Merge remote-tracking branch 'qatar/release/0.5' into release/0.5
* qatar/release/0.5:
Bump version number for 0.5.9 release.
png: check bit depth for PAL8/Y400A pixel formats.
tqi: Pass errors from the MB decoder
eatqi: move "block" variable into context to ensure sufficient alignment for idct_put for compilers/architectures that can not align stack variables that much. This is also consistent with similar code in eatgq.c
ea: check chunk_size for validity.
vfwcap: Include windows.h before vfw.h since the latter requires defines from the former. Patch by kemuri <kemuri9 at gmail dot com>
mingw32: merge checks for mingw-w64 and mingw32-runtime >= 3.15 into one
mingw32: properly check if vfw capture is supported by the system headers
Replace every usage of -lvfw32 with what is particularly necessary for that case: Avisynth -> -lavifil32 VFW Cap -> -lavicap32 Patch by kemuri <kemuri9 at gmail dot com>
configure: properly check for mingw-w64 through installed headers. mingw-w64 can also target 32-bit code.
qdm2: clip array indices returned by qdm2_get_vlc().
kmvc: Check palsize.
adpcm: ADPCM Electronic Arts has always two channels
h264: Add check for invalid chroma_format_idc
dpcm: ignore extra unpaired bytes in stereo streams.
Merged-by: Michael Niedermayer <michaelni@gmx.at>
diff --git a/configure b/configure
index 745d8fd..67cc2f6 100755
--- a/configure
+++ b/configure
@@ -1131,8 +1131,8 @@
sdp_demuxer_deps="rtp_protocol mpegts_demuxer"
v4l_demuxer_deps="linux_videodev_h"
v4l2_demuxer_deps_any="linux_videodev2_h sys_videoio_h"
-vfwcap_demuxer_deps="capCreateCaptureWindow"
-vfwcap_demuxer_extralibs="-lvfw32"
+vfwcap_demuxer_deps="capCreateCaptureWindow vfwcap_defines"
+vfwcap_demuxer_extralibs="-lavicap32"
x11_grab_device_demuxer_deps="x11grab XShmCreateImage"
x11_grab_device_demuxer_extralibs="-lX11 -lXext"
@@ -1611,13 +1611,9 @@
objformat="win32"
enable dos_paths
check_cflags -fno-common
- if ! enabled x86_64; then
- check_cpp_condition _mingw.h "(__MINGW32_MAJOR_VERSION > 3) || (__MINGW32_MAJOR_VERSION == 3 && __MINGW32_MINOR_VERSION >= 15)" ||
+ check_cpp_condition _mingw.h "defined (__MINGW64_VERSION_MAJOR) || (__MINGW32_MAJOR_VERSION > 3) \
+ || (__MINGW32_MAJOR_VERSION == 3 && __MINGW32_MINOR_VERSION >= 15)" ||
die "ERROR: MinGW runtime version must be >= 3.15."
- enabled_any avisynth vfwcap_demuxer &&
- { check_cpp_condition w32api.h "(__W32API_MAJOR_VERSION > 3) || (__W32API_MAJOR_VERSION == 3 && __W32API_MINOR_VERSION >= 13)" ||
- die "ERROR: avisynth and vfwcap_demuxer require w32api version 3.13 or later."; }
- fi
;;
cygwin*)
target_os=cygwin
@@ -2022,7 +2018,7 @@
done
# these are off by default, so fail if requested and not available
-enabled avisynth && require2 vfw32 "windows.h vfw.h" AVIFileInit -lvfw32
+enabled avisynth && require2 vfw32 "windows.h vfw.h" AVIFileInit -lavifil32
enabled libamr_nb && require libamrnb amrnb/interf_dec.h Speech_Decode_Frame_init -lamrnb -lm
enabled libamr_wb && require libamrwb amrwb/dec_if.h D_IF_init -lamrwb -lm
enabled libdirac && add_cflags $(pkg-config --cflags dirac) &&
@@ -2149,7 +2145,10 @@
check_header linux/videodev2.h
check_header sys/videoio.h
-check_func_headers "windows.h vfw.h" capCreateCaptureWindow -lvfw32
+check_func_headers "windows.h vfw.h" capCreateCaptureWindow -lavicap32
+# check that WM_CAP_DRIVER_CONNECT is defined to the proper value
+# w32api 3.12 had it defined wrong
+check_cpp_condition vfw.h "WM_CAP_DRIVER_CONNECT > WM_USER" && enable vfwcap_defines
# check for ioctl_meteor.h, ioctl_bt848.h and alternatives
{ check_header dev/bktr/ioctl_meteor.h &&
diff --git a/libavcodec/adpcm.c b/libavcodec/adpcm.c
index 994c0c6..8eff05e 100644
--- a/libavcodec/adpcm.c
+++ b/libavcodec/adpcm.c
@@ -667,17 +667,23 @@
static av_cold int adpcm_decode_init(AVCodecContext * avctx)
{
ADPCMContext *c = avctx->priv_data;
+ unsigned int min_channels = 1;
unsigned int max_channels = 2;
switch(avctx->codec->id) {
+ case CODEC_ID_ADPCM_EA:
+ min_channels = 2;
+ break;
case CODEC_ID_ADPCM_EA_R1:
case CODEC_ID_ADPCM_EA_R2:
case CODEC_ID_ADPCM_EA_R3:
max_channels = 6;
break;
}
- if(avctx->channels > max_channels){
- return -1;
+
+ if (avctx->channels < min_channels || avctx->channels > max_channels) {
+ av_log(avctx, AV_LOG_ERROR, "Invalid number of channels\n");
+ return AVERROR(EINVAL);
}
switch(avctx->codec->id) {
diff --git a/libavcodec/dpcm.c b/libavcodec/dpcm.c
index daa21cd..a364864 100644
--- a/libavcodec/dpcm.c
+++ b/libavcodec/dpcm.c
@@ -167,6 +167,7 @@
int in, out = 0;
int predictor[2];
int channel_number = 0;
+ int stereo = s->channels - 1;
short *output_samples = data;
int shift[2];
unsigned char byte;
@@ -175,6 +176,9 @@
if (!buf_size)
return 0;
+ if (stereo && (buf_size & 1))
+ buf_size--;
+
// almost every DPCM variant expands one byte of data into two
if(*data_size/2 < buf_size)
return -1;
diff --git a/libavcodec/eatqi.c b/libavcodec/eatqi.c
index 66123a2..e3c06c0 100644
--- a/libavcodec/eatqi.c
+++ b/libavcodec/eatqi.c
@@ -40,6 +40,7 @@
AVFrame frame;
uint8_t *bitstream_buf;
unsigned int bitstream_buf_size;
+ DECLARE_ALIGNED_16(DCTELEM, block[6][64]);
} TqiContext;
static av_cold int tqi_decode_init(AVCodecContext *avctx)
@@ -58,12 +59,15 @@
return 0;
}
-static void tqi_decode_mb(MpegEncContext *s, DCTELEM (*block)[64])
+static int tqi_decode_mb(MpegEncContext *s, DCTELEM (*block)[64])
{
int n;
s->dsp.clear_blocks(block[0]);
for (n=0; n<6; n++)
- ff_mpeg1_decode_block_intra(s, block[n], n);
+ if (ff_mpeg1_decode_block_intra(s, block[n], n) < 0)
+ return -1;
+
+ return 0;
}
static inline void tqi_idct_put(TqiContext *t, DCTELEM (*block)[64])
@@ -106,7 +110,6 @@
const uint8_t *buf_end = buf+buf_size;
TqiContext *t = avctx->priv_data;
MpegEncContext *s = &t->s;
- DECLARE_ALIGNED_16(DCTELEM, block[6][64]);
s->width = AV_RL16(&buf[0]);
s->height = AV_RL16(&buf[2]);
@@ -134,8 +137,9 @@
for (s->mb_y=0; s->mb_y<(avctx->height+15)/16; s->mb_y++)
for (s->mb_x=0; s->mb_x<(avctx->width+15)/16; s->mb_x++)
{
- tqi_decode_mb(s, block);
- tqi_idct_put(t, block);
+ if (tqi_decode_mb(s, t->block) < 0)
+ break;
+ tqi_idct_put(t, t->block);
}
*data_size = sizeof(AVFrame);
diff --git a/libavcodec/h264.c b/libavcodec/h264.c
index aaa8ad7..48c8028 100644
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@@ -7134,8 +7134,12 @@
if(sps->profile_idc >= 100){ //high profile
sps->chroma_format_idc= get_ue_golomb_31(&s->gb);
- if(sps->chroma_format_idc == 3)
+ if(sps->chroma_format_idc > 3) {
+ av_log(h->s.avctx, AV_LOG_ERROR, "chroma_format_idc (%u) out of range\n", sps->chroma_format_idc);
+ return -1;
+ } else if(sps->chroma_format_idc == 3) {
sps->residual_color_transform_flag = get_bits1(&s->gb);
+ }
sps->bit_depth_luma = get_ue_golomb(&s->gb) + 8;
sps->bit_depth_chroma = get_ue_golomb(&s->gb) + 8;
sps->transform_bypass = get_bits1(&s->gb);
diff --git a/libavcodec/kmvc.c b/libavcodec/kmvc.c
index 30939ab..69b5937 100644
--- a/libavcodec/kmvc.c
+++ b/libavcodec/kmvc.c
@@ -33,6 +33,7 @@
#define KMVC_KEYFRAME 0x80
#define KMVC_PALETTE 0x40
#define KMVC_METHOD 0x0F
+#define MAX_PALSIZE 256
/*
* Decoder context
@@ -43,7 +44,7 @@
int setpal;
int palsize;
- uint32_t pal[256];
+ uint32_t pal[MAX_PALSIZE];
uint8_t *cur, *prev;
uint8_t *frm0, *frm1;
} KmvcContext;
@@ -366,6 +367,10 @@
c->palsize = 127;
} else {
c->palsize = AV_RL16(avctx->extradata + 10);
+ if (c->palsize >= MAX_PALSIZE) {
+ av_log(avctx, AV_LOG_ERROR, "KMVC palette too large\n");
+ return AVERROR_INVALIDDATA;
+ }
}
if (avctx->extradata_size == 1036) { // palette in extradata
diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c
index a343152..d583a52 100644
--- a/libavcodec/pngdec.c
+++ b/libavcodec/pngdec.c
@@ -473,7 +473,8 @@
} else if (s->bit_depth == 1 &&
s->color_type == PNG_COLOR_TYPE_GRAY) {
avctx->pix_fmt = PIX_FMT_MONOBLACK;
- } else if (s->color_type == PNG_COLOR_TYPE_PALETTE) {
+ } else if (s->bit_depth == 8 &&
+ s->color_type == PNG_COLOR_TYPE_PALETTE) {
avctx->pix_fmt = PIX_FMT_PAL8;
} else {
goto fail;
diff --git a/libavcodec/qdm2.c b/libavcodec/qdm2.c
index 8567ea8..e2f1a87 100644
--- a/libavcodec/qdm2.c
+++ b/libavcodec/qdm2.c
@@ -905,9 +905,13 @@
break;
case 30:
- if (BITS_LEFT(length,gb) >= 4)
- samples[0] = type30_dequant[qdm2_get_vlc(gb, &vlc_tab_type30, 0, 1)];
- else
+ if (BITS_LEFT(length,gb) >= 4) {
+ unsigned index = qdm2_get_vlc(gb, &vlc_tab_type30, 0, 1);
+ if (index < FF_ARRAY_ELEMS(type30_dequant)) {
+ samples[0] = type30_dequant[index];
+ } else
+ samples[0] = SB_DITHERING_NOISE(sb,q->noise_idx);
+ } else
samples[0] = SB_DITHERING_NOISE(sb,q->noise_idx);
run = 1;
@@ -921,8 +925,12 @@
type34_predictor = samples[0];
type34_first = 0;
} else {
- samples[0] = type34_delta[qdm2_get_vlc(gb, &vlc_tab_type34, 0, 1)] / type34_div + type34_predictor;
- type34_predictor = samples[0];
+ unsigned index = qdm2_get_vlc(gb, &vlc_tab_type34, 0, 1);
+ if (index < FF_ARRAY_ELEMS(type34_delta)) {
+ samples[0] = type34_delta[index] / type34_div + type34_predictor;
+ type34_predictor = samples[0];
+ } else
+ samples[0] = SB_DITHERING_NOISE(sb,q->noise_idx);
}
} else {
samples[0] = SB_DITHERING_NOISE(sb,q->noise_idx);
diff --git a/libavdevice/vfwcap.c b/libavdevice/vfwcap.c
index 4b6f73b..e415b74 100644
--- a/libavdevice/vfwcap.c
+++ b/libavdevice/vfwcap.c
@@ -20,8 +20,8 @@
*/
#include "libavformat/avformat.h"
-#include <vfw.h>
#include <windows.h>
+#include <vfw.h>
//#define DEBUG_VFW
diff --git a/libavformat/electronicarts.c b/libavformat/electronicarts.c
index fe19e70..ad63c56 100644
--- a/libavformat/electronicarts.c
+++ b/libavformat/electronicarts.c
@@ -448,12 +448,17 @@
while (!packet_read) {
chunk_type = get_le32(pb);
- chunk_size = (ea->big_endian ? get_be32(pb) : get_le32(pb)) - 8;
+ chunk_size = ea->big_endian ? get_be32(pb) : get_le32(pb);
+ if (chunk_size <= 8)
+ return AVERROR_INVALIDDATA;
+ chunk_size -= 8;
switch (chunk_type) {
/* audio data */
case ISNh_TAG:
/* header chunk also contains data; skip over the header portion*/
+ if (chunk_size < 32)
+ return AVERROR_INVALIDDATA;
url_fskip(pb, 32);
chunk_size -= 32;
case ISNd_TAG:
