The safe bitstream reader broke it since the buffer size was specified
in bytes instead of bits.
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
CC: libav-stable@libav.org
(cherry picked from commit a1c036e961)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
We slightly overread the input buffer, so we require
padding at the end of the buffer, as is documented in the
get_bits API. Without padding, we'll read uninitialized
data or beyond the end of the .rodata, which may crash.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 4ffe5e2aa5)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
This way, it protects against overreads for 4bpp/2bpp content also.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit cc5dd632ce)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
We need to set ms_stereo in encode_init() in order to avoid incorrectly
encoding the first frame as non-m/s while flagging it as m/s. Fixes an
uncomfortable pop in the left channel at the start of playback.
CC:libav-stable@libav.org
(cherry picked from commit 51ddf35c90)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
ff_wma_init() allows up to 50kHz, but this generates an exponent band
size table that requires 65 bands. The code assumes 25 bands in many
places, and using sample rates higher than 48kHz will lead to buffer
overwrites.
CC:libav-stable@libav.org
(cherry picked from commit 1ec075cfec)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
This is near the theoretical limit for wma frame size and is the most that
our decoder can handle. Allowing higher bit rates will just end up padding
each frame with empty bytes.
Fixes invalid writes for avconv when using very high bit rates.
CC:libav-stable@libav.org
(cherry picked from commit c2b8dea182)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
The maximum theoretical frame size is around 17000 bytes. Although in
practice it will generally be much smaller, we require a larger buffer
just to be safe.
CC: libav-stable@libav.org
(cherry picked from commit dfc4fdedf8)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Because in contrast to the decoder, the parser does not setup low_delay.
The code in parse_nal_units would always end up setting has_b_frames
to "1", except when stream is explicitly marked as low delay.
Since the parser itself would create 'extradata', simply reopening
the parser would cause this.
This happens for instance in estimate_timings_from_pts(), which causes the
parser to be reopened on the same stream.
This fixes Libav #22 and FFmpeg (trac) #360
CC: libav-stable@libav.org
Based on a patch by Reimar Döffinger <Reimar.Doeffinger@gmx.de>
(commit 31ac0ac29b)
Comments and description adapted by Reinhard Tartler.
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 790a367d9e)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Prevents crash when trying to copy from a non-existing plane in e.g.
a RGB32 reference image to a YUV420P target image
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 830f70442a)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
This prevents crashes when trying to read beyond the end of the buffer
while decoding frame data.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit be129271ea)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
This prevents crashers and errors further down when reading nodes in the
empty tree.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 2b83e8b700)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Return 0 indicates "please return the same data again", i.e. it causes
an infinite loop. Instead, return that we consumed the buffer if we
finished decoding succesfully, or return an error if an error occurred.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 74699ac8c8)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
The MDCT buffers in the decoder are only sized for up to 11 bits. The
reverse engineered documentation for WMA1/2 headers say that that for
all samplerates above 32kHz 11 bits are used. 12 and 13 bit support
were added for WMAPro. I was unable to make any Microsoft tools generate
a test file at a samplerate above 48kHz.
Discovered by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit d78bb1a4b2)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
If attribute_deprecated is used in an enum declaration, it
should follow the 'enum' keyword, otherwise it's ignored
silently. This is the only case of attribute_deprecated for
enum declarations currently.
Currently, this attribute_deprecated doesn't have any effect.
If moved to the right place, it emits a warning every single
time avcodec.h is included, like this:
avcodec.h:2827: warning: ‘AVLPCType’ is deprecated (declared at avcodec.h:543)
There is already a working attribute_deprecated for the
corresponding field in AVCodecContext, so therefore this
one shouldn't be needed.
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 1b6da627d4)
Signed-off-by: Martin Storsjö <martin@martin.st>
Zero-length get_bits() is undefined, must check before calling.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit c79d2a20ba)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Paul B Mahol
Ronald S. Bultje
Alex Converse
Michael Niedermayer
Mans Rullgard
Fabian Greffrath
Justin Ruggles
Reinhard Tartler
Martin Storsjö