These additions might overflow the signed range for large
input values. Converting to unsigned before the addition
rather than after avoids such undefined behaviour. The
result under normal two's complement wraparound remains
unchanged.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit 88d1e2b2b0)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
This fixes a signed overflow from i << 24 when i == 255 by
making i unsigned. The result of the shift is already
assigned to an variable of unsigned type.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit 8b19ae0761)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Found with address sanitizer.
Signed-off-by: Alex Converse <alex.converse@gmail.com>
(cherry picked from commit c693aa6f71)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Found with address sanitizer.
Signed-off-by: Alex Converse <alex.converse@gmail.com>
(cherry picked from commit c693aa6f71)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Treating them like 0 is safest, current code would invoke
undefined pointer arithmetic behaviour in this case.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
(cherry picked from commit b9242fd12f)
(cherry picked from commit 0411b19289)
Treating them like 0 is safest, current code would invoke
undefined pointer arithmetic behaviour in this case.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
(cherry picked from commit b9242fd12f)
Note, the other arm asm code is likely affected too and should be changed as well.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 96bc6485bc)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This fixes a signed overflow from i << 24 when i == 255 by
making i unsigned. The result of the shift is already
assigned to an variable of unsigned type.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit 8b19ae0761)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
av_realloc_f helps avoiding memory-leaks in typical uses of realloc.
Signed-off-by: Nicolas George <nicolas.george@normalesup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5cd754bca2)
av_size_mult helps checking for overflow when computing the size of a memory
area.
Signed-off-by: Nicolas George <nicolas.george@normalesup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b2600509fe)
1<<31 overflows because 1 is signed, so force it to unsigned.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry picked from commit 5938e02185)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
1<<31 overflows because 1 is signed, so force it to unsigned.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry picked from commit 5938e02185)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Before this, almost all module groups have been used for grouping functions
and fields in structures semantically. This causes them to not appear
properly in the file documentation and needlessly clutters up the "Modules"
index.
Additionally, this commit streamlines some spelling and appearances.
(cherry picked from commit 21a19b7912)
In commit bebe72f4a05d338e04ae9ca1e9c6b72749b488aa, the enum AV_PICTURE_TYPE_* was introduced. There are still places in the code where pict_type is used as an integer and there is a case where "pict_type = 0" with the explanation "let ffmpeg decide what to do". The new enum does not know a value of 0 and C++ will fail if compiling such programs anyway as it is refered as an int (and you cannot patch them properly).
(cherry picked from commit 5129336714)
In commit bebe72f4a05d338e04ae9ca1e9c6b72749b488aa, the enum AV_PICTURE_TYPE_* was introduced. There are still places in the code where pict_type is used as an integer and there is a case where "pict_type = 0" with the explanation "let ffmpeg decide what to do". The new enum does not know a value of 0 and C++ will fail if compiling such programs anyway as it is refered as an int (and you cannot patch them properly).
(cherry picked from commit 5129336714)
The output type of the AV_RL32/AV_RB32 macros was signed int. The
resulting overflow broke at least some ASF streams with large
timestamps. Fix by adding a cast to uint32_t.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Deprecate av_get_bits_per_sample_fmt(), which was a misnamed function.
For the moment we don't have sample formats with a non-integer number
of bytes, in that case we may need to create a new
av_get_bits_per_sample() function. In the meanwhile we prefer to adopt
this variant, since avoids divisions by 8 all over the place.
The new layout is consistent with that of the av_image_() API, and
simplifies understanding and copy operations, it also preserves
alignment information which was lost with the previous layout.
This breaks API/ABI, but since the function was never referenced in
the code (and it isn't unlikely already used by someone) then this
should not be a problem.
Mans Rullgard
Thierry Foucu
Reimar Döffinger
Michael Niedermayer
Nicolas George
Laurent Aimar
Anton Khirnov
Sean McGovern
Oskar Arvidsson
Ronald S. Bultje
Reinhard Tartler
Martin Matuska
Clément Bœsch
Stefano Sabatini
Uoti Urpala
Martin Storsjö
Diego Biurrun