Browse code
Merge remote-tracking branch 'qatar/master'
* qatar/master:
movenc: fix NULL reference in mov_write_tkhd_tag
rmdec: Reject invalid deinterleaving parameters
rv34: Fix potential overreads
rv34: Fix buffer size used for MC of B frames after a resolution change
rv34: Avoid NULL dereference on corrupted bitstream
rv10: Reject slices that does not have the same type as the first one
vf_yadif: add an option to enable/disable deinterlacing based on src frame "interlaced" flag
vsrc_color: set output pos values to -1
vsrc_color: add @file doxy
vsrc_buffer: remove duplicated file description
eval: implement not() expression
eval: add sqrt function for computing the square root
rmdec: use the deinterleaving mode and not the codec when creating audio packets.
lavf: Fix context pointer in av_open_input_stream when avformat_open_input fails
Conflicts:
doc/eval.texi
doc/filters.texi
libavcodec/rv10.c
libavfilter/vsrc_color.c
libavformat/rmdec.c
libavutil/avutil.h
libavutil/eval.c
tests/ref/fate/eval
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer authored on 2011/09/20 05:45:34Showing 5 changed files
| ... | ... |
@@ -548,8 +548,10 @@ static int rv10_decode_packet(AVCodecContext *avctx, |
| 548 | 548 |
return -1; |
| 549 | 549 |
ff_er_frame_start(s); |
| 550 | 550 |
} else {
|
| 551 |
- if (s->current_picture_ptr->f.pict_type != s->pict_type) |
|
| 551 |
+ if (s->current_picture_ptr->f.pict_type != s->pict_type) {
|
|
| 552 |
+ av_log(s->avctx, AV_LOG_ERROR, "Slice type mismatch\n"); |
|
| 552 | 553 |
return -1; |
| 554 |
+ } |
|
| 553 | 555 |
} |
| 554 | 556 |
|
| 555 | 557 |
|
| ... | ... |
@@ -1226,7 +1226,7 @@ static int mov_write_tkhd_tag(AVIOContext *pb, MOVTrack *track, AVStream *st) |
| 1226 | 1226 |
avio_wb32(pb, 0); /* reserved */ |
| 1227 | 1227 |
avio_wb32(pb, 0); /* reserved */ |
| 1228 | 1228 |
avio_wb16(pb, 0); /* layer */ |
| 1229 |
- avio_wb16(pb, st->codec->codec_type); /* alternate group) */ |
|
| 1229 |
+ avio_wb16(pb, st ? st->codec->codec_type : 0); /* alternate group) */ |
|
| 1230 | 1230 |
/* Volume, only for audio */ |
| 1231 | 1231 |
if(track->enc->codec_type == AVMEDIA_TYPE_AUDIO) |
| 1232 | 1232 |
avio_wb16(pb, 0x0100); |
| ... | ... |
@@ -194,18 +194,6 @@ static int rm_read_audio_stream_info(AVFormatContext *s, AVIOContext *pb, |
| 194 | 194 |
st->codec->codec_id = ff_codec_get_id(ff_rm_codec_tags, |
| 195 | 195 |
st->codec->codec_tag); |
| 196 | 196 |
|
| 197 |
- switch (ast->deint_id) {
|
|
| 198 |
- case DEINT_ID_GENR: |
|
| 199 |
- case DEINT_ID_INT0: |
|
| 200 |
- case DEINT_ID_INT4: |
|
| 201 |
- case DEINT_ID_SIPR: |
|
| 202 |
- case DEINT_ID_VBRS: |
|
| 203 |
- case DEINT_ID_VBRF: |
|
| 204 |
- break; |
|
| 205 |
- default: |
|
| 206 |
- av_log(NULL,0,"Unknown interleaver %X\n", ast->deint_id); |
|
| 207 |
- return AVERROR_INVALIDDATA; |
|
| 208 |
- } |
|
| 209 | 197 |
switch (st->codec->codec_id) {
|
| 210 | 198 |
case CODEC_ID_AC3: |
| 211 | 199 |
st->need_parsing = AVSTREAM_PARSE_FULL; |
| ... | ... |
@@ -214,14 +202,6 @@ static int rm_read_audio_stream_info(AVFormatContext *s, AVIOContext *pb, |
| 214 | 214 |
st->codec->extradata_size= 0; |
| 215 | 215 |
ast->audio_framesize = st->codec->block_align; |
| 216 | 216 |
st->codec->block_align = coded_framesize; |
| 217 |
- |
|
| 218 |
- if (ast->audio_framesize <= 0 || sub_packet_h <= 0 || |
|
| 219 |
- ast->audio_framesize >= UINT_MAX / sub_packet_h){
|
|
| 220 |
- av_log(s, AV_LOG_ERROR, "ast->audio_framesize * sub_packet_h is invalid\n"); |
|
| 221 |
- return -1; |
|
| 222 |
- } |
|
| 223 |
- |
|
| 224 |
- av_new_packet(&ast->pkt, ast->audio_framesize * sub_packet_h); |
|
| 225 | 217 |
break; |
| 226 | 218 |
case CODEC_ID_COOK: |
| 227 | 219 |
case CODEC_ID_ATRAC3: |
| ... | ... |
@@ -253,13 +233,6 @@ static int rm_read_audio_stream_info(AVFormatContext *s, AVIOContext *pb, |
| 253 | 253 |
if ((ret = rm_read_extradata(pb, st->codec, codecdata_length)) < 0) |
| 254 | 254 |
return ret; |
| 255 | 255 |
|
| 256 |
- if (ast->audio_framesize <= 0 || sub_packet_h <= 0 || |
|
| 257 |
- ast->audio_framesize >= UINT_MAX / sub_packet_h){
|
|
| 258 |
- av_log(s, AV_LOG_ERROR, "rm->audio_framesize * sub_packet_h is invalid\n"); |
|
| 259 |
- return -1; |
|
| 260 |
- } |
|
| 261 |
- |
|
| 262 |
- av_new_packet(&ast->pkt, ast->audio_framesize * sub_packet_h); |
|
| 263 | 256 |
break; |
| 264 | 257 |
case CODEC_ID_AAC: |
| 265 | 258 |
avio_rb16(pb); avio_r8(pb); |
| ... | ... |
@@ -279,6 +252,37 @@ static int rm_read_audio_stream_info(AVFormatContext *s, AVIOContext *pb, |
| 279 | 279 |
default: |
| 280 | 280 |
av_strlcpy(st->codec->codec_name, buf, sizeof(st->codec->codec_name)); |
| 281 | 281 |
} |
| 282 |
+ if (ast->deint_id == DEINT_ID_INT4 || |
|
| 283 |
+ ast->deint_id == DEINT_ID_GENR || |
|
| 284 |
+ ast->deint_id == DEINT_ID_SIPR) {
|
|
| 285 |
+ if (st->codec->block_align <= 0 || |
|
| 286 |
+ ast->audio_framesize * sub_packet_h > (unsigned)INT_MAX || |
|
| 287 |
+ ast->audio_framesize * sub_packet_h < st->codec->block_align) |
|
| 288 |
+ return AVERROR_INVALIDDATA; |
|
| 289 |
+ if (av_new_packet(&ast->pkt, ast->audio_framesize * sub_packet_h) < 0) |
|
| 290 |
+ return AVERROR(ENOMEM); |
|
| 291 |
+ } |
|
| 292 |
+ switch (ast->deint_id) {
|
|
| 293 |
+ case DEINT_ID_INT4: |
|
| 294 |
+ if (ast->coded_framesize > ast->audio_framesize || |
|
| 295 |
+ ast->coded_framesize * sub_packet_h > (2 + (sub_packet_h & 1)) * ast->audio_framesize) |
|
| 296 |
+ return AVERROR_INVALIDDATA; |
|
| 297 |
+ break; |
|
| 298 |
+ case DEINT_ID_GENR: |
|
| 299 |
+ if (ast->sub_packet_size <= 0 || |
|
| 300 |
+ ast->sub_packet_size > ast->audio_framesize) |
|
| 301 |
+ return AVERROR_INVALIDDATA; |
|
| 302 |
+ break; |
|
| 303 |
+ case DEINT_ID_SIPR: |
|
| 304 |
+ case DEINT_ID_INT0: |
|
| 305 |
+ case DEINT_ID_VBRS: |
|
| 306 |
+ case DEINT_ID_VBRF: |
|
| 307 |
+ break; |
|
| 308 |
+ default: |
|
| 309 |
+ av_log(NULL,0,"Unknown interleaver %X\n", ast->deint_id); |
|
| 310 |
+ return AVERROR_INVALIDDATA; |
|
| 311 |
+ } |
|
| 312 |
+ |
|
| 282 | 313 |
if (read_all) {
|
| 283 | 314 |
avio_r8(pb); |
| 284 | 315 |
avio_r8(pb); |
| ... | ... |
@@ -815,7 +819,8 @@ ff_rm_retrieve_cache (AVFormatContext *s, AVIOContext *pb, |
| 815 | 815 |
|
| 816 | 816 |
assert (rm->audio_pkt_cnt > 0); |
| 817 | 817 |
|
| 818 |
- if (st->codec->codec_id == CODEC_ID_AAC) |
|
| 818 |
+ if (ast->deint_id == DEINT_ID_VBRF || |
|
| 819 |
+ ast->deint_id == DEINT_ID_VBRS) |
|
| 819 | 820 |
av_get_packet(pb, pkt, ast->sub_packet_lengths[ast->sub_packet_cnt - rm->audio_pkt_cnt]); |
| 820 | 821 |
else {
|
| 821 | 822 |
av_new_packet(pkt, st->codec->block_align); |
| ... | ... |
@@ -476,8 +476,8 @@ int av_open_input_stream(AVFormatContext **ic_ptr, |
| 476 | 476 |
goto fail; |
| 477 | 477 |
ic->pb = ic->pb ? ic->pb : pb; // don't leak custom pb if it wasn't set above |
| 478 | 478 |
|
| 479 |
- *ic_ptr = ic; |
|
| 480 | 479 |
fail: |
| 480 |
+ *ic_ptr = ic; |
|
| 481 | 481 |
av_dict_free(&opts); |
| 482 | 482 |
return err; |
| 483 | 483 |
} |
| ... | ... |
@@ -41,7 +41,7 @@ |
| 41 | 41 |
|
| 42 | 42 |
#define LIBAVUTIL_VERSION_MAJOR 51 |
| 43 | 43 |
#define LIBAVUTIL_VERSION_MINOR 16 |
| 44 |
-#define LIBAVUTIL_VERSION_MICRO 0 |
|
| 44 |
+#define LIBAVUTIL_VERSION_MICRO 1 |
|
| 45 | 45 |
|
| 46 | 46 |
#define LIBAVUTIL_VERSION_INT AV_VERSION_INT(LIBAVUTIL_VERSION_MAJOR, \ |
| 47 | 47 |
LIBAVUTIL_VERSION_MINOR, \ |