Projects
Multimedia
kodi
Sign Up
Log In
Username
Password
We truncated the diff of some files because they were too big. If you want to see the full diff for every file,
click here
.
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 86
View file
kodi-noX-raspberry-pi.changes
Changed
@@ -1,4 +1,10 @@ ------------------------------------------------------------------- +Tue Aug 16 08:02:56 UTC 2022 - Dr. Werner Fink <werner@suse.de> + +- Apply upstream patch to fix upstream ffmpeg version (issue#21603) +- Update ffmpeg upstream version iused by kodi project + +------------------------------------------------------------------- Wed Jul 20 09:08:29 UTC 2022 - Manfred Hollstein <manfred.h@gmx.net> - Use gcc12 on TW.
View file
kodi-noX-raspberry-pi2.changes
Changed
@@ -1,4 +1,10 @@ ------------------------------------------------------------------- +Tue Aug 16 08:02:56 UTC 2022 - Dr. Werner Fink <werner@suse.de> + +- Apply upstream patch to fix upstream ffmpeg version (issue#21603) +- Update ffmpeg upstream version iused by kodi project + +------------------------------------------------------------------- Wed Jul 20 09:08:29 UTC 2022 - Manfred Hollstein <manfred.h@gmx.net> - Use gcc12 on TW.
View file
kodi-noX.changes
Changed
@@ -1,4 +1,10 @@ ------------------------------------------------------------------- +Tue Aug 16 08:02:56 UTC 2022 - Dr. Werner Fink <werner@suse.de> + +- Apply upstream patch to fix upstream ffmpeg version (issue#21603) +- Update ffmpeg upstream version iused by kodi project + +------------------------------------------------------------------- Wed Jul 20 09:08:29 UTC 2022 - Manfred Hollstein <manfred.h@gmx.net> - Use gcc12 on TW.
View file
kodi.changes
Changed
@@ -1,4 +1,10 @@ ------------------------------------------------------------------- +Tue Aug 16 08:02:56 UTC 2022 - Dr. Werner Fink <werner@suse.de> + +- Apply upstream patch to fix upstream ffmpeg version (issue#21603) +- Update ffmpeg upstream version iused by kodi project + +------------------------------------------------------------------- Wed Jul 20 09:08:29 UTC 2022 - Manfred Hollstein <manfred.h@gmx.net> - Use gcc12 on TW.
View file
kodi-noX-raspberry-pi.spec
Changed
@@ -19,7 +19,7 @@ # Please edit kodi.spec and kodi.changes only. *-noX.* files are generated from # kodi.* files with the pre_checkin.sh script %define kodi_version Matrix -%define ffmpeg_version 4.3.1-Matrix-Beta1 +%define ffmpeg_version 4.3.2-Matrix-19.2 %define _kodi_addons_dir %{_datadir}/kodi/addons # set this parameter to enable building Kodi with ccache, debug information, etc. %define dev_build 0 @@ -87,6 +87,8 @@ %if %{without kodi_with_wayland} Patch9: kodi-disable-wayland.patch %endif +Patch10: ffmpeg-4.3.1-ogg.patch +Patch11: kodi-apply-ffmpeg.patch BuildRequires: autoconf BuildRequires: automake @@ -345,6 +347,9 @@ #%patch5 %patch6 %patch7 +%if %{without sysffmpeg} +%patch11 +%endif #%patch8 -p1 %if %{without kodi_with_wayland} %patch9
View file
kodi-noX-raspberry-pi2.spec
Changed
@@ -19,7 +19,7 @@ # Please edit kodi.spec and kodi.changes only. *-noX.* files are generated from # kodi.* files with the pre_checkin.sh script %define kodi_version Matrix -%define ffmpeg_version 4.3.1-Matrix-Beta1 +%define ffmpeg_version 4.3.2-Matrix-19.2 %define _kodi_addons_dir %{_datadir}/kodi/addons # set this parameter to enable building Kodi with ccache, debug information, etc. %define dev_build 0 @@ -87,6 +87,8 @@ %if %{without kodi_with_wayland} Patch9: kodi-disable-wayland.patch %endif +Patch10: ffmpeg-4.3.1-ogg.patch +Patch11: kodi-apply-ffmpeg.patch BuildRequires: autoconf BuildRequires: automake @@ -345,6 +347,9 @@ #%patch5 %patch6 %patch7 +%if %{without sysffmpeg} +%patch11 +%endif #%patch8 -p1 %if %{without kodi_with_wayland} %patch9
View file
kodi-noX.spec
Changed
@@ -19,7 +19,7 @@ # Please edit kodi.spec and kodi.changes only. *-noX.* files are generated from # kodi.* files with the pre_checkin.sh script %define kodi_version Matrix -%define ffmpeg_version 4.3.1-Matrix-Beta1 +%define ffmpeg_version 4.3.2-Matrix-19.2 %define _kodi_addons_dir %{_datadir}/kodi/addons # set this parameter to enable building Kodi with ccache, debug information, etc. %define dev_build 0 @@ -87,6 +87,8 @@ %if %{without kodi_with_wayland} Patch9: kodi-disable-wayland.patch %endif +Patch10: ffmpeg-4.3.1-ogg.patch +Patch11: kodi-apply-ffmpeg.patch BuildRequires: autoconf BuildRequires: automake @@ -345,6 +347,9 @@ #%patch5 %patch6 %patch7 +%if %{without sysffmpeg} +%patch11 +%endif #%patch8 -p1 %if %{without kodi_with_wayland} %patch9
View file
kodi.spec
Changed
@@ -19,7 +19,7 @@ # Please edit kodi.spec and kodi.changes only. *-noX.* files are generated from # kodi.* files with the pre_checkin.sh script %define kodi_version Matrix -%define ffmpeg_version 4.3.1-Matrix-Beta1 +%define ffmpeg_version 4.3.2-Matrix-19.2 %define _kodi_addons_dir %{_datadir}/kodi/addons # set this parameter to enable building Kodi with ccache, debug information, etc. %define dev_build 0 @@ -87,6 +87,8 @@ %if %{without kodi_with_wayland} Patch9: kodi-disable-wayland.patch %endif +Patch10: ffmpeg-4.3.1-ogg.patch +Patch11: kodi-apply-ffmpeg.patch BuildRequires: autoconf BuildRequires: automake @@ -345,6 +347,9 @@ #%patch5 %patch6 %patch7 +%if %{without sysffmpeg} +%patch11 +%endif #%patch8 -p1 %if %{without kodi_with_wayland} %patch9
View file
ffmpeg-4.3.1-ogg.patch
Added
@@ -0,0 +1,361 @@ +From cec779723072f32a37ccfabe5488ffe2228f4ea0 Mon Sep 17 00:00:00 2001 +From: Marton Balint <cus@passwd.hu> +Date: Sun, 20 Sep 2020 09:32:44 +0200 +Subject: PATCH 1/8 avformat/aviobuf: write data into the IO buffer till the + very end of the buffer + +There was an off-by-one error when checking if the IO buffer still has enough +space till the end. One more byte can be safely written. + +Signed-off-by: Marton Balint <cus@passwd.hu> +--- + libavformat/aviobuf.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git libavformat/aviobuf.c libavformat/aviobuf.c +index a48ceebaef..aab3f1ef00 100644 +--- libavformat/aviobuf.c ++++ libavformat/aviobuf.c +@@ -528,7 +528,7 @@ static void fill_buffer(AVIOContext *s) + { + int max_buffer_size = s->max_packet_size ? + s->max_packet_size : IO_BUFFER_SIZE; +- uint8_t *dst = s->buf_end - s->buffer + max_buffer_size < s->buffer_size ? ++ uint8_t *dst = s->buf_end - s->buffer + max_buffer_size <= s->buffer_size ? + s->buf_end : s->buffer; + int len = s->buffer_size - (dst - s->buffer); + +-- +2.35.3 + + +From 09e3cc9889ae7d4aad6a8a9c624d1e23499c0f0b Mon Sep 17 00:00:00 2001 +From: Marton Balint <cus@passwd.hu> +Date: Sat, 26 Sep 2020 19:20:50 +0200 +Subject: PATCH 2/8 avformat/aviobuf: check if requested seekback buffer is + already read + +Existing code did not check if the requested seekback buffer is +already read entirely. In this case, nothing has to be done to guarantee +seekback. + +Signed-off-by: Marton Balint <cus@passwd.hu> +--- + libavformat/aviobuf.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git libavformat/aviobuf.c libavformat/aviobuf.c +index aab3f1ef00..de047c44f6 100644 +--- libavformat/aviobuf.c ++++ libavformat/aviobuf.c +@@ -987,6 +987,9 @@ int ffio_ensure_seekback(AVIOContext *s, int64_t buf_size) + int filled = s->buf_end - s->buffer; + ptrdiff_t checksum_ptr_offset = s->checksum_ptr ? s->checksum_ptr - s->buffer : -1; + ++ if (buf_size <= s->buf_end - s->buf_ptr) ++ return 0; ++ + buf_size += s->buf_ptr - s->buffer + max_buffer_size; + + if (buf_size < filled || s->seekable || !s->read_packet) +-- +2.35.3 + + +From 5ee650fd6c5276e3977ad9f856146053e16b23e5 Mon Sep 17 00:00:00 2001 +From: Marton Balint <cus@passwd.hu> +Date: Sun, 20 Sep 2020 00:01:48 +0200 +Subject: PATCH 3/8 avformat/aviobuf: fix checks in ffio_ensure_seekback + +The new buf_size was detemined too conservatively, maybe because of the +off-by-one issue which was fixed recently in fill_buffer. We can safely +substract 1 more from the new buffer size, because max_buffer_size space must +only be guaranteed when we are reading the last byte of the requested window. + +Comparing the new buf_size against filled did not make a lot of sense, what +makes sense is that we want to reallocate the buffer if the new buf_size is +bigger than the old, therefore the change in the check. + +Signed-off-by: Marton Balint <cus@passwd.hu> +--- + libavformat/aviobuf.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git libavformat/aviobuf.c libavformat/aviobuf.c +index de047c44f6..c8be9122a7 100644 +--- libavformat/aviobuf.c ++++ libavformat/aviobuf.c +@@ -990,9 +990,9 @@ int ffio_ensure_seekback(AVIOContext *s, int64_t buf_size) + if (buf_size <= s->buf_end - s->buf_ptr) + return 0; + +- buf_size += s->buf_ptr - s->buffer + max_buffer_size; ++ buf_size += s->buf_ptr - s->buffer + max_buffer_size - 1; + +- if (buf_size < filled || s->seekable || !s->read_packet) ++ if (buf_size <= s->buffer_size || s->seekable || !s->read_packet) + return 0; + av_assert0(!s->write_flag); + +-- +2.35.3 + + +From 11f324f1db3976f726ff850196200176b7f31c0f Mon Sep 17 00:00:00 2001 +From: Marton Balint <cus@passwd.hu> +Date: Mon, 28 Sep 2020 23:48:34 +0200 +Subject: PATCH 4/8 avformat/aviobuf: discard part of the IO buffer in + ffio_ensure_seekback if needed + +Previously ffio_ensure_seekback never flushed the buffer, so successive +ffio_ensure_seekback calls were all respected. This could eventually cause +unlimited memory and CPU usage if a demuxer called ffio_ensure_seekback on all +it's read data. + +Most demuxers however only rely on being able to seek back till the position of +the last ffio_ensure_seekback call, therefore we change the semantics of +ffio_ensure_seekback so that a new call can invalidate seek guarantees of the +old. In order to support some level of "nested" ffio_ensure_seekback calls, we +document that the function only invalidates the old window (and potentially +discards the already read data from the IO buffer), if the newly requested +window does not fit into the old one. + +This way we limit the memory usage for ffio_ensure_seekback calls requesting +consecutive data windows. + +Signed-off-by: Marton Balint <cus@passwd.hu> +--- + libavformat/avio_internal.h | 4 +++- + libavformat/aviobuf.c | 27 +++++++++++++++++---------- + 2 files changed, 20 insertions(+), 11 deletions(-) + +diff --git libavformat/avio_internal.h libavformat/avio_internal.h +index c575df8035..fe87f2a288 100644 +--- libavformat/avio_internal.h ++++ libavformat/avio_internal.h +@@ -100,7 +100,9 @@ int ffio_realloc_buf(AVIOContext *s, int buf_size); + * + * Will ensure that when reading sequentially up to buf_size, seeking + * within the current pos and pos+buf_size is possible. +- * Once the stream position moves outside this window this guarantee is lost. ++ * Once the stream position moves outside this window or another ++ * ffio_ensure_seekback call requests a buffer outside this window this ++ * guarantee is lost. + */ + int ffio_ensure_seekback(AVIOContext *s, int64_t buf_size); + +diff --git libavformat/aviobuf.c libavformat/aviobuf.c +index c8be9122a7..d3e07ed38f 100644 +--- libavformat/aviobuf.c ++++ libavformat/aviobuf.c +@@ -979,35 +979,42 @@ URLContext* ffio_geturlcontext(AVIOContext *s) + return NULL; + } + ++static void update_checksum(AVIOContext *s) ++{ ++ if (s->update_checksum && s->buf_ptr > s->checksum_ptr) { ++ s->checksum = s->update_checksum(s->checksum, s->checksum_ptr, ++ s->buf_ptr - s->checksum_ptr); ++ } ++} ++ + int ffio_ensure_seekback(AVIOContext *s, int64_t buf_size) + { + uint8_t *buffer; + int max_buffer_size = s->max_packet_size ? + s->max_packet_size : IO_BUFFER_SIZE; +- int filled = s->buf_end - s->buffer; +- ptrdiff_t checksum_ptr_offset = s->checksum_ptr ? s->checksum_ptr - s->buffer : -1; ++ ptrdiff_t filled = s->buf_end - s->buf_ptr; + + if (buf_size <= s->buf_end - s->buf_ptr) + return 0; + +- buf_size += s->buf_ptr - s->buffer + max_buffer_size - 1; ++ buf_size += max_buffer_size - 1; + +- if (buf_size <= s->buffer_size || s->seekable || !s->read_packet) ++ if (buf_size + s->buf_ptr - s->buffer <= s->buffer_size || s->seekable || !s->read_packet) + return 0; + av_assert0(!s->write_flag); + ++ buf_size = FFMAX(buf_size, s->buffer_size); + buffer = av_malloc(buf_size); + if (!buffer) + return AVERROR(ENOMEM); +- +- memcpy(buffer, s->buffer, filled); ++ update_checksum(s); ++ memcpy(buffer, s->buf_ptr, filled); + av_free(s->buffer); +- s->buf_ptr = buffer + (s->buf_ptr - s->buffer); +- s->buf_end = buffer + (s->buf_end - s->buffer); + s->buffer = buffer; + s->buffer_size = buf_size; +- if (checksum_ptr_offset >= 0) +- s->checksum_ptr = s->buffer + checksum_ptr_offset; ++ s->buf_ptr = s->buffer; ++ s->buf_end = s->buffer + filled;
View file
kodi-apply-ffmpeg.patch
Added
@@ -0,0 +1,12 @@ +--- cmake/modules/FindFFMPEG.cmake ++++ cmake/modules/FindFFMPEG.cmake 2022-08-08 09:29:09.304709798 +0000 +@@ -272,7 +272,8 @@ if(NOT FFMPEG_FOUND) + ${CROSS_ARGS} + ${FFMPEG_OPTIONS} + -DPKG_CONFIG_PATH=${CMAKE_BINARY_DIR}/${CORE_BUILD_DIR}/lib/pkgconfig +- PATCH_COMMAND ${CMAKE_COMMAND} -E copy ++ PATCH_COMMAND patch -p0 -i /home/abuild/rpmbuild/SOURCES/ffmpeg-4.3.1-ogg.patch && ++ ${CMAKE_COMMAND} -E copy + ${CMAKE_SOURCE_DIR}/tools/depends/target/ffmpeg/CMakeLists.txt + <SOURCE_DIR> && + ${CMAKE_COMMAND} -E copy
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/Changelog -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/Changelog
Changed
@@ -1,6 +1,261 @@ Entries are sorted chronologically from oldest to youngest within each release, releases are sorted from youngest to oldest. +version 4.3.2: + avcodec/hapdec: Change compressed_offset to unsigned 32bit + avformat/rmdec: Check codec_length without overflow + avformat/mov: Check element count in mov_metadata_hmmt() + avcodec/vp8: Move end check into MB loop in vp78_decode_mv_mb_modes() + avcodec/fits: Check gcount and pcount being non negative + avformat/nutdec: Check timebase count against main header length + avformat/electronicarts: Clear partial_packet on error + avformat/r3d: Check samples before computing duration + avcodec/pnm_parser: Check av_image_get_buffer_size() for failure + avformat/wavdec: Consider AV_INPUT_BUFFER_PADDING_SIZE in set_spdif() + avformat/rmdec: Check remaining space in debug av_log() loop + avformat/flvdec: Treat high ts byte as unsigned + avformat/samidec: Sanity check pts + avcodec/jpeg2000dec: Check atom_size in jp2_find_codestream() + avformat/avidec: Use 64bit in get_duration() + avformat/mov: Check for duplicate st3d + avformat/mvdec: Check for EOF in read_index() + avcodec/jpeglsdec: Fix k=16 in ls_get_code_regular() + avformat/id3v2: Check the return from avio_get_str() + avcodec/hevc_sei: Check payload size in decode_nal_sei_message() + libavutil/eval: Remove CONFIG_TRAPV special handling + avformat/wtvdec: Check len in parse_chunks() to avoid overflow + avformat/asfdec_f: Add an additional check for the extradata size + avformat/3dostr: Check sample_rate + avformat/4xm: Make audio_frame_count 64bit + avformat/mov: Use av_mul_q() to avoid integer overflows + avcodec/vp9dsp_template: Fix integer overflows in itxfm_wrapper + avformat/rmdec: Reorder operations to avoid overflow + avcodec/mxpegdec: fix SOF counting + avcodec/rscc: Check inflated_buf size whan it is used + avformat/mvdec: Sanity check SAMPLE_WIDTH + avcodec/nvenc: fix timestamp offset ticks logic + avformat/rmdec: Fix codecdata_length overflow check + avcodec/simple_idct: Fix undefined integer overflow in idct4row() + avformat/wavdec: Check block_align vs. channels before combining them + avformat/tta: Use 64bit intermediate for index + avformat/soxdec: Check channels to be positive + avformat/smacker: Check for too small pts_inc + avformat/sbgdec: Use av_sat_add64() in str_to_time() + avcodec/cscd: Check output len in zlib as in lzo + avcodec/vp3: Check input amount in theora_decode_header() + avformat/wavdec: Check avio_get_str16le() for failure + avformat/flvdec: Check for EOF in amf_skip_tag() + avformat/aiffdec: Check size before subtraction in get_aiff_header() + avformat/electronicarts: More chunk_size checks + avcodec/cfhd: check peak.offset + avformat/tedcaptionsdec: Check for overflow in parse_int() + avformat/nuv: Check channels + avcodec/siren: Increase noise category 5 and 6 + avformat/mpc8: Check size before implicitly converting to int + avformat/nutdec: Fix integer overflow in count computation + avformat/mvi: Use 64bit for testing dimensions + avformat/utils: Check dts in update_initial_timestamps() more + avformat/mpsubdec: Use av_sat_add/sub64() in fracval handling + avformat/flvdec: Check for avio_read() failure in amf_get_string() + avformat/flvdec: Check for nesting depth in amf_skip_tag() + avformat/flvdec: Check for nesting depth in amf_parse_object() + avformat/asfdec_o: Check for EOF in asf_read_marker() + avformat/flvdec: Use av_sat_add64() for pts computation + avformat/utils: Check dts - (1<<pts_wrap_bits) overflow + avformat/bfi: Check chunk_header + avformat/ads: Check size + avformat/iff: Check block align also for ID_MAUD + avcodec/utils: Check for integer overflow in get_audio_frame_duration() for ADPCM_DTK + avformat/fitsdec: Better size checks + avformat/mxfdec: Fix integer overflow in next position in mxf_read_local_tags() + avformat/avidec: dv does not support palettes + avformat/dhav: Break out of infinite dhav search loop + libavformat/utils: consider avio_size() failure in ffio_limit() + avformat/nistspheredec: Check bits_per_coded_sample and channels + avformat/asfdec_o: Check size vs. offset in detect_unknown_subobject() + avformat/utils: check for integer overflow in av_get_frame_filename2() + avutil/timecode: Avoid undefined behavior with large framenum + avformat/mov: Check a.size before computing next_root_atom + avformat/sbgdec: Reduce the amount of floating point in str_to_time() + avformat/mxfdec: Free all types for both Descriptors + uavformat/rsd: check for EOF in extradata + avcodec/wmaprodec: Check packet size + avformat/dhav: Check position for overflow + avcodec/rasc: Check frame before clearing + avformat/vividas: Check number of audio channels + avcodec/alsdec: Fix integer overflow with quant_cof + avformat/mpegts: Fix argument type for av_log + avformat/cafdec: clip sample rate + avcodec/ffv1dec: Fix off by 1 error with quant tables + avformat/mpegts: Increase pcr_incr width to 64bit + avcodec/utils: Check bitrate for overflow in get_bit_rate() + avformat/mov: Check if hoov is at the end + avcodec/hevc_ps: check scaling_list_dc_coef + avformat/iff: Check data_size + avformat/matroskadec: Sanity check codec_id/track type + avformat/rpl: Check the number of streams + avformat/vividas: Check sample_rate + avformat/vividas: Make len signed + avcodec/h264idct_template: Fix integer overflow in ff_h264_chroma422_dc_dequant_idct() + avformat/dsfdec: Check block_align more completely + avformat/mpc8: Check remaining space in mpc8_parse_seektable() + avformat/id3v2: Sanity check tlen before alloc and uncompress + avformat/vqf: Check len for COMM chunks + avformat/mov: Avoid overflow in end computation in mov_read_custom() + avcodec/hevc_cabac: Limit value in coeff_abs_level_remaining_decode() tighter + avformat/cafdec: Check the return code from av_add_index_entry() + avformat/cafdec: Check for EOF in index read loop + avformat/cafdec: Check that bytes_per_packet and frames_per_packet are non negative + avformat/mpc8: correct integer overflow in mpc8_parse_seektable() + avformat/mpc8: correct 32bit timestamp truncation + avcodec/exr: Check ymin vs. h + avformat/avs: Use 64bit for the avio_tell() output + avformat/wavdec: More complete size check in find_guid() + avcodec/mv30: Use unsigned in idct_1d() + avformat/iff: Check size before skip + avformat/rmdec: Check for EOF in index packet reading + avcodec/vp3dsp: Use unsigned constant to avoid undefined integer overflow in ff_vp3dsp_set_bounding_values() + avformat/icodec: Check for zero streams and stream creation failure + avformat/icodec: Factor failure code out in read_header() + avformat/bintext: Check width + avformat/sbgdec: Check that end is not before start + avformat/lvfdec: Check stream_index before use + avformat/au: cleanup on EOF return in au_read_annotation() + avformat/mpegts: Limit copied data to space + avformat/bintext: Check width in idf_read_header() + avformat/iff: check size against INT64_MAX + avformat/vividas: improve extradata packing checks in track_header() + avformat/paf: Check for EOF in read_table() + avformat/gxf: Check pkt_len + avformat/aiffdec: Check packet size + avformat/concatdec: use av_strstart() + avformat/wavdec: Refuse to read chunks bigger than the filesize in w64_read_header() + avformat/rsd: Check size and start before computing duration + avformat/vividas: better check of current_sb_entry + avformat/iff: More completely check body_size + avformat/vividas use avpriv_set_pts_info() + avformat/xwma: Check for EOF in dpds_table read code + avcodec/utils: Check sample rate before use for AV_CODEC_ID_BINKAUDIO_DCT in get_audio_frame_duration() + avcodec/dirac_parser: do not offset AV_NOPTS_OFFSET + avformat/rmdec: Make expected_len 64bit + avformat/pcm: Check block_align + avformat/lrcdec: Clip timestamps + avutil/mathematics: Use av_sat_add64() for the last addition in av_add_stable() + avformat/electronicarts: Check for EOF in each iteration of the loop in ea_read_packet() + avformat/ifv: Check that total frames do not overflow + avcodec/vp9dsp_template: Fix some overflows in iadst8_1d() + avcodec/fits: Check bscale + avformat/nistspheredec: Check bps + avformat/jacosubdec: Use 64bit inside get_shift() + avformat/genh: Check block_align + avformat/mvi: Check count for overflow + avcodec/magicyuv: Check slice size before reading flags and pred + avformat/asfdec_f: Check for negative ext_len + avformat/bethsoftvid: Check image dimensions before use + avformat/genh: Check block_align for how it will be used in SDX2_DPCM + avformat/au: Check for EOF in au_read_annotation() + avformat/vividas: Check for zero v_size + avformat/segafilm: Do not assume AV_CODEC_ID_NONE is 0 + avformat/segafilm: Check that there is a stream + avformat/wtvdec: Check dir_length + avformat/ffmetadec: finalize AVBPrint on errors + avcodec/decode/ff_get_buffer: Check for overflow in FFALIGN() + avcodec/exr: Check limits to avoid overflow in delta computation + avformat/boadec: Check that channels and block_align are set + avformat/asfdec_f: Check name_len for overflow + avcodec/h264idct_template: Fix integer overflow in ff_h264_chroma422_dc_dequant_idct() + avformat/sbgdec: Check for timestamp overflow in parse_time_sequence() + avcodec/aacdec_fixed: Limit index in vector_pow43() + avformat/kvag: Fix integer overflow in bitrate computation + avcodec/h264_slice: fix undefined integer overflow with POC in error concealment + avformat/rmdec: sanity check coded_framesize + avformat/flvdec: Check for EOF in amf_parse_object() + avcodec/mv30: Fix multiple integer overflows + avcodec/smacker: Check remaining bits in SMK_BLK_FULL + avcodec/cook: Check subpacket index against max + avcodec/utils: Check for overflow with ATRAC* in get_audio_frame_duration() + avcodec/hevcpred_template: Fix diagonal chroma availability in 4:2:2 edge case in intra_pred + avformat/icodec: Change order of operations to avoid NULL dereference + avcodec/exr: Fix overflow with many blocks + avcodec/vp9dsp_template: Fix integer overflows in idct16_1d() + avcodec/ansi: Check initial dimensions + avcodec/hevcdec: Check slice_cb_qp_offset / slice_cr_qp_offset + avcodec/sonic: Check for overread + avformat/subviewerdec: fail on AV_NOPTS_VALUE + avcodec/exr: Check line size for overflow + avcodec/exr: Check xdelta, ydelta + avcodec/celp_filters: Avoid invalid negation in ff_celp_lp_synthesis_filter() + avcodec/takdsp: Fix negative shift in decorrelate_sf() + avcodec/dxtory: Fix negative stride shift in dx2_decode_slice_420() + avformat/asfdec_f: Change order or operations slightly + avformat/dxa: Use av_rescale() for duration computation + avcodec/vc1_block: Fix integer overflow in ac value + avcodec/mv30: Fix several integer overflows in idct_1d() + avformat/iff: Check data_size not overflowing int64 + avcodec/dxtory: Fix negative shift in dx2_decode_slice_410() + avcodec/sonic: Check channels before deallocating + avformat/vividas: Check for EOF in first loop in track_header() + avformat/wvdec: Check rate for overflow + avcodec/ansi: Check nb_args for overflow
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/RELEASE -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/RELEASE
Changed
@@ -1,1 +1,1 @@ -4.3.1 +4.3.2
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/configure -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/configure
Changed
@@ -7513,7 +7513,7 @@ #define FFMPEG_CONFIG_H #define FFMPEG_CONFIGURATION "$(c_escape $FFMPEG_CONFIGURATION)" #define FFMPEG_LICENSE "$(c_escape $license)" -#define CONFIG_THIS_YEAR 2020 +#define CONFIG_THIS_YEAR 2021 #define FFMPEG_DATADIR "$(eval c_escape $datadir)" #define AVCONV_DATADIR "$(eval c_escape $datadir)" #define CC_IDENT "$(c_escape ${cc_ident:-Unknown compiler})"
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/doc/Doxyfile -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/doc/Doxyfile
Changed
@@ -38,7 +38,7 @@ # could be handy for archiving the generated documentation or if some version # control system is used. -PROJECT_NUMBER = 4.3.1 +PROJECT_NUMBER = 4.3.2 # Using the PROJECT_BRIEF tag one can provide an optional one line description # for a project that appears at the top of each page and should give viewer a
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/aacdec_fixed.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/aacdec_fixed.c
Changed
@@ -155,9 +155,9 @@ for (i=0; i<len; i++) { coef = coefsi; if (coef < 0) - coef = -(int)ff_cbrt_tab_fixed-coef; + coef = -(int)ff_cbrt_tab_fixed(-coef) & 8191; else - coef = (int)ff_cbrt_tab_fixedcoef; + coef = (int)ff_cbrt_tab_fixed coef & 8191; coefsi = coef; } }
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/agm.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/agm.c
Changed
@@ -423,8 +423,8 @@ int map = s->mapx; if (orig_mv_x >= -32) { - if (y * 8 + mv_y < 0 || y * 8 + mv_y + 8 >= h || - x * 8 + mv_x < 0 || x * 8 + mv_x + 8 >= w) + if (y * 8 + mv_y < 0 || y * 8 + mv_y + 8 > h || + x * 8 + mv_x < 0 || x * 8 + mv_x + 8 > w) return AVERROR_INVALIDDATA; copy_block8(frame->dataplane + (s->blocks_h - 1 - y) * 8 * frame->linesizeplane + x * 8,
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/alac.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/alac.c
Changed
@@ -302,6 +302,9 @@ decorr_shift = get_bits(&alac->gb, 8); decorr_left_weight = get_bits(&alac->gb, 8); + if (channels == 2 && decorr_left_weight && decorr_shift > 31) + return AVERROR_INVALIDDATA; + for (ch = 0; ch < channels; ch++) { prediction_typech = get_bits(&alac->gb, 4); lpc_quantch = get_bits(&alac->gb, 4);
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/allcodecs.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/allcodecs.c
Changed
@@ -679,9 +679,7 @@ /* external libraries */ extern AVCodec ff_aac_at_encoder; extern AVCodec ff_aac_at_decoder; -extern AVCodec ff_aac_mf_encoder; extern AVCodec ff_ac3_at_decoder; -extern AVCodec ff_ac3_mf_encoder; extern AVCodec ff_adpcm_ima_qt_at_decoder; extern AVCodec ff_alac_at_encoder; extern AVCodec ff_alac_at_decoder; @@ -693,7 +691,6 @@ extern AVCodec ff_mp1_at_decoder; extern AVCodec ff_mp2_at_decoder; extern AVCodec ff_mp3_at_decoder; -extern AVCodec ff_mp3_mf_encoder; extern AVCodec ff_pcm_alaw_at_encoder; extern AVCodec ff_pcm_alaw_at_decoder; extern AVCodec ff_pcm_mulaw_at_encoder; @@ -757,6 +754,8 @@ /* external libraries, that shouldn't be used by default if one of the * above is available */ +extern AVCodec ff_aac_mf_encoder; +extern AVCodec ff_ac3_mf_encoder; extern AVCodec ff_h263_v4l2m2m_encoder; extern AVCodec ff_libaom_av1_decoder; extern AVCodec ff_libopenh264_encoder; @@ -789,6 +788,7 @@ extern AVCodec ff_mjpeg_qsv_encoder; extern AVCodec ff_mjpeg_qsv_decoder; extern AVCodec ff_mjpeg_vaapi_encoder; +extern AVCodec ff_mp3_mf_encoder; extern AVCodec ff_mpeg1_cuvid_decoder; extern AVCodec ff_mpeg2_cuvid_decoder; extern AVCodec ff_mpeg2_qsv_encoder;
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/alsdec.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/alsdec.c
Changed
@@ -762,7 +762,7 @@ } for (k = 2; k < opt_order; k++) - quant_cofk = (quant_cofk * (1 << 14)) + (add_base << 13); + quant_cofk = (quant_cofk * (1U << 14)) + (add_base << 13); } }
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/ansi.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/ansi.c
Changed
@@ -431,7 +431,8 @@ s->argss->nb_args = FFMAX(s->argss->nb_args, 0) * 10 + buf0 - '0'; break; case ';': - s->nb_args++; + if (s->nb_args < MAX_NB_ARGS) + s->nb_args++; if (s->nb_args < MAX_NB_ARGS) s->argss->nb_args = 0; break; @@ -474,6 +475,11 @@ return 0; } +static const AVCodecDefault ansi_defaults = { + { "max_pixels", "640*480" }, + { NULL }, +}; + AVCodec ff_ansi_decoder = { .name = "ansi", .long_name = NULL_IF_CONFIG_SMALL("ASCII/ANSI art"), @@ -485,4 +491,5 @@ .decode = decode_frame, .capabilities = AV_CODEC_CAP_DR1, .caps_internal = FF_CODEC_CAP_INIT_THREADSAFE, + .defaults = ansi_defaults, };
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/cbs_av1.h -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/cbs_av1.h
Changed
@@ -158,8 +158,8 @@ uint8_t use_superres; uint8_t coded_denom; uint8_t render_and_frame_size_different; - uint8_t render_width_minus_1; - uint8_t render_height_minus_1; + uint16_t render_width_minus_1; + uint16_t render_height_minus_1; uint8_t found_refAV1_REFS_PER_FRAME; @@ -429,6 +429,7 @@ int operating_point_idc; int bit_depth; + int order_hint; int frame_width; int frame_height; int upscaled_width;
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/cbs_av1_syntax_template.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/cbs_av1_syntax_template.c
Changed
@@ -366,7 +366,7 @@ for (i = 0; i < AV1_NUM_REF_FRAMES; i++) shifted_order_hintsi = cur_frame_hint + cbs_av1_get_relative_dist(seq, priv->refi.order_hint, - current->order_hint); + priv->order_hint); latest_order_hint = shifted_order_hintscurrent->last_frame_idx; earliest_order_hint = shifted_order_hintscurrent->golden_frame_idx; @@ -541,7 +541,7 @@ } priv->upscaled_width = ref->upscaled_width; - priv->frame_width = ref->frame_width; + priv->frame_width = priv->upscaled_width; priv->frame_height = ref->frame_height; priv->render_width = ref->render_width; priv->render_height = ref->render_height; @@ -993,7 +993,7 @@ for (i = 0; i < AV1_REFS_PER_FRAME; i++) { ref_hint = priv->refcurrent->ref_frame_idxi.order_hint; dist = cbs_av1_get_relative_dist(seq, ref_hint, - current->order_hint); + priv->order_hint); if (dist < 0) { if (forward_idx < 0 || cbs_av1_get_relative_dist(seq, ref_hint, @@ -1261,10 +1261,10 @@ flag(show_existing_frame); if (current->show_existing_frame) { - AV1ReferenceFrameState *frame; + AV1ReferenceFrameState *ref; fb(3, frame_to_show_map_idx); - frame = &priv->refcurrent->frame_to_show_map_idx; + ref = &priv->refcurrent->frame_to_show_map_idx; if (seq->decoder_model_info_present_flag && !seq->timing_info.equal_picture_interval) { @@ -1275,12 +1275,24 @@ if (seq->frame_id_numbers_present_flag) fb(id_len, display_frame_id); - if (frame->frame_type == AV1_FRAME_KEY) + infer(frame_type, ref->frame_type); + if (current->frame_type == AV1_FRAME_KEY) { infer(refresh_frame_flags, all_frames); - else + + // Section 7.21 + infer(current_frame_id, ref->frame_id); + priv->upscaled_width = ref->upscaled_width; + priv->frame_width = ref->frame_width; + priv->frame_height = ref->frame_height; + priv->render_width = ref->render_width; + priv->render_height = ref->render_height; + priv->bit_depth = ref->bit_depth; + priv->order_hint = ref->order_hint; + } else infer(refresh_frame_flags, 0); - return 0; + // Section 7.20 + goto update_refs; } fb(2, frame_type); @@ -1366,6 +1378,7 @@ fb(order_hint_bits, order_hint); else infer(order_hint, 0); + priv->order_hint = current->order_hint; if (frame_is_intra || current->error_resilient_mode) infer(primary_ref_frame, AV1_PRIMARY_REF_NONE); @@ -1381,7 +1394,7 @@ int in_temporal_layer = (op_pt_idc >> priv->temporal_id ) & 1; int in_spatial_layer = (op_pt_idc >> (priv->spatial_id + 8)) & 1; if (seq->operating_point_idci == 0 || - in_temporal_layer || in_spatial_layer) { + (in_temporal_layer && in_spatial_layer)) { fbs(seq->decoder_model_info.buffer_removal_time_length_minus_1 + 1, buffer_removal_timei, 1, i); } @@ -1541,6 +1554,16 @@ CHECK(FUNC(film_grain_params)(ctx, rw, current)); + av_log(ctx->log_ctx, AV_LOG_DEBUG, "Frame %d: size %dx%d " + "upscaled %d render %dx%d subsample %dx%d " + "bitdepth %d tiles %dx%d.\n", priv->order_hint, + priv->frame_width, priv->frame_height, priv->upscaled_width, + priv->render_width, priv->render_height, + seq->color_config.subsampling_x + 1, + seq->color_config.subsampling_y + 1, priv->bit_depth, + priv->tile_rows, priv->tile_cols); + +update_refs: for (i = 0; i < AV1_NUM_REF_FRAMES; i++) { if (current->refresh_frame_flags & (1 << i)) { priv->refi = (AV1ReferenceFrameState) { @@ -1555,20 +1578,11 @@ .subsampling_x = seq->color_config.subsampling_x, .subsampling_y = seq->color_config.subsampling_y, .bit_depth = priv->bit_depth, - .order_hint = current->order_hint, + .order_hint = priv->order_hint, }; } } - av_log(ctx->log_ctx, AV_LOG_DEBUG, "Frame %d: size %dx%d " - "upscaled %d render %dx%d subsample %dx%d " - "bitdepth %d tiles %dx%d.\n", current->order_hint, - priv->frame_width, priv->frame_height, priv->upscaled_width, - priv->render_width, priv->render_height, - seq->color_config.subsampling_x + 1, - seq->color_config.subsampling_y + 1, priv->bit_depth, - priv->tile_rows, priv->tile_cols); - return 0; }
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/celp_filters.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/celp_filters.c
Changed
@@ -65,11 +65,11 @@ int i,n; for (n = 0; n < buffer_length; n++) { - int sum = -rounder, sum1; + int sum = rounder, sum1; for (i = 1; i <= filter_length; i++) - sum += (unsigned)(filter_coeffsi-1 * outn-i); + sum -= (unsigned)(filter_coeffsi-1 * outn-i); - sum1 = ((-sum >> 12) + inn) >> shift; + sum1 = ((sum >> 12) + inn) >> shift; sum = av_clip_int16(sum1); if (stop_on_overflow && sum != sum1)
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/cfhd.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/cfhd.c
Changed
@@ -503,6 +503,10 @@ avpriv_report_missing_feature(avctx, "Transform type of %"PRIu16, data); ret = AVERROR_PATCHWELCOME; break; + } else if (data == 1) { + av_log(avctx, AV_LOG_ERROR, "unsupported transform type\n"); + ret = AVERROR_PATCHWELCOME; + break; } av_log(avctx, AV_LOG_DEBUG, "Transform-type? %"PRIu16"\n", data); } else if (abstag >= 0x4000 && abstag <= 0x40ff) { @@ -607,6 +611,12 @@ s->peak.level = 0; } else if (tag == -74 && s->peak.offset) { s->peak.level = data; + if (s->peak.offset < 4 - bytestream2_tell(&s->peak.base) || + s->peak.offset > 4 + bytestream2_get_bytes_left(&s->peak.base) + ) { + ret = AVERROR_INVALIDDATA; + goto end; + } bytestream2_seek(&s->peak.base, s->peak.offset - 4, SEEK_CUR); } else av_log(avctx, AV_LOG_DEBUG, "Unknown tag %i data %x\n", tag, data);
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/cook.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/cook.c
Changed
@@ -1084,6 +1084,10 @@ ff_audiodsp_init(&q->adsp); while (bytestream2_get_bytes_left(&gb)) { + if (s >= FFMIN(MAX_SUBPACKETS, avctx->block_align)) { + avpriv_request_sample(avctx, "subpackets > %d", FFMIN(MAX_SUBPACKETS, avctx->block_align)); + return AVERROR_PATCHWELCOME; + } /* 8 for mono, 16 for stereo, ? for multichannel Swap to right endianness so we don't need to care later on. */ q->subpackets.cookversion = bytestream2_get_be32(&gb); @@ -1215,10 +1219,6 @@ q->num_subpackets++; s++; - if (s > FFMIN(MAX_SUBPACKETS, avctx->block_align)) { - avpriv_request_sample(avctx, "subpackets > %d", FFMIN(MAX_SUBPACKETS, avctx->block_align)); - return AVERROR_PATCHWELCOME; - } } /* Try to catch some obviously faulty streams, otherwise it might be exploitable */
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/cscd.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/cscd.c
Changed
@@ -93,7 +93,7 @@ case 1: { // zlib compression #if CONFIG_ZLIB unsigned long dlen = c->decomp_size; - if (uncompress(c->decomp_buf, &dlen, &buf2, buf_size - 2) != Z_OK) { + if (uncompress(c->decomp_buf, &dlen, &buf2, buf_size - 2) != Z_OK || dlen != c->decomp_size) { av_log(avctx, AV_LOG_ERROR, "error during zlib decompression\n"); return AVERROR_INVALIDDATA; }
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/cuviddec.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/cuviddec.c
Changed
@@ -88,7 +88,7 @@ CUVIDDECODECAPS caps8, caps10, caps12; CUVIDPARSERPARAMS cuparseinfo; - CUVIDEOFORMATEX cuparse_ext; + CUVIDEOFORMATEX *cuparse_ext; CudaFunctions *cudl; CuvidFunctions *cvdl; @@ -684,6 +684,7 @@ av_buffer_unref(&ctx->hwdevice); av_freep(&ctx->key_frame); + av_freep(&ctx->cuparse_ext); cuvid_free_functions(&ctx->cvdl); @@ -793,6 +794,8 @@ CUVIDSOURCEDATAPACKET seq_pkt; CUcontext cuda_ctx = NULL; CUcontext dummy; + uint8_t *extradata; + int extradata_size; int ret = 0; enum AVPixelFormat pix_fmts3 = { AV_PIX_FMT_CUDA, @@ -889,11 +892,8 @@ ctx->cudl = device_hwctx->internal->cuda_dl; memset(&ctx->cuparseinfo, 0, sizeof(ctx->cuparseinfo)); - memset(&ctx->cuparse_ext, 0, sizeof(ctx->cuparse_ext)); memset(&seq_pkt, 0, sizeof(seq_pkt)); - ctx->cuparseinfo.pExtVideoInfo = &ctx->cuparse_ext; - switch (avctx->codec->id) { #if CONFIG_H264_CUVID_DECODER case AV_CODEC_ID_H264: @@ -947,17 +947,26 @@ if (avctx->codec->bsfs) { const AVCodecParameters *par = avctx->internal->bsf->par_out; - ctx->cuparse_ext.format.seqhdr_data_length = par->extradata_size; - memcpy(ctx->cuparse_ext.raw_seqhdr_data, - par->extradata, - FFMIN(sizeof(ctx->cuparse_ext.raw_seqhdr_data), par->extradata_size)); - } else if (avctx->extradata_size > 0) { - ctx->cuparse_ext.format.seqhdr_data_length = avctx->extradata_size; - memcpy(ctx->cuparse_ext.raw_seqhdr_data, - avctx->extradata, - FFMIN(sizeof(ctx->cuparse_ext.raw_seqhdr_data), avctx->extradata_size)); + extradata = par->extradata; + extradata_size = par->extradata_size; + } else { + extradata = avctx->extradata; + extradata_size = avctx->extradata_size; + } + + ctx->cuparse_ext = av_mallocz(sizeof(*ctx->cuparse_ext) + + FFMAX(extradata_size - (int)sizeof(ctx->cuparse_ext->raw_seqhdr_data), 0)); + if (!ctx->cuparse_ext) { + ret = AVERROR(ENOMEM); + goto error; } + if (extradata_size > 0) + memcpy(ctx->cuparse_ext->raw_seqhdr_data, extradata, extradata_size); + ctx->cuparse_ext->format.seqhdr_data_length = extradata_size; + + ctx->cuparseinfo.pExtVideoInfo = ctx->cuparse_ext; + ctx->key_frame = av_mallocz(ctx->nb_surfaces * sizeof(int)); if (!ctx->key_frame) { ret = AVERROR(ENOMEM); @@ -986,8 +995,8 @@ if (ret < 0) goto error; - seq_pkt.payload = ctx->cuparse_ext.raw_seqhdr_data; - seq_pkt.payload_size = ctx->cuparse_ext.format.seqhdr_data_length; + seq_pkt.payload = ctx->cuparse_ext->raw_seqhdr_data; + seq_pkt.payload_size = ctx->cuparse_ext->format.seqhdr_data_length; if (seq_pkt.payload && seq_pkt.payload_size) { ret = CHECK_CU(ctx->cvdl->cuvidParseVideoData(ctx->cuparser, &seq_pkt)); @@ -1046,8 +1055,8 @@ if (ret < 0) goto error; - seq_pkt.payload = ctx->cuparse_ext.raw_seqhdr_data; - seq_pkt.payload_size = ctx->cuparse_ext.format.seqhdr_data_length; + seq_pkt.payload = ctx->cuparse_ext->raw_seqhdr_data; + seq_pkt.payload_size = ctx->cuparse_ext->format.seqhdr_data_length; if (seq_pkt.payload && seq_pkt.payload_size) { ret = CHECK_CU(ctx->cvdl->cuvidParseVideoData(ctx->cuparser, &seq_pkt));
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/decode.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/decode.c
Changed
@@ -1858,7 +1858,8 @@ int ret; if (avctx->codec_type == AVMEDIA_TYPE_VIDEO) { - if ((ret = av_image_check_size2(FFALIGN(avctx->width, STRIDE_ALIGN), avctx->height, avctx->max_pixels, AV_PIX_FMT_NONE, 0, avctx)) < 0 || avctx->pix_fmt<0) { + if ((unsigned)avctx->width > INT_MAX - STRIDE_ALIGN || + (ret = av_image_check_size2(FFALIGN(avctx->width, STRIDE_ALIGN), avctx->height, avctx->max_pixels, AV_PIX_FMT_NONE, 0, avctx)) < 0 || avctx->pix_fmt<0) { av_log(avctx, AV_LOG_ERROR, "video_get_buffer: image parameters invalid\n"); ret = AVERROR(EINVAL); goto fail;
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/dirac_parser.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/dirac_parser.c
Changed
@@ -215,7 +215,7 @@ int64_t pts = AV_RB32(cur_pu + 13); if (s->last_pts == 0 && s->last_dts == 0) s->dts = pts - 1; - else + else if (s->last_dts != AV_NOPTS_VALUE) s->dts = s->last_dts + 1; s->pts = pts; if (!avctx->has_b_frames && (cur_pu4 & 0x03))
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/diracdsp.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/diracdsp.c
Changed
@@ -198,9 +198,9 @@ PX c, sign, *src_r = (PX *)src, *dst_r = (PX *)dst; \ for (i = 0; i < tot_h; i++) { \ c = *src_r++; \ - sign = FFSIGN(c)*(!!c); \ - c = (FFABS(c)*(unsigned)qf + qs) >> 2; \ - *dst_r++ = c*sign; \ + if (c < 0) c = -((-(unsigned)c*qf + qs) >> 2); \ + else if(c > 0) c = (( (unsigned)c*qf + qs) >> 2); \ + *dst_r++ = c; \ } \ src += tot_h << (sizeof(PX) >> 1); \ dst += stride; \
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/dxtory.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/dxtory.c
Changed
@@ -456,7 +456,7 @@ Vx >> 2 = decode_sym(gb, lru2) ^ 0x80; } - Y += ystride << 2; + Y += ystride * 4; U += ustride; V += vstride; } @@ -501,7 +501,7 @@ Vx >> 1 = decode_sym(gb, lru2) ^ 0x80; } - Y += ystride << 1; + Y += ystride * 2; U += ustride; V += vstride; }
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/exr.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/exr.c
Changed
@@ -1051,6 +1051,9 @@ if ((col + td->xsize) != s->xdelta)/* not the last tile of the line */ axmax = 0; /* doesn't add pixel at the right of the datawindow */ + if (td->xsize * (uint64_t)s->current_channel_offset > INT_MAX) + return AVERROR_INVALIDDATA; + td->channel_line_size = td->xsize * s->current_channel_offset;/* uncompress size of one line */ uncompressed_size = td->channel_line_size * (uint64_t)td->ysize;/* uncompress size of the block */ } else { @@ -1070,6 +1073,9 @@ td->ysize = FFMIN(s->scan_lines_per_block, s->ymax - line + 1); /* s->ydelta - line ?? */ td->xsize = s->xdelta; + if (td->xsize * (uint64_t)s->current_channel_offset > INT_MAX) + return AVERROR_INVALIDDATA; + td->channel_line_size = td->xsize * s->current_channel_offset;/* uncompress size of one line */ uncompressed_size = td->channel_line_size * (uint64_t)td->ysize;/* uncompress size of the block */ @@ -1493,15 +1499,27 @@ continue; } else if ((var_size = check_header_variable(s, "dataWindow", "box2i", 31)) >= 0) { + int xmin, ymin, xmax, ymax; if (!var_size) { ret = AVERROR_INVALIDDATA; goto fail; } - s->xmin = bytestream2_get_le32(&s->gb); - s->ymin = bytestream2_get_le32(&s->gb); - s->xmax = bytestream2_get_le32(&s->gb); - s->ymax = bytestream2_get_le32(&s->gb); + xmin = bytestream2_get_le32(&s->gb); + ymin = bytestream2_get_le32(&s->gb); + xmax = bytestream2_get_le32(&s->gb); + ymax = bytestream2_get_le32(&s->gb); + + if (xmin > xmax || ymin > ymax || + (unsigned)xmax - xmin >= INT_MAX || + (unsigned)ymax - ymin >= INT_MAX) { + ret = AVERROR_INVALIDDATA; + goto fail; + } + s->xmin = xmin; + s->xmax = xmax; + s->ymin = ymin; + s->ymax = ymax; s->xdelta = (s->xmax - s->xmin) + 1; s->ydelta = (s->ymax - s->ymin) + 1; @@ -1734,7 +1752,9 @@ s->ymin > s->ymax || s->xdelta != s->xmax - s->xmin + 1 || s->xmax >= s->w || - s->ymax >= s->h) { + s->ymax >= s->h || + s->ydelta == 0xFFFFFFFF || s->xdelta == 0xFFFFFFFF + ) { av_log(avctx, AV_LOG_ERROR, "Wrong or missing size information.\n"); return AVERROR_INVALIDDATA; } @@ -1765,7 +1785,7 @@ if ((ret = ff_thread_get_buffer(avctx, &frame, 0)) < 0) return ret; - if (bytestream2_get_bytes_left(&s->gb) < nb_blocks * 8) + if (bytestream2_get_bytes_left(&s->gb)/8 < nb_blocks) return AVERROR_INVALIDDATA; // check offset table and recreate it if need @@ -1794,7 +1814,7 @@ // Zero out the start if ymin is not 0 for (i = 0; i < planes; i++) { ptr = picture->datai; - for (y = 0; y < s->ymin; y++) { + for (y = 0; y < FFMIN(s->ymin, s->h); y++) { memset(ptr, 0, out_line_size); ptr += picture->linesizei; }
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/ffv1dec.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/ffv1dec.c
Changed
@@ -786,7 +786,7 @@ if (f->version == 2) { int idx = get_symbol(c, state, 0); - if (idx > (unsigned)f->quant_table_count) { + if (idx >= (unsigned)f->quant_table_count) { av_log(f->avctx, AV_LOG_ERROR, "quant_table_index out of range\n"); return AVERROR_INVALIDDATA;
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/ffwavesynth.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/ffwavesynth.c
Changed
@@ -373,7 +373,7 @@ in->amp += in->damp; switch (in->type) { case WS_SINE: - val = amp * ws->sinin->phi >> (64 - SIN_BITS); + val = amp * (unsigned)ws->sinin->phi >> (64 - SIN_BITS); in->phi += in->dphi; in->dphi += in->ddphi; break;
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/fits.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/fits.c
Changed
@@ -187,6 +187,8 @@ header->blank = t; header->blank_found = 1; } else if (!strcmp(keyword, "BSCALE") && sscanf(value, "%lf", &d) == 1) { + if (d <= 0) + return AVERROR_INVALIDDATA; header->bscale = d; } else if (!strcmp(keyword, "BZERO") && sscanf(value, "%lf", &d) == 1) { header->bzero = d; @@ -203,8 +205,12 @@ } else if (!strcmp(keyword, "GROUPS") && sscanf(value, "%c", &c) == 1) { header->groups = (c == 'T'); } else if (!strcmp(keyword, "GCOUNT") && sscanf(value, "%"SCNd64"", &t) == 1) { + if (t < 0 || t > INT_MAX) + return AVERROR_INVALIDDATA; header->gcount = t; } else if (!strcmp(keyword, "PCOUNT") && sscanf(value, "%"SCNd64"", &t) == 1) { + if (t < 0 || t > INT_MAX) + return AVERROR_INVALIDDATA; header->pcount = t; } dict_set_if_not_null(metadata, keyword, value);
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/h264_slice.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/h264_slice.c
Changed
@@ -1600,7 +1600,7 @@ prev->f->format, prev->f->width, prev->f->height); - h->short_ref0->poc = prev->poc + 2; + h->short_ref0->poc = prev->poc + 2U; } else if (!h->frame_recovered && !h->avctx->hwaccel) ff_color_frame(h->short_ref0->f, c); h->short_ref0->frame_num = h->poc.prev_frame_num;
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/h264idct_template.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/h264idct_template.c
Changed
@@ -278,13 +278,13 @@ const int stride= 16*2; const int xStride= 16; int i; - int temp8; + unsigned temp8; static const uint8_t x_offset2={0, 16}; dctcoef *block = (dctcoef*)_block; for(i=0; i<4; i++){ - temp2*i+0 = blockstride*i + xStride*0 + blockstride*i + xStride*1; - temp2*i+1 = blockstride*i + xStride*0 - blockstride*i + xStride*1; + temp2*i+0 = blockstride*i + xStride*0 + (unsigned)blockstride*i + xStride*1; + temp2*i+1 = blockstride*i + xStride*0 - (unsigned)blockstride*i + xStride*1; } for(i=0; i<2; i++){
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/hap.h -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/hap.h
Changed
@@ -52,7 +52,7 @@ typedef struct HapChunk { enum HapCompressor compressor; - int compressed_offset; + uint32_t compressed_offset; size_t compressed_size; int uncompressed_offset; size_t uncompressed_size;
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/hapdec.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/hapdec.c
Changed
@@ -105,6 +105,8 @@ size_t running_size = 0; for (i = 0; i < ctx->chunk_count; i++) { ctx->chunksi.compressed_offset = running_size; + if (ctx->chunksi.compressed_size > UINT32_MAX - running_size) + return AVERROR_INVALIDDATA; running_size += ctx->chunksi.compressed_size; } } @@ -186,7 +188,7 @@ HapChunk *chunk = &ctx->chunksi; /* Check the compressed buffer is valid */ - if (chunk->compressed_offset + chunk->compressed_size > bytestream2_get_bytes_left(gbc)) + if (chunk->compressed_offset + (uint64_t)chunk->compressed_size > bytestream2_get_bytes_left(gbc)) return AVERROR_INVALIDDATA; /* Chunks are unpacked sequentially, ctx->tex_size is the uncompressed
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/hevc_cabac.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/hevc_cabac.c
Changed
@@ -998,7 +998,7 @@ } else { int prefix_minus3 = prefix - 3; - if (prefix == CABAC_MAX_BIN || prefix_minus3 + rc_rice_param >= 31) { + if (prefix == CABAC_MAX_BIN || prefix_minus3 + rc_rice_param > 16 + 6) { av_log(s->avctx, AV_LOG_ERROR, "CABAC_MAX_BIN : %d\n", prefix); return 0; }
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/hevc_ps.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/hevc_ps.c
Changed
@@ -816,7 +816,11 @@ next_coef = 8; coef_num = FFMIN(64, 1 << (4 + (size_id << 1))); if (size_id > 1) { - scaling_list_dc_coefsize_id - 2matrix_id = get_se_golomb(gb) + 8; + int scaling_list_coeff_minus8 = get_se_golomb(gb); + if (scaling_list_coeff_minus8 < -7 || + scaling_list_coeff_minus8 > 247) + return AVERROR_INVALIDDATA; + scaling_list_dc_coefsize_id - 2matrix_id = scaling_list_coeff_minus8 + 8; next_coef = scaling_list_dc_coefsize_id - 2matrix_id; sl->sl_dcsize_id - 2matrix_id = next_coef; }
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/hevc_sei.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/hevc_sei.c
Changed
@@ -343,6 +343,8 @@ byte = get_bits(gb, 8); payload_size += byte; } + if (get_bits_left(gb) < 8LL*payload_size) + return AVERROR_INVALIDDATA; if (nal_unit_type == HEVC_NAL_SEI_PREFIX) { return decode_nal_sei_prefix(gb, logctx, s, ps, payload_type, payload_size); } else { /* nal_unit_type == NAL_SEI_SUFFIX */
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/hevcdec.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/hevcdec.c
Changed
@@ -785,6 +785,11 @@ if (s->ps.pps->pic_slice_level_chroma_qp_offsets_present_flag) { sh->slice_cb_qp_offset = get_se_golomb(gb); sh->slice_cr_qp_offset = get_se_golomb(gb); + if (sh->slice_cb_qp_offset < -12 || sh->slice_cb_qp_offset > 12 || + sh->slice_cr_qp_offset < -12 || sh->slice_cr_qp_offset > 12) { + av_log(s->avctx, AV_LOG_ERROR, "Invalid slice cx qp offset.\n"); + return AVERROR_INVALIDDATA; + } } else { sh->slice_cb_qp_offset = 0; sh->slice_cr_qp_offset = 0;
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/hevcpred_template.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/hevcpred_template.c
Changed
@@ -83,6 +83,7 @@ int y = y0 >> vshift; int x_tb = (x0 >> s->ps.sps->log2_min_tb_size) & s->ps.sps->tb_mask; int y_tb = (y0 >> s->ps.sps->log2_min_tb_size) & s->ps.sps->tb_mask; + int spin = c_idx && !size_in_tbs_v && ((2 * y0) & (1 << s->ps.sps->log2_min_tb_size)); int cur_tb_addr = MIN_TB_ADDR_ZS(x_tb, y_tb); @@ -103,11 +104,11 @@ pixel *top = top_array + 1; pixel *filtered_left = filtered_left_array + 1; pixel *filtered_top = filtered_top_array + 1; - int cand_bottom_left = lc->na.cand_bottom_left && cur_tb_addr > MIN_TB_ADDR_ZS( x_tb - 1, (y_tb + size_in_tbs_v) & s->ps.sps->tb_mask); + int cand_bottom_left = lc->na.cand_bottom_left && cur_tb_addr > MIN_TB_ADDR_ZS( x_tb - 1, (y_tb + size_in_tbs_v + spin) & s->ps.sps->tb_mask); int cand_left = lc->na.cand_left; int cand_up_left = lc->na.cand_up_left; int cand_up = lc->na.cand_up; - int cand_up_right = lc->na.cand_up_right && cur_tb_addr > MIN_TB_ADDR_ZS((x_tb + size_in_tbs_h) & s->ps.sps->tb_mask, y_tb - 1); + int cand_up_right = lc->na.cand_up_right && !spin && cur_tb_addr > MIN_TB_ADDR_ZS((x_tb + size_in_tbs_h) & s->ps.sps->tb_mask, y_tb - 1); int bottom_left_size = (FFMIN(y0 + 2 * size_in_luma_v, s->ps.sps->height) - (y0 + size_in_luma_v)) >> vshift;
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/jpeg2000dec.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/jpeg2000dec.c
Changed
@@ -2207,8 +2207,12 @@ return 0; } atom_size = bytestream2_get_be32u(&s->g); + if (atom_size < 16 || (int64_t)bytestream2_tell(&s->g) + atom_size - 16 > INT_MAX) + return AVERROR_INVALIDDATA; atom_end = bytestream2_tell(&s->g) + atom_size - 16; } else { + if (atom_size < 8 || (int64_t)bytestream2_tell(&s->g) + atom_size - 8 > INT_MAX) + return AVERROR_INVALIDDATA; atom_end = bytestream2_tell(&s->g) + atom_size - 8; }
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/jpeglsdec.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/jpeglsdec.c
Changed
@@ -149,7 +149,7 @@ { int k, ret; - for (k = 0; (state->NQ << k) < state->AQ; k++) + for (k = 0; ((unsigned)state->NQ << k) < state->AQ; k++) ; #ifdef JLS_BROKEN
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/magicyuv.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/magicyuv.c
Changed
@@ -695,6 +695,9 @@ s->slicesij.start = offset + header_size; s->slicesij.size = avpkt->size - s->slicesij.start; + + if (s->slicesij.size < 2) + return AVERROR_INVALIDDATA; } if (bytestream2_get_byte(&gbyte) != s->planes)
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/mpc.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/mpc.c
Changed
@@ -75,17 +75,17 @@ j = 0; mul = (mpc_CC+1)bandsi.resch * mpc_SCFbandsi.scf_idxch0 & 0xFF; for(; j < 12; j++) - c->sb_sampleschji = mul * c->Qchj + off; + c->sb_sampleschji = av_clipf(mul * c->Qchj + off, INT32_MIN, INT32_MAX); mul = (mpc_CC+1)bandsi.resch * mpc_SCFbandsi.scf_idxch1 & 0xFF; for(; j < 24; j++) - c->sb_sampleschji = mul * c->Qchj + off; + c->sb_sampleschji = av_clipf(mul * c->Qchj + off, INT32_MIN, INT32_MAX); mul = (mpc_CC+1)bandsi.resch * mpc_SCFbandsi.scf_idxch2 & 0xFF; for(; j < 36; j++) - c->sb_sampleschji = mul * c->Qchj + off; + c->sb_sampleschji = av_clipf(mul * c->Qchj + off, INT32_MIN, INT32_MAX); } } if(bandsi.msf){ - int t1, t2; + unsigned t1, t2; for(j = 0; j < SAMPLES_PER_BAND; j++){ t1 = c->sb_samples0ji; t2 = c->sb_samples1ji;
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/mv30.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/mv30.c
Changed
@@ -102,25 +102,25 @@ } } -static inline void idct_1d(int *blk, int step) +static inline void idct_1d(unsigned *blk, int step) { - const int t0 = blk0 * step + blk4 * step; - const int t1 = blk0 * step - blk4 * step; - const int t2 = blk2 * step + blk6 * step; - const int t3 = ((int)((blk2 * step - blk6 * step) * 362U) >> 8) - t2; - const int t4 = t0 + t2; - const int t5 = t0 - t2; - const int t6 = t1 + t3; - const int t7 = t1 - t3; - const int t8 = blk5 * step + blk3 * step; - const int t9 = blk5 * step - blk3 * step; - const int tA = blk1 * step + blk7 * step; - const int tB = blk1 * step - blk7 * step; - const int tC = t8 + tA; - const int tD = (int)((tB + t9) * 473U) >> 8; - const int tE = (((int)(t9 * -669U) >> 8) - tC) + tD; - const int tF = ((int)((tA - t8) * 362U) >> 8) - tE; - const int t10 = (((int)(tB * 277U) >> 8) - tD) + tF; + const unsigned t0 = blk0 * step + blk4 * step; + const unsigned t1 = blk0 * step - blk4 * step; + const unsigned t2 = blk2 * step + blk6 * step; + const unsigned t3 = ((int)((blk2 * step - blk6 * step) * 362U) >> 8) - t2; + const unsigned t4 = t0 + t2; + const unsigned t5 = t0 - t2; + const unsigned t6 = t1 + t3; + const unsigned t7 = t1 - t3; + const unsigned t8 = blk5 * step + blk3 * step; + const unsigned t9 = blk5 * step - blk3 * step; + const unsigned tA = blk1 * step + blk7 * step; + const unsigned tB = blk1 * step - blk7 * step; + const unsigned tC = t8 + tA; + const unsigned tD = (int)((tB + t9) * 473U) >> 8; + const unsigned tE = (((int)(t9 * -669U) >> 8) - tC) + tD; + const unsigned tF = ((int)((tA - t8) * 362U) >> 8) - tE; + const unsigned t10 = (((int)(tB * 277U) >> 8) - tD) + tF; blk0 * step = t4 + tC; blk1 * step = t6 + tE; @@ -198,12 +198,12 @@ static inline void idct2_1d(int *blk, int step) { - const int t0 = blk0 * step; - const int t1 = blk1 * step; - const int t2 = (int)(t1 * 473U) >> 8; - const int t3 = t2 - t1; - const int t4 = ((int)(t1 * 362U) >> 8) - t3; - const int t5 = (((int)(t1 * 277U) >> 8) - t2) + t4; + const unsigned int t0 = blk0 * step; + const unsigned int t1 = blk1 * step; + const unsigned int t2 = (int)(t1 * 473U) >> 8; + const unsigned int t3 = t2 - t1; + const unsigned int t4 = ((int)(t1 * 362U) >> 8) - t3; + const unsigned int t5 = (((int)(t1 * 277U) >> 8) - t2) + t4; blk0 * step = t1 + t0; blk1 * step = t0 + t3; @@ -305,14 +305,14 @@ case 1: fill = sign_extend(bytestream2_get_ne16(gbyte), 16); pfill0 += fill; - block0 = ((pfill0 * qtab0) >> 5) + 128; + block0 = ((int)((unsigned)pfill0 * qtab0) >> 5) + 128; s->bdsp.fill_block_tab1(dst, block0, linesize, 8); break; case 2: memset(block, 0, sizeof(*block) * 64); fill = sign_extend(bytestream2_get_ne16(gbyte), 16); pfill0 += fill; - block0 = pfill0 * qtab0; + block0 = (unsigned)pfill0 * qtab0; block1 = sign_extend(bytestream2_get_ne16(gbyte), 16) * qtab1; block8 = sign_extend(bytestream2_get_ne16(gbyte), 16) * qtab8; block9 = sign_extend(bytestream2_get_ne16(gbyte), 16) * qtab9; @@ -321,7 +321,7 @@ case 3: fill = sign_extend(bytestream2_get_ne16(gbyte), 16); pfill0 += fill; - block0 = pfill0 * qtab0; + block0 = (unsigned)pfill0 * qtab0; for (int i = 1; i < 64; i++) blockzigzagi = sign_extend(bytestream2_get_ne16(gbyte), 16) * qtabzigzagi; idct_put(dst, linesize, block); @@ -346,14 +346,14 @@ case 1: fill = sign_extend(bytestream2_get_ne16(gbyte), 16); pfill0 += fill; - block0 = (pfill0 * qtab0) >> 5; + block0 = (int)((unsigned)pfill0 * qtab0) >> 5; update_inter_block(dst, linesize, src, in_linesize, block0); break; case 2: memset(block, 0, sizeof(*block) * 64); fill = sign_extend(bytestream2_get_ne16(gbyte), 16); pfill0 += fill; - block0 = pfill0 * qtab0; + block0 = (unsigned)pfill0 * qtab0; block1 = sign_extend(bytestream2_get_ne16(gbyte), 16) * qtab1; block8 = sign_extend(bytestream2_get_ne16(gbyte), 16) * qtab8; block9 = sign_extend(bytestream2_get_ne16(gbyte), 16) * qtab9; @@ -362,7 +362,7 @@ case 3: fill = sign_extend(bytestream2_get_ne16(gbyte), 16); pfill0 += fill; - block0 = pfill0 * qtab0; + block0 = (unsigned)pfill0 * qtab0; for (int i = 1; i < 64; i++) blockzigzagi = sign_extend(bytestream2_get_ne16(gbyte), 16) * qtabzigzagi; idct_add(dst, linesize, src, in_linesize, block); @@ -531,8 +531,13 @@ for (int x = 0; x < avctx->width; x += 16) { if (cnt >= 4) cnt = 0; - if (cnt == 0) + if (cnt == 0) { + if (get_bits_left(&mask) < 8) { + ret = AVERROR_INVALIDDATA; + goto fail; + } flags = get_bits(&mask, 8); + } dst0 = frame->data0 + linesize0 * y + x; dst1 = frame->data0 + linesize0 * y + x + 8;
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/mxpegdec.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/mxpegdec.c
Changed
@@ -247,16 +247,17 @@ "Multiple SOF in a frame\n"); return AVERROR_INVALIDDATA; } - s->got_sof_data = 0; ret = ff_mjpeg_decode_sof(jpg); if (ret < 0) { av_log(avctx, AV_LOG_ERROR, "SOF data decode error\n"); + s->got_sof_data = 0; return ret; } if (jpg->interlaced) { av_log(avctx, AV_LOG_ERROR, "Interlaced mode not supported in MxPEG\n"); + s->got_sof_data = 0; return AVERROR(EINVAL); } s->got_sof_data ++;
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/nvenc.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/nvenc.c
Changed
@@ -1829,7 +1829,7 @@ pkt->pts = params->outputTimeStamp; pkt->dts = timestamp_queue_dequeue(ctx->timestamp_list); - pkt->dts -= FFMAX(avctx->max_b_frames, 0) * FFMIN(avctx->ticks_per_frame, 1); + pkt->dts -= FFMAX(avctx->max_b_frames, 0) * FFMAX(avctx->ticks_per_frame, 1); return 0; }
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/opus_silk.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/opus_silk.c
Changed
@@ -506,7 +506,8 @@ #define LTP_ORDER 5 static void silk_decode_frame(SilkContext *s, OpusRangeCoder *rc, - int frame_num, int channel, int coded_channels, int active, int active1) + int frame_num, int channel, int coded_channels, + int active, int active1, int redundant) { /* per frame */ int voiced; // combines with active to indicate inactive, active, or active+voiced @@ -665,8 +666,9 @@ silk_decode_excitation(s, rc, residual + SILK_MAX_LAG, qoffset_high, active, voiced); - /* skip synthesising the side channel if we want mono-only */ - if (s->output_channels == channel) + /* skip synthesising the output if we do not need it */ + // TODO: implement error recovery + if (s->output_channels == channel || redundant) return; /* generate the output signal */ @@ -814,15 +816,27 @@ activeij = ff_opus_rc_dec_log(rc, 1); redundancyi = ff_opus_rc_dec_log(rc, 1); - if (redundancyi) { - avpriv_report_missing_feature(s->avctx, "LBRR frames"); - return AVERROR_PATCHWELCOME; + } + + /* read the per-frame LBRR flags */ + for (i = 0; i < coded_channels; i++) + if (redundancyi && duration_ms > 20) { + redundancyi = ff_opus_rc_dec_cdf(rc, duration_ms == 40 ? + ff_silk_model_lbrr_flags_40 : ff_silk_model_lbrr_flags_60); } + + /* decode the LBRR frames */ + for (i = 0; i < nb_frames; i++) { + for (j = 0; j < coded_channels; j++) + if (redundancyj & (1 << i)) { + int active1 = (j == 0 && !(redundancy1 & (1 << i))) ? 0 : 1; + silk_decode_frame(s, rc, i, j, coded_channels, 1, active1, 1); + } } for (i = 0; i < nb_frames; i++) { for (j = 0; j < coded_channels && !s->midonly; j++) - silk_decode_frame(s, rc, i, j, coded_channels, activeji, active1i); + silk_decode_frame(s, rc, i, j, coded_channels, activeji, active1i, 0); /* reset the side channel if it is not coded */ if (s->midonly && s->frame1.coded)
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/opustab.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/opustab.c
Changed
@@ -26,6 +26,9 @@ const uint8_t ff_celt_band_end = { 13, 17, 17, 19, 21 }; +const uint16_t ff_silk_model_lbrr_flags_40 = { 256, 0, 53, 106, 256 }; +const uint16_t ff_silk_model_lbrr_flags_60 = { 256, 0, 41, 61, 90, 131, 146, 174, 256 }; + const uint16_t ff_silk_model_stereo_s1 = { 256, 7, 9, 10, 11, 12, 22, 46, 54, 55, 56, 59, 82, 174, 197, 200, 201, 202, 210, 234, 244, 245, 246, 247, 249, 256
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/opustab.h -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/opustab.h
Changed
@@ -31,6 +31,9 @@ extern const uint8_t ff_opus_default_coupled_streams; +extern const uint16_t ff_silk_model_lbrr_flags_40; +extern const uint16_t ff_silk_model_lbrr_flags_60; + extern const uint16_t ff_silk_model_stereo_s1; extern const uint16_t ff_silk_model_stereo_s2; extern const uint16_t ff_silk_model_stereo_s3;
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/pnm_parser.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/pnm_parser.c
Changed
@@ -109,8 +109,10 @@ if (next == END_NOT_FOUND) pnmpc->ascii_scan = sync - pnmctx.bytestream + skip; } else { - next = pnmctx.bytestream - pnmctx.bytestream_start + skip - + av_image_get_buffer_size(avctx->pix_fmt, avctx->width, avctx->height, 1); + int ret = av_image_get_buffer_size(avctx->pix_fmt, avctx->width, avctx->height, 1); + next = pnmctx.bytestream - pnmctx.bytestream_start + skip; + if (ret >= 0) + next += ret; } if (next != END_NOT_FOUND && pnmctx.bytestream_start != buf + skip) next -= pc->index;
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/rasc.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/rasc.c
Changed
@@ -70,6 +70,9 @@ RASCContext *s = avctx->priv_data; uint8_t *dst = frame->data0; + if (!dst) + return; + for (int y = 0; y < avctx->height; y++) { memset(dst, 0, avctx->width * s->bpp); dst += frame->linesize0;
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/rscc.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/rscc.c
Changed
@@ -300,6 +300,10 @@ ret = AVERROR_INVALIDDATA; goto end; } + if (ctx->inflated_size < pixel_size) { + ret = AVERROR_INVALIDDATA; + goto end; + } ret = uncompress(ctx->inflated_buf, &len, gbc->buffer, packed_size); if (ret) { av_log(avctx, AV_LOG_ERROR, "Pixel deflate error %d.\n", ret);
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/simple_idct.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/simple_idct.c
Changed
@@ -175,7 +175,8 @@ #define R_SHIFT 11 static inline void idct4row(int16_t *row) { - int c0, c1, c2, c3, a0, a1, a2, a3; + unsigned c0, c1, c2, c3; + int a0, a1, a2, a3; a0 = row0; a1 = row1;
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/siren.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/siren.c
Changed
@@ -341,12 +341,12 @@ { 0.0f, 1.964f, 0.0f, 0.0f, 0.0f, 0.0f, 0.0f, 0.0f, 0.0f, 0.0f, 0.0f, 0.0f, 0.0f, 0.0f } }; -static const float noise_category520 = { +static const float noise_category521 = { 0.70711f, 0.6179f, 0.5005f, 0.3220f, 0.17678f, 0.17678f, 0.17678f, 0.17678f, 0.17678f, 0.17678f, 0.17678f, 0.17678f, 0.17678f, 0.17678f, 0.17678f, 0.17678f, 0.17678f, 0.17678f, 0.17678f, 0.17678f }; -static const float noise_category620 = { +static const float noise_category621 = { 0.70711f, 0.5686f, 0.3563f, 0.25f, 0.25f, 0.25f, 0.25f, 0.25f, 0.25f, 0.25f, 0.25f, 0.25f, 0.25f, 0.25f, 0.25f, 0.25f, 0.25f, 0.25f, 0.25f, 0.25f };
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/smacker.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/smacker.c
Changed
@@ -491,6 +491,8 @@ case SMK_BLK_FULL: mode = 0; if(avctx->codec_tag == MKTAG('S', 'M', 'K', '4')) { // In case of Smacker v4 we have three modes + if (get_bits_left(&gb) < 1) + return AVERROR_INVALIDDATA; if(get_bits1(&gb)) mode = 1; else if(get_bits1(&gb)) mode = 2; }
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/snowdec.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/snowdec.c
Changed
@@ -369,7 +369,10 @@ htaps = htaps*2 + 2; p->htaps= htaps; for(i= htaps/2; i; i--){ - p->hcoeffi= get_symbol(&s->c, s->header_state, 0) * (1-2*(i&1)); + unsigned hcoeff = get_symbol(&s->c, s->header_state, 0); + if (hcoeff > 127) + return AVERROR_INVALIDDATA; + p->hcoeffi= hcoeff * (1-2*(i&1)); sum += p->hcoeffi; } p->hcoeff0= 32-sum;
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/sonic.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/sonic.c
Changed
@@ -980,9 +980,7 @@ av_freep(&s->int_samples); av_freep(&s->tap_quant); av_freep(&s->predictor_k); - - for (i = 0; i < s->channels; i++) - { + for (i = 0; i < MAX_CHANNELS; i++) { av_freep(&s->predictor_statei); av_freep(&s->coded_samplesi); } @@ -1033,6 +1031,9 @@ { int x = ch; + if (c.overread > MAX_OVERREAD) + return AVERROR_INVALIDDATA; + predictor_init_state(s->predictor_k, s->predictor_statech, s->num_taps); intlist_read(&c, state, s->coded_samplesch, s->block_align, 1);
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/takdsp.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/takdsp.c
Changed
@@ -65,7 +65,7 @@ for (i = 0; i < length; i++) { int32_t a = p1i; int32_t b = p2i; - b = dfactor * (b >> dshift) + 128 >> 8 << dshift; + b = (unsigned)(dfactor * (b >> dshift) + 128 >> 8) << dshift; p1i = b - a; } }
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/tdsc.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/tdsc.c
Changed
@@ -390,7 +390,7 @@ for (i = 0; i < number_tiles; i++) { int tile_size; int tile_mode; - int x, y, w, h; + int x, y, x2, y2, w, h; int ret; if (bytestream2_get_bytes_left(&ctx->gbc) < 4 || @@ -408,20 +408,19 @@ bytestream2_skip(&ctx->gbc, 4); // unknown x = bytestream2_get_le32(&ctx->gbc); y = bytestream2_get_le32(&ctx->gbc); - w = bytestream2_get_le32(&ctx->gbc) - x; - h = bytestream2_get_le32(&ctx->gbc) - y; + x2 = bytestream2_get_le32(&ctx->gbc); + y2 = bytestream2_get_le32(&ctx->gbc); - if (x >= ctx->width || y >= ctx->height) { + if (x < 0 || y < 0 || x2 <= x || y2 <= y || + x2 > ctx->width || y2 > ctx->height + ) { av_log(avctx, AV_LOG_ERROR, - "Invalid tile position (%d.%d outside %dx%d).\n", - x, y, ctx->width, ctx->height); - return AVERROR_INVALIDDATA; - } - if (x + w > ctx->width || y + h > ctx->height) { - av_log(avctx, AV_LOG_ERROR, - "Invalid tile size %dx%d\n", w, h); + "Invalid tile position (%d.%d %d.%d outside %dx%d).\n", + x, y, x2, y2, ctx->width, ctx->height); return AVERROR_INVALIDDATA; } + w = x2 - x; + h = y2 - y; ret = av_reallocp(&ctx->tilebuffer, tile_size); if (!ctx->tilebuffer)
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/tiff.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/tiff.c
Changed
@@ -79,6 +79,7 @@ int fill_order; uint32_t res4; int is_thumbnail; + unsigned last_tag; int is_bayer; uint8_t pattern4; @@ -709,7 +710,7 @@ if (is_dng) { int is_u16, pixel_size_bytes, pixel_size_bits, elements; - is_u16 = (s->bpp > 8); + is_u16 = (s->bpp / s->bppcount > 8); pixel_size_bits = (is_u16 ? 16 : 8); pixel_size_bytes = (is_u16 ? sizeof(uint16_t) : sizeof(uint8_t)); @@ -918,6 +919,11 @@ /* Copy the outputted tile's pixels from 'jpgframe' to 'frame' (final buffer) */ + if (s->jpgframe->width != s->avctx_mjpeg->width || + s->jpgframe->height != s->avctx_mjpeg->height || + s->jpgframe->format != s->avctx_mjpeg->pix_fmt) + return AVERROR_INVALIDDATA; + /* See dng_blit for explanation */ if (s->avctx_mjpeg->width == w * 2 && s->avctx_mjpeg->height == h / 2 && @@ -1252,6 +1258,12 @@ if (ret < 0) { goto end; } + if (tag <= s->last_tag) + return AVERROR_INVALIDDATA; + + // We ignore TIFF_STRIP_SIZE as it is sometimes in the logic but wrong order around TIFF_STRIP_OFFS + if (tag != TIFF_STRIP_SIZE) + s->last_tag = tag; off = bytestream2_tell(&s->gb); if (count == 1) { @@ -1290,7 +1302,7 @@ s->height = value; break; case TIFF_BPP: - if (count > 5U) { + if (count > 5 || count <= 0) { av_log(s->avctx, AV_LOG_ERROR, "This format is not supported (bpp=%d, %d components)\n", value, count); @@ -1321,9 +1333,9 @@ "Samples per pixel requires a single value, many provided\n"); return AVERROR_INVALIDDATA; } - if (value > 5U) { + if (value > 5 || value <= 0) { av_log(s->avctx, AV_LOG_ERROR, - "Samples per pixel %d is too large\n", value); + "Invalid samples per pixel %d\n", value); return AVERROR_INVALIDDATA; } if (s->bppcount == 1) @@ -1434,7 +1446,9 @@ s->sub_ifd = ff_tget(&s->gb, TIFF_LONG, s->le); /** Only get the first SubIFD */ break; case DNG_LINEARIZATION_TABLE: - for (int i = 0; i < FFMIN(count, 1 << s->bpp); i++) + if (count > FF_ARRAY_ELEMS(s->dng_lut)) + return AVERROR_INVALIDDATA; + for (int i = 0; i < count; i++) s->dng_luti = ff_tget(&s->gb, type, s->le); break; case DNG_BLACK_LEVEL: @@ -1805,6 +1819,7 @@ s->is_tiled = 0; s->is_jpeg = 0; s->cur_page = 0; + s->last_tag = 0; for (i = 0; i < 65536; i++) s->dng_luti = i; @@ -1883,8 +1898,14 @@ if (is_dng) { int bps; + if (s->bpp % s->bppcount) + return AVERROR_INVALIDDATA; + bps = s->bpp / s->bppcount; + if (bps < 8 || bps > 32) + return AVERROR_INVALIDDATA; + if (s->white_level == 0) - s->white_level = (1 << s->bpp) - 1; /* Default value as per the spec */ + s->white_level = (1LL << bps) - 1; /* Default value as per the spec */ if (s->white_level <= s->black_level) { av_log(avctx, AV_LOG_ERROR, "BlackLevel (%"PRId32") must be less than WhiteLevel (%"PRId32")\n", @@ -1892,11 +1913,6 @@ return AVERROR_INVALIDDATA; } - if (s->bpp % s->bppcount) - return AVERROR_INVALIDDATA; - bps = s->bpp / s->bppcount; - if (bps < 8 || bps > 32) - return AVERROR_INVALIDDATA; if (s->planar) return AVERROR_PATCHWELCOME; }
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/utils.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/utils.c
Changed
@@ -511,7 +511,14 @@ break; case AVMEDIA_TYPE_AUDIO: bits_per_sample = av_get_bits_per_sample(ctx->codec_id); - bit_rate = bits_per_sample ? ctx->sample_rate * (int64_t)ctx->channels * bits_per_sample : ctx->bit_rate; + if (bits_per_sample) { + bit_rate = ctx->sample_rate * (int64_t)ctx->channels; + if (bit_rate > INT64_MAX / bits_per_sample) { + bit_rate = 0; + } else + bit_rate *= bits_per_sample; + } else + bit_rate = ctx->bit_rate; break; default: bit_rate = 0; @@ -1594,7 +1601,10 @@ case AV_CODEC_ID_MP1: return 384; case AV_CODEC_ID_ATRAC1: return 512; case AV_CODEC_ID_ATRAC9: - case AV_CODEC_ID_ATRAC3: return 1024 * framecount; + case AV_CODEC_ID_ATRAC3: + if (framecount > INT_MAX/1024) + return 0; + return 1024 * framecount; case AV_CODEC_ID_ATRAC3P: return 2048; case AV_CODEC_ID_MP2: case AV_CODEC_ID_MUSEPACK7: return 1152; @@ -1610,8 +1620,11 @@ if (ch > 0) { /* calc from sample rate and channels */ - if (id == AV_CODEC_ID_BINKAUDIO_DCT) + if (id == AV_CODEC_ID_BINKAUDIO_DCT) { + if (sr / 22050 > 22) + return 0; return (480 << (sr / 22050)) / ch; + } } if (id == AV_CODEC_ID_MP3) @@ -1657,7 +1670,10 @@ return frame_bytes / (9 * ch) * 16; case AV_CODEC_ID_ADPCM_PSX: case AV_CODEC_ID_ADPCM_DTK: - return frame_bytes / (16 * ch) * 28; + frame_bytes /= 16 * ch; + if (frame_bytes > INT_MAX / 28) + return 0; + return frame_bytes * 28; case AV_CODEC_ID_ADPCM_4XM: case AV_CODEC_ID_ADPCM_IMA_DAT4: case AV_CODEC_ID_ADPCM_IMA_ISS:
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/vc1_block.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/vc1_block.c
Changed
@@ -1080,7 +1080,7 @@ q2 = FFABS(q2) * 2 + ((q2 < 0) ? 0 : v->halfpq) - 1; if (q2 && q1 != q2) { for (k = 1; k < 8; k++) - ac_val2k = (ac_val2k * q2 * ff_vc1_dqscaleq1 - 1 + 0x20000) >> 18; + ac_val2k = (int)(ac_val2k * (unsigned)q2 * ff_vc1_dqscaleq1 - 1 + 0x20000) >> 18; } } } else { // top @@ -1093,7 +1093,7 @@ q2 = FFABS(q2) * 2 + ((q2 < 0) ? 0 : v->halfpq) - 1; if (q2 && q1 != q2) { for (k = 1; k < 8; k++) - ac_val2k + 8 = (ac_val2k + 8 * q2 * ff_vc1_dqscaleq1 - 1 + 0x20000) >> 18; + ac_val2k + 8 = (int)(ac_val2k + 8 * (unsigned)q2 * ff_vc1_dqscaleq1 - 1 + 0x20000) >> 18; } } }
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/vp3.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/vp3.c
Changed
@@ -2920,6 +2920,9 @@ int ret; AVRational fps, aspect; + if (get_bits_left(gb) < 206) + return AVERROR_INVALIDDATA; + s->theora_header = 0; s->theora = get_bits(gb, 24); av_log(avctx, AV_LOG_DEBUG, "Theora bitstream version %X\n", s->theora);
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/vp3dsp.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/vp3dsp.c
Changed
@@ -490,5 +490,5 @@ } if (value) bounding_values128 = value; - bounding_values129 = bounding_values130 = filter_limit * 0x02020202; + bounding_values129 = bounding_values130 = filter_limit * 0x02020202U; }
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/vp8.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/vp8.c
Changed
@@ -2289,10 +2289,10 @@ s->mv_bounds.mv_min.x = -MARGIN; s->mv_bounds.mv_max.x = ((s->mb_width - 1) << 6) + MARGIN; - if (vpX_rac_is_end(&s->c)) { - return AVERROR_INVALIDDATA; - } for (mb_x = 0; mb_x < s->mb_width; mb_x++, mb_xy++, mb++) { + if (vpX_rac_is_end(&s->c)) { + return AVERROR_INVALIDDATA; + } if (mb_y == 0) AV_WN32A((mb - s->mb_width - 1)->intra4x4_pred_mode_top, DC_PRED * 0x01010101);
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/vp9dsp_template.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/vp9dsp_template.c
Changed
@@ -1138,7 +1138,7 @@ for (j = 0; j < sz; j++) \ dstj * stride = av_clip_pixel(dstj * stride + \ (bits ? \ - (t + (1 << (bits - 1))) >> bits : \ + (int)(t + (1U << (bits - 1))) >> bits : \ t)); \ dst++; \ } \ @@ -1153,7 +1153,7 @@ for (j = 0; j < sz; j++) \ dstj * stride = av_clip_pixel(dstj * stride + \ (bits ? \ - (outj + (1 << (bits - 1))) >> bits : \ + (int)(outj + (1U << (bits - 1))) >> bits : \ outj)); \ dst++; \ } \ @@ -1260,25 +1260,25 @@ t6 = (t2a - t6a + (1 << 13)) >> 14; t7 = (t3a - t7a + (1 << 13)) >> 14; - t4a = 15137 * t4 + 6270 * t5; - t5a = 6270 * t4 - 15137 * t5; - t6a = 15137 * t7 - 6270 * t6; - t7a = 6270 * t7 + 15137 * t6; + t4a = 15137U * t4 + 6270U * t5; + t5a = 6270U * t4 - 15137U * t5; + t6a = 15137U * t7 - 6270U * t6; + t7a = 6270U * t7 + 15137U * t6; out0 = t0 + t2; out7 = -(t1 + t3); t2 = t0 - t2; t3 = t1 - t3; - out1 = -((t4a + t6a + (1 << 13)) >> 14); - out6 = (t5a + t7a + (1 << 13)) >> 14; - t6 = (t4a - t6a + (1 << 13)) >> 14; - t7 = (t5a - t7a + (1 << 13)) >> 14; + out1 = -((dctint)((1U << 13) + t4a + t6a) >> 14); + out6 = (dctint)((1U << 13) + t5a + t7a) >> 14; + t6 = (dctint)((1U << 13) + t4a - t6a) >> 14; + t7 = (dctint)((1U << 13) + t5a - t7a) >> 14; - out3 = -(((t2 + t3) * 11585 + (1 << 13)) >> 14); - out4 = ((t2 - t3) * 11585 + (1 << 13)) >> 14; - out2 = ((t6 + t7) * 11585 + (1 << 13)) >> 14; - out5 = -(((t6 - t7) * 11585 + (1 << 13)) >> 14); + out3 = -((dctint)((t2 + t3) * 11585U + (1 << 13)) >> 14); + out4 = (dctint)((t2 - t3) * 11585U + (1 << 13)) >> 14; + out2 = (dctint)((t6 + t7) * 11585U + (1 << 13)) >> 14; + out5 = -((dctint)((t6 - t7) * 11585U + (1 << 13)) >> 14); } itxfm_wrap(8, 5) @@ -1290,22 +1290,22 @@ dctint t0a, t1a, t2a, t3a, t4a, t5a, t6a, t7a; dctint t8a, t9a, t10a, t11a, t12a, t13a, t14a, t15a; - t0a = ((IN(0) + IN(8)) * 11585 + (1 << 13)) >> 14; - t1a = ((IN(0) - IN(8)) * 11585 + (1 << 13)) >> 14; - t2a = (IN(4) * 6270 - IN(12) * 15137 + (1 << 13)) >> 14; - t3a = (IN(4) * 15137 + IN(12) * 6270 + (1 << 13)) >> 14; - t4a = (IN(2) * 3196 - IN(14) * 16069 + (1 << 13)) >> 14; - t7a = (IN(2) * 16069 + IN(14) * 3196 + (1 << 13)) >> 14; - t5a = (IN(10) * 13623 - IN(6) * 9102 + (1 << 13)) >> 14; - t6a = (IN(10) * 9102 + IN(6) * 13623 + (1 << 13)) >> 14; - t8a = (IN(1) * 1606 - IN(15) * 16305 + (1 << 13)) >> 14; - t15a = (IN(1) * 16305 + IN(15) * 1606 + (1 << 13)) >> 14; - t9a = (IN(9) * 12665 - IN(7) * 10394 + (1 << 13)) >> 14; - t14a = (IN(9) * 10394 + IN(7) * 12665 + (1 << 13)) >> 14; - t10a = (IN(5) * 7723 - IN(11) * 14449 + (1 << 13)) >> 14; - t13a = (IN(5) * 14449 + IN(11) * 7723 + (1 << 13)) >> 14; - t11a = (IN(13) * 15679 - IN(3) * 4756 + (1 << 13)) >> 14; - t12a = (IN(13) * 4756 + IN(3) * 15679 + (1 << 13)) >> 14; + t0a = (dctint)((IN(0) + IN(8)) * 11585U + (1 << 13)) >> 14; + t1a = (dctint)((IN(0) - IN(8)) * 11585U + (1 << 13)) >> 14; + t2a = (dctint)(IN(4) * 6270U - IN(12) * 15137U + (1 << 13)) >> 14; + t3a = (dctint)(IN(4) * 15137U + IN(12) * 6270U + (1 << 13)) >> 14; + t4a = (dctint)(IN(2) * 3196U - IN(14) * 16069U + (1 << 13)) >> 14; + t7a = (dctint)(IN(2) * 16069U + IN(14) * 3196U + (1 << 13)) >> 14; + t5a = (dctint)(IN(10) * 13623U - IN(6) * 9102U + (1 << 13)) >> 14; + t6a = (dctint)(IN(10) * 9102U + IN(6) * 13623U + (1 << 13)) >> 14; + t8a = (dctint)(IN(1) * 1606U - IN(15) * 16305U + (1 << 13)) >> 14; + t15a = (dctint)(IN(1) * 16305U + IN(15) * 1606U + (1 << 13)) >> 14; + t9a = (dctint)(IN(9) * 12665U - IN(7) * 10394U + (1 << 13)) >> 14; + t14a = (dctint)(IN(9) * 10394U + IN(7) * 12665U + (1 << 13)) >> 14; + t10a = (dctint)(IN(5) * 7723U - IN(11) * 14449U + (1 << 13)) >> 14; + t13a = (dctint)(IN(5) * 14449U + IN(11) * 7723U + (1 << 13)) >> 14; + t11a = (dctint)(IN(13) * 15679U - IN(3) * 4756U + (1 << 13)) >> 14; + t12a = (dctint)(IN(13) * 4756U + IN(3) * 15679U + (1 << 13)) >> 14; t0 = t0a + t3a; t1 = t1a + t2a; @@ -1324,12 +1324,12 @@ t14 = t15a - t14a; t15 = t15a + t14a; - t5a = ((t6 - t5) * 11585 + (1 << 13)) >> 14; - t6a = ((t6 + t5) * 11585 + (1 << 13)) >> 14; - t9a = ( t14 * 6270 - t9 * 15137 + (1 << 13)) >> 14; - t14a = ( t14 * 15137 + t9 * 6270 + (1 << 13)) >> 14; - t10a = (-(t13 * 15137 + t10 * 6270) + (1 << 13)) >> 14; - t13a = ( t13 * 6270 - t10 * 15137 + (1 << 13)) >> 14; + t5a = (dctint)((t6 - t5) * 11585U + (1 << 13)) >> 14; + t6a = (dctint)((t6 + t5) * 11585U + (1 << 13)) >> 14; + t9a = (dctint)( t14 * 6270U - t9 * 15137U + (1 << 13)) >> 14; + t14a = (dctint)( t14 * 15137U + t9 * 6270U + (1 << 13)) >> 14; + t10a = (dctint)(-(t13 * 15137U + t10 * 6270U) + (1 << 13)) >> 14; + t13a = (dctint)( t13 * 6270U - t10 * 15137U + (1 << 13)) >> 14; t0a = t0 + t7; t1a = t1 + t6a; @@ -1348,10 +1348,10 @@ t14 = t14a + t13a; t15a = t15 + t12; - t10a = ((t13 - t10) * 11585 + (1 << 13)) >> 14; - t13a = ((t13 + t10) * 11585 + (1 << 13)) >> 14; - t11 = ((t12a - t11a) * 11585 + (1 << 13)) >> 14; - t12 = ((t12a + t11a) * 11585 + (1 << 13)) >> 14; + t10a = (dctint)((t13 - t10) * 11585U + (1 << 13)) >> 14; + t13a = (dctint)((t13 + t10) * 11585U + (1 << 13)) >> 14; + t11 = (dctint)((t12a - t11a) * 11585U + (1 << 13)) >> 14; + t12 = (dctint)((t12a + t11a) * 11585U + (1 << 13)) >> 14; out 0 = t0a + t15a; out 1 = t1a + t14;
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/wmalosslessdec.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/wmalosslessdec.c
Changed
@@ -932,6 +932,8 @@ s->do_lpc = 0; } + if (get_bits_left(&s->gb) < 1) + return AVERROR_INVALIDDATA; if (get_bits1(&s->gb)) padding_zeroes = get_bits(&s->gb, 5);
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/wmaprodec.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/wmaprodec.c
Changed
@@ -1719,6 +1719,12 @@ } } else { int frame_size; + + if (avpkt->size < s->next_packet_start) { + s->packet_loss = 1; + return AVERROR_INVALIDDATA; + } + s->buf_bit_size = (avpkt->size - s->next_packet_start) << 3; init_get_bits(gb, avpkt->data, s->buf_bit_size); skip_bits(gb, s->packet_offset);
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavcodec/x86/h264_deblock.asm -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavcodec/x86/h264_deblock.asm
Changed
@@ -1185,7 +1185,7 @@ STORE_8_ROWS PASS8ROWS(pix_q - 2, r5 - 2, stride_q, r6) RET -cglobal deblock_h_chroma422_8, 5, 7, 8, 0-16, pix_, stride_, alpha_, beta_, tc0_, +cglobal deblock_h_chroma422_8, 5, 7, 8, 0-16, pix_, stride_, alpha_, beta_, tc0_ CHROMA_H_START_XMM r5, r6 LOAD_8_ROWS PASS8ROWS(pix_q - 2, r5 - 2, stride_q, r6) TRANSPOSE_8x4B_XMM
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavfilter/vf_framerate.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavfilter/vf_framerate.c
Changed
@@ -170,7 +170,9 @@ return 0; if (!s->f0) { - s->work = av_frame_clone(s->f1); + av_assert1(s->flush); + s->work = s->f1; + s->f1 = NULL; } else { if (work_pts >= s->pts1 + s->delta && s->flush) return 0;
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavfilter/x86/vf_blend.asm -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavfilter/x86/vf_blend.asm
Changed
@@ -38,11 +38,11 @@ SECTION .text -%macro BLEND_INIT 2-3 +%macro BLEND_INIT 2-3 0 %if ARCH_X86_64 cglobal blend_%1, 6, 9, %2, top, top_linesize, bottom, bottom_linesize, dst, dst_linesize, width, end, x mov widthd, dword widthm - %if %0 == 3; is 16 bit + %if %3; is 16 bit add widthq, widthq ; doesn't compile on x86_32 %endif %else @@ -66,7 +66,7 @@ REP_RET %endmacro -%macro BLEND_SIMPLE 2-3 +%macro BLEND_SIMPLE 2-3 0 BLEND_INIT %1, 2, %3 .nextrow: mov xq, widthq @@ -82,10 +82,10 @@ %endmacro ; %1 name , %2 src (b or w), %3 inter (w or d), %4 (1 if 16bit, not set if 8 bit) -%macro GRAINEXTRACT 3-4 +%macro GRAINEXTRACT 3-4 0 BLEND_INIT %1, 6, %4 pxor m4, m4 -%if %0 == 4 ; 16 bit +%if %4 ; 16 bit VBROADCASTI128 m5, pd_32768 %else VBROADCASTI128 m5, pw_128 @@ -182,7 +182,7 @@ %endmacro ;%1 name, %2 (b or w), %3 (set if 16 bit) -%macro AVERAGE 2-3 +%macro AVERAGE 2-3 0 BLEND_INIT %1, 3, %3 pcmpeqb m2, m2 @@ -203,10 +203,10 @@ %endmacro ; %1 name , %2 src (b or w), %3 inter (w or d), %4 (1 if 16bit, not set if 8 bit) -%macro GRAINMERGE 3-4 +%macro GRAINMERGE 3-4 0 BLEND_INIT %1, 6, %4 pxor m4, m4 -%if %0 == 4 ; 16 bit +%if %4 ; 16 bit VBROADCASTI128 m5, pd_32768 %else VBROADCASTI128 m5, pw_128 @@ -288,7 +288,7 @@ BLEND_END %endmacro -%macro PHOENIX 2-3 +%macro PHOENIX 2-3 0 ; %1 name, %2 b or w, %3 (opt) 1 if 16 bit BLEND_INIT %1, 4, %3 VBROADCASTI128 m3, pb_255 @@ -311,7 +311,7 @@ %endmacro ; %1 name , %2 src (b or w), %3 inter (w or d), %4 (1 if 16bit, not set if 8 bit) -%macro DIFFERENCE 3-4 +%macro DIFFERENCE 3-4 0 BLEND_INIT %1, 5, %4 pxor m2, m2 .nextrow: @@ -326,7 +326,7 @@ punpckl%2%3 m1, m2 psub%3 m0, m1 psub%3 m3, m4 -%if %0 == 4; 16 bit +%if %4; 16 bit pabsd m0, m0 pabsd m3, m3 %else @@ -340,10 +340,10 @@ %endmacro ; %1 name , %2 src (b or w), %3 inter (w or d), %4 (1 if 16bit, not set if 8 bit) -%macro EXTREMITY 3-4 +%macro EXTREMITY 3-4 0 BLEND_INIT %1, 8, %4 pxor m2, m2 -%if %0 == 4; 16 bit +%if %4; 16 bit VBROADCASTI128 m4, pd_65535 %else VBROADCASTI128 m4, pw_255 @@ -362,7 +362,7 @@ psub%3 m7, m4, m5 psub%3 m3, m1 psub%3 m7, m6 -%if %0 == 4; 16 bit +%if %4; 16 bit pabsd m3, m3 pabsd m7, m7 %else @@ -375,10 +375,10 @@ BLEND_END %endmacro -%macro NEGATION 3-4 +%macro NEGATION 3-4 0 BLEND_INIT %1, 8, %4 pxor m2, m2 -%if %0 == 4; 16 bit +%if %4; 16 bit VBROADCASTI128 m4, pd_65535 %else VBROADCASTI128 m4, pw_255 @@ -397,7 +397,7 @@ psub%3 m7, m4, m5 psub%3 m3, m1 psub%3 m7, m6 -%if %0 == 4; 16 bit +%if %4; 16 bit pabsd m3, m3 pabsd m7, m7 %else
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/3dostr.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/3dostr.c
Changed
@@ -64,7 +64,7 @@ st->codecpar->codec_type = AVMEDIA_TYPE_AUDIO; st->codecpar->sample_rate = avio_rb32(s->pb); st->codecpar->channels = avio_rb32(s->pb); - if (st->codecpar->channels <= 0) + if (st->codecpar->channels <= 0 || st->codecpar->sample_rate <= 0) return AVERROR_INVALIDDATA; codec = avio_rl32(s->pb); avio_skip(s->pb, 4);
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/4xm.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/4xm.c
Changed
@@ -299,7 +299,7 @@ unsigned int track_number; int packet_read = 0; unsigned char header8; - int audio_frame_count; + int64_t audio_frame_count; while (!packet_read) { if ((ret = avio_read(s->pb, header, 8)) < 0)
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/ads.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/ads.c
Changed
@@ -34,8 +34,9 @@ static int ads_read_header(AVFormatContext *s) { - int align, codec, size; + int align, codec; AVStream *st; + int64_t size; st = avformat_new_stream(s, NULL); if (!st) @@ -62,7 +63,7 @@ st->codecpar->block_align = st->codecpar->channels * align; avio_skip(s->pb, 12); size = avio_rl32(s->pb); - if (st->codecpar->codec_id == AV_CODEC_ID_ADPCM_PSX) + if (st->codecpar->codec_id == AV_CODEC_ID_ADPCM_PSX && size >= 0x40) st->duration = (size - 0x40) / 16 / st->codecpar->channels * 28; avpriv_set_pts_info(st, 64, 1, st->codecpar->sample_rate);
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/aiffdec.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/aiffdec.c
Changed
@@ -120,6 +120,8 @@ else sample_rate = (val + (1ULL<<(-exp-1))) >> -exp; par->sample_rate = sample_rate; + if (size < 18) + return AVERROR_INVALIDDATA; size -= 18; /* get codec id for AIFF-C */ @@ -406,6 +408,8 @@ break; default: size = st->codecpar->block_align ? (MAX_SIZE / st->codecpar->block_align) * st->codecpar->block_align : MAX_SIZE; + if (!size) + return AVERROR_INVALIDDATA; } size = FFMIN(max_size, size); res = av_get_packet(s->pb, pkt, size);
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/alp.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/alp.c
Changed
@@ -83,7 +83,7 @@ if (hdr.header_size == 8) { /* .TUN music file */ - hdr.sample_rate = 11025 * hdr.num_channels; + hdr.sample_rate = 22050; } else { /* .PCM sound file */ hdr.sample_rate = avio_rl32(s->pb);
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/ape.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/ape.c
Changed
@@ -253,7 +253,7 @@ avio_skip(pb, ape->wavheaderlength); } - if(!ape->totalframes){ + if(!ape->totalframes || pb->eof_reached){ av_log(s, AV_LOG_ERROR, "No frames in the file!\n"); return AVERROR(EINVAL); } @@ -298,8 +298,11 @@ for (i = 0; i < ape->totalframes && !pb->eof_reached; i++) ape->bittablei = avio_r8(pb); } - if (pb->eof_reached) - av_log(s, AV_LOG_WARNING, "File truncated\n"); + if (pb->eof_reached) { + av_log(s, AV_LOG_ERROR, "File truncated\n"); + ret = AVERROR_INVALIDDATA; + goto fail; + } } ape->frames0.pos = ape->firstframe;
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/argo_asf.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/argo_asf.c
Changed
@@ -175,7 +175,11 @@ st->codecpar->channels = 1; } - st->codecpar->sample_rate = asf->ckhdr.sample_rate; + /* v1.1 files (FX Fighter) are all marked as 44100, but are actually 22050. */ + if (asf->fhdr.version_major == 1 && asf->fhdr.version_minor == 1) + st->codecpar->sample_rate = 22050; + else + st->codecpar->sample_rate = asf->ckhdr.sample_rate; st->codecpar->bits_per_coded_sample = 4;
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/asfdec_f.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/asfdec_f.c
Changed
@@ -424,7 +424,7 @@ if (!(asf->hdr.flags & 0x01)) { // if we aren't streaming... int64_t fsize = avio_size(pb); if (fsize <= 0 || (int64_t)asf->hdr.file_size <= 0 || - 20*FFABS(fsize - (int64_t)asf->hdr.file_size) < FFMIN(fsize, asf->hdr.file_size)) + FFABS(fsize - (int64_t)asf->hdr.file_size) < FFMIN(fsize, asf->hdr.file_size)/20) st->duration = asf->hdr.play_time / (10000000 / 1000) - start_time; } @@ -516,6 +516,8 @@ tag1 = avio_rl32(pb); avio_skip(pb, 20); if (sizeX > 40) { + if (size < sizeX - 40) + return AVERROR_INVALIDDATA; st->codecpar->extradata_size = ffio_limit(pb, sizeX - 40); st->codecpar->extradata = av_mallocz(st->codecpar->extradata_size + AV_INPUT_BUFFER_PADDING_SIZE); @@ -607,6 +609,8 @@ ff_get_guid(pb, &g); size = avio_rl16(pb); ext_len = avio_rl32(pb); + if (ext_len < 0) + return AVERROR_INVALIDDATA; avio_skip(pb, ext_len); if (stream_num < 128 && i < FF_ARRAY_ELEMS(asf->streamsstream_num.payload)) { ASFPayload *p = &asf->streamsstream_num.payloadi; @@ -769,6 +773,8 @@ avio_rl32(pb); // send time avio_rl32(pb); // flags name_len = avio_rl32(pb); // name length + if ((unsigned)name_len > INT_MAX / 2) + return AVERROR_INVALIDDATA; if ((ret = avio_get_str16le(pb, name_len * 2, name, sizeof(name))) < name_len) avio_skip(pb, name_len - ret);
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/asfdec_o.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/asfdec_o.c
Changed
@@ -245,6 +245,9 @@ avio_skip(pb, 4); // flags len = avio_rl32(pb); + if (avio_feof(pb)) + return AVERROR_INVALIDDATA; + if ((ret = avio_get_str16le(pb, len, name, sizeof(name))) < len) avio_skip(pb, len - ret); @@ -1679,6 +1682,9 @@ ff_asf_guid guid; int ret; + if (offset > INT64_MAX - size) + return AVERROR_INVALIDDATA; + while (avio_tell(pb) <= offset + size) { if (avio_tell(pb) == asf->offset) break;
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/au.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/au.c
Changed
@@ -86,6 +86,11 @@ av_bprint_init(&bprint, 64, AV_BPRINT_SIZE_UNLIMITED); while (size-- > 0) { + if (avio_feof(pb)) { + av_bprint_finalize(&bprint, NULL); + av_freep(&key); + return AVERROR_EOF; + } c = avio_r8(pb); switch(state) { case PARSE_KEY:
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/avidec.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/avidec.c
Changed
@@ -125,7 +125,7 @@ if (ast->sample_size) return len; else if (ast->dshow_block_align) - return (len + ast->dshow_block_align - 1) / ast->dshow_block_align; + return (len + (int64_t)ast->dshow_block_align - 1) / ast->dshow_block_align; else return 1; } @@ -439,7 +439,7 @@ maxpos = FFMAX(maxpos, st->index_entriesj-1.pos); lensum += len; } - if (maxpos < avi->io_fsize*9/10) // index does not cover the whole file + if (maxpos < av_rescale(avi->io_fsize, 9, 10)) // index does not cover the whole file return 0; if (lensum*9/10 > maxpos || lensum < maxpos*9/10) // frame sum and filesize mismatch return 0; @@ -1422,6 +1422,7 @@ if (avi->stream_index >= 0) { AVStream *st = s->streamsavi->stream_index; AVIStream *ast = st->priv_data; + int dv_demux = CONFIG_DV_DEMUXER && avi->dv_demux; int size, err; if (get_subtitle_pkt(s, st, pkt)) @@ -1444,7 +1445,7 @@ return err; size = err; - if (ast->has_pal && pkt->size < (unsigned)INT_MAX / 2) { + if (ast->has_pal && pkt->size < (unsigned)INT_MAX / 2 && !dv_demux) { uint8_t *pal; pal = av_packet_new_side_data(pkt, AV_PKT_DATA_PALETTE, @@ -1458,7 +1459,7 @@ } } - if (CONFIG_DV_DEMUXER && avi->dv_demux) { + if (dv_demux) { AVBufferRef *avbuf = pkt->buf; size = avpriv_dv_produce_packet(avi->dv_demux, pkt, pkt->data, pkt->size, pkt->pos);
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/avs.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/avs.c
Changed
@@ -128,7 +128,8 @@ static int avs_read_audio_packet(AVFormatContext * s, AVPacket * pkt) { AvsFormat *avs = s->priv_data; - int ret, size; + int ret; + int64_t size; size = avio_tell(s->pb); ret = ff_voc_get_packet(s, pkt, avs->st_audio, avs->remaining_audio_size);
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/bethsoftvid.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/bethsoftvid.c
Changed
@@ -28,6 +28,7 @@ */ #include "libavutil/channel_layout.h" +#include "libavutil/imgutils.h" #include "libavutil/intreadwrite.h" #include "avformat.h" #include "internal.h" @@ -72,6 +73,7 @@ { BVID_DemuxContext *vid = s->priv_data; AVIOContext *pb = s->pb; + int ret; /* load main header. Contents: * bytes: 'V' 'I' 'D' @@ -84,6 +86,10 @@ vid->bethsoft_global_delay = avio_rl16(pb); avio_rl16(pb); + ret = av_image_check_size(vid->width, vid->height, 0, s); + if (ret < 0) + return ret; + // wait until the first packet to create each stream vid->video_index = -1; vid->audio_index = -1;
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/bfi.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/bfi.c
Changed
@@ -69,6 +69,9 @@ /* Set the total number of frames. */ avio_skip(pb, 8); chunk_header = avio_rl32(pb); + if (chunk_header < 3) + return AVERROR_INVALIDDATA; + bfi->nframes = avio_rl32(pb); avio_rl32(pb); avio_rl32(pb);
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/bintext.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/bintext.c
Changed
@@ -293,6 +293,8 @@ bin->fsize = avio_size(pb) - 1 - 192 - 4096; st->codecpar->width = 80<<3; ff_sauce_read(s, &bin->fsize, &got_width, 0); + if (st->codecpar->width < 8) + return AVERROR_INVALIDDATA; if (!bin->width) calculate_height(st->codecpar, bin->fsize); avio_seek(pb, 1 + 192 + 4096, SEEK_SET); @@ -344,6 +346,8 @@ bin->fsize = avio_size(pb) - 12 - 4096 - 48; ff_sauce_read(s, &bin->fsize, &got_width, 0); + if (st->codecpar->width < 8) + return AVERROR_INVALIDDATA; if (!bin->width) calculate_height(st->codecpar, bin->fsize); avio_seek(pb, 12, SEEK_SET);
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/boadec.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/boadec.c
Changed
@@ -54,12 +54,12 @@ avio_rl32(s->pb); st->codecpar->sample_rate = avio_rl32(s->pb); st->codecpar->channels = avio_rl32(s->pb); - if (st->codecpar->channels > FF_SANE_NB_CHANNELS) + if (st->codecpar->channels > FF_SANE_NB_CHANNELS || st->codecpar->channels <= 0) return AVERROR(ENOSYS); s->internal->data_offset = avio_rl32(s->pb); avio_r8(s->pb); st->codecpar->block_align = avio_rl32(s->pb); - if (st->codecpar->block_align > INT_MAX / FF_SANE_NB_CHANNELS) + if (st->codecpar->block_align > INT_MAX / FF_SANE_NB_CHANNELS || st->codecpar->block_align <= 0) return AVERROR_INVALIDDATA; st->codecpar->block_align *= st->codecpar->channels;
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/cafdec.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/cafdec.c
Changed
@@ -70,7 +70,7 @@ /* parse format description */ st->codecpar->codec_type = AVMEDIA_TYPE_AUDIO; - st->codecpar->sample_rate = av_int2double(avio_rb64(pb)); + st->codecpar->sample_rate = av_clipd(av_int2double(avio_rb64(pb)), 0, INT_MAX); st->codecpar->codec_tag = avio_rl32(pb); flags = avio_rb32(pb); caf->bytes_per_packet = avio_rb32(pb); @@ -79,6 +79,9 @@ st->codecpar->channels = avio_rb32(pb); st->codecpar->bits_per_coded_sample = avio_rb32(pb); + if (caf->bytes_per_packet < 0 || caf->frames_per_packet < 0) + return AVERROR_INVALIDDATA; + /* calculate bit rate for constant size packets */ if (caf->frames_per_packet > 0 && caf->bytes_per_packet > 0) { st->codecpar->bit_rate = (uint64_t)st->codecpar->sample_rate * (uint64_t)caf->bytes_per_packet * 8 @@ -189,6 +192,7 @@ CafContext *caf = s->priv_data; int64_t pos = 0, ccount, num_packets; int i; + int ret; ccount = avio_tell(pb); @@ -202,7 +206,11 @@ st->duration = 0; for (i = 0; i < num_packets; i++) { - av_add_index_entry(s->streams0, pos, st->duration, 0, 0, AVINDEX_KEYFRAME); + if (avio_feof(pb)) + return AVERROR_INVALIDDATA; + ret = av_add_index_entry(s->streams0, pos, st->duration, 0, 0, AVINDEX_KEYFRAME); + if (ret < 0) + return ret; pos += caf->bytes_per_packet ? caf->bytes_per_packet : ff_mp4_read_descr_len(pb); st->duration += caf->frames_per_packet ? caf->frames_per_packet : ff_mp4_read_descr_len(pb); }
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/cdg.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/cdg.c
Changed
@@ -49,7 +49,7 @@ if (ret < 0) { av_log(s, AV_LOG_WARNING, "Cannot calculate duration as file size cannot be determined\n"); } else - vst->duration = (ret * vst->time_base.den) / (CDG_PACKET_SIZE * 300); + vst->duration = (ret * (int64_t)vst->time_base.den) / (CDG_PACKET_SIZE * 300); return 0; }
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/concatdec.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/concatdec.c
Changed
@@ -113,7 +113,8 @@ ConcatFile *file; char *url = NULL; const char *proto; - size_t url_len, proto_len; + const char *ptr; + size_t url_len; int ret; if (cat->safe > 0 && !safe_filename(filename)) { @@ -122,9 +123,8 @@ } proto = avio_find_protocol_name(filename); - proto_len = proto ? strlen(proto) : 0; - if (proto && !memcmp(filename, proto, proto_len) && - (filenameproto_len == ':' || filenameproto_len == ',')) { + if (proto && av_strstart(filename, proto, &ptr) && + (*ptr == ':' || *ptr == ',')) { url = filename; filename = NULL; } else {
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/dhav.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/dhav.c
Changed
@@ -173,12 +173,12 @@ if (avio_feof(s->pb)) return AVERROR_EOF; - if (avio_rl32(s->pb) != MKTAG('D','H','A','V')) { + if (avio_rl32(s->pb) != MKTAG('D','H','A','V') && dhav->last_good_pos < INT64_MAX - 0x8000) { dhav->last_good_pos += 0x8000; avio_seek(s->pb, dhav->last_good_pos, SEEK_SET); while (avio_rl32(s->pb) != MKTAG('D','H','A','V')) { - if (avio_feof(s->pb)) + if (avio_feof(s->pb) || dhav->last_good_pos >= INT64_MAX - 0x8000) return AVERROR_EOF; dhav->last_good_pos += 0x8000; ret = avio_skip(s->pb, 0x8000 - 4); @@ -290,6 +290,8 @@ int seek_back; seek_back = avio_rl32(s->pb) + 8; + if (seek_back < 9) + break; dhav->last_good_pos = avio_tell(s->pb); avio_seek(s->pb, -seek_back, SEEK_CUR); }
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/dsfdec.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/dsfdec.c
Changed
@@ -124,8 +124,8 @@ dsf->audio_size = avio_rl64(pb) / 8 * st->codecpar->channels; st->codecpar->block_align = avio_rl32(pb); - if (st->codecpar->block_align > INT_MAX / st->codecpar->channels) { - avpriv_request_sample(s, "block_align overflow"); + if (st->codecpar->block_align > INT_MAX / st->codecpar->channels || st->codecpar->block_align <= 0) { + avpriv_request_sample(s, "block_align invalid"); return AVERROR_INVALIDDATA; } st->codecpar->block_align *= st->codecpar->channels;
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/dxa.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/dxa.c
Changed
@@ -143,7 +143,7 @@ c->readvid = !c->has_sound; c->vidpos = avio_tell(pb); s->start_time = 0; - s->duration = (int64_t)c->frames * AV_TIME_BASE * num / den; + s->duration = av_rescale(c->frames, AV_TIME_BASE * (int64_t)num, den); av_log(s, AV_LOG_DEBUG, "%d frame(s)\n",c->frames); return 0;
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/electronicarts.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/electronicarts.c
Changed
@@ -530,20 +530,17 @@ if (ea->num_channels <= 0 || ea->num_channels > 2) { av_log(s, AV_LOG_WARNING, "Unsupported number of channels: %d\n", ea->num_channels); - ea->audio_codec = 0; - return 1; + goto no_audio; } if (ea->sample_rate <= 0) { av_log(s, AV_LOG_ERROR, "Unsupported sample rate: %d\n", ea->sample_rate); - ea->audio_codec = 0; - return 1; + goto no_audio; } if (ea->bytes <= 0 || ea->bytes > 2) { av_log(s, AV_LOG_ERROR, "Invalid number of bytes per sample: %d\n", ea->bytes); - ea->audio_codec = AV_CODEC_ID_NONE; - return 1; + goto no_audio; } /* initialize the audio decoder stream */ @@ -564,8 +561,13 @@ st->codecpar->bits_per_coded_sample; ea->audio_stream_index = st->index; st->start_time = 0; + return 1; } +no_audio: + ea->audio_codec = AV_CODEC_ID_NONE; + if (!ea->video.codec) + return AVERROR_INVALIDDATA; return 1; } @@ -580,6 +582,8 @@ int av_uninit(num_samples); while ((!packet_read && !hit_end) || partial_packet) { + if (avio_feof(pb)) + return AVERROR_EOF; chunk_type = avio_rl32(pb); chunk_size = ea->big_endian ? avio_rb32(pb) : avio_rl32(pb); if (chunk_size < 8) @@ -603,10 +607,14 @@ break; } else if (ea->audio_codec == AV_CODEC_ID_PCM_S16LE_PLANAR || ea->audio_codec == AV_CODEC_ID_MP3) { + if (chunk_size < 12) + return AVERROR_INVALIDDATA; num_samples = avio_rl32(pb); avio_skip(pb, 8); chunk_size -= 12; } else if (ea->audio_codec == AV_CODEC_ID_ADPCM_PSX) { + if (chunk_size < 8) + return AVERROR_INVALIDDATA; avio_skip(pb, 8); chunk_size -= 8; } @@ -689,6 +697,8 @@ case fVGT_TAG: case MADm_TAG: case MADe_TAG: + if (chunk_size > INT_MAX - 8) + return AVERROR_INVALIDDATA; avio_seek(pb, -8, SEEK_CUR); // include chunk preamble chunk_size += 8; goto get_video_packet; @@ -718,6 +728,7 @@ ret = av_get_packet(pb, pkt, chunk_size); if (ret < 0) { packet_read = 1; + partial_packet = 0; break; } partial_packet = chunk_type == MVIh_TAG;
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/ffmetadec.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/ffmetadec.c
Changed
@@ -182,7 +182,7 @@ AVStream *st = avformat_new_stream(s, NULL); if (!st) - return AVERROR(ENOMEM); + goto nomem; st->codecpar->codec_type = AVMEDIA_TYPE_DATA; st->codecpar->codec_id = AV_CODEC_ID_FFMETADATA; @@ -192,7 +192,7 @@ AVChapter *ch = read_chapter(s); if (!ch) - return AVERROR(ENOMEM); + goto nomem; m = &ch->metadata; } else @@ -208,6 +208,10 @@ AV_TIME_BASE_Q); return 0; +nomem: + av_bprint_finalize(&bp, NULL); + + return AVERROR(ENOMEM); } static int read_packet(AVFormatContext *s, AVPacket *pkt)
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/fitsdec.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/fitsdec.c
Changed
@@ -24,6 +24,7 @@ * FITS demuxer. */ +#include "libavutil/avassert.h" #include "libavutil/intreadwrite.h" #include "internal.h" #include "libavutil/opt.h" @@ -125,14 +126,14 @@ size += header->pcount; t = (abs(header->bitpix) >> 3) * ((int64_t) header->gcount); - if(size && t > UINT64_MAX / size) + if(size && t > INT64_MAX / size) return AVERROR_INVALIDDATA; size *= t; if (!size) { image = 0; } else { - if(FITS_BLOCK_SIZE - 1 > UINT64_MAX - size) + if(FITS_BLOCK_SIZE - 1 > INT64_MAX - size) return AVERROR_INVALIDDATA; size = ((size + FITS_BLOCK_SIZE - 1) / FITS_BLOCK_SIZE) * FITS_BLOCK_SIZE; } @@ -173,6 +174,11 @@ goto fail; } + av_assert0(avbuf.len <= INT64_MAX && size <= INT64_MAX); + if (avbuf.len + size > INT_MAX - 80) { + ret = AVERROR_INVALIDDATA; + goto fail; + } // Header is sent with the first line removed... ret = av_new_packet(pkt, avbuf.len - 80 + size); if (ret < 0)
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/flvdec.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/flvdec.c
Changed
@@ -41,6 +41,8 @@ #define RESYNC_BUFFER_SIZE (1<<20) +#define MAX_DEPTH 16 ///< arbitrary limit to prevent unbounded recursion + typedef struct FLVContext { const AVClass *class; ///< Class for private options. int trust_metadata; ///< configure streams according onMetaData @@ -382,13 +384,18 @@ static int amf_get_string(AVIOContext *ioc, char *buffer, int buffsize) { + int ret; int length = avio_rb16(ioc); if (length >= buffsize) { avio_skip(ioc, length); return -1; } - avio_read(ioc, buffer, length); + ret = avio_read(ioc, buffer, length); + if (ret < 0) + return ret; + if (ret < length) + return AVERROR_INVALIDDATA; bufferlength = '\0'; @@ -493,8 +500,13 @@ double num_val; amf_date date; + if (depth > MAX_DEPTH) + return AVERROR_PATCHWELCOME; + num_val = 0; ioc = s->pb; + if (avio_feof(ioc)) + return AVERROR_EOF; amf_type = avio_r8(ioc); switch (amf_type) { @@ -837,10 +849,16 @@ } } -static int amf_skip_tag(AVIOContext *pb, AMFDataType type) +static int amf_skip_tag(AVIOContext *pb, AMFDataType type, int depth) { int nb = -1, ret, parse_name = 1; + if (depth > MAX_DEPTH) + return AVERROR_PATCHWELCOME; + + if (avio_feof(pb)) + return AVERROR_EOF; + switch (type) { case AMF_DATA_TYPE_NUMBER: avio_skip(pb, 8); @@ -865,7 +883,7 @@ } avio_skip(pb, size); } - if ((ret = amf_skip_tag(pb, avio_r8(pb))) < 0) + if ((ret = amf_skip_tag(pb, avio_r8(pb), depth + 1)) < 0) return ret; } break; @@ -909,7 +927,7 @@ else break; } else { - if ((ret = amf_skip_tag(pb, type)) < 0) + if ((ret = amf_skip_tag(pb, type, 0)) < 0) goto skip; } } @@ -1161,7 +1179,7 @@ avio_seek(s->pb, fsize - 3 - size, SEEK_SET); if (size == avio_rb24(s->pb) + 11) { uint32_t ts = avio_rb24(s->pb); - ts |= avio_r8(s->pb) << 24; + ts |= (unsigned)avio_r8(s->pb) << 24; if (ts) s->duration = ts * (int64_t)AV_TIME_BASE / 1000; else if (fsize >= 8 && fsize - 8 >= size) { @@ -1234,7 +1252,7 @@ if (st->codecpar->codec_id == AV_CODEC_ID_H264 || st->codecpar->codec_id == AV_CODEC_ID_MPEG4) { // sign extension int32_t cts = (avio_rb24(s->pb) + 0xff800000) ^ 0xff800000; - pts = dts + cts; + pts = av_sat_add64(dts, cts); if (cts < 0) { // dts might be wrong if (!flv->wrong_dts) av_log(s, AV_LOG_WARNING,
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/genh.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/genh.c
Changed
@@ -87,7 +87,9 @@ case 5: st->codecpar->codec_id = st->codecpar->block_align > 0 ? AV_CODEC_ID_PCM_S8_PLANAR : AV_CODEC_ID_PCM_S8; break; - case 6: st->codecpar->codec_id = AV_CODEC_ID_SDX2_DPCM; break; + case 6: if (st->codecpar->block_align > INT_MAX/1024) + return AVERROR_INVALIDDATA; + st->codecpar->codec_id = AV_CODEC_ID_SDX2_DPCM; break; case 7: ret = ff_alloc_extradata(st->codecpar, 2); if (ret < 0) return ret; @@ -144,6 +146,9 @@ } } + if (st->codecpar->block_align <= 0) + return AVERROR_INVALIDDATA; + avio_skip(s->pb, start_offset - avio_tell(s->pb)); avpriv_set_pts_info(st, 64, 1, st->codecpar->sample_rate);
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/gxf.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/gxf.c
Changed
@@ -285,9 +285,12 @@ static void gxf_read_index(AVFormatContext *s, int pkt_len) { AVIOContext *pb = s->pb; AVStream *st; - uint32_t fields_per_map = avio_rl32(pb); - uint32_t map_cnt = avio_rl32(pb); + uint32_t fields_per_map, map_cnt; int i; + if (pkt_len < 8) + return; + fields_per_map = avio_rl32(pb); + map_cnt = avio_rl32(pb); pkt_len -= 8; if ((s->flags & AVFMT_FLAG_IGNIDX) || !s->streams) { avio_skip(pb, pkt_len);
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/icodec.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/icodec.c
Changed
@@ -84,6 +84,9 @@ avio_skip(pb, 4); ico->nb_images = avio_rl16(pb); + if (!ico->nb_images) + return AVERROR_INVALIDDATA; + ico->images = av_malloc_array(ico->nb_images, sizeof(IcoImage)); if (!ico->images) return AVERROR(ENOMEM); @@ -93,7 +96,7 @@ int tmp; if (avio_seek(pb, 6 + i * 16, SEEK_SET) < 0) - break; + goto fail; st = avformat_new_stream(s, NULL); if (!st) { @@ -113,13 +116,12 @@ ico->imagesi.size = avio_rl32(pb); if (ico->imagesi.size <= 0) { av_log(s, AV_LOG_ERROR, "Invalid image size %d\n", ico->imagesi.size); - av_freep(&ico->images); - return AVERROR_INVALIDDATA; + goto fail; } ico->imagesi.offset = avio_rl32(pb); if (avio_seek(pb, ico->imagesi.offset, SEEK_SET) < 0) - break; + goto fail; codec = avio_rl32(pb); switch (codec) { @@ -130,8 +132,7 @@ break; case 40: if (ico->imagesi.size < 40) { - av_freep(&ico->images); - return AVERROR_INVALIDDATA; + goto fail; } st->codecpar->codec_id = AV_CODEC_ID_BMP; tmp = avio_rl32(pb); @@ -143,12 +144,14 @@ break; default: avpriv_request_sample(s, "codec %d", codec); - av_freep(&ico->images); - return AVERROR_INVALIDDATA; + goto fail; } } return 0; +fail: + av_freep(&ico->images); + return AVERROR_INVALIDDATA; } static int read_packet(AVFormatContext *s, AVPacket *pkt) @@ -156,12 +159,14 @@ IcoDemuxContext *ico = s->priv_data; IcoImage *image; AVIOContext *pb = s->pb; - AVStream *st = s->streams0; + AVStream *st; int ret; if (ico->current_image >= ico->nb_images) return AVERROR_EOF; + st = s->streams0; + image = &ico->imagesico->current_image; if ((ret = avio_seek(pb, image->offset, SEEK_SET)) < 0)
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/id3v2.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/id3v2.c
Changed
@@ -605,7 +605,10 @@ /* mimetype */ if (isv34) { - taglen -= avio_get_str(pb, taglen, mimetype, sizeof(mimetype)); + int ret = avio_get_str(pb, taglen, mimetype, sizeof(mimetype)); + if (ret < 0 || ret >= taglen) + goto fail; + taglen -= ret; } else { if (avio_read(pb, mimetype, 3) < 0) goto fail; @@ -993,6 +996,9 @@ av_log(s, AV_LOG_DEBUG, "Compresssed frame %s tlen=%d dlen=%ld\n", tag, tlen, dlen); + if (tlen <= 0) + goto seek; + av_fast_malloc(&uncompressed_buffer, &uncompressed_buffer_size, dlen); if (!uncompressed_buffer) { av_log(s, AV_LOG_ERROR, "Failed to alloc %ld bytes\n", dlen);
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/iff.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/iff.c
Changed
@@ -223,6 +223,9 @@ uint64_t orig_pos = avio_tell(pb); const char * metadata_tag = NULL; + if (size >= INT64_MAX) + return AVERROR_INVALIDDATA; + switch(tag) { case MKTAG('D','I','A','R'): metadata_tag = "artist"; break; case MKTAG('D','I','T','I'): metadata_tag = "title"; break; @@ -256,6 +259,9 @@ uint64_t size = avio_rb64(pb); uint64_t orig_pos = avio_tell(pb); + if (size >= INT64_MAX) + return AVERROR_INVALIDDATA; + switch(tag) { case MKTAG('A','B','S','S'): if (size < 8) @@ -362,7 +368,7 @@ data_size = iff->is_64bit ? avio_rb64(pb) : avio_rb32(pb); data_pos = avio_tell(pb); - if (data_size < 1) + if (data_size < 1 || data_size >= INT64_MAX) return AVERROR_INVALIDDATA; switch (chunk_id) { @@ -449,6 +455,9 @@ data_size = iff->is_64bit ? avio_rb64(pb) : avio_rb32(pb); orig_pos = avio_tell(pb); + if (data_size >= INT64_MAX) + return AVERROR_INVALIDDATA; + switch(chunk_id) { case ID_VHDR: st->codecpar->codec_type = AVMEDIA_TYPE_AUDIO; @@ -754,7 +763,7 @@ st->codecpar->bits_per_coded_sample = av_get_bits_per_sample(st->codecpar->codec_id); st->codecpar->bit_rate = (int64_t)st->codecpar->channels * st->codecpar->sample_rate * st->codecpar->bits_per_coded_sample; st->codecpar->block_align = st->codecpar->channels * st->codecpar->bits_per_coded_sample; - if (st->codecpar->codec_tag == ID_DSD && st->codecpar->block_align <= 0) + if ((st->codecpar->codec_tag == ID_DSD || st->codecpar->codec_tag == ID_MAUD) && st->codecpar->block_align <= 0) return AVERROR_INVALIDDATA; break; @@ -836,7 +845,7 @@ } else if (st->codecpar->codec_tag == ID_DST) { return read_dst_frame(s, pkt); } else { - if (iff->body_size > INT_MAX) + if (iff->body_size > INT_MAX || !iff->body_size) return AVERROR_INVALIDDATA; ret = av_get_packet(pb, pkt, iff->body_size); } @@ -872,6 +881,8 @@ pkt->flags |= AV_PKT_FLAG_KEY; } else if (st->codecpar->codec_type == AVMEDIA_TYPE_VIDEO && st->codecpar->codec_tag != ID_ANIM) { + if (iff->body_size > INT_MAX || !iff->body_size) + return AVERROR_INVALIDDATA; ret = av_get_packet(pb, pkt, iff->body_size); pkt->pos = pos; if (pos == iff->body_pos)
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/ifv.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/ifv.c
Changed
@@ -210,6 +210,7 @@ } if (!ev) { + uint64_t vframes, aframes; if (ifv->is_audio_present && !ea) { /*read new video and audio indexes*/ @@ -217,8 +218,12 @@ ifv->next_audio_index = ifv->total_aframes; avio_skip(s->pb, 0x1c); - ifv->total_vframes += avio_rl32(s->pb); - ifv->total_aframes += avio_rl32(s->pb); + vframes = ifv->total_vframes + (uint64_t)avio_rl32(s->pb); + aframes = ifv->total_aframes + (uint64_t)avio_rl32(s->pb); + if (vframes > INT_MAX || aframes > INT_MAX) + return AVERROR_INVALIDDATA; + ifv->total_vframes = vframes; + ifv->total_aframes = aframes; avio_skip(s->pb, 0xc); if (avio_feof(s->pb)) @@ -240,7 +245,10 @@ ifv->next_video_index = ifv->total_vframes; avio_skip(s->pb, 0x1c); - ifv->total_vframes += avio_rl32(s->pb); + vframes = ifv->total_vframes + (uint64_t)avio_rl32(s->pb); + if (vframes > INT_MAX) + return AVERROR_INVALIDDATA; + ifv->total_vframes = vframes; avio_skip(s->pb, 0x10); if (avio_feof(s->pb))
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/jacosubdec.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/jacosubdec.c
Changed
@@ -136,6 +136,7 @@ { int sign = 1; int a = 0, b = 0, c = 0, d = 0; + int64_t ret; #define SSEP "%*1.:" int n = sscanf(buf, "%d"SSEP"%d"SSEP"%d"SSEP"%d", &a, &b, &c, &d); #undef SSEP @@ -145,13 +146,16 @@ a = FFABS(a); } + ret = 0; switch (n) { - case 4: return sign * ((a*3600 + b*60 + c) * timeres + d); - case 3: return sign * (( a*60 + b) * timeres + c); - case 2: return sign * (( a) * timeres + b); + case 4: ret = sign * (((int64_t)a*3600 + b*60 + c) * timeres + d); + case 3: ret = sign * (( (int64_t)a*60 + b) * timeres + c); + case 2: ret = sign * (( (int64_t)a) * timeres + b); } + if ((int)ret != ret) + ret = 0; - return 0; + return ret; } static int jacosub_read_header(AVFormatContext *s)
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/kvag.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/kvag.c
Changed
@@ -83,7 +83,7 @@ par->bits_per_raw_sample = 16; par->block_align = 1; par->bit_rate = par->channels * - par->sample_rate * + (uint64_t)par->sample_rate * par->bits_per_coded_sample; avpriv_set_pts_info(st, 64, 1, par->sample_rate);
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/libsrt.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/libsrt.c
Changed
@@ -53,6 +53,7 @@ typedef struct SRTContext { const AVClass *class; int fd; + int listen_fd; int eid; int64_t rw_timeout; int64_t listen_timeout; @@ -313,8 +314,12 @@ (s->pbkeylen >= 0 && libsrt_setsockopt(h, fd, SRTO_PBKEYLEN, "SRTO_PBKEYLEN", &s->pbkeylen, sizeof(s->pbkeylen)) < 0) || (s->passphrase && libsrt_setsockopt(h, fd, SRTO_PASSPHRASE, "SRTO_PASSPHRASE", s->passphrase, strlen(s->passphrase)) < 0) || #if SRT_VERSION_VALUE >= 0x010302 +#if SRT_VERSION_VALUE >= 0x010401 + (s->enforced_encryption >= 0 && libsrt_setsockopt(h, fd, SRTO_ENFORCEDENCRYPTION, "SRTO_ENFORCEDENCRYPTION", &s->enforced_encryption, sizeof(s->enforced_encryption)) < 0) || +#else /* SRTO_STRICTENC == SRTO_ENFORCEDENCRYPTION (53), but for compatibility, we used SRTO_STRICTENC */ (s->enforced_encryption >= 0 && libsrt_setsockopt(h, fd, SRTO_STRICTENC, "SRTO_STRICTENC", &s->enforced_encryption, sizeof(s->enforced_encryption)) < 0) || +#endif (s->kmrefreshrate >= 0 && libsrt_setsockopt(h, fd, SRTO_KMREFRESHRATE, "SRTO_KMREFRESHRATE", &s->kmrefreshrate, sizeof(s->kmrefreshrate)) < 0) || (s->kmpreannounce >= 0 && libsrt_setsockopt(h, fd, SRTO_KMPREANNOUNCE, "SRTO_KMPREANNOUNCE", &s->kmpreannounce, sizeof(s->kmpreannounce)) < 0) || #endif @@ -333,7 +338,11 @@ (s->lossmaxttl >= 0 && libsrt_setsockopt(h, fd, SRTO_LOSSMAXTTL, "SRTO_LOSSMAXTTL", &s->lossmaxttl, sizeof(s->lossmaxttl)) < 0) || (s->minversion >= 0 && libsrt_setsockopt(h, fd, SRTO_MINVERSION, "SRTO_MINVERSION", &s->minversion, sizeof(s->minversion)) < 0) || (s->streamid && libsrt_setsockopt(h, fd, SRTO_STREAMID, "SRTO_STREAMID", s->streamid, strlen(s->streamid)) < 0) || +#if SRT_VERSION_VALUE >= 0x010401 + (s->smoother && libsrt_setsockopt(h, fd, SRTO_CONGESTION, "SRTO_CONGESTION", s->smoother, strlen(s->smoother)) < 0) || +#else (s->smoother && libsrt_setsockopt(h, fd, SRTO_SMOOTHER, "SRTO_SMOOTHER", s->smoother, strlen(s->smoother)) < 0) || +#endif (s->messageapi >= 0 && libsrt_setsockopt(h, fd, SRTO_MESSAGEAPI, "SRTO_MESSAGEAPI", &s->messageapi, sizeof(s->messageapi)) < 0) || (s->payload_size >= 0 && libsrt_setsockopt(h, fd, SRTO_PAYLOADSIZE, "SRTO_PAYLOADSIZE", &s->payload_size, sizeof(s->payload_size)) < 0) || ((h->flags & AVIO_FLAG_WRITE) && libsrt_setsockopt(h, fd, SRTO_SENDER, "SRTO_SENDER", &yes, sizeof(yes)) < 0)) { @@ -354,7 +363,7 @@ static int libsrt_setup(URLContext *h, const char *uri, int flags) { struct addrinfo hints = { 0 }, *ai, *cur_ai; - int port, fd = -1; + int port, fd = -1, listen_fd = -1; SRTContext *s = h->priv_data; const char *p; char buf256; @@ -364,11 +373,6 @@ int64_t open_timeout = 0; int eid; - eid = srt_epoll_create(); - if (eid < 0) - return libsrt_neterrno(h); - s->eid = eid; - av_url_split(proto, sizeof(proto), NULL, 0, hostname, sizeof(hostname), &port, path, sizeof(path), uri); if (strcmp(proto, "srt")) @@ -404,6 +408,11 @@ cur_ai = ai; + eid = srt_epoll_create(); + if (eid < 0) + return libsrt_neterrno(h); + s->eid = eid; + restart: fd = srt_socket(cur_ai->ai_family, cur_ai->ai_socktype, 0); @@ -431,6 +440,7 @@ // multi-client if ((ret = libsrt_listen(s->eid, fd, cur_ai->ai_addr, cur_ai->ai_addrlen, h, s->listen_timeout)) < 0) goto fail1; + listen_fd = fd; fd = ret; } else { if (s->mode == SRT_MODE_RENDEZVOUS) { @@ -463,6 +473,7 @@ h->is_streamed = 1; s->fd = fd; + s->listen_fd = listen_fd; freeaddrinfo(ai); return 0; @@ -473,13 +484,18 @@ cur_ai = cur_ai->ai_next; if (fd >= 0) srt_close(fd); + if (listen_fd >= 0) + srt_close(listen_fd); ret = 0; goto restart; } fail1: if (fd >= 0) srt_close(fd); + if (listen_fd >= 0) + srt_close(listen_fd); freeaddrinfo(ai); + srt_epoll_release(s->eid); return ret; } @@ -569,7 +585,8 @@ } else if (!strcmp(buf, "rendezvous")) { s->mode = SRT_MODE_RENDEZVOUS; } else { - return AVERROR(EIO); + ret = AVERROR(EINVAL); + goto err; } } if (av_find_info_tag(buf, sizeof(buf), "sndbuf", p)) { @@ -617,10 +634,15 @@ s->linger = strtol(buf, NULL, 10); } } - return libsrt_setup(h, uri, flags); + ret = libsrt_setup(h, uri, flags); + if (ret < 0) + goto err; + return 0; + err: av_freep(&s->smoother); av_freep(&s->streamid); + srt_cleanup(); return ret; } @@ -668,6 +690,9 @@ srt_close(s->fd); + if (s->listen_fd >= 0) + srt_close(s->listen_fd); + srt_epoll_release(s->eid); srt_cleanup();
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/lrcdec.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/lrcdec.c
Changed
@@ -185,6 +185,8 @@ sscanf(comma_offset + 1, "%"SCNd64, &lrc->ts_offset) != 1) { av_dict_set(&s->metadata, line.str + 1, comma_offset + 1, 0); } + lrc->ts_offset = av_clip64(lrc->ts_offset, INT64_MIN/4, INT64_MAX/4); + *comma_offset = ':'; *right_bracket_offset = ''; } @@ -198,6 +200,7 @@ while((ts_stroffset_incr = read_ts(line.str + ts_stroffset, &ts_start)) != 0) { + ts_start = av_clip64(ts_start, INT64_MIN/4, INT64_MAX/4); ts_stroffset += ts_stroffset_incr; sub = ff_subtitles_queue_insert(&lrc->q, line.str + ts_strlength, line.len - ts_strlength, 0);
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/lvfdec.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/lvfdec.c
Changed
@@ -106,6 +106,7 @@ unsigned size, flags, timestamp, id; int64_t pos; int ret, is_video = 0; + int stream_index; pos = avio_tell(s->pb); while (!avio_feof(s->pb)) { @@ -121,12 +122,15 @@ case MKTAG('0', '1', 'w', 'b'): if (size < 8) return AVERROR_INVALIDDATA; + stream_index = is_video ? 0 : 1; + if (stream_index >= s->nb_streams) + return AVERROR_INVALIDDATA; timestamp = avio_rl32(s->pb); flags = avio_rl32(s->pb); ret = av_get_packet(s->pb, pkt, size - 8); if (flags & (1 << 12)) pkt->flags |= AV_PKT_FLAG_KEY; - pkt->stream_index = is_video ? 0 : 1; + pkt->stream_index = stream_index; pkt->pts = timestamp; pkt->pos = pos; return ret;
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/matroskadec.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/matroskadec.c
Changed
@@ -2321,6 +2321,15 @@ if (!track->codec_id) continue; + if ( track->type == MATROSKA_TRACK_TYPE_AUDIO && track->codec_id0 != 'A' + || track->type == MATROSKA_TRACK_TYPE_VIDEO && track->codec_id0 != 'V' + || track->type == MATROSKA_TRACK_TYPE_SUBTITLE && track->codec_id0 != 'D' && track->codec_id0 != 'S' + || track->type == MATROSKA_TRACK_TYPE_METADATA && track->codec_id0 != 'D' && track->codec_id0 != 'S' + ) { + av_log(matroska->ctx, AV_LOG_INFO, "Inconsistent track type\n"); + continue; + } + if (track->audio.samplerate < 0 || track->audio.samplerate > INT_MAX || isnan(track->audio.samplerate)) { av_log(matroska->ctx, AV_LOG_WARNING,
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/mov.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/mov.c
Changed
@@ -290,6 +290,8 @@ return 0; n_hmmt = avio_rb32(pb); + if (n_hmmt > len / 4) + return AVERROR_INVALIDDATA; for (i = 0; i < n_hmmt && !pb->eof_reached; i++) { int moment_time = avio_rb32(pb); avpriv_new_chapter(c->fc, i, av_make_q(1, 1000), moment_time, AV_NOPTS_VALUE, NULL); @@ -1119,7 +1121,7 @@ av_dict_set_int(&c->fc->metadata, "minor_version", minor_ver, 0); comp_brand_size = atom.size - 8; - if (comp_brand_size < 0) + if (comp_brand_size < 0 || comp_brand_size == INT_MAX) return AVERROR_INVALIDDATA; comp_brands_str = av_malloc(comp_brand_size + 1); /* Add null terminator */ if (!comp_brands_str) @@ -2328,12 +2330,10 @@ if (tmcd_ctx->tmcd_flags & 0x0008) { int timescale = AV_RB32(st->codecpar->extradata + 8); int framedur = AV_RB32(st->codecpar->extradata + 12); - st->avg_frame_rate.num *= timescale; - st->avg_frame_rate.den *= framedur; + st->avg_frame_rate = av_mul_q(st->avg_frame_rate, (AVRational){timescale, framedur}); #if FF_API_LAVF_AVCTX FF_DISABLE_DEPRECATION_WARNINGS - st->codec->time_base.den *= timescale; - st->codec->time_base.num *= framedur; + st->codec->time_base = av_mul_q(st->codec->time_base , (AVRational){framedur, timescale}); FF_ENABLE_DEPRECATION_WARNINGS #endif } @@ -4396,7 +4396,7 @@ static int mov_read_custom(MOVContext *c, AVIOContext *pb, MOVAtom atom) { - int64_t end = avio_tell(pb) + atom.size; + int64_t end = av_sat_add64(avio_tell(pb), atom.size); uint8_t *key = NULL, *val = NULL, *mean = NULL; int i; int ret = 0; @@ -5520,6 +5520,10 @@ av_log(c->fc, AV_LOG_ERROR, "Empty stereoscopic video box\n"); return AVERROR_INVALIDDATA; } + + if (sc->stereo3d) + return AVERROR_INVALIDDATA; + avio_skip(pb, 4); /* version + flags */ mode = avio_r8(pb); @@ -6980,6 +6984,8 @@ uint32_t type; avio_skip(pb, 4); type = avio_rl32(pb); + if (avio_feof(pb)) + break; avio_seek(pb, -8, SEEK_CUR); if (type == MKTAG('m','v','h','d') || type == MKTAG('c','m','o','v')) { @@ -7044,7 +7050,7 @@ c->atom_depth --; return err; } - if (c->found_moov && c->found_mdat && + if (c->found_moov && c->found_mdat && a.size <= INT64_MAX - start_pos && ((!(pb->seekable & AVIO_SEEKABLE_NORMAL) || c->fc->flags & AVFMT_FLAG_IGNIDX || c->frag_index.complete) || start_pos + a.size == avio_size(pb))) { if (!(pb->seekable & AVIO_SEEKABLE_NORMAL) || c->fc->flags & AVFMT_FLAG_IGNIDX || c->frag_index.complete)
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/mpc8.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/mpc8.c
Changed
@@ -178,12 +178,16 @@ av_add_index_entry(s->streams0, pos, i, 0, 0, AVINDEX_KEYFRAME); } for(; i < size; i++){ + if (get_bits_left(&gb) < 13) { + av_free(buf); + return; + } t = get_unary(&gb, 1, 33) << 12; t += get_bits(&gb, 12); if(t & 1) t = -(t & ~1); - pos = (t >> 1) + ppos0*2 - ppos1; - av_add_index_entry(s->streams0, pos, i << seekd, 0, 0, AVINDEX_KEYFRAME); + pos = (t >> 1) + (uint64_t)ppos0*2 - ppos1; + av_add_index_entry(s->streams0, pos, (int64_t)i << seekd, 0, 0, AVINDEX_KEYFRAME); ppos1 = ppos0; ppos0 = pos; } @@ -258,7 +262,7 @@ st->codecpar->channels = (st->codecpar->extradata1 >> 4) + 1; st->codecpar->sample_rate = mpc8_ratest->codecpar->extradata0 >> 5; - avpriv_set_pts_info(st, 32, 1152 << (st->codecpar->extradata1&3)*2, st->codecpar->sample_rate); + avpriv_set_pts_info(st, 64, 1152 << (st->codecpar->extradata1&3)*2, st->codecpar->sample_rate); st->start_time = 0; st->duration = c->samples / (1152 << (st->codecpar->extradata1&3)*2); size -= avio_tell(pb) - pos; @@ -288,7 +292,7 @@ return AVERROR_EOF; mpc8_get_chunk_header(s->pb, &tag, &size); - if (size < 0) + if (size < 0 || size > INT_MAX) return -1; if(tag == TAG_AUDIOPACKET){ if ((ret = av_get_packet(s->pb, pkt, size)) < 0)
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/mpeg.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/mpeg.c
Changed
@@ -147,9 +147,12 @@ static int64_t get_pts(AVIOContext *pb, int c) { uint8_t buf5; + int ret; buf0 = c < 0 ? avio_r8(pb) : c; - avio_read(pb, buf + 1, 4); + ret = avio_read(pb, buf + 1, 4); + if (ret < 4) + return AV_NOPTS_VALUE; return ff_parse_pes_pts(buf); }
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/mpegts.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/mpegts.c
Changed
@@ -135,7 +135,7 @@ int fix_teletext_pts; int64_t cur_pcr; /**< used to estimate the exact PCR */ - int pcr_incr; /**< used to estimate the exact PCR */ + int64_t pcr_incr; /**< used to estimate the exact PCR */ /* data needed to handle file based ts */ /** stop parsing loop */ @@ -3138,7 +3138,7 @@ s->bit_rate = TS_PACKET_SIZE * 8 * 27000000LL / ts->pcr_incr; st->codecpar->bit_rate = s->bit_rate; st->start_time = ts->cur_pcr; - av_log(ts->stream, AV_LOG_TRACE, "start=%0.3f pcr=%0.3f incr=%d\n", + av_log(ts->stream, AV_LOG_TRACE, "start=%0.3f pcr=%0.3f incr=%"PRId64"\n", st->start_time / 1000000.0, pcrs0 / 27e6, ts->pcr_incr); } @@ -3165,7 +3165,7 @@ return ret; } if (data != pkt->data) - memcpy(pkt->data, data, ts->raw_packet_size); + memcpy(pkt->data, data, TS_PACKET_SIZE); finished_reading_packet(s, ts->raw_packet_size); if (ts->mpeg2ts_compute_pcr) { /* compute exact PCR for each packet */
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/mpsubdec.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/mpsubdec.c
Changed
@@ -72,8 +72,8 @@ fracval *= 10; for (;p2 - p1 > 7 + 1; p1++) fracval /= 10; - if (intval > 0) intval += fracval; - else intval -= fracval; + if (intval > 0) intval = av_sat_add64(intval, fracval); + else intval = av_sat_sub64(intval, fracval); line += p2; } else line += p1;
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/mvdec.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/mvdec.c
Changed
@@ -159,7 +159,10 @@ st->codecpar->sample_rate = var_read_int(pb, size); avpriv_set_pts_info(st, 33, 1, st->codecpar->sample_rate); } else if (!strcmp(name, "SAMPLE_WIDTH")) { - st->codecpar->bits_per_coded_sample = var_read_int(pb, size) * 8; + uint64_t bpc = var_read_int(pb, size) * (uint64_t)8; + if (bpc > 16) + return AVERROR_INVALIDDATA; + st->codecpar->bits_per_coded_sample = bpc; } else return AVERROR_INVALIDDATA; @@ -266,6 +269,8 @@ uint32_t pos = avio_rb32(pb); uint32_t size = avio_rb32(pb); avio_skip(pb, 8); + if (avio_feof(pb)) + return ; av_add_index_entry(st, pos, timestamp, size, 0, AVINDEX_KEYFRAME); if (st->codecpar->codec_type == AVMEDIA_TYPE_AUDIO) { timestamp += size / (st->codecpar->channels * 2LL);
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/mvi.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/mvi.c
Changed
@@ -94,7 +94,7 @@ vst->codecpar->codec_type = AVMEDIA_TYPE_VIDEO; vst->codecpar->codec_id = AV_CODEC_ID_MOTIONPIXELS; - mvi->get_int = (vst->codecpar->width * vst->codecpar->height < (1 << 16)) ? avio_rl16 : avio_rl24; + mvi->get_int = (vst->codecpar->width * (int64_t)vst->codecpar->height < (1 << 16)) ? avio_rl16 : avio_rl24; mvi->audio_frame_size = ((uint64_t)mvi->audio_data_size << MVI_FRAC_BITS) / frames_count; if (mvi->audio_frame_size <= 1 << MVI_FRAC_BITS - 1) { @@ -123,6 +123,8 @@ count = (mvi->audio_size_counter + mvi->audio_frame_size + 512) >> MVI_FRAC_BITS; if (count > mvi->audio_size_left) count = mvi->audio_size_left; + if ((int64_t)count << MVI_FRAC_BITS > INT_MAX) + return AVERROR_INVALIDDATA; if ((ret = av_get_packet(pb, pkt, count)) < 0) return ret; pkt->stream_index = MVI_AUDIO_STREAM_INDEX;
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/mxfdec.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/mxfdec.c
Changed
@@ -330,9 +330,8 @@ MXFIndexTableSegment *seg; switch ((*ctx)->type) { case Descriptor: - av_freep(&((MXFDescriptor *)*ctx)->extradata); - break; case MultipleDescriptor: + av_freep(&((MXFDescriptor *)*ctx)->extradata); av_freep(&((MXFDescriptor *)*ctx)->sub_descriptors_refs); break; case Sequence: @@ -2737,8 +2736,11 @@ int ret; int tag = avio_rb16(pb); int size = avio_rb16(pb); /* KLV specified by 0x53 */ - uint64_t next = avio_tell(pb) + size; + int64_t next = avio_tell(pb); UID uid = {0}; + if (next < 0 || next > INT64_MAX - size) + return next < 0 ? next : AVERROR_INVALIDDATA; + next += size; av_log(mxf->fc, AV_LOG_TRACE, "local tag %#04x size %d\n", tag, size); if (!size) { /* ignore empty tag, needed for some files with empty UMID tag */
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/nistspheredec.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/nistspheredec.c
Changed
@@ -90,6 +90,8 @@ return 0; } else if (!memcmp(buffer, "channel_count", 13)) { sscanf(buffer, "%*s %*s %u", &st->codecpar->channels); + if (st->codecpar->channels <= 0 || st->codecpar->channels > INT16_MAX) + return AVERROR_INVALIDDATA; } else if (!memcmp(buffer, "sample_byte_format", 18)) { sscanf(buffer, "%*s %*s %31s", format); @@ -109,10 +111,14 @@ sscanf(buffer, "%*s %*s %"SCNd64, &st->duration); } else if (!memcmp(buffer, "sample_n_bytes", 14)) { sscanf(buffer, "%*s %*s %d", &bps); + if (bps > INT16_MAX/8U) + return AVERROR_INVALIDDATA; } else if (!memcmp(buffer, "sample_rate", 11)) { sscanf(buffer, "%*s %*s %d", &st->codecpar->sample_rate); } else if (!memcmp(buffer, "sample_sig_bits", 15)) { sscanf(buffer, "%*s %*s %d", &st->codecpar->bits_per_coded_sample); + if (st->codecpar->bits_per_coded_sample <= 0 || st->codecpar->bits_per_coded_sample > INT16_MAX) + return AVERROR_INVALIDDATA; } else { char key32, value32; if (sscanf(buffer, "%31s %*s %31s", key, value) == 2) {
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/nutdec.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/nutdec.c
Changed
@@ -193,13 +193,13 @@ { AVFormatContext *s = nut->avf; AVIOContext *bc = s->pb; - uint64_t tmp, end; + uint64_t tmp, end, length; unsigned int stream_count; int i, j, count, ret; int tmp_stream, tmp_mul, tmp_pts, tmp_size, tmp_res, tmp_head_idx; - end = get_packetheader(nut, bc, 1, MAIN_STARTCODE); - end += avio_tell(bc); + length = get_packetheader(nut, bc, 1, MAIN_STARTCODE); + end = length + avio_tell(bc); nut->version = ffio_read_varlen(bc); if (nut->version < NUT_MIN_VERSION || @@ -219,7 +219,7 @@ nut->max_distance = 65536; } - GET_V(nut->time_base_count, tmp > 0 && tmp < INT_MAX / sizeof(AVRational)); + GET_V(nut->time_base_count, tmp > 0 && tmp < INT_MAX / sizeof(AVRational) && tmp < length/2); nut->time_base = av_malloc_array(nut->time_base_count, sizeof(AVRational)); if (!nut->time_base) return AVERROR(ENOMEM); @@ -260,7 +260,7 @@ if (tmp_fields > 5) count = ffio_read_varlen(bc); else - count = tmp_mul - tmp_size; + count = tmp_mul - (unsigned)tmp_size; if (tmp_fields > 6) get_s(bc); if (tmp_fields > 7)
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/nuv.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/nuv.c
Changed
@@ -117,6 +117,10 @@ ast->codecpar->bits_per_coded_sample = avio_rl32(pb); ast->codecpar->channels = avio_rl32(pb); ast->codecpar->channel_layout = 0; + if (ast->codecpar->channels <= 0) { + av_log(s, AV_LOG_ERROR, "Invalid channels %d\n", ast->codecpar->channels); + return AVERROR_INVALIDDATA; + } id = ff_wav_codec_get_id(ast->codecpar->codec_tag, ast->codecpar->bits_per_coded_sample);
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/paf.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/paf.c
Changed
@@ -75,14 +75,18 @@ return 0; } -static void read_table(AVFormatContext *s, uint32_t *table, uint32_t count) +static int read_table(AVFormatContext *s, uint32_t *table, uint32_t count) { int i; - for (i = 0; i < count; i++) + for (i = 0; i < count; i++) { + if (avio_feof(s->pb)) + return AVERROR_INVALIDDATA; tablei = avio_rl32(s->pb); + } avio_skip(s->pb, 4 * (FFALIGN(count, 512) - count)); + return 0; } static int read_header(AVFormatContext *s) @@ -171,9 +175,15 @@ avio_seek(pb, p->buffer_size, SEEK_SET); - read_table(s, p->blocks_count_table, p->nb_frames); - read_table(s, p->frames_offset_table, p->nb_frames); - read_table(s, p->blocks_offset_table, p->frame_blks); + ret = read_table(s, p->blocks_count_table, p->nb_frames); + if (ret < 0) + goto fail; + ret = read_table(s, p->frames_offset_table, p->nb_frames); + if (ret < 0) + goto fail; + ret = read_table(s, p->blocks_offset_table, p->frame_blks); + if (ret < 0) + goto fail; p->got_audio = 0; p->current_frame = 0;
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/pcm.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/pcm.c
Changed
@@ -39,7 +39,11 @@ * Clamp to RAW_SAMPLES if larger. */ size = FFMAX(par->sample_rate/25, 1); - size = FFMIN(size, RAW_SAMPLES) * par->block_align; + if (par->block_align <= INT_MAX / RAW_SAMPLES) { + size = FFMIN(size, RAW_SAMPLES) * par->block_align; + } else { + size = par->block_align; + } ret = av_get_packet(s->pb, pkt, size);
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/r3d.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/r3d.c
Changed
@@ -322,7 +322,8 @@ pkt->stream_index = 1; pkt->dts = dts; - if (st->codecpar->sample_rate) + + if (st->codecpar->sample_rate && samples > 0) pkt->duration = av_rescale(samples, st->time_base.den, st->codecpar->sample_rate); av_log(s, AV_LOG_TRACE, "pkt dts %"PRId64" duration %"PRId64" samples %d sample rate %d\n", pkt->dts, pkt->duration, samples, st->codecpar->sample_rate);
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/rmdec.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/rmdec.c
Changed
@@ -162,7 +162,11 @@ avio_rb16(pb); /* version2 */ avio_rb32(pb); /* header size */ flavor= avio_rb16(pb); /* add codec info / flavor */ - ast->coded_framesize = coded_framesize = avio_rb32(pb); /* coded frame size */ + coded_framesize = avio_rb32(pb); /* coded frame size */ + if (coded_framesize < 0) + return AVERROR_INVALIDDATA; + ast->coded_framesize = coded_framesize; + avio_rb32(pb); /* ??? */ bytes_per_minute = avio_rb32(pb); if (version == 4) { @@ -216,7 +220,7 @@ if (version == 5) avio_r8(pb); codecdata_length = avio_rb32(pb); - if(codecdata_length + AV_INPUT_BUFFER_PADDING_SIZE <= (unsigned)codecdata_length){ + if((unsigned)codecdata_length > INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE){ av_log(s, AV_LOG_ERROR, "codecdata_length too large\n"); return -1; } @@ -247,7 +251,7 @@ if (version == 5) avio_r8(pb); codecdata_length = avio_rb32(pb); - if(codecdata_length + AV_INPUT_BUFFER_PADDING_SIZE <= (unsigned)codecdata_length){ + if((unsigned)codecdata_length > INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE){ av_log(s, AV_LOG_ERROR, "codecdata_length too large\n"); return -1; } @@ -451,6 +455,8 @@ } for (n = 0; n < n_pkts; n++) { + if (avio_feof(pb)) + return AVERROR_INVALIDDATA; avio_skip(pb, 2); pts = avio_rb32(pb); pos = avio_rb32(pb); @@ -694,21 +700,23 @@ state= (state<<8) + avio_r8(pb); if(state == MKBETAG('I', 'N', 'D', 'X')){ - int n_pkts, expected_len; + int n_pkts; + int64_t expected_len; len = avio_rb32(pb); avio_skip(pb, 2); n_pkts = avio_rb32(pb); - expected_len = 20 + n_pkts * 14; - if (len == 20) + expected_len = 20 + n_pkts * 14LL; + + if (len == 20 && expected_len <= INT_MAX) /* some files don't add index entries to chunk size... */ len = expected_len; else if (len != expected_len) av_log(s, AV_LOG_WARNING, - "Index size %d (%d pkts) is wrong, should be %d.\n", + "Index size %d (%d pkts) is wrong, should be %"PRId64".\n", len, n_pkts, expected_len); - len -= 14; // we already read part of the index header - if(len<0) + if(len < 14) continue; + len -= 14; // we already read part of the index header goto skip; } else if (state == MKBETAG('D','A','T','A')) { av_log(s, AV_LOG_WARNING, @@ -1278,8 +1286,11 @@ int j; av_log(s, AV_LOG_DEBUG, "%s = '0x", key); - for (j = 0; j < len; j++) + for (j = 0; j < len; j++) { + if (avio_feof(pb)) + return AVERROR_INVALIDDATA; av_log(s, AV_LOG_DEBUG, "%X", avio_r8(pb)); + } av_log(s, AV_LOG_DEBUG, "'\n"); } else if (len == 4 && type == 3 && !strncmp(key, "Duration", tlen)) { st->duration = avio_rb32(pb);
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/rpl.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/rpl.c
Changed
@@ -253,6 +253,9 @@ error |= read_line(pb, line, sizeof(line)); } + if (s->nb_streams == 0) + return AVERROR_INVALIDDATA; + rpl->frames_per_chunk = read_line_and_int(pb, &error); // video frames per chunk if (vst && rpl->frames_per_chunk > 1 && vst->codecpar->codec_tag != 124) av_log(s, AV_LOG_WARNING,
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/rsd.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/rsd.c
Changed
@@ -103,13 +103,9 @@ break; case AV_CODEC_ID_ADPCM_PSX: par->block_align = 16 * par->channels; - if (pb->seekable & AVIO_SEEKABLE_NORMAL) - st->duration = av_get_audio_frame_duration2(par, avio_size(pb) - start); break; case AV_CODEC_ID_ADPCM_IMA_RAD: par->block_align = 20 * par->channels; - if (pb->seekable & AVIO_SEEKABLE_NORMAL) - st->duration = av_get_audio_frame_duration2(par, avio_size(pb) - start); break; case AV_CODEC_ID_ADPCM_IMA_WAV: if (version == 2) @@ -117,8 +113,6 @@ par->bits_per_coded_sample = 4; par->block_align = 36 * par->channels; - if (pb->seekable & AVIO_SEEKABLE_NORMAL) - st->duration = av_get_audio_frame_duration2(par, avio_size(pb) - start); break; case AV_CODEC_ID_ADPCM_THP_LE: /* RSD3GADP is mono, so only alloc enough memory @@ -128,8 +122,6 @@ if ((ret = ff_get_extradata(s, par, s->pb, 32)) < 0) return ret; - if (pb->seekable & AVIO_SEEKABLE_NORMAL) - st->duration = av_get_audio_frame_duration2(par, avio_size(pb) - start); break; case AV_CODEC_ID_ADPCM_THP: par->block_align = 8 * par->channels; @@ -139,21 +131,41 @@ return ret; for (i = 0; i < par->channels; i++) { + if (avio_feof(pb)) + return AVERROR_EOF; avio_read(s->pb, st->codecpar->extradata + 32 * i, 32); avio_skip(s->pb, 8); } - if (pb->seekable & AVIO_SEEKABLE_NORMAL) - st->duration = (avio_size(pb) - start) / (8 * par->channels) * 14; break; case AV_CODEC_ID_PCM_S16LE: case AV_CODEC_ID_PCM_S16BE: if (version != 4) start = avio_rl32(pb); - if (pb->seekable & AVIO_SEEKABLE_NORMAL) - st->duration = (avio_size(pb) - start) / 2 / par->channels; break; } + if (start < 0) + return AVERROR_INVALIDDATA; + + if (pb->seekable & AVIO_SEEKABLE_NORMAL) { + int64_t remaining = avio_size(pb); + + if (remaining >= start && remaining - start <= INT_MAX) + switch (par->codec_id) { + case AV_CODEC_ID_ADPCM_PSX: + case AV_CODEC_ID_ADPCM_IMA_RAD: + case AV_CODEC_ID_ADPCM_IMA_WAV: + case AV_CODEC_ID_ADPCM_THP_LE: + st->duration = av_get_audio_frame_duration2(par, remaining - start); + break; + case AV_CODEC_ID_ADPCM_THP: + st->duration = (remaining - start) / (8 * par->channels) * 14; + break; + case AV_CODEC_ID_PCM_S16LE: + case AV_CODEC_ID_PCM_S16BE: + st->duration = (remaining - start) / 2 / par->channels; + } + } avio_skip(pb, start - avio_tell(pb)); if (par->codec_id == AV_CODEC_ID_XMA2) {
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/rtsp.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/rtsp.c
Changed
@@ -93,6 +93,7 @@ RTSP_FLAG_OPTS("rtsp_flags", "set RTSP flags"), { "listen", "wait for incoming connections", 0, AV_OPT_TYPE_CONST, {.i64 = RTSP_FLAG_LISTEN}, 0, 0, DEC, "rtsp_flags" }, { "prefer_tcp", "try RTP via TCP first, if available", 0, AV_OPT_TYPE_CONST, {.i64 = RTSP_FLAG_PREFER_TCP}, 0, 0, DEC|ENC, "rtsp_flags" }, + { "satip_raw", "export raw MPEG-TS stream instead of demuxing", 0, AV_OPT_TYPE_CONST, {.i64 = RTSP_FLAG_SATIP_RAW}, 0, 0, DEC, "rtsp_flags" }, RTSP_MEDIATYPE_OPTS("allowed_media_types", "set media types to accept from the server"), { "min_port", "set minimum local UDP port", OFFSET(rtp_port_min), AV_OPT_TYPE_INT, {.i64 = RTSP_RTP_PORT_MIN}, 0, 65535, DEC|ENC }, { "max_port", "set maximum local UDP port", OFFSET(rtp_port_max), AV_OPT_TYPE_INT, {.i64 = RTSP_RTP_PORT_MAX}, 0, 65535, DEC|ENC }, @@ -253,6 +254,35 @@ } } +static int init_satip_stream(AVFormatContext *s) +{ + RTSPState *rt = s->priv_data; + RTSPStream *rtsp_st = av_mallocz(sizeof(RTSPStream)); + if (!rtsp_st) + return AVERROR(ENOMEM); + dynarray_add(&rt->rtsp_streams, + &rt->nb_rtsp_streams, rtsp_st); + + rtsp_st->sdp_payload_type = 33; // MP2T + av_strlcpy(rtsp_st->control_url, + rt->control_uri, sizeof(rtsp_st->control_url)); + + if (rt->rtsp_flags & RTSP_FLAG_SATIP_RAW) { + AVStream *st = avformat_new_stream(s, NULL); + if (!st) + return AVERROR(ENOMEM); + st->id = rt->nb_rtsp_streams - 1; + rtsp_st->stream_index = st->index; + st->codecpar->codec_type = AVMEDIA_TYPE_DATA; + st->codecpar->codec_id = AV_CODEC_ID_MPEG2TS; + } else { + rtsp_st->stream_index = -1; + init_rtp_handler(&ff_mpegts_dynamic_handler, rtsp_st, NULL); + finalize_rtp_handler_init(s, rtsp_st, NULL); + } + return 0; +} + /* parse the rtpmap description: <codec_name>/<clock_rate>/<other params> */ static int sdp_parse_rtpmap(AVFormatContext *s, AVStream *st, RTSPStream *rtsp_st, @@ -1125,6 +1155,9 @@ } else if (av_stristart(p, "Content-Type:", &p)) { p += strspn(p, SPACE_CHARS); av_strlcpy(reply->content_type, p, sizeof(reply->content_type)); + } else if (av_stristart(p, "com.ses.streamID:", &p)) { + p += strspn(p, SPACE_CHARS); + av_strlcpy(reply->stream_id, p, sizeof(reply->stream_id)); } } @@ -1503,8 +1536,10 @@ rtp_opened: port = ff_rtp_get_local_rtp_port(rtsp_st->rtp_handle); have_port: - snprintf(transport, sizeof(transport) - 1, - "%s/UDP;", trans_pref); + av_strlcpy(transport, trans_pref, sizeof(transport)); + av_strlcat(transport, + rt->server_type == RTSP_SERVER_SATIP ? ";" : "/UDP;", + sizeof(transport)); if (rt->server_type != RTSP_SERVER_REAL) av_strlcat(transport, "unicast;", sizeof(transport)); av_strlcatf(transport, sizeof(transport), @@ -1567,6 +1602,15 @@ goto fail; } + if (rt->server_type == RTSP_SERVER_SATIP && reply->stream_id0) { + char proto128, host128, path512, auth128; + int port; + av_url_split(proto, sizeof(proto), auth, sizeof(auth), host, sizeof(host), + &port, path, sizeof(path), rt->control_uri); + ff_url_join(rt->control_uri, sizeof(rt->control_uri), proto, NULL, host, + port, "/stream=%s", reply->stream_id); + } + /* XXX: same protocol for all streams is required */ if (i > 0) { if (reply->transports0.lower_transport != rt->lower_transport || @@ -1718,6 +1762,9 @@ lower_rtsp_proto = "tls"; default_port = RTSPS_DEFAULT_PORT; rt->lower_transport_mask = 1 << RTSP_LOWER_TRANSPORT_TCP; + } else if (!strcmp(proto, "satip")) { + av_strlcpy(proto, "rtsp", sizeof(proto)); + rt->server_type = RTSP_SERVER_SATIP; } if (*auth) { @@ -1865,7 +1912,9 @@ /* request options supported by the server; this also detects server * type */ - for (rt->server_type = RTSP_SERVER_RTP;;) { + if (rt->server_type != RTSP_SERVER_SATIP) + rt->server_type = RTSP_SERVER_RTP; + for (;;) { cmd0 = 0; if (rt->server_type == RTSP_SERVER_REAL) av_strlcat(cmd, @@ -1900,9 +1949,12 @@ break; } - if (CONFIG_RTSP_DEMUXER && s->iformat) - err = ff_rtsp_setup_input_streams(s, reply); - else if (CONFIG_RTSP_MUXER) + if (CONFIG_RTSP_DEMUXER && s->iformat) { + if (rt->server_type == RTSP_SERVER_SATIP) + err = init_satip_stream(s); + else + err = ff_rtsp_setup_input_streams(s, reply); + } else if (CONFIG_RTSP_MUXER) err = ff_rtsp_setup_output_streams(s, host); else av_assert0(0);
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/rtsp.h -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/rtsp.h
Changed
@@ -186,6 +186,11 @@ * Content type header */ char content_type64; + + /** + * SAT>IP com.ses.streamID header + */ + char stream_id64; } RTSPMessageHeader; /** @@ -208,6 +213,7 @@ RTSP_SERVER_RTP, /**< Standards-compliant RTP-server */ RTSP_SERVER_REAL, /**< Realmedia-style server */ RTSP_SERVER_WMS, /**< Windows Media server */ + RTSP_SERVER_SATIP,/**< SAT>IP server */ RTSP_SERVER_NB }; @@ -421,6 +427,7 @@ #define RTSP_FLAG_RTCP_TO_SOURCE 0x8 /**< Send RTCP packets to the source address of received packets. */ #define RTSP_FLAG_PREFER_TCP 0x10 /**< Try RTP via TCP first if possible. */ +#define RTSP_FLAG_SATIP_RAW 0x20 /**< Export SAT>IP stream as raw MPEG-TS */ typedef struct RTSPSource { char addr128; /**< Source-specific multicast include source IP address (from SDP content) */
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/rtspdec.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/rtspdec.c
Changed
@@ -703,6 +703,7 @@ #if CONFIG_TLS_PROTOCOL av_strstart(p->filename, "rtsps:", NULL) || #endif + av_strstart(p->filename, "satip:", NULL) || av_strstart(p->filename, "rtsp:", NULL)) return AVPROBE_SCORE_MAX; return 0;
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/samidec.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/samidec.c
Changed
@@ -95,6 +95,11 @@ const char *p = ff_smil_get_attr_ptr(buf.str, "Start"); sub->pos = pos; sub->pts = p ? strtol(p, NULL, 10) : 0; + if (sub->pts <= INT64_MIN/2 || sub->pts >= INT64_MAX/2) { + res = AVERROR_PATCHWELCOME; + goto end; + } + sub->duration = -1; } }
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/sbgdec.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/sbgdec.c
Changed
@@ -181,6 +181,7 @@ char *end; int hours, minutes; double seconds = 0; + int64_t ts = 0; if (*cur < '0' || *cur > '9') return 0; @@ -196,8 +197,9 @@ seconds = strtod(cur + 1, &end); if (end > cur + 1) cur = end; + ts = av_clipd(seconds * AV_TIME_BASE, INT64_MIN/2, INT64_MAX/2); } - *rtime = (hours * 3600LL + minutes * 60LL + seconds) * AV_TIME_BASE; + *rtime = av_sat_add64((hours * 3600LL + minutes * 60LL) * AV_TIME_BASE, ts); return cur - str; } @@ -536,6 +538,9 @@ return AVERROR_INVALIDDATA; } ts.type = p->current_time.type; + + if (av_sat_add64(p->current_time.t, rel_ts) != p->current_time.t + (uint64_t)rel_ts) + return AVERROR_INVALIDDATA; ts.t = p->current_time.t + rel_ts; r = parse_fade(p, &fade); if (r < 0) @@ -1411,6 +1416,11 @@ if (r < 0) goto fail; + if (script.end_ts != AV_NOPTS_VALUE && script.end_ts < script.start_ts) { + r = AVERROR_INVALIDDATA; + goto fail; + } + st = avformat_new_stream(avf, NULL); if (!st) return AVERROR(ENOMEM);
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/segafilm.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/segafilm.c
Changed
@@ -144,8 +144,11 @@ film->video_type = AV_CODEC_ID_NONE; } + if (film->video_type == AV_CODEC_ID_NONE && film->audio_type == AV_CODEC_ID_NONE) + return AVERROR_INVALIDDATA; + /* initialize the decoder streams */ - if (film->video_type) { + if (film->video_type != AV_CODEC_ID_NONE) { st = avformat_new_stream(s, NULL); if (!st) return AVERROR(ENOMEM); @@ -166,7 +169,7 @@ } } - if (film->audio_type) { + if (film->audio_type != AV_CODEC_ID_NONE) { st = avformat_new_stream(s, NULL); if (!st) return AVERROR(ENOMEM); @@ -241,7 +244,7 @@ film->sample_tablei.pts = AV_RB32(&scratch8) & 0x7FFFFFFF; film->sample_tablei.keyframe = (scratch8 & 0x80) ? 0 : AVINDEX_KEYFRAME; video_frame_counter++; - if (film->video_type) + if (film->video_type != AV_CODEC_ID_NONE) av_add_index_entry(s->streamsfilm->video_stream_index, film->sample_tablei.sample_offset, film->sample_tablei.pts, @@ -250,10 +253,10 @@ } } - if (film->audio_type) + if (film->audio_type != AV_CODEC_ID_NONE) s->streamsfilm->audio_stream_index->duration = audio_frame_counter; - if (film->video_type) + if (film->video_type != AV_CODEC_ID_NONE) s->streamsfilm->video_stream_index->duration = video_frame_counter; film->current_sample = 0;
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/siff.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/siff.c
Changed
@@ -201,6 +201,8 @@ if (c->curstrm == -1) { c->pktsize = avio_rl32(s->pb) - 4; c->flags = avio_rl16(s->pb); + if (c->flags & VB_HAS_AUDIO && !c->has_audio) + return AVERROR_INVALIDDATA; c->gmcsize = (c->flags & VB_HAS_GMC) ? 4 : 0; if (c->gmcsize) avio_read(s->pb, c->gmc, c->gmcsize);
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/smacker.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/smacker.c
Changed
@@ -104,8 +104,8 @@ height = avio_rl32(pb); smk->frames = avio_rl32(pb); pts_inc = avio_rl32(pb); - if (pts_inc > INT_MAX / 100) { - av_log(s, AV_LOG_ERROR, "pts_inc %d is too large\n", pts_inc); + if (pts_inc > INT_MAX / 100 || pts_inc == INT_MIN) { + av_log(s, AV_LOG_ERROR, "pts_inc %d is invalid\n", pts_inc); return AVERROR_INVALIDDATA; }
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/soxdec.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/soxdec.c
Changed
@@ -90,7 +90,7 @@ sample_rate_frac); if ((header_size + 4) & 7 || header_size < SOX_FIXED_HDR + comment_size - || st->codecpar->channels > 65535) /* Reserve top 16 bits */ { + || st->codecpar->channels > 65535 || st->codecpar->channels <= 0) /* Reserve top 16 bits */ { av_log(s, AV_LOG_ERROR, "invalid header\n"); return AVERROR_INVALIDDATA; }
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/subviewerdec.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/subviewerdec.c
Changed
@@ -148,6 +148,10 @@ new_event = 1; pos = avio_tell(s->pb); } else if (*line) { + if (pts_start == AV_NOPTS_VALUE) { + res = AVERROR_INVALIDDATA; + goto end; + } if (!new_event) { sub = ff_subtitles_queue_insert(&subviewer->q, "\n", 1, 1); if (!sub) {
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/tedcaptionsdec.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/tedcaptionsdec.c
Changed
@@ -181,6 +181,8 @@ if ((unsigned)*cur_byte - '0' > 9) return AVERROR_INVALIDDATA; while (BETWEEN(*cur_byte, '0', '9')) { + if (val > INT_MAX/10 - (*cur_byte - '0')) + return AVERROR_INVALIDDATA; val = val * 10 + (*cur_byte - '0'); next_byte(pb, cur_byte); }
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/tests/url.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/tests/url.c
Changed
@@ -21,10 +21,41 @@ #include "libavformat/url.h" #include "libavformat/avformat.h" +static void test_decompose(const char *url) +{ + URLComponents uc; + int len, ret; + + printf("%s =>\n", url); + ret = ff_url_decompose(&uc, url, NULL); + if (ret < 0) { + printf(" error: %s\n", av_err2str(ret)); + return; + } +#define PRINT_COMPONENT(comp) \ + len = uc.url_component_end_##comp - uc.comp; \ + if (len) printf(" "#comp": %.*s\n", len, uc.comp); + PRINT_COMPONENT(scheme); + PRINT_COMPONENT(authority); + PRINT_COMPONENT(userinfo); + PRINT_COMPONENT(host); + PRINT_COMPONENT(port); + PRINT_COMPONENT(path); + PRINT_COMPONENT(query); + PRINT_COMPONENT(fragment); + printf("\n"); +} + static void test(const char *base, const char *rel) { char buf200, buf2200; - ff_make_absolute_url(buf, sizeof(buf), base, rel); + int ret; + + ret = ff_make_absolute_url(buf, sizeof(buf), base, rel); + if (ret < 0) { + printf("%50s %-20s => error %s\n", base, rel, av_err2str(ret)); + return; + } printf("%50s %-20s => %s\n", base, rel, buf); if (base) { /* Test in-buffer replacement */ @@ -51,6 +82,17 @@ int main(void) { + printf("Testing ff_url_decompose:\n\n"); + test_decompose("http://user:pass@ffmpeg:8080/dir/file?query#fragment"); + test_decompose("http://ffmpeg/dir/file"); + test_decompose("file:///dev/null"); + test_decompose("file:/dev/null"); + test_decompose("http://::1/dev/null"); + test_decompose("http://::1:8080/dev/null"); + test_decompose("//ffmpeg/dev/null"); + test_decompose("test?url=http://server/path"); + test_decompose("dummy.mp4#t=0:02:00,121.5"); + printf("Testing ff_make_absolute_url:\n"); test(NULL, "baz"); test("/foo/bar", "baz"); @@ -70,6 +112,58 @@ test("http://server/foo/bar", "/../../../../../other/url"); test("http://server/foo/bar", "/test/../../../../../other/url"); test("http://server/foo/bar", "/test/../../test/../../../other/url"); + test("http://server/foo/bar", "file:../baz/qux"); + test("http://server/foo//bar/", "../../"); + test("file:../tmp/foo", "../bar/"); + test("file:../tmp/foo", "file:../bar/"); + test("http://server/foo/bar", "./"); + test("http://server/foo/bar", ".dotfile"); + test("http://server/foo/bar", "..doubledotfile"); + test("http://server/foo/bar", "double..dotfile"); + test("http://server/foo/bar", "doubledotfile.."); + + /* From https://tools.ietf.org/html/rfc3986#section-5.4 */ + test("http://a/b/c/d;p?q", "g:h"); // g:h + test("http://a/b/c/d;p?q", "g"); // http://a/b/c/g + test("http://a/b/c/d;p?q", "./g"); // http://a/b/c/g + test("http://a/b/c/d;p?q", "g/"); // http://a/b/c/g/ + test("http://a/b/c/d;p?q", "/g"); // http://a/g + test("http://a/b/c/d;p?q", "//g"); // http://g + test("http://a/b/c/d;p?q", "?y"); // http://a/b/c/d;p?y + test("http://a/b/c/d;p?q", "g?y"); // http://a/b/c/g?y + test("http://a/b/c/d;p?q", "#s"); // http://a/b/c/d;p?q#s + test("http://a/b/c/d;p?q", "g#s"); // http://a/b/c/g#s + test("http://a/b/c/d;p?q", "g?y#s"); // http://a/b/c/g?y#s + test("http://a/b/c/d;p?q", ";x"); // http://a/b/c/;x + test("http://a/b/c/d;p?q", "g;x"); // http://a/b/c/g;x + test("http://a/b/c/d;p?q", "g;x?y#s"); // http://a/b/c/g;x?y#s + test("http://a/b/c/d;p?q", ""); // http://a/b/c/d;p?q + test("http://a/b/c/d;p?q", "."); // http://a/b/c/ + test("http://a/b/c/d;p?q", "./"); // http://a/b/c/ + test("http://a/b/c/d;p?q", ".."); // http://a/b/ + test("http://a/b/c/d;p?q", "../"); // http://a/b/ + test("http://a/b/c/d;p?q", "../g"); // http://a/b/g + test("http://a/b/c/d;p?q", "../.."); // http://a/ + test("http://a/b/c/d;p?q", "../../"); // http://a/ + test("http://a/b/c/d;p?q", "../../g"); // http://a/g + test("http://a/b/c/d;p?q", "../../../g"); // http://a/g + test("http://a/b/c/d;p?q", "../../../../g"); // http://a/g + test("http://a/b/c/d;p?q", "/./g"); // http://a/g + test("http://a/b/c/d;p?q", "/../g"); // http://a/g + test("http://a/b/c/d;p?q", "g."); // http://a/b/c/g. + test("http://a/b/c/d;p?q", ".g"); // http://a/b/c/.g + test("http://a/b/c/d;p?q", "g.."); // http://a/b/c/g.. + test("http://a/b/c/d;p?q", "..g"); // http://a/b/c/..g + test("http://a/b/c/d;p?q", "./../g"); // http://a/b/g + test("http://a/b/c/d;p?q", "./g/."); // http://a/b/c/g/ + test("http://a/b/c/d;p?q", "g/./h"); // http://a/b/c/g/h + test("http://a/b/c/d;p?q", "g/../h"); // http://a/b/c/h + test("http://a/b/c/d;p?q", "g;x=1/./y"); // http://a/b/c/g;x=1/y + test("http://a/b/c/d;p?q", "g;x=1/../y"); // http://a/b/c/y + test("http://a/b/c/d;p?q", "g?y/./x"); // http://a/b/c/g?y/./x + test("http://a/b/c/d;p?q", "g?y/../x"); // http://a/b/c/g?y/../x + test("http://a/b/c/d;p?q", "g#s/./x"); // http://a/b/c/g#s/./x + test("http://a/b/c/d;p?q", "g#s/../x"); // http://a/b/c/g#s/../x printf("\nTesting av_url_split:\n"); test2("/foo/bar");
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/tta.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/tta.c
Changed
@@ -119,7 +119,7 @@ for (i = 0; i < c->totalframes; i++) { uint32_t size = avio_rl32(s->pb); int r; - if ((r = av_add_index_entry(st, framepos, i * c->frame_size, size, 0, + if ((r = av_add_index_entry(st, framepos, i * (int64_t)c->frame_size, size, 0, AVINDEX_KEYFRAME)) < 0) return r; framepos += size;
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/url.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/url.c
Changed
@@ -27,6 +27,7 @@ #if CONFIG_NETWORK #include "network.h" #endif +#include "libavutil/avassert.h" #include "libavutil/avstring.h" /** @@ -78,146 +79,219 @@ return strlen(str); } -static void trim_double_dot_url(char *buf, const char *rel, int size) +static const char *find_delim(const char *delim, const char *cur, const char *end) { - const char *p = rel; - const char *root = rel; - char tmp_pathMAX_URL_SIZE = {0, }; - char *sep; - char *node; - - /* Get the path root of the url which start by "://" */ - if (p && (sep = strstr(p, "://"))) { - sep += 3; - root = strchr(sep, '/'); - if (!root) - return; - } + while (cur < end && !strchr(delim, *cur)) + cur++; + return cur; +} + +int ff_url_decompose(URLComponents *uc, const char *url, const char *end) +{ + const char *cur, *aend, *p; + + av_assert0(url); + if (!end) + end = url + strlen(url); + cur = uc->url = url; + + /* scheme */ + uc->scheme = cur; + p = find_delim(":/?#", cur, end); /* lavf "schemes" can contain options but not some RFC 3986 delimiters */ + if (*p == ':') + cur = p + 1; + + /* authority */ + uc->authority = cur; + if (end - cur >= 2 && cur0 == '/' && cur1 == '/') { + cur += 2; + aend = find_delim("/?#", cur, end); + + /* userinfo */ + uc->userinfo = cur; + p = find_delim("@", cur, aend); + if (*p == '@') + cur = p + 1; - /* set new current position if the root node is changed */ - p = root; - while (p && (node = strstr(p, ".."))) { - av_strlcat(tmp_path, p, node - p + strlen(tmp_path)); - p = node + 3; - sep = strrchr(tmp_path, '/'); - if (sep) - sep0 = '\0'; - else - tmp_path0 = '\0'; + /* host */ + uc->host = cur; + if (*cur == '') { /* hello IPv6, thanks for using colons! */ + p = find_delim("", cur, aend); + if (*p != '') + return AVERROR(EINVAL); + if (p + 1 < aend && p1 != ':') + return AVERROR(EINVAL); + cur = p + 1; + } else { + cur = find_delim(":", cur, aend); + } + + /* port */ + uc->port = cur; + cur = aend; + } else { + uc->userinfo = uc->host = uc->port = cur; } - if (!av_stristart(p, "/", NULL) && root != rel) - av_strlcat(tmp_path, "/", size); + /* path */ + uc->path = cur; + cur = find_delim("?#", cur, end); - av_strlcat(tmp_path, p, size); - /* start set buf after temp path process. */ - av_strlcpy(buf, rel, root - rel + 1); + /* query */ + uc->query = cur; + if (*cur == '?') + cur = find_delim("#", cur, end); - if (!av_stristart(tmp_path, "/", NULL) && root != rel) - av_strlcat(buf, "/", size); + /* fragment */ + uc->fragment = cur; - av_strlcat(buf, tmp_path, size); + uc->end = end; + return 0; } -void ff_make_absolute_url(char *buf, int size, const char *base, - const char *rel) +static int append_path(char *root, char *out_end, char **rout, + const char *in, const char *in_end) { - char *sep, *path_query; - char *root, *p; - char tmp_pathMAX_URL_SIZE; - - memset(tmp_path, 0, sizeof(tmp_path)); - /* Absolute path, relative to the current server */ - if (base && strstr(base, "://") && rel0 == '/') { - if (base != buf) - av_strlcpy(buf, base, size); - sep = strstr(buf, "://"); - if (sep) { - /* Take scheme from base url */ - if (rel1 == '/') { - sep1 = '\0'; - } else { - /* Take scheme and host from base url */ - sep += 3; - sep = strchr(sep, '/'); - if (sep) - *sep = '\0'; - } + char *out = *rout; + const char *d, *next; + + if (in < in_end && *in == '/') + in++; /* already taken care of */ + while (in < in_end) { + d = find_delim("/", in, in_end); + next = d + (d < in_end && *d == '/'); + if (d - in == 1 && in0 == '.') { + /* skip */ + } else if (d - in == 2 && in0 == '.' && in1 == '.') { + av_assert1(out-1 == '/'); + if (out - root > 1) + while (out > root && (--out)-1 != '/'); + } else { + if (out_end - out < next - in) + return AVERROR(ENOMEM); + memmove(out, in, next - in); + out += next - in; } - av_strlcat(buf, rel, size); - trim_double_dot_url(tmp_path, buf, size); - memset(buf, 0, size); - av_strlcpy(buf, tmp_path, size); - return; - } - /* If rel actually is an absolute url, just copy it */ - if (!base || strstr(rel, "://") || rel0 == '/') { - memset(buf, 0, size); - trim_double_dot_url(buf, rel, size); - return; - } - if (base != buf) - av_strlcpy(buf, base, size); - - /* Strip off any query string from base */ - path_query = strchr(buf, '?'); - if (path_query) - *path_query = '\0'; - - /* Is relative path just a new query part? */ - if (rel0 == '?') { - av_strlcat(buf, rel, size); - trim_double_dot_url(tmp_path, buf, size); - memset(buf, 0, size); - av_strlcpy(buf, tmp_path, size); - return; + in = next; } + *rout = out; + return 0; +} - root = p = buf; - /* Get the path root of the url which start by "://" */ - if (p && strstr(p, "://")) { - sep = strstr(p, "://"); - if (sep) { - sep += 3; - root = strchr(sep, '/');
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/url.h -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/url.h
Changed
@@ -312,8 +312,8 @@ * @param base the base url, may be equal to buf. * @param rel the new url, which is interpreted relative to base */ -void ff_make_absolute_url(char *buf, int size, const char *base, - const char *rel); +int ff_make_absolute_url(char *buf, int size, const char *base, + const char *rel); /** * Allocate directory entry with default values. @@ -340,4 +340,45 @@ const URLProtocol **ffurl_get_protocols(const char *whitelist, const char *blacklist); +typedef struct URLComponents { + const char *url; /**< whole URL, for reference */ + const char *scheme; /**< possibly including lavf-specific options */ + const char *authority; /**< "//" if it is a real URL */ + const char *userinfo; /**< including final '@' if present */ + const char *host; + const char *port; /**< including initial ':' if present */ + const char *path; + const char *query; /**< including initial '?' if present */ + const char *fragment; /**< including initial '#' if present */ + const char *end; +} URLComponents; + +#define url_component_end_scheme authority +#define url_component_end_authority userinfo +#define url_component_end_userinfo host +#define url_component_end_host port +#define url_component_end_port path +#define url_component_end_path query +#define url_component_end_query fragment +#define url_component_end_fragment end +#define url_component_end_authority_full path + +#define URL_COMPONENT_HAVE(uc, component) \ + ((uc).url_component_end_##component > (uc).component) + +/** + * Parse an URL to find the components. + * + * Each component runs until the start of the next component, + * possibly including a mandatory delimiter. + * + * @param uc structure to fill with pointers to the components. + * @param url URL to parse. + * @param end end of the URL, or NULL to parse to the end of string. + * + * @return >= 0 for success or an AVERROR code, especially if the URL is + * malformed. + */ +int ff_url_decompose(URLComponents *uc, const char *url, const char *end); + #endif /* AVFORMAT_URL_H */
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/utils.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/utils.c
Changed
@@ -243,13 +243,16 @@ int ffio_limit(AVIOContext *s, int size) { if (s->maxsize>= 0) { - int64_t remaining= s->maxsize - avio_tell(s); + int64_t pos = avio_tell(s); + int64_t remaining= s->maxsize - pos; if (remaining < size) { int64_t newsize = avio_size(s); if (!s->maxsize || s->maxsize<newsize) s->maxsize = newsize - !newsize; - remaining= s->maxsize - avio_tell(s); - remaining= FFMAX(remaining, 0); + if (pos > s->maxsize && s->maxsize >= 0) + s->maxsize = AVERROR(EIO); + if (s->maxsize >= 0) + remaining = s->maxsize - pos; } if (s->maxsize>= 0 && remaining+1 < size) { @@ -1134,6 +1137,7 @@ dts == AV_NOPTS_VALUE || st->cur_dts == AV_NOPTS_VALUE || st->cur_dts < INT_MIN + RELATIVE_TS_BASE || + dts < INT_MIN + (st->cur_dts - RELATIVE_TS_BASE) || is_relative(dts)) return; @@ -1283,7 +1287,7 @@ presentation_delayed = 1; if (pkt->pts != AV_NOPTS_VALUE && pkt->dts != AV_NOPTS_VALUE && - st->pts_wrap_bits < 63 && + st->pts_wrap_bits < 63 && pkt->dts > INT64_MIN + (1LL << (st->pts_wrap_bits - 1)) && pkt->dts - (1LL << (st->pts_wrap_bits - 1)) > pkt->pts) { if (is_relative(st->cur_dts) || pkt->dts - (1LL<<(st->pts_wrap_bits - 1)) > st->cur_dts) { pkt->dts -= 1LL << st->pts_wrap_bits; @@ -4745,8 +4749,11 @@ if (c == '%') { do { nd = 0; - while (av_isdigit(*p)) + while (av_isdigit(*p)) { + if (nd >= INT_MAX / 10 - 255) + goto fail; nd = nd * 10 + *p++ - '0'; + } c = *p++; } while (av_isdigit(c));
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/vividas.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/vividas.c
Changed
@@ -28,6 +28,7 @@ * @sa http://wiki.multimedia.cx/index.php?title=Vividas_VIV */ +#include "libavutil/avassert.h" #include "libavutil/intreadwrite.h" #include "avio_internal.h" #include "avformat.h" @@ -293,6 +294,8 @@ for (i=0;i<val_1;i++) { int c = avio_r8(pb); + if (avio_feof(pb)) + return AVERROR_EOF; for (j=0;j<c;j++) { if (avio_feof(pb)) return AVERROR_EOF; @@ -317,6 +320,8 @@ for (i = 0; i < num_video; i++) { AVStream *st = avformat_new_stream(s, NULL); + int num, den; + if (!st) return AVERROR(ENOMEM); @@ -329,8 +334,9 @@ off += ffio_read_varlen(pb); avio_r8(pb); // '3' avio_r8(pb); // val_7 - st->time_base.num = avio_rl32(pb); // frame_time - st->time_base.den = avio_rl32(pb); // time_base + num = avio_rl32(pb); // frame_time + den = avio_rl32(pb); // time_base + avpriv_set_pts_info(st, 64, num, den); st->nb_frames = avio_rl32(pb); // n frames st->codecpar->width = avio_rl16(pb); // width st->codecpar->height = avio_rl16(pb); // height @@ -367,6 +373,8 @@ avio_rl16(pb); //codec_subid st->codecpar->channels = avio_rl16(pb); // channels st->codecpar->sample_rate = avio_rl32(pb); // sample_rate + if (st->codecpar->sample_rate <= 0 || st->codecpar->channels <= 0) + return AVERROR_INVALIDDATA; avio_seek(pb, 10, SEEK_CUR); // data_1 q = avio_r8(pb); avio_seek(pb, q, SEEK_CUR); // data_2 @@ -374,7 +382,7 @@ if (avio_tell(pb) < off) { int num_data; - int xd_size = 0; + int xd_size = 1; int data_len256; int offset = 1; uint8_t *p; @@ -383,15 +391,15 @@ ffio_read_varlen(pb); // len_3 num_data = avio_r8(pb); for (j = 0; j < num_data; j++) { - uint64_t len = ffio_read_varlen(pb); - if (len > INT_MAX/2 - xd_size) { + int64_t len = ffio_read_varlen(pb); + if (len < 0 || len > INT_MAX/2 - xd_size) { return AVERROR_INVALIDDATA; } data_lenj = len; - xd_size += len; + xd_size += len + 1 + len/255; } - ret = ff_alloc_extradata(st->codecpar, 64 + xd_size + xd_size / 255); + ret = ff_alloc_extradata(st->codecpar, xd_size); if (ret < 0) return ret; @@ -400,9 +408,7 @@ for (j = 0; j < num_data - 1; j++) { unsigned delta = av_xiphlacing(&poffset, data_lenj); - if (delta > data_lenj) { - return AVERROR_INVALIDDATA; - } + av_assert0(delta <= xd_size - offset); offset += delta; } @@ -413,6 +419,7 @@ av_freep(&st->codecpar->extradata); break; } + av_assert0(data_lenj <= xd_size - offset); offset += data_lenj; } @@ -666,6 +673,10 @@ if (!pb) return AVERROR(EIO); off = avio_tell(pb); + + if (viv->current_sb_entry >= viv->n_sb_entries) + return AVERROR_INVALIDDATA; + off += viv->sb_entriesviv->current_sb_entry.size; if (viv->sb_entriesviv->current_sb_entry.flag == 0) { @@ -675,7 +686,7 @@ return AVERROR_INVALIDDATA; ffio_read_varlen(pb); - if (v_size > INT_MAX) + if (v_size > INT_MAX || !v_size) return AVERROR_INVALIDDATA; ret = av_get_packet(pb, pkt, v_size); if (ret < 0) @@ -704,7 +715,7 @@ } else { uint64_t v_size = ffio_read_varlen(pb); - if (v_size > INT_MAX) + if (v_size > INT_MAX || !v_size) return AVERROR_INVALIDDATA; ret = av_get_packet(pb, pkt, v_size); if (ret < 0)
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/vqf.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/vqf.c
Changed
@@ -132,6 +132,9 @@ switch(chunk_tag){ case MKTAG('C','O','M','M'): + if (len < 12) + return AVERROR_INVALIDDATA; + avio_read(s->pb, comm_chunk, 12); st->codecpar->channels = AV_RB32(comm_chunk ) + 1; read_bitrate = AV_RB32(comm_chunk + 4);
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/wavdec.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/wavdec.c
Changed
@@ -69,7 +69,7 @@ int ret = ffio_ensure_seekback(s->pb, len); if (ret >= 0) { - uint8_t *buf = av_malloc(len); + uint8_t *buf = av_malloc(len + AV_INPUT_BUFFER_PADDING_SIZE); if (!buf) { ret = AVERROR(ENOMEM); } else { @@ -589,7 +589,8 @@ } else if (st->codecpar->codec_id == AV_CODEC_ID_XMA1 || st->codecpar->codec_id == AV_CODEC_ID_XMA2) { st->codecpar->block_align = 2048; - } else if (st->codecpar->codec_id == AV_CODEC_ID_ADPCM_MS && st->codecpar->channels > 2) { + } else if (st->codecpar->codec_id == AV_CODEC_ID_ADPCM_MS && st->codecpar->channels > 2 && + st->codecpar->block_align < INT_MAX / st->codecpar->channels) { st->codecpar->block_align *= st->codecpar->channels; } @@ -613,7 +614,7 @@ while (!avio_feof(pb)) { avio_read(pb, guid, 16); size = avio_rl64(pb); - if (size <= 24) + if (size <= 24 || size > INT64_MAX - 8) return AVERROR_INVALIDDATA; if (!memcmp(guid, guid1, 16)) return size; @@ -850,6 +851,7 @@ } else if (!memcmp(guid, ff_w64_guid_summarylist, 16)) { int64_t start, end, cur; uint32_t count, chunk_size, i; + int64_t filesize = avio_size(s->pb); start = avio_tell(pb); end = start + FFALIGN(size, INT64_C(8)) - 24; @@ -864,7 +866,7 @@ chunk_key4 = 0; avio_read(pb, chunk_key, 4); chunk_size = avio_rl32(pb); - if (chunk_size == UINT32_MAX) + if (chunk_size == UINT32_MAX || (filesize >= 0 && chunk_size > filesize)) return AVERROR_INVALIDDATA; value = av_mallocz(chunk_size + 1); @@ -872,6 +874,10 @@ return AVERROR(ENOMEM); ret = avio_get_str16le(pb, chunk_size, value, chunk_size); + if (ret < 0) { + av_free(value); + return ret; + } avio_skip(pb, chunk_size - ret); av_dict_set(&s->metadata, chunk_key, value, AV_DICT_DONT_STRDUP_VAL);
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/wc3movie.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/wc3movie.c
Changed
@@ -73,6 +73,16 @@ } Wc3DemuxContext; +static int wc3_read_close(AVFormatContext *s) +{ + Wc3DemuxContext *wc3 = s->priv_data; + + if (wc3->vpkt.size > 0) + av_packet_unref(&wc3->vpkt); + + return 0; +} + static int wc3_probe(const AVProbeData *p) { if (p->buf_size < 12) @@ -129,10 +139,14 @@ /* load up the name */ buffer = av_malloc(size+1); if (!buffer) - return AVERROR(ENOMEM); + if (!buffer) { + ret = AVERROR(ENOMEM); + goto fail; + } if ((ret = avio_read(pb, buffer, size)) != size) { av_freep(&buffer); - return AVERROR(EIO); + ret = AVERROR(EIO); + goto fail; } buffersize = 0; av_dict_set(&s->metadata, "title", buffer, @@ -154,21 +168,26 @@ default: av_log(s, AV_LOG_ERROR, "unrecognized WC3 chunk: %s\n", av_fourcc2str(fourcc_tag)); - return AVERROR_INVALIDDATA; + ret = AVERROR_INVALIDDATA; + goto fail; } fourcc_tag = avio_rl32(pb); /* chunk sizes are 16-bit aligned */ size = (avio_rb32(pb) + 1) & (~1); - if (avio_feof(pb)) - return AVERROR(EIO); + if (avio_feof(pb)) { + ret = AVERROR(EIO); + goto fail; + } } while (fourcc_tag != BRCH_TAG); /* initialize the decoder streams */ st = avformat_new_stream(s, NULL); - if (!st) - return AVERROR(ENOMEM); + if (!st) { + ret = AVERROR(ENOMEM); + goto fail; + } avpriv_set_pts_info(st, 33, 1, WC3_FRAME_FPS); wc3->video_stream_index = st->index; st->codecpar->codec_type = AVMEDIA_TYPE_VIDEO; @@ -178,8 +197,10 @@ st->codecpar->height = wc3->height; st = avformat_new_stream(s, NULL); - if (!st) - return AVERROR(ENOMEM); + if (!st) { + ret = AVERROR(ENOMEM); + goto fail; + } avpriv_set_pts_info(st, 33, 1, WC3_FRAME_FPS); wc3->audio_stream_index = st->index; st->codecpar->codec_type = AVMEDIA_TYPE_AUDIO; @@ -194,6 +215,9 @@ st->codecpar->block_align = WC3_AUDIO_BITS * WC3_AUDIO_CHANNELS; return 0; +fail: + wc3_read_close(s); + return ret; } static int wc3_read_packet(AVFormatContext *s, @@ -286,16 +310,6 @@ return ret; } -static int wc3_read_close(AVFormatContext *s) -{ - Wc3DemuxContext *wc3 = s->priv_data; - - if (wc3->vpkt.size > 0) - av_packet_unref(&wc3->vpkt); - - return 0; -} - AVInputFormat ff_wc3_demuxer = { .name = "wc3movie", .long_name = NULL_IF_CONFIG_SMALL("Wing Commander III movie"),
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/wtvdec.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/wtvdec.c
Changed
@@ -273,6 +273,11 @@ "bad filename length, remaining directory entries ignored\n"); break; } + if (dir_length == 0) { + av_log(s, AV_LOG_ERROR, + "bad dir length, remaining directory entries ignored\n"); + break; + } if (48 + (int64_t)name_size > buf_end - buf) { av_log(s, AV_LOG_ERROR, "filename exceeds buffer size; remaining directory entries ignored\n"); break; @@ -789,7 +794,7 @@ ff_get_guid(pb, &g); len = avio_rl32(pb); - if (len < 32) { + if (len < 32 || len > INT_MAX - 7) { int ret; if (avio_feof(pb)) return AVERROR_EOF;
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/wvdec.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/wvdec.c
Changed
@@ -79,8 +79,9 @@ { WVContext *wc = ctx->priv_data; int ret; - int rate, rate_x, bpp, chan; + int rate, bpp, chan; uint32_t chmask, flags; + unsigned rate_x; wc->pos = avio_tell(pb); @@ -192,7 +193,7 @@ if (id & 0x40) avio_skip(pb, 1); } - if (rate == -1) { + if (rate == -1 || rate * (uint64_t)rate_x >= INT_MAX) { av_log(ctx, AV_LOG_ERROR, "Cannot determine custom sampling rate\n"); return AVERROR_INVALIDDATA;
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavformat/xwma.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavformat/xwma.c
Changed
@@ -211,6 +211,10 @@ } for (i = 0; i < dpds_table_size; ++i) { + if (avio_feof(pb)) { + ret = AVERROR_INVALIDDATA; + goto fail; + } dpds_tablei = avio_rl32(pb); size -= 4; }
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavutil/eval.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavutil/eval.c
Changed
@@ -306,7 +306,7 @@ double d = eval_expr(p, e->param0); double d2 = eval_expr(p, e->param1); switch (e->type) { - case e_mod: return e->value * (d - floor((!CONFIG_FTRAPV || d2) ? d / d2 : d * INFINITY) * d2); + case e_mod: return e->value * (d - floor(d2 ? d / d2 : d * INFINITY) * d2); case e_gcd: return e->value * av_gcd(d,d2); case e_max: return e->value * (d > d2 ? d : d2); case e_min: return e->value * (d < d2 ? d : d2);
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavutil/fixed_dsp.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavutil/fixed_dsp.c
Changed
@@ -134,9 +134,10 @@ return (int)(p >> 31); } -static void butterflies_fixed_c(int *v1, int *v2, int len) +static void butterflies_fixed_c(int *v1s, int *v2, int len) { int i; + unsigned int *v1 = v1s; for (i = 0; i < len; i++){ int t = v1i - v2i;
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavutil/mathematics.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavutil/mathematics.c
Changed
@@ -210,6 +210,6 @@ if (old == INT64_MAX || old == AV_NOPTS_VALUE || old_ts == AV_NOPTS_VALUE) return ts; - return av_rescale_q(old + 1, inc_tb, ts_tb) + (ts - old_ts); + return av_sat_add64(av_rescale_q(old + 1, inc_tb, ts_tb), ts - old_ts); } }
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavutil/timecode.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavutil/timecode.c
Changed
@@ -49,7 +49,7 @@ d = framenum / frames_per_10mins; m = framenum % frames_per_10mins; - return framenum + 9 * drop_frames * d + drop_frames * ((m - drop_frames) / (frames_per_10mins / 10)); + return framenum + 9U * drop_frames * d + drop_frames * ((m - drop_frames) / (frames_per_10mins / 10)); } uint32_t av_timecode_get_smpte_from_framenum(const AVTimecode *tc, int framenum)
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libavutil/x86/x86inc.asm -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libavutil/x86/x86inc.asm
Changed
@@ -411,16 +411,6 @@ %endif %endmacro -%macro DEFINE_ARGS_INTERNAL 3+ - %ifnum %2 - DEFINE_ARGS %3 - %elif %1 == 4 - DEFINE_ARGS %2 - %elif %1 > 4 - DEFINE_ARGS %2, %3 - %endif -%endmacro - %if WIN64 ; Windows x64 ;================================================= DECLARE_REG 0, rcx @@ -439,7 +429,7 @@ DECLARE_REG 13, R12, 112 DECLARE_REG 14, R13, 120 -%macro PROLOGUE 2-5+ 0 ; #args, #regs, #xmm_regs, stack_size, arg_names... +%macro PROLOGUE 2-5+ 0, 0 ; #args, #regs, #xmm_regs, stack_size, arg_names... %assign num_args %1 %assign regs_used %2 ASSERT regs_used >= num_args @@ -451,7 +441,15 @@ WIN64_SPILL_XMM %3 %endif LOAD_IF_USED 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14 - DEFINE_ARGS_INTERNAL %0, %4, %5 + %if %0 > 4 + %ifnum %4 + DEFINE_ARGS %5 + %else + DEFINE_ARGS %4, %5 + %endif + %elifnnum %4 + DEFINE_ARGS %4 + %endif %endmacro %macro WIN64_PUSH_XMM 0 @@ -547,7 +545,7 @@ DECLARE_REG 13, R12, 64 DECLARE_REG 14, R13, 72 -%macro PROLOGUE 2-5+ 0 ; #args, #regs, #xmm_regs, stack_size, arg_names... +%macro PROLOGUE 2-5+ 0, 0 ; #args, #regs, #xmm_regs, stack_size, arg_names... %assign num_args %1 %assign regs_used %2 %assign xmm_regs_used %3 @@ -557,7 +555,15 @@ PUSH_IF_USED 9, 10, 11, 12, 13, 14 ALLOC_STACK %4 LOAD_IF_USED 6, 7, 8, 9, 10, 11, 12, 13, 14 - DEFINE_ARGS_INTERNAL %0, %4, %5 + %if %0 > 4 + %ifnum %4 + DEFINE_ARGS %5 + %else + DEFINE_ARGS %4, %5 + %endif + %elifnnum %4 + DEFINE_ARGS %4 + %endif %endmacro %define has_epilogue regs_used > 9 || stack_size > 0 || vzeroupper_required @@ -598,7 +604,7 @@ DECLARE_ARG 7, 8, 9, 10, 11, 12, 13, 14 -%macro PROLOGUE 2-5+ ; #args, #regs, #xmm_regs, stack_size, arg_names... +%macro PROLOGUE 2-5+ 0, 0 ; #args, #regs, #xmm_regs, stack_size, arg_names... %assign num_args %1 %assign regs_used %2 ASSERT regs_used >= num_args @@ -613,7 +619,15 @@ PUSH_IF_USED 3, 4, 5, 6 ALLOC_STACK %4 LOAD_IF_USED 0, 1, 2, 3, 4, 5, 6 - DEFINE_ARGS_INTERNAL %0, %4, %5 + %if %0 > 4 + %ifnum %4 + DEFINE_ARGS %5 + %else + DEFINE_ARGS %4, %5 + %endif + %elifnnum %4 + DEFINE_ARGS %4 + %endif %endmacro %define has_epilogue regs_used > 3 || stack_size > 0 || vzeroupper_required
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/libswscale/x86/yuv_2_rgb.asm -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/libswscale/x86/yuv_2_rgb.asm
Changed
@@ -268,9 +268,9 @@ por m2, m7 por m1, m6 ; g5 b5 r6 g6 b6 r7 g7 b7 r8 g8 b8 r9 g9 b9 r10 g10 por m2, m3 ; b10 r11 g11 b11 r12 g12 b12 r13 g13 b13 r14 g14 b14 r15 g15 b15 - mova imageq, m0 - mova imageq + 16, m1 - mova imageq + 32, m2 + movu imageq, m0 + movu imageq + 16, m1 + movu imageq + 32, m2 %endif ; mmsize = 16 %else ; PACK RGB15/16/32 packuswb m0, m1 @@ -286,7 +286,7 @@ %ifidn %1, yuv pcmpeqd m3, m3 ; Set alpha empty %else - mova m3, pa_2indexq + 2 * indexq ; Load alpha + movu m3, pa_2indexq + 2 * indexq ; Load alpha %endif mova m5, m_blue mova m6, m_red @@ -300,10 +300,10 @@ punpckhwd m_green, m_red punpcklwd m5, m6 punpckhwd m_alpha, m6 - mova imageq + 0, m_blue - mova imageq + 8 * time_num, m_green - mova imageq + 16 * time_num, m5 - mova imageq + 24 * time_num, m_alpha + movu imageq + 0, m_blue + movu imageq + 8 * time_num, m_green + movu imageq + 16 * time_num, m5 + movu imageq + 24 * time_num, m_alpha %else ; PACK RGB15/16 %define depth 2 %if cpuflag(ssse3) @@ -342,8 +342,8 @@ mova m2, m0 punpcklbw m0, m1 punpckhbw m2, m1 - mova imageq, m0 - mova imageq + 8 * time_num, m2 + movu imageq, m0 + movu imageq + 8 * time_num, m2 %endif ; PACK RGB15/16 %endif ; PACK RGB15/16/32
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/tests/checkasm/vf_blend.c -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/tests/checkasm/vf_blend.c
Changed
@@ -99,7 +99,7 @@ #define check_and_report(name, val, depth) \ param.mode = val; \ - ff_blend_init(¶m, depth - 1); \ + ff_blend_init(¶m, depth * 8); \ if (check_func(param.blend, #name)) \ check_blend_func(depth);
View file
_service:download_files:4.3.1-Matrix-Beta1.tar.gz/tests/ref/fate/url -> _service:download_files:4.3.2-Matrix-19.2.tar.gz/tests/ref/fate/url
Changed
@@ -1,9 +1,62 @@ +Testing ff_url_decompose: + +http://user:pass@ffmpeg:8080/dir/file?query#fragment => + scheme: http: + authority: // + userinfo: user:pass@ + host: ffmpeg + port: :8080 + path: /dir/file + query: ?query + fragment: #fragment + +http://ffmpeg/dir/file => + scheme: http: + authority: // + host: ffmpeg + path: /dir/file + +file:///dev/null => + scheme: file: + authority: // + path: /dev/null + +file:/dev/null => + scheme: file: + path: /dev/null + +http://::1/dev/null => + scheme: http: + authority: // + host: ::1 + path: /dev/null + +http://::1:8080/dev/null => + scheme: http: + authority: // + host: ::1 + port: :8080 + path: /dev/null + +//ffmpeg/dev/null => + authority: // + host: ffmpeg + path: /dev/null + +test?url=http://server/path => + path: test + query: ?url=http://server/path + +dummy.mp4#t=0:02:00,121.5 => + path: dummy.mp4 + fragment: #t=0:02:00,121.5 + Testing ff_make_absolute_url: (null) baz => baz /foo/bar baz => /foo/baz - /foo/bar ../baz => /baz + /foo/bar ../baz => /foo/../baz /foo/bar /baz => /baz - /foo/bar ../../../baz => /baz + /foo/bar ../../../baz => /foo/../../../baz http://server/foo/ baz => http://server/foo/baz http://server/foo/bar baz => http://server/foo/baz http://server/foo/ ../baz => http://server/baz @@ -17,6 +70,56 @@ http://server/foo/bar /../../../../../other/url => http://server/other/url http://server/foo/bar /test/../../../../../other/url => http://server/other/url http://server/foo/bar /test/../../test/../../../other/url => http://server/other/url + http://server/foo/bar file:../baz/qux => file:../baz/qux + http://server/foo//bar/ ../../ => http://server/foo/ + file:../tmp/foo ../bar/ => file:../tmp/../bar/ + file:../tmp/foo file:../bar/ => file:../bar/ + http://server/foo/bar ./ => http://server/foo/ + http://server/foo/bar .dotfile => http://server/foo/.dotfile + http://server/foo/bar ..doubledotfile => http://server/foo/..doubledotfile + http://server/foo/bar double..dotfile => http://server/foo/double..dotfile + http://server/foo/bar doubledotfile.. => http://server/foo/doubledotfile.. + http://a/b/c/d;p?q g:h => g:h + http://a/b/c/d;p?q g => http://a/b/c/g + http://a/b/c/d;p?q ./g => http://a/b/c/g + http://a/b/c/d;p?q g/ => http://a/b/c/g/ + http://a/b/c/d;p?q /g => http://a/g + http://a/b/c/d;p?q //g => http://g + http://a/b/c/d;p?q ?y => http://a/b/c/d;p?y + http://a/b/c/d;p?q g?y => http://a/b/c/g?y + http://a/b/c/d;p?q #s => http://a/b/c/d;p?q#s + http://a/b/c/d;p?q g#s => http://a/b/c/g#s + http://a/b/c/d;p?q g?y#s => http://a/b/c/g?y#s + http://a/b/c/d;p?q ;x => http://a/b/c/;x + http://a/b/c/d;p?q g;x => http://a/b/c/g;x + http://a/b/c/d;p?q g;x?y#s => http://a/b/c/g;x?y#s + http://a/b/c/d;p?q => http://a/b/c/d;p?q + http://a/b/c/d;p?q . => http://a/b/c/ + http://a/b/c/d;p?q ./ => http://a/b/c/ + http://a/b/c/d;p?q .. => http://a/b/ + http://a/b/c/d;p?q ../ => http://a/b/ + http://a/b/c/d;p?q ../g => http://a/b/g + http://a/b/c/d;p?q ../.. => http://a/ + http://a/b/c/d;p?q ../../ => http://a/ + http://a/b/c/d;p?q ../../g => http://a/g + http://a/b/c/d;p?q ../../../g => http://a/g + http://a/b/c/d;p?q ../../../../g => http://a/g + http://a/b/c/d;p?q /./g => http://a/g + http://a/b/c/d;p?q /../g => http://a/g + http://a/b/c/d;p?q g. => http://a/b/c/g. + http://a/b/c/d;p?q .g => http://a/b/c/.g + http://a/b/c/d;p?q g.. => http://a/b/c/g.. + http://a/b/c/d;p?q ..g => http://a/b/c/..g + http://a/b/c/d;p?q ./../g => http://a/b/g + http://a/b/c/d;p?q ./g/. => http://a/b/c/g/ + http://a/b/c/d;p?q g/./h => http://a/b/c/g/h + http://a/b/c/d;p?q g/../h => http://a/b/c/h + http://a/b/c/d;p?q g;x=1/./y => http://a/b/c/g;x=1/y + http://a/b/c/d;p?q g;x=1/../y => http://a/b/c/y + http://a/b/c/d;p?q g?y/./x => http://a/b/c/g?y/./x + http://a/b/c/d;p?q g?y/../x => http://a/b/c/g?y/../x + http://a/b/c/d;p?q g#s/./x => http://a/b/c/g#s/./x + http://a/b/c/d;p?q g#s/../x => http://a/b/c/g#s/../x Testing av_url_split: /foo/bar => -1 /foo/bar
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.