Commit a9cfbf6d authored by Michael Niedermayer's avatar Michael Niedermayer

Merge remote-tracking branch 'qatar/master'

* qatar/master:
  id3v2: fix reading unsynchronized frames.
  cdgraphics: fix incorrect vertical offset mask in cdg_scroll()
  apetag: fix error handling in ff_ape_parse_tag()

Conflicts:
	libavformat/id3v2.c
Merged-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
parents c8a5365d 9ae80e6a
...@@ -218,7 +218,7 @@ static void cdg_scroll(CDGraphicsContext *cc, uint8_t *data, ...@@ -218,7 +218,7 @@ static void cdg_scroll(CDGraphicsContext *cc, uint8_t *data,
vscmd = (data[2] & 0x30) >> 4; vscmd = (data[2] & 0x30) >> 4;
h_off = FFMIN(data[1] & 0x07, CDG_BORDER_WIDTH - 1); h_off = FFMIN(data[1] & 0x07, CDG_BORDER_WIDTH - 1);
v_off = FFMIN(data[2] & 0x07, CDG_BORDER_HEIGHT - 1); v_off = FFMIN(data[2] & 0x0F, CDG_BORDER_HEIGHT - 1);
/// find the difference and save the offset for cdg_tile_block usage /// find the difference and save the offset for cdg_tile_block usage
hinc = h_off - cc->hscroll; hinc = h_off - cc->hscroll;
......
...@@ -142,11 +142,11 @@ int64_t ff_ape_parse_tag(AVFormatContext *s) ...@@ -142,11 +142,11 @@ int64_t ff_ape_parse_tag(AVFormatContext *s)
return 0; return 0;
} }
tag_start = file_size - tag_bytes - APE_TAG_FOOTER_BYTES; if (tag_bytes > file_size - APE_TAG_FOOTER_BYTES) {
if (tag_start < 0) {
av_log(s, AV_LOG_ERROR, "Invalid tag size %u.\n", tag_bytes); av_log(s, AV_LOG_ERROR, "Invalid tag size %u.\n", tag_bytes);
return 0; return 0;
} }
tag_start = file_size - tag_bytes - APE_TAG_FOOTER_BYTES;
fields = avio_rl32(pb); /* number of fields */ fields = avio_rl32(pb); /* number of fields */
if (fields > 65536) { if (fields > 65536) {
......
...@@ -689,13 +689,15 @@ static void ff_id3v2_parse(AVFormatContext *s, int len, uint8_t version, uint8_t ...@@ -689,13 +689,15 @@ static void ff_id3v2_parse(AVFormatContext *s, int len, uint8_t version, uint8_t
/* check for text tag or supported special meta tag */ /* check for text tag or supported special meta tag */
} else if (tag[0] == 'T' || (extra_meta && (extra_func = get_extra_meta_func(tag, isv34)))) { } else if (tag[0] == 'T' || (extra_meta && (extra_func = get_extra_meta_func(tag, isv34)))) {
if (unsync || tunsync || tcomp) { if (unsync || tunsync || tcomp) {
int i, j; int64_t end = avio_tell(s->pb) + tlen;
uint8_t *b;
av_fast_malloc(&buffer, &buffer_size, dlen); av_fast_malloc(&buffer, &buffer_size, dlen);
if (!buffer) { if (!buffer) {
av_log(s, AV_LOG_ERROR, "Failed to alloc %ld bytes\n", dlen); av_log(s, AV_LOG_ERROR, "Failed to alloc %ld bytes\n", dlen);
goto seek; goto seek;
} }
b = buffer;
#if CONFIG_ZLIB #if CONFIG_ZLIB
if (tcomp) { if (tcomp) {
int n, err; int n, err;
...@@ -719,19 +721,24 @@ static void ff_id3v2_parse(AVFormatContext *s, int len, uint8_t version, uint8_t ...@@ -719,19 +721,24 @@ static void ff_id3v2_parse(AVFormatContext *s, int len, uint8_t version, uint8_t
av_log(s, AV_LOG_ERROR, "Failed to uncompress tag: %d\n", err); av_log(s, AV_LOG_ERROR, "Failed to uncompress tag: %d\n", err);
goto seek; goto seek;
} }
b += dlen;
} }
#endif #endif
if (unsync || tunsync) {
for (i = 0, j = 0; i < dlen; i++, j++) { if (tcomp) {
if (!tcomp) av_log_ask_for_sample(s, "tcomp with unsync\n");
buffer[j] = avio_r8(s->pb); goto seek;
if (j > 0 && !buffer[j] && buffer[j - 1] == 0xff) { }
/* Unsynchronised byte, skip it */ while (avio_tell(s->pb) < end) {
j--; *b++ = avio_r8(s->pb);
if (*(b - 1) == 0xff && avio_tell(s->pb) < end - 1) {
uint8_t val = avio_r8(s->pb);
*b++ = val ? val : avio_r8(s->pb);
}
} }
} }
ffio_init_context(&pb, buffer, j, 0, NULL, NULL, NULL, NULL); ffio_init_context(&pb, buffer, b - buffer, 0, NULL, NULL, NULL, NULL);
tlen = j; tlen = b - buffer;
pbx = &pb; // read from sync buffer pbx = &pb; // read from sync buffer
} else { } else {
pbx = s->pb; // read straight from input pbx = s->pb; // read straight from input
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment