head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.2
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.1.0.2
	pkgsrc-2012Q4-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2013.01.16.20.55.47;	author adam;	state dead;
branches;
next	1.1;

1.1
date	2012.12.19.14.58.33;	author drochner;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Changes 1.1:
- stream disposition information printing in ffprobe
- filter for loudness analysis following EBU R128
- Opus encoder using libopus
- ffprobe -select_streams option
- Pinnacle TARGA CineWave YUV16 decoder
- TAK demuxer, decoder and parser
- DTS-HD demuxer
- remove -same_quant, it hasn't worked for years
- FFM2 support
- X-Face image encoder and decoder
- 24-bit FLAC encoding
- multi-channel ALAC encoding up to 7.1
- metadata (INFO tag) support in WAV muxer
- subtitles raw text decoder
- support for building DLLs using MSVC
- LVF demuxer
- ffescape tool
- metadata (info chunk) support in CAF muxer
- field filter ported from libmpcodecs
- AVR demuxer
- geq filter ported from libmpcodecs
- remove ffserver daemon mode
- AST muxer/demuxer
- new expansion syntax for drawtext
- BRender PIX image decoder
- ffprobe -show_entries option
- ffprobe -sections option
- ADPCM IMA Dialogic decoder
- BRSTM demuxer
- animated GIF decoder and demuxer
- PVF demuxer
- subtitles filter
- IRCAM muxer/demuxer
- Paris Audio File demuxer
- Virtual concatenation demuxer
- VobSub demuxer
- JSON captions for TED talks decoding support
- SOX Resampler support in libswresample
- aselect filter
- SGI RLE 8-bit decoder
- Silicon Graphics Motion Video Compressor 1 & 2 decoder
- Silicon Graphics Movie demuxer
- apad filter
- Resolution & pixel format change support with multithreading for H.264
- documentation split into per-component manuals
- pp (postproc) filter ported from MPlayer
- NIST Sphere demuxer
- MPL2, VPlayer, MPlayer, AQTitle, PJS and SubViewer v1 subtitles demuxers and decoders
- Sony Wave64 muxer
- adobe and limelight publisher authentication in RTMP
- data: URI scheme
- support building on the Plan 9 operating system
- kerndeint filter ported from MPlayer
- histeq filter ported from VirtualDub
- Megalux Frame demuxer
- 012v decoder
- Improved AVC Intra decoding support
@
text
@$NetBSD: patch-SA51464,v 1.1 2012/12/19 14:58:33 drochner Exp $

see https://trac.videolan.org/vlc/ticket/7860

--- libavformat/swfdec.c.orig	2012-12-03 21:17:35.000000000 +0000
+++ libavformat/swfdec.c
@@@@ -153,6 +153,10 @@@@ static int swf_read_packet(AVFormatConte
         tag = get_swf_tag(pb, &len);
         if (tag < 0)
             return tag;
+        if (len < 0) {
+            av_log(s, AV_LOG_ERROR, "invalid tag length: %d\n", len);
+            return AVERROR_INVALIDDATA;
+        }
         if (tag == TAG_VIDEOSTREAM) {
             int ch_id = avio_rl16(pb);
             len -= 2;
@@@@ -208,7 +212,10 @@@@ static int swf_read_packet(AVFormatConte
                 st = s->streams[i];
                 if (st->codec->codec_type == AVMEDIA_TYPE_VIDEO && st->id == ch_id) {
                     frame = avio_rl16(pb);
-                    if ((res = av_get_packet(pb, pkt, len-2)) < 0)
+                    len -= 2;
+                    if (len <= 0)
+                        goto skip;
+                    if ((res = av_get_packet(pb, pkt, len)) < 0)
                         return res;
                     pkt->pos = pos;
                     pkt->pts = frame;
@@@@ -220,17 +227,22 @@@@ static int swf_read_packet(AVFormatConte
             for (i = 0; i < s->nb_streams; i++) {
                 st = s->streams[i];
                 if (st->codec->codec_type == AVMEDIA_TYPE_AUDIO && st->id == -1) {
-            if (st->codec->codec_id == AV_CODEC_ID_MP3) {
-                avio_skip(pb, 4);
-                if ((res = av_get_packet(pb, pkt, len-4)) < 0)
-                    return res;
-            } else { // ADPCM, PCM
-                if ((res = av_get_packet(pb, pkt, len)) < 0)
-                    return res;
-            }
-            pkt->pos = pos;
-            pkt->stream_index = st->index;
-            return pkt->size;
+                    if (st->codec->codec_id == AV_CODEC_ID_MP3) {
+                        avio_skip(pb, 4);
+                        len -= 4;
+                        if (len <= 0)
+                            goto skip;
+                        if ((res = av_get_packet(pb, pkt, len)) < 0)
+                            return res;
+                    } else { // ADPCM, PCM
+                        if (len <= 0)
+                            goto skip;
+                        if ((res = av_get_packet(pb, pkt, len)) < 0)
+                            return res;
+                    }
+                    pkt->pos          = pos;
+                    pkt->stream_index = st->index;
+                    return pkt->size;
                 }
             }
         } else if (tag == TAG_JPEG2) {
@@@@ -250,7 +262,10 @@@@ static int swf_read_packet(AVFormatConte
                 st = vst;
             }
             avio_rl16(pb); /* BITMAP_ID */
-            if ((res = av_new_packet(pkt, len-2)) < 0)
+            len -= 2;
+            if (len < 4)
+                goto skip;
+            if ((res = av_new_packet(pkt, len)) < 0)
                 return res;
             avio_read(pb, pkt->data, 4);
             if (AV_RB32(pkt->data) == 0xffd8ffd9 ||
@@@@ -267,6 +282,9 @@@@ static int swf_read_packet(AVFormatConte
             return pkt->size;
         }
     skip:
+        if(len<0)
+            av_log(s, AV_LOG_WARNING, "Cliping len %d\n", len);
+        len = FFMAX(0, len);
         avio_skip(pb, len);
     }
 }
@


1.1
log
@add patch from upstream to fix possible memory allocation problems
in the SWF demuxer, fixes SA51464 originally (wrongly) rteported
against vlc
bump PKGREV
@
text
@d1 1
a1 1
$NetBSD$
@