Merge commit '0b6adcf76bda8994902f5b6d8e694b0b916ea210' into release/1.1
authorMichael Niedermayer <michaelni@gmx.at>
Tue, 27 Aug 2013 16:20:09 +0000 (18:20 +0200)
committerMichael Niedermayer <michaelni@gmx.at>
Tue, 27 Aug 2013 16:29:55 +0000 (18:29 +0200)
* commit '0b6adcf76bda8994902f5b6d8e694b0b916ea210':
  oma: refactor seek function
  xl: Make sure the width is valid
  8bps: Bound-check the input buffer
  4xm: Reject not a multiple of 16 dimension
  alsdec: Clean up error paths
  alsdec: Fix the clipping range
  dsicinav: Clip the source size to the expected maximum
  dsicinav: Bound-check the source buffer when needed
  dsicinav: K&R formatting cosmetics
  lavf: Make sure avg_frame_rate can be calculated without integer overflow
  mov: Do not allow updating the time scale after it has been set
  mov: Seek back if overreading an individual atom
  ac3dec: Don't consume more data than the actual input packet size
  indeo: Reject impossible FRAMETYPE_NULL
  indeo: Do not reference mismatched tiles

Conflicts:
libavcodec/4xm.c
libavcodec/8bps.c
libavcodec/alsdec.c
libavcodec/dsicinav.c
libavcodec/ivi_common.c
libavcodec/xl.c
libavformat/mov.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
1  2 
libavcodec/8bps.c
libavcodec/ac3dec.c
libavcodec/alsdec.c
libavcodec/dsicinav.c
libavcodec/ivi_common.c
libavformat/mov.c
libavformat/omadec.c
libavformat/utils.c

@@@ -64,8 -64,9 +64,8 @@@ static int decode_frame(AVCodecContext 
      unsigned char *pixptr, *pixptr_end;
      unsigned int height = avctx->height; // Real image height
      unsigned int dlen, p, row;
-     const unsigned char *lp, *dp;
+     const unsigned char *lp, *dp, *ep;
      unsigned char count;
 -    unsigned int px_inc;
      unsigned int planes     = c->planes;
      unsigned char *planemap = c->planemap;
  
                  if ((count = *dp++) <= 127) {
                      count++;
                      dlen -= count + 1;
 -                    if (pixptr + count * px_inc > pixptr_end)
 +                    if (pixptr + count * planes > pixptr_end)
                          break;
-                     if (dp + count > buf + buf_size)
+                     if (ep - dp < count)
                          return -1;
                      while (count--) {
                          *pixptr = *dp++;
Simple merge
@@@ -402,9 -393,9 +402,9 @@@ static av_cold int read_specific_config
      // initialize CRC calculation
      if (sconf->crc_enabled) {
          if (get_bits_left(&gb) < 32)
-             return -1;
+             return AVERROR_INVALIDDATA;
  
 -        if (avctx->err_recognition & AV_EF_CRCCHECK) {
 +        if (avctx->err_recognition & (AV_EF_CRCCHECK|AV_EF_CAREFUL)) {
              ctx->crc_table = av_crc_get_table(AV_CRC_32_IEEE_LE);
              ctx->crc       = 0xFFFFFFFF;
              ctx->crc_org   = ~get_bits_long(&gb, 32);
@@@ -983,14 -970,12 +983,13 @@@ static int read_block(ALSDecContext *ct
      *bd->shift_lsbs = 0;
      // read block type flag and read the samples accordingly
      if (get_bits1(gb)) {
-         if ((ret = read_var_block_data(ctx, bd)) < 0)
-             return ret;
+         ret = read_var_block_data(ctx, bd);
      } else {
 -        read_const_block_data(ctx, bd);
 +        if ((ret = read_const_block_data(ctx, bd)) < 0)
 +            return ret;
      }
  
-     return 0;
+     return ret;
  }
  
  
@@@ -1185,8 -1180,8 +1194,8 @@@ static int read_channel_data(ALSDecCont
          current->master_channel = get_bits_long(gb, av_ceil_log2(channels));
  
          if (current->master_channel >= channels) {
 -            av_log(ctx->avctx, AV_LOG_ERROR, "Invalid master channel!\n");
 +            av_log(ctx->avctx, AV_LOG_ERROR, "Invalid master channel.\n");
-             return -1;
+             return AVERROR_INVALIDDATA;
          }
  
          if (current->master_channel != c) {
      }
  
      if (entries == channels) {
 -        av_log(ctx->avctx, AV_LOG_ERROR, "Damaged channel data!\n");
 +        av_log(ctx->avctx, AV_LOG_ERROR, "Damaged channel data.\n");
-         return -1;
+         return AVERROR_INVALIDDATA;
      }
  
      align_get_bits(gb);
@@@ -1242,8 -1237,8 +1251,8 @@@ static int revert_channel_correlation(A
      }
  
      if (dep == channels) {
 -        av_log(ctx->avctx, AV_LOG_WARNING, "Invalid channel correlation!\n");
 +        av_log(ctx->avctx, AV_LOG_WARNING, "Invalid channel correlation.\n");
-         return -1;
+         return AVERROR_INVALIDDATA;
      }
  
      bd->const_block = ctx->const_block + c;
@@@ -1370,8 -1367,8 +1381,8 @@@ static int read_frame_data(ALSDecContex
  
          for (c = 0; c < avctx->channels; c++)
              if (ctx->chan_data[c] < ctx->chan_data_buffer) {
 -                av_log(ctx->avctx, AV_LOG_ERROR, "Invalid channel data!\n");
 +                av_log(ctx->avctx, AV_LOG_ERROR, "Invalid channel data.\n");
-                 return -1;
+                 return AVERROR_INVALIDDATA;
              }
  
          memset(reverted_channels, 0, sizeof(*reverted_channels) * avctx->channels);
@@@ -199,24 -186,23 +205,25 @@@ static int cin_decode_lzss(const unsign
      return 0;
  }
  
- static int cin_decode_rle(const unsigned char *src, int src_size, unsigned char *dst, int dst_size)
 -static void cin_decode_rle(const unsigned char *src, int src_size,
 -                           unsigned char *dst, int dst_size)
++static int cin_decode_rle(const unsigned char *src, int src_size,
++                          unsigned char *dst, int dst_size)
  {
      int len, code;
-     unsigned char *dst_end = dst + dst_size;
+     unsigned char *dst_end       = dst + dst_size;
      const unsigned char *src_end = src + src_size;
  
 -    while (src < src_end && dst < dst_end) {
 +    while (src + 1 < src_end && dst < dst_end) {
          code = *src++;
          if (code & 0x80) {
 -            if (src >= src_end)
 -                break;
              len = code - 0x7F;
              memset(dst, *src++, FFMIN(len, dst_end - dst));
          } else {
              len = code + 1;
-             memcpy(dst, src, FFMIN(len, dst_end - dst));
 +            if (len > src_end-src) {
 +                av_log(NULL, AV_LOG_ERROR, "RLE overread\n");
 +                return AVERROR_INVALIDDATA;
 +            }
+             memcpy(dst, src, FFMIN3(len, dst_end - dst, src_end - src));
              src += len;
          }
          dst += len;
@@@ -247,14 -233,14 +255,14 @@@ static int cinvideo_decode_frame(AVCode
          if (palette_colors_count > 256)
              return AVERROR_INVALIDDATA;
          for (i = 0; i < palette_colors_count; ++i) {
-             cin->palette[i] = 0xFFU << 24 | bytestream_get_le24(&buf);
 -            cin->palette[i]    = bytestream_get_le24(&buf);
++            cin->palette[i]    = 0xFFU << 24 | bytestream_get_le24(&buf);
              bitmap_frame_size -= 3;
          }
      } else {
          for (i = 0; i < palette_colors_count; ++i) {
-             cin->palette[buf[0]] = 0xFFU << 24 | AV_RL24(buf+1);
 -            cin->palette[buf[0]] = AV_RL24(buf + 1);
 -            buf                 += 4;
 -            bitmap_frame_size   -= 4;
++            cin->palette[buf[0]] = 0xFFU << 24 | AV_RL24(buf + 1);
 +            buf += 4;
 +            bitmap_frame_size -= 4;
          }
      }
  
          break;
      case 34:
          cin_decode_rle(buf, bitmap_frame_size,
-           cin->bitmap_table[CIN_CUR_BMP], cin->bitmap_size);
+                        cin->bitmap_table[CIN_CUR_BMP], cin->bitmap_size);
          cin_apply_delta_data(cin->bitmap_table[CIN_PRE_BMP],
-           cin->bitmap_table[CIN_CUR_BMP], cin->bitmap_size);
+                              cin->bitmap_table[CIN_CUR_BMP], cin->bitmap_size);
          break;
      case 35:
 -        cin_decode_huffman(buf, bitmap_frame_size,
 -                           cin->bitmap_table[CIN_INT_BMP], cin->bitmap_size);
 +        bitmap_frame_size = cin_decode_huffman(buf, bitmap_frame_size,
 +          cin->bitmap_table[CIN_INT_BMP], cin->bitmap_size);
          cin_decode_rle(cin->bitmap_table[CIN_INT_BMP], bitmap_frame_size,
-           cin->bitmap_table[CIN_CUR_BMP], cin->bitmap_size);
+                        cin->bitmap_table[CIN_CUR_BMP], cin->bitmap_size);
          break;
      case 36:
          bitmap_frame_size = cin_decode_huffman(buf, bitmap_frame_size,
      }
  
      cin->frame.buffer_hints = FF_BUFFER_HINTS_VALID | FF_BUFFER_HINTS_PRESERVE | FF_BUFFER_HINTS_REUSABLE;
-     if ((res = avctx->reget_buffer(avctx, &cin->frame))) {
+     if ((res = avctx->reget_buffer(avctx, &cin->frame)) < 0) {
 -        av_log(cin->avctx, AV_LOG_ERROR,
 -               "delphinecinvideo: reget_buffer() failed to allocate a frame\n");
 +        av_log(cin->avctx, AV_LOG_ERROR, "failed to allocate a frame\n");
          return res;
      }
  
@@@ -983,10 -953,15 +985,18 @@@ int ff_ivi_decode_frame(AVCodecContext 
                  }
              }
          }
 +        ctx->buf_invalid[ctx->dst_buf] = 0;
+     } else {
+         if (ctx->is_scalable)
+             return AVERROR_INVALIDDATA;
+         for (p = 0; p < 3; p++) {
+             if (!ctx->planes[p].bands[0].buf)
+                 return AVERROR_INVALIDDATA;
+         }
      }
 +    if (ctx->buf_invalid[ctx->dst_buf])
 +        return -1;
  
      //STOP_TIMER("decode_planes"); }
  
Simple merge
Simple merge
@@@ -2976,9 -2493,12 +2976,12 @@@ int avformat_find_stream_info(AVFormatC
                  int      best_fps = 0;
                  double best_error = 0.01;
  
 -                if (delta_dts     >= INT64_MAX / st->time_base.num ||
 -                    delta_packets >= INT64_MAX / st->time_base.den)
++                if (st->info->codec_info_duration        >= INT64_MAX / st->time_base.num / 2||
++                    st->info->codec_info_duration_fields >= INT64_MAX / st->time_base.den)
+                     continue;
                  av_reduce(&st->avg_frame_rate.num, &st->avg_frame_rate.den,
 -                          delta_packets*(int64_t)st->time_base.den,
 -                          delta_dts*(int64_t)st->time_base.num, 60000);
 +                          st->info->codec_info_duration_fields*(int64_t)st->time_base.den,
 +                          st->info->codec_info_duration*2*(int64_t)st->time_base.num, 60000);
  
                  /* round guessed framerate to a "standard" framerate if it's
                   * within 1% of the original estimate*/