Ubuntu
libav package

Merge lp:~noskcaj/ubuntu/saucy/libav/merge0.8.7-1 into lp:ubuntu/saucy/libav

  1. Saucy (13.10)
  2. merge0.8.7-1
  3. Merge into saucy
Proposed by Jackson Doak
Status: Merged
Merge reported by: Martin Pitt
Merged at revision: not available
Proposed branch: lp:~noskcaj/ubuntu/saucy/libav/merge0.8.7-1
Merge into: lp:ubuntu/saucy/libav
Diff against target: 673 lines (+187/-63)
26 files modified
Changelog (+20/-0)
RELEASE (+1/-1)
VERSION (+1/-1)
debian/changelog (+14/-0)
debian/gbp.conf (+2/-0)
debian/patches/01-Tweak-doxygen-config.patch (+5/-3)
debian/patches/03-disable-configuration-warnings.patch (+5/-3)
debian/patches/04-ffmpeg-warning-change.patch (+4/-2)
debian/watch (+1/-1)
libavcodec/aacdec.c (+2/-0)
libavcodec/bmv.c (+1/-1)
libavcodec/dfa.c (+2/-0)
libavcodec/indeo3.c (+52/-24)
libavcodec/proresdec.c (+2/-0)
libavcodec/qdm2.c (+4/-0)
libavcodec/rv10.c (+5/-0)
libavfilter/avfiltergraph.c (+6/-1)
libavfilter/graphparser.c (+2/-1)
libavformat/id3v2.c (+3/-2)
libavformat/oggparsevorbis.c (+1/-1)
libavformat/oma.c (+1/-1)
libavformat/oma.h (+1/-1)
libavformat/omadec.c (+13/-4)
libavformat/utils.c (+1/-0)
libavformat/wav.c (+8/-2)
libavformat/xmv.c (+30/-14)
To merge this branch: bzr merge lp:~noskcaj/ubuntu/saucy/libav/merge0.8.7-1
Reviewer Review Type Date Requested Status
Martin Pitt Approve
Review via email: mp+174075@code.launchpad.net

Description of the change

Merged to latest debian unstable version

To post a comment you must log in.
Revision history for this message
Martin Pitt (pitti) wrote :

Thanks! Uploaded with a proper changelog.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== added file '.pc/01-Tweak-doxygen-config.patch/.timestamp'
2=== added file '.pc/03-disable-configuration-warnings.patch/.timestamp'
3=== added file '.pc/04-ffmpeg-warning-change.patch/.timestamp'
4=== modified file 'Changelog'
5--- Changelog 2013-03-27 07:57:15 +0000
6+++ Changelog 2013-07-10 23:28:31 +0000
7@@ -1,6 +1,26 @@
8 Entries are sorted chronologically from oldest to youngest within each release,
9 releases are sorted from youngest to oldest.
10
11+version 0.8.7:
12+
13+- avfiltergraph: check for sws opts being non-NULL before using them
14+- bmv: check for len being valid in bmv_decode_frame()
15+- dfa: check for invalid access in decode_wdlt()
16+- indeo3: check motion vectors
17+- indeo3: fix data size check
18+- indeo3: switch parsing the header to bytestream2
19+- lavf: make sure stream probe data gets freed.
20+- oggdec: fix faulty cleanup prototype
21+- oma: Validate sample rates
22+- qdm2: check that the FFT size is a power of 2
23+- rv10: check that extradata is large enough
24+- xmv: check audio track parameters validity
25+- xmv: do not leak memory in the error paths in xmv_read_header()
26+- aac: check the maximum number of channels
27+- indeo3: fix off by one in MV validity check, Bug #503
28+- id3v2: check for end of file while unescaping tags
29+- wav: Always seek to an even offset, Bug #500, LP: #1174737
30+- proresdec: support mixed interlaced/non-interlaced content
31
32 version 0.8.6:
33
34
35=== modified file 'RELEASE'
36--- RELEASE 2013-03-27 07:57:15 +0000
37+++ RELEASE 2013-07-10 23:28:31 +0000
38@@ -1,1 +1,1 @@
39-0.8.6
40+0.8.7
41
42=== modified file 'VERSION'
43--- VERSION 2013-03-24 07:35:51 +0000
44+++ VERSION 2013-07-10 23:28:31 +0000
45@@ -1,1 +1,1 @@
46-0.8.6
47+0.8.7
48
49=== modified file 'debian/changelog'
50--- debian/changelog 2013-03-30 22:41:36 +0000
51+++ debian/changelog 2013-07-10 23:28:31 +0000
52@@ -1,3 +1,17 @@
53+libav (6:0.8.7-1ubuntu1) UNRELEASED; urgency=low
54+
55+ *merged from debian unstable
56+
57+ -- Jackson Doak <noskcaj@ubuntu.com> Thu, 11 Jul 2013 09:21:04 +1000
58+
59+libav (6:0.8.7-1) unstable; urgency=medium
60+
61+ * Imported Upstream version 0.8.7, new releases fixes:
62+ - wav: Always seek to an even offset, Bug #500, LP: #1174737
63+ - A number of further security relevant patches.
64+
65+ -- Reinhard Tartler <siretart@tauware.de> Mon, 20 May 2013 11:04:00 +0200
66+
67 libav (6:0.8.6-1ubuntu2) raring; urgency=low
68
69 * Put back the dh_strip invocations. Otherwise, no .ddebs will be
70
71=== modified file 'debian/gbp.conf'
72--- debian/gbp.conf 2011-09-28 09:18:34 +0000
73+++ debian/gbp.conf 2013-07-10 23:28:31 +0000
74@@ -4,3 +4,5 @@
75 upstream-tag = upstream/%(version)s
76 debian-tag = debian/%(version)s
77 pristine-tar = True
78+compression = xz
79+
80
81=== modified file 'debian/patches/01-Tweak-doxygen-config.patch'
82--- debian/patches/01-Tweak-doxygen-config.patch 2012-01-21 09:34:37 +0000
83+++ debian/patches/01-Tweak-doxygen-config.patch 2013-07-10 23:28:31 +0000
84@@ -7,9 +7,11 @@
85 Doxyfile | 2 +-
86 1 files changed, 1 insertions(+), 1 deletions(-)
87
88---- a/Doxyfile
89-+++ b/Doxyfile
90-@@ -616,7 +616,7 @@ RECURSIVE = YES
91+Index: libav/Doxyfile
92+===================================================================
93+--- libav.orig/Doxyfile 2013-07-11 09:20:18.889079924 +1000
94++++ libav/Doxyfile 2013-07-11 09:20:18.885079906 +1000
95+@@ -616,7 +616,7 @@
96 # excluded from the INPUT source files. This way you can easily exclude a
97 # subdirectory from a directory tree whose root is specified with the INPUT tag.
98
99
100=== modified file 'debian/patches/03-disable-configuration-warnings.patch'
101--- debian/patches/03-disable-configuration-warnings.patch 2012-01-21 09:34:37 +0000
102+++ debian/patches/03-disable-configuration-warnings.patch 2013-07-10 23:28:31 +0000
103@@ -4,9 +4,11 @@
104 Bug-Ubuntu: https://launchpad.net/bugs/765357
105 Forwarded: not-needed
106
107---- a/cmdutils.c
108-+++ b/cmdutils.c
109-@@ -457,7 +457,9 @@ void print_error(const char *filename, i
110+Index: libav/cmdutils.c
111+===================================================================
112+--- libav.orig/cmdutils.c 2013-07-11 09:20:36.705168281 +1000
113++++ libav/cmdutils.c 2013-07-11 09:20:36.701168254 +1000
114+@@ -457,7 +457,9 @@
115 av_log(NULL, AV_LOG_ERROR, "%s: %s\n", filename, errbuf_ptr);
116 }
117
118
119=== modified file 'debian/patches/04-ffmpeg-warning-change.patch'
120--- debian/patches/04-ffmpeg-warning-change.patch 2012-08-07 22:23:55 +0000
121+++ debian/patches/04-ffmpeg-warning-change.patch 2013-07-10 23:28:31 +0000
122@@ -3,8 +3,10 @@
123 Origin: Debian
124 Forwarded: not-needed
125
126---- a/ffmpeg.c
127-+++ b/ffmpeg.c
128+Index: libav/ffmpeg.c
129+===================================================================
130+--- libav.orig/ffmpeg.c 2013-07-11 09:20:44.457206714 +1000
131++++ libav/ffmpeg.c 2013-07-11 09:20:44.453206699 +1000
132 @@ -4376,9 +4376,10 @@
133
134 show_banner();
135
136=== modified file 'debian/watch'
137--- debian/watch 2012-01-24 07:41:33 +0000
138+++ debian/watch 2013-07-10 23:28:31 +0000
139@@ -1,3 +1,3 @@
140 version=3
141 opts="uversionmangle=s/_/~/i" \
142-http://libav.org/releases/libav-(.*)\.tar\.gz
143+http://libav.org/releases/libav-(.*)\.tar\.xz
144
145=== modified file 'libavcodec/aacdec.c'
146--- libavcodec/aacdec.c 2013-03-27 07:57:15 +0000
147+++ libavcodec/aacdec.c 2013-07-10 23:28:31 +0000
148@@ -192,6 +192,8 @@
149 enum ChannelPosition che_pos[4][MAX_ELEM_ID],
150 int type, int id, int *channels)
151 {
152+ if (*channels >= MAX_CHANNELS)
153+ return AVERROR_INVALIDDATA;
154 if (che_pos[type][id]) {
155 if (!ac->che[type][id]) {
156 if (!(ac->che[type][id] = av_mallocz(sizeof(ChannelElement))))
157
158=== modified file 'libavcodec/bmv.c'
159--- libavcodec/bmv.c 2012-01-12 22:30:00 +0000
160+++ libavcodec/bmv.c 2013-07-10 23:28:31 +0000
161@@ -134,7 +134,7 @@
162 mode += 1 + advance_mode;
163 if (mode >= 4)
164 mode -= 3;
165- if (FFABS(dst_end - dst) < len)
166+ if (len <= 0 || FFABS(dst_end - dst) < len)
167 return -1;
168 switch (mode) {
169 case 1:
170
171=== modified file 'libavcodec/dfa.c'
172--- libavcodec/dfa.c 2012-11-06 11:03:10 +0000
173+++ libavcodec/dfa.c 2013-07-10 23:28:31 +0000
174@@ -258,6 +258,8 @@
175 segments = bytestream2_get_le16(gb);
176 }
177 line_ptr = frame;
178+ if (frame_end - frame < width)
179+ return AVERROR_INVALIDDATA;
180 frame += width;
181 y++;
182 while (segments--) {
183
184=== modified file 'libavcodec/indeo3.c'
185--- libavcodec/indeo3.c 2013-03-27 07:57:15 +0000
186+++ libavcodec/indeo3.c 2013-07-10 23:28:31 +0000
187@@ -222,7 +222,7 @@
188 * @param plane pointer to the plane descriptor
189 * @param cell pointer to the cell descriptor
190 */
191-static void copy_cell(Indeo3DecodeContext *ctx, Plane *plane, Cell *cell)
192+static int copy_cell(Indeo3DecodeContext *ctx, Plane *plane, Cell *cell)
193 {
194 int h, w, mv_x, mv_y, offset, offset_dst;
195 uint8_t *src, *dst;
196@@ -232,6 +232,16 @@
197 dst = plane->pixels[ctx->buf_sel] + offset_dst;
198 mv_y = cell->mv_ptr[0];
199 mv_x = cell->mv_ptr[1];
200+
201+ /* -1 because there is an extra line on top for prediction */
202+ if ((cell->ypos << 2) + mv_y < -1 || (cell->xpos << 2) + mv_x < 0 ||
203+ ((cell->ypos + cell->height) << 2) + mv_y > plane->height ||
204+ ((cell->xpos + cell->width) << 2) + mv_x > plane->width) {
205+ av_log(ctx->avctx, AV_LOG_ERROR,
206+ "Motion vectors point out of the frame.\n");
207+ return AVERROR_INVALIDDATA;
208+ }
209+
210 offset = offset_dst + mv_y * plane->pitch + mv_x;
211 src = plane->pixels[ctx->buf_sel ^ 1] + offset;
212
213@@ -259,6 +269,8 @@
214 dst += 4;
215 }
216 }
217+
218+ return 0;
219 }
220
221
222@@ -584,11 +596,23 @@
223 } else if (mode >= 10) {
224 /* for mode 10 and 11 INTER first copy the predicted cell into the current one */
225 /* so we don't need to do data copying for each RLE code later */
226- copy_cell(ctx, plane, cell);
227+ int ret = copy_cell(ctx, plane, cell);
228+ if (ret < 0)
229+ return ret;
230 } else {
231 /* set the pointer to the reference pixels for modes 0-4 INTER */
232 mv_y = cell->mv_ptr[0];
233 mv_x = cell->mv_ptr[1];
234+
235+ /* -1 because there is an extra line on top for prediction */
236+ if ((cell->ypos << 2) + mv_y < -1 || (cell->xpos << 2) + mv_x < 0 ||
237+ ((cell->ypos + cell->height) << 2) + mv_y > plane->height ||
238+ ((cell->xpos + cell->width) << 2) + mv_x > plane->width) {
239+ av_log(ctx->avctx, AV_LOG_ERROR,
240+ "Motion vectors point out of the frame.\n");
241+ return AVERROR_INVALIDDATA;
242+ }
243+
244 offset += mv_y * plane->pitch + mv_x;
245 ref_block = plane->pixels[ctx->buf_sel ^ 1] + offset;
246 }
247@@ -720,7 +744,7 @@
248 const int depth, const int strip_width)
249 {
250 Cell curr_cell;
251- int bytes_used;
252+ int bytes_used, ret;
253
254 if (depth <= 0) {
255 av_log(avctx, AV_LOG_ERROR, "Stack overflow (corrupted binary tree)!\n");
256@@ -771,8 +795,8 @@
257 CHECK_CELL
258 if (!curr_cell.mv_ptr)
259 return AVERROR_INVALIDDATA;
260- copy_cell(ctx, plane, &curr_cell);
261- return 0;
262+ ret = copy_cell(ctx, plane, &curr_cell);
263+ return ret;
264 }
265 break;
266 case INTER_DATA:
267@@ -855,17 +879,20 @@
268 static int decode_frame_headers(Indeo3DecodeContext *ctx, AVCodecContext *avctx,
269 const uint8_t *buf, int buf_size)
270 {
271- const uint8_t *buf_ptr = buf, *bs_hdr;
272+ GetByteContext gb;
273+ const uint8_t *bs_hdr;
274 uint32_t frame_num, word2, check_sum, data_size;
275 uint32_t y_offset, u_offset, v_offset, starts[3], ends[3];
276 uint16_t height, width;
277 int i, j;
278
279+ bytestream2_init(&gb, buf, buf_size);
280+
281 /* parse and check the OS header */
282- frame_num = bytestream_get_le32(&buf_ptr);
283- word2 = bytestream_get_le32(&buf_ptr);
284- check_sum = bytestream_get_le32(&buf_ptr);
285- data_size = bytestream_get_le32(&buf_ptr);
286+ frame_num = bytestream2_get_le32(&gb);
287+ word2 = bytestream2_get_le32(&gb);
288+ check_sum = bytestream2_get_le32(&gb);
289+ data_size = bytestream2_get_le32(&gb);
290
291 if ((frame_num ^ word2 ^ data_size ^ OS_HDR_ID) != check_sum) {
292 av_log(avctx, AV_LOG_ERROR, "OS header checksum mismatch!\n");
293@@ -873,28 +900,27 @@
294 }
295
296 /* parse the bitstream header */
297- bs_hdr = buf_ptr;
298+ bs_hdr = gb.buffer;
299
300- if (bytestream_get_le16(&buf_ptr) != 32) {
301+ if (bytestream2_get_le16(&gb) != 32) {
302 av_log(avctx, AV_LOG_ERROR, "Unsupported codec version!\n");
303 return AVERROR_INVALIDDATA;
304 }
305
306 ctx->frame_num = frame_num;
307- ctx->frame_flags = bytestream_get_le16(&buf_ptr);
308- ctx->data_size = (bytestream_get_le32(&buf_ptr) + 7) >> 3;
309- ctx->cb_offset = *buf_ptr++;
310+ ctx->frame_flags = bytestream2_get_le16(&gb);
311+ ctx->data_size = (bytestream2_get_le32(&gb) + 7) >> 3;
312+ ctx->cb_offset = bytestream2_get_byte(&gb);
313
314 if (ctx->data_size == 16)
315 return 4;
316- if (ctx->data_size > buf_size)
317- ctx->data_size = buf_size;
318+ ctx->data_size = FFMIN(ctx->data_size, buf_size - 16);
319
320- buf_ptr += 3; // skip reserved byte and checksum
321+ bytestream2_skip(&gb, 3); // skip reserved byte and checksum
322
323 /* check frame dimensions */
324- height = bytestream_get_le16(&buf_ptr);
325- width = bytestream_get_le16(&buf_ptr);
326+ height = bytestream2_get_le16(&gb);
327+ width = bytestream2_get_le16(&gb);
328 if (av_image_check_size(width, height, 0, avctx))
329 return AVERROR_INVALIDDATA;
330
331@@ -920,9 +946,10 @@
332 avcodec_set_dimensions(avctx, width, height);
333 }
334
335- y_offset = bytestream_get_le32(&buf_ptr);
336- v_offset = bytestream_get_le32(&buf_ptr);
337- u_offset = bytestream_get_le32(&buf_ptr);
338+ y_offset = bytestream2_get_le32(&gb);
339+ v_offset = bytestream2_get_le32(&gb);
340+ u_offset = bytestream2_get_le32(&gb);
341+ bytestream2_skip(&gb, 4);
342
343 /* unfortunately there is no common order of planes in the buffer */
344 /* so we use that sorting algo for determining planes data sizes */
345@@ -941,6 +968,7 @@
346 ctx->v_data_size = ends[1] - starts[1];
347 ctx->u_data_size = ends[2] - starts[2];
348 if (FFMAX3(y_offset, v_offset, u_offset) >= ctx->data_size - 16 ||
349+ FFMIN3(y_offset, v_offset, u_offset) < gb.buffer - bs_hdr + 16 ||
350 FFMIN3(ctx->y_data_size, ctx->v_data_size, ctx->u_data_size) <= 0) {
351 av_log(avctx, AV_LOG_ERROR, "One of the y/u/v offsets is invalid\n");
352 return AVERROR_INVALIDDATA;
353@@ -949,7 +977,7 @@
354 ctx->y_data_ptr = bs_hdr + y_offset;
355 ctx->v_data_ptr = bs_hdr + v_offset;
356 ctx->u_data_ptr = bs_hdr + u_offset;
357- ctx->alt_quant = buf_ptr + sizeof(uint32_t);
358+ ctx->alt_quant = gb.buffer;
359
360 if (ctx->data_size == 16) {
361 av_log(avctx, AV_LOG_DEBUG, "Sync frame encountered!\n");
362
363=== modified file 'libavcodec/proresdec.c'
364--- libavcodec/proresdec.c 2011-12-30 23:45:34 +0000
365+++ libavcodec/proresdec.c 2013-07-10 23:28:31 +0000
366@@ -186,6 +186,8 @@
367 if (ctx->frame_type) { /* if interlaced */
368 ctx->picture.interlaced_frame = 1;
369 ctx->picture.top_field_first = ctx->frame_type & 1;
370+ } else {
371+ ctx->picture.interlaced_frame = 0;
372 }
373
374 ctx->alpha_info = buf[17] & 0xf;
375
376=== modified file 'libavcodec/qdm2.c'
377--- libavcodec/qdm2.c 2012-06-09 13:25:31 +0000
378+++ libavcodec/qdm2.c 2013-07-10 23:28:31 +0000
379@@ -1881,6 +1881,10 @@
380 av_log(avctx, AV_LOG_ERROR, "Unknown FFT order (%d), contact the developers!\n", s->fft_order);
381 return -1;
382 }
383+ if (s->fft_size != (1 << (s->fft_order - 1))) {
384+ av_log(avctx, AV_LOG_ERROR, "FFT size %d not power of 2.\n", s->fft_size);
385+ return AVERROR_INVALIDDATA;
386+ }
387
388 ff_rdft_init(&s->rdft_ctx, s->fft_order, IDFT_C2R);
389 ff_mpadsp_init(&s->mpadsp);
390
391=== modified file 'libavcodec/rv10.c'
392--- libavcodec/rv10.c 2013-03-27 07:57:15 +0000
393+++ libavcodec/rv10.c 2013-07-10 23:28:31 +0000
394@@ -341,6 +341,11 @@
395 f = get_bits(&s->gb, rpr_bits);
396
397 if(f){
398+ if (s->avctx->extradata_size < 8 + 2 * f) {
399+ av_log(s->avctx, AV_LOG_ERROR, "Extradata too small.\n");
400+ return AVERROR_INVALIDDATA;
401+ }
402+
403 new_w= 4*((uint8_t*)s->avctx->extradata)[6+2*f];
404 new_h= 4*((uint8_t*)s->avctx->extradata)[7+2*f];
405 }else{
406
407=== modified file 'libavfilter/avfiltergraph.c'
408--- libavfilter/avfiltergraph.c 2011-12-30 23:45:34 +0000
409+++ libavfilter/avfiltergraph.c 2013-07-10 23:28:31 +0000
410@@ -23,6 +23,7 @@
411 #include <ctype.h>
412 #include <string.h>
413
414+#include "libavutil/avstring.h"
415 #include "avfilter.h"
416 #include "avfiltergraph.h"
417 #include "internal.h"
418@@ -163,7 +164,11 @@
419 /* couldn't merge format lists. auto-insert scale filter */
420 snprintf(inst_name, sizeof(inst_name), "auto-inserted scaler %d",
421 scaler_count++);
422- snprintf(scale_args, sizeof(scale_args), "0:0:%s", graph->scale_sws_opts);
423+ av_strlcpy(scale_args, "0:0", sizeof(scale_args));
424+ if (graph->scale_sws_opts) {
425+ av_strlcat(scale_args, ":", sizeof(scale_args));
426+ av_strlcat(scale_args, graph->scale_sws_opts, sizeof(scale_args));
427+ }
428 if ((ret = avfilter_graph_create_filter(&scale, avfilter_get_by_name("scale"),
429 inst_name, scale_args, NULL, graph)) < 0)
430 return ret;
431
432=== modified file 'libavfilter/graphparser.c'
433--- libavfilter/graphparser.c 2011-12-30 23:45:34 +0000
434+++ libavfilter/graphparser.c 2013-07-10 23:28:31 +0000
435@@ -121,7 +121,8 @@
436 return ret;
437 }
438
439- if (!strcmp(filt_name, "scale") && args && !strstr(args, "flags")) {
440+ if (!strcmp(filt_name, "scale") && args && !strstr(args, "flags") &&
441+ ctx->scale_sws_opts) {
442 snprintf(tmp_args, sizeof(tmp_args), "%s:%s",
443 args, ctx->scale_sws_opts);
444 args = tmp_args;
445
446=== modified file 'libavformat/id3v2.c'
447--- libavformat/id3v2.c 2013-01-13 11:56:59 +0000
448+++ libavformat/id3v2.c 2013-07-10 23:28:31 +0000
449@@ -510,9 +510,10 @@
450 goto seek;
451 }
452 b = buffer;
453- while (avio_tell(s->pb) < end) {
454+ while (avio_tell(s->pb) < end && !s->pb->eof_reached) {
455 *b++ = avio_r8(s->pb);
456- if (*(b - 1) == 0xff && avio_tell(s->pb) < end - 1) {
457+ if (*(b - 1) == 0xff && avio_tell(s->pb) < end - 1 &&
458+ !s->pb->eof_reached ) {
459 uint8_t val = avio_r8(s->pb);
460 *b++ = val ? val : avio_r8(s->pb);
461 }
462
463=== modified file 'libavformat/oggparsevorbis.c'
464--- libavformat/oggparsevorbis.c 2013-03-24 07:35:51 +0000
465+++ libavformat/oggparsevorbis.c 2013-07-10 23:28:31 +0000
466@@ -188,7 +188,7 @@
467 return offset;
468 }
469
470-static int vorbis_cleanup(AVFormatContext *s, int idx)
471+static void vorbis_cleanup(AVFormatContext *s, int idx)
472 {
473 struct ogg *ogg = s->priv_data;
474 struct ogg_stream *os = ogg->streams + idx;
475
476=== modified file 'libavformat/oma.c'
477--- libavformat/oma.c 2011-12-30 23:45:34 +0000
478+++ libavformat/oma.c 2013-07-10 23:28:31 +0000
479@@ -22,7 +22,7 @@
480 #include "oma.h"
481 #include "libavcodec/avcodec.h"
482
483-const uint16_t ff_oma_srate_tab[6] = { 320, 441, 480, 882, 960, 0 };
484+const uint16_t ff_oma_srate_tab[8] = { 320, 441, 480, 882, 960, 0 };
485
486 const AVCodecTag ff_oma_codec_tags[] = {
487 { CODEC_ID_ATRAC3, OMA_CODECID_ATRAC3 },
488
489=== modified file 'libavformat/oma.h'
490--- libavformat/oma.h 2011-12-30 23:45:34 +0000
491+++ libavformat/oma.h 2013-07-10 23:28:31 +0000
492@@ -37,7 +37,7 @@
493 OMA_CODECID_WMA = 5,
494 };
495
496-extern const uint16_t ff_oma_srate_tab[6];
497+extern const uint16_t ff_oma_srate_tab[8];
498
499 extern const AVCodecTag ff_oma_codec_tags[];
500
501
502=== modified file 'libavformat/omadec.c'
503--- libavformat/omadec.c 2012-03-19 08:39:18 +0000
504+++ libavformat/omadec.c 2013-07-10 23:28:31 +0000
505@@ -302,7 +302,11 @@
506
507 switch (buf[32]) {
508 case OMA_CODECID_ATRAC3:
509- samplerate = ff_oma_srate_tab[(codec_params >> 13) & 7]*100;
510+ samplerate = ff_oma_srate_tab[(codec_params >> 13) & 7] * 100;
511+ if (!samplerate) {
512+ av_log(s, AV_LOG_ERROR, "Unsupported sample rate\n");
513+ return AVERROR_INVALIDDATA;
514+ }
515 if (samplerate != 44100)
516 av_log_ask_for_sample(s, "Unsupported sample rate: %d\n",
517 samplerate);
518@@ -332,9 +336,14 @@
519 case OMA_CODECID_ATRAC3P:
520 st->codec->channels = (codec_params >> 10) & 7;
521 framesize = ((codec_params & 0x3FF) * 8) + 8;
522- st->codec->sample_rate = ff_oma_srate_tab[(codec_params >> 13) & 7]*100;
523- st->codec->bit_rate = st->codec->sample_rate * framesize * 8 / 1024;
524- avpriv_set_pts_info(st, 64, 1, st->codec->sample_rate);
525+ samplerate = ff_oma_srate_tab[(codec_params >> 13) & 7] * 100;
526+ if (!samplerate) {
527+ av_log(s, AV_LOG_ERROR, "Unsupported sample rate\n");
528+ return AVERROR_INVALIDDATA;
529+ }
530+ st->codec->sample_rate = samplerate;
531+ st->codec->bit_rate = samplerate * framesize * 8 / 1024;
532+ avpriv_set_pts_info(st, 64, 1, samplerate);
533 av_log(s, AV_LOG_ERROR, "Unsupported codec ATRAC3+!\n");
534 break;
535 case OMA_CODECID_MP3:
536
537=== modified file 'libavformat/utils.c'
538--- libavformat/utils.c 2013-03-27 07:57:15 +0000
539+++ libavformat/utils.c 2013-07-10 23:28:31 +0000
540@@ -2712,6 +2712,7 @@
541 av_free_packet(&st->cur_pkt);
542 }
543 av_dict_free(&st->metadata);
544+ av_freep(&st->probe_data.buf);
545 av_free(st->index_entries);
546 av_free(st->codec->extradata);
547 av_free(st->codec->subtitle_header);
548
549=== modified file 'libavformat/wav.c'
550--- libavformat/wav.c 2012-11-06 11:03:10 +0000
551+++ libavformat/wav.c 2013-07-10 23:28:31 +0000
552@@ -230,6 +230,12 @@
553 return avio_rl32(pb);
554 }
555
556+/* RIFF chunks are always on a even offset. */
557+static int64_t wav_seek_tag(AVIOContext *s, int64_t offset, int whence)
558+{
559+ return avio_seek(s, offset + (offset & 1), whence);
560+}
561+
562 /* return the size of the found tag */
563 static int64_t find_tag(AVIOContext *pb, uint32_t tag1)
564 {
565@@ -242,7 +248,7 @@
566 size = next_tag(pb, &tag);
567 if (tag == tag1)
568 break;
569- avio_skip(pb, size);
570+ wav_seek_tag(pb, size, SEEK_CUR);
571 }
572 return size;
573 }
574@@ -483,7 +489,7 @@
575
576 /* seek to next tag unless we know that we'll run into EOF */
577 if ((avio_size(pb) > 0 && next_tag_ofs >= avio_size(pb)) ||
578- avio_seek(pb, next_tag_ofs, SEEK_SET) < 0) {
579+ wav_seek_tag(pb, next_tag_ofs, SEEK_SET) < 0) {
580 break;
581 }
582 }
583
584=== modified file 'libavformat/xmv.c'
585--- libavformat/xmv.c 2011-12-30 23:45:34 +0000
586+++ libavformat/xmv.c 2013-07-10 23:28:31 +0000
587@@ -126,6 +126,16 @@
588 return 0;
589 }
590
591+static int xmv_read_close(AVFormatContext *s)
592+{
593+ XMVDemuxContext *xmv = s->priv_data;
594+
595+ av_free(xmv->audio);
596+ av_free(xmv->audio_tracks);
597+
598+ return 0;
599+}
600+
601 static int xmv_read_header(AVFormatContext *s,
602 AVFormatParameters *ap)
603 {
604@@ -136,6 +146,7 @@
605 uint32_t file_version;
606 uint32_t this_packet_size;
607 uint16_t audio_track;
608+ int ret;
609
610 avio_skip(pb, 4); /* Next packet size */
611
612@@ -178,8 +189,10 @@
613 return AVERROR(ENOMEM);
614
615 xmv->audio = av_malloc(xmv->audio_track_count * sizeof(XMVAudioPacket));
616- if (!xmv->audio)
617- return AVERROR(ENOMEM);
618+ if (!xmv->audio) {
619+ ret = AVERROR(ENOMEM);
620+ goto fail;
621+ }
622
623 for (audio_track = 0; audio_track < xmv->audio_track_count; audio_track++) {
624 XMVAudioTrack *track = &xmv->audio_tracks[audio_track];
625@@ -212,9 +225,18 @@
626 av_log(s, AV_LOG_WARNING, "Unsupported 5.1 ADPCM audio stream "
627 "(0x%04X)\n", track->flags);
628
629+ if (!track->channels || !track->sample_rate) {
630+ av_log(s, AV_LOG_ERROR, "Invalid parameters for audio track %d.\n",
631+ audio_track);
632+ ret = AVERROR_INVALIDDATA;
633+ goto fail;
634+ }
635+
636 ast = avformat_new_stream(s, NULL);
637- if (!ast)
638- return AVERROR(ENOMEM);
639+ if (!ast) {
640+ ret = AVERROR(ENOMEM);
641+ goto fail;
642+ }
643
644 ast->codec->codec_type = AVMEDIA_TYPE_AUDIO;
645 ast->codec->codec_id = track->codec_id;
646@@ -240,6 +262,10 @@
647 xmv->stream_count = xmv->audio_track_count + 1;
648
649 return 0;
650+
651+fail:
652+ xmv_read_close(s);
653+ return ret;
654 }
655
656 static void xmv_read_extradata(uint8_t *extradata, AVIOContext *pb)
657@@ -547,16 +573,6 @@
658 return 0;
659 }
660
661-static int xmv_read_close(AVFormatContext *s)
662-{
663- XMVDemuxContext *xmv = s->priv_data;
664-
665- av_free(xmv->audio);
666- av_free(xmv->audio_tracks);
667-
668- return 0;
669-}
670-
671 AVInputFormat ff_xmv_demuxer = {
672 .name = "xmv",
673 .long_name = NULL_IF_CONFIG_SMALL("Microsoft XMV"),

Subscribers

People subscribed via source and target branches

to all changes: