ffmpeg

mirror of https://git.ffmpeg.org/ffmpeg.git synced 2026-02-17 13:00:24 +00:00

Author	SHA1	Message	Date
Michael Niedermayer	20de3b007b	avcodec/cabac: Check initial cabac decoder state Fixes integer overflows Fixes: 1430e9c43fae47a24c179c7c54f94918/signal_sigsegv_421427_2340_591e9810c7b09efe501ad84638c9e9f8.264 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Found-by: xiedingbao (Ticket4727) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8000d484b8`) Conflicts: libavcodec/cabac.h Conflicts: libavcodec/h264_cabac.c libavcodec/h264_slice.c	2015-12-06 12:40:50 +01:00
Michael Niedermayer	e8054a9595	avcodec/cabac_functions: Fix "left shift of negative value -31767" Fixes: 1430e9c43fae47a24c179c7c54f94918/signal_sigsegv_421427_2340_591e9810c7b09efe501ad84638c9e9f8.264 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Found-by: xiedingbao (Ticket4727) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a1f6b05f52`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-12-06 12:40:50 +01:00
Michael Niedermayer	e9ec9be146	avcodec/h264_slice: Limit max_contexts when slice_context_count is initialized Fixes out of array access Fixes: 1430e9c43fae47a24c179c7c54f94918/signal_sigsegv_421427_2049_f2192b6829ab6e0eefcb035329c03c60.264 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4ea4d2f438`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-12-06 12:40:50 +01:00
Michael Niedermayer	ee5ba259d1	avcodec/vp8: Do not use num_coeff_partitions in thread/buffer setup The variable is not a constant and can lead to race conditions Fixes: repro.webm (not reproducable with FFmpeg alone) Found-by: Dale Curtis <dalecurtis@google.com> Tested-by: Dale Curtis <dalecurtis@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `dabea74d0e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-12-06 12:40:50 +01:00
Michael Niedermayer	f1058efc81	avcodec/jpeg2000dec: Fix potential integer overflow with tile dimensions Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `65d3359fb3`) Conflicts: libavcodec/jpeg2000dec.c	2015-12-06 12:40:50 +01:00
Michael Niedermayer	50870dd3de	avcodec/jpeg2000dec: Check SIZ dimensions to be within the supported range Fixes potential integer overflows Fixes: 03e0abe721b1174856d41a1eb5d6a896/signal_sigabrt_7ffff6ae7cc9_3813_e71bf3541abed3ccba031cd5ba0269a4.avi This fix is choosen to be simple to backport, better solution for master is planed Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `6ef819c40b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-12-06 12:40:50 +01:00
Michael Niedermayer	9aa4b9c2a3	avcodec/jpeg2000: Check comp coords to be within the supported size Fixes assertion failure Fixes: 03e0abe721b1174856d41a1eb5d6a896/signal_sigabrt_7ffff6ae7cc9_3813_e71bf3541abed3ccba031cd5ba0269a4.avi This fix is choosen to be simple to backport, better solution for master is planed Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a1a8cbcb35`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-12-06 12:40:50 +01:00
Michael Niedermayer	aa780a5271	avcodec/jpeg2000: Use av_image_check_size() in ff_jpeg2000_init_component() Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `016fd413f9`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-12-06 12:40:50 +01:00
Michael Niedermayer	dccb80dd50	avcodec/wmaprodec: Check for overread in decode_packet() Fixes assertion failure Fixes: 0256e92df2df7e933b43a2c70e4c8040/signal_sigabrt_7ffff6ae7cc9_1358_999ac18684788221490757582ce9af84.wma Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7ad698e24e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-12-06 12:40:50 +01:00
Michael Niedermayer	3449b47dc5	avcodec/smacker: Check that the data size is a multiple of a sample vector Fixes out of array access Fixes: ce19e41f0ef1e52a23edc488faecdb58/asan_heap-oob_2504e97_4202_ffa0df1baed14022b9bfd4f8ac23d0cb.smk Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4a9af07a49`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-12-06 12:40:50 +01:00
Michael Niedermayer	9356635e76	avcodec/takdec: Skip last p2 sample (which is unused) Fixes out of array read Fixes: cb3f38b08b4541523974667c7d1eee9e/asan_heap-oob_2659e18_9838_021fd5cd635bf76cede6398cd9ecbcdd.tak Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `08b520636e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-12-06 12:40:49 +01:00
Michael Niedermayer	6ba69f60ec	avcodec/dxtory: Fix input size check in dxtory_decode_v1_410() Fixes potential out of array read Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `76b6f4b7d9`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-12-06 12:40:49 +01:00
Michael Niedermayer	0814b140b1	avcodec/dxtory: Fix input size check in dxtory_decode_v1_420() Fixes out of array read Fixes: c50c4aa6cefda71b19a31ea12302980c/asan_heap-oob_12be5fd_7011_33ebd015a74976215934add72b9c8352.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9caa9414cc`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-12-06 12:40:49 +01:00
Michael Niedermayer	3879202d68	avcodec/error_resilience: avoid accessing previous or next frames tables beyond height The height of tables can be rounded up for MBAFF but this does not imply that is also true for the previous frames Fixes out of array reads Fixes: c106b36fa36db8ff8f3ed0c82be7bea2/asan_heap-oob_32699f0_6321_467b9a1d7e03d7cfd310b7e65dc53bcc.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a105f52855`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-12-06 12:40:49 +01:00
Michael Niedermayer	99e080ec38	avcodec/dpx: Move need_align to act per line Fixes out of array read Fixes: 61cf123c081ee2bb774d307c75bdb99e/asan_heap-oob_1224f76_5546_bee833ffae73f752b489b9eeaac52db7.dpx Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c8aaae8e0f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-12-06 12:40:49 +01:00
Michael Niedermayer	52d332b044	avcodec/flashsv: Check size before updating it Fixes out of array read Fixes: 3c857d4d90365731524716e6d051e43a/signal_sigsegv_7f4f59bcc29e_1386_20abd2c8e655cb9c75b24368e65fe3b1.flv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `17705f5d4f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-12-06 12:40:49 +01:00
Michael Niedermayer	f68ff799eb	avcodec/ivi: Check image dimensions Fixes integer overflow Fixes: 1e32c6c591d940337c20b197ec1c4d3d/asan_heap-oob_4a52e5_8946_0bb0d9e863def56005e49f1d89bdc94d.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `df91aa034b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-12-06 12:40:49 +01:00
Michael Niedermayer	00dc345a83	avcodec/utils: Better check for channels in av_get_audio_frame_duration() Fixes integer overflow Fixes: 0c2625f236ced104d402b4a03c0d65c7/asan_generic_274e1ce_5990_9314e7a67c26aecf011b178ade9f217c.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4e16ad2868`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-12-06 12:40:49 +01:00
Michael Niedermayer	ac302efb91	avcodec/jpeg2000dec: Check for duplicate SIZ marker Fixes: 0231a17345734228011c6f35a64e4594/asan_heap-oob_1d92a72_3218_1213809a9e3affec77e4c191fdfdc0a9.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `44a7f17d0b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-12-06 12:40:49 +01:00
Michael Niedermayer	d73a8ae70f	avcodec/jpeg2000dec: Clip all tile coordinates Fixes out of array access Fixes: b877a6b788a25c70e8b1d014f8628549/asan_heap-oob_1da2c3f_2324_5a1b329b0b3c4bb6b1d775660ac56717.r3d Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `43492ff3ab`) Conflicts: libavcodec/jpeg2000dec.c	2015-12-06 12:40:49 +01:00
Michael Niedermayer	c15f5068ca	avcodec/microdvddec: Check for string end in 'P' case Fixes out of array read Fixes: a9502b60f4cecc19475382aee255f73c/asan_heap-oob_1e87fba_2548_a8ad47f6dde36644fe9cdc444d4632d0.sub Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c719cd6cf7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-12-06 12:40:49 +01:00
Michael Niedermayer	7ce70e6914	avcodec/dirac_parser: Fix undefined memcpy() use Fixes: 9d375e415486edd1a0c826f2307d89a4/asan_generic_4a5159_1577_faa333e83dacdd9e4dd322380aeed537.iss Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `daefd8ab2f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-12-06 12:40:49 +01:00
Michael Niedermayer	fe191124a9	avcodec/ffv1dec: Check for 0 quant tables Fixes assertion failure Fixes: 07ec1fc3c1cbf2d3edcd7d9b52ca156c/asan_heap-oob_13624c5_491_ecd4720a03e697ba750b235690656c8f.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `5745cf799a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-12-06 12:40:49 +01:00
Michael Niedermayer	5d9bee34f9	avcodec/mjpegdec: Reinitialize IDCT on BPP changes Fixes misaligned access Fixes: dc9262a469f6f315f74c087a7b3a7f35/signal_sigsegv_2e95bcd_9_9c0f9f4a9ba82aa9b3ab2b91ce4d5277.jpg Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `cc35f6f476`) Conflicts: libavcodec/mjpegdec.c (cherry picked from commit f82c4777ee7a319fe2aa36f413a61943313b4abc)	2015-12-06 12:40:49 +01:00
Michael Niedermayer	2f89546333	avcodec/mjpegdec: Check index in ljpeg_decode_yuv_scan() before using it Fixes: 04715144ba237443010554be0d05343f/asan_heap-oob_1eafc76_1737_c685b48041a563461839e4e7ab97abb8.jpg Fixes out of array access Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d24888ef19`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-12-06 12:40:49 +01:00
Michael Niedermayer	99dd039d74	avcodec/ffv1: Initialize vlc_state on allocation This ensures that they are always set to valid values Fixes Ticket4939 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a878dfa4f5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-12-06 12:40:49 +01:00
Michael Niedermayer	f0db50a57f	avcodec/ffv1dec: update progress in case of broken pointer chains Fixes deadlock Fixes Ticket4932 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `5063a18f56`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-12-06 12:40:49 +01:00
Michael Niedermayer	a3753ba10d	avcodec/ffv1dec: Clear slice coordinates if they are invalid or slice header decoding fails for other reasons Fixes Ticket4931 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4c2d4e8700`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-12-06 12:40:49 +01:00
Michael Niedermayer	71fc26403f	avcodec/x86/sbrdsp: Fix using uninitialized upper 32bit of noise Fixes crash Fixes: flicker-1.scout3d21443372922.28.m4a Found-by: Dale Curtis <dalecurtis@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1b82b934a1`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-12-06 12:40:49 +01:00
Michael Niedermayer	a2a93b0a8f	avcodec/ffv1dec: Fix off by 1 error in quant_table_count check Fixes: invalid_read.nut Found-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2d221d9e06`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-12-06 12:40:49 +01:00
Michael Niedermayer	ac19d8eb3a	avcodec/ffv1dec: Explicitly check read_quant_table() return value Forwards the error code, avoids potential integer overflow Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `10bbf6cf62`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-12-06 12:40:49 +01:00
Michael Niedermayer	b5b29b22c0	avcodec/rangecoder: Check e Fixes hang.nut Found-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b2955b6c5a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-12-06 12:40:49 +01:00
Michael Niedermayer	7cdd319b01	avcodec/mjpegdec: Fix decoding RGBA RCT LJPEG Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `055e56e9f7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-12-06 12:40:49 +01:00
Michael Niedermayer	873ee14b56	avcodec/g2meet: Also clear tile dimensions on header_fail Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `fb04666995`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-12-06 12:40:48 +01:00
Michael Niedermayer	47b6ea314d	avcodec/g2meet: Fix potential overflow in tile dimensions check Fixes CID1322351 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `71ec8e1ed6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-12-06 12:40:48 +01:00
Michael Niedermayer	45c30d84b6	avcodec/svq1dec: Check init_get_bits8() for failure Fixes: CID1322313 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a51d4246d8`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-12-06 12:40:48 +01:00
Michael Niedermayer	ec35bb729c	avcodec/tta: Check init_get_bits8() for failure Fixes: CID1322319 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f1593e4ca5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-12-06 12:40:48 +01:00
Michael Niedermayer	6f08086992	avcodec/truemotion1: Check for even width Fixes out of array access Fixes: 87196d8bbc633629fc9dd851fce73e70/asan_heap-oob_26f6853_862_cov_585961513_sonic3dblast_intro-partial.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `63fb5a6aef`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-12-06 12:40:48 +01:00
Michael Niedermayer	ab79e3d1a5	avcodec/libopusenc: Fix infinite loop on flushing after 0 input Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `6701c92fa4`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-12-06 12:40:48 +01:00
Andreas Cadhalpun	db13758b88	avcodec: avoid division by zero in avcodec_string Actually time_base should not be 0/0, but the proper fix is part of commit `7ea1b34`, which can't be backported, as it changes API. Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2015-11-26 01:38:18 +01:00
Andreas Cadhalpun	ae1156ef2a	mpegvideo: clear overread in clear_context Otherwise the h263p decoder can try to copy overread bytes, even though buffer is NULL. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `6a69a175e7`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2015-11-26 01:38:18 +01:00
Andreas Cadhalpun	aa464dc041	dvdsubdec: validate offset2 similar to offset1 If it is negative, it causes segmentation faults in decode_rle. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `f621749d11`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2015-11-26 01:38:18 +01:00
Michael Niedermayer	372ded7f69	avcodec/takdec: Use memove, avoid undefined memcpy() use Fixes: e214333cbd94c91228e624ff39329ce6/asan_generic_4a5159_6412_96cda2530e80607210ab41ccae3d456d.tak Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7cea3430a5`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2015-11-26 01:38:17 +01:00
Michael Niedermayer	2ccab79595	avcodec/mpeg12dec: Do not call show_bits() with invalid bits Fixes assertion failure Fixes: 63e50545709a6440d3d59f6426d58db9/signal_sigabrt_7ffff6ae7cc9_8189_3272a3010fd98ddf947c662bbde1ac13.ts Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `973c3dba27`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2015-11-26 01:38:17 +01:00
Kieran Kunhya	458b1fda34	opusdec: Don't run vector_fmul_scalar on zero length arrays Fixes crashes on fuzzed files Fixes Ticket4969 part2 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b3e5f15b95`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2015-11-26 01:38:17 +01:00
Michael Niedermayer	5ed5acb910	avcodec/opusdec: Fix extra samples read index Fixes crash Fixes Ticket4969 part 1 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `07225fa74f`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2015-11-26 01:38:17 +01:00
Andreas Cadhalpun	ba944121e2	imc: use correct position for flcoeffs2 calculation flcoeffs2[pos] should be the log2 of flcoeffs1[pos]. flcoeffs1[0] can be 0 here, thus flcoeffs2[pos] gets set to -inf, causing problems further down. This seems to have been copied from imc_decode_level_coefficients in commit `4eb4bb3` without updating the position. Reviewed-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `75fd5ce4c1`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2015-11-26 01:38:17 +01:00
Andreas Cadhalpun	6f024dfd53	snow: remove an obsolete av_assert2 It asserts that the frame linesize is larger than 37, but it can be smaller and decoding such frames works. Before commit `cc884a35` src_stride > 7MB_SIZE was necessary, because the blocks were interleaved in the tmp buffer and the last block was added with an offset of 6MB_SIZE. It was changed for src_stride <= 7MB_SIZE to write the blocks sequentially, hence the larger tmp_step. After that the assert was only necessary to make sure that the buffer remained large enough. Since commit `bd2b6b33` s->scratchbuf is used as tmp buffer. As part of commit `86e107a7` the minimal scratchbuf size was increased to 2567MB_SIZE, which is enough for any src_stride <= 7MB_SIZE. Also add a comment explaining the tmp_step calculation. Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `3526a120f9`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2015-11-26 01:38:17 +01:00
Andreas Cadhalpun	910df0f871	wavpack: limit extra_bits to 32 and use get_bits_long More than 32 bits can't be stored in an integer and get_bits should not be used with more than 25 bits. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `d0eff8857c`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2015-11-26 01:38:17 +01:00
Andreas Cadhalpun	31ae0693d8	huffyuvdec: validate image size Reviewed-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `9a345802ed`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2015-11-26 01:38:17 +01:00

1 2 3 4 5 ...

30279 commits