From 2fb6e1e754f38ddd6eba0738f287e5b9ddc3777d Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 13 Nov 2015 13:32:13 +0100 Subject: [PATCH 1/3] segafilm: Fix current_sample after seeking and avio_seek return type Signed-off-by: Michael Niedermayer --- libavformat/segafilm.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/libavformat/segafilm.c b/libavformat/segafilm.c index 256c474d47..5516019d77 100644 --- a/libavformat/segafilm.c +++ b/libavformat/segafilm.c @@ -296,13 +296,14 @@ static int film_read_seek(AVFormatContext *s, int stream_index, int64_t timestam { FilmDemuxContext *film = s->priv_data; AVStream *st = s->streams[stream_index]; + int64_t pos; int ret = av_index_search_timestamp(st, timestamp, flags); if (ret < 0) return ret; - ret = avio_seek(s->pb, st->index_entries[ret].pos, SEEK_SET); - if (ret < 0) - return ret; + pos = avio_seek(s->pb, st->index_entries[ret].pos, SEEK_SET); + if (pos < 0) + return pos; film->current_sample = ret; From 0a8bff788b0a9f96b863f0e836a235cb1d223f55 Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun Date: Fri, 13 Nov 2015 21:48:27 +0100 Subject: [PATCH 2/3] dds: disable palette flag for compressed images Having both is not valid and can cause a NULL pointer dereference of frame->data[1] later. Signed-off-by: Andreas Cadhalpun Signed-off-by: Vittorio Giovara --- libavcodec/dds.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libavcodec/dds.c b/libavcodec/dds.c index ea58da0877..3b7e7f67e9 100644 --- a/libavcodec/dds.c +++ b/libavcodec/dds.c @@ -141,6 +141,12 @@ static int parse_pixel_format(AVCodecContext *avctx) normal_map = flags & DDPF_NORMALMAP; fourcc = bytestream2_get_le32(gbc); + if (ctx->compressed && ctx->paletted) { + av_log(avctx, AV_LOG_WARNING, + "Disabling invalid palette flag for compressed dds.\n"); + ctx->paletted = 0; + } + bpp = bytestream2_get_le32(gbc); // rgbbitcount r = bytestream2_get_le32(gbc); // rbitmask g = bytestream2_get_le32(gbc); // gbitmask From 9fd2bf09dbc630484d9e88a1d27f7e8508b70a2c Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun Date: Sun, 15 Nov 2015 10:50:44 +0100 Subject: [PATCH 3/3] hqx: correct type and size check of info_offset It is used as size argument of ff_canopus_parse_info_tag, which uses it as size argument to bytestream2_init, which only supports sizes up to INT_MAX. Changing it's type to unsigned simplifies the check. Signed-off-by: Andreas Cadhalpun --- libavcodec/hqx.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/hqx.c b/libavcodec/hqx.c index 34e36056c7..7411d3f252 100644 --- a/libavcodec/hqx.c +++ b/libavcodec/hqx.c @@ -417,8 +417,8 @@ static int hqx_decode_frame(AVCodecContext *avctx, void *data, info_tag = AV_RL32(src); if (info_tag == MKTAG('I', 'N', 'F', 'O')) { - int info_offset = AV_RL32(src + 4); - if (info_offset > UINT32_MAX - 8 || info_offset + 8 > avpkt->size) { + unsigned info_offset = AV_RL32(src + 4); + if (info_offset > INT_MAX || info_offset + 8 > avpkt->size) { av_log(avctx, AV_LOG_ERROR, "Invalid INFO header offset: 0x%08"PRIX32" is too large.\n", info_offset);