From 62bba2b5bfc6e4babfbf9f1006fd41b5387d9d11 Mon Sep 17 00:00:00 2001
From: King_DuckZ <king_duckz@gmx.com>
Date: Mon, 15 Mar 2021 14:26:22 +0100
Subject: [PATCH] libbpg-0.9.8

---
 ChangeLog                           |  5 +++++
 VERSION                             |  2 +-
 bpgenc.c                            | 10 +++++++++-
 libbpg.c                            |  2 +-
 x265/source/common/param.cpp        |  2 +-
 x265/source/encoder/ratecontrol.cpp |  2 +-
 6 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index aba73ee..b18af85 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+version 0.9.8:
+
+- x265 library compilation fixes
+- buffer overflow fixes
+
 version 0.9.7:
 
 - Increased the memory size of the JS decoder to 32 MiB and avoid
diff --git a/VERSION b/VERSION
index c81aa44..e3e1807 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-0.9.7
+0.9.8
diff --git a/bpgenc.c b/bpgenc.c
index b75f30f..f39685f 100644
--- a/bpgenc.c
+++ b/bpgenc.c
@@ -688,6 +688,14 @@ Image *image_alloc(int w, int h, BPGImageFormatEnum format, int has_alpha,
 {
     Image *img;
     int i, linesize, w1, h1, c_count;
+    uint64_t size;
+
+    /* XXX: support large images ? */
+    size = (uint64_t)w * (uint64_t)h * 2;
+    if (size > INT32_MAX) {
+        fprintf(stderr, "Image is too large\n");
+        exit(1);
+    }
 
     img = malloc(sizeof(Image));
     memset(img, 0, sizeof(*img));
@@ -1088,7 +1096,7 @@ Image *read_png(BPGMetaData **pmd,
 
 static BPGMetaData *jpeg_get_metadata(jpeg_saved_marker_ptr first_marker)
 {
-    static const char app1_exif[] = "Exif";
+    static const char app1_exif[] = "Exif\0";
     static const char app1_xmp[] = "http://ns.adobe.com/xap/1.0/";
     static const char app2_iccp[] = "ICC_PROFILE";
     jpeg_saved_marker_ptr marker;
diff --git a/libbpg.c b/libbpg.c
index 82ba273..19bf201 100644
--- a/libbpg.c
+++ b/libbpg.c
@@ -232,7 +232,7 @@ static int build_msps(uint8_t **pbuf, int *pbuf_len,
     input_data += len;
     input_data_len -= len;
     
-    buf_len = 4 + 2 + msps_len * 2 + 4 + (input_data_len - len);
+    buf_len = 4 + 2 + msps_len * 2;
     buf = av_malloc(buf_len);
 
     idx = 0;
diff --git a/x265/source/common/param.cpp b/x265/source/common/param.cpp
index 009a2c6..afd3ff0 100644
--- a/x265/source/common/param.cpp
+++ b/x265/source/common/param.cpp
@@ -1396,7 +1396,7 @@ char *x265_param2string(x265_param* p)
         return NULL;
 
 #define BOOL(param, cliopt) \
-    s += sprintf(s, " %s", (param) ? cliopt : "no-"cliopt);
+    s += sprintf(s, " %s", (param) ? cliopt : "no-" cliopt);
 
     s += sprintf(s, "%dx%d", p->sourceWidth,p->sourceHeight);
     s += sprintf(s, " fps=%u/%u", p->fpsNum, p->fpsDenom);
diff --git a/x265/source/encoder/ratecontrol.cpp b/x265/source/encoder/ratecontrol.cpp
index 0dce0a0..0f52dae 100644
--- a/x265/source/encoder/ratecontrol.cpp
+++ b/x265/source/encoder/ratecontrol.cpp
@@ -49,7 +49,7 @@ namespace {
 {\
     bErr = 0;\
     p = strstr(opts, opt "=");\
-    char* q = strstr(opts, "no-"opt);\
+    char* q = strstr(opts, "no-" opt);\
     if (p && sscanf(p, opt "=%d" , &i) && param_val != i)\
         bErr = 1;\
     else if (!param_val && !q && !p)\