->gb);
s->ymin = bytestream2_get_le32(&s->gb);
s->xmax = bytestream2_get_le32(&s->gb);
s->ymax = bytestream2_get_le32(&s->gb);
xmin = bytestream2_get_le32(&s->gb);
ymin = bytestream2_get_le32(&s->gb);
xmax = bytestream2_get_le32(&s->gb);
ymax = bytestream2_get_le32(&s->gb);
if (xmin > xmax || ymin > ymax ||
(unsigned)xmax - xmin >= INT_MAX ||
(unsigned)ymax - ymin >= INT_MAX) {
ret = AVERROR_INVALIDDATA;
goto fail;
}
s->xmin = xmin;
s->xmax = xmax;
s->ymin = ymin;
s->ymax = ymax;
s->xdelta = (s->xmax - s->xmin) + 1;
s->ydelta = (s->ymax - s->ymin) + 1;
@ -1734,7 +1752,9 @@ static int decode_frame(AVCodecContext *avctx, void *data,
s->ymin > s->ymax ||
s->xdelta != s->xmax - s->xmin + 1 ||
s->xmax >= s->w ||
s->ymax >= s->h) {
s->ymax >= s->h ||
s->ydelta == 0xFFFFFFFF || s->xdelta == 0xFFFFFFFF
) {
av_log(avctx, AV_LOG_ERROR, "Wrong or missing size information.\n");
return AVERROR_INVALIDDATA;
}
@ -1765,7 +1785,7 @@ static int decode_frame(AVCodecContext *avctx, void *data,
if ((ret = ff_thread_get_buffer(avctx, &frame, 0)) < 0)
return ret;
if (bytestream2_get_bytes_left(&s->gb) < nb_blocks * 8)
if (bytestream2_get_bytes_left(&s->gb)/8 < nb_blocks)
return AVERROR_INVALIDDATA;
// check offset table and recreate it if need

2
libavcodec/ffv1dec.c
View File

@ -786,7 +786,7 @@ static int read_header(FFV1Context *f)
if (f->version == 2) {
int idx = get_symbol(c, state, 0);
if (idx > (unsigned)f->quant_table_count) {
if (idx >= (unsigned)f->quant_table_count) {
av_log(f->avctx, AV_LOG_ERROR,
"quant_table_index out of range\n");
return AVERROR_INVALIDDATA;

2
libavcodec/ffwavesynth.c
View File

@ -373,7 +373,7 @@ static void wavesynth_synth_sample(struct wavesynth_context *ws, int64_t ts,
in->amp += in->damp;
switch (in->type) {
case WS_SINE:
val = amp * ws->sin[in->phi >> (64 - SIN_BITS)];
val = amp * (unsigned)ws->sin[in->phi >> (64 - SIN_BITS)];
in->phi += in->dphi;
in->dphi += in->ddphi;
break;

6
libavcodec/fits.c
View File

@ -187,6 +187,8 @@ int avpriv_fits_header_parse_line(void *avcl, FITSHeader *header, const uint8_t
header->blank = t;
header->blank_found = 1;
} else if (!strcmp(keyword, "BSCALE") && sscanf(value, "%lf", &d) == 1) {
if (d <= 0)
return AVERROR_INVALIDDATA;
header->bscale = d;
} else if (!strcmp(keyword, "BZERO") && sscanf(value, "%lf", &d) == 1) {
header->bzero = d;
@ -203,8 +205,12 @@ int avpriv_fits_header_parse_line(void *avcl, FITSHeader *header, const uint8_t
} else if (!strcmp(keyword, "GROUPS") && sscanf(value, "%c", &c) == 1) {
header->groups = (c == 'T');
} else if (!strcmp(keyword, "GCOUNT") && sscanf(value, "%"SCNd64"", &t) == 1) {
if (t < 0 || t > INT_MAX)
return AVERROR_INVALIDDATA;
header->gcount = t;
} else if (!strcmp(keyword, "PCOUNT") && sscanf(value, "%"SCNd64"", &t) == 1) {
if (t < 0 || t > INT_MAX)
return AVERROR_INVALIDDATA;
header->pcount = t;
}
dict_set_if_not_null(metadata, keyword, value);

11
libavcodec/frame_thread_encoder.c
View File

@ -118,7 +118,7 @@ end:
int ff_frame_thread_encoder_init(AVCodecContext *avctx, AVDictionary *options){
int i=0;
ThreadContext *c;
AVCodecContext *thread_avctx = NULL;
if( !(avctx->thread_type & FF_THREAD_FRAME)
|| !(avctx->codec->capabilities & AV_CODEC_CAP_FRAME_THREADS))
@ -196,17 +196,16 @@ int ff_frame_thread_encoder_init(AVCodecContext *avctx, AVDictionary *options){
AVDictionary *tmp = NULL;
int ret;
void *tmpv;
thread_avctx = avcodec_alloc_context3(avctx->codec);
AVCodecContext *thread_avctx = avcodec_alloc_context3(avctx->codec);
if(!thread_avctx)
goto fail;
tmpv = thread_avctx->priv_data;
*thread_avctx = *avctx;
thread_avctx->priv_data = tmpv;
thread_avctx->internal = NULL;
thread_avctx->hw_frames_ctx = NULL;
ret = av_opt_copy(thread_avctx, avctx);
if (ret < 0)
goto fail;
thread_avctx->priv_data = tmpv;
thread_avctx->internal = NULL;
if (avctx->codec->priv_class) {
int ret = av_opt_copy(thread_avctx->priv_data, avctx->priv_data);
if (ret < 0)
@ -235,8 +234,6 @@ int ff_frame_thread_encoder_init(AVCodecContext *avctx, AVDictionary *options){
return 0;
fail:
avcodec_close(thread_avctx);
av_freep(&thread_avctx);
avctx->thread_count = i;
av_log(avctx, AV_LOG_ERROR, "ff_frame_thread_encoder_init failed\n");
ff_frame_thread_encoder_free(avctx);

4
libavcodec/frame_thread_encoder.h
View File

@ -23,10 +23,6 @@
#include "avcodec.h"
/**
* Initialize frame thread encoder.
* @note hardware encoders are not supported
*/
int ff_frame_thread_encoder_init(AVCodecContext *avctx, AVDictionary *options);
void ff_frame_thread_encoder_free(AVCodecContext *avctx);
int ff_thread_video_encode_frame(AVCodecContext *avctx, AVPacket *pkt, const AVFrame *frame, int *got_packet_ptr);

2
libavcodec/h264_slice.c
View File

@ -1599,7 +1599,7 @@ static int h264_field_start(H264Context *h, const H264SliceContext *sl,
prev->f->format,
prev->f->width,
prev->f->height);
h->short_ref[0]->poc = prev->poc + 2;
h->short_ref[0]->poc = prev->poc + 2U;
} else if (!h->frame_recovered && !h->avctx->hwaccel)
ff_color_frame(h->short_ref[0]->f, c);
h->short_ref[0]->frame_num = h->poc.prev_frame_num;

6
libavcodec/h264idct_template.c
View File

@ -278,13 +278,13 @@ void FUNCC(ff_h264_chroma422_dc_dequant_idct)(int16_t *_block, int qmul){
const int stride= 16*2;
const int xStride= 16;
int i;
int temp[8];
unsigned temp[8];
static const uint8_t x_offset[2]={0, 16};
dctcoef *block = (dctcoef*)_block;
for(i=0; i<4; i++){
temp[2*i+0] = block[stride*i + xStride*0] + block[stride*i + xStride*1];
temp[2*i+1] = block[stride*i + xStride*0] - block[stride*i + xStride*1];
temp[2*i+0] = block[stride*i + xStride*0] + (unsigned)block[stride*i + xStride*1];
temp[2*i+1] = block[stride*i + xStride*0] - (unsigned)block[stride*i + xStride*1];
}
for(i=0; i<2; i++){

2
libavcodec/hap.h
View File

@ -52,7 +52,7 @@ enum HapSectionType {
typedef struct HapChunk {
enum HapCompressor compressor;
int compressed_offset;
uint32_t compressed_offset;
size_t compressed_size;
int uncompressed_offset;
size_t uncompressed_size;

4
libavcodec/hapdec.c
View File

@ -105,6 +105,8 @@ static int hap_parse_decode_instructions(HapContext *ctx, int size)
size_t running_size = 0;
for (i = 0; i < ctx->chunk_count; i++) {
ctx->chunks[i].compressed_offset = running_size;
if (ctx->chunks[i].compressed_size > UINT32_MAX - running_size)
return AVERROR_INVALIDDATA;
running_size += ctx->chunks[i].compressed_size;
}
}
@ -186,7 +188,7 @@ static int hap_parse_frame_header(AVCodecContext *avctx)
HapChunk *chunk = &ctx->chunks[i];
/* Check the compressed buffer is valid */
if (chunk->compressed_offset + chunk->compressed_size > bytestream2_get_bytes_left(gbc))
if (chunk->compressed_offset + (uint64_t)chunk->compressed_size > bytestream2_get_bytes_left(gbc))
return AVERROR_INVALIDDATA;
/* Chunks are unpacked sequentially, ctx->tex_size is the uncompressed

2
libavcodec/hevc_cabac.c
View File

@ -998,7 +998,7 @@ static av_always_inline int coeff_abs_level_remaining_decode(HEVCContext *s, int
} else {
int prefix_minus3 = prefix - 3;
if (prefix == CABAC_MAX_BIN || prefix_minus3 + rc_rice_param >= 31) {
if (prefix == CABAC_MAX_BIN || prefix_minus3 + rc_rice_param > 16 + 6) {
av_log(s->avctx, AV_LOG_ERROR, "CABAC_MAX_BIN : %d\n", prefix);
return 0;
}

6
libavcodec/hevc_ps.c
View File

@ -816,7 +816,11 @@ static int scaling_list_data(GetBitContext *gb, AVCodecContext *avctx, ScalingLi
next_coef = 8;
coef_num = FFMIN(64, 1 << (4 + (size_id << 1)));
if (size_id > 1) {
scaling_list_dc_coef[size_id - 2][matrix_id] = get_se_golomb(gb) + 8;
int scaling_list_coeff_minus8 = get_se_golomb(gb);
if (scaling_list_coeff_minus8 < -7 ||
scaling_list_coeff_minus8 > 247)
return AVERROR_INVALIDDATA;
scaling_list_dc_coef[size_id - 2][matrix_id] = scaling_list_coeff_minus8 + 8;
next_coef = scaling_list_dc_coef[size_id - 2][matrix_id];
sl->sl_dc[size_id - 2][matrix_id] = next_coef;
}

2
libavcodec/hevc_sei.c
View File

@ -343,6 +343,8 @@ static int decode_nal_sei_message(GetBitContext *gb, void *logctx, HEVCSEI *s,
byte = get_bits(gb, 8);
payload_size += byte;
}
if (get_bits_left(gb) < 8LL*payload_size)
return AVERROR_INVALIDDATA;
if (nal_unit_type == HEVC_NAL_SEI_PREFIX) {
return decode_nal_sei_prefix(gb, logctx, s, ps, payload_type, payload_size);
} else { /* nal_unit_type == NAL_SEI_SUFFIX */

5
libavcodec/hevcdec.c
View File

@ -785,6 +785,11 @@ static int hls_slice_header(HEVCContext *s)
if (s->ps.pps->pic_slice_level_chroma_qp_offsets_present_flag) {
sh->slice_cb_qp_offset = get_se_golomb(gb);
sh->slice_cr_qp_offset = get_se_golomb(gb);
if (sh->slice_cb_qp_offset < -12 || sh->slice_cb_qp_offset > 12 ||
sh->slice_cr_qp_offset < -12 || sh->slice_cr_qp_offset > 12) {
av_log(s->avctx, AV_LOG_ERROR, "Invalid slice cx qp offset.\n");
return AVERROR_INVALIDDATA;
}
} else {
sh->slice_cb_qp_offset = 0;
sh->slice_cr_qp_offset = 0;

5
libavcodec/hevcpred_template.c
View File

@ -83,6 +83,7 @@ do { \
int y = y0 >> vshift;
int x_tb = (x0 >> s->ps.sps->log2_min_tb_size) & s->ps.sps->tb_mask;
int y_tb = (y0 >> s->ps.sps->log2_min_tb_size) & s->ps.sps->tb_mask;
int spin = c_idx && !size_in_tbs_v && ((2 * y0) & (1 << s->ps.sps->log2_min_tb_size));
int cur_tb_addr = MIN_TB_ADDR_ZS(x_tb, y_tb);
@ -103,11 +104,11 @@ do { \
pixel *top = top_array + 1;
pixel *filtered_left = filtered_left_array + 1;
pixel *filtered_top = filtered_top_array + 1;
int cand_bottom_left = lc->na.cand_bottom_left && cur_tb_addr > MIN_TB_ADDR_ZS( x_tb - 1, (y_tb + size_in_tbs_v) & s->ps.sps->tb_mask);
int cand_bottom_left = lc->na.cand_bottom_left && cur_tb_addr > MIN_TB_ADDR_ZS( x_tb - 1, (y_tb + size_in_tbs_v + spin) & s->ps.sps->tb_mask);
int cand_left = lc->na.cand_left;
int cand_up_left = lc->na.cand_up_left;
int cand_up = lc->na.cand_up;
int cand_up_right = lc->na.cand_up_right && cur_tb_addr > MIN_TB_ADDR_ZS((x_tb + size_in_tbs_h) & s->ps.sps->tb_mask, y_tb - 1);
int cand_up_right = lc->na.cand_up_right && !spin && cur_tb_addr > MIN_TB_ADDR_ZS((x_tb + size_in_tbs_h) & s->ps.sps->tb_mask, y_tb - 1);
int bottom_left_size = (FFMIN(y0 + 2 * size_in_luma_v, s->ps.sps->height) -
(y0 + size_in_luma_v)) >> vshift;

4
libavcodec/jpeg2000dec.c
View File

@ -2207,8 +2207,12 @@ static int jp2_find_codestream(Jpeg2000DecoderContext *s)
return 0;
}
atom_size = bytestream2_get_be32u(&s->g);
if (atom_size < 16 || (int64_t)bytestream2_tell(&s->g) + atom_size - 16 > INT_MAX)
return AVERROR_INVALIDDATA;
atom_end = bytestream2_tell(&s->g) + atom_size - 16;
} else {
if (atom_size < 8 || (int64_t)bytestream2_tell(&s->g) + atom_size - 8 > INT_MAX)
return AVERROR_INVALIDDATA;
atom_end = bytestream2_tell(&s->g) + atom_size - 8;
}

2
libavcodec/jpeglsdec.c
View File

@ -149,7 +149,7 @@ static inline int ls_get_code_regular(GetBitContext *gb, JLSState *state, int Q)
{
int k, ret;
for (k = 0; (state->N[Q] << k) < state->A[Q]; k++)
for (k = 0; ((unsigned)state->N[Q] << k) < state->A[Q]; k++)
;
#ifdef JLS_BROKEN

3
libavcodec/magicyuv.c
View File

@ -695,6 +695,9 @@ static int magy_decode_frame(AVCodecContext *avctx, void *data,
s->slices[i][j].start = offset + header_size;
s->slices[i][j].size = avpkt->size - s->slices[i][j].start;
if (s->slices[i][j].size < 2)
return AVERROR_INVALIDDATA;
}
if (bytestream2_get_byte(&gbyte) != s->planes)

8
libavcodec/mpc.c
View File

@ -75,17 +75,17 @@ void ff_mpc_dequantize_and_synth(MPCContext * c, int maxband, int16_t **out,
j = 0;
mul = (mpc_CC+1)[bands[i].res[ch]] * mpc_SCF[bands[i].scf_idx[ch][0] & 0xFF];
for(; j < 12; j++)
c->sb_samples[ch][j][i] = mul * c->Q[ch][j + off];
c->sb_samples[ch][j][i] = av_clipf(mul * c->Q[ch][j + off], INT32_MIN, INT32_MAX);
mul = (mpc_CC+1)[bands[i].res[ch]] * mpc_SCF[bands[i].scf_idx[ch][1] & 0xFF];
for(; j < 24; j++)
c->sb_samples[ch][j][i] = mul * c->Q[ch][j + off];
c->sb_samples[ch][j][i] = av_clipf(mul * c->Q[ch][j + off], INT32_MIN, INT32_MAX);
mul = (mpc_CC+1)[bands[i].res[ch]] * mpc_SCF[bands[i].scf_idx[ch][2] & 0xFF];
for(; j < 36; j++)
c->sb_samples[ch][j][i] = mul * c->Q[ch][j + off];
c->sb_samples[ch][j][i] = av_clipf(mul * c->Q[ch][j + off], INT32_MIN, INT32_MAX);
}
}
if(bands[i].msf){
int t1, t2;
unsigned t1, t2;
for(j = 0; j < SAMPLES_PER_BAND; j++){
t1 = c->sb_samples[0][j][i];
t2 = c->sb_samples[1][j][i];

67
libavcodec/mv30.c
View File

@ -102,25 +102,25 @@ static void get_qtable(int16_t *table, int quant, const uint8_t *quant_tab)
}
}
static inline void idct_1d(int *blk, int step)
static inline void idct_1d(unsigned *blk, int step)
{
const int t0 = blk[0 * step] + blk[4 * step];
const int t1 = blk[0 * step] - blk[4 * step];
const int t2 = blk[2 * step] + blk[6 * step];
const int t3 = ((int)((blk[2 * step] - blk[6 * step]) * 362U) >> 8) - t2;
const int t4 = t0 + t2;
const int t5 = t0 - t2;
const int t6 = t1 + t3;
const int t7 = t1 - t3;
const int t8 = blk[5 * step] + blk[3 * step];
const int t9 = blk[5 * step] - blk[3 * step];
const int tA = blk[1 * step] + blk[7 * step];
const int tB = blk[1 * step] - blk[7 * step];
const int tC = t8 + tA;
const int tD = (int)((tB + t9) * 473U) >> 8;
const int tE = (((int)(t9 * -669U) >> 8) - tC) + tD;
const int tF = ((int)((tA - t8) * 362U) >> 8) - tE;
const int t10 = (((int)(tB * 277U) >> 8) - tD) + tF;
const unsigned t0 = blk[0 * step] + blk[4 * step];
const unsigned t1 = blk[0 * step] - blk[4 * step];
const unsigned t2 = blk[2 * step] + blk[6 * step];
const unsigned t3 = ((int)((blk[2 * step] - blk[6 * step]) * 362U) >> 8) - t2;
const unsigned t4 = t0 + t2;
const unsigned t5 = t0 - t2;
const unsigned t6 = t1 + t3;
const unsigned t7 = t1 - t3;
const unsigned t8 = blk[5 * step] + blk[3 * step];
const unsigned t9 = blk[5 * step] - blk[3 * step];
const unsigned tA = blk[1 * step] + blk[7 * step];
const unsigned tB = blk[1 * step] - blk[7 * step];
const unsigned tC = t8 + tA;
const unsigned tD = (int)((tB + t9) * 473U) >> 8;
const unsigned tE = (((int)(t9 * -669U) >> 8) - tC) + tD;
const unsigned tF = ((int)((tA - t8) * 362U) >> 8) - tE;
const unsigned t10 = (((int)(tB * 277U) >> 8) - tD) + tF;
blk[0 * step] = t4 + tC;
blk[1 * step] = t6 + tE;
@ -198,12 +198,12 @@ static void idct_add(uint8_t *dst, int stride,
static inline void idct2_1d(int *blk, int step)
{
const int t0 = blk[0 * step];
const int t1 = blk[1 * step];
const int t2 = (int)(t1 * 473U) >> 8;
const int t3 = t2 - t1;
const int t4 = ((int)(t1 * 362U) >> 8) - t3;
const int t5 = (((int)(t1 * 277U) >> 8) - t2) + t4;
const unsigned int t0 = blk[0 * step];
const unsigned int t1 = blk[1 * step];
const unsigned int t2 = (int)(t1 * 473U) >> 8;
const unsigned int t3 = t2 - t1;
const unsigned int t4 = ((int)(t1 * 362U) >> 8) - t3;
const unsigned int t5 = (((int)(t1 * 277U) >> 8) - t2) + t4;
blk[0 * step] = t1 + t0;
blk[1 * step] = t0 + t3;
@ -305,14 +305,14 @@ static int decode_intra_block(AVCodecContext *avctx, int mode,
case 1:
fill = sign_extend(bytestream2_get_ne16(gbyte), 16);
pfill[0] += fill;
block[0] = ((pfill[0] * qtab[0]) >> 5) + 128;
block[0] = ((int)((unsigned)pfill[0] * qtab[0]) >> 5) + 128;
s->bdsp.fill_block_tab[1](dst, block[0], linesize, 8);
break;
case 2:
memset(block, 0, sizeof(*block) * 64);
fill = sign_extend(bytestream2_get_ne16(gbyte), 16);
pfill[0] += fill;
block[0] = pfill[0] * qtab[0];
block[0] = (unsigned)pfill[0] * qtab[0];
block[1] = sign_extend(bytestream2_get_ne16(gbyte), 16) * qtab[1];
block[8] = sign_extend(bytestream2_get_ne16(gbyte), 16) * qtab[8];
block[9] = sign_extend(bytestream2_get_ne16(gbyte), 16) * qtab[9];
@ -321,7 +321,7 @@ static int decode_intra_block(AVCodecContext *avctx, int mode,
case 3:
fill = sign_extend(bytestream2_get_ne16(gbyte), 16);
pfill[0] += fill;
block[0] = pfill[0] * qtab[0];
block[0] = (unsigned)pfill[0] * qtab[0];
for (int i = 1; i < 64; i++)
block[zigzag[i]] = sign_extend(bytestream2_get_ne16(gbyte), 16) * qtab[zigzag[i]];
idct_put(dst, linesize, block);
@ -346,14 +346,14 @@ static int decode_inter_block(AVCodecContext *avctx, int mode,
case 1:
fill = sign_extend(bytestream2_get_ne16(gbyte), 16);
pfill[0] += fill;
block[0] = (pfill[0] * qtab[0]) >> 5;
block[0] = (int)((unsigned)pfill[0] * qtab[0]) >> 5;
update_inter_block(dst, linesize, src, in_linesize, block[0]);
break;
case 2:
memset(block, 0, sizeof(*block) * 64);
fill = sign_extend(bytestream2_get_ne16(gbyte), 16);
pfill[0] += fill;
block[0] = pfill[0] * qtab[0];
block[0] = (unsigned)pfill[0] * qtab[0];
block[1] = sign_extend(bytestream2_get_ne16(gbyte), 16) * qtab[1];
block[8] = sign_extend(bytestream2_get_ne16(gbyte), 16) * qtab[8];
block[9] = sign_extend(bytestream2_get_ne16(gbyte), 16) * qtab[9];
@ -362,7 +362,7 @@ static int decode_inter_block(AVCodecContext *avctx, int mode,
case 3:
fill = sign_extend(bytestream2_get_ne16(gbyte), 16);
pfill[0] += fill;
block[0] = pfill[0] * qtab[0];
block[0] = (unsigned)pfill[0] * qtab[0];
for (int i = 1; i < 64; i++)
block[zigzag[i]] = sign_extend(bytestream2_get_ne16(gbyte), 16) * qtab[zigzag[i]];
idct_add(dst, linesize, src, in_linesize, block);
@ -531,8 +531,13 @@ static int decode_inter(AVCodecContext *avctx, GetBitContext *gb,
for (int x = 0; x < avctx->width; x += 16) {
if (cnt >= 4)
cnt = 0;
if (cnt == 0)
if (cnt == 0) {
if (get_bits_left(&mask) < 8) {
ret = AVERROR_INVALIDDATA;
goto fail;
}
flags = get_bits(&mask, 8);
}
dst[0] = frame->data[0] + linesize[0] * y + x;
dst[1] = frame->data[0] + linesize[0] * y + x + 8;

3
libavcodec/mxpegdec.c
View File

@ -247,16 +247,17 @@ static int mxpeg_decode_frame(AVCodecContext *avctx,
"Multiple SOF in a frame\n");
return AVERROR_INVALIDDATA;
}
s->got_sof_data = 0;
ret = ff_mjpeg_decode_sof(jpg);
if (ret < 0) {
av_log(avctx, AV_LOG_ERROR,
"SOF data decode error\n");
s->got_sof_data = 0;
return ret;
}
if (jpg->interlaced) {
av_log(avctx, AV_LOG_ERROR,
"Interlaced mode not supported in MxPEG\n");
s->got_sof_data = 0;
return AVERROR(EINVAL);
}
s->got_sof_data ++;

2
libavcodec/nvenc.c
View File

@ -1829,7 +1829,7 @@ static int nvenc_set_timestamp(AVCodecContext *avctx,
pkt->pts = params->outputTimeStamp;
pkt->dts = timestamp_queue_dequeue(ctx->timestamp_list);
pkt->dts -= FFMAX(avctx->max_b_frames, 0) * FFMIN(avctx->ticks_per_frame, 1);
pkt->dts -= FFMAX(avctx->max_b_frames, 0) * FFMAX(avctx->ticks_per_frame, 1);
return 0;
}

28
libavcodec/opus_silk.c
View File

@ -506,7 +506,8 @@ static inline void silk_decode_excitation(SilkContext *s, OpusRangeCoder *rc,
#define LTP_ORDER 5
static void silk_decode_frame(SilkContext *s, OpusRangeCoder *rc,
int frame_num, int channel, int coded_channels, int active, int active1)
int frame_num, int channel, int coded_channels,
int active, int active1, int redundant)
{
/* per frame */
int voiced; // combines with active to indicate inactive, active, or active+voiced
@ -665,8 +666,9 @@ static void silk_decode_frame(SilkContext *s, OpusRangeCoder *rc,
silk_decode_excitation(s, rc, residual + SILK_MAX_LAG, qoffset_high,
active, voiced);
/* skip synthesising the side channel if we want mono-only */
if (s->output_channels == channel)
/* skip synthesising the output if we do not need it */
// TODO: implement error recovery
if (s->output_channels == channel || redundant)
return;
/* generate the output signal */
@ -814,15 +816,27 @@ int ff_silk_decode_superframe(SilkContext *s, OpusRangeCoder *rc,
active[i][j] = ff_opus_rc_dec_log(rc, 1);
redundancy[i] = ff_opus_rc_dec_log(rc, 1);
if (redundancy[i]) {
avpriv_report_missing_feature(s->avctx, "LBRR frames");
return AVERROR_PATCHWELCOME;
}
/* read the per-frame LBRR flags */
for (i = 0; i < coded_channels; i++)
if (redundancy[i] && duration_ms > 20) {
redundancy[i] = ff_opus_rc_dec_cdf(rc, duration_ms == 40 ?
ff_silk_model_lbrr_flags_40 : ff_silk_model_lbrr_flags_60);
}
/* decode the LBRR frames */
for (i = 0; i < nb_frames; i++) {
for (j = 0; j < coded_channels; j++)
if (redundancy[j] & (1 << i)) {
int active1 = (j == 0 && !(redundancy[1] & (1 << i))) ? 0 : 1;
silk_decode_frame(s, rc, i, j, coded_channels, 1, active1, 1);
}
}
for (i = 0; i < nb_frames; i++) {
for (j = 0; j < coded_channels && !s->midonly; j++)
silk_decode_frame(s, rc, i, j, coded_channels, active[j][i], active[1][i]);
silk_decode_frame(s, rc, i, j, coded_channels, active[j][i], active[1][i], 0);
/* reset the side channel if it is not coded */
if (s->midonly && s->frame[1].coded)

3
libavcodec/opustab.c
View File

@ -26,6 +26,9 @@ const uint8_t ff_opus_default_coupled_streams[] = { 0, 1, 1, 2, 2, 2, 2, 3 };
const uint8_t ff_celt_band_end[] = { 13, 17, 17, 19, 21 };
const uint16_t ff_silk_model_lbrr_flags_40[] = { 256, 0, 53, 106, 256 };
const uint16_t ff_silk_model_lbrr_flags_60[] = { 256, 0, 41, 61, 90, 131, 146, 174, 256 };
const uint16_t ff_silk_model_stereo_s1[] = {
256, 7, 9, 10, 11, 12, 22, 46, 54, 55, 56, 59, 82, 174, 197, 200,
201, 202, 210, 234, 244, 245, 246, 247, 249, 256

3
libavcodec/opustab.h
View File

@ -31,6 +31,9 @@ extern const uint8_t ff_celt_band_end[];
extern const uint8_t ff_opus_default_coupled_streams[];
extern const uint16_t ff_silk_model_lbrr_flags_40[];
extern const uint16_t ff_silk_model_lbrr_flags_60[];
extern const uint16_t ff_silk_model_stereo_s1[];
extern const uint16_t ff_silk_model_stereo_s2[];
extern const uint16_t ff_silk_model_stereo_s3[];

6
libavcodec/pnm_parser.c
View File

@ -109,8 +109,10 @@ retry:
if (next == END_NOT_FOUND)
pnmpc->ascii_scan = sync - pnmctx.bytestream + skip;
} else {
next = pnmctx.bytestream - pnmctx.bytestream_start + skip
+ av_image_get_buffer_size(avctx->pix_fmt, avctx->width, avctx->height, 1);
int ret = av_image_get_buffer_size(avctx->pix_fmt, avctx->width, avctx->height, 1);
next = pnmctx.bytestream - pnmctx.bytestream_start + skip;
if (ret >= 0)
next += ret;
}
if (next != END_NOT_FOUND && pnmctx.bytestream_start != buf + skip)
next -= pc->index;

3
libavcodec/rasc.c
View File

@ -70,6 +70,9 @@ static void clear_plane(AVCodecContext *avctx, AVFrame *frame)
RASCContext *s = avctx->priv_data;
uint8_t *dst = frame->data[0];
if (!dst)
return;
for (int y = 0; y < avctx->height; y++) {
memset(dst, 0, avctx->width * s->bpp);
dst += frame->linesize[0];

4
libavcodec/rscc.c
View File

@ -300,6 +300,10 @@ static int rscc_decode_frame(AVCodecContext *avctx, void *data,
ret = AVERROR_INVALIDDATA;
goto end;
}
if (ctx->inflated_size < pixel_size) {
ret = AVERROR_INVALIDDATA;
goto end;
}
ret = uncompress(ctx->inflated_buf, &len, gbc->buffer, packed_size);
if (ret) {
av_log(avctx, AV_LOG_ERROR, "Pixel deflate error %d.\n", ret);

3
libavcodec/simple_idct.c
View File

@ -175,7 +175,8 @@ static inline void idct4col_add(uint8_t *dest, ptrdiff_t line_size, const int16_
#define R_SHIFT 11
static inline void idct4row(int16_t *row)
{
int c0, c1, c2, c3, a0, a1, a2, a3;
unsigned c0, c1, c2, c3;
int a0, a1, a2, a3;
a0 = row[0];
a1 = row[1];

4
libavcodec/siren.c
View File

@ -341,12 +341,12 @@ static const float mlt_quant[7][14] = {
{ 0.0f, 1.964f, 0.0f, 0.0f, 0.0f, 0.0f, 0.0f, 0.0f, 0.0f, 0.0f, 0.0f, 0.0f, 0.0f, 0.0f }
};
static const float noise_category5[20] = {
static const float noise_category5[21] = {
0.70711f, 0.6179f, 0.5005f, 0.3220f, 0.17678f, 0.17678f, 0.17678f, 0.17678f, 0.17678f, 0.17678f, 0.17678f,
0.17678f, 0.17678f, 0.17678f, 0.17678f, 0.17678f, 0.17678f, 0.17678f, 0.17678f, 0.17678f
};
static const float noise_category6[20] = {
static const float noise_category6[21] = {
0.70711f, 0.5686f, 0.3563f, 0.25f, 0.25f, 0.25f, 0.25f, 0.25f, 0.25f, 0.25f, 0.25f, 0.25f,
0.25f, 0.25f, 0.25f, 0.25f, 0.25f, 0.25f, 0.25f, 0.25f
};

2
libavcodec/smacker.c
View File

@ -491,6 +491,8 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
case SMK_BLK_FULL:
mode = 0;
if(avctx->codec_tag == MKTAG('S', 'M', 'K', '4')) { // In case of Smacker v4 we have three modes
if (get_bits_left(&gb) < 1)
return AVERROR_INVALIDDATA;
if(get_bits1(&gb)) mode = 1;
else if(get_bits1(&gb)) mode = 2;
}

5
libavcodec/snowdec.c
View File

@ -369,7 +369,10 @@ static int decode_header(SnowContext *s){
htaps = htaps*2 + 2;
p->htaps= htaps;
for(i= htaps/2; i; i--){
p->hcoeff[i]= get_symbol(&s->c, s->header_state, 0) * (1-2*(i&1));
unsigned hcoeff = get_symbol(&s->c, s->header_state, 0);
if (hcoeff > 127)
return AVERROR_INVALIDDATA;
p->hcoeff[i]= hcoeff * (1-2*(i&1));
sum += p->hcoeff[i];
}
p->hcoeff[0]= 32-sum;

7
libavcodec/sonic.c
View File

@ -980,9 +980,7 @@ static av_cold int sonic_decode_close(AVCodecContext *avctx)
av_freep(&s->int_samples);
av_freep(&s->tap_quant);
av_freep(&s->predictor_k);
for (i = 0; i < s->channels; i++)
{
for (i = 0; i < MAX_CHANNELS; i++) {
av_freep(&s->predictor_state[i]);
av_freep(&s->coded_samples[i]);
}
@ -1033,6 +1031,9 @@ static int sonic_decode_frame(AVCodecContext *avctx,
{
int x = ch;
if (c.overread > MAX_OVERREAD)
return AVERROR_INVALIDDATA;
predictor_init_state(s->predictor_k, s->predictor_state[ch], s->num_taps);
intlist_read(&c, state, s->coded_samples[ch], s->block_align, 1);

2
libavcodec/takdsp.c
View File

@ -65,7 +65,7 @@ static void decorrelate_sf(int32_t *p1, int32_t *p2, int length, int dshift, int
for (i = 0; i < length; i++) {
int32_t a = p1[i];
int32_t b = p2[i];
b = dfactor * (b >> dshift) + 128 >> 8 << dshift;
b = (unsigned)(dfactor * (b >> dshift) + 128 >> 8) << dshift;
p1[i] = b - a;
}
}

21
libavcodec/tdsc.c
View File

@ -390,7 +390,7 @@ static int tdsc_decode_tiles(AVCodecContext *avctx, int number_tiles)
for (i = 0; i < number_tiles; i++) {
int tile_size;
int tile_mode;
int x, y, w, h;
int x, y, x2, y2, w, h;
int ret;
if (bytestream2_get_bytes_left(&ctx->gbc) < 4 ||
@ -408,20 +408,19 @@ static int tdsc_decode_tiles(AVCodecContext *avctx, int number_tiles)
bytestream2_skip(&ctx->gbc, 4); // unknown
x = bytestream2_get_le32(&ctx->gbc);
y = bytestream2_get_le32(&ctx->gbc);
w = bytestream2_get_le32(&ctx->gbc) - x;
h = bytestream2_get_le32(&ctx->gbc) - y;
x2 = bytestream2_get_le32(&ctx->gbc);
y2 = bytestream2_get_le32(&ctx->gbc);
if (x >= ctx->width || y >= ctx->height) {
if (x < 0 || y < 0 || x2 <= x || y2 <= y ||
x2 > ctx->width || y2 > ctx->height
) {
av_log(avctx, AV_LOG_ERROR,
"Invalid tile position (%d.%d outside %dx%d).\n",
x, y, ctx->width, ctx->height);
return AVERROR_INVALIDDATA;
}
if (x + w > ctx->width || y + h > ctx->height) {
av_log(avctx, AV_LOG_ERROR,
"Invalid tile size %dx%d\n", w, h);
"Invalid tile position (%d.%d %d.%d outside %dx%d).\n",
x, y, x2, y2, ctx->width, ctx->height);
return AVERROR_INVALIDDATA;
}
w = x2 - x;
h = y2 - y;
ret = av_reallocp(&ctx->tilebuffer, tile_size);
if (!ctx->tilebuffer)

38
libavcodec/tiff.c
View File

@ -79,6 +79,7 @@ typedef struct TiffContext {
int fill_order;
uint32_t res[4];
int is_thumbnail;
unsigned last_tag;
int is_bayer;
uint8_t pattern[4];
@ -709,7 +710,7 @@ static int tiff_unpack_strip(TiffContext *s, AVFrame *p, uint8_t *dst, int strid
if (is_dng) {
int is_u16, pixel_size_bytes, pixel_size_bits, elements;
is_u16 = (s->bpp > 8);
is_u16 = (s->bpp / s->bppcount > 8);
pixel_size_bits = (is_u16 ? 16 : 8);
pixel_size_bytes = (is_u16 ? sizeof(uint16_t) : sizeof(uint8_t));
@ -918,6 +919,11 @@ static int dng_decode_jpeg(AVCodecContext *avctx, AVFrame *frame,
/* Copy the outputted tile's pixels from 'jpgframe' to 'frame' (final buffer) */
if (s->jpgframe->width != s->avctx_mjpeg->width ||
s->jpgframe->height != s->avctx_mjpeg->height ||
s->jpgframe->format != s->avctx_mjpeg->pix_fmt)
return AVERROR_INVALIDDATA;
/* See dng_blit for explanation */
if (s->avctx_mjpeg->width == w * 2 &&
s->avctx_mjpeg->height == h / 2 &&
@ -1252,6 +1258,12 @@ static int tiff_decode_tag(TiffContext *s, AVFrame *frame)
if (ret < 0) {
goto end;
}
if (tag <= s->last_tag)
return AVERROR_INVALIDDATA;
// We ignore TIFF_STRIP_SIZE as it is sometimes in the logic but wrong order around TIFF_STRIP_OFFS
if (tag != TIFF_STRIP_SIZE)
s->last_tag = tag;
off = bytestream2_tell(&s->gb);
if (count == 1) {
@ -1290,7 +1302,7 @@ static int tiff_decode_tag(TiffContext *s, AVFrame *frame)
s->height = value;
break;
case TIFF_BPP:
if (count > 5U) {
if (count > 5 || count <= 0) {
av_log(s->avctx, AV_LOG_ERROR,
"This format is not supported (bpp=%d, %d components)\n",
value, count);
@ -1321,9 +1333,9 @@ static int tiff_decode_tag(TiffContext *s, AVFrame *frame)
"Samples per pixel requires a single value, many provided\n");
return AVERROR_INVALIDDATA;
}
if (value > 5U) {
if (value > 5 || value <= 0) {
av_log(s->avctx, AV_LOG_ERROR,
"Samples per pixel %d is too large\n", value);
"Invalid samples per pixel %d\n", value);
return AVERROR_INVALIDDATA;
}
if (s->bppcount == 1)
@ -1434,7 +1446,9 @@ static int tiff_decode_tag(TiffContext *s, AVFrame *frame)
s->sub_ifd = ff_tget(&s->gb, TIFF_LONG, s->le); /** Only get the first SubIFD */
break;
case DNG_LINEARIZATION_TABLE:
for (int i = 0; i < FFMIN(count, 1 << s->bpp); i++)
if (count > FF_ARRAY_ELEMS(s->dng_lut))
return AVERROR_INVALIDDATA;
for (int i = 0; i < count; i++)
s->dng_lut[i] = ff_tget(&s->gb, type, s->le);
break;
case DNG_BLACK_LEVEL:
@ -1805,6 +1819,7 @@ again:
s->is_tiled = 0;
s->is_jpeg = 0;
s->cur_page = 0;
s->last_tag = 0;
for (i = 0; i < 65536; i++)
s->dng_lut[i] = i;
@ -1883,8 +1898,14 @@ again:
if (is_dng) {
int bps;
if (s->bpp % s->bppcount)
return AVERROR_INVALIDDATA;
bps = s->bpp / s->bppcount;
if (bps < 8 || bps > 32)
return AVERROR_INVALIDDATA;
if (s->white_level == 0)
s->white_level = (1 << s->bpp) - 1; /* Default value as per the spec */
s->white_level = (1LL << bps) - 1; /* Default value as per the spec */
if (s->white_level <= s->black_level) {
av_log(avctx, AV_LOG_ERROR, "BlackLevel (%"PRId32") must be less than WhiteLevel (%"PRId32")\n",
@ -1892,11 +1913,6 @@ again:
return AVERROR_INVALIDDATA;
}
if (s->bpp % s->bppcount)
return AVERROR_INVALIDDATA;
bps = s->bpp / s->bppcount;
if (bps < 8 || bps > 32)
return AVERROR_INVALIDDATA;
if (s->planar)
return AVERROR_PATCHWELCOME;
}

30
libavcodec/utils.c
View File

@ -511,7 +511,14 @@ static int64_t get_bit_rate(AVCodecContext *ctx)
break;
case AVMEDIA_TYPE_AUDIO:
bits_per_sample = av_get_bits_per_sample(ctx->codec_id);
bit_rate = bits_per_sample ? ctx->sample_rate * (int64_t)ctx->channels * bits_per_sample : ctx->bit_rate;
if (bits_per_sample) {
bit_rate = ctx->sample_rate * (int64_t)ctx->channels;
if (bit_rate > INT64_MAX / bits_per_sample) {
bit_rate = 0;
} else
bit_rate *= bits_per_sample;
} else
bit_rate = ctx->bit_rate;
break;
default:
bit_rate = 0;
@ -1594,7 +1601,10 @@ static int get_audio_frame_duration(enum AVCodecID id, int sr, int ch, int ba,
case AV_CODEC_ID_MP1: return 384;
case AV_CODEC_ID_ATRAC1: return 512;
case AV_CODEC_ID_ATRAC9:
case AV_CODEC_ID_ATRAC3: return 1024 * framecount;
case AV_CODEC_ID_ATRAC3:
if (framecount > INT_MAX/1024)
return 0;
return 1024 * framecount;
case AV_CODEC_ID_ATRAC3P: return 2048;
case AV_CODEC_ID_MP2:
case AV_CODEC_ID_MUSEPACK7: return 1152;
@ -1610,9 +1620,12 @@ static int get_audio_frame_duration(enum AVCodecID id, int sr, int ch, int ba,
if (ch > 0) {
/* calc from sample rate and channels */
if (id == AV_CODEC_ID_BINKAUDIO_DCT)
if (id == AV_CODEC_ID_BINKAUDIO_DCT) {
if (sr / 22050 > 22)
return 0;
return (480 << (sr / 22050)) / ch;
}
}
if (id == AV_CODEC_ID_MP3)
return sr <= 24000 ? 576 : 1152;
@ -1657,7 +1670,10 @@ static int get_audio_frame_duration(enum AVCodecID id, int sr, int ch, int ba,
return frame_bytes / (9 * ch) * 16;
case AV_CODEC_ID_ADPCM_PSX:
case AV_CODEC_ID_ADPCM_DTK:
return frame_bytes / (16 * ch) * 28;
frame_bytes /= 16 * ch;
if (frame_bytes > INT_MAX / 28)
return 0;
return frame_bytes * 28;
case AV_CODEC_ID_ADPCM_4XM:
case AV_CODEC_ID_ADPCM_IMA_DAT4:
case AV_CODEC_ID_ADPCM_IMA_ISS:
@ -1755,22 +1771,20 @@ static int get_audio_frame_duration(enum AVCodecID id, int sr, int ch, int ba,
int av_get_audio_frame_duration(AVCodecContext *avctx, int frame_bytes)
{
int duration = get_audio_frame_duration(avctx->codec_id, avctx->sample_rate,
return get_audio_frame_duration(avctx->codec_id, avctx->sample_rate,
avctx->channels, avctx->block_align,
avctx->codec_tag, avctx->bits_per_coded_sample,
avctx->bit_rate, avctx->extradata, avctx->frame_size,
frame_bytes);
return FFMAX(0, duration);
}
int av_get_audio_frame_duration2(AVCodecParameters *par, int frame_bytes)
{
int duration = get_audio_frame_duration(par->codec_id, par->sample_rate,
return get_audio_frame_duration(par->codec_id, par->sample_rate,
par->channels, par->block_align,
par->codec_tag, par->bits_per_coded_sample,
par->bit_rate, par->extradata, par->frame_size,
frame_bytes);
return FFMAX(0, duration);
}
#if !HAVE_THREADS

6
libavcodec/v4l2_m2m.c
View File

@ -329,7 +329,6 @@ static void v4l2_m2m_destroy_context(void *opaque, uint8_t *context)
sem_destroy(&s->refsync);
close(s->fd);
av_packet_unref(&s->buf_pkt);
av_free(s);
}
@ -339,10 +338,6 @@ int ff_v4l2_m2m_codec_end(V4L2m2mPriv *priv)
V4L2m2mContext *s = priv->context;
int ret;
if (!s)
return 0;
if (s->fd >= 0) {
ret = ff_v4l2_context_set_status(&s->output, VIDIOC_STREAMOFF);
if (ret)
av_log(s->avctx, AV_LOG_ERROR, "VIDIOC_STREAMOFF %s\n", s->output.name);
@ -350,7 +345,6 @@ int ff_v4l2_m2m_codec_end(V4L2m2mPriv *priv)
ret = ff_v4l2_context_set_status(&s->capture, VIDIOC_STREAMOFF);
if (ret)
av_log(s->avctx, AV_LOG_ERROR, "VIDIOC_STREAMOFF %s\n", s->capture.name);
}
ff_v4l2_context_release(&s->output);

10
libavcodec/v4l2_m2m_dec.c
View File

@ -212,6 +212,9 @@ static av_cold int v4l2_decode_init(AVCodecContext *avctx)
ret = ff_v4l2_m2m_codec_init(priv);
if (ret) {
av_log(avctx, AV_LOG_ERROR, "can't configure decoder\n");
s->self_ref = NULL;
av_buffer_unref(&priv->context_ref);
return ret;
}
@ -220,7 +223,10 @@ static av_cold int v4l2_decode_init(AVCodecContext *avctx)
static av_cold int v4l2_decode_close(AVCodecContext *avctx)
{
return ff_v4l2_m2m_codec_end(avctx->priv_data);
V4L2m2mPriv *priv = avctx->priv_data;
V4L2m2mContext *s = priv->context;
av_packet_unref(&s->buf_pkt);
return ff_v4l2_m2m_codec_end(priv);
}
#define OFFSET(x) offsetof(V4L2m2mPriv, x)
@ -255,7 +261,7 @@ static const AVOption options[] = {
.close = v4l2_decode_close, \
.bsfs = bsf_name, \
.capabilities = AV_CODEC_CAP_HARDWARE | AV_CODEC_CAP_DELAY | AV_CODEC_CAP_AVOID_PROBING, \
.caps_internal = FF_CODEC_CAP_SETS_PKT_DTS | FF_CODEC_CAP_INIT_CLEANUP, \
.caps_internal = FF_CODEC_CAP_SETS_PKT_DTS, \
.wrapper_name = "v4l2m2m", \
}

1
libavcodec/v4l2_m2m_enc.c
View File

@ -416,7 +416,6 @@ static const AVCodecDefault v4l2_m2m_defaults[] = {
.close = v4l2_encode_close, \
.defaults = v4l2_m2m_defaults, \
.capabilities = AV_CODEC_CAP_HARDWARE | AV_CODEC_CAP_DELAY, \
.caps_internal = FF_CODEC_CAP_INIT_CLEANUP, \
.wrapper_name = "v4l2m2m", \
}

4
libavcodec/vc1_block.c
View File

@ -1080,7 +1080,7 @@ static int vc1_decode_intra_block(VC1Context *v, int16_t block[64], int n,
q2 = FFABS(q2) * 2 + ((q2 < 0) ? 0 : v->halfpq) - 1;
if (q2 && q1 != q2) {
for (k = 1; k < 8; k++)
ac_val2[k] = (ac_val2[k] * q2 * ff_vc1_dqscale[q1 - 1] + 0x20000) >> 18;
ac_val2[k] = (int)(ac_val2[k] * (unsigned)q2 * ff_vc1_dqscale[q1 - 1] + 0x20000) >> 18;
}
}
} else { // top
@ -1093,7 +1093,7 @@ static int vc1_decode_intra_block(VC1Context *v, int16_t block[64], int n,
q2 = FFABS(q2) * 2 + ((q2 < 0) ? 0 : v->halfpq) - 1;
if (q2 && q1 != q2) {
for (k = 1; k < 8; k++)
ac_val2[k + 8] = (ac_val2[k + 8] * q2 * ff_vc1_dqscale[q1 - 1] + 0x20000) >> 18;
ac_val2[k + 8] = (int)(ac_val2[k + 8] * (unsigned)q2 * ff_vc1_dqscale[q1 - 1] + 0x20000) >> 18;
}
}
}

3
libavcodec/vp3.c
View File

@ -2920,6 +2920,9 @@ static int theora_decode_header(AVCodecContext *avctx, GetBitContext *gb)
int ret;
AVRational fps, aspect;
if (get_bits_left(gb) < 206)
return AVERROR_INVALIDDATA;
s->theora_header = 0;
s->theora = get_bits(gb, 24);
av_log(avctx, AV_LOG_DEBUG, "Theora bitstream version %X\n", s->theora);

2
libavcodec/vp3dsp.c
View File

@ -490,5 +490,5 @@ void ff_vp3dsp_set_bounding_values(int * bounding_values_array, int filter_limit
}
if (value)
bounding_values[128] = value;
bounding_values[129] = bounding_values[130] = filter_limit * 0x02020202;
bounding_values[129] = bounding_values[130] = filter_limit * 0x02020202U;
}

2
libavcodec/vp8.c
View File

@ -2289,10 +2289,10 @@ int vp78_decode_mv_mb_modes(AVCodecContext *avctx, VP8Frame *curframe,
s->mv_bounds.mv_min.x = -MARGIN;
s->mv_bounds.mv_max.x = ((s->mb_width - 1) << 6) + MARGIN;
for (mb_x = 0; mb_x < s->mb_width; mb_x++, mb_xy++, mb++) {
if (vpX_rac_is_end(&s->c)) {
return AVERROR_INVALIDDATA;
}
for (mb_x = 0; mb_x < s->mb_width; mb_x++, mb_xy++, mb++) {
if (mb_y == 0)
AV_WN32A((mb - s->mb_width - 1)->intra4x4_pred_mode_top,
DC_PRED * 0x01010101);

80
libavcodec/vp9dsp_template.c
View File

@ -1138,7 +1138,7 @@ static void type_a##_##type_b##_##sz##x##sz##_add_c(uint8_t *_dst, \
for (j = 0; j < sz; j++) \
dst[j * stride] = av_clip_pixel(dst[j * stride] + \
(bits ? \
(t + (1 << (bits - 1))) >> bits : \
(int)(t + (1U << (bits - 1))) >> bits : \
t)); \
dst++; \
} \
@ -1153,7 +1153,7 @@ static void type_a##_##type_b##_##sz##x##sz##_add_c(uint8_t *_dst, \
for (j = 0; j < sz; j++) \
dst[j * stride] = av_clip_pixel(dst[j * stride] + \
(bits ? \
(out[j] + (1 << (bits - 1))) >> bits : \
(int)(out[j] + (1U << (bits - 1))) >> bits : \
out[j])); \
dst++; \
} \
@ -1260,25 +1260,25 @@ static av_always_inline void iadst8_1d(const dctcoef *in, ptrdiff_t stride,
t6 = (t2a - t6a + (1 << 13)) >> 14;
t7 = (t3a - t7a + (1 << 13)) >> 14;
t4a = 15137 * t4 + 6270 * t5;
t5a = 6270 * t4 - 15137 * t5;
t6a = 15137 * t7 - 6270 * t6;
t7a = 6270 * t7 + 15137 * t6;
t4a = 15137U * t4 + 6270U * t5;
t5a = 6270U * t4 - 15137U * t5;
t6a = 15137U * t7 - 6270U * t6;
t7a = 6270U * t7 + 15137U * t6;
out[0] = t0 + t2;
out[7] = -(t1 + t3);
t2 = t0 - t2;
t3 = t1 - t3;
out[1] = -((t4a + t6a + (1 << 13)) >> 14);
out[6] = (t5a + t7a + (1 << 13)) >> 14;
t6 = (t4a - t6a + (1 << 13)) >> 14;
t7 = (t5a - t7a + (1 << 13)) >> 14;
out[1] = -((dctint)((1U << 13) + t4a + t6a) >> 14);
out[6] = (dctint)((1U << 13) + t5a + t7a) >> 14;
t6 = (dctint)((1U << 13) + t4a - t6a) >> 14;
t7 = (dctint)((1U << 13) + t5a - t7a) >> 14;
out[3] = -(((t2 + t3) * 11585 + (1 << 13)) >> 14);
out[4] = ((t2 - t3) * 11585 + (1 << 13)) >> 14;
out[2] = ((t6 + t7) * 11585 + (1 << 13)) >> 14;
out[5] = -(((t6 - t7) * 11585 + (1 << 13)) >> 14);
out[3] = -((dctint)((t2 + t3) * 11585U + (1 << 13)) >> 14);
out[4] = (dctint)((t2 - t3) * 11585U + (1 << 13)) >> 14;
out[2] = (dctint)((t6 + t7) * 11585U + (1 << 13)) >> 14;
out[5] = -((dctint)((t6 - t7) * 11585U + (1 << 13)) >> 14);
}
itxfm_wrap(8, 5)
@ -1290,22 +1290,22 @@ static av_always_inline void idct16_1d(const dctcoef *in, ptrdiff_t stride,
dctint t0a, t1a, t2a, t3a, t4a, t5a, t6a, t7a;
dctint t8a, t9a, t10a, t11a, t12a, t13a, t14a, t15a;
t0a = ((IN(0) + IN(8)) * 11585 + (1 << 13)) >> 14;
t1a = ((IN(0) - IN(8)) * 11585 + (1 << 13)) >> 14;
t2a = (IN(4) * 6270 - IN(12) * 15137 + (1 << 13)) >> 14;
t3a = (IN(4) * 15137 + IN(12) * 6270 + (1 << 13)) >> 14;
t4a = (IN(2) * 3196 - IN(14) * 16069 + (1 << 13)) >> 14;
t7a = (IN(2) * 16069 + IN(14) * 3196 + (1 << 13)) >> 14;
t5a = (IN(10) * 13623 - IN(6) * 9102 + (1 << 13)) >> 14;
t6a = (IN(10) * 9102 + IN(6) * 13623 + (1 << 13)) >> 14;
t8a = (IN(1) * 1606 - IN(15) * 16305 + (1 << 13)) >> 14;
t15a = (IN(1) * 16305 + IN(15) * 1606 + (1 << 13)) >> 14;
t9a = (IN(9) * 12665 - IN(7) * 10394 + (1 << 13)) >> 14;
t14a = (IN(9) * 10394 + IN(7) * 12665 + (1 << 13)) >> 14;
t10a = (IN(5) * 7723 - IN(11) * 14449 + (1 << 13)) >> 14;
t13a = (IN(5) * 14449 + IN(11) * 7723 + (1 << 13)) >> 14;
t11a = (IN(13) * 15679 - IN(3) * 4756 + (1 << 13)) >> 14;
t12a = (IN(13) * 4756 + IN(3) * 15679 + (1 << 13)) >> 14;
t0a = (dctint)((IN(0) + IN(8)) * 11585U + (1 << 13)) >> 14;
t1a = (dctint)((IN(0) - IN(8)) * 11585U + (1 << 13)) >> 14;
t2a = (dctint)(IN(4) * 6270U - IN(12) * 15137U + (1 << 13)) >> 14;
t3a = (dctint)(IN(4) * 15137U + IN(12) * 6270U + (1 << 13)) >> 14;
t4a = (dctint)(IN(2) * 3196U - IN(14) * 16069U + (1 << 13)) >> 14;
t7a = (dctint)(IN(2) * 16069U + IN(14) * 3196U + (1 << 13)) >> 14;
t5a = (dctint)(IN(10) * 13623U - IN(6) * 9102U + (1 << 13)) >> 14;
t6a = (dctint)(IN(10) * 9102U + IN(6) * 13623U + (1 << 13)) >> 14;
t8a = (dctint)(IN(1) * 1606U - IN(15) * 16305U + (1 << 13)) >> 14;
t15a = (dctint)(IN(1) * 16305U + IN(15) * 1606U + (1 << 13)) >> 14;
t9a = (dctint)(IN(9) * 12665U - IN(7) * 10394U + (1 << 13)) >> 14;
t14a = (dctint)(IN(9) * 10394U + IN(7) * 12665U + (1 << 13)) >> 14;
t10a = (dctint)(IN(5) * 7723U - IN(11) * 14449U + (1 << 13)) >> 14;
t13a = (dctint)(IN(5) * 14449U + IN(11) * 7723U + (1 << 13)) >> 14;
t11a = (dctint)(IN(13) * 15679U - IN(3) * 4756U + (1 << 13)) >> 14;
t12a = (dctint)(IN(13) * 4756U + IN(3) * 15679U + (1 << 13)) >> 14;
t0 = t0a + t3a;
t1 = t1a + t2a;
@ -1324,12 +1324,12 @@ static av_always_inline void idct16_1d(const dctcoef *in, ptrdiff_t stride,
t14 = t15a - t14a;
t15 = t15a + t14a;
t5a = ((t6 - t5) * 11585 + (1 << 13)) >> 14;
t6a = ((t6 + t5) * 11585 + (1 << 13)) >> 14;
t9a = ( t14 * 6270 - t9 * 15137 + (1 << 13)) >> 14;
t14a = ( t14 * 15137 + t9 * 6270 + (1 << 13)) >> 14;
t10a = (-(t13 * 15137 + t10 * 6270) + (1 << 13)) >> 14;
t13a = ( t13 * 6270 - t10 * 15137 + (1 << 13)) >> 14;
t5a = (dctint)((t6 - t5) * 11585U + (1 << 13)) >> 14;
t6a = (dctint)((t6 + t5) * 11585U + (1 << 13)) >> 14;
t9a = (dctint)( t14 * 6270U - t9 * 15137U + (1 << 13)) >> 14;
t14a = (dctint)( t14 * 15137U + t9 * 6270U + (1 << 13)) >> 14;
t10a = (dctint)(-(t13 * 15137U + t10 * 6270U) + (1 << 13)) >> 14;
t13a = (dctint)( t13 * 6270U - t10 * 15137U + (1 << 13)) >> 14;
t0a = t0 + t7;
t1a = t1 + t6a;
@ -1348,10 +1348,10 @@ static av_always_inline void idct16_1d(const dctcoef *in, ptrdiff_t stride,
t14 = t14a + t13a;
t15a = t15 + t12;
t10a = ((t13 - t10) * 11585 + (1 << 13)) >> 14;
t13a = ((t13 + t10) * 11585 + (1 << 13)) >> 14;
t11 = ((t12a - t11a) * 11585 + (1 << 13)) >> 14;
t12 = ((t12a + t11a) * 11585 + (1 << 13)) >> 14;
t10a = (dctint)((t13 - t10) * 11585U + (1 << 13)) >> 14;
t13a = (dctint)((t13 + t10) * 11585U + (1 << 13)) >> 14;
t11 = (dctint)((t12a - t11a) * 11585U + (1 << 13)) >> 14;
t12 = (dctint)((t12a + t11a) * 11585U + (1 << 13)) >> 14;
out[ 0] = t0a + t15a;
out[ 1] = t1a + t14;

2
libavcodec/wmalosslessdec.c
View File

@ -932,6 +932,8 @@ static int decode_subframe(WmallDecodeCtx *s)
s->do_lpc = 0;
}
if (get_bits_left(&s->gb) < 1)
return AVERROR_INVALIDDATA;
if (get_bits1(&s->gb))
padding_zeroes = get_bits(&s->gb, 5);

6
libavcodec/wmaprodec.c
View File

@ -1719,6 +1719,12 @@ static int decode_packet(AVCodecContext *avctx, WMAProDecodeCtx *s,
}
} else {
int frame_size;
if (avpkt->size < s->next_packet_start) {
s->packet_loss = 1;
return AVERROR_INVALIDDATA;
}
s->buf_bit_size = (avpkt->size - s->next_packet_start) << 3;
init_get_bits(gb, avpkt->data, s->buf_bit_size);
skip_bits(gb, s->packet_offset);

2
libavcodec/x86/h264_deblock.asm
View File

@ -1185,7 +1185,7 @@ cglobal deblock_h_chroma_8, 5, 7, 8, 0-16, pix_, stride_, alpha_, beta_, tc0_
STORE_8_ROWS PASS8ROWS(pix_q - 2, r5 - 2, stride_q, r6)
RET
cglobal deblock_h_chroma422_8, 5, 7, 8, 0-16, pix_, stride_, alpha_, beta_, tc0_,
cglobal deblock_h_chroma422_8, 5, 7, 8, 0-16, pix_, stride_, alpha_, beta_, tc0_
CHROMA_H_START_XMM r5, r6
LOAD_8_ROWS PASS8ROWS(pix_q - 2, r5 - 2, stride_q, r6)
TRANSPOSE_8x4B_XMM

4
libavfilter/vf_framerate.c
View File

@ -170,7 +170,9 @@ static int process_work_frame(AVFilterContext *ctx)
return 0;
if (!s->f0) {
s->work = av_frame_clone(s->f1);
av_assert1(s->flush);
s->work = s->f1;
s->f1 = NULL;
} else {
if (work_pts >= s->pts1 + s->delta && s->flush)
return 0;

3
libavfilter/vf_vmafmotion.c
View File

@ -238,9 +238,6 @@ int ff_vmafmotion_init(VMAFMotionData *s,
int i;
const AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(fmt);
if (w < 3 || h < 3)
return AVERROR(EINVAL);
s->width = w;
s->height = h;
s->stride = FFALIGN(w * sizeof(uint16_t), 32);

32
libavfilter/vf_yadif.c
View File

@ -123,22 +123,20 @@ static void filter_edges(void *dst1, void *prev1, void *cur1, void *next1,
uint8_t *next2 = parity ? cur : next;
const int edge = MAX_ALIGN - 1;
int offset = FFMAX(w - edge, 3);
/* Only edge pixels need to be processed here. A constant value of false
* for is_not_edge should let the compiler ignore the whole branch. */
FILTER(0, FFMIN(3, w), 0)
FILTER(0, 3, 0)
dst = (uint8_t*)dst1 + offset;
prev = (uint8_t*)prev1 + offset;
cur = (uint8_t*)cur1 + offset;
next = (uint8_t*)next1 + offset;
dst = (uint8_t*)dst1 + w - edge;
prev = (uint8_t*)prev1 + w - edge;
cur = (uint8_t*)cur1 + w - edge;
next = (uint8_t*)next1 + w - edge;
prev2 = (uint8_t*)(parity ? prev : cur);
next2 = (uint8_t*)(parity ? cur : next);
FILTER(offset, w - 3, 1)
offset = FFMAX(offset, w - 3);
FILTER(offset, w, 0)
FILTER(w - edge, w - 3, 1)
FILTER(w - 3, w, 0)
}
@ -172,23 +170,21 @@ static void filter_edges_16bit(void *dst1, void *prev1, void *cur1, void *next1,
uint16_t *next2 = parity ? cur : next;
const int edge = MAX_ALIGN / 2 - 1;
int offset = FFMAX(w - edge, 3);
mrefs /= 2;
prefs /= 2;
FILTER(0, FFMIN(3, w), 0)
FILTER(0, 3, 0)
dst = (uint16_t*)dst1 + offset;
prev = (uint16_t*)prev1 + offset;
cur = (uint16_t*)cur1 + offset;
next = (uint16_t*)next1 + offset;
dst = (uint16_t*)dst1 + w - edge;
prev = (uint16_t*)prev1 + w - edge;
cur = (uint16_t*)cur1 + w - edge;
next = (uint16_t*)next1 + w - edge;
prev2 = (uint16_t*)(parity ? prev : cur);
next2 = (uint16_t*)(parity ? cur : next);
FILTER(offset, w - 3, 1)
offset = FFMAX(offset, w - 3);
FILTER(offset, w, 0)
FILTER(w - edge, w - 3, 1)
FILTER(w - 3, w, 0)
}
static int filter_slice(AVFilterContext *ctx, void *arg, int jobnr, int nb_jobs)

34
libavfilter/x86/vf_blend.asm
View File

@ -38,11 +38,11 @@ pb_255: times 16 db 255
SECTION .text
%macro BLEND_INIT 2-3
%macro BLEND_INIT 2-3 0
%if ARCH_X86_64
cglobal blend_%1, 6, 9, %2, top, top_linesize, bottom, bottom_linesize, dst, dst_linesize, width, end, x
mov widthd, dword widthm
%if %0 == 3; is 16 bit
%if %3; is 16 bit
add widthq, widthq ; doesn't compile on x86_32
%endif
%else
@ -66,7 +66,7 @@ cglobal blend_%1, 5, 7, %2, top, top_linesize, bottom, bottom_linesize, dst, end
REP_RET
%endmacro
%macro BLEND_SIMPLE 2-3
%macro BLEND_SIMPLE 2-3 0
BLEND_INIT %1, 2, %3
.nextrow:
mov xq, widthq
@ -82,10 +82,10 @@ BLEND_END
%endmacro
; %1 name , %2 src (b or w), %3 inter (w or d), %4 (1 if 16bit, not set if 8 bit)
%macro GRAINEXTRACT 3-4
%macro GRAINEXTRACT 3-4 0
BLEND_INIT %1, 6, %4
pxor m4, m4
%if %0 == 4 ; 16 bit
%if %4 ; 16 bit
VBROADCASTI128 m5, [pd_32768]
%else
VBROADCASTI128 m5, [pw_128]
@ -182,7 +182,7 @@ BLEND_END
%endmacro
;%1 name, %2 (b or w), %3 (set if 16 bit)
%macro AVERAGE 2-3
%macro AVERAGE 2-3 0
BLEND_INIT %1, 3, %3
pcmpeqb m2, m2
@ -203,10 +203,10 @@ BLEND_END
%endmacro
; %1 name , %2 src (b or w), %3 inter (w or d), %4 (1 if 16bit, not set if 8 bit)
%macro GRAINMERGE 3-4
%macro GRAINMERGE 3-4 0
BLEND_INIT %1, 6, %4
pxor m4, m4
%if %0 == 4 ; 16 bit
%if %4 ; 16 bit
VBROADCASTI128 m5, [pd_32768]
%else
VBROADCASTI128 m5, [pw_128]
@ -288,7 +288,7 @@ BLEND_INIT divide, 4
BLEND_END
%endmacro
%macro PHOENIX 2-3
%macro PHOENIX 2-3 0
; %1 name, %2 b or w, %3 (opt) 1 if 16 bit
BLEND_INIT %1, 4, %3
VBROADCASTI128 m3, [pb_255]
@ -311,7 +311,7 @@ BLEND_END
%endmacro
; %1 name , %2 src (b or w), %3 inter (w or d), %4 (1 if 16bit, not set if 8 bit)
%macro DIFFERENCE 3-4
%macro DIFFERENCE 3-4 0
BLEND_INIT %1, 5, %4
pxor m2, m2
.nextrow:
@ -326,7 +326,7 @@ BLEND_INIT %1, 5, %4
punpckl%2%3 m1, m2
psub%3 m0, m1
psub%3 m3, m4
%if %0 == 4; 16 bit
%if %4; 16 bit
pabsd m0, m0
pabsd m3, m3
%else
@ -340,10 +340,10 @@ BLEND_END
%endmacro
; %1 name , %2 src (b or w), %3 inter (w or d), %4 (1 if 16bit, not set if 8 bit)
%macro EXTREMITY 3-4
%macro EXTREMITY 3-4 0
BLEND_INIT %1, 8, %4
pxor m2, m2
%if %0 == 4; 16 bit
%if %4; 16 bit
VBROADCASTI128 m4, [pd_65535]
%else
VBROADCASTI128 m4, [pw_255]
@ -362,7 +362,7 @@ BLEND_INIT %1, 8, %4
psub%3 m7, m4, m5
psub%3 m3, m1
psub%3 m7, m6
%if %0 == 4; 16 bit
%if %4; 16 bit
pabsd m3, m3
pabsd m7, m7
%else
@ -375,10 +375,10 @@ BLEND_INIT %1, 8, %4
BLEND_END
%endmacro
%macro NEGATION 3-4
%macro NEGATION 3-4 0
BLEND_INIT %1, 8, %4
pxor m2, m2
%if %0 == 4; 16 bit
%if %4; 16 bit
VBROADCASTI128 m4, [pd_65535]
%else
VBROADCASTI128 m4, [pw_255]
@ -397,7 +397,7 @@ BLEND_INIT %1, 8, %4
psub%3 m7, m4, m5
psub%3 m3, m1
psub%3 m7, m6
%if %0 == 4; 16 bit
%if %4; 16 bit
pabsd m3, m3
pabsd m7, m7
%else

2
libavformat/3dostr.c
View File

@ -64,7 +64,7 @@ static int threedostr_read_header(AVFormatContext *s)
st->codecpar->codec_type = AVMEDIA_TYPE_AUDIO;
st->codecpar->sample_rate = avio_rb32(s->pb);
st->codecpar->channels = avio_rb32(s->pb);
if (st->codecpar->channels <= 0)
if (st->codecpar->channels <= 0 || st->codecpar->sample_rate <= 0)
return AVERROR_INVALIDDATA;
codec = avio_rl32(s->pb);
avio_skip(s->pb, 4);

2
libavformat/4xm.c
View File

@ -299,7 +299,7 @@ static int fourxm_read_packet(AVFormatContext *s,
unsigned int track_number;
int packet_read = 0;
unsigned char header[8];
int audio_frame_count;
int64_t audio_frame_count;
while (!packet_read) {
if ((ret = avio_read(s->pb, header, 8)) < 0)

5
libavformat/ads.c
View File

@ -34,8 +34,9 @@ static int ads_probe(const AVProbeData *p)
static int ads_read_header(AVFormatContext *s)
{
int align, codec, size;
int align, codec;
AVStream *st;
int64_t size;
st = avformat_new_stream(s, NULL);
if (!st)
@ -62,7 +63,7 @@ static int ads_read_header(AVFormatContext *s)
st->codecpar->block_align = st->codecpar->channels * align;
avio_skip(s->pb, 12);
size = avio_rl32(s->pb);
if (st->codecpar->codec_id == AV_CODEC_ID_ADPCM_PSX)
if (st->codecpar->codec_id == AV_CODEC_ID_ADPCM_PSX && size >= 0x40)
st->duration = (size - 0x40) / 16 / st->codecpar->channels * 28;
avpriv_set_pts_info(st, 64, 1, st->codecpar->sample_rate);

4
libavformat/aiffdec.c
View File

@ -120,6 +120,8 @@ static int get_aiff_header(AVFormatContext *s, int size,
else
sample_rate = (val + (1ULL<<(-exp-1))) >> -exp;
par->sample_rate = sample_rate;
if (size < 18)
return AVERROR_INVALIDDATA;
size -= 18;
/* get codec id for AIFF-C */
@ -406,6 +408,8 @@ static int aiff_read_packet(AVFormatContext *s,
break;
default:
size = st->codecpar->block_align ? (MAX_SIZE / st->codecpar->block_align) * st->codecpar->block_align : MAX_SIZE;
if (!size)
return AVERROR_INVALIDDATA;
}
size = FFMIN(max_size, size);
res = av_get_packet(s->pb, pkt, size);

2
libavformat/alp.c
View File

@ -83,7 +83,7 @@ static int alp_read_header(AVFormatContext *s)
if (hdr.header_size == 8) {
/* .TUN music file */
hdr.sample_rate = 11025 * hdr.num_channels;
hdr.sample_rate = 22050;
} else {
/* .PCM sound file */
hdr.sample_rate = avio_rl32(s->pb);

9
libavformat/ape.c
View File

@ -253,7 +253,7 @@ static int ape_read_header(AVFormatContext * s)
avio_skip(pb, ape->wavheaderlength);
}
if(!ape->totalframes){
if(!ape->totalframes || pb->eof_reached){
av_log(s, AV_LOG_ERROR, "No frames in the file!\n");
return AVERROR(EINVAL);
}
@ -298,8 +298,11 @@ static int ape_read_header(AVFormatContext * s)
for (i = 0; i < ape->totalframes && !pb->eof_reached; i++)
ape->bittable[i] = avio_r8(pb);
}
if (pb->eof_reached)
av_log(s, AV_LOG_WARNING, "File truncated\n");
if (pb->eof_reached) {
av_log(s, AV_LOG_ERROR, "File truncated\n");
ret = AVERROR_INVALIDDATA;
goto fail;
}
}
ape->frames[0].pos = ape->firstframe;

4
libavformat/argo_asf.c
View File

@ -175,6 +175,10 @@ static int argo_asf_read_header(AVFormatContext *s)
st->codecpar->channels = 1;
}
/* v1.1 files (FX Fighter) are all marked as 44100, but are actually 22050. */
if (asf->fhdr.version_major == 1 && asf->fhdr.version_minor == 1)
st->codecpar->sample_rate = 22050;
else
st->codecpar->sample_rate = asf->ckhdr.sample_rate;
st->codecpar->bits_per_coded_sample = 4;

8
libavformat/asfdec_f.c
View File

@ -424,7 +424,7 @@ static int asf_read_stream_properties(AVFormatContext *s, int64_t size)
if (!(asf->hdr.flags & 0x01)) { // if we aren't streaming...
int64_t fsize = avio_size(pb);
if (fsize <= 0 || (int64_t)asf->hdr.file_size <= 0 ||
20*FFABS(fsize - (int64_t)asf->hdr.file_size) < FFMIN(fsize, asf->hdr.file_size))
FFABS(fsize - (int64_t)asf->hdr.file_size) < FFMIN(fsize, asf->hdr.file_size)/20)
st->duration = asf->hdr.play_time /
(10000000 / 1000) - start_time;
}
@ -516,6 +516,8 @@ static int asf_read_stream_properties(AVFormatContext *s, int64_t size)
tag1 = avio_rl32(pb);
avio_skip(pb, 20);
if (sizeX > 40) {
if (size < sizeX - 40)
return AVERROR_INVALIDDATA;
st->codecpar->extradata_size = ffio_limit(pb, sizeX - 40);
st->codecpar->extradata = av_mallocz(st->codecpar->extradata_size +
AV_INPUT_BUFFER_PADDING_SIZE);
@ -607,6 +609,8 @@ static int asf_read_ext_stream_properties(AVFormatContext *s, int64_t size)
ff_get_guid(pb, &g);
size = avio_rl16(pb);
ext_len = avio_rl32(pb);
if (ext_len < 0)
return AVERROR_INVALIDDATA;
avio_skip(pb, ext_len);
if (stream_num < 128 && i < FF_ARRAY_ELEMS(asf->streams[stream_num].payload)) {
ASFPayload *p = &asf->streams[stream_num].payload[i];
@ -769,6 +773,8 @@ static int asf_read_marker(AVFormatContext *s, int64_t size)
avio_rl32(pb); // send time
avio_rl32(pb); // flags
name_len = avio_rl32(pb); // name length
if ((unsigned)name_len > INT_MAX / 2)
return AVERROR_INVALIDDATA;
if ((ret = avio_get_str16le(pb, name_len * 2, name,
sizeof(name))) < name_len)
avio_skip(pb, name_len - ret);

6
libavformat/asfdec_o.c
View File

@ -245,6 +245,9 @@ static int asf_read_marker(AVFormatContext *s, const GUIDParseTable *g)
avio_skip(pb, 4); // flags
len = avio_rl32(pb);
if (avio_feof(pb))
return AVERROR_INVALIDDATA;
if ((ret = avio_get_str16le(pb, len, name,
sizeof(name))) < len)
avio_skip(pb, len - ret);
@ -1679,6 +1682,9 @@ static int detect_unknown_subobject(AVFormatContext *s, int64_t offset, int64_t
ff_asf_guid guid;
int ret;
if (offset > INT64_MAX - size)
return AVERROR_INVALIDDATA;
while (avio_tell(pb) <= offset + size) {
if (avio_tell(pb) == asf->offset)
break;

5
libavformat/au.c
View File

@ -86,6 +86,11 @@ static int au_read_annotation(AVFormatContext *s, int size)
av_bprint_init(&bprint, 64, AV_BPRINT_SIZE_UNLIMITED);
while (size-- > 0) {
if (avio_feof(pb)) {
av_bprint_finalize(&bprint, NULL);
av_freep(&key);
return AVERROR_EOF;
}
c = avio_r8(pb);
switch(state) {
case PARSE_KEY:

9
libavformat/avidec.c
View File

@ -125,7 +125,7 @@ static inline int get_duration(AVIStream *ast, int len)
if (ast->sample_size)
return len;
else if (ast->dshow_block_align)
return (len + ast->dshow_block_align - 1) / ast->dshow_block_align;
return (len + (int64_t)ast->dshow_block_align - 1) / ast->dshow_block_align;
else
return 1;
}
@ -439,7 +439,7 @@ static int calculate_bitrate(AVFormatContext *s)
maxpos = FFMAX(maxpos, st->index_entries[j-1].pos);
lensum += len;
}
if (maxpos < avi->io_fsize*9/10) // index does not cover the whole file
if (maxpos < av_rescale(avi->io_fsize, 9, 10)) // index does not cover the whole file
return 0;
if (lensum*9/10 > maxpos || lensum < maxpos*9/10) // frame sum and filesize mismatch
return 0;
@ -1422,6 +1422,7 @@ resync:
if (avi->stream_index >= 0) {
AVStream *st = s->streams[avi->stream_index];
AVIStream *ast = st->priv_data;
int dv_demux = CONFIG_DV_DEMUXER && avi->dv_demux;
int size, err;
if (get_subtitle_pkt(s, st, pkt))
@ -1444,7 +1445,7 @@ resync:
return err;
size = err;
if (ast->has_pal && pkt->size < (unsigned)INT_MAX / 2) {
if (ast->has_pal && pkt->size < (unsigned)INT_MAX / 2 && !dv_demux) {
uint8_t *pal;
pal = av_packet_new_side_data(pkt,
AV_PKT_DATA_PALETTE,
@ -1458,7 +1459,7 @@ resync:
}
}
if (CONFIG_DV_DEMUXER && avi->dv_demux) {
if (dv_demux) {
AVBufferRef *avbuf = pkt->buf;
size = avpriv_dv_produce_packet(avi->dv_demux, pkt,
pkt->data, pkt->size, pkt->pos);

3
libavformat/avs.c
View File

@ -128,7 +128,8 @@ avs_read_video_packet(AVFormatContext * s, AVPacket * pkt,
static int avs_read_audio_packet(AVFormatContext * s, AVPacket * pkt)
{
AvsFormat *avs = s->priv_data;
int ret, size;
int ret;
int64_t size;
size = avio_tell(s->pb);
ret = ff_voc_get_packet(s, pkt, avs->st_audio, avs->remaining_audio_size);

6
libavformat/bethsoftvid.c
View File

@ -28,6 +28,7 @@
*/
#include "libavutil/channel_layout.h"
#include "libavutil/imgutils.h"
#include "libavutil/intreadwrite.h"
#include "avformat.h"
#include "internal.h"
@ -72,6 +73,7 @@ static int vid_read_header(AVFormatContext *s)
{
BVID_DemuxContext *vid = s->priv_data;
AVIOContext *pb = s->pb;
int ret;
/* load main header. Contents:
* bytes: 'V' 'I' 'D'
@ -84,6 +86,10 @@ static int vid_read_header(AVFormatContext *s)
vid->bethsoft_global_delay = avio_rl16(pb);
avio_rl16(pb);
ret = av_image_check_size(vid->width, vid->height, 0, s);
if (ret < 0)
return ret;
// wait until the first packet to create each stream
vid->video_index = -1;
vid->audio_index = -1;

3
libavformat/bfi.c
View File

@ -69,6 +69,9 @@ static int bfi_read_header(AVFormatContext * s)
/* Set the total number of frames. */
avio_skip(pb, 8);
chunk_header = avio_rl32(pb);
if (chunk_header < 3)
return AVERROR_INVALIDDATA;
bfi->nframes = avio_rl32(pb);
avio_rl32(pb);
avio_rl32(pb);

4
libavformat/bintext.c
View File

@ -293,6 +293,8 @@ static int adf_read_header(AVFormatContext *s)
bin->fsize = avio_size(pb) - 1 - 192 - 4096;
st->codecpar->width = 80<<3;
ff_sauce_read(s, &bin->fsize, &got_width, 0);
if (st->codecpar->width < 8)
return AVERROR_INVALIDDATA;
if (!bin->width)
calculate_height(st->codecpar, bin->fsize);
avio_seek(pb, 1 + 192 + 4096, SEEK_SET);
@ -344,6 +346,8 @@ static int idf_read_header(AVFormatContext *s)
bin->fsize = avio_size(pb) - 12 - 4096 - 48;
ff_sauce_read(s, &bin->fsize, &got_width, 0);
if (st->codecpar->width < 8)
return AVERROR_INVALIDDATA;
if (!bin->width)
calculate_height(st->codecpar, bin->fsize);
avio_seek(pb, 12, SEEK_SET);

4
libavformat/boadec.c
View File

@ -54,12 +54,12 @@ static int read_header(AVFormatContext *s)
avio_rl32(s->pb);
st->codecpar->sample_rate = avio_rl32(s->pb);
st->codecpar->channels = avio_rl32(s->pb);
if (st->codecpar->channels > FF_SANE_NB_CHANNELS)
if (st->codecpar->channels > FF_SANE_NB_CHANNELS || st->codecpar->channels <= 0)
return AVERROR(ENOSYS);
s->internal->data_offset = avio_rl32(s->pb);
avio_r8(s->pb);
st->codecpar->block_align = avio_rl32(s->pb);
if (st->codecpar->block_align > INT_MAX / FF_SANE_NB_CHANNELS)
if (st->codecpar->block_align > INT_MAX / FF_SANE_NB_CHANNELS || st->codecpar->block_align <= 0)
return AVERROR_INVALIDDATA;
st->codecpar->block_align *= st->codecpar->channels;

12
libavformat/cafdec.c
View File

@ -70,7 +70,7 @@ static int read_desc_chunk(AVFormatContext *s)
/* parse format description */
st->codecpar->codec_type = AVMEDIA_TYPE_AUDIO;
st->codecpar->sample_rate = av_int2double(avio_rb64(pb));
st->codecpar->sample_rate = av_clipd(av_int2double(avio_rb64(pb)), 0, INT_MAX);
st->codecpar->codec_tag = avio_rl32(pb);
flags = avio_rb32(pb);
caf->bytes_per_packet = avio_rb32(pb);
@ -79,6 +79,9 @@ static int read_desc_chunk(AVFormatContext *s)
st->codecpar->channels = avio_rb32(pb);
st->codecpar->bits_per_coded_sample = avio_rb32(pb);
if (caf->bytes_per_packet < 0 || caf->frames_per_packet < 0)
return AVERROR_INVALIDDATA;
/* calculate bit rate for constant size packets */
if (caf->frames_per_packet > 0 && caf->bytes_per_packet > 0) {
st->codecpar->bit_rate = (uint64_t)st->codecpar->sample_rate * (uint64_t)caf->bytes_per_packet * 8
@ -189,6 +192,7 @@ static int read_pakt_chunk(AVFormatContext *s, int64_t size)
CafContext *caf = s->priv_data;
int64_t pos = 0, ccount, num_packets;
int i;
int ret;
ccount = avio_tell(pb);
@ -202,7 +206,11 @@ static int read_pakt_chunk(AVFormatContext *s, int64_t size)
st->duration = 0;
for (i = 0; i < num_packets; i++) {
av_add_index_entry(s->streams[0], pos, st->duration, 0, 0, AVINDEX_KEYFRAME);
if (avio_feof(pb))
return AVERROR_INVALIDDATA;
ret = av_add_index_entry(s->streams[0], pos, st->duration, 0, 0, AVINDEX_KEYFRAME);
if (ret < 0)
return ret;
pos += caf->bytes_per_packet ? caf->bytes_per_packet : ff_mp4_read_descr_len(pb);
st->duration += caf->frames_per_packet ? caf->frames_per_packet : ff_mp4_read_descr_len(pb);
}

2
libavformat/cdg.c
View File

@ -49,7 +49,7 @@ static int read_header(AVFormatContext *s)
if (ret < 0) {
av_log(s, AV_LOG_WARNING, "Cannot calculate duration as file size cannot be determined\n");
} else
vst->duration = (ret * vst->time_base.den) / (CDG_PACKET_SIZE * 300);
vst->duration = (ret * (int64_t)vst->time_base.den) / (CDG_PACKET_SIZE * 300);
return 0;
}

8
libavformat/concatdec.c
View File

@ -113,7 +113,8 @@ static int add_file(AVFormatContext *avf, char *filename, ConcatFile **rfile,
ConcatFile *file;
char *url = NULL;
const char *proto;
size_t url_len, proto_len;
const char *ptr;
size_t url_len;
int ret;
if (cat->safe > 0 && !safe_filename(filename)) {
@ -122,9 +123,8 @@ static int add_file(AVFormatContext *avf, char *filename, ConcatFile **rfile,
}
proto = avio_find_protocol_name(filename);
proto_len = proto ? strlen(proto) : 0;
if (proto && !memcmp(filename, proto, proto_len) &&
(filename[proto_len] == ':' || filename[proto_len] == ',')) {
if (proto && av_strstart(filename, proto, &ptr) &&
(*ptr == ':' || *ptr == ',')) {
url = filename;
filename = NULL;
} else {

6
libavformat/dhav.c
View File

@ -173,12 +173,12 @@ static int read_chunk(AVFormatContext *s)
if (avio_feof(s->pb))
return AVERROR_EOF;
if (avio_rl32(s->pb) != MKTAG('D','H','A','V')) {
if (avio_rl32(s->pb) != MKTAG('D','H','A','V') && dhav->last_good_pos < INT64_MAX - 0x8000) {
dhav->last_good_pos += 0x8000;
avio_seek(s->pb, dhav->last_good_pos, SEEK_SET);
while (avio_rl32(s->pb) != MKTAG('D','H','A','V')) {
if (avio_feof(s->pb))
if (avio_feof(s->pb) || dhav->last_good_pos >= INT64_MAX - 0x8000)
return AVERROR_EOF;
dhav->last_good_pos += 0x8000;
ret = avio_skip(s->pb, 0x8000 - 4);
@ -290,6 +290,8 @@ static int dhav_read_header(AVFormatContext *s)
int seek_back;
seek_back = avio_rl32(s->pb) + 8;
if (seek_back < 9)
break;
dhav->last_good_pos = avio_tell(s->pb);
avio_seek(s->pb, -seek_back, SEEK_CUR);
}

4
libavformat/dsfdec.c
View File

@ -124,8 +124,8 @@ static int dsf_read_header(AVFormatContext *s)
dsf->audio_size = avio_rl64(pb) / 8 * st->codecpar->channels;
st->codecpar->block_align = avio_rl32(pb);
if (st->codecpar->block_align > INT_MAX / st->codecpar->channels) {
avpriv_request_sample(s, "block_align overflow");
if (st->codecpar->block_align > INT_MAX / st->codecpar->channels || st->codecpar->block_align <= 0) {
avpriv_request_sample(s, "block_align invalid");
return AVERROR_INVALIDDATA;
}
st->codecpar->block_align *= st->codecpar->channels;

2
libavformat/dxa.c
View File

@ -143,7 +143,7 @@ static int dxa_read_header(AVFormatContext *s)
c->readvid = !c->has_sound;
c->vidpos = avio_tell(pb);
s->start_time = 0;
s->duration = (int64_t)c->frames * AV_TIME_BASE * num / den;
s->duration = av_rescale(c->frames, AV_TIME_BASE * (int64_t)num, den);
av_log(s, AV_LOG_DEBUG, "%d frame(s)\n",c->frames);
return 0;

23
libavformat/electronicarts.c
View File

@ -530,20 +530,17 @@ static int ea_read_header(AVFormatContext *s)
if (ea->num_channels <= 0 || ea->num_channels > 2) {
av_log(s, AV_LOG_WARNING,
"Unsupported number of channels: %d\n", ea->num_channels);
ea->audio_codec = 0;
return 1;
goto no_audio;
}
if (ea->sample_rate <= 0) {
av_log(s, AV_LOG_ERROR,
"Unsupported sample rate: %d\n", ea->sample_rate);
ea->audio_codec = 0;
return 1;
goto no_audio;
}
if (ea->bytes <= 0 || ea->bytes > 2) {
av_log(s, AV_LOG_ERROR,
"Invalid number of bytes per sample: %d\n", ea->bytes);
ea->audio_codec = AV_CODEC_ID_NONE;
return 1;
goto no_audio;
}
/* initialize the audio decoder stream */
@ -564,8 +561,13 @@ static int ea_read_header(AVFormatContext *s)
st->codecpar->bits_per_coded_sample;
ea->audio_stream_index = st->index;
st->start_time = 0;
return 1;
}
no_audio:
ea->audio_codec = AV_CODEC_ID_NONE;
if (!ea->video.codec)
return AVERROR_INVALIDDATA;
return 1;
}
@ -580,6 +582,8 @@ static int ea_read_packet(AVFormatContext *s, AVPacket *pkt)
int av_uninit(num_samples);
while ((!packet_read && !hit_end) || partial_packet) {
if (avio_feof(pb))
return AVERROR_EOF;
chunk_type = avio_rl32(pb);
chunk_size = ea->big_endian ? avio_rb32(pb) : avio_rl32(pb);
if (chunk_size < 8)
@ -603,10 +607,14 @@ static int ea_read_packet(AVFormatContext *s, AVPacket *pkt)
break;
} else if (ea->audio_codec == AV_CODEC_ID_PCM_S16LE_PLANAR ||
ea->audio_codec == AV_CODEC_ID_MP3) {
if (chunk_size < 12)
return AVERROR_INVALIDDATA;
num_samples = avio_rl32(pb);
avio_skip(pb, 8);
chunk_size -= 12;
} else if (ea->audio_codec == AV_CODEC_ID_ADPCM_PSX) {
if (chunk_size < 8)
return AVERROR_INVALIDDATA;
avio_skip(pb, 8);
chunk_size -= 8;
}
@ -689,6 +697,8 @@ static int ea_read_packet(AVFormatContext *s, AVPacket *pkt)
case fVGT_TAG:
case MADm_TAG:
case MADe_TAG:
if (chunk_size > INT_MAX - 8)
return AVERROR_INVALIDDATA;
avio_seek(pb, -8, SEEK_CUR); // include chunk preamble
chunk_size += 8;
goto get_video_packet;
@ -718,6 +728,7 @@ get_video_packet:
ret = av_get_packet(pb, pkt, chunk_size);
if (ret < 0) {
packet_read = 1;
partial_packet = 0;
break;
}
partial_packet = chunk_type == MVIh_TAG;

8
libavformat/ffmetadec.c
View File

@ -182,7 +182,7 @@ static int read_header(AVFormatContext *s)
AVStream *st = avformat_new_stream(s, NULL);
if (!st)
return AVERROR(ENOMEM);
goto nomem;
st->codecpar->codec_type = AVMEDIA_TYPE_DATA;
st->codecpar->codec_id = AV_CODEC_ID_FFMETADATA;
@ -192,7 +192,7 @@ static int read_header(AVFormatContext *s)
AVChapter *ch = read_chapter(s);
if (!ch)
return AVERROR(ENOMEM);
goto nomem;
m = &ch->metadata;
} else
@ -208,6 +208,10 @@ static int read_header(AVFormatContext *s)
AV_TIME_BASE_Q);
return 0;
nomem:
av_bprint_finalize(&bp, NULL);
return AVERROR(ENOMEM);
}
static int read_packet(AVFormatContext *s, AVPacket *pkt)

10
libavformat/fitsdec.c
View File

@ -24,6 +24,7 @@
* FITS demuxer.
*/
#include "libavutil/avassert.h"
#include "libavutil/intreadwrite.h"
#include "internal.h"
#include "libavutil/opt.h"
@ -125,14 +126,14 @@ static int64_t is_image(AVFormatContext *s, FITSContext *fits, FITSHeader *heade
size += header->pcount;
t = (abs(header->bitpix) >> 3) * ((int64_t) header->gcount);
if(size && t > UINT64_MAX / size)
if(size && t > INT64_MAX / size)
return AVERROR_INVALIDDATA;
size *= t;
if (!size) {
image = 0;
} else {
if(FITS_BLOCK_SIZE - 1 > UINT64_MAX - size)
if(FITS_BLOCK_SIZE - 1 > INT64_MAX - size)
return AVERROR_INVALIDDATA;
size = ((size + FITS_BLOCK_SIZE - 1) / FITS_BLOCK_SIZE) * FITS_BLOCK_SIZE;
}
@ -173,6 +174,11 @@ static int fits_read_packet(AVFormatContext *s, AVPacket *pkt)
goto fail;
}
av_assert0(avbuf.len <= INT64_MAX && size <= INT64_MAX);
if (avbuf.len + size > INT_MAX - 80) {
ret = AVERROR_INVALIDDATA;
goto fail;
}
// Header is sent with the first line removed...
ret = av_new_packet(pkt, avbuf.len - 80 + size);
if (ret < 0)

30
libavformat/flvdec.c
View File

@ -41,6 +41,8 @@
#define RESYNC_BUFFER_SIZE (1<<20)
#define MAX_DEPTH 16 ///< arbitrary limit to prevent unbounded recursion
typedef struct FLVContext {
const AVClass *class; ///< Class for private options.
int trust_metadata; ///< configure streams according onMetaData
@ -382,13 +384,18 @@ static int flv_set_video_codec(AVFormatContext *s, AVStream *vstream,
static int amf_get_string(AVIOContext *ioc, char *buffer, int buffsize)
{
int ret;
int length = avio_rb16(ioc);
if (length >= buffsize) {
avio_skip(ioc, length);
return -1;
}
avio_read(ioc, buffer, length);
ret = avio_read(ioc, buffer, length);
if (ret < 0)
return ret;
if (ret < length)
return AVERROR_INVALIDDATA;
buffer[length] = '\0';
@ -493,8 +500,13 @@ static int amf_parse_object(AVFormatContext *s, AVStream *astream,
double num_val;
amf_date date;
if (depth > MAX_DEPTH)
return AVERROR_PATCHWELCOME;
num_val = 0;
ioc = s->pb;
if (avio_feof(ioc))
return AVERROR_EOF;
amf_type = avio_r8(ioc);
switch (amf_type) {
@ -837,10 +849,16 @@ static void clear_index_entries(AVFormatContext *s, int64_t pos)
}
}
static int amf_skip_tag(AVIOContext *pb, AMFDataType type)
static int amf_skip_tag(AVIOContext *pb, AMFDataType type, int depth)
{
int nb = -1, ret, parse_name = 1;
if (depth > MAX_DEPTH)
return AVERROR_PATCHWELCOME;
if (avio_feof(pb))
return AVERROR_EOF;
switch (type) {
case AMF_DATA_TYPE_NUMBER:
avio_skip(pb, 8);
@ -865,7 +883,7 @@ static int amf_skip_tag(AVIOContext *pb, AMFDataType type)
}
avio_skip(pb, size);
}
if ((ret = amf_skip_tag(pb, avio_r8(pb))) < 0)
if ((ret = amf_skip_tag(pb, avio_r8(pb), depth + 1)) < 0)
return ret;
}
break;
@ -909,7 +927,7 @@ static int flv_data_packet(AVFormatContext *s, AVPacket *pkt,
else
break;
} else {
if ((ret = amf_skip_tag(pb, type)) < 0)
if ((ret = amf_skip_tag(pb, type, 0)) < 0)
goto skip;
}
}
@ -1161,7 +1179,7 @@ retry_duration:
avio_seek(s->pb, fsize - 3 - size, SEEK_SET);
if (size == avio_rb24(s->pb) + 11) {
uint32_t ts = avio_rb24(s->pb);
ts |= avio_r8(s->pb) << 24;
ts |= (unsigned)avio_r8(s->pb) << 24;
if (ts)
s->duration = ts * (int64_t)AV_TIME_BASE / 1000;
else if (fsize >= 8 && fsize - 8 >= size) {
@ -1234,7 +1252,7 @@ retry_duration:
if (st->codecpar->codec_id == AV_CODEC_ID_H264 || st->codecpar->codec_id == AV_CODEC_ID_MPEG4) {
// sign extension
int32_t cts = (avio_rb24(s->pb) + 0xff800000) ^ 0xff800000;
pts = dts + cts;
pts = av_sat_add64(dts, cts);
if (cts < 0) { // dts might be wrong
if (!flv->wrong_dts)
av_log(s, AV_LOG_WARNING,

Some files were not shown because too many files have changed in this diff Show More