From 092a91210f1b986dc846dc52988518f8f913eb72 Mon Sep 17 00:00:00 2001 From: Doug McMahon Date: Wed, 24 Dec 2014 15:19:46 -0500 Subject: [PATCH] Imported Debian version 2.5.2~trusty --- debian/changelog | 6 ++++++ ffmpeg/Changelog | 18 ++++++++++++++++++ ffmpeg/Makefile | 2 +- ffmpeg/RELEASE | 2 +- ffmpeg/VERSION | 2 +- ffmpeg/configure | 1 + ffmpeg/doc/Doxyfile | 2 +- ffmpeg/libavcodec/dcadec.c | 4 ++++ ffmpeg/libavcodec/h264.c | 11 +++++++++++ ffmpeg/libavcodec/h264.h | 1 + ffmpeg/libavcodec/hevc.c | 2 +- ffmpeg/libavcodec/hevc_ps.c | 8 ++++++++ ffmpeg/libavcodec/indeo3.c | 8 +++++--- ffmpeg/libavcodec/jvdec.c | 7 +++++++ ffmpeg/libavcodec/mmvideo.c | 7 +++++++ ffmpeg/libavcodec/utils.c | 3 +++ ffmpeg/libavcodec/utvideodec.c | 4 ++++ ffmpeg/libavcodec/vmdvideo.c | 3 +++ ffmpeg/libavcodec/xface.c | 5 +++++ ffmpeg/libavcodec/xface.h | 10 +++++----- ffmpeg/libavdevice/avdevice.c | 3 +++ ffmpeg/libavfilter/avfilter.c | 3 +++ ffmpeg/libavformat/apngdec.c | 2 +- ffmpeg/libavformat/flvdec.c | 2 +- ffmpeg/libavformat/hdsenc.c | 12 ++++++------ ffmpeg/libavformat/isom.h | 1 + ffmpeg/libavformat/mov.c | 19 +++++++++++++++---- ffmpeg/libavformat/rsd.c | 2 +- ffmpeg/libavformat/utils.c | 3 +++ ffmpeg/libavutil/utils.c | 3 +++ ffmpeg/libpostproc/postprocess.c | 3 +++ ffmpeg/libswresample/swresample.c | 3 +++ ffmpeg/libswscale/swscale_internal.h | 2 +- 33 files changed, 137 insertions(+), 27 deletions(-) diff --git a/debian/changelog b/debian/changelog index 4b57ce1..f314dca 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +ffmpeg (7:2.5.2~trusty) trusty; urgency=medium + + * New point release + + -- Doug McMahon Wed, 24 Dec 2014 15:19:46 -0500 + ffmpeg (7:2.5.1~trusty) trusty; urgency=medium * New point release diff --git a/ffmpeg/Changelog b/ffmpeg/Changelog index ea7774d..4f5651b 100644 --- a/ffmpeg/Changelog +++ b/ffmpeg/Changelog @@ -1,6 +1,24 @@ Entries are sorted chronologically from oldest to youngest within each release, releases are sorted from youngest to oldest. +version 2.5.2: +- avcodec/indeo3: ensure offsets are non negative +- avcodec/h264: Check *log2_weight_denom +- avcodec/hevc_ps: Check diff_cu_qp_delta_depth +- avcodec/h264: Clear delayed_pic on deallocation +- avcodec/hevc: clear filter_slice_edges() on allocation +- avcodec/dcadec: Check that the added xch channel isnt already there +- avcodec/indeo3: use signed variables to avoid underflow +- swscale: increase yuv2rgb table headroom +- avformat/mov: fix integer overflow of size +- avformat/mov: check atom nesting depth +- avcodec/utvideodec: Fix handling of slice_height=0 +- avcodec/xface: correct the XFACE_MAX_* values +- avcodec/vmdvideo: Check len before using it in method 3 +- configure: create the tests directory like the doc directory +- mmvideo: check frame dimensions +- jvdec: check frame dimensions + version 2.5.1: - lavu/frame: fix malloc error path in av_frame_copy_props() - avformat/aviobuf: Check that avio_seek() target is non negative diff --git a/ffmpeg/Makefile b/ffmpeg/Makefile index 1e1dbb3..845a274 100644 --- a/ffmpeg/Makefile +++ b/ffmpeg/Makefile @@ -112,7 +112,7 @@ endef $(foreach P,$(PROGS),$(eval $(call DOPROG,$(P:$(PROGSSUF)$(EXESUF)=)))) -ffprobe.o cmdutils.o : libavutil/ffversion.h +ffprobe.o cmdutils.o libavcodec/utils.o libavformat/utils.o libavdevice/avdevice.o libavfilter/avfilter.o libavutil/utils.o libpostproc/postprocess.o libswresample/swresample.o libswscale/utils.o : libavutil/ffversion.h $(PROGS): %$(PROGSSUF)$(EXESUF): %$(PROGSSUF)_g$(EXESUF) $(CP) $< $@ diff --git a/ffmpeg/RELEASE b/ffmpeg/RELEASE index 73462a5..f225a78 100644 --- a/ffmpeg/RELEASE +++ b/ffmpeg/RELEASE @@ -1 +1 @@ -2.5.1 +2.5.2 diff --git a/ffmpeg/VERSION b/ffmpeg/VERSION index 73462a5..f225a78 100644 --- a/ffmpeg/VERSION +++ b/ffmpeg/VERSION @@ -1 +1 @@ -2.5.1 +2.5.2 diff --git a/ffmpeg/configure b/ffmpeg/configure index ed50628..d25f155 100755 --- a/ffmpeg/configure +++ b/ffmpeg/configure @@ -5706,6 +5706,7 @@ enabled getenv || echo "#define getenv(x) NULL" >> $TMPH mkdir -p doc +mkdir -p tests echo "@c auto-generated by configure" > doc/config.texi print_config ARCH_ "$config_files" $ARCH_LIST diff --git a/ffmpeg/doc/Doxyfile b/ffmpeg/doc/Doxyfile index 73c16ce..1cde20b 100644 --- a/ffmpeg/doc/Doxyfile +++ b/ffmpeg/doc/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 2.5.1 +PROJECT_NUMBER = 2.5.2 # With the PROJECT_LOGO tag one can specify a logo or icon that is included # in the documentation. The maximum height of the logo should not exceed 55 diff --git a/ffmpeg/libavcodec/dcadec.c b/ffmpeg/libavcodec/dcadec.c index a36f69b..40d8e9e 100644 --- a/ffmpeg/libavcodec/dcadec.c +++ b/ffmpeg/libavcodec/dcadec.c @@ -2360,6 +2360,10 @@ FF_ENABLE_DEPRECATION_WARNINGS #else if (s->xch_present && !s->xch_disable) { #endif + if (avctx->channel_layout & AV_CH_BACK_CENTER) { + avpriv_request_sample(avctx, "XCh with Back center channel"); + return AVERROR_INVALIDDATA; + } avctx->channel_layout |= AV_CH_BACK_CENTER; if (s->lfe) { avctx->channel_layout |= AV_CH_LOW_FREQUENCY; diff --git a/ffmpeg/libavcodec/h264.c b/ffmpeg/libavcodec/h264.c index 222bf58..e507308 100644 --- a/ffmpeg/libavcodec/h264.c +++ b/ffmpeg/libavcodec/h264.c @@ -391,6 +391,7 @@ void ff_h264_free_tables(H264Context *h, int free_rbsp) if (free_rbsp && h->DPB) { for (i = 0; i < H264_MAX_PICTURE_COUNT; i++) ff_h264_unref_picture(h, &h->DPB[i]); + memset(h->delayed_pic, 0, sizeof(h->delayed_pic)); av_freep(&h->DPB); } else if (h->DPB) { for (i = 0; i < H264_MAX_PICTURE_COUNT; i++) @@ -990,6 +991,16 @@ int ff_pred_weight_table(H264Context *h) h->luma_log2_weight_denom = get_ue_golomb(&h->gb); if (h->sps.chroma_format_idc) h->chroma_log2_weight_denom = get_ue_golomb(&h->gb); + + if (h->luma_log2_weight_denom > 7U) { + av_log(h->avctx, AV_LOG_ERROR, "luma_log2_weight_denom %d is out of range\n", h->luma_log2_weight_denom); + h->luma_log2_weight_denom = 0; + } + if (h->chroma_log2_weight_denom > 7U) { + av_log(h->avctx, AV_LOG_ERROR, "chroma_log2_weight_denom %d is out of range\n", h->chroma_log2_weight_denom); + h->chroma_log2_weight_denom = 0; + } + luma_def = 1 << h->luma_log2_weight_denom; chroma_def = 1 << h->chroma_log2_weight_denom; diff --git a/ffmpeg/libavcodec/h264.h b/ffmpeg/libavcodec/h264.h index b94f06b..cb7e6f9 100644 --- a/ffmpeg/libavcodec/h264.h +++ b/ffmpeg/libavcodec/h264.h @@ -338,6 +338,7 @@ typedef struct H264Picture { * H264Context */ typedef struct H264Context { + AVClass *av_class; AVCodecContext *avctx; MECmpContext mecc; VideoDSPContext vdsp; diff --git a/ffmpeg/libavcodec/hevc.c b/ffmpeg/libavcodec/hevc.c index d4dc52c..9b683d9 100644 --- a/ffmpeg/libavcodec/hevc.c +++ b/ffmpeg/libavcodec/hevc.c @@ -108,7 +108,7 @@ static int pic_arrays_init(HEVCContext *s, const HEVCSPS *sps) if (!s->tab_ipm || !s->cbf_luma || !s->is_pcm) goto fail; - s->filter_slice_edges = av_malloc(ctb_count); + s->filter_slice_edges = av_mallocz(ctb_count); s->tab_slice_address = av_malloc_array(pic_size_in_ctb, sizeof(*s->tab_slice_address)); s->qp_y_tab = av_malloc_array(pic_size_in_ctb, diff --git a/ffmpeg/libavcodec/hevc_ps.c b/ffmpeg/libavcodec/hevc_ps.c index 6b5e13f..11e6eb6 100644 --- a/ffmpeg/libavcodec/hevc_ps.c +++ b/ffmpeg/libavcodec/hevc_ps.c @@ -1255,6 +1255,14 @@ int ff_hevc_decode_nal_pps(HEVCContext *s) if (pps->cu_qp_delta_enabled_flag) pps->diff_cu_qp_delta_depth = get_ue_golomb_long(gb); + if (pps->diff_cu_qp_delta_depth < 0 || + pps->diff_cu_qp_delta_depth > sps->log2_diff_max_min_coding_block_size) { + av_log(s->avctx, AV_LOG_ERROR, "diff_cu_qp_delta_depth %d is invalid\n", + pps->diff_cu_qp_delta_depth); + ret = AVERROR_INVALIDDATA; + goto err; + } + pps->cb_qp_offset = get_se_golomb(gb); if (pps->cb_qp_offset < -12 || pps->cb_qp_offset > 12) { av_log(s->avctx, AV_LOG_ERROR, "pps_cb_qp_offset out of range: %d\n", diff --git a/ffmpeg/libavcodec/indeo3.c b/ffmpeg/libavcodec/indeo3.c index d38765e..9fde0fd 100644 --- a/ffmpeg/libavcodec/indeo3.c +++ b/ffmpeg/libavcodec/indeo3.c @@ -94,7 +94,7 @@ typedef struct Indeo3DecodeContext { int16_t width, height; uint32_t frame_num; ///< current frame number (zero-based) - uint32_t data_size; ///< size of the frame data in bytes + int data_size; ///< size of the frame data in bytes uint16_t frame_flags; ///< frame properties uint8_t cb_offset; ///< needed for selecting VQ tables uint8_t buf_sel; ///< active frame buffer: 0 - primary, 1 -secondary @@ -899,7 +899,8 @@ static int decode_frame_headers(Indeo3DecodeContext *ctx, AVCodecContext *avctx, GetByteContext gb; const uint8_t *bs_hdr; uint32_t frame_num, word2, check_sum, data_size; - uint32_t y_offset, u_offset, v_offset, starts[3], ends[3]; + int y_offset, u_offset, v_offset; + uint32_t starts[3], ends[3]; uint16_t height, width; int i, j; @@ -981,7 +982,8 @@ static int decode_frame_headers(Indeo3DecodeContext *ctx, AVCodecContext *avctx, ctx->y_data_size = ends[0] - starts[0]; ctx->v_data_size = ends[1] - starts[1]; ctx->u_data_size = ends[2] - starts[2]; - if (FFMAX3(y_offset, v_offset, u_offset) >= ctx->data_size - 16 || + if (FFMIN3(y_offset, v_offset, u_offset) < 0 || + FFMAX3(y_offset, v_offset, u_offset) >= ctx->data_size - 16 || FFMIN3(y_offset, v_offset, u_offset) < gb.buffer - bs_hdr + 16 || FFMIN3(ctx->y_data_size, ctx->v_data_size, ctx->u_data_size) <= 0) { av_log(avctx, AV_LOG_ERROR, "One of the y/u/v offsets is invalid\n"); diff --git a/ffmpeg/libavcodec/jvdec.c b/ffmpeg/libavcodec/jvdec.c index 47e8edc..9c4a8d4 100644 --- a/ffmpeg/libavcodec/jvdec.c +++ b/ffmpeg/libavcodec/jvdec.c @@ -43,6 +43,13 @@ static av_cold int decode_init(AVCodecContext *avctx) { JvContext *s = avctx->priv_data; + if (!avctx->width || !avctx->height || + (avctx->width & 7) || (avctx->height & 7)) { + av_log(avctx, AV_LOG_ERROR, "Invalid video dimensions: %dx%d\n", + avctx->width, avctx->height); + return AVERROR(EINVAL); + } + s->frame = av_frame_alloc(); if (!s->frame) return AVERROR(ENOMEM); diff --git a/ffmpeg/libavcodec/mmvideo.c b/ffmpeg/libavcodec/mmvideo.c index 9a7c10c..8b04965 100644 --- a/ffmpeg/libavcodec/mmvideo.c +++ b/ffmpeg/libavcodec/mmvideo.c @@ -61,6 +61,13 @@ static av_cold int mm_decode_init(AVCodecContext *avctx) avctx->pix_fmt = AV_PIX_FMT_PAL8; + if (!avctx->width || !avctx->height || + (avctx->width & 1) || (avctx->height & 1)) { + av_log(avctx, AV_LOG_ERROR, "Invalid video dimensions: %dx%d\n", + avctx->width, avctx->height); + return AVERROR(EINVAL); + } + s->frame = av_frame_alloc(); if (!s->frame) return AVERROR(ENOMEM); diff --git a/ffmpeg/libavcodec/utils.c b/ffmpeg/libavcodec/utils.c index 66fe62c..410a05f 100644 --- a/ffmpeg/libavcodec/utils.c +++ b/ffmpeg/libavcodec/utils.c @@ -66,6 +66,9 @@ #include "compat/os2threads.h" #endif +#include "libavutil/ffversion.h" +const char av_codec_ffversion[] = "FFmpeg version " FFMPEG_VERSION; + #if HAVE_PTHREADS || HAVE_W32THREADS || HAVE_OS2THREADS static int default_lockmgr_cb(void **arg, enum AVLockOp op) { diff --git a/ffmpeg/libavcodec/utvideodec.c b/ffmpeg/libavcodec/utvideodec.c index b565c10..3a3c46e 100644 --- a/ffmpeg/libavcodec/utvideodec.c +++ b/ffmpeg/libavcodec/utvideodec.c @@ -215,6 +215,8 @@ static void restore_median(uint8_t *src, int step, int stride, slice_height = ((((slice + 1) * height) / slices) & cmask) - slice_start; + if (!slice_height) + continue; bsrc = src + slice_start * stride; // first line - left neighbour prediction @@ -270,6 +272,8 @@ static void restore_median_il(uint8_t *src, int step, int stride, slice_height = ((((slice + 1) * height) / slices) & cmask) - slice_start; slice_height >>= 1; + if (!slice_height) + continue; bsrc = src + slice_start * stride; diff --git a/ffmpeg/libavcodec/vmdvideo.c b/ffmpeg/libavcodec/vmdvideo.c index fa0fbe3..a2ba1c9 100644 --- a/ffmpeg/libavcodec/vmdvideo.c +++ b/ffmpeg/libavcodec/vmdvideo.c @@ -339,6 +339,9 @@ static int vmd_decode(VmdVideoContext *s, AVFrame *frame) ofs += slen; bytestream2_skip(&gb, len); } else { + if (ofs + len > frame_width || + bytestream2_get_bytes_left(&gb) < len) + return AVERROR_INVALIDDATA; bytestream2_get_buffer(&gb, &dp[ofs], len); ofs += len; } diff --git a/ffmpeg/libavcodec/xface.c b/ffmpeg/libavcodec/xface.c index 0ebf2f2..8c0cbfd 100644 --- a/ffmpeg/libavcodec/xface.c +++ b/ffmpeg/libavcodec/xface.c @@ -24,6 +24,8 @@ * X-Face common data and utilities definition. */ +#include "libavutil/avassert.h" + #include "xface.h" void ff_big_add(BigInt *b, uint8_t a) @@ -43,6 +45,7 @@ void ff_big_add(BigInt *b, uint8_t a) c >>= XFACE_BITSPERWORD; } if (i == b->nb_words && c) { + av_assert0(b->nb_words < XFACE_MAX_WORDS); b->nb_words++; *w = c & XFACE_WORDMASK; } @@ -98,6 +101,7 @@ void ff_big_mul(BigInt *b, uint8_t a) return; if (a == 0) { /* treat this as a == WORDCARRY and just shift everything left a WORD */ + av_assert0(b->nb_words < XFACE_MAX_WORDS); i = b->nb_words++; w = b->words + i; while (i--) { @@ -116,6 +120,7 @@ void ff_big_mul(BigInt *b, uint8_t a) c >>= XFACE_BITSPERWORD; } if (c) { + av_assert0(b->nb_words < XFACE_MAX_WORDS); b->nb_words++; *w = c & XFACE_WORDMASK; } diff --git a/ffmpeg/libavcodec/xface.h b/ffmpeg/libavcodec/xface.h index 63df5d3..0236d71 100644 --- a/ffmpeg/libavcodec/xface.h +++ b/ffmpeg/libavcodec/xface.h @@ -41,17 +41,17 @@ /* * Image is encoded as a big integer, using characters from '~' to * '!', for a total of 94 symbols. In order to express - * 48x48*2=8*XFACE_MAX_WORDS=4608 - * bits, we need a total of 704 digits, as given by: - * ceil(lg_94(2^4608)) = 704 + * 48x48 pixels with the worst case encoding 666 symbols should + * be sufficient. */ -#define XFACE_MAX_DIGITS 704 +#define XFACE_MAX_DIGITS 666 #define XFACE_BITSPERWORD 8 #define XFACE_WORDCARRY (1 << XFACE_BITSPERWORD) #define XFACE_WORDMASK (XFACE_WORDCARRY - 1) -#define XFACE_MAX_WORDS ((XFACE_PIXELS * 2 + XFACE_BITSPERWORD - 1) / XFACE_BITSPERWORD) +// This must be larger or equal to log256(94^XFACE_MAX_DIGITS) +#define XFACE_MAX_WORDS 546 /* Portable, very large unsigned integer arithmetic is needed. * Implementation uses arrays of WORDs. */ diff --git a/ffmpeg/libavdevice/avdevice.c b/ffmpeg/libavdevice/avdevice.c index 755f251..c68126f 100644 --- a/ffmpeg/libavdevice/avdevice.c +++ b/ffmpeg/libavdevice/avdevice.c @@ -23,6 +23,9 @@ #include "avdevice.h" #include "config.h" +#include "libavutil/ffversion.h" +const char av_device_ffversion[] = "FFmpeg version " FFMPEG_VERSION; + #define E AV_OPT_FLAG_ENCODING_PARAM #define D AV_OPT_FLAG_DECODING_PARAM #define A AV_OPT_FLAG_AUDIO_PARAM diff --git a/ffmpeg/libavfilter/avfilter.c b/ffmpeg/libavfilter/avfilter.c index 963f5e6..b37ff1f 100644 --- a/ffmpeg/libavfilter/avfilter.c +++ b/ffmpeg/libavfilter/avfilter.c @@ -37,6 +37,9 @@ #include "formats.h" #include "internal.h" +#include "libavutil/ffversion.h" +const char av_filter_ffversion[] = "FFmpeg version " FFMPEG_VERSION; + static int ff_filter_frame_framed(AVFilterLink *link, AVFrame *frame); void ff_tlog_ref(void *ctx, AVFrame *ref, int end) diff --git a/ffmpeg/libavformat/apngdec.c b/ffmpeg/libavformat/apngdec.c index d97b015..5e7a4a1 100644 --- a/ffmpeg/libavformat/apngdec.c +++ b/ffmpeg/libavformat/apngdec.c @@ -404,7 +404,7 @@ static int apng_read_packet(AVFormatContext *s, AVPacket *pkt) return 0; default: { - char tag_buf[5]; + char tag_buf[32]; av_get_codec_tag_string(tag_buf, sizeof(tag_buf), tag); avpriv_request_sample(s, "In-stream tag=%s (0x%08X) len=%"PRIu32, tag_buf, tag, len); diff --git a/ffmpeg/libavformat/flvdec.c b/ffmpeg/libavformat/flvdec.c index c64b3a9..54f2f56 100644 --- a/ffmpeg/libavformat/flvdec.c +++ b/ffmpeg/libavformat/flvdec.c @@ -623,7 +623,7 @@ static int flv_read_close(AVFormatContext *s) static int flv_get_extradata(AVFormatContext *s, AVStream *st, int size) { - av_free(st->codec->extradata); + av_freep(&st->codec->extradata); if (ff_get_extradata(st->codec, s->pb, size) < 0) return AVERROR(ENOMEM); return 0; diff --git a/ffmpeg/libavformat/hdsenc.c b/ffmpeg/libavformat/hdsenc.c index 33d7c3a..a161b64 100644 --- a/ffmpeg/libavformat/hdsenc.c +++ b/ffmpeg/libavformat/hdsenc.c @@ -145,15 +145,15 @@ static void hds_free(AVFormatContext *s) if (os->ctx && os->ctx_inited) av_write_trailer(os->ctx); if (os->ctx && os->ctx->pb) - av_free(os->ctx->pb); + av_freep(&os->ctx->pb); if (os->ctx) avformat_free_context(os->ctx); - av_free(os->metadata); + av_freep(&os->metadata); for (j = 0; j < os->nb_extra_packets; j++) - av_free(os->extra_packets[j]); + av_freep(&os->extra_packets[j]); for (j = 0; j < os->nb_fragments; j++) - av_free(os->fragments[j]); - av_free(os->fragments); + av_freep(&os->fragments[j]); + av_freep(&os->fragments); } av_freep(&c->streams); } @@ -499,7 +499,7 @@ static int hds_flush(AVFormatContext *s, OutputStream *os, int final, if (remove > 0) { for (i = 0; i < remove; i++) { unlink(os->fragments[i]->file); - av_free(os->fragments[i]); + av_freep(&os->fragments[i]); } os->nb_fragments -= remove; memmove(os->fragments, os->fragments + remove, diff --git a/ffmpeg/libavformat/isom.h b/ffmpeg/libavformat/isom.h index e3160d0..249c3ab 100644 --- a/ffmpeg/libavformat/isom.h +++ b/ffmpeg/libavformat/isom.h @@ -189,6 +189,7 @@ typedef struct MOVContext { int has_looked_for_mfra; MOVFragmentIndex** fragment_index_data; unsigned fragment_index_count; + int atom_depth; } MOVContext; int ff_mp4_read_descr_len(AVIOContext *pb); diff --git a/ffmpeg/libavformat/mov.c b/ffmpeg/libavformat/mov.c index 8d66c0a..57e4524 100644 --- a/ffmpeg/libavformat/mov.c +++ b/ffmpeg/libavformat/mov.c @@ -1550,7 +1550,7 @@ static void mov_parse_stsd_audio(MOVContext *c, AVIOContext *pb, static void mov_parse_stsd_subtitle(MOVContext *c, AVIOContext *pb, AVStream *st, MOVStreamContext *sc, - int size) + int64_t size) { // ttxt stsd contains display flags, justification, background // color, fonts, and default styles, so fake an atom to read it @@ -1615,10 +1615,10 @@ static int mov_rewrite_dvd_sub_extradata(AVStream *st) static int mov_parse_stsd_data(MOVContext *c, AVIOContext *pb, AVStream *st, MOVStreamContext *sc, - int size) + int64_t size) { if (st->codec->codec_tag == MKTAG('t','m','c','d')) { - if (ff_get_extradata(st->codec, pb, size) < 0) + if ((int)size != size || ff_get_extradata(st->codec, pb, size) < 0) return AVERROR(ENOMEM); if (size > 16) { MOVStreamContext *tmcd_ctx = st->priv_data; @@ -3388,6 +3388,12 @@ static int mov_read_default(MOVContext *c, AVIOContext *pb, MOVAtom atom) MOVAtom a; int i; + if (c->atom_depth > 10) { + av_log(c->fc, AV_LOG_ERROR, "Atoms too deeply nested\n"); + return AVERROR_INVALIDDATA; + } + c->atom_depth ++; + if (atom.size < 0) atom.size = INT64_MAX; while (total_size + 8 <= atom.size && !avio_feof(pb)) { @@ -3417,6 +3423,7 @@ static int mov_read_default(MOVContext *c, AVIOContext *pb, MOVAtom atom) { av_log(c->fc, AV_LOG_ERROR, "Broken file, trak/mdat not at top-level\n"); avio_skip(pb, -8); + c->atom_depth --; return 0; } } @@ -3453,13 +3460,16 @@ static int mov_read_default(MOVContext *c, AVIOContext *pb, MOVAtom atom) int64_t start_pos = avio_tell(pb); int64_t left; int err = parse(c, pb, a); - if (err < 0) + if (err < 0) { + c->atom_depth --; return err; + } if (c->found_moov && c->found_mdat && ((!pb->seekable || c->fc->flags & AVFMT_FLAG_IGNIDX) || start_pos + a.size == avio_size(pb))) { if (!pb->seekable || c->fc->flags & AVFMT_FLAG_IGNIDX) c->next_root_atom = start_pos + a.size; + c->atom_depth --; return 0; } left = a.size - avio_tell(pb) + start_pos; @@ -3479,6 +3489,7 @@ static int mov_read_default(MOVContext *c, AVIOContext *pb, MOVAtom atom) if (total_size < atom.size && atom.size < 0x7ffff) avio_skip(pb, atom.size - total_size); + c->atom_depth --; return 0; } diff --git a/ffmpeg/libavformat/rsd.c b/ffmpeg/libavformat/rsd.c index bb2f3bc..1eff5de 100644 --- a/ffmpeg/libavformat/rsd.c +++ b/ffmpeg/libavformat/rsd.c @@ -70,7 +70,7 @@ static int rsd_read_header(AVFormatContext *s) codec->codec_tag = avio_rl32(pb); codec->codec_id = ff_codec_get_id(rsd_tags, codec->codec_tag); if (!codec->codec_id) { - char tag_buf[5]; + char tag_buf[32]; av_get_codec_tag_string(tag_buf, sizeof(tag_buf), codec->codec_tag); for (i=0; i < FF_ARRAY_ELEMS(rsd_unsupported_tags); i++) { diff --git a/ffmpeg/libavformat/utils.c b/ffmpeg/libavformat/utils.c index ae6347a..5da110d 100644 --- a/ffmpeg/libavformat/utils.c +++ b/ffmpeg/libavformat/utils.c @@ -53,6 +53,9 @@ #include "riff.h" #include "url.h" +#include "libavutil/ffversion.h" +const char av_format_ffversion[] = "FFmpeg version " FFMPEG_VERSION; + /** * @file * various utility functions for use within FFmpeg diff --git a/ffmpeg/libavutil/utils.c b/ffmpeg/libavutil/utils.c index aafd3b9..da8b5ae 100644 --- a/ffmpeg/libavutil/utils.c +++ b/ffmpeg/libavutil/utils.c @@ -27,6 +27,9 @@ * various utility functions */ +#include "libavutil/ffversion.h" +const char av_util_ffversion[] = "FFmpeg version " FFMPEG_VERSION; + unsigned avutil_version(void) { static int checks_done; diff --git a/ffmpeg/libpostproc/postprocess.c b/ffmpeg/libpostproc/postprocess.c index f8fb356..c11debc 100644 --- a/ffmpeg/libpostproc/postprocess.c +++ b/ffmpeg/libpostproc/postprocess.c @@ -89,6 +89,9 @@ try to unroll inner for(x=0 ... loop to avoid these damn if(x ... checks #include "postprocess_internal.h" #include "libavutil/avstring.h" +#include "libavutil/ffversion.h" +const char postproc_ffversion[] = "FFmpeg version " FFMPEG_VERSION; + unsigned postproc_version(void) { av_assert0(LIBPOSTPROC_VERSION_MICRO >= 100); diff --git a/ffmpeg/libswresample/swresample.c b/ffmpeg/libswresample/swresample.c index b0bd697..eb6effa 100644 --- a/ffmpeg/libswresample/swresample.c +++ b/ffmpeg/libswresample/swresample.c @@ -28,6 +28,9 @@ #define ALIGN 32 +#include "libavutil/ffversion.h" +const char swr_ffversion[] = "FFmpeg version " FFMPEG_VERSION; + unsigned swresample_version(void) { av_assert0(LIBSWRESAMPLE_VERSION_MICRO >= 100); diff --git a/ffmpeg/libswscale/swscale_internal.h b/ffmpeg/libswscale/swscale_internal.h index 63b4eca..37c2b37 100644 --- a/ffmpeg/libswscale/swscale_internal.h +++ b/ffmpeg/libswscale/swscale_internal.h @@ -39,7 +39,7 @@ #define STR(s) AV_TOSTRING(s) // AV_STRINGIFY is too long -#define YUVRGB_TABLE_HEADROOM 128 +#define YUVRGB_TABLE_HEADROOM 256 #define MAX_FILTER_SIZE SWS_MAX_FILTER_SIZE -- 2.34.1