From 6f5ff9b84f6e3ad68f3e777622282d5db6ccc0e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= Date: Sat, 9 Nov 2013 17:00:42 +0100 Subject: Imported Upstream version 1.2.1 --- ChangeLog | 92 +++++++++++++++++- NEWS | 123 +----------------------- common/m4/gst-glib2.m4 | 4 +- config.guess | 8 +- config.sub | 13 ++- configure | 37 +++---- configure.ac | 7 +- ext/libav/gstavauddec.c | 1 + ext/libav/gstavcodecmap.c | 58 +++++++---- ext/libav/gstavviddec.c | 27 +++++- gst-libav.doap | 10 ++ gst-libav.spec | 2 +- gst-libs/ext/libav/Changelog | 75 ++++++++++++++- gst-libs/ext/libav/RELEASE | 2 +- gst-libs/ext/libav/libavcodec/alac.c | 3 + gst-libs/ext/libav/libavcodec/asvdec.c | 5 + gst-libs/ext/libav/libavcodec/cavsdec.c | 5 + gst-libs/ext/libav/libavcodec/dcadec.c | 5 + gst-libs/ext/libav/libavcodec/eacmv.c | 7 +- gst-libs/ext/libav/libavcodec/ffv1.c | 4 + gst-libs/ext/libav/libavcodec/fraps.c | 35 ++++--- gst-libs/ext/libav/libavcodec/h263dec.c | 13 --- gst-libs/ext/libav/libavcodec/ivi_common.c | 5 + gst-libs/ext/libav/libavcodec/mace.c | 4 +- gst-libs/ext/libav/libavcodec/mpeg4videodec.c | 12 ++- gst-libs/ext/libav/libavcodec/mpegaudiodec.c | 3 +- gst-libs/ext/libav/libavcodec/mpegvideo.c | 16 +-- gst-libs/ext/libav/libavcodec/pcx.c | 9 +- gst-libs/ext/libav/libavcodec/pngdec.c | 4 + gst-libs/ext/libav/libavcodec/qpeg.c | 4 + gst-libs/ext/libav/libavcodec/rpza.c | 2 +- gst-libs/ext/libav/libavcodec/rv10.c | 5 +- gst-libs/ext/libav/libavcodec/rv30.c | 4 +- gst-libs/ext/libav/libavcodec/rv40.c | 4 +- gst-libs/ext/libav/libavcodec/shorten.c | 33 ++++--- gst-libs/ext/libav/libavcodec/smacker.c | 6 ++ gst-libs/ext/libav/libavcodec/svq3.c | 9 +- gst-libs/ext/libav/libavcodec/truemotion2.c | 16 +-- gst-libs/ext/libav/libavcodec/twinvq.c | 4 + gst-libs/ext/libav/libavcodec/vc1dec.c | 32 +++++- gst-libs/ext/libav/libavcodec/vp3.c | 4 + gst-libs/ext/libav/libavcodec/wnv1.c | 5 + gst-libs/ext/libav/libavcodec/xan.c | 34 +++---- gst-libs/ext/libav/libavcodec/xxan.c | 4 + gst-libs/ext/libav/libavcodec/zmbv.c | 5 +- gst-libs/ext/libav/libavformat/ape.c | 2 +- gst-libs/ext/libav/libavformat/asfdec.c | 4 +- gst-libs/ext/libav/libavformat/avidec.c | 6 +- gst-libs/ext/libav/libavformat/bfi.c | 11 ++- gst-libs/ext/libav/libavformat/dsicin.c | 2 + gst-libs/ext/libav/libavformat/electronicarts.c | 17 +++- gst-libs/ext/libav/libavformat/idroqdec.c | 7 ++ gst-libs/ext/libav/libavformat/matroskadec.c | 4 + gst-libs/ext/libav/libavformat/mov.c | 8 +- gst-libs/ext/libav/libavformat/mpc8.c | 9 ++ gst-libs/ext/libav/libavformat/mvi.c | 6 ++ gst-libs/ext/libav/libavformat/mxfdec.c | 10 +- gst-libs/ext/libav/libavformat/oggparseogm.c | 52 +++++----- gst-libs/ext/libav/libavformat/omadec.c | 6 +- gst-libs/ext/libav/libavformat/r3d.c | 6 +- gst-libs/ext/libav/libavformat/riff.c | 5 + gst-libs/ext/libav/libavformat/rl2.c | 4 + gst-libs/ext/libav/libavformat/rmdec.c | 9 +- gst-libs/ext/libav/libavformat/segafilm.c | 5 + gst-libs/ext/libav/libavformat/sierravmd.c | 22 +++-- gst-libs/ext/libav/libavformat/smacker.c | 4 +- gst-libs/ext/libav/libavformat/utils.c | 3 +- gst-libs/ext/libav/libavformat/vocdec.c | 10 +- gst-libs/ext/libav/libavformat/vqf.c | 11 +++ gst-libs/ext/libav/libavformat/wtv.c | 7 +- gst-libs/ext/libav/libavformat/xmv.c | 7 +- gst-libs/ext/libav/libavformat/xwma.c | 8 ++ gst-libs/ext/libav/tests/ref/fate/mxf-demux | 6 +- gst-libs/ext/libav/tests/ref/seek/lavf-mxf | 18 ++-- gst-libs/ext/libav/tests/ref/seek/lavf-mxf_d10 | 30 +++--- 75 files changed, 702 insertions(+), 357 deletions(-) diff --git a/ChangeLog b/ChangeLog index a856289..d1c26ac 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,9 +1,97 @@ +=== release 1.2.1 === + +2013-11-09 Sebastian Dröge + + * configure.ac: + releasing 1.2.1 + +2013-11-04 23:20:17 +0000 Tim-Philipp Müller + + * ext/libav/gstavcodecmap.c: + avaudec: don't put bogus 0 channel-mask on output caps for mono audio + +2013-10-15 09:28:08 +0200 Sebastian Dröge + + * gst-libs/ext/libav: + libav: Update to v9.10 + +2013-10-02 13:59:04 +0200 Sebastian Dröge + + * ext/libav/gstavcodecmap.c: + avcodecmap: gst_value_can_intersect() does not do what you would think + Check for uniqueness differently now. + +2013-10-02 12:57:36 +0200 Sebastian Dröge + + * ext/libav/gstavcodecmap.c: + avcodecmap: Only append values to the video/audio format lists if we don't have them already + +2013-10-02 12:52:35 +0200 Sebastian Dröge + + * ext/libav/gstavviddec.c: + avviddec: Reset some more fields in ::stop() + +2013-10-02 12:51:40 +0200 Sebastian Dröge + + * ext/libav/gstavviddec.c: + avviddec: Don't believe we're negotiated if negotiation failed + It can happen that negotiation fails during get_buffer(), but then + we don't retry later and never return NOT_NEGOTIATED upstream... + and instead run into assertions. + +2013-10-02 12:45:44 +0200 Sebastian Dröge + + * ext/libav/gstavauddec.c: + avauddec: Don't believe we're negotiated if negotiation failed + It can happen that negotiation fails during get_buffer(), but then + we don't retry later and never return NOT_NEGOTIATED upstream... + and instead run into assertions. + https://bugzilla.gnome.org/show_bug.cgi?id=708769 + +2013-10-01 22:38:32 +0200 Sebastian Dröge + + * ext/libav/gstavcodecmap.c: + avenc: Choose 25 fps if we don't have any in the caps + Some encoders require a non-zero framerate to be configured properly + and just choosing something will make them not fail completely at + least. + https://bugzilla.gnome.org/show_bug.cgi?id=708732 + +2013-10-03 15:25:30 +0100 Matthieu Bouron + + * ext/libav/gstavcodecmap.c: + avcodecmap: Make avdec_mjpeg requires a parsed input + Actually avdec_mjpeg does not deal well with incomplete buffers and try + to decode incomplete frames. A parser which will also acts as + an accumulator needs to be inserted before it. + https://bugzilla.gnome.org/show_bug.cgi?id=709352 + +2013-09-23 15:19:51 +0200 Sebastian Dröge + + * ext/libav/gstavcodecmap.c: + avcodecmap: Fix boolean expression to fix uninitialized usage of variables + +2013-09-23 15:08:18 +0200 Sebastian Dröge + + * configure.ac: + configure: Chose right target-os for iOS + +2013-09-24 17:26:35 +0100 Tim-Philipp Müller + + * common: + Automatic update of common submodule + From 6b03ba7 to 7412249 + === release 1.2.0 === -2013-09-24 Sebastian Dröge +2013-09-24 14:42:30 +0200 Sebastian Dröge + * ChangeLog: + * NEWS: + * RELEASE: * configure.ac: - releasing 1.2.0 + * gst-libav.doap: + Release 1.2.0 2013-09-20 16:18:03 +0200 Edward Hervey diff --git a/NEWS b/NEWS index 08aeab3..4ce6afb 100644 --- a/NEWS +++ b/NEWS @@ -1,123 +1,2 @@ -This is GStreamer Libav Plugins 1.2.0 - -Changes since 1.0: - -New API: - • GstContext negotiation / sharing / announcing for sharing a - generic context between elements, e.g. a display handle - • GL texture upload conversion meta for allowing different - buffer types to be converted to an OpenGL texture - • GstCapsFeatures as extension to GstCaps for allowing the - negotiation of specific memory or meta requirements between - elements - • GstMemory flags for contiguous and non-mappable memory - • The stream-start event has optional flags now, e.g. for signalling - sparse streams - • The stream-start even has an optional group-id field now to signal - all streams that should be played together - • Allocators library in gst-plugins-base, currently only with generic - dmabuf memory support - • insertbin library for easier handling of dynamically linked - pipelines (in -bad for now) - • EGL helper library (in -bad for now) - • MPEG-TS data structure library (in -bad for now) - • New GstVideoRegionOfInterestMeta to describe a region of interest on - video frames. - • GstVideoDecoder/Encoder has new ::flush() vfunc to replace the - ill-defined ::reset() vfunc. - • The URI query allows to query the redirected URI now. - -Major changes: - • New tool: gst-play-1.0 in gst-plugins-base for basic playback - testing on the command line. - • New plugins: - ∘ mssdemux for Microsoft Smooth Streaming - ∘ dashdemux for DASH adaptive streaming protocol - ∘ bluez for interaction with Bluetooth devices - ∘ openjpeg for JPEG2000 decoding and encoding - ∘ daala for experimental Daala decoding and encoding - ∘ vpx plugin has experimental VP9 decoding and encoding support - ∘ webp plugin for WebP decoding (encoding to be added later) - ∘ Various others: yadif, srtp, sbc, fluidsynth, midiparse, - mfc, ivtv, accuraterip and audiofxbad - - • Moved plugins: - ∘ dtmf, vp8rtp, scaletempo and rtpmux plugins are in - gst-plugins-good now - - • Video: - ∘ Fix handling of interlaced video in converters such as videoscale - and videoconvert (e.g. scale both fields independently) - ∘ videoconvert will try harder to minimise quality losses when - conversion is necessary - ∘ The experimental GstSurfaceConverter, GstSurfaceMeta and - GstVideoContext APIs from the (confusingly-named) - libgstbasevideo-1.0 library in gst-plugins-bad have now been - removed and been replaced by new APIs in GStreamer Core and - gst-plugins-base (see above). Since that was all that was left in - this library, the entire experimental libgstbasevideo-1.0 library - has been removed from gst-plugins-bad - ∘ Chroma subsampling and chroma siting conversion is better handled - in videoconvert and the support for interlaced video was improved. - ∘ New pinwheel and spoke patterns in videotestsrc - ∘ videomixer can now accept different video formats on its sinkpads - and converts to a common format during mixing - - • Audio: - ∘ audioconvert will try harder to minimise quality losses when - conversion is necessary - ∘ adder now allows muting/unmuting of its input streams, and also - per-input stream volume - ∘ pulseaudio elements can switch between devices during playback now - ∘ aacparse can convert between ADTS←→RAW - - • Platform specific changes: - ∘ Caps, events, etc. are now printed in the GStreamer debug logs - with their content instead of just the pointer address even on - non-glibc platforms (e.g. Windows, OSX, Android). - ∘ Network elements (UDP/TCP) now work better with platforms, - where IPv6 sockets can't handle IPv4 (e.g. Windows) - ∘ Linux/BSD: v4l2 had many improvements and cleanups - - • Other changes: - ∘ gst-libav now uses libav 9 - ∘ Static linking of plugins is supported now (also in 1.0.7) - ∘ rtspsrc: add support for NetClientClock: when the server suggests a - GstNetTimeProvider in the SDP, set up a GstNetClientClock that - slaves to the remote clock and suggest this clock in provide_clock. - Simplifies synchronized playback of a resource from an RTSP server. - gst-rtsp-server now supports adding this to the SDP and can provide - a network clock - ∘ RTP retransmission / NACK support and big RTP jitterbuffer improvements - ∘ SRTP and DTLS support - ∘ Changes to many elements and core to use the correct sticky event - order and also not lose any important sticky events during flushing - ∘ >1000 fixed bug reports, and many other bug fixes and other - improvements everywhere that had no bug report - -Things to look out for: - • Single header includes for all libraries, e.g. #include - - this was needed for some bindings. - • Stricter (correct) caps subset checking in some cases where this was - not correct before. Caps will now always fail to be a compatible - subset of another set of caps if the subset caps are missing some - fields that the superset caps have. This might lead to not-negotiated - errors if caps are incomplete now. However, it also prevents possible - data corruption caused by piping data formatted in an - incompatible/unexpected way into some elements. Check your h264 caps - for stream-format and alignment fields and AAC caps for the - stream-format field. This change will also be included in the next - stable 1.0.8 release. - • Stricter checking for missing events and correct sticky event order - (stream-start, caps, segment) in some places; this is not enabled in - stable releases by default, but you may get warnings when using git - builds, development releases or when compiling with - -UG_DISABLE_ASSERT in CFLAGS - • x264enc now outputs data in byte-stream by default if downstream has - ANY caps (e.g. appsink without caps set, filesink, udpsink, - tcpserversink etc.) - • The MPEG TS demuxer posts messages contain the PMT, PAT, etc. in a - different format now. This new format uses the data structures from - the new MPEGTS library - • The GstContext API has changed between 1.1.4 and 1.1.90 +This is GStreamer Libav Plugins 1.2.1 diff --git a/common/m4/gst-glib2.m4 b/common/m4/gst-glib2.m4 index 0b92734..3af5547 100644 --- a/common/m4/gst-glib2.m4 +++ b/common/m4/gst-glib2.m4 @@ -34,7 +34,7 @@ AC_DEFUN([AG_GST_GLIB_CHECK], AC_ARG_ENABLE(gobject-cast-checks, AS_HELP_STRING([--enable-gobject-cast-checks[=@<:@no/auto/yes@:>@]], - [Enable GObject cast checks]),, + [Enable GObject cast checks]),[enable_gobject_cast_checks=$enableval], [enable_gobject_cast_checks=auto]) if test "x$enable_gobject_cast_checks" = "xauto"; then @@ -52,7 +52,7 @@ AC_DEFUN([AG_GST_GLIB_CHECK], AC_ARG_ENABLE(glib-asserts, AS_HELP_STRING([--enable-glib-asserts[=@<:@no/auto/yes@:>@]], - [Enable GLib assertion]),, + [Enable GLib assertion]),[enable_glib_assertions=$enableval], [enable_glib_assertions=auto]) if test "x$enable_glib_assertions" = "xauto"; then diff --git a/config.guess b/config.guess index 120cc0d..b79252d 100755 --- a/config.guess +++ b/config.guess @@ -2,7 +2,7 @@ # Attempt to guess a canonical system name. # Copyright 1992-2013 Free Software Foundation, Inc. -timestamp='2013-05-16' +timestamp='2013-06-10' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -995,6 +995,12 @@ EOF ppc:Linux:*:*) echo powerpc-unknown-linux-${LIBC} exit ;; + ppc64le:Linux:*:*) + echo powerpc64le-unknown-linux-${LIBC} + exit ;; + ppcle:Linux:*:*) + echo powerpcle-unknown-linux-${LIBC} + exit ;; s390:Linux:*:* | s390x:Linux:*:*) echo ${UNAME_MACHINE}-ibm-linux-${LIBC} exit ;; diff --git a/config.sub b/config.sub index 8b612ab..9633db7 100755 --- a/config.sub +++ b/config.sub @@ -2,7 +2,7 @@ # Configuration validation subroutine script. # Copyright 1992-2013 Free Software Foundation, Inc. -timestamp='2013-04-24' +timestamp='2013-08-10' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -257,7 +257,7 @@ case $basic_machine in | avr | avr32 \ | be32 | be64 \ | bfin \ - | c4x | clipper \ + | c4x | c8051 | clipper \ | d10v | d30v | dlx | dsp16xx \ | epiphany \ | fido | fr30 | frv \ @@ -372,7 +372,7 @@ case $basic_machine in | be32-* | be64-* \ | bfin-* | bs2000-* \ | c[123]* | c30-* | [cjt]90-* | c4x-* \ - | clipper-* | craynv-* | cydra-* \ + | c8051-* | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ | elxsi-* \ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ @@ -794,7 +794,7 @@ case $basic_machine in os=-mingw64 ;; mingw32) - basic_machine=i386-pc + basic_machine=i686-pc os=-mingw32 ;; mingw32ce) @@ -830,7 +830,7 @@ case $basic_machine in basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` ;; msys) - basic_machine=i386-pc + basic_machine=i686-pc os=-msys ;; mvs) @@ -1546,6 +1546,9 @@ case $basic_machine in c4x-* | tic4x-*) os=-coff ;; + c8051-*) + os=-elf + ;; hexagon-*) os=-elf ;; diff --git a/configure b/configure index ffe04a2..58b17c1 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for GStreamer libav 1.2.0. +# Generated by GNU Autoconf 2.69 for GStreamer libav 1.2.1. # # Report bugs to . # @@ -591,8 +591,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='GStreamer libav' PACKAGE_TARNAME='gst-libav' -PACKAGE_VERSION='1.2.0' -PACKAGE_STRING='GStreamer libav 1.2.0' +PACKAGE_VERSION='1.2.1' +PACKAGE_STRING='GStreamer libav 1.2.1' PACKAGE_BUGREPORT='http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer' PACKAGE_URL='' @@ -1519,7 +1519,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures GStreamer libav 1.2.0 to adapt to many kinds of systems. +\`configure' configures GStreamer libav 1.2.1 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1590,7 +1590,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of GStreamer libav 1.2.0:";; + short | recursive ) echo "Configuration of GStreamer libav 1.2.1:";; esac cat <<\_ACEOF @@ -1759,7 +1759,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -GStreamer libav configure 1.2.0 +GStreamer libav configure 1.2.1 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2174,7 +2174,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by GStreamer libav $as_me 1.2.0, which was +It was created by GStreamer libav $as_me 1.2.1, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3152,7 +3152,7 @@ fi # Define the identity of the package. PACKAGE='gst-libav' - VERSION='1.2.0' + VERSION='1.2.1' cat >>confdefs.h <<_ACEOF @@ -3362,9 +3362,9 @@ END fi - PACKAGE_VERSION_MAJOR=$(echo 1.2.0 | cut -d'.' -f1) - PACKAGE_VERSION_MINOR=$(echo 1.2.0 | cut -d'.' -f2) - PACKAGE_VERSION_MICRO=$(echo 1.2.0 | cut -d'.' -f3) + PACKAGE_VERSION_MAJOR=$(echo 1.2.1 | cut -d'.' -f1) + PACKAGE_VERSION_MINOR=$(echo 1.2.1 | cut -d'.' -f2) + PACKAGE_VERSION_MICRO=$(echo 1.2.1 | cut -d'.' -f3) @@ -3375,7 +3375,7 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking nano version" >&5 $as_echo_n "checking nano version... " >&6; } - NANO=$(echo 1.2.0 | cut -d'.' -f4) + NANO=$(echo 1.2.1 | cut -d'.' -f4) if test x"$NANO" = x || test "x$NANO" = "x0" ; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: 0 (release)" >&5 @@ -8021,10 +8021,10 @@ fi done - GST_CURRENT=200 + GST_CURRENT=201 GST_REVISION=0 - GST_AGE=200 - GST_LIBVERSION=200:0:200 + GST_AGE=201 + GST_LIBVERSION=201:0:201 @@ -17472,6 +17472,9 @@ fi *android*) target_os=linux ;; + *darwin*) + target_os=darwin + ;; *) target_os=`echo $host_os | sed 's/-gnu//'` ;; @@ -18230,7 +18233,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by GStreamer libav $as_me 1.2.0, which was +This file was extended by GStreamer libav $as_me 1.2.1, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -18296,7 +18299,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -GStreamer libav config.status 1.2.0 +GStreamer libav config.status 1.2.1 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 659ea2a..eb3e481 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ AC_PREREQ(2.62) dnl initialize autoconf dnl when going to/from release please set the nano (fourth number) right ! dnl releases only do Wall, cvs and prerelease does Werror too -AC_INIT(GStreamer libav, 1.2.0, +AC_INIT(GStreamer libav, 1.2.1, http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer, gst-libav) @@ -42,7 +42,7 @@ GST_API_VERSION=1.0 AC_SUBST(GST_API_VERSION) AG_GST_LIBTOOL_PREPARE -AS_LIBTOOL(GST, 200, 0, 200) +AS_LIBTOOL(GST, 201, 0, 201) dnl *** required versions of GStreamer stuff *** GST_REQ=1.2.0 @@ -355,6 +355,9 @@ else *android*) target_os=linux ;; + *darwin*) + target_os=darwin + ;; *) target_os=`echo $host_os | sed 's/-gnu//'` ;; diff --git a/ext/libav/gstavauddec.c b/ext/libav/gstavauddec.c index 627dc93..f195ca0 100644 --- a/ext/libav/gstavauddec.c +++ b/ext/libav/gstavauddec.c @@ -441,6 +441,7 @@ caps_failed: GST_ELEMENT_ERROR (ffmpegdec, CORE, NEGOTIATION, (NULL), ("Could not set caps for libav decoder (%s), not fixed?", oclass->in_plugin->name)); + memset (&ffmpegdec->info, 0, sizeof (ffmpegdec->info)); return FALSE; } diff --git a/ext/libav/gstavcodecmap.c b/ext/libav/gstavcodecmap.c index 4818329..c247d01 100644 --- a/ext/libav/gstavcodecmap.c +++ b/ext/libav/gstavcodecmap.c @@ -159,6 +159,22 @@ gst_ffmpeg_channel_layout_to_gst (guint64 channel_layout, gint channels, return TRUE; } +static gboolean +_gst_value_list_contains (const GValue * list, const GValue * value) +{ + guint i, n; + const GValue *tmp; + + n = gst_value_list_get_size (list); + for (i = 0; i < n; i++) { + tmp = gst_value_list_get_value (list, i); + if (gst_value_compare (value, tmp) == GST_VALUE_EQUAL) + return TRUE; + } + + return FALSE; +} + static void gst_ffmpeg_video_set_pix_fmts (GstCaps * caps, const enum AVPixelFormat *fmts) { @@ -191,7 +207,9 @@ gst_ffmpeg_video_set_pix_fmts (GstCaps * caps, const enum AVPixelFormat *fmts) format = gst_ffmpeg_pixfmt_to_videoformat (*fmts); if (format != GST_VIDEO_FORMAT_UNKNOWN) { g_value_set_string (&v, gst_video_format_to_string (format)); - gst_value_list_append_value (&va, &v); + /* Only append values we don't have yet */ + if (!_gst_value_list_contains (&va, &v)) + gst_value_list_append_value (&va, &v); } fmts++; } @@ -452,7 +470,9 @@ gst_ffmpeg_audio_set_sample_fmts (GstCaps * caps, format = gst_ffmpeg_smpfmt_to_audioformat (*fmts); if (format != GST_AUDIO_FORMAT_UNKNOWN) { g_value_set_string (&v, gst_audio_format_to_string (format)); - gst_value_list_append_value (&va, &v); + /* Only append values we don't have yet */ + if (!_gst_value_list_contains (&va, &v)) + gst_value_list_append_value (&va, &v); } fmts++; } @@ -480,20 +500,18 @@ gst_ff_aud_caps_new (AVCodecContext * context, AVCodec * codec, /* fixed, non-probing context */ if (context != NULL && context->channels != -1) { GstAudioChannelPosition pos[64]; + guint64 mask; caps = gst_caps_new_simple (mimetype, "rate", G_TYPE_INT, context->sample_rate, "channels", G_TYPE_INT, context->channels, NULL); - if (gst_ffmpeg_channel_layout_to_gst (context->channel_layout, - context->channels, pos)) { - guint64 mask; - - if (gst_audio_channel_positions_to_mask (pos, context->channels, FALSE, - &mask)) { - gst_caps_set_simple (caps, "channel-mask", GST_TYPE_BITMASK, mask, - NULL); - } + if (context->channels > 1 && + gst_ffmpeg_channel_layout_to_gst (context->channel_layout, + context->channels, pos) && + gst_audio_channel_positions_to_mask (pos, context->channels, FALSE, + &mask)) { + gst_caps_set_simple (caps, "channel-mask", GST_TYPE_BITMASK, mask, NULL); } } else if (encode) { gint maxchannels = 2; @@ -913,7 +931,7 @@ gst_ffmpeg_codecid_to_caps (enum CodecID codec_id, case AV_CODEC_ID_LJPEG: caps = gst_ff_vid_caps_new (context, NULL, codec_id, encode, "image/jpeg", - NULL); + "parsed", G_TYPE_BOOLEAN, 1, NULL); break; case AV_CODEC_ID_SP5X: @@ -2511,8 +2529,14 @@ gst_ffmpeg_videoinfo_to_context (GstVideoInfo * info, AVCodecContext * context) context->bits_per_coded_sample = bpp; context->ticks_per_frame = 1; - context->time_base.den = GST_VIDEO_INFO_FPS_N (info); - context->time_base.num = GST_VIDEO_INFO_FPS_D (info); + if (GST_VIDEO_INFO_FPS_N (info) == 0) { + GST_DEBUG ("Using 25/1 framerate"); + context->time_base.den = 25; + context->time_base.num = 1; + } else { + context->time_base.den = GST_VIDEO_INFO_FPS_N (info); + context->time_base.num = GST_VIDEO_INFO_FPS_D (info); + } context->sample_aspect_ratio.num = GST_VIDEO_INFO_PAR_N (info); context->sample_aspect_ratio.den = GST_VIDEO_INFO_PAR_D (info); @@ -2850,9 +2874,9 @@ gst_ffmpeg_caps_with_codecid (enum CodecID codec_id, gint halfpel_flag, thirdpel_flag, low_delay, unknown_svq3_flag; guint16 flags; - if (gst_structure_get_int (str, "halfpel_flag", &halfpel_flag) || - gst_structure_get_int (str, "thirdpel_flag", &thirdpel_flag) || - gst_structure_get_int (str, "low_delay", &low_delay) || + if (gst_structure_get_int (str, "halfpel_flag", &halfpel_flag) && + gst_structure_get_int (str, "thirdpel_flag", &thirdpel_flag) && + gst_structure_get_int (str, "low_delay", &low_delay) && gst_structure_get_int (str, "unknown_svq3_flag", &unknown_svq3_flag)) { context->extradata = (guint8 *) av_mallocz (0x64); diff --git a/ext/libav/gstavviddec.c b/ext/libav/gstavviddec.c index 3e537a0..0635767 100644 --- a/ext/libav/gstavviddec.c +++ b/ext/libav/gstavviddec.c @@ -947,7 +947,8 @@ gst_ffmpegviddec_negotiate (GstFFMpegVidDec * ffmpegdec, /* calculate and update par now */ gst_ffmpegviddec_update_par (ffmpegdec, in_info, out_info); - gst_video_decoder_negotiate (GST_VIDEO_DECODER (ffmpegdec)); + if (!gst_video_decoder_negotiate (GST_VIDEO_DECODER (ffmpegdec))) + goto negotiate_failed; return TRUE; @@ -958,6 +959,21 @@ unknown_format: "decoder requires a video format unsupported by GStreamer"); return FALSE; } +negotiate_failed: + { + /* Reset so we try again next time even if force==FALSE */ + ffmpegdec->ctx_width = 0; + ffmpegdec->ctx_height = 0; + ffmpegdec->ctx_ticks = 0; + ffmpegdec->ctx_time_n = 0; + ffmpegdec->ctx_time_d = 0; + ffmpegdec->ctx_pix_fmt = 0; + ffmpegdec->ctx_par_n = 0; + ffmpegdec->ctx_par_d = 0; + + GST_ERROR_OBJECT (ffmpegdec, "negotiation failed"); + return FALSE; + } } /* perform qos calculations before decoding the next frame. @@ -1499,6 +1515,15 @@ gst_ffmpegviddec_stop (GstVideoDecoder * decoder) gst_video_codec_state_unref (ffmpegdec->output_state); ffmpegdec->output_state = NULL; + ffmpegdec->ctx_width = 0; + ffmpegdec->ctx_height = 0; + ffmpegdec->ctx_ticks = 0; + ffmpegdec->ctx_time_n = 0; + ffmpegdec->ctx_time_d = 0; + ffmpegdec->ctx_pix_fmt = 0; + ffmpegdec->ctx_par_n = 0; + ffmpegdec->ctx_par_d = 0; + return TRUE; } diff --git a/gst-libav.doap b/gst-libav.doap index b38529a..c15530e 100644 --- a/gst-libav.doap +++ b/gst-libav.doap @@ -32,6 +32,16 @@ colorspace conversion elements. + + + 1.2.1 + 1.2 + + 2013-11-09 + + + + 1.2.0 diff --git a/gst-libav.spec b/gst-libav.spec index 338f6c9..761aaab 100644 --- a/gst-libav.spec +++ b/gst-libav.spec @@ -4,7 +4,7 @@ %define gst_majorminor 1.0 Name: %{gstreamer}-libav -Version: 1.2.0 +Version: 1.2.1 Release: 1 Summary: GStreamer Streaming-media framework plug-in using libav (FFmpeg). Group: Libraries/Multimedia diff --git a/gst-libs/ext/libav/Changelog b/gst-libs/ext/libav/Changelog index a0b1186..594a6ff 100644 --- a/gst-libs/ext/libav/Changelog +++ b/gst-libs/ext/libav/Changelog @@ -1,5 +1,76 @@ -Entries are sorted chronologically from oldest to youngest within each release, -releases are sorted from youngest to oldest. +Releases are sorted from youngest to oldest. + +version 9.10: +- alac: Do bounds checking of lpc_order read from the bitstream +- ape: Don't allow the seektable to be omitted +- asfdec: Check the return value of asf_read_stream_properties +- asvdec: Verify the amount of extradata +- avidec: Make sure a packet is large enough before reading its data +- bfi: Add some very basic sanity checks for input packet sizes +- bfi: Avoid divisions by zero +- cavsdec: Make sure a sequence header has been decoded before decoding pictures +- dcadec: Validate the lfe parameter +- dsicin: Add some basic sanity checks for fields read from the file +- eacmv: Make sure a reference frame exists before referencing it +- electronicarts: Add more sanity checking for the number of channels +- electronicarts: Check packet sizes before reading +- ffv1: Make sure at least one slice context is initialized +- fraps: Make the input buffer size checks more strict +- h263dec: Remove a hack that can cause infinite loops +- idroqdec: Make sure a video stream has been allocated before returning packets +- ivi_common: Make sure color planes have been initialized +- lavf: Avoid setting avg_frame_rate if delta_dts is negative +- mace: Make sure that the channel count is set to a valid value +- matroskadec: Verify realaudio codec parameters +- mov: Don't use a negative duration for setting other fields +- mov: Make sure the read sample count is nonnegative +- mpc8: Check the seek table size parsed from the bitstream +- mpc8: Make sure the first stream exists before parsing the seek table +- mpeg4videodec: Check the width/height in mpeg4_decode_sprite_trajectory +- mpegaudiodec: Validate that the number of channels fits at the given offset +- mpegvideo: Initialize chroma_*_shift and codec_tag even if the size is 0 +- mvi: Add sanity checking for the audio frame size +- mxfdec: set audio timebase to 1/samplerate +- oggparseogm: Convert to use bytestream2 +- omadec: Properly check lengths before incrementing the position +- pcx: Check the packet size before assuming it fits a palette +- pcx: Consume the whole packet if giving up due to missing palette +- pngdec: Stop trying to decode once inflate returns Z_STREAM_END +- qpeg: Add checks for running out of rows in qpeg_decode_inter +- r3d: Add more input value validation +- riffdec: Add sanity checks for the sample rate +- rl2: Avoid a division by zero +- rmdec: Validate the fps value +- rpza: Fix a buffer size check +- rv10: Validate the dimensions set from the container +- rv34: Check the return value from ff_rv34_decode_init +- segafilm: Validate the number of audio channels +- shorten: Break out of loop looking for fmt chunk if none is found +- shorten: Use a checked bytestream reader for the wave header +- sierravmd: Do sanity checking of frame sizes +- smacker: Avoid integer overflow when allocating packets +- smacker: Don't return packets in unallocated streams +- smacker: Make sure we don't fill in huffman codes out of range +- svq3: Avoid a division by zero +- svq3: Check for any negative return value from ff_h264_check_intra_pred_mode +- truemotion2: Use av_freep properly in an error path +- twinvqdec: Check the ibps parameter separately +- vc1dec: Don't decode slices when the latest slice header failed to decode +- vc1dec: Fix leaks in ff_vc1_decode_init_alloc_tables on errors +- vc1dec: Make sure last_picture is initialized in vc1_decode_skip_blocks +- vc1dec: Undo mpegvideo initialization if unable to allocate tables +- vocdec: Don't update codec parameters mid-stream +- vp3: Check the framerate for validity +- vqf: Make sure sample_rate is set to a valid value +- vqf: Make sure the bitrate is in the valid range +- wnv1: Make sure the input packet is large enough +- wtv: Add more sanity checks for a length read from the file +- xan: Only read within the data that actually was initialized +- xan: Use bytestream2 to limit reading to within the buffer +- xmv: Add more sanity checks for parameters read from the bitstream +- xwma: Avoid division by zero +- xxan: Disallow odd width +- zmbvdec: Check the buffer size for uncompressed data version 9.9: - 4xm: check that bits per sample is strictly positive diff --git a/gst-libs/ext/libav/RELEASE b/gst-libs/ext/libav/RELEASE index a61a79b..5f3c440 100644 --- a/gst-libs/ext/libav/RELEASE +++ b/gst-libs/ext/libav/RELEASE @@ -1 +1 @@ -9.9 +9.10 diff --git a/gst-libs/ext/libav/libavcodec/alac.c b/gst-libs/ext/libav/libavcodec/alac.c index 72e9353..139e352 100644 --- a/gst-libs/ext/libav/libavcodec/alac.c +++ b/gst-libs/ext/libav/libavcodec/alac.c @@ -315,6 +315,9 @@ static int decode_element(AVCodecContext *avctx, void *data, int ch_index, rice_history_mult[ch] = get_bits(&alac->gb, 3); lpc_order[ch] = get_bits(&alac->gb, 5); + if (lpc_order[ch] >= alac->max_samples_per_frame) + return AVERROR_INVALIDDATA; + /* read the predictor table */ for (i = lpc_order[ch] - 1; i >= 0; i--) lpc_coefs[ch][i] = get_sbits(&alac->gb, 16); diff --git a/gst-libs/ext/libav/libavcodec/asvdec.c b/gst-libs/ext/libav/libavcodec/asvdec.c index 16722a9..d3579de 100644 --- a/gst-libs/ext/libav/libavcodec/asvdec.c +++ b/gst-libs/ext/libav/libavcodec/asvdec.c @@ -285,6 +285,11 @@ static av_cold int decode_init(AVCodecContext *avctx) const int scale = avctx->codec_id == AV_CODEC_ID_ASV1 ? 1 : 2; int i; + if (avctx->extradata_size < 1) { + av_log(avctx, AV_LOG_ERROR, "No extradata provided\n"); + return AVERROR_INVALIDDATA; + } + ff_asv_common_init(avctx); init_vlcs(a); ff_init_scantable(a->dsp.idct_permutation, &a->scantable, ff_asv_scantab); diff --git a/gst-libs/ext/libav/libavcodec/cavsdec.c b/gst-libs/ext/libav/libavcodec/cavsdec.c index cef6b95..7cfb2ca 100644 --- a/gst-libs/ext/libav/libavcodec/cavsdec.c +++ b/gst-libs/ext/libav/libavcodec/cavsdec.c @@ -931,6 +931,11 @@ static int decode_pic(AVSContext *h) int skip_count = -1; enum cavs_mb mb_type; + if (!h->top_qp) { + av_log(h->avctx, AV_LOG_ERROR, "No sequence header decoded yet\n"); + return AVERROR_INVALIDDATA; + } + skip_bits(&h->gb, 16);//bbv_dwlay if (h->stc == PIC_PB_START_CODE) { h->cur.f->pict_type = get_bits(&h->gb, 2) + AV_PICTURE_TYPE_I; diff --git a/gst-libs/ext/libav/libavcodec/dcadec.c b/gst-libs/ext/libav/libavcodec/dcadec.c index 561c30c..eecdeaa 100644 --- a/gst-libs/ext/libav/libavcodec/dcadec.c +++ b/gst-libs/ext/libav/libavcodec/dcadec.c @@ -582,6 +582,11 @@ static int dca_parse_frame_header(DCAContext *s) s->lfe = get_bits(&s->gb, 2); s->predictor_history = get_bits(&s->gb, 1); + if (s->lfe > 2) { + av_log(s->avctx, AV_LOG_ERROR, "Invalid LFE value: %d\n", s->lfe); + return AVERROR_INVALIDDATA; + } + /* TODO: check CRC */ if (s->crc_present) s->header_crc = get_bits(&s->gb, 16); diff --git a/gst-libs/ext/libav/libavcodec/eacmv.c b/gst-libs/ext/libav/libavcodec/eacmv.c index 0dce066..b7e13b1 100644 --- a/gst-libs/ext/libav/libavcodec/eacmv.c +++ b/gst-libs/ext/libav/libavcodec/eacmv.c @@ -108,9 +108,10 @@ static void cmv_decode_inter(CmvContext * s, const uint8_t *buf, const uint8_t * }else{ /* inter using last frame as reference */ int xoffset = (buf[i] & 0xF) - 7; int yoffset = ((buf[i] >> 4)) - 7; - cmv_motcomp(s->frame.data[0], s->frame.linesize[0], - s->last_frame.data[0], s->last_frame.linesize[0], - x*4, y*4, xoffset, yoffset, s->avctx->width, s->avctx->height); + if (s->last_frame.data[0]) + cmv_motcomp(s->frame.data[0], s->frame.linesize[0], + s->last_frame.data[0], s->last_frame.linesize[0], + x*4, y*4, xoffset, yoffset, s->avctx->width, s->avctx->height); } i++; } diff --git a/gst-libs/ext/libav/libavcodec/ffv1.c b/gst-libs/ext/libav/libavcodec/ffv1.c index 682d111..f6d9eaf 100644 --- a/gst-libs/ext/libav/libavcodec/ffv1.c +++ b/gst-libs/ext/libav/libavcodec/ffv1.c @@ -194,6 +194,10 @@ av_cold int ffv1_init_slice_contexts(FFV1Context *f) int i; f->slice_count = f->num_h_slices * f->num_v_slices; + if (f->slice_count <= 0) { + av_log(f->avctx, AV_LOG_ERROR, "Invalid number of slices\n"); + return AVERROR(EINVAL); + } for (i = 0; i < f->slice_count; i++) { FFV1Context *fs = av_mallocz(sizeof(*fs)); diff --git a/gst-libs/ext/libav/libavcodec/fraps.c b/gst-libs/ext/libav/libavcodec/fraps.c index 6ac0c61..a691d9e 100644 --- a/gst-libs/ext/libav/libavcodec/fraps.c +++ b/gst-libs/ext/libav/libavcodec/fraps.c @@ -140,10 +140,17 @@ static int decode_frame(AVCodecContext *avctx, uint32_t offs[4]; int i, j, is_chroma, planes; enum AVPixelFormat pix_fmt; + int prev_pic_bit, expected_size; + + if (buf_size < 4) { + av_log(avctx, AV_LOG_ERROR, "Packet is too short\n"); + return AVERROR_INVALIDDATA; + } header = AV_RL32(buf); version = header & 0xff; header_size = (header & (1<<30))? 8 : 4; /* bit 30 means pad to 8 bytes */ + prev_pic_bit = header & (1U << 31); /* bit 31 means same as previous pic */ if (version > 5) { av_log(avctx, AV_LOG_ERROR, @@ -162,16 +169,19 @@ static int decode_frame(AVCodecContext *avctx, } avctx->pix_fmt = pix_fmt; - switch(version) { + expected_size = header_size; + + switch (version) { case 0: default: /* Fraps v0 is a reordered YUV420 */ - if ( (buf_size != avctx->width*avctx->height*3/2+header_size) && - (buf_size != header_size) ) { + if (!prev_pic_bit) + expected_size += avctx->width * avctx->height * 3 / 2; + if (buf_size != expected_size) { av_log(avctx, AV_LOG_ERROR, "Invalid frame length %d (should be %d)\n", - buf_size, avctx->width*avctx->height*3/2+header_size); - return -1; + buf_size, expected_size); + return AVERROR_INVALIDDATA; } if (( (avctx->width % 8) != 0) || ( (avctx->height % 2) != 0 )) { @@ -188,8 +198,7 @@ static int decode_frame(AVCodecContext *avctx, av_log(avctx, AV_LOG_ERROR, "reget_buffer() failed\n"); return -1; } - /* bit 31 means same as previous pic */ - f->pict_type = (header & (1U<<31))? AV_PICTURE_TYPE_P : AV_PICTURE_TYPE_I; + f->pict_type = prev_pic_bit ? AV_PICTURE_TYPE_P : AV_PICTURE_TYPE_I; f->key_frame = f->pict_type == AV_PICTURE_TYPE_I; if (f->pict_type == AV_PICTURE_TYPE_I) { @@ -213,12 +222,13 @@ static int decode_frame(AVCodecContext *avctx, case 1: /* Fraps v1 is an upside-down BGR24 */ - if ( (buf_size != avctx->width*avctx->height*3+header_size) && - (buf_size != header_size) ) { + if (!prev_pic_bit) + expected_size += avctx->width * avctx->height * 3; + if (buf_size != expected_size) { av_log(avctx, AV_LOG_ERROR, "Invalid frame length %d (should be %d)\n", - buf_size, avctx->width*avctx->height*3+header_size); - return -1; + buf_size, expected_size); + return AVERROR_INVALIDDATA; } f->reference = 1; @@ -229,8 +239,7 @@ static int decode_frame(AVCodecContext *avctx, av_log(avctx, AV_LOG_ERROR, "reget_buffer() failed\n"); return -1; } - /* bit 31 means same as previous pic */ - f->pict_type = (header & (1U<<31))? AV_PICTURE_TYPE_P : AV_PICTURE_TYPE_I; + f->pict_type = prev_pic_bit ? AV_PICTURE_TYPE_P : AV_PICTURE_TYPE_I; f->key_frame = f->pict_type == AV_PICTURE_TYPE_I; if (f->pict_type == AV_PICTURE_TYPE_I) { diff --git a/gst-libs/ext/libav/libavcodec/h263dec.c b/gst-libs/ext/libav/libavcodec/h263dec.c index fc5f565..db58fd2 100644 --- a/gst-libs/ext/libav/libavcodec/h263dec.c +++ b/gst-libs/ext/libav/libavcodec/h263dec.c @@ -385,8 +385,6 @@ uint64_t time= rdtsc(); } -retry: - if(s->bitstream_buffer_size && (s->divx_packed || buf_size<20)){ //divx 5.01+/xvid frame reorder init_get_bits(&s->gb, s->bitstream_buffer, s->bitstream_buffer_size*8); }else @@ -569,17 +567,6 @@ retry: /* FIXME: By the way H263 decoder is evolving it should have */ /* an H263EncContext */ - if (!avctx->coded_width || !avctx->coded_height) { - ParseContext pc= s->parse_context; //FIXME move these demuxng hack to avformat - - s->parse_context.buffer=0; - ff_MPV_common_end(s); - s->parse_context= pc; - avcodec_set_dimensions(avctx, s->width, s->height); - - goto retry; - } - if (s->width != avctx->coded_width || s->height != avctx->coded_height || s->context_reinit) { diff --git a/gst-libs/ext/libav/libavcodec/ivi_common.c b/gst-libs/ext/libav/libavcodec/ivi_common.c index 2a73754..152e9c4 100644 --- a/gst-libs/ext/libav/libavcodec/ivi_common.c +++ b/gst-libs/ext/libav/libavcodec/ivi_common.c @@ -938,6 +938,11 @@ int ff_ivi_decode_frame(AVCodecContext *avctx, void *data, int *got_frame, return AVERROR_PATCHWELCOME; } + if (!ctx->planes[0].bands) { + av_log(avctx, AV_LOG_ERROR, "Color planes not initialized yet\n"); + return AVERROR_INVALIDDATA; + } + ctx->switch_buffers(ctx); //{ START_TIMER; diff --git a/gst-libs/ext/libav/libavcodec/mace.c b/gst-libs/ext/libav/libavcodec/mace.c index c78a207..5074e4b 100644 --- a/gst-libs/ext/libav/libavcodec/mace.c +++ b/gst-libs/ext/libav/libavcodec/mace.c @@ -229,8 +229,8 @@ static av_cold int mace_decode_init(AVCodecContext * avctx) { MACEContext *ctx = avctx->priv_data; - if (avctx->channels > 2) - return -1; + if (avctx->channels > 2 || avctx->channels < 1) + return AVERROR(EINVAL); avctx->sample_fmt = AV_SAMPLE_FMT_S16P; avcodec_get_frame_defaults(&ctx->frame); diff --git a/gst-libs/ext/libav/libavcodec/mpeg4videodec.c b/gst-libs/ext/libav/libavcodec/mpeg4videodec.c index faa9866..7ff290c 100644 --- a/gst-libs/ext/libav/libavcodec/mpeg4videodec.c +++ b/gst-libs/ext/libav/libavcodec/mpeg4videodec.c @@ -152,7 +152,7 @@ static inline int mpeg4_is_resync(MpegEncContext *s){ return 0; } -static void mpeg4_decode_sprite_trajectory(MpegEncContext * s, GetBitContext *gb) +static int mpeg4_decode_sprite_trajectory(MpegEncContext *s, GetBitContext *gb) { int i; int a= 2<sprite_warping_accuracy; @@ -168,6 +168,9 @@ static void mpeg4_decode_sprite_trajectory(MpegEncContext * s, GetBitContext *gb int h= s->height; int min_ab; + if (w <= 0 || h <= 0) + return AVERROR_INVALIDDATA; + for(i=0; inum_sprite_warping_points; i++){ int length; int x=0, y=0; @@ -340,6 +343,7 @@ static void mpeg4_decode_sprite_trajectory(MpegEncContext * s, GetBitContext *gb } s->real_sprite_warping_points= s->num_sprite_warping_points; } + return 0; } /** @@ -414,7 +418,8 @@ int ff_mpeg4_decode_video_packet_header(MpegEncContext *s) skip_bits(&s->gb, 3); /* intra dc vlc threshold */ //FIXME don't just ignore everything if(s->pict_type == AV_PICTURE_TYPE_S && s->vol_sprite_usage==GMC_SPRITE){ - mpeg4_decode_sprite_trajectory(s, &s->gb); + if (mpeg4_decode_sprite_trajectory(s, &s->gb) < 0) + return AVERROR_INVALIDDATA; av_log(s->avctx, AV_LOG_ERROR, "untested\n"); } @@ -2029,7 +2034,8 @@ static int decode_vop_header(MpegEncContext *s, GetBitContext *gb){ } if(s->pict_type == AV_PICTURE_TYPE_S && (s->vol_sprite_usage==STATIC_SPRITE || s->vol_sprite_usage==GMC_SPRITE)){ - mpeg4_decode_sprite_trajectory(s, gb); + if (mpeg4_decode_sprite_trajectory(s, gb) < 0) + return AVERROR_INVALIDDATA; if(s->sprite_brightness_change) av_log(s->avctx, AV_LOG_ERROR, "sprite_brightness_change not supported\n"); if(s->vol_sprite_usage==STATIC_SPRITE) av_log(s->avctx, AV_LOG_ERROR, "static sprite not supported\n"); } diff --git a/gst-libs/ext/libav/libavcodec/mpegaudiodec.c b/gst-libs/ext/libav/libavcodec/mpegaudiodec.c index fda0280..bd096df 100644 --- a/gst-libs/ext/libav/libavcodec/mpegaudiodec.c +++ b/gst-libs/ext/libav/libavcodec/mpegaudiodec.c @@ -1936,7 +1936,8 @@ static int decode_frame_mp3on4(AVCodecContext *avctx, void *data, avpriv_mpegaudio_decode_header((MPADecodeHeader *)m, header); - if (ch + m->nb_channels > avctx->channels) { + if (ch + m->nb_channels > avctx->channels || + s->coff[fr] + m->nb_channels > avctx->channels) { av_log(avctx, AV_LOG_ERROR, "frame channel count exceeds codec " "channel count\n"); return AVERROR_INVALIDDATA; diff --git a/gst-libs/ext/libav/libavcodec/mpegvideo.c b/gst-libs/ext/libav/libavcodec/mpegvideo.c index 77e21d2..0274f01 100644 --- a/gst-libs/ext/libav/libavcodec/mpegvideo.c +++ b/gst-libs/ext/libav/libavcodec/mpegvideo.c @@ -914,17 +914,17 @@ av_cold int ff_MPV_common_init(MpegEncContext *s) s->flags = s->avctx->flags; s->flags2 = s->avctx->flags2; - if (s->width && s->height) { - /* set chroma shifts */ - av_pix_fmt_get_chroma_sub_sample(s->avctx->pix_fmt, - &s->chroma_x_shift, - &s->chroma_y_shift); + /* set chroma shifts */ + av_pix_fmt_get_chroma_sub_sample(s->avctx->pix_fmt, + &s->chroma_x_shift, + &s->chroma_y_shift); - /* convert fourcc to upper case */ - s->codec_tag = avpriv_toupper4(s->avctx->codec_tag); + /* convert fourcc to upper case */ + s->codec_tag = avpriv_toupper4(s->avctx->codec_tag); - s->stream_codec_tag = avpriv_toupper4(s->avctx->stream_codec_tag); + s->stream_codec_tag = avpriv_toupper4(s->avctx->stream_codec_tag); + if (s->width && s->height) { s->avctx->coded_frame = &s->current_picture.f; if (s->encoding) { diff --git a/gst-libs/ext/libav/libavcodec/pcx.c b/gst-libs/ext/libav/libavcodec/pcx.c index ba3703a..223429d 100644 --- a/gst-libs/ext/libav/libavcodec/pcx.c +++ b/gst-libs/ext/libav/libavcodec/pcx.c @@ -184,7 +184,13 @@ static int pcx_decode_frame(AVCodecContext *avctx, void *data, int *got_frame, } else if (nplanes == 1 && bits_per_pixel == 8) { const uint8_t *palstart = bufstart + buf_size - 769; - for (y=0; yzstream.avail_out = s->crow_size; s->zstream.next_out = s->crow_buf; } + if (ret == Z_STREAM_END && s->zstream.avail_in > 0) { + av_log(NULL, AV_LOG_WARNING, "%d undecompressed bytes left in buffer\n", s->zstream.avail_in); + return 0; + } } return 0; } diff --git a/gst-libs/ext/libav/libavcodec/qpeg.c b/gst-libs/ext/libav/libavcodec/qpeg.c index 4a918e7..75e1223 100644 --- a/gst-libs/ext/libav/libavcodec/qpeg.c +++ b/gst-libs/ext/libav/libavcodec/qpeg.c @@ -190,6 +190,8 @@ static void qpeg_decode_inter(QpegContext *qctx, uint8_t *dst, filled = 0; dst -= stride; height--; + if (height < 0) + break; } } } else if(code >= 0xC0) { /* copy code: 0xC0..0xDF */ @@ -201,6 +203,8 @@ static void qpeg_decode_inter(QpegContext *qctx, uint8_t *dst, filled = 0; dst -= stride; height--; + if (height < 0) + break; } } } else if(code >= 0x80) { /* skip code: 0x80..0xBF */ diff --git a/gst-libs/ext/libav/libavcodec/rpza.c b/gst-libs/ext/libav/libavcodec/rpza.c index 57d4d2d..59b15c6 100644 --- a/gst-libs/ext/libav/libavcodec/rpza.c +++ b/gst-libs/ext/libav/libavcodec/rpza.c @@ -203,7 +203,7 @@ static void rpza_decode_stream(RpzaContext *s) /* Fill block with 16 colors */ case 0x00: - if (s->size - stream_ptr < 16) + if (s->size - stream_ptr < 30) return; block_ptr = row_ptr + pixel_ptr; for (pixel_y = 0; pixel_y < 4; pixel_y++) { diff --git a/gst-libs/ext/libav/libavcodec/rv10.c b/gst-libs/ext/libav/libavcodec/rv10.c index 26af29f..04518dd 100644 --- a/gst-libs/ext/libav/libavcodec/rv10.c +++ b/gst-libs/ext/libav/libavcodec/rv10.c @@ -426,12 +426,15 @@ static av_cold int rv10_decode_init(AVCodecContext *avctx) RVDecContext *rv = avctx->priv_data; MpegEncContext *s = &rv->m; static int done=0; - int major_ver, minor_ver, micro_ver; + int major_ver, minor_ver, micro_ver, ret; if (avctx->extradata_size < 8) { av_log(avctx, AV_LOG_ERROR, "Extradata is too small.\n"); return -1; } + if ((ret = av_image_check_size(avctx->coded_width, + avctx->coded_height, 0, avctx)) < 0) + return ret; ff_MPV_decode_defaults(s); diff --git a/gst-libs/ext/libav/libavcodec/rv30.c b/gst-libs/ext/libav/libavcodec/rv30.c index 3c3579b..b61b75d 100644 --- a/gst-libs/ext/libav/libavcodec/rv30.c +++ b/gst-libs/ext/libav/libavcodec/rv30.c @@ -244,9 +244,11 @@ static void rv30_loop_filter(RV34DecContext *r, int row) static av_cold int rv30_decode_init(AVCodecContext *avctx) { RV34DecContext *r = avctx->priv_data; + int ret; r->rv30 = 1; - ff_rv34_decode_init(avctx); + if ((ret = ff_rv34_decode_init(avctx)) < 0) + return ret; if(avctx->extradata_size < 2){ av_log(avctx, AV_LOG_ERROR, "Extradata is too small.\n"); return -1; diff --git a/gst-libs/ext/libav/libavcodec/rv40.c b/gst-libs/ext/libav/libavcodec/rv40.c index f95622a..d317d07 100644 --- a/gst-libs/ext/libav/libavcodec/rv40.c +++ b/gst-libs/ext/libav/libavcodec/rv40.c @@ -545,9 +545,11 @@ static void rv40_loop_filter(RV34DecContext *r, int row) static av_cold int rv40_decode_init(AVCodecContext *avctx) { RV34DecContext *r = avctx->priv_data; + int ret; r->rv30 = 0; - ff_rv34_decode_init(avctx); + if ((ret = ff_rv34_decode_init(avctx)) < 0) + return ret; if(!aic_top_vlc.bits) rv40_init_tables(); r->parse_slice_header = rv40_parse_slice_header; diff --git a/gst-libs/ext/libav/libavcodec/shorten.c b/gst-libs/ext/libav/libavcodec/shorten.c index 0b4a473..fda90fe 100644 --- a/gst-libs/ext/libav/libavcodec/shorten.c +++ b/gst-libs/ext/libav/libavcodec/shorten.c @@ -206,31 +206,38 @@ static int decode_wave_header(AVCodecContext *avctx, const uint8_t *header, { int len; short wave_format; + GetByteContext gb; - if (bytestream_get_le32(&header) != MKTAG('R', 'I', 'F', 'F')) { + bytestream2_init(&gb, header, header_size); + + if (bytestream2_get_le32(&gb) != MKTAG('R', 'I', 'F', 'F')) { av_log(avctx, AV_LOG_ERROR, "missing RIFF tag\n"); return AVERROR_INVALIDDATA; } - header += 4; /* chunk size */ + bytestream2_skip(&gb, 4); /* chunk size */ - if (bytestream_get_le32(&header) != MKTAG('W', 'A', 'V', 'E')) { + if (bytestream2_get_le32(&gb) != MKTAG('W', 'A', 'V', 'E')) { av_log(avctx, AV_LOG_ERROR, "missing WAVE tag\n"); return AVERROR_INVALIDDATA; } - while (bytestream_get_le32(&header) != MKTAG('f', 'm', 't', ' ')) { - len = bytestream_get_le32(&header); - header += len; + while (bytestream2_get_le32(&gb) != MKTAG('f', 'm', 't', ' ')) { + len = bytestream2_get_le32(&gb); + bytestream2_skip(&gb, len); + if (bytestream2_get_bytes_left(&gb) < 16) { + av_log(avctx, AV_LOG_ERROR, "no fmt chunk found\n"); + return AVERROR_INVALIDDATA; + } } - len = bytestream_get_le32(&header); + len = bytestream2_get_le32(&gb); if (len < 16) { av_log(avctx, AV_LOG_ERROR, "fmt chunk was too short\n"); return AVERROR_INVALIDDATA; } - wave_format = bytestream_get_le16(&header); + wave_format = bytestream2_get_le16(&gb); switch (wave_format) { case WAVE_FORMAT_PCM: @@ -240,11 +247,11 @@ static int decode_wave_header(AVCodecContext *avctx, const uint8_t *header, return AVERROR(ENOSYS); } - header += 2; // skip channels (already got from shorten header) - avctx->sample_rate = bytestream_get_le32(&header); - header += 4; // skip bit rate (represents original uncompressed bit rate) - header += 2; // skip block align (not needed) - avctx->bits_per_coded_sample = bytestream_get_le16(&header); + bytestream2_skip(&gb, 2); // skip channels (already got from shorten header) + avctx->sample_rate = bytestream2_get_le32(&gb); + bytestream2_skip(&gb, 4); // skip bit rate (represents original uncompressed bit rate) + bytestream2_skip(&gb, 2); // skip block align (not needed) + avctx->bits_per_coded_sample = bytestream2_get_le16(&gb); if (avctx->bits_per_coded_sample != 16) { av_log(avctx, AV_LOG_ERROR, "unsupported number of bits per sample\n"); diff --git a/gst-libs/ext/libav/libavcodec/smacker.c b/gst-libs/ext/libav/libavcodec/smacker.c index a72d7c5..2baf059 100644 --- a/gst-libs/ext/libav/libavcodec/smacker.c +++ b/gst-libs/ext/libav/libavcodec/smacker.c @@ -257,6 +257,12 @@ static int smacker_decode_header_tree(SmackVContext *smk, GetBitContext *gb, int if(ctx.last[0] == -1) ctx.last[0] = huff.current++; if(ctx.last[1] == -1) ctx.last[1] = huff.current++; if(ctx.last[2] == -1) ctx.last[2] = huff.current++; + if (ctx.last[0] >= huff.length || + ctx.last[1] >= huff.length || + ctx.last[2] >= huff.length) { + av_log(smk->avctx, AV_LOG_ERROR, "Huffman codes out of range\n"); + err = AVERROR_INVALIDDATA; + } *recodes = huff.values; diff --git a/gst-libs/ext/libav/libavcodec/svq3.c b/gst-libs/ext/libav/libavcodec/svq3.c index 68bf2f7..34cda32 100644 --- a/gst-libs/ext/libav/libavcodec/svq3.c +++ b/gst-libs/ext/libav/libavcodec/svq3.c @@ -634,9 +634,9 @@ static int svq3_decode_mb(SVQ3Context *svq3, unsigned int mb_type) dir = i_mb_type_info[mb_type - 8].pred_mode; dir = (dir >> 1) ^ 3 * (dir & 1) ^ 1; - if ((h->intra16x16_pred_mode = ff_h264_check_intra_pred_mode(h, dir, 0)) == -1) { - av_log(h->s.avctx, AV_LOG_ERROR, "check_intra_pred_mode = -1\n"); - return -1; + if ((h->intra16x16_pred_mode = ff_h264_check_intra_pred_mode(h, dir, 0)) < 0) { + av_log(h->s.avctx, AV_LOG_ERROR, "ff_h264_check_intra_pred_mode < 0\n"); + return h->intra16x16_pred_mode; } cbp = i_mb_type_info[mb_type - 8].cbp; @@ -956,7 +956,8 @@ static av_cold int svq3_decode_init(AVCodecContext *avctx) int offset = get_bits_count(&gb) + 7 >> 3; uint8_t *buf; - if ((uint64_t)watermark_width * 4 > UINT_MAX / watermark_height) + if (watermark_height > 0 && + (uint64_t)watermark_width * 4 > UINT_MAX / watermark_height) return -1; buf = av_malloc(buf_len); diff --git a/gst-libs/ext/libav/libavcodec/truemotion2.c b/gst-libs/ext/libav/libavcodec/truemotion2.c index 2d7a510..7691989 100644 --- a/gst-libs/ext/libav/libavcodec/truemotion2.c +++ b/gst-libs/ext/libav/libavcodec/truemotion2.c @@ -905,14 +905,14 @@ static av_cold int decode_init(AVCodecContext *avctx){ if (!l->Y1_base || !l->Y2_base || !l->U1_base || !l->V1_base || !l->U2_base || !l->V2_base || !l->last || !l->clast) { - av_freep(l->Y1_base); - av_freep(l->Y2_base); - av_freep(l->U1_base); - av_freep(l->U2_base); - av_freep(l->V1_base); - av_freep(l->V2_base); - av_freep(l->last); - av_freep(l->clast); + av_freep(&l->Y1_base); + av_freep(&l->Y2_base); + av_freep(&l->U1_base); + av_freep(&l->U2_base); + av_freep(&l->V1_base); + av_freep(&l->V2_base); + av_freep(&l->last); + av_freep(&l->clast); return AVERROR(ENOMEM); } l->Y1 = l->Y1_base + l->y_stride * 4 + 4; diff --git a/gst-libs/ext/libav/libavcodec/twinvq.c b/gst-libs/ext/libav/libavcodec/twinvq.c index 8989469..f6c897f 100644 --- a/gst-libs/ext/libav/libavcodec/twinvq.c +++ b/gst-libs/ext/libav/libavcodec/twinvq.c @@ -1142,6 +1142,10 @@ static av_cold int twin_decode_init(AVCodecContext *avctx) AV_CH_LAYOUT_STEREO; ibps = avctx->bit_rate / (1000 * avctx->channels); + if (ibps < 8 || ibps > 48) { + av_log(avctx, AV_LOG_ERROR, "Bad bitrate per channel value %d\n", ibps); + return AVERROR_INVALIDDATA; + } switch ((isampf << 8) + ibps) { case (8 <<8) + 8: tctx->mtab = &mode_08_08; break; diff --git a/gst-libs/ext/libav/libavcodec/vc1dec.c b/gst-libs/ext/libav/libavcodec/vc1dec.c index bafd6a2..6b32116 100644 --- a/gst-libs/ext/libav/libavcodec/vc1dec.c +++ b/gst-libs/ext/libav/libavcodec/vc1dec.c @@ -4742,6 +4742,9 @@ static void vc1_decode_skip_blocks(VC1Context *v) { MpegEncContext *s = &v->s; + if (!v->s.last_picture.f.data[0]) + return; + ff_er_add_slice(s, 0, s->start_mb_y, s->mb_width - 1, s->end_mb_y - 1, ER_MB_END); s->first_slice_line = 1; for (s->mb_y = s->start_mb_y; s->mb_y < s->end_mb_y; s->mb_y++) { @@ -5131,8 +5134,19 @@ av_cold int ff_vc1_decode_init_alloc_tables(VC1Context *v) if (!v->mv_type_mb_plane || !v->direct_mb_plane || !v->acpred_plane || !v->over_flags_plane || !v->block || !v->cbp_base || !v->ttblk_base || !v->is_intra_base || !v->luma_mv_base || - !v->mb_type_base) - return -1; + !v->mb_type_base) { + av_freep(&v->mv_type_mb_plane); + av_freep(&v->direct_mb_plane); + av_freep(&v->acpred_plane); + av_freep(&v->over_flags_plane); + av_freep(&v->block); + av_freep(&v->cbp_base); + av_freep(&v->ttblk_base); + av_freep(&v->is_intra_base); + av_freep(&v->luma_mv_base); + av_freep(&v->mb_type_base); + return AVERROR(ENOMEM); + } return 0; } @@ -5484,8 +5498,12 @@ static int vc1_decode_frame(AVCodecContext *avctx, void *data, } if (!s->context_initialized) { - if (ff_msmpeg4_decode_init(avctx) < 0 || ff_vc1_decode_init_alloc_tables(v) < 0) + if (ff_msmpeg4_decode_init(avctx) < 0) goto err; + if (ff_vc1_decode_init_alloc_tables(v) < 0) { + ff_MPV_common_end(s); + goto err; + } s->low_delay = !avctx->has_b_frames || v->res_sprite; @@ -5573,6 +5591,8 @@ static int vc1_decode_frame(AVCodecContext *avctx, void *data, if (avctx->hwaccel->end_frame(avctx) < 0) goto err; } else { + int header_ret = 0; + ff_er_frame_start(s); v->bits = buf_size * 8; @@ -5619,18 +5639,20 @@ static int vc1_decode_frame(AVCodecContext *avctx, void *data, if (i) { v->pic_header_flag = 0; if (v->field_mode && i == n_slices1 + 2) { - if (ff_vc1_parse_frame_header_adv(v, &s->gb) < 0) { + if ((header_ret = ff_vc1_parse_frame_header_adv(v, &s->gb)) < 0) { av_log(v->s.avctx, AV_LOG_ERROR, "Field header damaged\n"); continue; } } else if (get_bits1(&s->gb)) { v->pic_header_flag = 1; - if (ff_vc1_parse_frame_header_adv(v, &s->gb) < 0) { + if ((header_ret = ff_vc1_parse_frame_header_adv(v, &s->gb)) < 0) { av_log(v->s.avctx, AV_LOG_ERROR, "Slice header damaged\n"); continue; } } } + if (header_ret < 0) + continue; s->start_mb_y = (i == 0) ? 0 : FFMAX(0, slices[i-1].mby_start % mb_height); if (!v->field_mode || v->second_field) s->end_mb_y = (i == n_slices ) ? mb_height : FFMIN(mb_height, slices[i].mby_start % mb_height); diff --git a/gst-libs/ext/libav/libavcodec/vp3.c b/gst-libs/ext/libav/libavcodec/vp3.c index 0340c22..1d68c09 100644 --- a/gst-libs/ext/libav/libavcodec/vp3.c +++ b/gst-libs/ext/libav/libavcodec/vp3.c @@ -2160,6 +2160,10 @@ static int theora_decode_header(AVCodecContext *avctx, GetBitContext *gb) fps.num = get_bits_long(gb, 32); fps.den = get_bits_long(gb, 32); if (fps.num && fps.den) { + if (fps.num < 0 || fps.den < 0) { + av_log(avctx, AV_LOG_ERROR, "Invalid framerate\n"); + return AVERROR_INVALIDDATA; + } av_reduce(&avctx->time_base.num, &avctx->time_base.den, fps.den, fps.num, 1<<30); } diff --git a/gst-libs/ext/libav/libavcodec/wnv1.c b/gst-libs/ext/libav/libavcodec/wnv1.c index 1636f16..362fafc 100644 --- a/gst-libs/ext/libav/libavcodec/wnv1.c +++ b/gst-libs/ext/libav/libavcodec/wnv1.c @@ -71,6 +71,11 @@ static int decode_frame(AVCodecContext *avctx, int prev_y = 0, prev_u = 0, prev_v = 0; uint8_t *rbuf; + if (buf_size < 8) { + av_log(avctx, AV_LOG_ERROR, "Packet is too short\n"); + return AVERROR_INVALIDDATA; + } + rbuf = av_malloc(buf_size + FF_INPUT_BUFFER_PADDING_SIZE); if (!rbuf) { av_log(avctx, AV_LOG_ERROR, "Cannot allocate temporary buffer\n"); diff --git a/gst-libs/ext/libav/libavcodec/xan.c b/gst-libs/ext/libav/libavcodec/xan.c index 8c90bb6..369f89b 100644 --- a/gst-libs/ext/libav/libavcodec/xan.c +++ b/gst-libs/ext/libav/libavcodec/xan.c @@ -104,6 +104,7 @@ static int xan_huffman_decode(unsigned char *dest, int dest_len, int ptr_len = src_len - 1 - byte*2; unsigned char val = ival; unsigned char *dest_end = dest + dest_len; + unsigned char *dest_start = dest; GetBitContext gb; if (ptr_len < 0) @@ -119,13 +120,13 @@ static int xan_huffman_decode(unsigned char *dest, int dest_len, if (val < 0x16) { if (dest >= dest_end) - return 0; + return dest_len; *dest++ = val; val = ival; } } - return 0; + return dest - dest_start; } /** @@ -274,7 +275,7 @@ static int xan_wc3_decode_frame(XanContext *s) { unsigned char flag = 0; int size = 0; int motion_x, motion_y; - int x, y; + int x, y, ret; unsigned char *opcode_buffer = s->buffer1; unsigned char *opcode_buffer_end = s->buffer1 + s->buffer1_size; @@ -283,8 +284,8 @@ static int xan_wc3_decode_frame(XanContext *s) { /* pointers to segments inside the compressed chunk */ const unsigned char *huffman_segment; - const unsigned char *size_segment; - const unsigned char *vector_segment; + GetByteContext size_segment; + GetByteContext vector_segment; const unsigned char *imagedata_segment; int huffman_offset, size_offset, vector_offset, imagedata_offset, imagedata_size; @@ -304,13 +305,14 @@ static int xan_wc3_decode_frame(XanContext *s) { return AVERROR_INVALIDDATA; huffman_segment = s->buf + huffman_offset; - size_segment = s->buf + size_offset; - vector_segment = s->buf + vector_offset; + bytestream2_init(&size_segment, s->buf + size_offset, s->size - size_offset); + bytestream2_init(&vector_segment, s->buf + vector_offset, s->size - vector_offset); imagedata_segment = s->buf + imagedata_offset; - if (xan_huffman_decode(opcode_buffer, opcode_buffer_size, - huffman_segment, s->size - huffman_offset) < 0) + if ((ret = xan_huffman_decode(opcode_buffer, opcode_buffer_size, + huffman_segment, s->size - huffman_offset)) < 0) return AVERROR_INVALIDDATA; + opcode_buffer_end = opcode_buffer + ret; if (imagedata_segment[0] == 2) { xan_unpack(s->buffer2, s->buffer2_size, @@ -357,19 +359,17 @@ static int xan_wc3_decode_frame(XanContext *s) { case 9: case 19: - size = *size_segment++; + size = bytestream2_get_byte(&size_segment); break; case 10: case 20: - size = AV_RB16(&size_segment[0]); - size_segment += 2; + size = bytestream2_get_be16(&size_segment); break; case 11: case 21: - size = AV_RB24(size_segment); - size_segment += 3; + size = bytestream2_get_be24(&size_segment); break; } @@ -391,9 +391,9 @@ static int xan_wc3_decode_frame(XanContext *s) { } } else { /* run-based motion compensation from last frame */ - motion_x = sign_extend(*vector_segment >> 4, 4); - motion_y = sign_extend(*vector_segment & 0xF, 4); - vector_segment++; + uint8_t vector = bytestream2_get_byte(&vector_segment); + motion_x = sign_extend(vector >> 4, 4); + motion_y = sign_extend(vector & 0xF, 4); /* copy a run of pixels from the previous frame */ xan_wc3_copy_pixel_run(s, x, y, size, motion_x, motion_y); diff --git a/gst-libs/ext/libav/libavcodec/xxan.c b/gst-libs/ext/libav/libavcodec/xxan.c index 84ffdec..7a0cdc4 100644 --- a/gst-libs/ext/libav/libavcodec/xxan.c +++ b/gst-libs/ext/libav/libavcodec/xxan.c @@ -49,6 +49,10 @@ static av_cold int xan_decode_init(AVCodecContext *avctx) av_log(avctx, AV_LOG_ERROR, "Invalid frame height: %d.\n", avctx->height); return AVERROR(EINVAL); } + if (avctx->width & 1) { + av_log(avctx, AV_LOG_ERROR, "Invalid frame width: %d.\n", avctx->width); + return AVERROR(EINVAL); + } s->buffer_size = avctx->width * avctx->height; s->y_buffer = av_malloc(s->buffer_size); diff --git a/gst-libs/ext/libav/libavcodec/zmbv.c b/gst-libs/ext/libav/libavcodec/zmbv.c index c92e553..c7a90f0 100644 --- a/gst-libs/ext/libav/libavcodec/zmbv.c +++ b/gst-libs/ext/libav/libavcodec/zmbv.c @@ -508,8 +508,11 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame, AVPac } if (c->comp == 0) { //Uncompressed data + if (c->decomp_size < len) { + av_log(avctx, AV_LOG_ERROR, "Buffer too small\n"); + return AVERROR_INVALIDDATA; + } memcpy(c->decomp_buf, buf, len); - c->decomp_size = 1; } else { // ZLIB-compressed data c->zstream.total_in = c->zstream.total_out = 0; c->zstream.next_in = buf; diff --git a/gst-libs/ext/libav/libavformat/ape.c b/gst-libs/ext/libav/libavformat/ape.c index a9c695e..3c25630 100644 --- a/gst-libs/ext/libav/libavformat/ape.c +++ b/gst-libs/ext/libav/libavformat/ape.c @@ -255,7 +255,7 @@ static int ape_read_header(AVFormatContext * s) ape->totalframes); return -1; } - if (ape->seektablelength && (ape->seektablelength / sizeof(*ape->seektable)) < ape->totalframes) { + if (ape->seektablelength / sizeof(*ape->seektable) < ape->totalframes) { av_log(s, AV_LOG_ERROR, "Number of seek entries is less than number of frames: %zu vs. %"PRIu32"\n", ape->seektablelength / sizeof(*ape->seektable), ape->totalframes); diff --git a/gst-libs/ext/libav/libavformat/asfdec.c b/gst-libs/ext/libav/libavformat/asfdec.c index c6b322d..e8587af 100644 --- a/gst-libs/ext/libav/libavformat/asfdec.c +++ b/gst-libs/ext/libav/libavformat/asfdec.c @@ -714,7 +714,9 @@ static int asf_read_header(AVFormatContext *s) if (ret < 0) return ret; } else if (!ff_guidcmp(&g, &ff_asf_stream_header)) { - asf_read_stream_properties(s, gsize); + int ret = asf_read_stream_properties(s, gsize); + if (ret < 0) + return ret; } else if (!ff_guidcmp(&g, &ff_asf_comment_header)) { asf_read_content_desc(s, gsize); } else if (!ff_guidcmp(&g, &ff_asf_language_guid)) { diff --git a/gst-libs/ext/libav/libavformat/avidec.c b/gst-libs/ext/libav/libavformat/avidec.c index ee341c2..e17d932 100644 --- a/gst-libs/ext/libav/libavformat/avidec.c +++ b/gst-libs/ext/libav/libavformat/avidec.c @@ -752,8 +752,10 @@ static int avi_read_header(AVFormatContext *s) return 0; } -static int read_gab2_sub(AVStream *st, AVPacket *pkt) { - if (!strcmp(pkt->data, "GAB2") && AV_RL16(pkt->data+5) == 2) { +static int read_gab2_sub(AVStream *st, AVPacket *pkt) +{ + if (pkt->size >= 7 && + !strcmp(pkt->data, "GAB2") && AV_RL16(pkt->data + 5) == 2) { uint8_t desc[256]; int score = AVPROBE_SCORE_MAX / 2, ret; AVIStream *ast = st->priv_data; diff --git a/gst-libs/ext/libav/libavformat/bfi.c b/gst-libs/ext/libav/libavformat/bfi.c index e60bbf4..19060e7 100644 --- a/gst-libs/ext/libav/libavformat/bfi.c +++ b/gst-libs/ext/libav/libavformat/bfi.c @@ -132,6 +132,10 @@ static int bfi_read_packet(AVFormatContext * s, AVPacket * pkt) video_offset = avio_rl32(pb); audio_size = video_offset - audio_offset; bfi->video_size = chunk_size - video_offset; + if (audio_size < 0 || bfi->video_size < 0) { + av_log(s, AV_LOG_ERROR, "Invalid audio/video offsets or chunk size\n"); + return AVERROR_INVALIDDATA; + } //Tossing an audio packet at the audio decoder. ret = av_get_packet(pb, pkt, audio_size); @@ -140,9 +144,7 @@ static int bfi_read_packet(AVFormatContext * s, AVPacket * pkt) pkt->pts = bfi->audio_frame; bfi->audio_frame += ret; - } - - else { + } else if (bfi->video_size > 0) { //Tossing a video packet at the video decoder. ret = av_get_packet(pb, pkt, bfi->video_size); @@ -154,6 +156,9 @@ static int bfi_read_packet(AVFormatContext * s, AVPacket * pkt) /* One less frame to read. A cursory decrement. */ bfi->nframes--; + } else { + /* Empty video packet */ + ret = AVERROR(EAGAIN); } bfi->avflag = !bfi->avflag; diff --git a/gst-libs/ext/libav/libavformat/dsicin.c b/gst-libs/ext/libav/libavformat/dsicin.c index ecc8c0b..6a7c8b9 100644 --- a/gst-libs/ext/libav/libavformat/dsicin.c +++ b/gst-libs/ext/libav/libavformat/dsicin.c @@ -154,6 +154,8 @@ static int cin_read_frame_header(CinDemuxContext *cin, AVIOContext *pb) { if (avio_rl32(pb) != 0xAA55AA55) return AVERROR_INVALIDDATA; + if (hdr->video_frame_size < 0 || hdr->audio_frame_size < 0) + return AVERROR_INVALIDDATA; return 0; } diff --git a/gst-libs/ext/libav/libavformat/electronicarts.c b/gst-libs/ext/libav/libavformat/electronicarts.c index ae2fda0..b85b4c2 100644 --- a/gst-libs/ext/libav/libavformat/electronicarts.c +++ b/gst-libs/ext/libav/libavformat/electronicarts.c @@ -439,8 +439,9 @@ static int ea_read_header(AVFormatContext *s) } if (ea->audio_codec) { - if (ea->num_channels <= 0) { - av_log(s, AV_LOG_WARNING, "Unsupported number of channels: %d\n", ea->num_channels); + if (ea->num_channels <= 0 || ea->num_channels > 2) { + av_log(s, AV_LOG_WARNING, + "Unsupported number of channels: %d\n", ea->num_channels); ea->audio_codec = 0; return 1; } @@ -525,10 +526,16 @@ static int ea_read_packet(AVFormatContext *s, case AV_CODEC_ID_ADPCM_EA_R1: case AV_CODEC_ID_ADPCM_EA_R2: case AV_CODEC_ID_ADPCM_IMA_EA_EACS: - pkt->duration = AV_RL32(pkt->data); - break; case AV_CODEC_ID_ADPCM_EA_R3: - pkt->duration = AV_RB32(pkt->data); + if (pkt->size < 4) { + av_log(s, AV_LOG_ERROR, "Packet is too short\n"); + av_free_packet(pkt); + return AVERROR_INVALIDDATA; + } + if (ea->audio_codec == AV_CODEC_ID_ADPCM_EA_R3) + pkt->duration = AV_RB32(pkt->data); + else + pkt->duration = AV_RL32(pkt->data); break; case AV_CODEC_ID_ADPCM_IMA_EA_SEAD: pkt->duration = ret * 2 / ea->num_channels; diff --git a/gst-libs/ext/libav/libavformat/idroqdec.c b/gst-libs/ext/libav/libavformat/idroqdec.c index eeaafec..82eff24 100644 --- a/gst-libs/ext/libav/libavformat/idroqdec.c +++ b/gst-libs/ext/libav/libavformat/idroqdec.c @@ -142,6 +142,8 @@ static int roq_read_packet(AVFormatContext *s, break; case RoQ_QUAD_CODEBOOK: + if (roq->video_stream_index < 0) + return AVERROR_INVALIDDATA; /* packet needs to contain both this codebook and next VQ chunk */ codebook_offset = avio_tell(pb) - RoQ_CHUNK_PREAMBLE_SIZE; codebook_size = chunk_size; @@ -191,6 +193,11 @@ static int roq_read_packet(AVFormatContext *s, st->codec->block_align = st->codec->channels * st->codec->bits_per_coded_sample; } case RoQ_QUAD_VQ: + if (chunk_type == RoQ_QUAD_VQ) { + if (roq->video_stream_index < 0) + return AVERROR_INVALIDDATA; + } + /* load up the packet */ if (av_new_packet(pkt, chunk_size + RoQ_CHUNK_PREAMBLE_SIZE)) return AVERROR(EIO); diff --git a/gst-libs/ext/libav/libavformat/matroskadec.c b/gst-libs/ext/libav/libavformat/matroskadec.c index fe4d932..8a0c91b 100644 --- a/gst-libs/ext/libav/libavformat/matroskadec.c +++ b/gst-libs/ext/libav/libavformat/matroskadec.c @@ -1580,6 +1580,10 @@ static int matroska_read_header(AVFormatContext *s) track->audio.sub_packet_h = avio_rb16(&b); track->audio.frame_size = avio_rb16(&b); track->audio.sub_packet_size = avio_rb16(&b); + if (flavor <= 0 || track->audio.coded_framesize <= 0 || + track->audio.sub_packet_h <= 0 || track->audio.frame_size <= 0 || + track->audio.sub_packet_size <= 0) + return AVERROR_INVALIDDATA; track->audio.buf = av_malloc(track->audio.frame_size * track->audio.sub_packet_h); if (codec_id == AV_CODEC_ID_RA_288) { st->codec->block_align = track->audio.coded_framesize; diff --git a/gst-libs/ext/libav/libavformat/mov.c b/gst-libs/ext/libav/libavformat/mov.c index f652934..6b89a2d 100644 --- a/gst-libs/ext/libav/libavformat/mov.c +++ b/gst-libs/ext/libav/libavformat/mov.c @@ -1659,6 +1659,10 @@ static int mov_read_stts(MOVContext *c, AVIOContext *pb, MOVAtom atom) sample_count=avio_rb32(pb); sample_duration = avio_rb32(pb); + if (sample_count < 0) { + av_log(c->fc, AV_LOG_ERROR, "Invalid sample_count=%d\n", sample_count); + return AVERROR_INVALIDDATA; + } sc->stts_data[i].count= sample_count; sc->stts_data[i].duration= sample_duration; @@ -2063,7 +2067,7 @@ static int mov_read_trak(MOVContext *c, AVIOContext *pb, MOVAtom atom) ((double)st->codec->width * sc->height), INT_MAX); } - if (st->duration != AV_NOPTS_VALUE) + if (st->duration != AV_NOPTS_VALUE && st->duration > 0) av_reduce(&st->avg_frame_rate.num, &st->avg_frame_rate.den, sc->time_scale*st->nb_frames, st->duration, INT_MAX); @@ -2805,7 +2809,7 @@ static int mov_read_header(AVFormatContext *s) for (i = 0; i < s->nb_streams; i++) { AVStream *st = s->streams[i]; MOVStreamContext *sc = st->priv_data; - if (st->duration) + if (st->duration > 0) st->codec->bit_rate = sc->data_size * 8 * sc->time_scale / st->duration; } } diff --git a/gst-libs/ext/libav/libavformat/mpc8.c b/gst-libs/ext/libav/libavformat/mpc8.c index f60a314..c7aa875 100644 --- a/gst-libs/ext/libav/libavformat/mpc8.c +++ b/gst-libs/ext/libav/libavformat/mpc8.c @@ -139,12 +139,21 @@ static void mpc8_parse_seektable(AVFormatContext *s, int64_t off) int i, t, seekd; GetBitContext gb; + if (s->nb_streams == 0) { + av_log(s, AV_LOG_ERROR, "No stream added before parsing seek table\n"); + return; + } + avio_seek(s->pb, off, SEEK_SET); mpc8_get_chunk_header(s->pb, &tag, &size); if(tag != TAG_SEEKTABLE){ av_log(s, AV_LOG_ERROR, "No seek table at given position\n"); return; } + if (size < 0 || size >= INT_MAX / 2) { + av_log(s, AV_LOG_ERROR, "Bad seek table size\n"); + return; + } if(!(buf = av_malloc(size + FF_INPUT_BUFFER_PADDING_SIZE))) return; avio_read(s->pb, buf, size); diff --git a/gst-libs/ext/libav/libavformat/mvi.c b/gst-libs/ext/libav/libavformat/mvi.c index 10ec8bb..65096f1 100644 --- a/gst-libs/ext/libav/libavformat/mvi.c +++ b/gst-libs/ext/libav/libavformat/mvi.c @@ -93,6 +93,12 @@ static int read_header(AVFormatContext *s) mvi->get_int = (vst->codec->width * vst->codec->height < (1 << 16)) ? avio_rl16 : avio_rl24; mvi->audio_frame_size = ((uint64_t)mvi->audio_data_size << MVI_FRAC_BITS) / frames_count; + if (mvi->audio_frame_size <= 1 << MVI_FRAC_BITS - 1) { + av_log(s, AV_LOG_ERROR, "Invalid audio_data_size (%d) or frames_count (%d)\n", + mvi->audio_data_size, frames_count); + return AVERROR_INVALIDDATA; + } + mvi->audio_size_counter = (ast->codec->sample_rate * 830 / mvi->audio_frame_size - 1) * mvi->audio_frame_size; mvi->audio_size_left = mvi->audio_data_size; diff --git a/gst-libs/ext/libav/libavformat/mxfdec.c b/gst-libs/ext/libav/libavformat/mxfdec.c index 18f7b26..d380b36 100644 --- a/gst-libs/ext/libav/libavformat/mxfdec.c +++ b/gst-libs/ext/libav/libavformat/mxfdec.c @@ -1527,8 +1527,16 @@ static int mxf_parse_structural_metadata(MXFContext *mxf) st->codec->channels = descriptor->channels; st->codec->bits_per_coded_sample = descriptor->bits_per_sample; - if (descriptor->sample_rate.den > 0) + if (descriptor->sample_rate.den > 0) { st->codec->sample_rate = descriptor->sample_rate.num / descriptor->sample_rate.den; + avpriv_set_pts_info(st, 64, descriptor->sample_rate.den, descriptor->sample_rate.num); + } else { + av_log(mxf->fc, AV_LOG_WARNING, "invalid sample rate (%d/%d) " + "found for stream #%d, time base forced to 1/48000\n", + descriptor->sample_rate.num, descriptor->sample_rate.den, + st->index); + avpriv_set_pts_info(st, 64, 1, 48000); + } /* TODO: implement AV_CODEC_ID_RAWAUDIO */ if (st->codec->codec_id == AV_CODEC_ID_PCM_S16LE) { diff --git a/gst-libs/ext/libav/libavformat/oggparseogm.c b/gst-libs/ext/libav/libavformat/oggparseogm.c index 7b3cda2..56ea557 100644 --- a/gst-libs/ext/libav/libavformat/oggparseogm.c +++ b/gst-libs/ext/libav/libavformat/oggparseogm.c @@ -37,60 +37,62 @@ ogm_header(AVFormatContext *s, int idx) struct ogg *ogg = s->priv_data; struct ogg_stream *os = ogg->streams + idx; AVStream *st = s->streams[idx]; - const uint8_t *p = os->buf + os->pstart; + GetByteContext p; uint64_t time_unit; uint64_t spu; - if(!(*p & 1)) + bytestream2_init(&p, os->buf + os->pstart, os->psize); + if (!(bytestream2_peek_byte(&p) & 1)) return 0; - if(*p == 1) { - p++; + if (bytestream2_peek_byte(&p) == 1) { + bytestream2_skip(&p, 1); - if(*p == 'v'){ + if (bytestream2_peek_byte(&p) == 'v'){ int tag; st->codec->codec_type = AVMEDIA_TYPE_VIDEO; - p += 8; - tag = bytestream_get_le32(&p); + bytestream2_skip(&p, 8); + tag = bytestream2_get_le32(&p); st->codec->codec_id = ff_codec_get_id(ff_codec_bmp_tags, tag); st->codec->codec_tag = tag; - } else if (*p == 't') { + } else if (bytestream2_peek_byte(&p) == 't') { st->codec->codec_type = AVMEDIA_TYPE_SUBTITLE; st->codec->codec_id = AV_CODEC_ID_TEXT; - p += 12; + bytestream2_skip(&p, 12); } else { - uint8_t acid[5]; + uint8_t acid[5] = { 0 }; int cid; st->codec->codec_type = AVMEDIA_TYPE_AUDIO; - p += 8; - bytestream_get_buffer(&p, acid, 4); + bytestream2_skip(&p, 8); + bytestream2_get_buffer(&p, acid, 4); acid[4] = 0; cid = strtol(acid, NULL, 16); st->codec->codec_id = ff_codec_get_id(ff_codec_wav_tags, cid); st->need_parsing = AVSTREAM_PARSE_FULL; } - p += 4; /* useless size field */ + bytestream2_skip(&p, 4); /* useless size field */ - time_unit = bytestream_get_le64(&p); - spu = bytestream_get_le64(&p); - p += 4; /* default_len */ - p += 8; /* buffersize + bits_per_sample */ + time_unit = bytestream2_get_le64(&p); + spu = bytestream2_get_le64(&p); + bytestream2_skip(&p, 4); /* default_len */ + bytestream2_skip(&p, 8); /* buffersize + bits_per_sample */ if(st->codec->codec_type == AVMEDIA_TYPE_VIDEO){ - st->codec->width = bytestream_get_le32(&p); - st->codec->height = bytestream_get_le32(&p); + st->codec->width = bytestream2_get_le32(&p); + st->codec->height = bytestream2_get_le32(&p); avpriv_set_pts_info(st, 64, time_unit, spu * 10000000); } else { - st->codec->channels = bytestream_get_le16(&p); - p += 2; /* block_align */ - st->codec->bit_rate = bytestream_get_le32(&p) * 8; + st->codec->channels = bytestream2_get_le16(&p); + bytestream2_skip(&p, 2); /* block_align */ + st->codec->bit_rate = bytestream2_get_le32(&p) * 8; st->codec->sample_rate = spu * 10000000 / time_unit; avpriv_set_pts_info(st, 64, 1, st->codec->sample_rate); } - } else if (*p == 3) { - if (os->psize > 8) - ff_vorbis_comment(s, &st->metadata, p+7, os->psize-8); + } else if (bytestream2_peek_byte(&p) == 3) { + bytestream2_skip(&p, 7); + if (bytestream2_get_bytes_left(&p) > 1) + ff_vorbis_comment(s, &st->metadata, p.buffer, bytestream2_get_bytes_left(&p) - 1); } return 1; diff --git a/gst-libs/ext/libav/libavformat/omadec.c b/gst-libs/ext/libav/libavformat/omadec.c index 8548fb5..0403451 100644 --- a/gst-libs/ext/libav/libavformat/omadec.c +++ b/gst-libs/ext/libav/libavformat/omadec.c @@ -170,7 +170,11 @@ static int nprobe(AVFormatContext *s, uint8_t *enc_header, unsigned size, taglen = AV_RB32(&enc_header[pos+32]); datalen = AV_RB32(&enc_header[pos+36]) >> 4; - pos += 44 + taglen; + pos += 44; + if (size - pos < taglen) + return -1; + + pos += taglen; if (datalen << 4 > size - pos) return -1; diff --git a/gst-libs/ext/libav/libavformat/r3d.c b/gst-libs/ext/libav/libavformat/r3d.c index a4cb20a..543043e 100644 --- a/gst-libs/ext/libav/libavformat/r3d.c +++ b/gst-libs/ext/libav/libavformat/r3d.c @@ -87,7 +87,7 @@ static int r3d_read_red1(AVFormatContext *s) framerate.num = avio_rb16(s->pb); framerate.den = avio_rb16(s->pb); - if (framerate.num && framerate.den) { + if (framerate.num > 0 && framerate.den > 0) { #if FF_API_R_FRAME_RATE st->r_frame_rate = #endif @@ -286,6 +286,10 @@ static int r3d_read_reda(AVFormatContext *s, AVPacket *pkt, Atom *atom) dts = avio_rb32(s->pb); st->codec->sample_rate = avio_rb32(s->pb); + if (st->codec->sample_rate <= 0) { + av_log(s, AV_LOG_ERROR, "Bad sample rate\n"); + return AVERROR_INVALIDDATA; + } samples = avio_rb32(s->pb); diff --git a/gst-libs/ext/libav/libavformat/riff.c b/gst-libs/ext/libav/libavformat/riff.c index e9463c0..09d8dbb 100644 --- a/gst-libs/ext/libav/libavformat/riff.c +++ b/gst-libs/ext/libav/libavformat/riff.c @@ -653,6 +653,11 @@ int ff_get_wav_header(AVIOContext *pb, AVCodecContext *codec, int size) if (size > 0) avio_skip(pb, size); } + if (codec->sample_rate <= 0) { + av_log(NULL, AV_LOG_ERROR, + "Invalid sample rate: %d\n", codec->sample_rate); + return AVERROR_INVALIDDATA; + } codec->codec_id = ff_wav_codec_get_id(id, codec->bits_per_coded_sample); if (codec->codec_id == AV_CODEC_ID_AAC_LATM) { /* channels and sample_rate values are those prior to applying SBR and/or PS */ diff --git a/gst-libs/ext/libav/libavformat/rl2.c b/gst-libs/ext/libav/libavformat/rl2.c index ac0532f..ab33aab 100644 --- a/gst-libs/ext/libav/libavformat/rl2.c +++ b/gst-libs/ext/libav/libavformat/rl2.c @@ -107,6 +107,10 @@ static av_cold int rl2_read_header(AVFormatContext *s) rate = avio_rl16(pb); channels = avio_rl16(pb); def_sound_size = avio_rl16(pb); + if (!channels || channels > 42) { + av_log(s, AV_LOG_ERROR, "Invalid number of channels: %d\n", channels); + return AVERROR_INVALIDDATA; + } /** setup video stream */ st = avformat_new_stream(s, NULL); diff --git a/gst-libs/ext/libav/libavformat/rmdec.c b/gst-libs/ext/libav/libavformat/rmdec.c index 6495bdf..f8362c0 100644 --- a/gst-libs/ext/libav/libavformat/rmdec.c +++ b/gst-libs/ext/libav/libavformat/rmdec.c @@ -331,8 +331,13 @@ ff_rm_read_mdpr_codecdata (AVFormatContext *s, AVIOContext *pb, if ((ret = rm_read_extradata(pb, st->codec, codec_data_size - (avio_tell(pb) - codec_pos))) < 0) return ret; - av_reduce(&st->avg_frame_rate.den, &st->avg_frame_rate.num, - 0x10000, fps, (1 << 30) - 1); + if (fps > 0) { + av_reduce(&st->avg_frame_rate.den, &st->avg_frame_rate.num, + 0x10000, fps, (1 << 30) - 1); + } else if (s->error_recognition & AV_EF_EXPLODE) { + av_log(s, AV_LOG_ERROR, "Invalid framerate\n"); + return AVERROR_INVALIDDATA; + } #if FF_API_R_FRAME_RATE st->r_frame_rate = st->avg_frame_rate; #endif diff --git a/gst-libs/ext/libav/libavformat/segafilm.c b/gst-libs/ext/libav/libavformat/segafilm.c index adf2475..5643f33 100644 --- a/gst-libs/ext/libav/libavformat/segafilm.c +++ b/gst-libs/ext/libav/libavformat/segafilm.c @@ -111,6 +111,11 @@ static int film_read_header(AVFormatContext *s) return AVERROR(EIO); film->audio_samplerate = AV_RB16(&scratch[24]); film->audio_channels = scratch[21]; + if (!film->audio_channels || film->audio_channels > 2) { + av_log(s, AV_LOG_ERROR, + "Invalid number of channels: %d\n", film->audio_channels); + return AVERROR_INVALIDDATA; + } film->audio_bits = scratch[22]; if (scratch[23] == 2) film->audio_type = AV_CODEC_ID_ADPCM_ADX; diff --git a/gst-libs/ext/libav/libavformat/sierravmd.c b/gst-libs/ext/libav/libavformat/sierravmd.c index 359282c..a8534be 100644 --- a/gst-libs/ext/libav/libavformat/sierravmd.c +++ b/gst-libs/ext/libav/libavformat/sierravmd.c @@ -88,7 +88,7 @@ static int vmd_read_header(AVFormatContext *s) unsigned char *raw_frame_table; int raw_frame_table_size; int64_t current_offset; - int i, j; + int i, j, ret; unsigned int total_frames; int64_t current_audio_pts = 0; unsigned char chunk[BYTES_PER_FRAME_RECORD]; @@ -175,15 +175,13 @@ static int vmd_read_header(AVFormatContext *s) raw_frame_table = av_malloc(raw_frame_table_size); vmd->frame_table = av_malloc((vmd->frame_count * vmd->frames_per_block + sound_buffers) * sizeof(vmd_frame)); if (!raw_frame_table || !vmd->frame_table) { - av_free(raw_frame_table); - av_free(vmd->frame_table); - return AVERROR(ENOMEM); + ret = AVERROR(ENOMEM); + goto error; } if (avio_read(pb, raw_frame_table, raw_frame_table_size) != raw_frame_table_size) { - av_free(raw_frame_table); - av_free(vmd->frame_table); - return AVERROR(EIO); + ret = AVERROR(EIO); + goto error; } total_frames = 0; @@ -199,6 +197,11 @@ static int vmd_read_header(AVFormatContext *s) avio_read(pb, chunk, BYTES_PER_FRAME_RECORD); type = chunk[0]; size = AV_RL32(&chunk[2]); + if (size > INT_MAX / 2) { + av_log(s, AV_LOG_ERROR, "Invalid frame size\n"); + ret = AVERROR_INVALIDDATA; + goto error; + } if(!size && type != 1) continue; switch(type) { @@ -235,6 +238,11 @@ static int vmd_read_header(AVFormatContext *s) vmd->frame_count = total_frames; return 0; + +error: + av_free(raw_frame_table); + av_free(vmd->frame_table); + return ret; } static int vmd_read_packet(AVFormatContext *s, diff --git a/gst-libs/ext/libav/libavformat/smacker.c b/gst-libs/ext/libav/libavformat/smacker.c index 4a3a2b3..a6a6933 100644 --- a/gst-libs/ext/libav/libavformat/smacker.c +++ b/gst-libs/ext/libav/libavformat/smacker.c @@ -327,7 +327,7 @@ static int smacker_read_packet(AVFormatContext *s, AVPacket *pkt) } flags >>= 1; } - if (frame_size < 0) + if (frame_size < 0 || frame_size >= INT_MAX/2) return AVERROR_INVALIDDATA; if (av_new_packet(pkt, frame_size + 769)) return AVERROR(ENOMEM); @@ -343,6 +343,8 @@ static int smacker_read_packet(AVFormatContext *s, AVPacket *pkt) smk->cur_frame++; smk->nextpos = avio_tell(s->pb); } else { + if (smk->stream_id[smk->curstream] < 0) + return AVERROR_INVALIDDATA; if (av_new_packet(pkt, smk->buf_sizes[smk->curstream])) return AVERROR(ENOMEM); memcpy(pkt->data, smk->bufs[smk->curstream], smk->buf_sizes[smk->curstream]); diff --git a/gst-libs/ext/libav/libavformat/utils.c b/gst-libs/ext/libav/libavformat/utils.c index 4f73dfe..b0bfea2 100644 --- a/gst-libs/ext/libav/libavformat/utils.c +++ b/gst-libs/ext/libav/libavformat/utils.c @@ -2499,7 +2499,8 @@ int avformat_find_stream_info(AVFormatContext *ic, AVDictionary **options) double best_error = 0.01; if (delta_dts >= INT64_MAX / st->time_base.num || - delta_packets >= INT64_MAX / st->time_base.den) + delta_packets >= INT64_MAX / st->time_base.den || + delta_dts < 0) continue; av_reduce(&st->avg_frame_rate.num, &st->avg_frame_rate.den, delta_packets*(int64_t)st->time_base.den, diff --git a/gst-libs/ext/libav/libavformat/vocdec.c b/gst-libs/ext/libav/libavformat/vocdec.c index 4e06513..2fb8440 100644 --- a/gst-libs/ext/libav/libavformat/vocdec.c +++ b/gst-libs/ext/libav/libavformat/vocdec.c @@ -91,11 +91,11 @@ ff_voc_get_packet(AVFormatContext *s, AVPacket *pkt, AVStream *st, int max_size) if (sample_rate) dec->sample_rate = sample_rate; avpriv_set_pts_info(st, 64, 1, dec->sample_rate); + dec->channels = channels; + dec->bits_per_coded_sample = av_get_bits_per_sample(dec->codec_id); } else avio_skip(pb, 1); - dec->channels = channels; tmp_codec = avio_r8(pb); - dec->bits_per_coded_sample = av_get_bits_per_sample(dec->codec_id); voc->remaining_size -= 2; max_size -= 2; channels = 1; @@ -117,10 +117,10 @@ ff_voc_get_packet(AVFormatContext *s, AVPacket *pkt, AVStream *st, int max_size) if (!dec->sample_rate) { dec->sample_rate = avio_rl32(pb); avpriv_set_pts_info(st, 64, 1, dec->sample_rate); + dec->bits_per_coded_sample = avio_r8(pb); + dec->channels = avio_r8(pb); } else - avio_skip(pb, 4); - dec->bits_per_coded_sample = avio_r8(pb); - dec->channels = avio_r8(pb); + avio_skip(pb, 6); tmp_codec = avio_rl16(pb); avio_skip(pb, 4); voc->remaining_size -= 12; diff --git a/gst-libs/ext/libav/libavformat/vqf.c b/gst-libs/ext/libav/libavformat/vqf.c index 66ced37..aba6ab1 100644 --- a/gst-libs/ext/libav/libavformat/vqf.c +++ b/gst-libs/ext/libav/libavformat/vqf.c @@ -174,10 +174,21 @@ static int vqf_read_header(AVFormatContext *s) st->codec->sample_rate = 11025; break; default: + if (rate_flag < 8 || rate_flag > 44) { + av_log(s, AV_LOG_ERROR, "Invalid rate flag %d\n", rate_flag); + return AVERROR_INVALIDDATA; + } st->codec->sample_rate = rate_flag*1000; break; } + if (read_bitrate / st->codec->channels < 8 || + read_bitrate / st->codec->channels > 48) { + av_log(s, AV_LOG_ERROR, "Invalid bitrate per channel %d\n", + read_bitrate / st->codec->channels); + return AVERROR_INVALIDDATA; + } + switch (((st->codec->sample_rate/1000) << 8) + read_bitrate/st->codec->channels) { case (11<<8) + 8 : diff --git a/gst-libs/ext/libav/libavformat/wtv.c b/gst-libs/ext/libav/libavformat/wtv.c index 1811e46..7f029ff 100644 --- a/gst-libs/ext/libav/libavformat/wtv.c +++ b/gst-libs/ext/libav/libavformat/wtv.c @@ -274,7 +274,12 @@ static AVIOContext * wtvfile_open2(AVFormatContext *s, const uint8_t *buf, int b dir_length = AV_RL16(buf + 16); file_length = AV_RL64(buf + 24); name_size = 2 * AV_RL32(buf + 32); - if (buf + 48 + name_size > buf_end) { + if (name_size < 0) { + av_log(s, AV_LOG_ERROR, + "bad filename length, remaining directory entries ignored\n"); + break; + } + if (48 + name_size > buf_end - buf) { av_log(s, AV_LOG_ERROR, "filename exceeds buffer size; remaining directory entries ignored\n"); break; } diff --git a/gst-libs/ext/libav/libavformat/xmv.c b/gst-libs/ext/libav/libavformat/xmv.c index d491dec..201dc3a 100644 --- a/gst-libs/ext/libav/libavformat/xmv.c +++ b/gst-libs/ext/libav/libavformat/xmv.c @@ -43,6 +43,8 @@ XMV_AUDIO_ADPCM51_FRONTCENTERLOW | \ XMV_AUDIO_ADPCM51_REARLEFTRIGHT) +#define XMV_BLOCK_ALIGN_SIZE 36 + typedef struct XMVAudioTrack { uint16_t compression; uint16_t channels; @@ -207,7 +209,7 @@ static int xmv_read_header(AVFormatContext *s) track->bit_rate = track->bits_per_sample * track->sample_rate * track->channels; - track->block_align = 36 * track->channels; + track->block_align = XMV_BLOCK_ALIGN_SIZE * track->channels; track->block_samples = 64; track->codec_id = ff_wav_codec_get_id(track->compression, track->bits_per_sample); @@ -224,7 +226,8 @@ static int xmv_read_header(AVFormatContext *s) av_log(s, AV_LOG_WARNING, "Unsupported 5.1 ADPCM audio stream " "(0x%04X)\n", track->flags); - if (!track->channels || !track->sample_rate) { + if (!track->channels || !track->sample_rate || + track->channels >= UINT16_MAX / XMV_BLOCK_ALIGN_SIZE) { av_log(s, AV_LOG_ERROR, "Invalid parameters for audio track %d.\n", audio_track); ret = AVERROR_INVALIDDATA; diff --git a/gst-libs/ext/libav/libavformat/xwma.c b/gst-libs/ext/libav/libavformat/xwma.c index 46ca0b8..5500db8 100644 --- a/gst-libs/ext/libav/libavformat/xwma.c +++ b/gst-libs/ext/libav/libavformat/xwma.c @@ -200,6 +200,14 @@ static int xwma_read_header(AVFormatContext *s) /* Estimate the duration from the total number of output bytes. */ const uint64_t total_decoded_bytes = dpds_table[dpds_table_size - 1]; + + if (!bytes_per_sample) { + av_log(s, AV_LOG_ERROR, + "Invalid bits_per_coded_sample %d for %d channels\n", + st->codec->bits_per_coded_sample, st->codec->channels); + return AVERROR_INVALIDDATA; + } + st->duration = total_decoded_bytes / bytes_per_sample; /* Use the dpds data to build a seek table. We can only do this after diff --git a/gst-libs/ext/libav/tests/ref/fate/mxf-demux b/gst-libs/ext/libav/tests/ref/fate/mxf-demux index e162775..426afae 100644 --- a/gst-libs/ext/libav/tests/ref/fate/mxf-demux +++ b/gst-libs/ext/libav/tests/ref/fate/mxf-demux @@ -1,7 +1,7 @@ #tb 0: 1/25 -#tb 1: 1/25 +#tb 1: 1/8000 0, 0, -9223372036854775808, 1, 8468, 0xc0855553 -1, 0, 0, 50, 32000, 0x479155e6 +1, 0, 0, 16000, 32000, 0x479155e6 0, 1, -9223372036854775808, 1, 3814, 0xa10783b4 0, 2, -9223372036854775808, 1, 3747, 0xb7bf6973 0, 3, -9223372036854775808, 1, 3705, 0x5462a600 @@ -52,7 +52,7 @@ 0, 48, -9223372036854775808, 1, 3688, 0x1db45852 0, 49, -9223372036854775808, 1, 38412, 0x2ee26a63 0, 50, -9223372036854775808, 1, 8385, 0x0bc20a27 -1, 50, 50, 50, 32000, 0x8f7e5009 +1, 16000, 16000, 16000, 32000, 0x8f7e5009 0, 51, -9223372036854775808, 1, 3733, 0xa3e2a9a0 0, 52, -9223372036854775808, 1, 3773, 0x27769caa 0, 53, -9223372036854775808, 1, 3670, 0xc8335e98 diff --git a/gst-libs/ext/libav/tests/ref/seek/lavf-mxf b/gst-libs/ext/libav/tests/ref/seek/lavf-mxf index cc634a8..5f2cf5d 100644 --- a/gst-libs/ext/libav/tests/ref/seek/lavf-mxf +++ b/gst-libs/ext/libav/tests/ref/seek/lavf-mxf @@ -7,8 +7,8 @@ ret: 0 st: 0 flags:0 ts: 0.800000 ret: 0 st: 0 flags:1 dts: 0.840000 pts: 0.960000 pos: 460800 size: 24712 ret: 0 st: 0 flags:1 ts:-0.320000 ret: 0 st: 0 flags:1 dts:-0.040000 pts: 0.000000 pos: 6144 size: 24801 -ret:-1 st: 1 flags:0 ts: 2.560000 -ret: 0 st: 1 flags:1 ts: 1.480000 +ret:-1 st: 1 flags:0 ts: 2.576667 +ret: 0 st: 1 flags:1 ts: 1.470833 ret: 0 st: 0 flags:1 dts: 0.840000 pts: 0.960000 pos: 460800 size: 24712 ret: 0 st:-1 flags:0 ts: 0.365002 ret: 0 st: 0 flags:1 dts: 0.360000 pts: 0.480000 pos: 211968 size: 24787 @@ -17,9 +17,9 @@ ret: 0 st: 0 flags:1 dts:-0.040000 pts: 0.000000 pos: 6144 size: 24801 ret:-1 st: 0 flags:0 ts: 2.160000 ret: 0 st: 0 flags:1 ts: 1.040000 ret: 0 st: 0 flags:1 dts: 0.840000 pts: 0.960000 pos: 460800 size: 24712 -ret: 0 st: 1 flags:0 ts:-0.040000 +ret: 0 st: 1 flags:0 ts:-0.058333 ret: 0 st: 0 flags:1 dts:-0.040000 pts: 0.000000 pos: 6144 size: 24801 -ret: 0 st: 1 flags:1 ts: 2.840000 +ret: 0 st: 1 flags:1 ts: 2.835833 ret: 0 st: 0 flags:1 dts: 0.840000 pts: 0.960000 pos: 460800 size: 24712 ret:-1 st:-1 flags:0 ts: 1.730004 ret: 0 st:-1 flags:1 ts: 0.624171 @@ -28,9 +28,9 @@ ret: 0 st: 0 flags:0 ts:-0.480000 ret: 0 st: 0 flags:1 dts:-0.040000 pts: 0.000000 pos: 6144 size: 24801 ret: 0 st: 0 flags:1 ts: 2.400000 ret: 0 st: 0 flags:1 dts: 0.840000 pts: 0.960000 pos: 460800 size: 24712 -ret:-1 st: 1 flags:0 ts: 1.320000 -ret: 0 st: 1 flags:1 ts: 0.200000 -ret: 0 st: 0 flags:1 dts:-0.040000 pts: 0.000000 pos: 6144 size: 24801 +ret:-1 st: 1 flags:0 ts: 1.306667 +ret: 0 st: 1 flags:1 ts: 0.200833 +ret: 0 st: 0 flags:1 dts: 0.840000 pts: 0.960000 pos: 460800 size: 24712 ret: 0 st:-1 flags:0 ts:-0.904994 ret: 0 st: 0 flags:1 dts:-0.040000 pts: 0.000000 pos: 6144 size: 24801 ret: 0 st:-1 flags:1 ts: 1.989173 @@ -39,8 +39,8 @@ ret: 0 st: 0 flags:0 ts: 0.880000 ret: 0 st: 0 flags:1 dts: 0.840000 pts: 0.960000 pos: 460800 size: 24712 ret: 0 st: 0 flags:1 ts:-0.240000 ret: 0 st: 0 flags:1 dts:-0.040000 pts: 0.000000 pos: 6144 size: 24801 -ret:-1 st: 1 flags:0 ts: 2.680000 -ret: 0 st: 1 flags:1 ts: 1.560000 +ret:-1 st: 1 flags:0 ts: 2.671667 +ret: 0 st: 1 flags:1 ts: 1.565833 ret: 0 st: 0 flags:1 dts: 0.840000 pts: 0.960000 pos: 460800 size: 24712 ret: 0 st:-1 flags:0 ts: 0.460008 ret: 0 st: 0 flags:1 dts: 0.840000 pts: 0.960000 pos: 460800 size: 24712 diff --git a/gst-libs/ext/libav/tests/ref/seek/lavf-mxf_d10 b/gst-libs/ext/libav/tests/ref/seek/lavf-mxf_d10 index 4cfe595..e091c77 100644 --- a/gst-libs/ext/libav/tests/ref/seek/lavf-mxf_d10 +++ b/gst-libs/ext/libav/tests/ref/seek/lavf-mxf_d10 @@ -7,10 +7,10 @@ ret: 0 st: 0 flags:0 ts: 0.800000 ret: 0 st: 0 flags:1 dts: 0.800000 pts: 0.800000 pos:4265984 size:150000 ret: 0 st: 0 flags:1 ts:-0.320000 ret: 0 st: 0 flags:1 dts: 0.000000 pts: 0.000000 pos: 6144 size:150000 -ret: 0 st: 1 flags:0 ts: 2.560000 -ret: 0 st: 0 flags:1 dts: 0.960000 pts: 0.960000 pos:5117952 size:150000 -ret: 0 st: 1 flags:1 ts: 1.480000 -ret: 0 st: 0 flags:1 dts: 0.960000 pts: 0.960000 pos:5117952 size:150000 +ret: 0 st: 1 flags:0 ts: 2.576667 +ret: 0 st: 0 flags:1 dts: 0.000000 pts: 0.000000 pos:5117952 size:150000 +ret: 0 st: 1 flags:1 ts: 1.470833 +ret: 0 st: 0 flags:1 dts: 0.000000 pts: 0.000000 pos:5117952 size:150000 ret: 0 st:-1 flags:0 ts: 0.365002 ret: 0 st: 0 flags:1 dts: 0.360000 pts: 0.360000 pos:1923072 size:150000 ret: 0 st:-1 flags:1 ts:-0.740831 @@ -19,10 +19,10 @@ ret: 0 st: 0 flags:0 ts: 2.160000 ret: 0 st: 0 flags:1 dts: 0.960000 pts: 0.960000 pos:5117952 size:150000 ret: 0 st: 0 flags:1 ts: 1.040000 ret: 0 st: 0 flags:1 dts: 0.960000 pts: 0.960000 pos:5117952 size:150000 -ret: 0 st: 1 flags:0 ts:-0.040000 +ret: 0 st: 1 flags:0 ts:-0.058333 ret: 0 st: 0 flags:1 dts: 0.000000 pts: 0.000000 pos: 6144 size:150000 -ret: 0 st: 1 flags:1 ts: 2.840000 -ret: 0 st: 0 flags:1 dts: 0.960000 pts: 0.960000 pos:5117952 size:150000 +ret: 0 st: 1 flags:1 ts: 2.835833 +ret: 0 st: 0 flags:1 dts: 0.000000 pts: 0.000000 pos:5117952 size:150000 ret: 0 st:-1 flags:0 ts: 1.730004 ret: 0 st: 0 flags:1 dts: 0.960000 pts: 0.960000 pos:5117952 size:150000 ret: 0 st:-1 flags:1 ts: 0.624171 @@ -31,10 +31,10 @@ ret: 0 st: 0 flags:0 ts:-0.480000 ret: 0 st: 0 flags:1 dts: 0.000000 pts: 0.000000 pos: 6144 size:150000 ret: 0 st: 0 flags:1 ts: 2.400000 ret: 0 st: 0 flags:1 dts: 0.960000 pts: 0.960000 pos:5117952 size:150000 -ret: 0 st: 1 flags:0 ts: 1.320000 -ret: 0 st: 0 flags:1 dts: 0.960000 pts: 0.960000 pos:5117952 size:150000 -ret: 0 st: 1 flags:1 ts: 0.200000 -ret: 0 st: 0 flags:1 dts: 0.200000 pts: 0.200000 pos:1071104 size:150000 +ret: 0 st: 1 flags:0 ts: 1.306667 +ret: 0 st: 0 flags:1 dts: 0.000000 pts: 0.000000 pos:5117952 size:150000 +ret: 0 st: 1 flags:1 ts: 0.200833 +ret: 0 st: 0 flags:1 dts: 0.000000 pts: 0.000000 pos:5117952 size:150000 ret: 0 st:-1 flags:0 ts:-0.904994 ret: 0 st: 0 flags:1 dts: 0.000000 pts: 0.000000 pos: 6144 size:150000 ret: 0 st:-1 flags:1 ts: 1.989173 @@ -43,10 +43,10 @@ ret: 0 st: 0 flags:0 ts: 0.880000 ret: 0 st: 0 flags:1 dts: 0.880000 pts: 0.880000 pos:4691968 size:150000 ret: 0 st: 0 flags:1 ts:-0.240000 ret: 0 st: 0 flags:1 dts: 0.000000 pts: 0.000000 pos: 6144 size:150000 -ret: 0 st: 1 flags:0 ts: 2.680000 -ret: 0 st: 0 flags:1 dts: 0.960000 pts: 0.960000 pos:5117952 size:150000 -ret: 0 st: 1 flags:1 ts: 1.560000 -ret: 0 st: 0 flags:1 dts: 0.960000 pts: 0.960000 pos:5117952 size:150000 +ret: 0 st: 1 flags:0 ts: 2.671667 +ret: 0 st: 0 flags:1 dts: 0.000000 pts: 0.000000 pos:5117952 size:150000 +ret: 0 st: 1 flags:1 ts: 1.565833 +ret: 0 st: 0 flags:1 dts: 0.000000 pts: 0.000000 pos:5117952 size:150000 ret: 0 st:-1 flags:0 ts: 0.460008 ret: 0 st: 0 flags:1 dts: 0.480000 pts: 0.480000 pos:2562048 size:150000 ret: 0 st:-1 flags:1 ts:-0.645825 -- cgit v1.2.3