GitList

Browse code

Merge branch 'release/0.8' into release/0.7

* release/0.8:
matroskadec: Fix a bug where a pointer was cached to an array that might later move due to a realloc()
vorbis: Avoid some out-of-bounds reads
vp3: fix oob read for negative tokens and memleaks on error. (cherry picked from commit 8370e426e42f2e4b9d14a1fb8107ecfe5163ce7f)
avserver: Fix a bug where the socket is IPv4, but IPv6 is autoselected for the loopback address.
vp3: fix streams with non-zero last coefficient
Update for 0.8.9
vp3: fix regression with mplayer-crash.ogv
h264: fix init of topleft ref/mv. Fixes Ticket778
Update for 0.8.8

Conflicts:
Doxyfile
RELEASE
VERSION

Merged-by: Michael Niedermayer <michaelni@gmx.at>

Michael Niedermayer authored on 2012/01/09 08:08:15
Showing 4 changed files

ffserver.c index 2aa778f..8f5c2ba 100644
libavcodec/vorbis.c index fc83029..731463d 100644
libavcodec/vp3.c index 2f07af8..648c464 100644
libavformat/matroskadec.c index ffc1898..7a57648 100644

ffserver.c

History View file @ c0cbf3a

@@ -518,6 +518,7 @@ static int socket_open_listen(struct sockaddr_in *my_addr)
                          tmp = 1;
                          setsockopt(server_fd, SOL_SOCKET, SO_REUSEADDR, &tmp, sizeof(tmp));
                     +    my_addr->sin_family = AF_INET;
                          if (bind (server_fd, (struct sockaddr *) my_addr, sizeof (*my_addr)) < 0) {
                              char bindmsg[32];
                              snprintf(bindmsg, sizeof(bindmsg), "bind(port %d)", ntohs(my_addr->sin_port));

libavcodec/vorbis.c

History View file @ c0cbf3a

@@ -150,7 +150,7 @@ void ff_vorbis_ready_floor1_list(vorbis_floor1_entry * list, int values)
+                         }
+                     }
                     -static inline void render_line_unrolled(intptr_t x, intptr_t y, int x1,
                     +static inline void render_line_unrolled(intptr_t x, uint8_t y, int x1,
                                                              intptr_t sy, int ady, int adx,
                                                              float *buf)
+                     {
@@ -173,7 +173,7 @@ static inline void render_line_unrolled(intptr_t x, intptr_t y, int x1,
+                         }
+                     }
                     -static void render_line(int x0, int y0, int x1, int y1, float *buf)
                     +static void render_line(int x0, uint8_t y0, int x1, int y1, float *buf)
+                     {
                          int dy  = y1 - y0;
                          int adx = x1 - x0;
@@ -183,10 +183,10 @@ static void render_line(int x0, int y0, int x1, int y1, float *buf)
                          if (ady*2 <= adx) { // optimized common case
                              render_line_unrolled(x0, y0, x1, sy, ady, adx, buf);
                          } else {
                     -        int base = dy / adx;
                     -        int x    = x0;
                     -        int y    = y0;
                     -        int err  = -adx;
                     +        int base  = dy / adx;
                     +        int x     = x0;
                     +        uint8_t y = y0;
                     +        int err   = -adx;
                              ady -= FFABS(base) * adx;
                              while (++x < x1) {
                                  y += base;
@@ -204,7 +204,8 @@ void ff_vorbis_floor1_render_list(vorbis_floor1_entry * list, int values,
                                                        uint16_t *y_list, int *flag,
                                                        int multiplier, float *out, int samples)
+                     {
                     -    int lx, ly, i;
                     +    int lx, i;
                     +    uint8_t ly;
                          lx = 0;
                          ly = y_list[0] * multiplier;
                          for (i = 1; i < values; i++) {

libavcodec/vp3.c

History View file @ c0cbf3a

@@ -1323,6 +1323,8 @@ static inline int vp3_dequant(Vp3DecodeContext *s, Vp3Fragment *frag,
                                  return i;
+                             }
                          } while (i < 64);
                     +    // return value is expected to be a valid level
                     +    i--;
                      end:
                          // the actual DC+prediction is in the fragment structure
                          block[0] = frag->dc * s->qmat[0][inter][plane][0];

libavformat/matroskadec.c

History View file @ c0cbf3a

@@ -1169,7 +1169,6 @@ static void matroska_convert_tags(AVFormatContext *s)
                      static void matroska_execute_seekhead(MatroskaDemuxContext *matroska)
+                     {
                          EbmlList *seekhead_list = &matroska->seekhead;
                     -    MatroskaSeekhead *seekhead = seekhead_list->elem;
                          uint32_t level_up = matroska->level_up;
                          int64_t before_pos = avio_tell(matroska->ctx->pb);
                          uint32_t saved_id = matroska->current_id;
@@ -1182,6 +1181,7 @@ static void matroska_execute_seekhead(MatroskaDemuxContext *matroska)
                              return;
                          for (i=0; i<seekhead_list->nb_elem; i++) {
                     +        MatroskaSeekhead *seekhead = seekhead_list->elem;
                              int64_t offset = seekhead[i].pos + matroska->segment_start;
                              if (seekhead[i].pos <= before_pos