| Index: source/patched-ffmpeg-mt/libavformat/matroskadec.c
|
| ===================================================================
|
| --- source/patched-ffmpeg-mt/libavformat/matroskadec.c (revision 59334)
|
| +++ source/patched-ffmpeg-mt/libavformat/matroskadec.c (working copy)
|
| @@ -542,8 +542,8 @@
|
| static int ebml_read_num(MatroskaDemuxContext *matroska, ByteIOContext *pb,
|
| int max_size, uint64_t *number)
|
| {
|
| - int len_mask = 0x80, read = 1, n = 1;
|
| - int64_t total = 0;
|
| + int read = 1, n = 1;
|
| + uint64_t total = 0;
|
|
|
| /* The first byte tells us the length in bytes - get_byte() can normally
|
| * return 0, but since that's not a valid first ebmlID byte, we can
|
| @@ -560,10 +560,7 @@
|
| }
|
|
|
| /* get the length of the EBML number */
|
| - while (read <= max_size && !(total & len_mask)) {
|
| - read++;
|
| - len_mask >>= 1;
|
| - }
|
| + read = 8 - ff_log2_tab[total];
|
| if (read > max_size) {
|
| int64_t pos = url_ftell(pb) - 1;
|
| av_log(matroska->ctx, AV_LOG_ERROR,
|
| @@ -573,7 +570,7 @@
|
| }
|
|
|
| /* read out length */
|
| - total &= ~len_mask;
|
| + total ^= 1 << ff_log2_tab[total];
|
| while (n++ < read)
|
| total = (total << 8) | get_byte(pb);
|
|
|
| @@ -582,6 +579,20 @@
|
| return read;
|
| }
|
|
|
| +/**
|
| + * Read a EBML length value.
|
| + * This needs special handling for the "unknown length" case which has multiple
|
| + * encodings.
|
| + */
|
| +static int ebml_read_length(MatroskaDemuxContext *matroska, ByteIOContext *pb,
|
| + uint64_t *number)
|
| +{
|
| + int res = ebml_read_num(matroska, pb, 8, number);
|
| + if (res > 0 && *number + 1 == 1ULL << (7 * res))
|
| + *number = 0xffffffffffffffULL;
|
| + return res;
|
| +}
|
| +
|
| /*
|
| * Read the next element as an unsigned int.
|
| * 0 is success, < 0 is failure.
|
| @@ -590,7 +601,7 @@
|
| {
|
| int n = 0;
|
|
|
| - if (size < 1 || size > 8)
|
| + if (size > 8)
|
| return AVERROR_INVALIDDATA;
|
|
|
| /* big-endian ordering; build up number */
|
| @@ -607,7 +618,9 @@
|
| */
|
| static int ebml_read_float(ByteIOContext *pb, int size, double *num)
|
| {
|
| - if (size == 4) {
|
| + if (size == 0) {
|
| + *num = 0;
|
| + } else if (size == 4) {
|
| *num= av_int2flt(get_be32(pb));
|
| } else if(size==8){
|
| *num= av_int2dbl(get_be64(pb));
|
| @@ -790,7 +803,7 @@
|
|
|
| if (syntax->type != EBML_PASS && syntax->type != EBML_STOP) {
|
| matroska->current_id = 0;
|
| - if ((res = ebml_read_num(matroska, pb, 8, &length)) < 0)
|
| + if ((res = ebml_read_length(matroska, pb, &length)) < 0)
|
| return res;
|
| }
|
|
|
| @@ -910,6 +923,9 @@
|
| int result = 0;
|
| int olen;
|
|
|
| + if (pkt_size >= 10000000)
|
| + return -1;
|
| +
|
| switch (encodings[0].compression.algo) {
|
| case MATROSKA_TRACK_ENCODING_COMP_HEADERSTRIP:
|
| return encodings[0].compression.settings.size;
|
| @@ -1752,7 +1768,7 @@
|
| int offset = 0, pkt_size = lace_size[n];
|
| uint8_t *pkt_data = data;
|
|
|
| - if (lace_size[n] > size) {
|
| + if (pkt_size > size) {
|
| av_log(matroska->ctx, AV_LOG_ERROR, "Invalid packet size\n");
|
| break;
|
| }
|
|
|
Chromium Code Reviews
Issue 3384002:
ffmpeg source update for sep 09 (Closed)
Base URL: svn://chrome-svn/chrome/trunk/deps/third_party/ffmpeg/