Merge lp:~noskcaj/ubuntu/saucy/libav/merge0.8.7-1 into lp:ubuntu/saucy/libav
- Saucy (13.10)
- merge0.8.7-1
- Merge into saucy
Proposed by
Jackson Doak
Status: | Merged |
---|---|
Merge reported by: | Martin Pitt |
Merged at revision: | not available |
Proposed branch: | lp:~noskcaj/ubuntu/saucy/libav/merge0.8.7-1 |
Merge into: | lp:ubuntu/saucy/libav |
Diff against target: |
673 lines (+187/-63) 26 files modified
Changelog (+20/-0) RELEASE (+1/-1) VERSION (+1/-1) debian/changelog (+14/-0) debian/gbp.conf (+2/-0) debian/patches/01-Tweak-doxygen-config.patch (+5/-3) debian/patches/03-disable-configuration-warnings.patch (+5/-3) debian/patches/04-ffmpeg-warning-change.patch (+4/-2) debian/watch (+1/-1) libavcodec/aacdec.c (+2/-0) libavcodec/bmv.c (+1/-1) libavcodec/dfa.c (+2/-0) libavcodec/indeo3.c (+52/-24) libavcodec/proresdec.c (+2/-0) libavcodec/qdm2.c (+4/-0) libavcodec/rv10.c (+5/-0) libavfilter/avfiltergraph.c (+6/-1) libavfilter/graphparser.c (+2/-1) libavformat/id3v2.c (+3/-2) libavformat/oggparsevorbis.c (+1/-1) libavformat/oma.c (+1/-1) libavformat/oma.h (+1/-1) libavformat/omadec.c (+13/-4) libavformat/utils.c (+1/-0) libavformat/wav.c (+8/-2) libavformat/xmv.c (+30/-14) |
To merge this branch: | bzr merge lp:~noskcaj/ubuntu/saucy/libav/merge0.8.7-1 |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Martin Pitt | Approve | ||
Review via email: mp+174075@code.launchpad.net |
Commit message
Description of the change
Merged to latest debian unstable version
To post a comment you must log in.
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === added file '.pc/01-Tweak-doxygen-config.patch/.timestamp' |
2 | === added file '.pc/03-disable-configuration-warnings.patch/.timestamp' |
3 | === added file '.pc/04-ffmpeg-warning-change.patch/.timestamp' |
4 | === modified file 'Changelog' |
5 | --- Changelog 2013-03-27 07:57:15 +0000 |
6 | +++ Changelog 2013-07-10 23:28:31 +0000 |
7 | @@ -1,6 +1,26 @@ |
8 | Entries are sorted chronologically from oldest to youngest within each release, |
9 | releases are sorted from youngest to oldest. |
10 | |
11 | +version 0.8.7: |
12 | + |
13 | +- avfiltergraph: check for sws opts being non-NULL before using them |
14 | +- bmv: check for len being valid in bmv_decode_frame() |
15 | +- dfa: check for invalid access in decode_wdlt() |
16 | +- indeo3: check motion vectors |
17 | +- indeo3: fix data size check |
18 | +- indeo3: switch parsing the header to bytestream2 |
19 | +- lavf: make sure stream probe data gets freed. |
20 | +- oggdec: fix faulty cleanup prototype |
21 | +- oma: Validate sample rates |
22 | +- qdm2: check that the FFT size is a power of 2 |
23 | +- rv10: check that extradata is large enough |
24 | +- xmv: check audio track parameters validity |
25 | +- xmv: do not leak memory in the error paths in xmv_read_header() |
26 | +- aac: check the maximum number of channels |
27 | +- indeo3: fix off by one in MV validity check, Bug #503 |
28 | +- id3v2: check for end of file while unescaping tags |
29 | +- wav: Always seek to an even offset, Bug #500, LP: #1174737 |
30 | +- proresdec: support mixed interlaced/non-interlaced content |
31 | |
32 | version 0.8.6: |
33 | |
34 | |
35 | === modified file 'RELEASE' |
36 | --- RELEASE 2013-03-27 07:57:15 +0000 |
37 | +++ RELEASE 2013-07-10 23:28:31 +0000 |
38 | @@ -1,1 +1,1 @@ |
39 | -0.8.6 |
40 | +0.8.7 |
41 | |
42 | === modified file 'VERSION' |
43 | --- VERSION 2013-03-24 07:35:51 +0000 |
44 | +++ VERSION 2013-07-10 23:28:31 +0000 |
45 | @@ -1,1 +1,1 @@ |
46 | -0.8.6 |
47 | +0.8.7 |
48 | |
49 | === modified file 'debian/changelog' |
50 | --- debian/changelog 2013-03-30 22:41:36 +0000 |
51 | +++ debian/changelog 2013-07-10 23:28:31 +0000 |
52 | @@ -1,3 +1,17 @@ |
53 | +libav (6:0.8.7-1ubuntu1) UNRELEASED; urgency=low |
54 | + |
55 | + *merged from debian unstable |
56 | + |
57 | + -- Jackson Doak <noskcaj@ubuntu.com> Thu, 11 Jul 2013 09:21:04 +1000 |
58 | + |
59 | +libav (6:0.8.7-1) unstable; urgency=medium |
60 | + |
61 | + * Imported Upstream version 0.8.7, new releases fixes: |
62 | + - wav: Always seek to an even offset, Bug #500, LP: #1174737 |
63 | + - A number of further security relevant patches. |
64 | + |
65 | + -- Reinhard Tartler <siretart@tauware.de> Mon, 20 May 2013 11:04:00 +0200 |
66 | + |
67 | libav (6:0.8.6-1ubuntu2) raring; urgency=low |
68 | |
69 | * Put back the dh_strip invocations. Otherwise, no .ddebs will be |
70 | |
71 | === modified file 'debian/gbp.conf' |
72 | --- debian/gbp.conf 2011-09-28 09:18:34 +0000 |
73 | +++ debian/gbp.conf 2013-07-10 23:28:31 +0000 |
74 | @@ -4,3 +4,5 @@ |
75 | upstream-tag = upstream/%(version)s |
76 | debian-tag = debian/%(version)s |
77 | pristine-tar = True |
78 | +compression = xz |
79 | + |
80 | |
81 | === modified file 'debian/patches/01-Tweak-doxygen-config.patch' |
82 | --- debian/patches/01-Tweak-doxygen-config.patch 2012-01-21 09:34:37 +0000 |
83 | +++ debian/patches/01-Tweak-doxygen-config.patch 2013-07-10 23:28:31 +0000 |
84 | @@ -7,9 +7,11 @@ |
85 | Doxyfile | 2 +- |
86 | 1 files changed, 1 insertions(+), 1 deletions(-) |
87 | |
88 | ---- a/Doxyfile |
89 | -+++ b/Doxyfile |
90 | -@@ -616,7 +616,7 @@ RECURSIVE = YES |
91 | +Index: libav/Doxyfile |
92 | +=================================================================== |
93 | +--- libav.orig/Doxyfile 2013-07-11 09:20:18.889079924 +1000 |
94 | ++++ libav/Doxyfile 2013-07-11 09:20:18.885079906 +1000 |
95 | +@@ -616,7 +616,7 @@ |
96 | # excluded from the INPUT source files. This way you can easily exclude a |
97 | # subdirectory from a directory tree whose root is specified with the INPUT tag. |
98 | |
99 | |
100 | === modified file 'debian/patches/03-disable-configuration-warnings.patch' |
101 | --- debian/patches/03-disable-configuration-warnings.patch 2012-01-21 09:34:37 +0000 |
102 | +++ debian/patches/03-disable-configuration-warnings.patch 2013-07-10 23:28:31 +0000 |
103 | @@ -4,9 +4,11 @@ |
104 | Bug-Ubuntu: https://launchpad.net/bugs/765357 |
105 | Forwarded: not-needed |
106 | |
107 | ---- a/cmdutils.c |
108 | -+++ b/cmdutils.c |
109 | -@@ -457,7 +457,9 @@ void print_error(const char *filename, i |
110 | +Index: libav/cmdutils.c |
111 | +=================================================================== |
112 | +--- libav.orig/cmdutils.c 2013-07-11 09:20:36.705168281 +1000 |
113 | ++++ libav/cmdutils.c 2013-07-11 09:20:36.701168254 +1000 |
114 | +@@ -457,7 +457,9 @@ |
115 | av_log(NULL, AV_LOG_ERROR, "%s: %s\n", filename, errbuf_ptr); |
116 | } |
117 | |
118 | |
119 | === modified file 'debian/patches/04-ffmpeg-warning-change.patch' |
120 | --- debian/patches/04-ffmpeg-warning-change.patch 2012-08-07 22:23:55 +0000 |
121 | +++ debian/patches/04-ffmpeg-warning-change.patch 2013-07-10 23:28:31 +0000 |
122 | @@ -3,8 +3,10 @@ |
123 | Origin: Debian |
124 | Forwarded: not-needed |
125 | |
126 | ---- a/ffmpeg.c |
127 | -+++ b/ffmpeg.c |
128 | +Index: libav/ffmpeg.c |
129 | +=================================================================== |
130 | +--- libav.orig/ffmpeg.c 2013-07-11 09:20:44.457206714 +1000 |
131 | ++++ libav/ffmpeg.c 2013-07-11 09:20:44.453206699 +1000 |
132 | @@ -4376,9 +4376,10 @@ |
133 | |
134 | show_banner(); |
135 | |
136 | === modified file 'debian/watch' |
137 | --- debian/watch 2012-01-24 07:41:33 +0000 |
138 | +++ debian/watch 2013-07-10 23:28:31 +0000 |
139 | @@ -1,3 +1,3 @@ |
140 | version=3 |
141 | opts="uversionmangle=s/_/~/i" \ |
142 | -http://libav.org/releases/libav-(.*)\.tar\.gz |
143 | +http://libav.org/releases/libav-(.*)\.tar\.xz |
144 | |
145 | === modified file 'libavcodec/aacdec.c' |
146 | --- libavcodec/aacdec.c 2013-03-27 07:57:15 +0000 |
147 | +++ libavcodec/aacdec.c 2013-07-10 23:28:31 +0000 |
148 | @@ -192,6 +192,8 @@ |
149 | enum ChannelPosition che_pos[4][MAX_ELEM_ID], |
150 | int type, int id, int *channels) |
151 | { |
152 | + if (*channels >= MAX_CHANNELS) |
153 | + return AVERROR_INVALIDDATA; |
154 | if (che_pos[type][id]) { |
155 | if (!ac->che[type][id]) { |
156 | if (!(ac->che[type][id] = av_mallocz(sizeof(ChannelElement)))) |
157 | |
158 | === modified file 'libavcodec/bmv.c' |
159 | --- libavcodec/bmv.c 2012-01-12 22:30:00 +0000 |
160 | +++ libavcodec/bmv.c 2013-07-10 23:28:31 +0000 |
161 | @@ -134,7 +134,7 @@ |
162 | mode += 1 + advance_mode; |
163 | if (mode >= 4) |
164 | mode -= 3; |
165 | - if (FFABS(dst_end - dst) < len) |
166 | + if (len <= 0 || FFABS(dst_end - dst) < len) |
167 | return -1; |
168 | switch (mode) { |
169 | case 1: |
170 | |
171 | === modified file 'libavcodec/dfa.c' |
172 | --- libavcodec/dfa.c 2012-11-06 11:03:10 +0000 |
173 | +++ libavcodec/dfa.c 2013-07-10 23:28:31 +0000 |
174 | @@ -258,6 +258,8 @@ |
175 | segments = bytestream2_get_le16(gb); |
176 | } |
177 | line_ptr = frame; |
178 | + if (frame_end - frame < width) |
179 | + return AVERROR_INVALIDDATA; |
180 | frame += width; |
181 | y++; |
182 | while (segments--) { |
183 | |
184 | === modified file 'libavcodec/indeo3.c' |
185 | --- libavcodec/indeo3.c 2013-03-27 07:57:15 +0000 |
186 | +++ libavcodec/indeo3.c 2013-07-10 23:28:31 +0000 |
187 | @@ -222,7 +222,7 @@ |
188 | * @param plane pointer to the plane descriptor |
189 | * @param cell pointer to the cell descriptor |
190 | */ |
191 | -static void copy_cell(Indeo3DecodeContext *ctx, Plane *plane, Cell *cell) |
192 | +static int copy_cell(Indeo3DecodeContext *ctx, Plane *plane, Cell *cell) |
193 | { |
194 | int h, w, mv_x, mv_y, offset, offset_dst; |
195 | uint8_t *src, *dst; |
196 | @@ -232,6 +232,16 @@ |
197 | dst = plane->pixels[ctx->buf_sel] + offset_dst; |
198 | mv_y = cell->mv_ptr[0]; |
199 | mv_x = cell->mv_ptr[1]; |
200 | + |
201 | + /* -1 because there is an extra line on top for prediction */ |
202 | + if ((cell->ypos << 2) + mv_y < -1 || (cell->xpos << 2) + mv_x < 0 || |
203 | + ((cell->ypos + cell->height) << 2) + mv_y > plane->height || |
204 | + ((cell->xpos + cell->width) << 2) + mv_x > plane->width) { |
205 | + av_log(ctx->avctx, AV_LOG_ERROR, |
206 | + "Motion vectors point out of the frame.\n"); |
207 | + return AVERROR_INVALIDDATA; |
208 | + } |
209 | + |
210 | offset = offset_dst + mv_y * plane->pitch + mv_x; |
211 | src = plane->pixels[ctx->buf_sel ^ 1] + offset; |
212 | |
213 | @@ -259,6 +269,8 @@ |
214 | dst += 4; |
215 | } |
216 | } |
217 | + |
218 | + return 0; |
219 | } |
220 | |
221 | |
222 | @@ -584,11 +596,23 @@ |
223 | } else if (mode >= 10) { |
224 | /* for mode 10 and 11 INTER first copy the predicted cell into the current one */ |
225 | /* so we don't need to do data copying for each RLE code later */ |
226 | - copy_cell(ctx, plane, cell); |
227 | + int ret = copy_cell(ctx, plane, cell); |
228 | + if (ret < 0) |
229 | + return ret; |
230 | } else { |
231 | /* set the pointer to the reference pixels for modes 0-4 INTER */ |
232 | mv_y = cell->mv_ptr[0]; |
233 | mv_x = cell->mv_ptr[1]; |
234 | + |
235 | + /* -1 because there is an extra line on top for prediction */ |
236 | + if ((cell->ypos << 2) + mv_y < -1 || (cell->xpos << 2) + mv_x < 0 || |
237 | + ((cell->ypos + cell->height) << 2) + mv_y > plane->height || |
238 | + ((cell->xpos + cell->width) << 2) + mv_x > plane->width) { |
239 | + av_log(ctx->avctx, AV_LOG_ERROR, |
240 | + "Motion vectors point out of the frame.\n"); |
241 | + return AVERROR_INVALIDDATA; |
242 | + } |
243 | + |
244 | offset += mv_y * plane->pitch + mv_x; |
245 | ref_block = plane->pixels[ctx->buf_sel ^ 1] + offset; |
246 | } |
247 | @@ -720,7 +744,7 @@ |
248 | const int depth, const int strip_width) |
249 | { |
250 | Cell curr_cell; |
251 | - int bytes_used; |
252 | + int bytes_used, ret; |
253 | |
254 | if (depth <= 0) { |
255 | av_log(avctx, AV_LOG_ERROR, "Stack overflow (corrupted binary tree)!\n"); |
256 | @@ -771,8 +795,8 @@ |
257 | CHECK_CELL |
258 | if (!curr_cell.mv_ptr) |
259 | return AVERROR_INVALIDDATA; |
260 | - copy_cell(ctx, plane, &curr_cell); |
261 | - return 0; |
262 | + ret = copy_cell(ctx, plane, &curr_cell); |
263 | + return ret; |
264 | } |
265 | break; |
266 | case INTER_DATA: |
267 | @@ -855,17 +879,20 @@ |
268 | static int decode_frame_headers(Indeo3DecodeContext *ctx, AVCodecContext *avctx, |
269 | const uint8_t *buf, int buf_size) |
270 | { |
271 | - const uint8_t *buf_ptr = buf, *bs_hdr; |
272 | + GetByteContext gb; |
273 | + const uint8_t *bs_hdr; |
274 | uint32_t frame_num, word2, check_sum, data_size; |
275 | uint32_t y_offset, u_offset, v_offset, starts[3], ends[3]; |
276 | uint16_t height, width; |
277 | int i, j; |
278 | |
279 | + bytestream2_init(&gb, buf, buf_size); |
280 | + |
281 | /* parse and check the OS header */ |
282 | - frame_num = bytestream_get_le32(&buf_ptr); |
283 | - word2 = bytestream_get_le32(&buf_ptr); |
284 | - check_sum = bytestream_get_le32(&buf_ptr); |
285 | - data_size = bytestream_get_le32(&buf_ptr); |
286 | + frame_num = bytestream2_get_le32(&gb); |
287 | + word2 = bytestream2_get_le32(&gb); |
288 | + check_sum = bytestream2_get_le32(&gb); |
289 | + data_size = bytestream2_get_le32(&gb); |
290 | |
291 | if ((frame_num ^ word2 ^ data_size ^ OS_HDR_ID) != check_sum) { |
292 | av_log(avctx, AV_LOG_ERROR, "OS header checksum mismatch!\n"); |
293 | @@ -873,28 +900,27 @@ |
294 | } |
295 | |
296 | /* parse the bitstream header */ |
297 | - bs_hdr = buf_ptr; |
298 | + bs_hdr = gb.buffer; |
299 | |
300 | - if (bytestream_get_le16(&buf_ptr) != 32) { |
301 | + if (bytestream2_get_le16(&gb) != 32) { |
302 | av_log(avctx, AV_LOG_ERROR, "Unsupported codec version!\n"); |
303 | return AVERROR_INVALIDDATA; |
304 | } |
305 | |
306 | ctx->frame_num = frame_num; |
307 | - ctx->frame_flags = bytestream_get_le16(&buf_ptr); |
308 | - ctx->data_size = (bytestream_get_le32(&buf_ptr) + 7) >> 3; |
309 | - ctx->cb_offset = *buf_ptr++; |
310 | + ctx->frame_flags = bytestream2_get_le16(&gb); |
311 | + ctx->data_size = (bytestream2_get_le32(&gb) + 7) >> 3; |
312 | + ctx->cb_offset = bytestream2_get_byte(&gb); |
313 | |
314 | if (ctx->data_size == 16) |
315 | return 4; |
316 | - if (ctx->data_size > buf_size) |
317 | - ctx->data_size = buf_size; |
318 | + ctx->data_size = FFMIN(ctx->data_size, buf_size - 16); |
319 | |
320 | - buf_ptr += 3; // skip reserved byte and checksum |
321 | + bytestream2_skip(&gb, 3); // skip reserved byte and checksum |
322 | |
323 | /* check frame dimensions */ |
324 | - height = bytestream_get_le16(&buf_ptr); |
325 | - width = bytestream_get_le16(&buf_ptr); |
326 | + height = bytestream2_get_le16(&gb); |
327 | + width = bytestream2_get_le16(&gb); |
328 | if (av_image_check_size(width, height, 0, avctx)) |
329 | return AVERROR_INVALIDDATA; |
330 | |
331 | @@ -920,9 +946,10 @@ |
332 | avcodec_set_dimensions(avctx, width, height); |
333 | } |
334 | |
335 | - y_offset = bytestream_get_le32(&buf_ptr); |
336 | - v_offset = bytestream_get_le32(&buf_ptr); |
337 | - u_offset = bytestream_get_le32(&buf_ptr); |
338 | + y_offset = bytestream2_get_le32(&gb); |
339 | + v_offset = bytestream2_get_le32(&gb); |
340 | + u_offset = bytestream2_get_le32(&gb); |
341 | + bytestream2_skip(&gb, 4); |
342 | |
343 | /* unfortunately there is no common order of planes in the buffer */ |
344 | /* so we use that sorting algo for determining planes data sizes */ |
345 | @@ -941,6 +968,7 @@ |
346 | ctx->v_data_size = ends[1] - starts[1]; |
347 | ctx->u_data_size = ends[2] - starts[2]; |
348 | if (FFMAX3(y_offset, v_offset, u_offset) >= ctx->data_size - 16 || |
349 | + FFMIN3(y_offset, v_offset, u_offset) < gb.buffer - bs_hdr + 16 || |
350 | FFMIN3(ctx->y_data_size, ctx->v_data_size, ctx->u_data_size) <= 0) { |
351 | av_log(avctx, AV_LOG_ERROR, "One of the y/u/v offsets is invalid\n"); |
352 | return AVERROR_INVALIDDATA; |
353 | @@ -949,7 +977,7 @@ |
354 | ctx->y_data_ptr = bs_hdr + y_offset; |
355 | ctx->v_data_ptr = bs_hdr + v_offset; |
356 | ctx->u_data_ptr = bs_hdr + u_offset; |
357 | - ctx->alt_quant = buf_ptr + sizeof(uint32_t); |
358 | + ctx->alt_quant = gb.buffer; |
359 | |
360 | if (ctx->data_size == 16) { |
361 | av_log(avctx, AV_LOG_DEBUG, "Sync frame encountered!\n"); |
362 | |
363 | === modified file 'libavcodec/proresdec.c' |
364 | --- libavcodec/proresdec.c 2011-12-30 23:45:34 +0000 |
365 | +++ libavcodec/proresdec.c 2013-07-10 23:28:31 +0000 |
366 | @@ -186,6 +186,8 @@ |
367 | if (ctx->frame_type) { /* if interlaced */ |
368 | ctx->picture.interlaced_frame = 1; |
369 | ctx->picture.top_field_first = ctx->frame_type & 1; |
370 | + } else { |
371 | + ctx->picture.interlaced_frame = 0; |
372 | } |
373 | |
374 | ctx->alpha_info = buf[17] & 0xf; |
375 | |
376 | === modified file 'libavcodec/qdm2.c' |
377 | --- libavcodec/qdm2.c 2012-06-09 13:25:31 +0000 |
378 | +++ libavcodec/qdm2.c 2013-07-10 23:28:31 +0000 |
379 | @@ -1881,6 +1881,10 @@ |
380 | av_log(avctx, AV_LOG_ERROR, "Unknown FFT order (%d), contact the developers!\n", s->fft_order); |
381 | return -1; |
382 | } |
383 | + if (s->fft_size != (1 << (s->fft_order - 1))) { |
384 | + av_log(avctx, AV_LOG_ERROR, "FFT size %d not power of 2.\n", s->fft_size); |
385 | + return AVERROR_INVALIDDATA; |
386 | + } |
387 | |
388 | ff_rdft_init(&s->rdft_ctx, s->fft_order, IDFT_C2R); |
389 | ff_mpadsp_init(&s->mpadsp); |
390 | |
391 | === modified file 'libavcodec/rv10.c' |
392 | --- libavcodec/rv10.c 2013-03-27 07:57:15 +0000 |
393 | +++ libavcodec/rv10.c 2013-07-10 23:28:31 +0000 |
394 | @@ -341,6 +341,11 @@ |
395 | f = get_bits(&s->gb, rpr_bits); |
396 | |
397 | if(f){ |
398 | + if (s->avctx->extradata_size < 8 + 2 * f) { |
399 | + av_log(s->avctx, AV_LOG_ERROR, "Extradata too small.\n"); |
400 | + return AVERROR_INVALIDDATA; |
401 | + } |
402 | + |
403 | new_w= 4*((uint8_t*)s->avctx->extradata)[6+2*f]; |
404 | new_h= 4*((uint8_t*)s->avctx->extradata)[7+2*f]; |
405 | }else{ |
406 | |
407 | === modified file 'libavfilter/avfiltergraph.c' |
408 | --- libavfilter/avfiltergraph.c 2011-12-30 23:45:34 +0000 |
409 | +++ libavfilter/avfiltergraph.c 2013-07-10 23:28:31 +0000 |
410 | @@ -23,6 +23,7 @@ |
411 | #include <ctype.h> |
412 | #include <string.h> |
413 | |
414 | +#include "libavutil/avstring.h" |
415 | #include "avfilter.h" |
416 | #include "avfiltergraph.h" |
417 | #include "internal.h" |
418 | @@ -163,7 +164,11 @@ |
419 | /* couldn't merge format lists. auto-insert scale filter */ |
420 | snprintf(inst_name, sizeof(inst_name), "auto-inserted scaler %d", |
421 | scaler_count++); |
422 | - snprintf(scale_args, sizeof(scale_args), "0:0:%s", graph->scale_sws_opts); |
423 | + av_strlcpy(scale_args, "0:0", sizeof(scale_args)); |
424 | + if (graph->scale_sws_opts) { |
425 | + av_strlcat(scale_args, ":", sizeof(scale_args)); |
426 | + av_strlcat(scale_args, graph->scale_sws_opts, sizeof(scale_args)); |
427 | + } |
428 | if ((ret = avfilter_graph_create_filter(&scale, avfilter_get_by_name("scale"), |
429 | inst_name, scale_args, NULL, graph)) < 0) |
430 | return ret; |
431 | |
432 | === modified file 'libavfilter/graphparser.c' |
433 | --- libavfilter/graphparser.c 2011-12-30 23:45:34 +0000 |
434 | +++ libavfilter/graphparser.c 2013-07-10 23:28:31 +0000 |
435 | @@ -121,7 +121,8 @@ |
436 | return ret; |
437 | } |
438 | |
439 | - if (!strcmp(filt_name, "scale") && args && !strstr(args, "flags")) { |
440 | + if (!strcmp(filt_name, "scale") && args && !strstr(args, "flags") && |
441 | + ctx->scale_sws_opts) { |
442 | snprintf(tmp_args, sizeof(tmp_args), "%s:%s", |
443 | args, ctx->scale_sws_opts); |
444 | args = tmp_args; |
445 | |
446 | === modified file 'libavformat/id3v2.c' |
447 | --- libavformat/id3v2.c 2013-01-13 11:56:59 +0000 |
448 | +++ libavformat/id3v2.c 2013-07-10 23:28:31 +0000 |
449 | @@ -510,9 +510,10 @@ |
450 | goto seek; |
451 | } |
452 | b = buffer; |
453 | - while (avio_tell(s->pb) < end) { |
454 | + while (avio_tell(s->pb) < end && !s->pb->eof_reached) { |
455 | *b++ = avio_r8(s->pb); |
456 | - if (*(b - 1) == 0xff && avio_tell(s->pb) < end - 1) { |
457 | + if (*(b - 1) == 0xff && avio_tell(s->pb) < end - 1 && |
458 | + !s->pb->eof_reached ) { |
459 | uint8_t val = avio_r8(s->pb); |
460 | *b++ = val ? val : avio_r8(s->pb); |
461 | } |
462 | |
463 | === modified file 'libavformat/oggparsevorbis.c' |
464 | --- libavformat/oggparsevorbis.c 2013-03-24 07:35:51 +0000 |
465 | +++ libavformat/oggparsevorbis.c 2013-07-10 23:28:31 +0000 |
466 | @@ -188,7 +188,7 @@ |
467 | return offset; |
468 | } |
469 | |
470 | -static int vorbis_cleanup(AVFormatContext *s, int idx) |
471 | +static void vorbis_cleanup(AVFormatContext *s, int idx) |
472 | { |
473 | struct ogg *ogg = s->priv_data; |
474 | struct ogg_stream *os = ogg->streams + idx; |
475 | |
476 | === modified file 'libavformat/oma.c' |
477 | --- libavformat/oma.c 2011-12-30 23:45:34 +0000 |
478 | +++ libavformat/oma.c 2013-07-10 23:28:31 +0000 |
479 | @@ -22,7 +22,7 @@ |
480 | #include "oma.h" |
481 | #include "libavcodec/avcodec.h" |
482 | |
483 | -const uint16_t ff_oma_srate_tab[6] = { 320, 441, 480, 882, 960, 0 }; |
484 | +const uint16_t ff_oma_srate_tab[8] = { 320, 441, 480, 882, 960, 0 }; |
485 | |
486 | const AVCodecTag ff_oma_codec_tags[] = { |
487 | { CODEC_ID_ATRAC3, OMA_CODECID_ATRAC3 }, |
488 | |
489 | === modified file 'libavformat/oma.h' |
490 | --- libavformat/oma.h 2011-12-30 23:45:34 +0000 |
491 | +++ libavformat/oma.h 2013-07-10 23:28:31 +0000 |
492 | @@ -37,7 +37,7 @@ |
493 | OMA_CODECID_WMA = 5, |
494 | }; |
495 | |
496 | -extern const uint16_t ff_oma_srate_tab[6]; |
497 | +extern const uint16_t ff_oma_srate_tab[8]; |
498 | |
499 | extern const AVCodecTag ff_oma_codec_tags[]; |
500 | |
501 | |
502 | === modified file 'libavformat/omadec.c' |
503 | --- libavformat/omadec.c 2012-03-19 08:39:18 +0000 |
504 | +++ libavformat/omadec.c 2013-07-10 23:28:31 +0000 |
505 | @@ -302,7 +302,11 @@ |
506 | |
507 | switch (buf[32]) { |
508 | case OMA_CODECID_ATRAC3: |
509 | - samplerate = ff_oma_srate_tab[(codec_params >> 13) & 7]*100; |
510 | + samplerate = ff_oma_srate_tab[(codec_params >> 13) & 7] * 100; |
511 | + if (!samplerate) { |
512 | + av_log(s, AV_LOG_ERROR, "Unsupported sample rate\n"); |
513 | + return AVERROR_INVALIDDATA; |
514 | + } |
515 | if (samplerate != 44100) |
516 | av_log_ask_for_sample(s, "Unsupported sample rate: %d\n", |
517 | samplerate); |
518 | @@ -332,9 +336,14 @@ |
519 | case OMA_CODECID_ATRAC3P: |
520 | st->codec->channels = (codec_params >> 10) & 7; |
521 | framesize = ((codec_params & 0x3FF) * 8) + 8; |
522 | - st->codec->sample_rate = ff_oma_srate_tab[(codec_params >> 13) & 7]*100; |
523 | - st->codec->bit_rate = st->codec->sample_rate * framesize * 8 / 1024; |
524 | - avpriv_set_pts_info(st, 64, 1, st->codec->sample_rate); |
525 | + samplerate = ff_oma_srate_tab[(codec_params >> 13) & 7] * 100; |
526 | + if (!samplerate) { |
527 | + av_log(s, AV_LOG_ERROR, "Unsupported sample rate\n"); |
528 | + return AVERROR_INVALIDDATA; |
529 | + } |
530 | + st->codec->sample_rate = samplerate; |
531 | + st->codec->bit_rate = samplerate * framesize * 8 / 1024; |
532 | + avpriv_set_pts_info(st, 64, 1, samplerate); |
533 | av_log(s, AV_LOG_ERROR, "Unsupported codec ATRAC3+!\n"); |
534 | break; |
535 | case OMA_CODECID_MP3: |
536 | |
537 | === modified file 'libavformat/utils.c' |
538 | --- libavformat/utils.c 2013-03-27 07:57:15 +0000 |
539 | +++ libavformat/utils.c 2013-07-10 23:28:31 +0000 |
540 | @@ -2712,6 +2712,7 @@ |
541 | av_free_packet(&st->cur_pkt); |
542 | } |
543 | av_dict_free(&st->metadata); |
544 | + av_freep(&st->probe_data.buf); |
545 | av_free(st->index_entries); |
546 | av_free(st->codec->extradata); |
547 | av_free(st->codec->subtitle_header); |
548 | |
549 | === modified file 'libavformat/wav.c' |
550 | --- libavformat/wav.c 2012-11-06 11:03:10 +0000 |
551 | +++ libavformat/wav.c 2013-07-10 23:28:31 +0000 |
552 | @@ -230,6 +230,12 @@ |
553 | return avio_rl32(pb); |
554 | } |
555 | |
556 | +/* RIFF chunks are always on a even offset. */ |
557 | +static int64_t wav_seek_tag(AVIOContext *s, int64_t offset, int whence) |
558 | +{ |
559 | + return avio_seek(s, offset + (offset & 1), whence); |
560 | +} |
561 | + |
562 | /* return the size of the found tag */ |
563 | static int64_t find_tag(AVIOContext *pb, uint32_t tag1) |
564 | { |
565 | @@ -242,7 +248,7 @@ |
566 | size = next_tag(pb, &tag); |
567 | if (tag == tag1) |
568 | break; |
569 | - avio_skip(pb, size); |
570 | + wav_seek_tag(pb, size, SEEK_CUR); |
571 | } |
572 | return size; |
573 | } |
574 | @@ -483,7 +489,7 @@ |
575 | |
576 | /* seek to next tag unless we know that we'll run into EOF */ |
577 | if ((avio_size(pb) > 0 && next_tag_ofs >= avio_size(pb)) || |
578 | - avio_seek(pb, next_tag_ofs, SEEK_SET) < 0) { |
579 | + wav_seek_tag(pb, next_tag_ofs, SEEK_SET) < 0) { |
580 | break; |
581 | } |
582 | } |
583 | |
584 | === modified file 'libavformat/xmv.c' |
585 | --- libavformat/xmv.c 2011-12-30 23:45:34 +0000 |
586 | +++ libavformat/xmv.c 2013-07-10 23:28:31 +0000 |
587 | @@ -126,6 +126,16 @@ |
588 | return 0; |
589 | } |
590 | |
591 | +static int xmv_read_close(AVFormatContext *s) |
592 | +{ |
593 | + XMVDemuxContext *xmv = s->priv_data; |
594 | + |
595 | + av_free(xmv->audio); |
596 | + av_free(xmv->audio_tracks); |
597 | + |
598 | + return 0; |
599 | +} |
600 | + |
601 | static int xmv_read_header(AVFormatContext *s, |
602 | AVFormatParameters *ap) |
603 | { |
604 | @@ -136,6 +146,7 @@ |
605 | uint32_t file_version; |
606 | uint32_t this_packet_size; |
607 | uint16_t audio_track; |
608 | + int ret; |
609 | |
610 | avio_skip(pb, 4); /* Next packet size */ |
611 | |
612 | @@ -178,8 +189,10 @@ |
613 | return AVERROR(ENOMEM); |
614 | |
615 | xmv->audio = av_malloc(xmv->audio_track_count * sizeof(XMVAudioPacket)); |
616 | - if (!xmv->audio) |
617 | - return AVERROR(ENOMEM); |
618 | + if (!xmv->audio) { |
619 | + ret = AVERROR(ENOMEM); |
620 | + goto fail; |
621 | + } |
622 | |
623 | for (audio_track = 0; audio_track < xmv->audio_track_count; audio_track++) { |
624 | XMVAudioTrack *track = &xmv->audio_tracks[audio_track]; |
625 | @@ -212,9 +225,18 @@ |
626 | av_log(s, AV_LOG_WARNING, "Unsupported 5.1 ADPCM audio stream " |
627 | "(0x%04X)\n", track->flags); |
628 | |
629 | + if (!track->channels || !track->sample_rate) { |
630 | + av_log(s, AV_LOG_ERROR, "Invalid parameters for audio track %d.\n", |
631 | + audio_track); |
632 | + ret = AVERROR_INVALIDDATA; |
633 | + goto fail; |
634 | + } |
635 | + |
636 | ast = avformat_new_stream(s, NULL); |
637 | - if (!ast) |
638 | - return AVERROR(ENOMEM); |
639 | + if (!ast) { |
640 | + ret = AVERROR(ENOMEM); |
641 | + goto fail; |
642 | + } |
643 | |
644 | ast->codec->codec_type = AVMEDIA_TYPE_AUDIO; |
645 | ast->codec->codec_id = track->codec_id; |
646 | @@ -240,6 +262,10 @@ |
647 | xmv->stream_count = xmv->audio_track_count + 1; |
648 | |
649 | return 0; |
650 | + |
651 | +fail: |
652 | + xmv_read_close(s); |
653 | + return ret; |
654 | } |
655 | |
656 | static void xmv_read_extradata(uint8_t *extradata, AVIOContext *pb) |
657 | @@ -547,16 +573,6 @@ |
658 | return 0; |
659 | } |
660 | |
661 | -static int xmv_read_close(AVFormatContext *s) |
662 | -{ |
663 | - XMVDemuxContext *xmv = s->priv_data; |
664 | - |
665 | - av_free(xmv->audio); |
666 | - av_free(xmv->audio_tracks); |
667 | - |
668 | - return 0; |
669 | -} |
670 | - |
671 | AVInputFormat ff_xmv_demuxer = { |
672 | .name = "xmv", |
673 | .long_name = NULL_IF_CONFIG_SMALL("Microsoft XMV"), |
Thanks! Uploaded with a proper changelog.