From 35a7b73590c49e92a252ca81a9f1d3e844553f4e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 28 Oct 2013 01:14:54 +0100 Subject: [PATCH 001/562] update for 2.1 Signed-off-by: Michael Niedermayer --- RELEASE | 2 +- VERSION | 1 + doc/Doxyfile | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) create mode 100644 VERSION diff --git a/RELEASE b/RELEASE index cd5ac039d6..879b416e60 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -2.0 +2.1 diff --git a/VERSION b/VERSION new file mode 100644 index 0000000000..879b416e60 --- /dev/null +++ b/VERSION @@ -0,0 +1 @@ +2.1 diff --git a/doc/Doxyfile b/doc/Doxyfile index 6488aadd35..ad40d2b1f1 100644 --- a/doc/Doxyfile +++ b/doc/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = +PROJECT_NUMBER = 2.1 # With the PROJECT_LOGO tag one can specify a logo or icon that is included # in the documentation. The maximum height of the logo should not exceed 55 From 1cd5797f8ec814a4ef8945a455837bcee0e29a62 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 30 Oct 2013 23:56:52 +0100 Subject: [PATCH 002/562] avcodec/bink: fix seeking to frame 0 Fixes Ticket3088 Signed-off-by: Michael Niedermayer (cherry picked from commit cb52d6da0a9c88c584a38a9a7a94825565854b7e) --- libavcodec/bink.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/libavcodec/bink.c b/libavcodec/bink.c index 8878694777..8f8a036d4f 100644 --- a/libavcodec/bink.c +++ b/libavcodec/bink.c @@ -120,6 +120,7 @@ typedef struct BinkContext { int version; ///< internal Bink file version int has_alpha; int swap_planes; + unsigned frame_num; Bundle bundle[BINKB_NB_SRC]; ///< bundles for decoding all data types Tree col_high[16]; ///< trees for decoding high nibble in "colours" data type @@ -1206,6 +1207,8 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame, AVPac if (c->version >= 'i') skip_bits_long(&gb, 32); + c->frame_num++; + for (plane = 0; plane < 3; plane++) { plane_idx = (!plane || !c->swap_planes) ? plane : (plane ^ 3); @@ -1214,7 +1217,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame, AVPac return ret; } else { if ((ret = binkb_decode_plane(c, frame, &gb, plane_idx, - !avctx->frame_number, !!plane)) < 0) + c->frame_num == 1, !!plane)) < 0) return ret; } if (get_bits_count(&gb) >= bits_count) @@ -1332,6 +1335,13 @@ static av_cold int decode_end(AVCodecContext *avctx) return 0; } +static void flush(AVCodecContext *avctx) +{ + BinkContext * const c = avctx->priv_data; + + c->frame_num = 0; +} + AVCodec ff_bink_decoder = { .name = "binkvideo", .long_name = NULL_IF_CONFIG_SMALL("Bink video"), @@ -1341,5 +1351,6 @@ AVCodec ff_bink_decoder = { .init = decode_init, .close = decode_end, .decode = decode_frame, + .flush = flush, .capabilities = CODEC_CAP_DR1, }; From d8be5bda1b96e9cf3e14f7940105c954543ca905 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 31 Oct 2013 01:42:13 +0100 Subject: [PATCH 003/562] avformat/http: fix cookies Fixes Ticket3096 Signed-off-by: Michael Niedermayer (cherry picked from commit b73900b8a6c0a23e63e84a5eed0a5b9b3ffe1198) --- libavformat/http.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/http.c b/libavformat/http.c index c5b5c53814..9be1181f30 100644 --- a/libavformat/http.c +++ b/libavformat/http.c @@ -95,7 +95,7 @@ static const AVOption options[] = { {"multiple_requests", "use persistent connections", OFFSET(multiple_requests), AV_OPT_TYPE_INT, {.i64 = 0}, 0, 1, D|E }, {"post_data", "set custom HTTP post data", OFFSET(post_data), AV_OPT_TYPE_BINARY, .flags = D|E }, {"mime_type", "set MIME type", OFFSET(mime_type), AV_OPT_TYPE_STRING, {0}, 0, 0, 0 }, -{"cookies", "set cookies to be sent in applicable future requests, use newline delimited Set-Cookie HTTP field value syntax", OFFSET(cookies), AV_OPT_TYPE_STRING, {0}, 0, 0, 0 }, +{"cookies", "set cookies to be sent in applicable future requests, use newline delimited Set-Cookie HTTP field value syntax", OFFSET(cookies), AV_OPT_TYPE_STRING, {0}, 0, 0, D }, {"icy", "request ICY metadata", OFFSET(icy), AV_OPT_TYPE_INT, {.i64 = 0}, 0, 1, D }, {"icy_metadata_headers", "return ICY metadata headers", OFFSET(icy_metadata_headers), AV_OPT_TYPE_STRING, {0}, 0, 0, 0 }, {"icy_metadata_packet", "return current ICY metadata packet", OFFSET(icy_metadata_packet), AV_OPT_TYPE_STRING, {0}, 0, 0, 0 }, From b56e9beeb83898a8531d2e3f2105a9b65c94cf21 Mon Sep 17 00:00:00 2001 From: Anssi Hannula Date: Tue, 29 Oct 2013 22:25:27 +0200 Subject: [PATCH 004/562] lavf/spdifdec: fix demuxing of AAC in IEC 61937 Return value of avpriv_aac_parse_header() is not checked correctly. Fix it. Signed-off-by: Anssi Hannula Signed-off-by: Michael Niedermayer (cherry picked from commit f86387b6c2b11650cb9d5a8fd886be76e48c665b) Signed-off-by: Michael Niedermayer --- libavformat/spdifdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/spdifdec.c b/libavformat/spdifdec.c index 69843503b0..7da16c95ba 100644 --- a/libavformat/spdifdec.c +++ b/libavformat/spdifdec.c @@ -57,7 +57,7 @@ static int spdif_get_offset_and_codec(AVFormatContext *s, break; case IEC61937_MPEG2_AAC: init_get_bits(&gbc, buf, AAC_ADTS_HEADER_SIZE * 8); - if (avpriv_aac_parse_header(&gbc, &aac_hdr)) { + if (avpriv_aac_parse_header(&gbc, &aac_hdr) < 0) { if (s) /* be silent during a probe */ av_log(s, AV_LOG_ERROR, "Invalid AAC packet in IEC 61937\n"); return AVERROR_INVALIDDATA; From 5c1e9d3722db553c2bc08c9fd878b4be153566c4 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 30 Oct 2013 23:27:28 +0100 Subject: [PATCH 005/562] avcodec/jpeglsdec: check err value for ls_get_code_runterm() Fixes infinite loop Fixes Ticket3086 Signed-off-by: Michael Niedermayer (cherry picked from commit cc0e47b55096361723b364afa43b79a3f5619cdc) Signed-off-by: Michael Niedermayer --- libavcodec/jpeglsdec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/jpeglsdec.c b/libavcodec/jpeglsdec.c index 0e344f54d8..1dda2073e5 100644 --- a/libavcodec/jpeglsdec.c +++ b/libavcodec/jpeglsdec.c @@ -148,6 +148,8 @@ static inline int ls_get_code_runterm(GetBitContext *gb, JLSState *state, ret = ret >> 1; } + if(FFABS(ret) > 0xFFFF) + return -0x10000; /* update state */ state->A[Q] += FFABS(ret) - RItype; ret *= state->twonear; From 807d85400c735127d0195329638d54a5d65b2b44 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 31 Oct 2013 02:19:40 +0100 Subject: [PATCH 006/562] avformat/thp: fix variable types to avoid overflows Signed-off-by: Michael Niedermayer (cherry picked from commit 2b1056e4e27b046af3777e8bd65a5145abff878f) Signed-off-by: Michael Niedermayer --- libavformat/thp.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/libavformat/thp.c b/libavformat/thp.c index 3717b8f12c..09979aca99 100644 --- a/libavformat/thp.c +++ b/libavformat/thp.c @@ -26,15 +26,15 @@ typedef struct ThpDemuxContext { int version; - int first_frame; - int first_framesz; - int last_frame; + unsigned first_frame; + unsigned first_framesz; + unsigned last_frame; int compoff; - int framecnt; + unsigned framecnt; AVRational fps; - int frame; - int next_frame; - int next_framesz; + unsigned frame; + int64_t next_frame; + unsigned next_framesz; int video_stream_index; int audio_stream_index; int compcount; From 51d1e79cc18f820281aefbbb10f3e7d8e2561d2e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 31 Oct 2013 02:26:07 +0100 Subject: [PATCH 007/562] avformat/thp: force moving forward Fixes infinite loop Fixes Ticket3098 Signed-off-by: Michael Niedermayer (cherry picked from commit 6c4b87d3d6ae08a6da16b4616626b4d2a726afbf) Signed-off-by: Michael Niedermayer --- libavformat/thp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/thp.c b/libavformat/thp.c index 09979aca99..568807d6f7 100644 --- a/libavformat/thp.c +++ b/libavformat/thp.c @@ -158,7 +158,7 @@ static int thp_read_packet(AVFormatContext *s, avio_seek(pb, thp->next_frame, SEEK_SET); /* Locate the next frame and read out its size. */ - thp->next_frame += thp->next_framesz; + thp->next_frame += FFMAX(thp->next_framesz, 1); thp->next_framesz = avio_rb32(pb); avio_rb32(pb); /* Previous total size. */ From e40d01f45dfd34e8294a39b16a5c4f5d73a81fb6 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 31 Oct 2013 10:54:46 +0100 Subject: [PATCH 008/562] avcodec/cabac: support UNCHECKED_BITSTREAM_READER = 0 Fixes overreads in HEVC Fixes Ticket3070 Also fixed remaining issues from Ticket3075 and Ticket3076 Some lines of code taken from 0c5f839693da2276c2da23400f67a67be4ea0af1:libavcodec/x86/cabac.h and 0c5f839693da2276c2da23400f67a67be4ea0af1:libavcodec/cabac_functions.h Signed-off-by: Michael Niedermayer (cherry picked from commit fa6fa2162b730336fc1d6ee0d547dcc81f4afbad) Signed-off-by: Michael Niedermayer --- libavcodec/cabac_functions.h | 10 ++++++++-- libavcodec/x86/cabac.h | 23 +++++++++++++++++++++++ 2 files changed, 31 insertions(+), 2 deletions(-) diff --git a/libavcodec/cabac_functions.h b/libavcodec/cabac_functions.h index b84258bfa7..7e22064d06 100644 --- a/libavcodec/cabac_functions.h +++ b/libavcodec/cabac_functions.h @@ -49,7 +49,10 @@ static void refill(CABACContext *c){ c->low+= c->bytestream[0]<<1; #endif c->low -= CABAC_MASK; - c->bytestream += CABAC_BITS / 8; +#if !UNCHECKED_BITSTREAM_READER + if (c->bytestream < c->bytestream_end) +#endif + c->bytestream += CABAC_BITS / 8; } static inline void renorm_cabac_decoder_once(CABACContext *c){ @@ -76,7 +79,10 @@ static void refill2(CABACContext *c){ #endif c->low += x<bytestream += CABAC_BITS/8; +#if !UNCHECKED_BITSTREAM_READER + if (c->bytestream < c->bytestream_end) +#endif + c->bytestream += CABAC_BITS/8; } static av_always_inline int get_cabac_inline(CABACContext *c, uint8_t * const state){ diff --git a/libavcodec/x86/cabac.h b/libavcodec/x86/cabac.h index 7d431e5ea4..558d287032 100644 --- a/libavcodec/x86/cabac.h +++ b/libavcodec/x86/cabac.h @@ -36,6 +36,18 @@ #if HAVE_INLINE_ASM +#ifndef UNCHECKED_BITSTREAM_READER +#define UNCHECKED_BITSTREAM_READER !CONFIG_SAFE_BITSTREAM_READER +#endif + +#if UNCHECKED_BITSTREAM_READER +#define END_CHECK(end) "" +#else +#define END_CHECK(end) \ + "cmp "end" , %%"REG_c" \n\t"\ + "jge 1f \n\t" +#endif + #ifdef BROKEN_RELOCATIONS #define TABLES_ARG , "r"(tables) @@ -80,7 +92,9 @@ "test "lowword" , "lowword" \n\t"\ "jnz 2f \n\t"\ "mov "byte" , %%"REG_c" \n\t"\ + END_CHECK(end)\ "add"OPSIZE" $2 , "byte" \n\t"\ + "1: \n\t"\ "movzwl (%%"REG_c") , "tmp" \n\t"\ "lea -1("low") , %%ecx \n\t"\ "xor "low" , %%ecx \n\t"\ @@ -139,7 +153,9 @@ "test "lowword" , "lowword" \n\t"\ " jnz 2f \n\t"\ "mov "byte" , %%"REG_c" \n\t"\ + END_CHECK(end)\ "add"OPSIZE" $2 , "byte" \n\t"\ + "1: \n\t"\ "movzwl (%%"REG_c") , "tmp" \n\t"\ "lea -1("low") , %%ecx \n\t"\ "xor "low" , %%ecx \n\t"\ @@ -214,9 +230,16 @@ static av_always_inline int get_cabac_bypass_sign_x86(CABACContext *c, int val) "movzwl (%1), %%edx \n\t" "bswap %%edx \n\t" "shrl $15, %%edx \n\t" +#if UNCHECKED_BITSTREAM_READER "add $2, %1 \n\t" "addl %%edx, %%eax \n\t" "mov %1, %c4(%2) \n\t" +#else + "addl %%edx, %%eax \n\t" + "cmp %c5(%2), %1 \n\t" + "jge 1f \n\t" + "add"OPSIZE" $2, %c4(%2) \n\t" +#endif "1: \n\t" "movl %%eax, %c3(%2) \n\t" From 8c00647982590115b9dedb9cc42bec70c0531782 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 3 Nov 2013 21:26:40 +0100 Subject: [PATCH 009/562] avformat/utils: never decrease has_b_frames in compute_pkt_fields() The intent of the original check was to increase has_b_frames when it was incorrectly set to 0. Later codecs allowed larger values Found-by: divVerent Signed-off-by: Michael Niedermayer (cherry picked from commit 8b73a3f6f6598cb9249034fa020ddead3c943e2f) Signed-off-by: Michael Niedermayer --- libavformat/utils.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index 265813693a..04984a1187 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -1039,7 +1039,8 @@ static void compute_pkt_fields(AVFormatContext *s, AVStream *st, if((s->flags & AVFMT_FLAG_IGNDTS) && pkt->pts != AV_NOPTS_VALUE) pkt->dts= AV_NOPTS_VALUE; - if (st->codec->codec_id != AV_CODEC_ID_H264 && pc && pc->pict_type == AV_PICTURE_TYPE_B) + if (pc && pc->pict_type == AV_PICTURE_TYPE_B + && !st->codec->has_b_frames) //FIXME Set low_delay = 0 when has_b_frames = 1 st->codec->has_b_frames = 1; From f16751175324ea31e25fa30851ed915548516beb Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 3 Nov 2013 22:11:11 +0100 Subject: [PATCH 010/562] avcodec/ffv1enc: Check high bpp RGB against coder type too Signed-off-by: Michael Niedermayer --- libavcodec/ffv1enc.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/ffv1enc.c b/libavcodec/ffv1enc.c index 59d2869dc1..885e005e9e 100644 --- a/libavcodec/ffv1enc.c +++ b/libavcodec/ffv1enc.c @@ -771,6 +771,10 @@ static av_cold int encode_init(AVCodecContext *avctx) s->colorspace = 1; s->chroma_planes = 1; s->version = FFMAX(s->version, 1); + if (!s->ac) { + av_log(avctx, AV_LOG_ERROR, "bits_per_raw_sample of more than 8 needs -coder 1 currently\n"); + return AVERROR(ENOSYS); + } break; default: av_log(avctx, AV_LOG_ERROR, "format not supported\n"); From 1497633924c3f611e4bee7bb8ea5557189b764f4 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 14 Nov 2013 11:27:45 +0100 Subject: [PATCH 011/562] h264: Do not treat the initial frame special in handling of frame gaps The not handling of frame gaps has lead to the lack of a dummy reference frame, which has lead to the failure of decode_slice_header() which has lead to one SEI recovery message being skiped which had introduced a slightly suboptimal recovery point for at least 1 h264 file compared to JM. Found-by: Carl & BugMaster Signed-off-by: Michael Niedermayer (cherry picked from commit 9e5ef1c5c37208326c59d642e2dc7afd3f10b09b) Signed-off-by: Michael Niedermayer --- libavcodec/h264.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 1be723a6d0..f044a58a97 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -3595,7 +3595,7 @@ static int decode_slice_header(H264Context *h, H264Context *h0) } else { /* Shorten frame num gaps so we don't have to allocate reference * frames just to throw them away */ - if (h->frame_num != h->prev_frame_num && h->prev_frame_num >= 0) { + if (h->frame_num != h->prev_frame_num) { int unwrap_prev_frame_num = h->prev_frame_num; int max_frame_num = 1 << h->sps.log2_max_frame_num; @@ -3668,7 +3668,7 @@ static int decode_slice_header(H264Context *h, H264Context *h0) } } - while (h->frame_num != h->prev_frame_num && h->prev_frame_num >= 0 && !h0->first_field && + while (h->frame_num != h->prev_frame_num && !h0->first_field && h->frame_num != (h->prev_frame_num + 1) % (1 << h->sps.log2_max_frame_num)) { Picture *prev = h->short_ref_count ? h->short_ref[0] : NULL; av_log(h->avctx, AV_LOG_DEBUG, "Frame num gap %d %d\n", From bc89c2902bdd543ae1b8efdf7107d8485b71bf00 Mon Sep 17 00:00:00 2001 From: Kostya Shishkov Date: Wed, 13 Nov 2013 18:44:26 +0100 Subject: [PATCH 012/562] mpegvideo: Fix swapping of UV planes for VCR2 Signed-off-by: Michael Niedermayer (cherry picked from commit bae14f38d992f326c94d93f01197ccd84ea62053) Signed-off-by: Michael Niedermayer --- libavcodec/mpegvideo.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/libavcodec/mpegvideo.c b/libavcodec/mpegvideo.c index 32d6fa71f8..84e32b4d66 100644 --- a/libavcodec/mpegvideo.c +++ b/libavcodec/mpegvideo.c @@ -537,6 +537,15 @@ fail: return ret; } +static void exchange_uv(MpegEncContext *s) +{ + int16_t (*tmp)[64]; + + tmp = s->pblocks[4]; + s->pblocks[4] = s->pblocks[5]; + s->pblocks[5] = tmp; +} + static int init_duplicate_context(MpegEncContext *s) { int y_size = s->b8_stride * (2 * s->mb_height + 1); @@ -567,6 +576,8 @@ static int init_duplicate_context(MpegEncContext *s) for (i = 0; i < 12; i++) { s->pblocks[i] = &s->block[i]; } + if (s->avctx->codec_tag == AV_RL32("VCR2")) + exchange_uv(s); if (s->out_format == FMT_H263) { /* ac values */ @@ -641,6 +652,8 @@ int ff_update_duplicate_context(MpegEncContext *dst, MpegEncContext *src) for (i = 0; i < 12; i++) { dst->pblocks[i] = &dst->block[i]; } + if (dst->avctx->codec_tag == AV_RL32("VCR2")) + exchange_uv(dst); if (!dst->edge_emu_buffer && (ret = ff_mpv_frame_size_alloc(dst, dst->linesize)) < 0) { av_log(dst->avctx, AV_LOG_ERROR, "failed to allocate context " From 425517eecbb0dd708434d409ed43b5b078719bfd Mon Sep 17 00:00:00 2001 From: Diego Biurrun Date: Wed, 13 Nov 2013 18:44:25 +0100 Subject: [PATCH 013/562] mpeg12dec: Remove incomplete and wrong UV swapping code for VCR2 Signed-off-by: Michael Niedermayer (cherry picked from commit 321514042534a2501a9f6223b88f0d2b8060f858) Signed-off-by: Michael Niedermayer --- libavcodec/mpeg12dec.c | 1 - 1 file changed, 1 deletion(-) diff --git a/libavcodec/mpeg12dec.c b/libavcodec/mpeg12dec.c index 82b503d717..31a986199e 100644 --- a/libavcodec/mpeg12dec.c +++ b/libavcodec/mpeg12dec.c @@ -2070,7 +2070,6 @@ static int vcr2_init_sequence(AVCodecContext *avctx) if (s->codec_tag == AV_RL32("BW10")) { s->codec_id = s->avctx->codec_id = AV_CODEC_ID_MPEG1VIDEO; } else { - exchange_uv(s); // common init reset pblocks, so we swap them here s->swap_uv = 1; // in case of xvmc we need to swap uv for each MB s->codec_id = s->avctx->codec_id = AV_CODEC_ID_MPEG2VIDEO; } From 4b846f0ccf8094b4b14e8e3b8a06955ff48eca15 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 14 Nov 2013 01:21:20 +0100 Subject: [PATCH 014/562] ffmpeg: Do not fill gap before the first decodable frame on single stream input files unless the user explicitly requests it. Fixes different behavior to JM and probably several if not all reference decoders. We cannot just do this unconditionally as it would ruin AV sync in some use cases. Bug-Found-by: BugMaster Signed-off-by: Michael Niedermayer (cherry picked from commit d7ebeba80c609e160a171168b3434c342a652237) Conflicts: ffmpeg.c --- ffmpeg.c | 17 +++++++++++++++-- ffmpeg.h | 2 ++ ffmpeg_opt.c | 1 + 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/ffmpeg.c b/ffmpeg.c index 001e5c15da..6629a5f029 100644 --- a/ffmpeg.c +++ b/ffmpeg.c @@ -817,10 +817,23 @@ static void do_video_out(AVFormatContext *s, nb_frames = 1; format_video_sync = video_sync_method; - if (format_video_sync == VSYNC_AUTO) + if (format_video_sync == VSYNC_AUTO) { format_video_sync = (s->oformat->flags & AVFMT_VARIABLE_FPS) ? ((s->oformat->flags & AVFMT_NOTIMESTAMPS) ? VSYNC_PASSTHROUGH : VSYNC_VFR) : VSYNC_CFR; + if ( ist + && format_video_sync == VSYNC_CFR + && input_files[ist->file_index]->ctx->nb_streams == 1 + && input_files[ist->file_index]->input_ts_offset == 0) { + format_video_sync = VSYNC_VSCFR; + } + } switch (format_video_sync) { + case VSYNC_VSCFR: + if (ost->frame_number == 0 && delta - duration >= 0.5) { + av_log(NULL, AV_LOG_DEBUG, "Not duplicating %d initial frames\n", (int)lrintf(delta - duration)); + delta = duration; + ost->sync_opts = lrint(sync_ipts); + } case VSYNC_CFR: // FIXME set to 0.5 after we fix some dts/pts bugs like in avidec.c if (delta < -1.1) @@ -2357,7 +2370,7 @@ static int transcode_init(void) if (ost->filter && !(codec->time_base.num && codec->time_base.den)) codec->time_base = ost->filter->filter->inputs[0]->time_base; if ( av_q2d(codec->time_base) < 0.001 && video_sync_method != VSYNC_PASSTHROUGH - && (video_sync_method == VSYNC_CFR || (video_sync_method == VSYNC_AUTO && !(oc->oformat->flags & AVFMT_VARIABLE_FPS)))){ + && (video_sync_method == VSYNC_CFR || video_sync_method == VSYNC_VSCFR || (video_sync_method == VSYNC_AUTO && !(oc->oformat->flags & AVFMT_VARIABLE_FPS)))){ av_log(oc, AV_LOG_WARNING, "Frame rate very high for a muxer not efficiently supporting it.\n" "Please consider specifying a lower framerate, a different muxer or -vsync 2\n"); } diff --git a/ffmpeg.h b/ffmpeg.h index 054e71814d..1471739107 100644 --- a/ffmpeg.h +++ b/ffmpeg.h @@ -51,6 +51,7 @@ #define VSYNC_PASSTHROUGH 0 #define VSYNC_CFR 1 #define VSYNC_VFR 2 +#define VSYNC_VSCFR 0xfe #define VSYNC_DROP 0xff #define MAX_STREAMS 1024 /* arbitrary sanity check value */ @@ -281,6 +282,7 @@ typedef struct InputFile { int eof_reached; /* true if eof reached */ int eagain; /* true if last read attempt returned EAGAIN */ int ist_index; /* index of first stream in input_streams */ + int64_t input_ts_offset; int64_t ts_offset; int64_t last_ts; int64_t start_time; /* user-specified start time in AV_TIME_BASE or AV_NOPTS_VALUE */ diff --git a/ffmpeg_opt.c b/ffmpeg_opt.c index c9283d69fa..d154807bdf 100644 --- a/ffmpeg_opt.c +++ b/ffmpeg_opt.c @@ -852,6 +852,7 @@ static int open_input_file(OptionsContext *o, const char *filename) f->ist_index = nb_input_streams - ic->nb_streams; f->start_time = o->start_time; f->recording_time = o->recording_time; + f->input_ts_offset = o->input_ts_offset; f->ts_offset = o->input_ts_offset - (copy_ts ? 0 : timestamp); f->nb_streams = ic->nb_streams; f->rate_emu = o->rate_emu; From d89e14bf54c886441eb919d2588ccc2ce6050706 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 15 Nov 2013 22:35:46 +0100 Subject: [PATCH 015/562] avutil: rename lls to lls2 Signed-off-by: Michael Niedermayer (cherry picked from commit bbe66ef912470007f7cc424badde2ccec500b36b) Signed-off-by: Michael Niedermayer --- libavcodec/lpc.c | 2 +- libavutil/Makefile | 4 ++-- libavutil/{lls.c => lls2.c} | 2 +- libavutil/{lls.h => lls2.h} | 0 libavutil/x86/lls_init.c | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) rename libavutil/{lls.c => lls2.c} (99%) rename libavutil/{lls.h => lls2.h} (100%) diff --git a/libavcodec/lpc.c b/libavcodec/lpc.c index 1d52edf744..198903028b 100644 --- a/libavcodec/lpc.c +++ b/libavcodec/lpc.c @@ -20,7 +20,7 @@ */ #include "libavutil/common.h" -#include "libavutil/lls.h" +#include "libavutil/lls2.h" #define LPC_USE_DOUBLE #include "lpc.h" diff --git a/libavutil/Makefile b/libavutil/Makefile index 7b3b439e70..5d428935bc 100644 --- a/libavutil/Makefile +++ b/libavutil/Makefile @@ -90,7 +90,7 @@ OBJS = adler32.o \ intfloat_readwrite.o \ intmath.o \ lfg.o \ - lls.o \ + lls2.o \ log.o \ log2_tab.o \ mathematics.o \ @@ -143,7 +143,7 @@ TESTPROGS = adler32 \ fifo \ hmac \ lfg \ - lls \ + lls2 \ md5 \ murmur3 \ opt \ diff --git a/libavutil/lls.c b/libavutil/lls2.c similarity index 99% rename from libavutil/lls.c rename to libavutil/lls2.c index abed8efaff..f381ebc3ff 100644 --- a/libavutil/lls.c +++ b/libavutil/lls2.c @@ -30,7 +30,7 @@ #include "attributes.h" #include "version.h" -#include "lls.h" +#include "lls2.h" static void update_lls(LLSModel *m, double *var) { diff --git a/libavutil/lls.h b/libavutil/lls2.h similarity index 100% rename from libavutil/lls.h rename to libavutil/lls2.h diff --git a/libavutil/x86/lls_init.c b/libavutil/x86/lls_init.c index 181ca38dae..b2424b3645 100644 --- a/libavutil/x86/lls_init.c +++ b/libavutil/x86/lls_init.c @@ -20,7 +20,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ -#include "libavutil/lls.h" +#include "libavutil/lls2.h" #include "libavutil/x86/cpu.h" void ff_update_lls_sse2(LLSModel *m, double *var); From b276b913a175f0c5b737e1e1067ddd3f8fcfdb2a Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 16 Nov 2013 16:42:57 +0100 Subject: [PATCH 016/562] rename new lls code to lls2 to avoid conflict with the old which has a different ABI also remove failed attempt at a compatibility layer, the code simply cannot work Signed-off-by: Michael Niedermayer (cherry picked from commit c3814ab654a993723b0e5f14cc252d68f233ad79) Conflicts: libavcodec/version.h --- libavcodec/lpc.c | 6 +++--- libavcodec/version.h | 2 +- libavutil/lls2.c | 35 ++++++++--------------------------- libavutil/lls2.h | 23 ++++++++--------------- libavutil/x86/lls.asm | 8 ++++---- libavutil/x86/lls_init.c | 8 ++++---- 6 files changed, 28 insertions(+), 54 deletions(-) diff --git a/libavcodec/lpc.c b/libavcodec/lpc.c index 198903028b..a6f23775a5 100644 --- a/libavcodec/lpc.c +++ b/libavcodec/lpc.c @@ -208,7 +208,7 @@ int ff_lpc_calc_coefs(LPCContext *s, } if (lpc_type == FF_LPC_TYPE_CHOLESKY) { - LLSModel m[2]; + LLSModel2 m[2]; LOCAL_ALIGNED(32, double, var, [FFALIGN(MAX_LPC_ORDER+1,4)]); double av_uninit(weight); memset(var, 0, FFALIGN(MAX_LPC_ORDER+1,4)*sizeof(*var)); @@ -217,7 +217,7 @@ int ff_lpc_calc_coefs(LPCContext *s, m[0].coeff[max_order-1][j] = -lpc[max_order-1][j]; for(; passcovariance[1][0]; @@ -100,7 +100,7 @@ void avpriv_solve_lls(LLSModel *m, double threshold, unsigned short min_order) } } -static double evaluate_lls(LLSModel *m, double *param, int order) +static double evaluate_lls(LLSModel2 *m, double *param, int order) { int i; double out = 0; @@ -111,9 +111,9 @@ static double evaluate_lls(LLSModel *m, double *param, int order) return out; } -av_cold void avpriv_init_lls(LLSModel *m, int indep_count) +av_cold void avpriv_init_lls2(LLSModel2 *m, int indep_count) { - memset(m, 0, sizeof(LLSModel)); + memset(m, 0, sizeof(LLSModel2)); m->indep_count = indep_count; m->update_lls = update_lls; m->evaluate_lls = evaluate_lls; @@ -121,25 +121,6 @@ av_cold void avpriv_init_lls(LLSModel *m, int indep_count) ff_init_lls_x86(m); } -#if FF_API_LLS_PRIVATE -av_cold void av_init_lls(LLSModel *m, int indep_count) -{ - avpriv_init_lls(m, indep_count); -} -void av_update_lls(LLSModel *m, double *param, double decay) -{ - m->update_lls(m, param); -} -void av_solve_lls(LLSModel *m, double threshold, int min_order) -{ - avpriv_solve_lls(m, threshold, min_order); -} -double av_evaluate_lls(LLSModel *m, double *param, int order) -{ - return m->evaluate_lls(m, param, order); -} -#endif /* FF_API_LLS_PRIVATE */ - #ifdef TEST #include @@ -148,12 +129,12 @@ double av_evaluate_lls(LLSModel *m, double *param, int order) int main(void) { - LLSModel m; + LLSModel2 m; int i, order; AVLFG lfg; av_lfg_init(&lfg, 1); - avpriv_init_lls(&m, 3); + avpriv_init_lls2(&m, 3); for (i = 0; i < 100; i++) { LOCAL_ALIGNED(32, double, var, [4]); @@ -164,7 +145,7 @@ int main(void) var[2] = var[1] + av_lfg_get(&lfg) / (double) UINT_MAX - 0.5; var[3] = var[2] + av_lfg_get(&lfg) / (double) UINT_MAX - 0.5; m.update_lls(&m, var); - avpriv_solve_lls(&m, 0.001, 0); + avpriv_solve_lls2(&m, 0.001, 0); for (order = 0; order < 3; order++) { eval = m.evaluate_lls(&m, var + 1, order); printf("real:%9f order:%d pred:%9f var:%f coeffs:%f %9f %9f\n", diff --git a/libavutil/lls2.h b/libavutil/lls2.h index c62d78a230..35815d2704 100644 --- a/libavutil/lls2.h +++ b/libavutil/lls2.h @@ -30,12 +30,12 @@ #define MAX_VARS 32 #define MAX_VARS_ALIGN FFALIGN(MAX_VARS+1,4) -//FIXME avoid direct access to LLSModel from outside +//FIXME avoid direct access to LLSModel2 from outside /** * Linear least squares model. */ -typedef struct LLSModel { +typedef struct LLSModel2 { DECLARE_ALIGNED(32, double, covariance[MAX_VARS_ALIGN][MAX_VARS_ALIGN]); DECLARE_ALIGNED(32, double, coeff[MAX_VARS][MAX_VARS]); double variance[MAX_VARS]; @@ -47,25 +47,18 @@ typedef struct LLSModel { * 32-byte aligned, and any padding elements must be initialized * (i.e not denormal/nan). */ - void (*update_lls)(struct LLSModel *m, double *var); + void (*update_lls)(struct LLSModel2 *m, double *var); /** * Inner product of var[] and the LPC coefs. * @param m this context * @param var training samples, excluding the value to be predicted. unaligned. * @param order lpc order */ - double (*evaluate_lls)(struct LLSModel *m, double *var, int order); -} LLSModel; + double (*evaluate_lls)(struct LLSModel2 *m, double *var, int order); +} LLSModel2; -void avpriv_init_lls(LLSModel *m, int indep_count); -void ff_init_lls_x86(LLSModel *m); -void avpriv_solve_lls(LLSModel *m, double threshold, unsigned short min_order); - -#if FF_API_LLS_PRIVATE -void av_init_lls(LLSModel *m, int indep_count); -void av_update_lls(LLSModel *m, double *param, double decay); -void av_solve_lls(LLSModel *m, double threshold, int min_order); -double av_evaluate_lls(LLSModel *m, double *param, int order); -#endif /* FF_API_LLS_PRIVATE */ +void avpriv_init_lls2(LLSModel2 *m, int indep_count); +void ff_init_lls_x86(LLSModel2 *m); +void avpriv_solve_lls2(LLSModel2 *m, double threshold, unsigned short min_order); #endif /* AVUTIL_LLS_H */ diff --git a/libavutil/x86/lls.asm b/libavutil/x86/lls.asm index 769befb769..c2aead38ef 100644 --- a/libavutil/x86/lls.asm +++ b/libavutil/x86/lls.asm @@ -29,7 +29,7 @@ SECTION .text %define COVAR_STRIDE MAX_VARS_ALIGN*8 %define COVAR(x,y) [covarq + (x)*8 + (y)*COVAR_STRIDE] -struc LLSModel +struc LLSModel2 .covariance: resq MAX_VARS_ALIGN*MAX_VARS_ALIGN .coeff: resq MAX_VARS*MAX_VARS .variance: resq MAX_VARS @@ -49,7 +49,7 @@ INIT_XMM sse2 %define movdqa movaps cglobal update_lls, 2,5,8, ctx, var, i, j, covar2 %define covarq ctxq - mov id, [ctxq + LLSModel.indep_count] + mov id, [ctxq + LLSModel2.indep_count] lea varq, [varq + iq*8] neg iq mov covar2q, covarq @@ -129,7 +129,7 @@ cglobal update_lls, 2,5,8, ctx, var, i, j, covar2 INIT_YMM avx cglobal update_lls, 3,6,8, ctx, var, count, i, j, count2 %define covarq ctxq - mov countd, [ctxq + LLSModel.indep_count] + mov countd, [ctxq + LLSModel2.indep_count] lea count2d, [countq-2] xor id, id .loopi: @@ -206,7 +206,7 @@ cglobal evaluate_lls, 3,4,2, ctx, var, order, i %define coefsq ctxq mov id, orderd imul orderd, MAX_VARS - lea coefsq, [ctxq + LLSModel.coeff + orderq*8] + lea coefsq, [ctxq + LLSModel2.coeff + orderq*8] movsd m0, [varq] movhpd m0, [varq + 8] mulpd m0, [coefsq] diff --git a/libavutil/x86/lls_init.c b/libavutil/x86/lls_init.c index b2424b3645..bf999d5fc3 100644 --- a/libavutil/x86/lls_init.c +++ b/libavutil/x86/lls_init.c @@ -23,11 +23,11 @@ #include "libavutil/lls2.h" #include "libavutil/x86/cpu.h" -void ff_update_lls_sse2(LLSModel *m, double *var); -void ff_update_lls_avx(LLSModel *m, double *var); -double ff_evaluate_lls_sse2(LLSModel *m, double *var, int order); +void ff_update_lls_sse2(LLSModel2 *m, double *var); +void ff_update_lls_avx(LLSModel2 *m, double *var); +double ff_evaluate_lls_sse2(LLSModel2 *m, double *var, int order); -av_cold void ff_init_lls_x86(LLSModel *m) +av_cold void ff_init_lls_x86(LLSModel2 *m) { int cpu_flags = av_get_cpu_flags(); if (EXTERNAL_SSE2(cpu_flags)) { From e5e048bbf7d3445159bcd5bb6627dad6a9772243 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 15 Nov 2013 23:32:51 +0100 Subject: [PATCH 017/562] avutil: reintroduce lls1 as the 52 ABI needs it lls1 taken from ff130d7 This is incompatible with libavcodec version 55.18.100 to 55.43.100 except 55.39.101 This incompatibility is caused by these libavcodec versions depending on a libavutil 52 which is ABI incompatible with the previous ABI 52 you can avoid this incompatibility by upgrading your libavcodec so it does no longer depend on the invalid ABI See: 502ab21af0ca68f76d6112722c46d2f35c004053 See: cc6714bb16b1f0716ba43701d47273dbe9657b8b See: 41578f70cf8aec8e7565fba1ca7e07f3dc46c3d2 See: Ticket3136 Tested-by: marillat Signed-off-by: Michael Niedermayer (cherry picked from commit b382d09d29be90e0947295a70cdcbaa60b9030b8) Signed-off-by: Michael Niedermayer --- libavutil/Makefile | 2 + libavutil/lls1.c | 180 ++++++++++++++++++++++++++++++++++++++++++++ libavutil/lls1.h | 54 +++++++++++++ libavutil/version.h | 5 +- 4 files changed, 240 insertions(+), 1 deletion(-) create mode 100644 libavutil/lls1.c create mode 100644 libavutil/lls1.h diff --git a/libavutil/Makefile b/libavutil/Makefile index 5d428935bc..9b5cd4e6b7 100644 --- a/libavutil/Makefile +++ b/libavutil/Makefile @@ -90,6 +90,7 @@ OBJS = adler32.o \ intfloat_readwrite.o \ intmath.o \ lfg.o \ + lls1.o \ lls2.o \ log.o \ log2_tab.o \ @@ -143,6 +144,7 @@ TESTPROGS = adler32 \ fifo \ hmac \ lfg \ + lls1 \ lls2 \ md5 \ murmur3 \ diff --git a/libavutil/lls1.c b/libavutil/lls1.c new file mode 100644 index 0000000000..c452d82334 --- /dev/null +++ b/libavutil/lls1.c @@ -0,0 +1,180 @@ +/* + * linear least squares model + * + * Copyright (c) 2006 Michael Niedermayer + * + * This file is part of FFmpeg. + * + * FFmpeg is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * FFmpeg is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with FFmpeg; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +/** + * @file + * linear least squares model + */ + +#include +#include + +#include "attributes.h" +#include "version.h" +#include "lls1.h" + +#if FF_API_LLS1 + +av_cold void avpriv_init_lls(LLSModel *m, int indep_count) +{ + memset(m, 0, sizeof(LLSModel)); + m->indep_count = indep_count; +} + +void avpriv_update_lls(LLSModel *m, double *var, double decay) +{ + int i, j; + + for (i = 0; i <= m->indep_count; i++) { + for (j = i; j <= m->indep_count; j++) { + m->covariance[i][j] *= decay; + m->covariance[i][j] += var[i] * var[j]; + } + } +} + +void avpriv_solve_lls(LLSModel *m, double threshold, unsigned short min_order) +{ + int i, j, k; + double (*factor)[MAX_VARS + 1] = (void *) &m->covariance[1][0]; + double (*covar) [MAX_VARS + 1] = (void *) &m->covariance[1][1]; + double *covar_y = m->covariance[0]; + int count = m->indep_count; + + for (i = 0; i < count; i++) { + for (j = i; j < count; j++) { + double sum = covar[i][j]; + + for (k = i - 1; k >= 0; k--) + sum -= factor[i][k] * factor[j][k]; + + if (i == j) { + if (sum < threshold) + sum = 1.0; + factor[i][i] = sqrt(sum); + } else { + factor[j][i] = sum / factor[i][i]; + } + } + } + + for (i = 0; i < count; i++) { + double sum = covar_y[i + 1]; + + for (k = i - 1; k >= 0; k--) + sum -= factor[i][k] * m->coeff[0][k]; + + m->coeff[0][i] = sum / factor[i][i]; + } + + for (j = count - 1; j >= min_order; j--) { + for (i = j; i >= 0; i--) { + double sum = m->coeff[0][i]; + + for (k = i + 1; k <= j; k++) + sum -= factor[k][i] * m->coeff[j][k]; + + m->coeff[j][i] = sum / factor[i][i]; + } + + m->variance[j] = covar_y[0]; + + for (i = 0; i <= j; i++) { + double sum = m->coeff[j][i] * covar[i][i] - 2 * covar_y[i + 1]; + + for (k = 0; k < i; k++) + sum += 2 * m->coeff[j][k] * covar[k][i]; + + m->variance[j] += m->coeff[j][i] * sum; + } + } +} + +double avpriv_evaluate_lls(LLSModel *m, double *param, int order) +{ + int i; + double out = 0; + + for (i = 0; i <= order; i++) + out += param[i] * m->coeff[order][i]; + + return out; +} + +#if FF_API_LLS_PRIVATE +av_cold void av_init_lls(LLSModel *m, int indep_count) +{ + avpriv_init_lls(m, indep_count); +} +void av_update_lls(LLSModel *m, double *param, double decay) +{ + avpriv_update_lls(m, param, decay); +} +void av_solve_lls(LLSModel *m, double threshold, int min_order) +{ + avpriv_solve_lls(m, threshold, min_order); +} +double av_evaluate_lls(LLSModel *m, double *param, int order) +{ + return avpriv_evaluate_lls(m, param, order); +} +#endif /* FF_API_LLS_PRIVATE */ + +#endif /* FF_API_LLS1 */ + +#ifdef TEST + +#include +#include +#include "lfg.h" + +int main(void) +{ + LLSModel m; + int i, order; + AVLFG lfg; + + av_lfg_init(&lfg, 1); + avpriv_init_lls(&m, 3); + + for (i = 0; i < 100; i++) { + double var[4]; + double eval; + + var[0] = (av_lfg_get(&lfg) / (double) UINT_MAX - 0.5) * 2; + var[1] = var[0] + av_lfg_get(&lfg) / (double) UINT_MAX - 0.5; + var[2] = var[1] + av_lfg_get(&lfg) / (double) UINT_MAX - 0.5; + var[3] = var[2] + av_lfg_get(&lfg) / (double) UINT_MAX - 0.5; + avpriv_update_lls(&m, var, 0.99); + avpriv_solve_lls(&m, 0.001, 0); + for (order = 0; order < 3; order++) { + eval = avpriv_evaluate_lls(&m, var + 1, order); + printf("real:%9f order:%d pred:%9f var:%f coeffs:%f %9f %9f\n", + var[0], order, eval, sqrt(m.variance[order] / (i + 1)), + m.coeff[order][0], m.coeff[order][1], + m.coeff[order][2]); + } + } + return 0; +} + +#endif diff --git a/libavutil/lls1.h b/libavutil/lls1.h new file mode 100644 index 0000000000..c785d44421 --- /dev/null +++ b/libavutil/lls1.h @@ -0,0 +1,54 @@ +/* + * linear least squares model + * + * Copyright (c) 2006 Michael Niedermayer + * + * This file is part of FFmpeg. + * + * FFmpeg is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * FFmpeg is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with FFmpeg; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#ifndef AVUTIL_LLS_H +#define AVUTIL_LLS_H + +#include "version.h" + +#define MAX_VARS 32 + +//FIXME avoid direct access to LLSModel from outside + +/** + * Linear least squares model. + */ +typedef struct LLSModel { + double covariance[MAX_VARS + 1][MAX_VARS + 1]; + double coeff[MAX_VARS][MAX_VARS]; + double variance[MAX_VARS]; + int indep_count; +} LLSModel; + +void avpriv_init_lls(LLSModel *m, int indep_count); +void avpriv_update_lls(LLSModel *m, double *param, double decay); +void avpriv_solve_lls(LLSModel *m, double threshold, unsigned short min_order); +double avpriv_evaluate_lls(LLSModel *m, double *param, int order); + +#if FF_API_LLS_PRIVATE +void av_init_lls(LLSModel *m, int indep_count); +void av_update_lls(LLSModel *m, double *param, double decay); +void av_solve_lls(LLSModel *m, double threshold, int min_order); +double av_evaluate_lls(LLSModel *m, double *param, int order); +#endif /* FF_API_LLS_PRIVATE */ + +#endif /* AVUTIL_LLS_H */ diff --git a/libavutil/version.h b/libavutil/version.h index 67a2acd107..dd70beb9ea 100644 --- a/libavutil/version.h +++ b/libavutil/version.h @@ -76,7 +76,7 @@ #define LIBAVUTIL_VERSION_MAJOR 52 #define LIBAVUTIL_VERSION_MINOR 48 -#define LIBAVUTIL_VERSION_MICRO 100 +#define LIBAVUTIL_VERSION_MICRO 101 #define LIBAVUTIL_VERSION_INT AV_VERSION_INT(LIBAVUTIL_VERSION_MAJOR, \ LIBAVUTIL_VERSION_MINOR, \ @@ -132,6 +132,9 @@ #ifndef FF_API_LLS_PRIVATE #define FF_API_LLS_PRIVATE (LIBAVUTIL_VERSION_MAJOR < 53) #endif +#ifndef FF_API_LLS1 +#define FF_API_LLS1 (LIBAVUTIL_VERSION_MAJOR < 53) +#endif #ifndef FF_API_AVFRAME_LAVC #define FF_API_AVFRAME_LAVC (LIBAVUTIL_VERSION_MAJOR < 53) #endif From 5c8845a55478c4963e663e288f7ce6009780a49a Mon Sep 17 00:00:00 2001 From: Lou Logan Date: Tue, 12 Nov 2013 14:22:15 +0100 Subject: [PATCH 018/562] Fix example in pullup documentation. The pullup filter does not work well with the fps filter, it currently needs -r Signed-off-by: Carl Eugen Hoyos (cherry picked from commit 6d90a5c149fbdf9678c3f03fac820f835665b985) --- doc/filters.texi | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/doc/filters.texi b/doc/filters.texi index 14692a2148..0cf53aeb6f 100644 --- a/doc/filters.texi +++ b/doc/filters.texi @@ -6422,9 +6422,11 @@ The main purpose of setting @option{mp} to a chroma plane is to reduce CPU load and make pullup usable in realtime on slow machines. @end table -For example to inverse telecined NTSC input: +For best results (without duplicated frames in the output file) it is +necessary to change the output frame rate. For example, to inverse +telecine NTSC input: @example -pullup,fps=24000/1001 +ffmpeg -i input -vf pullup -r 24000/1001 ... @end example @section removelogo From 3193b85be33347f5cd48f0978092c9b53181defa Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 31 Oct 2013 23:29:01 +0100 Subject: [PATCH 019/562] avcodec/tiff_common: allow count = 0 in ff_tadd_bytes_metadata() Fixes Ticket3103 Reviewed-by: Thilo Borgmann Signed-off-by: Michael Niedermayer (cherry picked from commit 73d887733dc2ccb5d570615a753d5c44c3f1d9a4) --- libavcodec/tiff_common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/tiff_common.c b/libavcodec/tiff_common.c index 6a10d71743..ce91219150 100644 --- a/libavcodec/tiff_common.c +++ b/libavcodec/tiff_common.c @@ -219,7 +219,7 @@ int ff_tadd_bytes_metadata(int count, const char *name, const char *sep, char *ap; int i; - if (count >= INT_MAX / sizeof(int8_t) || count <= 0) + if (count >= INT_MAX / sizeof(int8_t) || count < 0) return AVERROR_INVALIDDATA; if (bytestream2_get_bytes_left(gb) < count * sizeof(int8_t)) return AVERROR_INVALIDDATA; From 7ce0f4ea3b206a4f7ce0ceae8751e096b1ebbc9b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20B=C5=93sch?= Date: Sat, 19 Oct 2013 19:39:28 +0200 Subject: [PATCH 020/562] avformat/image2: allow muxing gif files. Fixes Ticket #2936. (cherry picked from commit f70db22999d713da3306bf29ec763d670b9bf1ea) --- libavformat/img2enc.c | 42 +++++++++++++++++++++++++++++++++++++++--- 1 file changed, 39 insertions(+), 3 deletions(-) diff --git a/libavformat/img2enc.c b/libavformat/img2enc.c index 8adf3526a6..56aa5fca22 100644 --- a/libavformat/img2enc.c +++ b/libavformat/img2enc.c @@ -21,6 +21,7 @@ */ #include "libavutil/intreadwrite.h" +#include "libavutil/avassert.h" #include "libavutil/avstring.h" #include "libavutil/log.h" #include "libavutil/opt.h" @@ -37,6 +38,7 @@ typedef struct { char path[1024]; int update; int use_strftime; + const char *muxer; } VideoMuxData; static int write_header(AVFormatContext *s) @@ -44,7 +46,6 @@ static int write_header(AVFormatContext *s) VideoMuxData *img = s->priv_data; AVStream *st = s->streams[0]; const AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(st->codec->pix_fmt); - const char *str; av_strlcpy(img->path, s->filename, sizeof(img->path)); @@ -54,14 +55,18 @@ static int write_header(AVFormatContext *s) else img->is_pipe = 1; - str = strrchr(img->path, '.'); + if (st->codec->codec_id == AV_CODEC_ID_GIF) { + img->muxer = "gif"; + } else if (st->codec->codec_id == AV_CODEC_ID_RAWVIDEO) { + const char *str = strrchr(img->path, '.'); + /* TODO: reindent */ img->split_planes = str && !av_strcasecmp(str + 1, "y") && s->nb_streams == 1 - && st->codec->codec_id == AV_CODEC_ID_RAWVIDEO && desc &&(desc->flags & AV_PIX_FMT_FLAG_PLANAR) && desc->nb_components >= 3; + } return 0; } @@ -124,6 +129,37 @@ static int write_packet(AVFormatContext *s, AVPacket *pkt) avio_write(pb[3], pkt->data + ysize + 2*usize, ysize); avio_close(pb[3]); } + } else if (img->muxer) { + int ret; + AVStream *st; + AVPacket pkt2 = {0}; + AVFormatContext *fmt = NULL; + + av_assert0(!img->split_planes); + + ret = avformat_alloc_output_context2(&fmt, NULL, img->muxer, s->filename); + if (ret < 0) + return ret; + st = avformat_new_stream(fmt, NULL); + if (!st) { + avformat_free_context(fmt); + return AVERROR(ENOMEM); + } + st->id = pkt->stream_index; + + fmt->pb = pb[0]; + if ((ret = av_copy_packet(&pkt2, pkt)) < 0 || + (ret = av_dup_packet(&pkt2)) < 0 || + (ret = avcodec_copy_context(st->codec, s->streams[0]->codec)) < 0 || + (ret = avformat_write_header(fmt, NULL)) < 0 || + (ret = av_interleaved_write_frame(fmt, &pkt2)) < 0 || + (ret = av_write_trailer(fmt)) < 0) { + av_free_packet(&pkt2); + avformat_free_context(fmt); + return ret; + } + av_free_packet(&pkt2); + avformat_free_context(fmt); } else { avio_write(pb[0], pkt->data, pkt->size); } From c38af02626fbaadb815389bf5bbc6d54ab30e470 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20B=C5=93sch?= Date: Fri, 8 Nov 2013 23:55:06 +0100 Subject: [PATCH 021/562] build: avoid stdin stall with GNU AS probing. a758c5e added probing for various tools, such as AS. Unfortunately, GNU AS is reading stdin with -v, and thus configure is stalled with configure arguments such as --as=as. Fixes Ticket #1898. (cherry picked from commit dbb41f93c16cbc65a899a75723c95da51c851cd5) --- configure | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/configure b/configure index 46a9adef37..41c006da2a 100755 --- a/configure +++ b/configure @@ -2878,7 +2878,9 @@ probe_cc(){ unset _depflags _DEPCMD _DEPFLAGS _flags_filter=echo - if $_cc -v 2>&1 | grep -q '^gcc.*LLVM'; then + if $_cc --version 2>&1 | grep -q '^GNU assembler'; then + true # no-op to avoid reading stdin in following checks + elif $_cc -v 2>&1 | grep -q '^gcc.*LLVM'; then _type=llvm_gcc gcc_extra_ver=$(expr "$($_cc --version | head -n1)" : '.*\((.*)\)') _ident="llvm-gcc $($_cc -dumpversion) $gcc_extra_ver" From 842def7d78137dafff39988326031cd943bc2a19 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 18 Nov 2013 03:02:36 +0100 Subject: [PATCH 022/562] avformat/utils: dont count attached pics toward the probesize Such pics behave more like headers which we also dont count. Fixes Ticket3146 Signed-off-by: Michael Niedermayer (cherry picked from commit a8dec360c5db15e8da4b44ff3c0f02a6c57e8ac0) --- libavformat/utils.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index 04984a1187..bcea353980 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -2864,9 +2864,10 @@ int avformat_find_stream_info(AVFormatContext *ic, AVDictionary **options) goto find_stream_info_err; } - read_size += pkt->size; - st = ic->streams[pkt->stream_index]; + if (!(st->disposition & AV_DISPOSITION_ATTACHED_PIC)) + read_size += pkt->size; + if (pkt->dts != AV_NOPTS_VALUE && st->codec_info_nb_frames > 1) { /* check for non-increasing dts */ if (st->info->fps_last_dts != AV_NOPTS_VALUE && From a289b0b91a799a3db6cb5bebb628132863d632e4 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 18 Nov 2013 16:38:12 +0100 Subject: [PATCH 023/562] avformat/mpegts: fix resync seek The seek ended up seeking before the begin, which caused problems Fixes initial sync issues with libbluray Fixes Ticket3117 Signed-off-by: Michael Niedermayer (cherry picked from commit 7d0e927a31edb5fb584c2ab17f7fd676838d6639) --- libavformat/mpegts.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavformat/mpegts.c b/libavformat/mpegts.c index 5f2dfe9cb3..fe4ac35878 100644 --- a/libavformat/mpegts.c +++ b/libavformat/mpegts.c @@ -1976,7 +1976,9 @@ static int read_packet(AVFormatContext *s, uint8_t *buf, int raw_packet_size, co /* check packet sync byte */ if ((*data)[0] != 0x47) { /* find a new packet start */ - avio_seek(pb, -raw_packet_size, SEEK_CUR); + uint64_t pos = avio_tell(pb); + avio_seek(pb, -FFMIN(raw_packet_size, pos), SEEK_CUR); + if (mpegts_resync(s) < 0) return AVERROR(EAGAIN); else From 607e5038a9a521e6f64855c6eb408c433611b611 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 18 Nov 2013 20:56:40 +0100 Subject: [PATCH 024/562] avcodec/pcm-dvd: fix 20bit 2 channels Fixes part of ticket3122 Signed-off-by: Michael Niedermayer (cherry picked from commit 5db49fc38d9132e134de92584f296559bec3b789) --- libavcodec/pcm-dvd.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libavcodec/pcm-dvd.c b/libavcodec/pcm-dvd.c index 9696b09115..b895e39786 100644 --- a/libavcodec/pcm-dvd.c +++ b/libavcodec/pcm-dvd.c @@ -180,11 +180,11 @@ static void *pcm_dvd_decode_samples(AVCodecContext *avctx, const uint8_t *src, dst32[2] = bytestream2_get_be16u(&gb) << 16; dst32[3] = bytestream2_get_be16u(&gb) << 16; t = bytestream2_get_byteu(&gb); - *dst32 += (t & 0xf0) << 8; - *dst32 += (t & 0x0f) << 12; + *dst32++ += (t & 0xf0) << 8; + *dst32++ += (t & 0x0f) << 12; t = bytestream2_get_byteu(&gb); - *dst32 += (t & 0xf0) << 8; - *dst32 += (t & 0x0f) << 12; + *dst32++ += (t & 0xf0) << 8; + *dst32++ += (t & 0x0f) << 12; } } while (--blocks); return dst32; From 87c416d93a099587679549fe82c33be83cdbf192 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 18 Nov 2013 20:56:40 +0100 Subject: [PATCH 025/562] avcodec/pcm-dvd: fix 20/24bit 1 channel Fixes part of ticket3122 Signed-off-by: Michael Niedermayer (cherry picked from commit ab184b298d4a54199986de10927258aed18c7b6b) --- libavcodec/pcm-dvd.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/libavcodec/pcm-dvd.c b/libavcodec/pcm-dvd.c index b895e39786..243b6aa0bb 100644 --- a/libavcodec/pcm-dvd.c +++ b/libavcodec/pcm-dvd.c @@ -173,6 +173,17 @@ static void *pcm_dvd_decode_samples(AVCodecContext *avctx, const uint8_t *src, #endif return dst16; case 20: + if (avctx->channels == 1) { + do { + for (i = 2; i; i--) { + dst32[0] = bytestream2_get_be16u(&gb) << 16; + dst32[1] = bytestream2_get_be16u(&gb) << 16; + t = bytestream2_get_byteu(&gb); + *dst32++ += (t & 0xf0) << 8; + *dst32++ += (t & 0x0f) << 12; + } + } while (--blocks); + } else { do { for (i = s->groups_per_block; i; i--) { dst32[0] = bytestream2_get_be16u(&gb) << 16; @@ -187,8 +198,19 @@ static void *pcm_dvd_decode_samples(AVCodecContext *avctx, const uint8_t *src, *dst32++ += (t & 0x0f) << 12; } } while (--blocks); + } return dst32; case 24: + if (avctx->channels == 1) { + do { + for (i = 2; i; i--) { + dst32[0] = bytestream2_get_be16u(&gb) << 16; + dst32[1] = bytestream2_get_be16u(&gb) << 16; + *dst32++ += bytestream2_get_byteu(&gb) << 8; + *dst32++ += bytestream2_get_byteu(&gb) << 8; + } + } while (--blocks); + } else { do { for (i = s->groups_per_block; i; i--) { dst32[0] = bytestream2_get_be16u(&gb) << 16; @@ -201,6 +223,7 @@ static void *pcm_dvd_decode_samples(AVCodecContext *avctx, const uint8_t *src, *dst32++ += bytestream2_get_byteu(&gb) << 8; } } while (--blocks); + } return dst32; default: return NULL; From 9422cd85a081f6e084731e87eda3e8e4df9f6827 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 20 Nov 2013 03:12:11 +0100 Subject: [PATCH 026/562] update for 2.1.1 Signed-off-by: Michael Niedermayer --- RELEASE | 2 +- VERSION | 2 +- doc/Doxyfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/RELEASE b/RELEASE index 879b416e60..3e3c2f1e5e 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -2.1 +2.1.1 diff --git a/VERSION b/VERSION index 879b416e60..3e3c2f1e5e 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.1 +2.1.1 diff --git a/doc/Doxyfile b/doc/Doxyfile index ad40d2b1f1..eb1bea2141 100644 --- a/doc/Doxyfile +++ b/doc/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 2.1 +PROJECT_NUMBER = 2.1.1 # With the PROJECT_LOGO tag one can specify a logo or icon that is included # in the documentation. The maximum height of the logo should not exceed 55 From 31647c5a4693a8bfdff2ef157755e2472adac545 Mon Sep 17 00:00:00 2001 From: Nicolas George Date: Mon, 28 Oct 2013 11:50:09 +0100 Subject: [PATCH 027/562] lavd/lavfi: support unknown channel layouts. (cherry picked from commit 863fb11f63f7f60feec390f3c54dd13606e07d05) --- libavdevice/lavfi.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavdevice/lavfi.c b/libavdevice/lavfi.c index 559f721c8f..a177ad0271 100644 --- a/libavdevice/lavfi.c +++ b/libavdevice/lavfi.c @@ -248,6 +248,10 @@ av_cold static int lavfi_read_header(AVFormatContext *avctx) ret = av_opt_set_int_list(sink, "sample_fmts", sample_fmts, AV_SAMPLE_FMT_NONE, AV_OPT_SEARCH_CHILDREN); if (ret < 0) goto end; + ret = av_opt_set_int(sink, "all_channel_counts", 1, + AV_OPT_SEARCH_CHILDREN); + if (ret < 0) + goto end; } lavfi->sinks[i] = sink; From c2ae9f75d731adaacde43cb3a3440d27c28a5274 Mon Sep 17 00:00:00 2001 From: Nicolas George Date: Tue, 3 Sep 2013 22:12:54 +0200 Subject: [PATCH 028/562] lavfi/avfiltergraph: suggest a solution when format selection fails. Format selection can fail if unknown channel layouts are used with filters that do not support it. (cherry picked from commit f775eb3fb4c7b716107355e428e40cb63f71ee7a) --- libavfilter/avfiltergraph.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavfilter/avfiltergraph.c b/libavfilter/avfiltergraph.c index 506d79ec71..bcdcde06ce 100644 --- a/libavfilter/avfiltergraph.c +++ b/libavfilter/avfiltergraph.c @@ -654,6 +654,10 @@ static int pick_format(AVFilterLink *link, AVFilterLink *ref) av_log(link->src, AV_LOG_ERROR, "Cannot select channel layout for" " the link between filters %s and %s.\n", link->src->name, link->dst->name); + if (!link->in_channel_layouts->all_counts) + av_log(link->src, AV_LOG_ERROR, "Unknown channel layouts not " + "supported, try specifying a channel layout using " + "'aformat=channel_layouts=something'.\n"); return AVERROR(EINVAL); } link->in_channel_layouts->nb_channel_layouts = 1; From 1a676881caad21a3b038206e1d596ca2b241c4a3 Mon Sep 17 00:00:00 2001 From: Nicolas George Date: Tue, 3 Sep 2013 22:13:49 +0200 Subject: [PATCH 029/562] lavfi/avfiltergraph: do not reduce incompatible lists. A list of "all channel layouts" but not "all channel counts" can not be reduced to a single unknown channel count. (cherry picked from commit d300f5f6f570659e4b58567b35c9e8600c9f2956) --- libavfilter/avfiltergraph.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavfilter/avfiltergraph.c b/libavfilter/avfiltergraph.c index bcdcde06ce..1fb83c4877 100644 --- a/libavfilter/avfiltergraph.c +++ b/libavfilter/avfiltergraph.c @@ -741,7 +741,8 @@ static int reduce_formats_on_filter(AVFilterContext *filter) if (inlink->type != outlink->type || fmts->nb_channel_layouts == 1) continue; - if (fmts->all_layouts) { + if (fmts->all_layouts && + (!FF_LAYOUT2COUNT(fmt) || fmts->all_counts)) { /* Turn the infinite list into a singleton */ fmts->all_layouts = fmts->all_counts = 0; ff_add_channel_layout(&outlink->in_channel_layouts, fmt); From 838a453e39624a76071f551c070c707ab7d5600b Mon Sep 17 00:00:00 2001 From: Nicolas George Date: Fri, 25 Oct 2013 15:07:40 +0200 Subject: [PATCH 030/562] lavfi: parsing helper for unknown channel layouts. Make ff_parse_channel_layout() accept unknown layouts too. (cherry picked from commit 6e2473edfda26a556c615ebc04d8aeba800bef7e) --- libavfilter/af_aconvert.c | 2 +- libavfilter/af_pan.c | 2 +- libavfilter/asrc_aevalsrc.c | 2 +- libavfilter/asrc_anullsrc.c | 2 +- libavfilter/formats.c | 17 +++++++++++++++-- libavfilter/internal.h | 5 ++++- 6 files changed, 23 insertions(+), 7 deletions(-) diff --git a/libavfilter/af_aconvert.c b/libavfilter/af_aconvert.c index a198d2b396..43158f08e8 100644 --- a/libavfilter/af_aconvert.c +++ b/libavfilter/af_aconvert.c @@ -66,7 +66,7 @@ static av_cold int init(AVFilterContext *ctx) (ret = ff_parse_sample_format(&aconvert->out_sample_fmt, aconvert->format_str, ctx)) < 0) return ret; if (aconvert->channel_layout_str && strcmp(aconvert->channel_layout_str, "auto")) - return ff_parse_channel_layout(&aconvert->out_chlayout, aconvert->channel_layout_str, ctx); + return ff_parse_channel_layout(&aconvert->out_chlayout, NULL, aconvert->channel_layout_str, ctx); return ret; } diff --git a/libavfilter/af_pan.c b/libavfilter/af_pan.c index 9cee9d9c3d..e742d9e999 100644 --- a/libavfilter/af_pan.c +++ b/libavfilter/af_pan.c @@ -116,7 +116,7 @@ static av_cold int init(AVFilterContext *ctx) if (!args) return AVERROR(ENOMEM); arg = av_strtok(args, "|", &tokenizer); - ret = ff_parse_channel_layout(&pan->out_channel_layout, arg, ctx); + ret = ff_parse_channel_layout(&pan->out_channel_layout, NULL, arg, ctx); if (ret < 0) goto fail; pan->nb_output_channels = av_get_channel_layout_nb_channels(pan->out_channel_layout); diff --git a/libavfilter/asrc_aevalsrc.c b/libavfilter/asrc_aevalsrc.c index 3f71ac33d8..79fb4b276c 100644 --- a/libavfilter/asrc_aevalsrc.c +++ b/libavfilter/asrc_aevalsrc.c @@ -109,7 +109,7 @@ static av_cold int init(AVFilterContext *ctx) if (eval->chlayout_str) { int n; - ret = ff_parse_channel_layout(&eval->chlayout, eval->chlayout_str, ctx); + ret = ff_parse_channel_layout(&eval->chlayout, NULL, eval->chlayout_str, ctx); if (ret < 0) goto end; diff --git a/libavfilter/asrc_anullsrc.c b/libavfilter/asrc_anullsrc.c index 4f76759419..a4bf01394a 100644 --- a/libavfilter/asrc_anullsrc.c +++ b/libavfilter/asrc_anullsrc.c @@ -68,7 +68,7 @@ static av_cold int init(AVFilterContext *ctx) null->sample_rate_str, ctx)) < 0) return ret; - if ((ret = ff_parse_channel_layout(&null->channel_layout, + if ((ret = ff_parse_channel_layout(&null->channel_layout, NULL, null->channel_layout_str, ctx)) < 0) return ret; diff --git a/libavfilter/formats.c b/libavfilter/formats.c index d51bf3c51d..5816032746 100644 --- a/libavfilter/formats.c +++ b/libavfilter/formats.c @@ -615,10 +615,21 @@ int ff_parse_sample_rate(int *ret, const char *arg, void *log_ctx) return 0; } -int ff_parse_channel_layout(int64_t *ret, const char *arg, void *log_ctx) +int ff_parse_channel_layout(int64_t *ret, int *nret, const char *arg, + void *log_ctx) { char *tail; - int64_t chlayout = av_get_channel_layout(arg); + int64_t chlayout, count; + + if (nret) { + count = strtol(arg, &tail, 10); + if (*tail == 'c' && !tail[1] && count > 0 && count < 63) { + *nret = count; + *ret = 0; + return 0; + } + } + chlayout = av_get_channel_layout(arg); if (chlayout == 0) { chlayout = strtol(arg, &tail, 10); if (*tail || chlayout == 0) { @@ -627,6 +638,8 @@ int ff_parse_channel_layout(int64_t *ret, const char *arg, void *log_ctx) } } *ret = chlayout; + if (nret) + *nret = av_get_channel_layout_nb_channels(chlayout); return 0; } diff --git a/libavfilter/internal.h b/libavfilter/internal.h index f8d0cce638..5e19698d07 100644 --- a/libavfilter/internal.h +++ b/libavfilter/internal.h @@ -207,11 +207,14 @@ int ff_parse_sample_format(int *ret, const char *arg, void *log_ctx); * Parse a channel layout or a corresponding integer representation. * * @param ret 64bit integer pointer to where the value should be written. + * @param nret integer pointer to the number of channels; + * if not NULL, then unknown channel layouts are accepted * @param arg string to parse * @param log_ctx log context * @return >= 0 in case of success, a negative AVERROR code on error */ -int ff_parse_channel_layout(int64_t *ret, const char *arg, void *log_ctx); +int ff_parse_channel_layout(int64_t *ret, int *nret, const char *arg, + void *log_ctx); void ff_update_link_current_pts(AVFilterLink *link, int64_t pts); From cfcb22a77bd4605c4e1d343b7e8dfe4c356134da Mon Sep 17 00:00:00 2001 From: Nicolas George Date: Fri, 25 Oct 2013 16:11:30 +0200 Subject: [PATCH 031/562] lswr: fix assert failure on unknown layouts. (cherry picked from commit 4a640a6ac89099bfb02d6d3d3ada04e321a37476) --- libswresample/rematrix.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libswresample/rematrix.c b/libswresample/rematrix.c index 5c98e68990..e146edfcf7 100644 --- a/libswresample/rematrix.c +++ b/libswresample/rematrix.c @@ -433,8 +433,8 @@ int swri_rematrix(SwrContext *s, AudioData *out, AudioData *in, int len, int mus off = len1 * out->bps; } - av_assert0(out->ch_count == av_get_channel_layout_nb_channels(s->out_ch_layout)); - av_assert0(in ->ch_count == av_get_channel_layout_nb_channels(s-> in_ch_layout)); + av_assert0(!s->out_ch_layout || out->ch_count == av_get_channel_layout_nb_channels(s->out_ch_layout)); + av_assert0(!s-> in_ch_layout || in ->ch_count == av_get_channel_layout_nb_channels(s-> in_ch_layout)); for(out_i=0; out_ich_count; out_i++){ switch(s->matrix_ch[out_i][0]){ From bc04a3a489513eedb1c89eca46de971e2e638dfa Mon Sep 17 00:00:00 2001 From: Nicolas George Date: Fri, 25 Oct 2013 16:02:04 +0200 Subject: [PATCH 032/562] lavfi/af_pan: support unknown layouts on output. (cherry picked from commit 4e9adc9b7363cc336e3d47c98455e1508902fd29) --- libavfilter/af_pan.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/libavfilter/af_pan.c b/libavfilter/af_pan.c index e742d9e999..9f78ff0539 100644 --- a/libavfilter/af_pan.c +++ b/libavfilter/af_pan.c @@ -116,10 +116,10 @@ static av_cold int init(AVFilterContext *ctx) if (!args) return AVERROR(ENOMEM); arg = av_strtok(args, "|", &tokenizer); - ret = ff_parse_channel_layout(&pan->out_channel_layout, NULL, arg, ctx); + ret = ff_parse_channel_layout(&pan->out_channel_layout, + &pan->nb_output_channels, arg, ctx); if (ret < 0) goto fail; - pan->nb_output_channels = av_get_channel_layout_nb_channels(pan->out_channel_layout); /* parse channel specifications */ while ((arg = arg0 = av_strtok(NULL, "|", &tokenizer))) { @@ -244,7 +244,9 @@ static int query_formats(AVFilterContext *ctx) // outlink supports only requested output channel layout layouts = NULL; - ff_add_channel_layout(&layouts, pan->out_channel_layout); + ff_add_channel_layout(&layouts, + pan->out_channel_layout ? pan->out_channel_layout : + FF_COUNT2LAYOUT(pan->nb_output_channels)); ff_channel_layouts_ref(layouts, &outlink->in_channel_layouts); return 0; } @@ -286,6 +288,8 @@ static int config_props(AVFilterLink *link) 0, ctx); if (!pan->swr) return AVERROR(ENOMEM); + if (!pan->out_channel_layout) + av_opt_set_int(pan->swr, "och", pan->nb_output_channels, 0); // gains are pure, init the channel mapping if (pan->pure_gains) { From ad19cb3ca70c073a5676b3b29f9b6f3c080f2ef9 Mon Sep 17 00:00:00 2001 From: Nicolas George Date: Fri, 25 Oct 2013 16:12:06 +0200 Subject: [PATCH 033/562] lavfi/af_pan: support unknown layouts on input. Fix trac ticket #2899. (cherry picked from commit 7b0a587393e03dab552d66450d43ab82bda0a5a1) --- libavfilter/af_pan.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/libavfilter/af_pan.c b/libavfilter/af_pan.c index 9f78ff0539..3d3b98d6db 100644 --- a/libavfilter/af_pan.c +++ b/libavfilter/af_pan.c @@ -46,7 +46,6 @@ typedef struct PanContext { double gain[MAX_CHANNELS][MAX_CHANNELS]; int64_t need_renorm; int need_renumber; - int nb_input_channels; int nb_output_channels; int pure_gains; @@ -239,7 +238,7 @@ static int query_formats(AVFilterContext *ctx) ff_set_common_samplerates(ctx, formats); // inlink supports any channel layout - layouts = ff_all_channel_layouts(); + layouts = ff_all_channel_counts(); ff_channel_layouts_ref(layouts, &inlink->out_channel_layouts); // outlink supports only requested output channel layout @@ -259,7 +258,6 @@ static int config_props(AVFilterLink *link) int i, j, k, r; double t; - pan->nb_input_channels = av_get_channel_layout_nb_channels(link->channel_layout); if (pan->need_renumber) { // input channels were given by their name: renumber them for (i = j = 0; i < MAX_CHANNELS; i++) { @@ -273,7 +271,7 @@ static int config_props(AVFilterLink *link) // sanity check; can't be done in query_formats since the inlink // channel layout is unknown at that time - if (pan->nb_input_channels > SWR_CH_MAX || + if (link->channels > SWR_CH_MAX || pan->nb_output_channels > SWR_CH_MAX) { av_log(ctx, AV_LOG_ERROR, "libswresample support a maximum of %d channels. " @@ -288,6 +286,8 @@ static int config_props(AVFilterLink *link) 0, ctx); if (!pan->swr) return AVERROR(ENOMEM); + if (!link->channel_layout) + av_opt_set_int(pan->swr, "ich", link->channels, 0); if (!pan->out_channel_layout) av_opt_set_int(pan->swr, "och", pan->nb_output_channels, 0); @@ -297,7 +297,7 @@ static int config_props(AVFilterLink *link) // get channel map from the pure gains for (i = 0; i < pan->nb_output_channels; i++) { int ch_id = -1; - for (j = 0; j < pan->nb_input_channels; j++) { + for (j = 0; j < link->channels; j++) { if (pan->gain[i][j]) { ch_id = j; break; @@ -315,7 +315,7 @@ static int config_props(AVFilterLink *link) if (!((pan->need_renorm >> i) & 1)) continue; t = 0; - for (j = 0; j < pan->nb_input_channels; j++) + for (j = 0; j < link->channels; j++) t += pan->gain[i][j]; if (t > -1E-5 && t < 1E-5) { // t is almost 0 but not exactly, this is probably a mistake @@ -324,7 +324,7 @@ static int config_props(AVFilterLink *link) "Degenerate coefficients while renormalizing\n"); continue; } - for (j = 0; j < pan->nb_input_channels; j++) + for (j = 0; j < link->channels; j++) pan->gain[i][j] /= t; } av_opt_set_int(pan->swr, "icl", link->channel_layout, 0); @@ -339,7 +339,7 @@ static int config_props(AVFilterLink *link) // summary for (i = 0; i < pan->nb_output_channels; i++) { cur = buf; - for (j = 0; j < pan->nb_input_channels; j++) { + for (j = 0; j < link->channels; j++) { r = snprintf(cur, buf + sizeof(buf) - cur, "%s%.3g i%d", j ? " + " : "", pan->gain[i][j], j); cur += FFMIN(buf + sizeof(buf) - cur, r); From 88e368d5a7ab9a97dc7fb7a5b11b47e864c2621b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 28 Nov 2013 02:28:50 +0100 Subject: [PATCH 034/562] ffmpeg: set VCFR when copying timestamps This fixes unreasonable initial frame repeats Fixes Ticket3176 Signed-off-by: Michael Niedermayer (cherry picked from commit 738ebb4a0e0c8fbdc83b44cf30b8c9b7ac866270) --- ffmpeg.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ffmpeg.c b/ffmpeg.c index 6629a5f029..dba608931d 100644 --- a/ffmpeg.c +++ b/ffmpeg.c @@ -825,6 +825,9 @@ static void do_video_out(AVFormatContext *s, && input_files[ist->file_index]->input_ts_offset == 0) { format_video_sync = VSYNC_VSCFR; } + if (format_video_sync == VSYNC_CFR && copy_ts) { + format_video_sync = VSYNC_VSCFR; + } } switch (format_video_sync) { From 12c2d2ed464cc5e8868f176a17eb89eb212b831a Mon Sep 17 00:00:00 2001 From: Nicolas George Date: Mon, 25 Nov 2013 16:27:41 +0100 Subject: [PATCH 035/562] lavc/srtenc: use bprint for text buffers. Fix trac ticket #3120. (cherry picked from commit 4b1c9b720e11d200ca7090210b34c409f43fafeb) --- libavcodec/srtenc.c | 48 ++++++++++++++++++++++++++------------------- 1 file changed, 28 insertions(+), 20 deletions(-) diff --git a/libavcodec/srtenc.c b/libavcodec/srtenc.c index 3036a7fb0c..89c26dcbf0 100644 --- a/libavcodec/srtenc.c +++ b/libavcodec/srtenc.c @@ -22,6 +22,7 @@ #include #include "avcodec.h" #include "libavutil/avstring.h" +#include "libavutil/bprint.h" #include "ass_split.h" #include "ass.h" @@ -31,10 +32,8 @@ typedef struct { AVCodecContext *avctx; ASSSplitContext *ass_ctx; - char buffer[2048]; - char *ptr; - char *end; - char *dialog_start; + AVBPrint buffer; + unsigned timestamp_end; int count; char stack[SRT_STACK_SIZE]; int stack_ptr; @@ -49,7 +48,7 @@ static void srt_print(SRTContext *s, const char *str, ...) { va_list vargs; va_start(vargs, str); - s->ptr += vsnprintf(s->ptr, s->end - s->ptr, str, vargs); + av_vbprintf(&s->buffer, str, vargs); va_end(vargs); } @@ -138,14 +137,14 @@ static av_cold int srt_encode_init(AVCodecContext *avctx) SRTContext *s = avctx->priv_data; s->avctx = avctx; s->ass_ctx = ff_ass_split(avctx->subtitle_header); + av_bprint_init(&s->buffer, 0, AV_BPRINT_SIZE_UNLIMITED); return s->ass_ctx ? 0 : AVERROR_INVALIDDATA; } static void srt_text_cb(void *priv, const char *text, int len) { SRTContext *s = priv; - av_strlcpy(s->ptr, text, FFMIN(s->end-s->ptr, len+1)); - s->ptr += len; + av_bprint_append_data(&s->buffer, text, len); } static void srt_new_line_cb(void *priv, int forced) @@ -208,11 +207,19 @@ static void srt_move_cb(void *priv, int x1, int y1, int x2, int y2, char buffer[32]; int len = snprintf(buffer, sizeof(buffer), " X1:%03u X2:%03u Y1:%03u Y2:%03u", x1, x2, y1, y2); - if (s->end - s->ptr > len) { - memmove(s->dialog_start+len, s->dialog_start, s->ptr-s->dialog_start+1); - memcpy(s->dialog_start, buffer, len); - s->ptr += len; + unsigned char *dummy; + unsigned room; + + av_bprint_get_buffer(&s->buffer, len, &dummy, &room); + if (room >= len) { + memmove(s->buffer.str + s->timestamp_end + len, + s->buffer.str + s->timestamp_end, + s->buffer.len - s->timestamp_end + 1); + memcpy(s->buffer.str + s->timestamp_end, buffer, len); } + /* Increment even if av_bprint_get_buffer() did not return enough room: + the bprint structure will be treated as truncated. */ + s->buffer.len += len; } } @@ -243,10 +250,9 @@ static int srt_encode_frame(AVCodecContext *avctx, { SRTContext *s = avctx->priv_data; ASSDialog *dialog; - int i, len, num; + int i, num; - s->ptr = s->buffer; - s->end = s->ptr + sizeof(s->buffer); + av_bprint_clear(&s->buffer); for (i=0; inum_rects; i++) { @@ -268,7 +274,7 @@ static int srt_encode_frame(AVCodecContext *avctx, es = ec/ 1000; ec -= 1000*es; srt_print(s,"%d\r\n%02d:%02d:%02d,%03d --> %02d:%02d:%02d,%03d\r\n", ++s->count, sh, sm, ss, sc, eh, em, es, ec); - s->dialog_start = s->ptr - 2; + s->timestamp_end = s->buffer.len - 2; } s->alignment_applied = 0; srt_style_apply(s, dialog->style); @@ -276,23 +282,25 @@ static int srt_encode_frame(AVCodecContext *avctx, } } - if (s->ptr == s->buffer) + if (!av_bprint_is_complete(&s->buffer)) + return AVERROR(ENOMEM); + if (!s->buffer.len) return 0; - len = av_strlcpy(buf, s->buffer, bufsize); - - if (len > bufsize-1) { + if (s->buffer.len > bufsize) { av_log(avctx, AV_LOG_ERROR, "Buffer too small for ASS event.\n"); return -1; } + memcpy(buf, s->buffer.str, s->buffer.len); - return len; + return s->buffer.len; } static int srt_encode_close(AVCodecContext *avctx) { SRTContext *s = avctx->priv_data; ff_ass_split_free(s->ass_ctx); + av_bprint_finalize(&s->buffer, NULL); return 0; } From 1141a18e89d2e6ed4b0a9631ba9ffd57214071e1 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 2 Dec 2013 02:12:39 +0100 Subject: [PATCH 036/562] avcodec/h264_refs: split conditions of if() up for better readability Signed-off-by: Michael Niedermayer (cherry picked from commit ab6ea7a81921a168575be63b3d9049ca716e707a) Conflicts: libavcodec/h264_refs.c --- libavcodec/h264_refs.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libavcodec/h264_refs.c b/libavcodec/h264_refs.c index 27ca8f8163..f6b0c93613 100644 --- a/libavcodec/h264_refs.c +++ b/libavcodec/h264_refs.c @@ -732,7 +732,11 @@ int ff_h264_execute_ref_pic_marking(H264Context *h, MMCO *mmco, int mmco_count) print_short_term(h); print_long_term(h); - if(err >= 0 && h->long_ref_count==0 && h->short_ref_count<=2 && h->pps.ref_count[0]<=2 + (h->picture_structure != PICT_FRAME) && h->cur_pic_ptr->f.pict_type == AV_PICTURE_TYPE_I){ + if ( err >= 0 + && h->long_ref_count==0 + && h->short_ref_count<=2 + && h->pps.ref_count[0]<=2 + (h->picture_structure != PICT_FRAME) + && h->cur_pic_ptr->f.pict_type == AV_PICTURE_TYPE_I){ h->cur_pic_ptr->sync |= 1; if(!h->avctx->has_b_frames) h->sync = 2; From c765b6464139b0178dea56f86dca48f94f1dc56c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 2 Dec 2013 02:36:58 +0100 Subject: [PATCH 037/562] avcodec/h264_refs: improve key frame detection heuristic Fixes Ticket3186 Signed-off-by: Michael Niedermayer (cherry picked from commit e3d7a3978b857e32b32575ff78ecc7d67a18687e) --- libavcodec/h264_refs.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/libavcodec/h264_refs.c b/libavcodec/h264_refs.c index f6b0c93613..3f29dafad9 100644 --- a/libavcodec/h264_refs.c +++ b/libavcodec/h264_refs.c @@ -562,6 +562,7 @@ int ff_generate_sliding_window_mmcos(H264Context *h, int first_slice) int ff_h264_execute_ref_pic_marking(H264Context *h, MMCO *mmco, int mmco_count) { int i, av_uninit(j); + int pps_count; int current_ref_assigned = 0, err = 0; Picture *av_uninit(pic); @@ -732,9 +733,13 @@ int ff_h264_execute_ref_pic_marking(H264Context *h, MMCO *mmco, int mmco_count) print_short_term(h); print_long_term(h); + pps_count = 0; + for (i = 0; i < FF_ARRAY_ELEMS(h->pps_buffers); i++) + pps_count += !!h->pps_buffers[i]; + if ( err >= 0 && h->long_ref_count==0 - && h->short_ref_count<=2 + && (h->short_ref_count<=2 || h->pps.ref_count[0] <= 1 && h->pps.ref_count[1] <= 1 && pps_count == 1) && h->pps.ref_count[0]<=2 + (h->picture_structure != PICT_FRAME) && h->cur_pic_ptr->f.pict_type == AV_PICTURE_TYPE_I){ h->cur_pic_ptr->sync |= 1; From cbcc18bd9f9456c38bb4172749692bb5dbed12f5 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 3 Dec 2013 04:08:37 +0100 Subject: [PATCH 038/562] avfilter/vf_pad: fix req_end Fixes out of array accesses Fixes Ticket3190 Signed-off-by: Michael Niedermayer (cherry picked from commit 0cc5011f9a1b05132f9a20a71feb031f30a8a53b) --- libavfilter/vf_pad.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavfilter/vf_pad.c b/libavfilter/vf_pad.c index bb556c9403..45921057dd 100644 --- a/libavfilter/vf_pad.c +++ b/libavfilter/vf_pad.c @@ -251,7 +251,7 @@ static int buffer_needs_copy(PadContext *s, AVFrame *frame, AVBufferRef *buf) (s->y >> vsub) * frame->linesize[planes[i]]; ptrdiff_t req_end = ((s->w - s->x - frame->width) >> hsub) * s->draw.pixelstep[planes[i]] + - (s->y >> vsub) * frame->linesize[planes[i]]; + ((s->h - s->y - frame->height) >> vsub) * frame->linesize[planes[i]]; if (frame->linesize[planes[i]] < (s->w >> hsub) * s->draw.pixelstep[planes[i]]) return 1; From e8304f4ee0b1e291ab9a713dfc69da1d13c1b712 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 6 Dec 2013 16:49:00 +0100 Subject: [PATCH 039/562] avcodec/error_resilience: factor er_supported() check out Signed-off-by: Michael Niedermayer (cherry picked from commit afb18c55783362546b5e512ce01b7fe7bf5744d9) --- libavcodec/error_resilience.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/libavcodec/error_resilience.c b/libavcodec/error_resilience.c index 23180dc273..40d8b0a191 100644 --- a/libavcodec/error_resilience.c +++ b/libavcodec/error_resilience.c @@ -762,6 +762,17 @@ void ff_er_frame_start(ERContext *s) s->error_occurred = 0; } +static int er_supported(ERContext *s) +{ + if(s->avctx->hwaccel || + s->avctx->codec->capabilities&CODEC_CAP_HWACCEL_VDPAU || + !s->cur_pic || + s->cur_pic->field_picture + ) + return 0; + return 1; +} + /** * Add a slice. * @param endx x component of the last macroblock, can be -1 @@ -853,9 +864,7 @@ void ff_er_frame_end(ERContext *s) * though it should not crash if enabled. */ if (!s->avctx->error_concealment || s->error_count == 0 || s->avctx->lowres || - s->avctx->hwaccel || - s->avctx->codec->capabilities&CODEC_CAP_HWACCEL_VDPAU || - !s->cur_pic || s->cur_pic->field_picture || + !er_supported(s) || s->error_count == 3 * s->mb_width * (s->avctx->skip_top + s->avctx->skip_bottom)) { return; From 624b83b3efa463eda3f3aa9c9be4792e67b0ab5f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 6 Dec 2013 16:49:35 +0100 Subject: [PATCH 040/562] avcodec/error_resilience: check that er is supported before attempting to read the status of the previous slice Fixes incorrectly set error_occured and improves speed Signed-off-by: Michael Niedermayer (cherry picked from commit 90539cea336fd513c47295a03c164cb4a851166f) --- libavcodec/error_resilience.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/error_resilience.c b/libavcodec/error_resilience.c index 40d8b0a191..70fbaf72dd 100644 --- a/libavcodec/error_resilience.c +++ b/libavcodec/error_resilience.c @@ -839,7 +839,7 @@ void ff_er_add_slice(ERContext *s, int startx, int starty, s->error_status_table[start_xy] |= VP_START; if (start_xy > 0 && !(s->avctx->active_thread_type & FF_THREAD_SLICE) && - s->avctx->skip_top * s->mb_width < start_i) { + er_supported(s) && s->avctx->skip_top * s->mb_width < start_i) { int prev_status = s->error_status_table[s->mb_index2xy[start_i - 1]]; prev_status &= ~ VP_START; From 69a283e0d21e8f65f41a4308f06afcd06257a649 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 5 Dec 2013 01:41:10 +0100 Subject: [PATCH 041/562] avcodec/cabac: force get_cabac to be not inlined works around bug in gccs inline asm register assignment Fixes Ticket3177 gcc from 4.4 to 4.6 is affected at least, no non affected gccs known clang seems not affected Signed-off-by: Michael Niedermayer (cherry picked from commit 0538b29ae8002c44f27bae8a1a6fc6e646998be5) --- libavcodec/cabac.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/cabac.c b/libavcodec/cabac.c index 29b188bc31..dff0a91273 100644 --- a/libavcodec/cabac.c +++ b/libavcodec/cabac.c @@ -301,7 +301,7 @@ STOP_TIMER("get_cabac_bypass") for(i=0; i Date: Sun, 15 Dec 2013 14:10:02 +0100 Subject: [PATCH 042/562] swscale/utils: remove useless () Signed-off-by: Michael Niedermayer (cherry picked from commit 554e913fd7acc9da02ddac2c5ce9487f7f633c92) --- libswscale/utils.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libswscale/utils.c b/libswscale/utils.c index 69087dc3fa..2cad0c810d 100644 --- a/libswscale/utils.c +++ b/libswscale/utils.c @@ -1331,8 +1331,8 @@ av_cold int sws_init_context(SwsContext *c, SwsFilter *srcFilter, dst_stride <<= 1; if (INLINE_MMXEXT(cpu_flags) && c->srcBpc == 8 && c->dstBpc <= 14) { - c->canMMXEXTBeUsed = (dstW >= srcW && (dstW & 31) == 0 && - (srcW & 15) == 0) ? 1 : 0; + c->canMMXEXTBeUsed = dstW >= srcW && (dstW & 31) == 0 && + (srcW & 15) == 0; if (!c->canMMXEXTBeUsed && dstW >= srcW && (srcW & 15) == 0 && (flags & SWS_FAST_BILINEAR)) { From 85ea8465802152c7bd20550ac449fb9049d92182 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 15 Dec 2013 14:13:55 +0100 Subject: [PATCH 043/562] swscale/utils: check chroma width for fast bilinear scaler Fixes artifacts where fast bilinear was used for downscaling chroma Signed-off-by: Michael Niedermayer (cherry picked from commit 037fc3b054b10aee0f11fdbe835e5dffa8e95b37) --- libswscale/utils.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libswscale/utils.c b/libswscale/utils.c index 2cad0c810d..6c5fa56fce 100644 --- a/libswscale/utils.c +++ b/libswscale/utils.c @@ -1332,8 +1332,9 @@ av_cold int sws_init_context(SwsContext *c, SwsFilter *srcFilter, if (INLINE_MMXEXT(cpu_flags) && c->srcBpc == 8 && c->dstBpc <= 14) { c->canMMXEXTBeUsed = dstW >= srcW && (dstW & 31) == 0 && + c->chrDstW >= c->chrSrcW && (srcW & 15) == 0; - if (!c->canMMXEXTBeUsed && dstW >= srcW && (srcW & 15) == 0 + if (!c->canMMXEXTBeUsed && dstW >= srcW && c->chrDstW >= c->chrSrcW && (srcW & 15) == 0 && (flags & SWS_FAST_BILINEAR)) { if (flags & SWS_PRINT_INFO) From 0d32483a11b08448f4fcb9eae765a87ddb228854 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Storsj=C3=B6?= Date: Fri, 20 Dec 2013 15:02:35 +0200 Subject: [PATCH 044/562] arm: Don't clobber callee saved registers in scalarproduct MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit q4-q7/d8-d15 are supposed to not be clobbered by the callee. CC: libav-stable@libav.org Signed-off-by: Martin Storsjö (cherry picked from commit d307e408d4a9ada22df443cc38be77cc5e492694) --- libavcodec/arm/int_neon.S | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/libavcodec/arm/int_neon.S b/libavcodec/arm/int_neon.S index dea1ad51eb..b3f5a69ea4 100644 --- a/libavcodec/arm/int_neon.S +++ b/libavcodec/arm/int_neon.S @@ -41,10 +41,10 @@ function ff_scalarproduct_int16_neon, export=1 vpadd.s32 d16, d0, d1 vpadd.s32 d17, d2, d3 - vpadd.s32 d10, d4, d5 - vpadd.s32 d11, d6, d7 + vpadd.s32 d18, d4, d5 + vpadd.s32 d19, d6, d7 vpadd.s32 d0, d16, d17 - vpadd.s32 d1, d10, d11 + vpadd.s32 d1, d18, d19 vpadd.s32 d2, d0, d1 vpaddl.s32 d3, d2 vmov.32 r0, d3[0] @@ -81,10 +81,10 @@ function ff_scalarproduct_and_madd_int16_neon, export=1 vpadd.s32 d16, d0, d1 vpadd.s32 d17, d2, d3 - vpadd.s32 d10, d4, d5 - vpadd.s32 d11, d6, d7 + vpadd.s32 d18, d4, d5 + vpadd.s32 d19, d6, d7 vpadd.s32 d0, d16, d17 - vpadd.s32 d1, d10, d11 + vpadd.s32 d1, d18, d19 vpadd.s32 d2, d0, d1 vpaddl.s32 d3, d2 vmov.32 r0, d3[0] From 7eec11463fca6bad344f194acdcebf9e6743cf6d Mon Sep 17 00:00:00 2001 From: Mason Carter Date: Sat, 21 Dec 2013 17:27:18 -0800 Subject: [PATCH 045/562] VC1: Fix intensity compensation performance regression Fix https://trac.ffmpeg.org/ticket/3204 The problem was that intensity compensation was always used once it was encountered. This is because v->next_use_ic was never set back to zero. To fix this, when resetting v->next_luty/uv, also reset v->next_use_ic. This improved (restored) performance by 85% when decoding http://bit.ly/bbbwmv Signed-off-by: Michael Niedermayer (cherry picked from commit ed5bed4152203aed8cce01a679bed67bbda8903f) --- libavcodec/vc1.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/vc1.c b/libavcodec/vc1.c index f7558116d1..2b872476df 100644 --- a/libavcodec/vc1.c +++ b/libavcodec/vc1.c @@ -621,6 +621,10 @@ static void rotate_luts(VC1Context *v) INIT_LUT(32, 0, v->curr_luty[0], v->curr_lutuv[0], 0); INIT_LUT(32, 0, v->curr_luty[1], v->curr_lutuv[1], 0); v->curr_use_ic = 0; + if (v->curr_luty == v->next_luty) { + // If we just initialized next_lut, clear next_use_ic to match. + v->next_use_ic = 0; + } } int ff_vc1_parse_frame_header(VC1Context *v, GetBitContext* gb) From c3f9628407933fc42defc42455a3e8a5934d348e Mon Sep 17 00:00:00 2001 From: Peter Ross Date: Mon, 23 Dec 2013 20:37:00 +1100 Subject: [PATCH 046/562] riffenc: add option to ff_put_bmp_header to ignore extradata Signed-off-by: Michael Niedermayer (cherry picked from commit fcbb94712d9873a37cdc8b526e368154b5982186) --- libavformat/asfenc.c | 2 +- libavformat/avienc.c | 2 +- libavformat/matroskaenc.c | 2 +- libavformat/riff.h | 2 +- libavformat/riffenc.c | 6 ++++-- 5 files changed, 8 insertions(+), 6 deletions(-) diff --git a/libavformat/asfenc.c b/libavformat/asfenc.c index b4a3ffb7ef..8e343b3fe0 100644 --- a/libavformat/asfenc.c +++ b/libavformat/asfenc.c @@ -525,7 +525,7 @@ static int asf_write_header1(AVFormatContext *s, int64_t file_size, avio_wl16(pb, 40 + enc->extradata_size); /* size */ /* BITMAPINFOHEADER header */ - ff_put_bmp_header(pb, enc, ff_codec_bmp_tags, 1); + ff_put_bmp_header(pb, enc, ff_codec_bmp_tags, 1, 0); } end_header(pb, hpos); } diff --git a/libavformat/avienc.c b/libavformat/avienc.c index 3401cbc237..bd6cd02faf 100644 --- a/libavformat/avienc.c +++ b/libavformat/avienc.c @@ -291,7 +291,7 @@ static int avi_write_header(AVFormatContext *s) // are not (yet) supported. if (stream->codec_id != AV_CODEC_ID_XSUB) break; case AVMEDIA_TYPE_VIDEO: - ff_put_bmp_header(pb, stream, ff_codec_bmp_tags, 0); + ff_put_bmp_header(pb, stream, ff_codec_bmp_tags, 0, 0); break; case AVMEDIA_TYPE_AUDIO: if ((ret = ff_put_wav_header(pb, stream)) < 0) { diff --git a/libavformat/matroskaenc.c b/libavformat/matroskaenc.c index b9848b66a5..671e01ee61 100644 --- a/libavformat/matroskaenc.c +++ b/libavformat/matroskaenc.c @@ -544,7 +544,7 @@ static int mkv_write_codecprivate(AVFormatContext *s, AVIOContext *pb, AVCodecCo ret = AVERROR(EINVAL); } - ff_put_bmp_header(dyn_cp, codec, ff_codec_bmp_tags, 0); + ff_put_bmp_header(dyn_cp, codec, ff_codec_bmp_tags, 0, 0); } } else if (codec->codec_type == AVMEDIA_TYPE_AUDIO) { diff --git a/libavformat/riff.h b/libavformat/riff.h index 1bf437e06c..ce078698c2 100644 --- a/libavformat/riff.h +++ b/libavformat/riff.h @@ -45,7 +45,7 @@ void ff_end_tag(AVIOContext *pb, int64_t start); */ int ff_get_bmp_header(AVIOContext *pb, AVStream *st, unsigned *esize); -void ff_put_bmp_header(AVIOContext *pb, AVCodecContext *enc, const AVCodecTag *tags, int for_asf); +void ff_put_bmp_header(AVIOContext *pb, AVCodecContext *enc, const AVCodecTag *tags, int for_asf, int ignore_extradata); int ff_put_wav_header(AVIOContext *pb, AVCodecContext *enc); enum AVCodecID ff_wav_codec_get_id(unsigned int tag, int bps); int ff_get_wav_header(AVIOContext *pb, AVCodecContext *codec, int size); diff --git a/libavformat/riffenc.c b/libavformat/riffenc.c index bcfe018f74..d7cf846413 100644 --- a/libavformat/riffenc.c +++ b/libavformat/riffenc.c @@ -201,10 +201,10 @@ int ff_put_wav_header(AVIOContext *pb, AVCodecContext *enc) /* BITMAPINFOHEADER header */ void ff_put_bmp_header(AVIOContext *pb, AVCodecContext *enc, - const AVCodecTag *tags, int for_asf) + const AVCodecTag *tags, int for_asf, int ignore_extradata) { /* size */ - avio_wl32(pb, 40 + enc->extradata_size); + avio_wl32(pb, 40 + (ignore_extradata ? 0 : enc->extradata_size)); avio_wl32(pb, enc->width); //We always store RGB TopDown avio_wl32(pb, enc->codec_tag ? enc->height : -enc->height); @@ -220,10 +220,12 @@ void ff_put_bmp_header(AVIOContext *pb, AVCodecContext *enc, avio_wl32(pb, 0); avio_wl32(pb, 0); + if (!ignore_extradata) { avio_write(pb, enc->extradata, enc->extradata_size); if (!for_asf && enc->extradata_size & 1) avio_w8(pb, 0); + } } void ff_parse_specific_params(AVCodecContext *stream, int *au_rate, From f27895db0f1098f9d949c2fe8ce9001c58b28b7c Mon Sep 17 00:00:00 2001 From: Peter Ross Date: Mon, 23 Dec 2013 20:37:13 +1100 Subject: [PATCH 047/562] avformat/riffenc: indent Signed-off-by: Michael Niedermayer (cherry picked from commit f93b0abe4041b75f0dbb590ee932b37a07662856) --- libavformat/riffenc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavformat/riffenc.c b/libavformat/riffenc.c index d7cf846413..7b4b7ddffe 100644 --- a/libavformat/riffenc.c +++ b/libavformat/riffenc.c @@ -221,10 +221,10 @@ void ff_put_bmp_header(AVIOContext *pb, AVCodecContext *enc, avio_wl32(pb, 0); if (!ignore_extradata) { - avio_write(pb, enc->extradata, enc->extradata_size); + avio_write(pb, enc->extradata, enc->extradata_size); - if (!for_asf && enc->extradata_size & 1) - avio_w8(pb, 0); + if (!for_asf && enc->extradata_size & 1) + avio_w8(pb, 0); } } From 94c3f8165c6af9e0d713db88045b84c09eade39e Mon Sep 17 00:00:00 2001 From: Peter Ross Date: Mon, 23 Dec 2013 20:37:28 +1100 Subject: [PATCH 048/562] wtvenc: populate VIDEOINFOHEADER2 Fixes ticket #2835. Signed-off-by: Peter Ross Signed-off-by: Michael Niedermayer (cherry picked from commit 6da21c1f8190d674fd1e5619bb148c1bbab8ca3c) --- libavformat/wtvenc.c | 51 ++++++++++++++++++++++++++++++++++------- tests/ref/lavf/wtv | 2 +- tests/ref/seek/lavf-wtv | 44 +++++++++++++++++------------------ 3 files changed, 66 insertions(+), 31 deletions(-) diff --git a/libavformat/wtvenc.c b/libavformat/wtvenc.c index 04e6cc22f8..ba0f178f98 100644 --- a/libavformat/wtvenc.c +++ b/libavformat/wtvenc.c @@ -223,9 +223,50 @@ static void finish_chunk(AVFormatContext *s) write_index(s); } +static void put_videoinfoheader2(AVIOContext *pb, AVStream *st) +{ + AVRational dar = av_mul_q(st->sample_aspect_ratio, (AVRational){st->codec->width, st->codec->height}); + unsigned int num, den; + av_reduce(&num, &den, dar.num, dar.den, 0xFFFFFFFF); + + /* VIDEOINFOHEADER2 */ + avio_wl32(pb, 0); + avio_wl32(pb, 0); + avio_wl32(pb, st->codec->width); + avio_wl32(pb, st->codec->height); + + avio_wl32(pb, 0); + avio_wl32(pb, 0); + avio_wl32(pb, 0); + avio_wl32(pb, 0); + + avio_wl32(pb, st->codec->bit_rate); + avio_wl32(pb, 0); + avio_wl64(pb, st->avg_frame_rate.num && st->avg_frame_rate.den ? INT64_C(10000000) / av_q2d(st->avg_frame_rate) : 0); + avio_wl32(pb, 0); + avio_wl32(pb, 0); + + avio_wl32(pb, num); + avio_wl32(pb, den); + avio_wl32(pb, 0); + avio_wl32(pb, 0); + + ff_put_bmp_header(pb, st->codec, ff_codec_bmp_tags, 0, 1); + + if (st->codec->codec_id == AV_CODEC_ID_MPEG2VIDEO) { + /* MPEG2VIDEOINFO */ + avio_wl32(pb, 0); + avio_wl32(pb, st->codec->extradata_size); + avio_wl32(pb, -1); + avio_wl32(pb, -1); + avio_wl32(pb, 0); + avio_write(pb, st->codec->extradata, st->codec->extradata_size); + avio_wl64(pb, 0); + } +} + static int write_stream_codec_info(AVFormatContext *s, AVStream *st) { - WtvContext *wctx = s->priv_data; const ff_asf_guid *g, *media_type, *format_type; AVIOContext *pb = s->pb; int64_t hdr_pos_start; @@ -257,13 +298,7 @@ static int write_stream_codec_info(AVFormatContext *s, AVStream *st) hdr_pos_start = avio_tell(pb); if (st->codec->codec_type == AVMEDIA_TYPE_VIDEO) { - if (wctx->first_video_flag) { - write_pad(pb, 216); //The size is sensitive. - wctx->first_video_flag = 0; - } else { - write_pad(pb, 72); // aspect ratio - ff_put_bmp_header(pb, st->codec, ff_codec_bmp_tags, 0); - } + put_videoinfoheader2(pb, st); } else { ff_put_wav_header(pb, st->codec); } diff --git a/tests/ref/lavf/wtv b/tests/ref/lavf/wtv index fe1b83c1ea..8d69f7998a 100644 --- a/tests/ref/lavf/wtv +++ b/tests/ref/lavf/wtv @@ -1,3 +1,3 @@ -98dd5205889313542da71351fbaf4172 *./tests/data/lavf/lavf.wtv +13cbdaf2c5e7c97991781cc48d9a958f *./tests/data/lavf/lavf.wtv 413696 ./tests/data/lavf/lavf.wtv ./tests/data/lavf/lavf.wtv CRC=0x71287e25 diff --git a/tests/ref/seek/lavf-wtv b/tests/ref/seek/lavf-wtv index 71703c5d0a..2808c109a1 100644 --- a/tests/ref/seek/lavf-wtv +++ b/tests/ref/seek/lavf-wtv @@ -1,48 +1,48 @@ -ret: 0 st: 1 flags:1 dts: 0.029093 pts: 0.029093 pos: 26344 size: 208 +ret: 0 st: 1 flags:1 dts: 0.029093 pts: 0.029093 pos: 26288 size: 208 ret: 0 st:-1 flags:0 ts:-1.000000 -ret: 0 st: 1 flags:1 dts: 0.029093 pts: 0.029093 pos: 26344 size: 208 +ret: 0 st: 1 flags:1 dts: 0.029093 pts: 0.029093 pos: 26288 size: 208 ret: 0 st:-1 flags:1 ts: 1.894167 -ret: 0 st: 1 flags:1 dts: 0.734399 pts: 0.734399 pos: 294744 size: 209 +ret: 0 st: 1 flags:1 dts: 0.734399 pts: 0.734399 pos: 294688 size: 209 ret: 0 st: 0 flags:0 ts: 0.788334 -ret: 0 st: 1 flags:1 dts: 0.734399 pts: 0.734399 pos: 294744 size: 209 +ret: 0 st: 1 flags:1 dts: 0.734399 pts: 0.734399 pos: 294688 size: 209 ret: 0 st: 0 flags:1 ts:-0.317499 -ret: 0 st: 1 flags:1 dts: 0.029093 pts: 0.029093 pos: 26344 size: 208 +ret: 0 st: 1 flags:1 dts: 0.029093 pts: 0.029093 pos: 26288 size: 208 ret:-1 st: 1 flags:0 ts: 2.576668 ret: 0 st: 1 flags:1 ts: 1.470835 -ret: 0 st: 1 flags:1 dts: 0.734399 pts: 0.734399 pos: 294744 size: 209 +ret: 0 st: 1 flags:1 dts: 0.734399 pts: 0.734399 pos: 294688 size: 209 ret: 0 st:-1 flags:0 ts: 0.365002 -ret: 0 st: 1 flags:1 dts: 0.029093 pts: 0.029093 pos: 26344 size: 208 +ret: 0 st: 1 flags:1 dts: 0.029093 pts: 0.029093 pos: 26288 size: 208 ret: 0 st:-1 flags:1 ts:-0.740831 -ret: 0 st: 1 flags:1 dts: 0.029093 pts: 0.029093 pos: 26344 size: 208 +ret: 0 st: 1 flags:1 dts: 0.029093 pts: 0.029093 pos: 26288 size: 208 ret:-1 st: 0 flags:0 ts: 2.153336 ret: 0 st: 0 flags:1 ts: 1.047503 -ret: 0 st: 1 flags:1 dts: 0.029093 pts: 0.029093 pos: 26344 size: 208 +ret: 0 st: 1 flags:1 dts: 0.029093 pts: 0.029093 pos: 26288 size: 208 ret: 0 st: 1 flags:0 ts:-0.058330 -ret: 0 st: 1 flags:1 dts: 0.029093 pts: 0.029093 pos: 26344 size: 208 +ret: 0 st: 1 flags:1 dts: 0.029093 pts: 0.029093 pos: 26288 size: 208 ret: 0 st: 1 flags:1 ts: 2.835837 -ret: 0 st: 1 flags:1 dts: 0.734399 pts: 0.734399 pos: 294744 size: 209 +ret: 0 st: 1 flags:1 dts: 0.734399 pts: 0.734399 pos: 294688 size: 209 ret:-1 st:-1 flags:0 ts: 1.730004 ret: 0 st:-1 flags:1 ts: 0.624171 -ret: 0 st: 1 flags:1 dts: 0.029093 pts: 0.029093 pos: 26344 size: 208 +ret: 0 st: 1 flags:1 dts: 0.029093 pts: 0.029093 pos: 26288 size: 208 ret: 0 st: 0 flags:0 ts:-0.481662 -ret: 0 st: 1 flags:1 dts: 0.029093 pts: 0.029093 pos: 26344 size: 208 +ret: 0 st: 1 flags:1 dts: 0.029093 pts: 0.029093 pos: 26288 size: 208 ret: 0 st: 0 flags:1 ts: 2.412505 -ret: 0 st: 1 flags:1 dts: 0.734399 pts: 0.734399 pos: 294744 size: 209 +ret: 0 st: 1 flags:1 dts: 0.734399 pts: 0.734399 pos: 294688 size: 209 ret:-1 st: 1 flags:0 ts: 1.306672 ret: 0 st: 1 flags:1 ts: 0.200839 -ret: 0 st: 1 flags:1 dts: 0.211950 pts: 0.211950 pos: 99352 size: 209 +ret: 0 st: 1 flags:1 dts: 0.211950 pts: 0.211950 pos: 99296 size: 209 ret: 0 st:-1 flags:0 ts:-0.904994 -ret: 0 st: 1 flags:1 dts: 0.029093 pts: 0.029093 pos: 26344 size: 208 +ret: 0 st: 1 flags:1 dts: 0.029093 pts: 0.029093 pos: 26288 size: 208 ret: 0 st:-1 flags:1 ts: 1.989173 -ret: 0 st: 1 flags:1 dts: 0.734399 pts: 0.734399 pos: 294744 size: 209 +ret: 0 st: 1 flags:1 dts: 0.734399 pts: 0.734399 pos: 294688 size: 209 ret: 0 st: 0 flags:0 ts: 0.883340 -ret: 0 st: 1 flags:1 dts: 0.734399 pts: 0.734399 pos: 294744 size: 209 +ret: 0 st: 1 flags:1 dts: 0.734399 pts: 0.734399 pos: 294688 size: 209 ret: 0 st: 0 flags:1 ts:-0.222493 -ret: 0 st: 1 flags:1 dts: 0.029093 pts: 0.029093 pos: 26344 size: 208 +ret: 0 st: 1 flags:1 dts: 0.029093 pts: 0.029093 pos: 26288 size: 208 ret:-1 st: 1 flags:0 ts: 2.671674 ret: 0 st: 1 flags:1 ts: 1.565841 -ret: 0 st: 1 flags:1 dts: 0.734399 pts: 0.734399 pos: 294744 size: 209 +ret: 0 st: 1 flags:1 dts: 0.734399 pts: 0.734399 pos: 294688 size: 209 ret: 0 st:-1 flags:0 ts: 0.460008 -ret: 0 st: 1 flags:1 dts: 0.029093 pts: 0.029093 pos: 26344 size: 208 +ret: 0 st: 1 flags:1 dts: 0.029093 pts: 0.029093 pos: 26288 size: 208 ret: 0 st:-1 flags:1 ts:-0.645825 -ret: 0 st: 1 flags:1 dts: 0.029093 pts: 0.029093 pos: 26344 size: 208 +ret: 0 st: 1 flags:1 dts: 0.029093 pts: 0.029093 pos: 26288 size: 208 From b432043d556fda00b057d04d70d2835cdf828bd7 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 22 Dec 2013 18:47:28 +0100 Subject: [PATCH 049/562] nutenc/write_index: warn if 2 consecutive keyframes have the same PTS and discard the 2nd This fixes an assertion failure and regression and restores previous behaviour Fixes Ticket3197 An alternative would be to fail hard in this case and refuse to mux such data. Signed-off-by: Michael Niedermayer (cherry picked from commit de2a2caf4dedb28a959d0ff6f02751bb6c3ff033) --- libavformat/nutenc.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/libavformat/nutenc.c b/libavformat/nutenc.c index b6d754d595..08223545b7 100644 --- a/libavformat/nutenc.c +++ b/libavformat/nutenc.c @@ -584,8 +584,15 @@ static int write_index(NUTContext *nut, AVIOContext *bc) { int64_t last_pts= -1; int j, k; for (j=0; jsp_count; j++) { - int flag = (nus->keyframe_pts[j] != AV_NOPTS_VALUE) ^ (j+1 == nut->sp_count); + int flag; int n = 0; + + if (j && nus->keyframe_pts[j] == nus->keyframe_pts[j-1]) { + av_log(nut->avf, AV_LOG_WARNING, "Multiple keyframes with same PTS\n"); + nus->keyframe_pts[j] = AV_NOPTS_VALUE; + } + + flag = (nus->keyframe_pts[j] != AV_NOPTS_VALUE) ^ (j+1 == nut->sp_count); for (; jsp_count && (nus->keyframe_pts[j] != AV_NOPTS_VALUE) == flag; j++) n++; From 8c79730a8e2c526367aaf760a53a75e4d9c42106 Mon Sep 17 00:00:00 2001 From: Alexander Strasser Date: Fri, 6 Dec 2013 17:20:26 +0100 Subject: [PATCH 050/562] configure: Special case libfreetype test Include the freetype header, in-directly through a macro, like it is done in the drawtext filter. Do not break if the header is moved. Unfortunately the drawtext filter included the file where the include macros are defined in a wrong way. This is not needed and breaks the build. Remove that #include line too. (cherry picked from commit cea5812fa723c08b89d929eeba73462e05de2973) Signed-off-by: Alexander Strasser --- configure | 22 +++++++++++++++++++++- libavfilter/vf_drawtext.c | 1 - 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/configure b/configure index 41c006da2a..82b2e7b2be 100755 --- a/configure +++ b/configure @@ -1102,6 +1102,26 @@ require_pkg_config(){ add_extralibs $(get_safe ${pkg}_libs) } +require_libfreetype(){ + log require_libfreetype "$@" + pkg="freetype2" + check_cmd $pkg_config --exists --print-errors $pkg \ + || die "ERROR: $pkg not found" + pkg_cflags=$($pkg_config --cflags $pkg) + pkg_libs=$($pkg_config --libs $pkg) + { + echo "#include " + echo "#include FT_FREETYPE_H" + echo "long check_func(void) { return (long) FT_Init_FreeType; }" + echo "int main(void) { return 0; }" + } | check_ld "cc" $pkg_cflags $pkg_libs \ + && set_safe ${pkg}_cflags $pkg_cflags \ + && set_safe ${pkg}_libs $pkg_libs \ + || die "ERROR: $pkg not found" + add_cflags $(get_safe ${pkg}_cflags) + add_extralibs $(get_safe ${pkg}_libs) +} + hostcc_o(){ eval printf '%s\\n' $HOSTCC_O } @@ -4242,7 +4262,7 @@ enabled libfaac && require2 libfaac "stdint.h faac.h" faacEncGetVersio enabled libfdk_aac && require libfdk_aac fdk-aac/aacenc_lib.h aacEncOpen -lfdk-aac flite_libs="-lflite_cmu_time_awb -lflite_cmu_us_awb -lflite_cmu_us_kal -lflite_cmu_us_kal16 -lflite_cmu_us_rms -lflite_cmu_us_slt -lflite_usenglish -lflite_cmulex -lflite" enabled libflite && require2 libflite "flite/flite.h" flite_init $flite_libs -enabled libfreetype && require_pkg_config freetype2 "ft2build.h freetype/freetype.h" FT_Init_FreeType +enabled libfreetype && require_libfreetype enabled libgme && require libgme gme/gme.h gme_new_emu -lgme -lstdc++ enabled libgsm && { for gsm_hdr in "gsm.h" "gsm/gsm.h"; do check_lib "${gsm_hdr}" gsm_create -lgsm && break; diff --git a/libavfilter/vf_drawtext.c b/libavfilter/vf_drawtext.c index f1c7b26dad..05bd733266 100644 --- a/libavfilter/vf_drawtext.c +++ b/libavfilter/vf_drawtext.c @@ -48,7 +48,6 @@ #include "video.h" #include -#include #include FT_FREETYPE_H #include FT_GLYPH_H #if CONFIG_FONTCONFIG From b962157ce36f5f764688126ac2a8e6ba5d906d23 Mon Sep 17 00:00:00 2001 From: James Almer Date: Tue, 24 Dec 2013 20:26:32 -0300 Subject: [PATCH 051/562] matroskadec: Fix bug when parsing realaudio codec parameters flavor can be 0. This fixes tract ticket #3214 Signed-off-by: James Almer Signed-off-by: Michael Niedermayer (cherry picked from commit 0d944ee34349805b29f9c91b15c8009d16df01ab) --- libavformat/matroskadec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index 52e095f447..0ed8316dd9 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -1777,7 +1777,7 @@ static int matroska_read_header(AVFormatContext *s) track->audio.sub_packet_h = avio_rb16(&b); track->audio.frame_size = avio_rb16(&b); track->audio.sub_packet_size = avio_rb16(&b); - if (flavor <= 0 || track->audio.coded_framesize <= 0 || + if (flavor < 0 || track->audio.coded_framesize <= 0 || track->audio.sub_packet_h <= 0 || track->audio.frame_size <= 0 || track->audio.sub_packet_size <= 0) return AVERROR_INVALIDDATA; From 8763aca389f072c8c45ff47cda610764e4aea0f1 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 4 Jan 2014 17:33:59 +0100 Subject: [PATCH 052/562] avformat/oggdec: dont read timestamps from EOS pages of ogm videos Some muxers store invalid timestamps there, which breaks seeking Fixes Ticket2739 Signed-off-by: Michael Niedermayer (cherry picked from commit 5e0c7eab2a9d43e6e3be967ec1a6b04a3e0328da) --- libavformat/oggdec.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavformat/oggdec.c b/libavformat/oggdec.c index a099eb382e..e052c27da8 100644 --- a/libavformat/oggdec.c +++ b/libavformat/oggdec.c @@ -805,6 +805,11 @@ static int64_t ogg_read_timestamp(AVFormatContext *s, int stream_index, && !ogg_packet(s, &i, &pstart, &psize, pos_arg)) { if (i == stream_index) { struct ogg_stream *os = ogg->streams + stream_index; + // Dont trust the last timestamps of a ogm video + if ( (os->flags & OGG_FLAG_EOS) + && !(os->flags & OGG_FLAG_BOS) + && os->codec == &ff_ogm_video_codec) + continue; pts = ogg_calc_pts(s, i, NULL); ogg_validate_keyframe(s, i, pstart, psize); if (os->pflags & AV_PKT_FLAG_KEY) { From edc6f3da0ed58ae3202fea9ba927fd6d4a22c997 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 5 Jan 2014 20:14:03 +0100 Subject: [PATCH 053/562] avfilter/vf_format: check that the format list is not empty Fixes Ticket3210 Signed-off-by: Michael Niedermayer (cherry picked from commit ee16e0cacc16ea60c35a66796410012755263c3c) --- libavfilter/vf_format.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavfilter/vf_format.c b/libavfilter/vf_format.c index 1813a2c5e9..a9e386f373 100644 --- a/libavfilter/vf_format.c +++ b/libavfilter/vf_format.c @@ -55,6 +55,9 @@ static av_cold int init(AVFilterContext *ctx) int pix_fmt_name_len, ret; enum AVPixelFormat pix_fmt; + if (!s->pix_fmts) + return AVERROR(EINVAL); + /* parse the list of formats */ for (cur = s->pix_fmts; cur; cur = sep ? sep + 1 : NULL) { if (!(sep = strchr(cur, '|'))) From 2d16a88a9c6094ceebd3d201f853942fc699a9af Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 21 Nov 2013 02:32:37 +0100 Subject: [PATCH 054/562] avcodec: move end zeroing code from av_packet_split_side_data() to avcodec_decode_subtitle2() This code changes the input packet, which is read only and can in rare circumstances lead to decoder errors. (i run into one of these in the audio decoder, which corrupted the packet during av_find_stream_info() so that actual decoding that single packet failed later) Until a better fix is implemented, this commit limits the problem. A better fix might be to make the subtitle decoders not depend on data[size] = 0 or to copy their input when this is not the case. (cherry picked from commit 01923bab98506b1e98b4cbf08419364ce6ffea6d) Signed-off-by: Michael Niedermayer --- libavcodec/avpacket.c | 9 +-------- libavcodec/utils.c | 10 ++++++++++ 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/libavcodec/avpacket.c b/libavcodec/avpacket.c index d9cfb38e24..73a919c919 100644 --- a/libavcodec/avpacket.c +++ b/libavcodec/avpacket.c @@ -380,7 +380,7 @@ FF_ENABLE_DEPRECATION_WARNINGS int av_packet_split_side_data(AVPacket *pkt){ if (!pkt->side_data_elems && pkt->size >12 && AV_RB64(pkt->data + pkt->size - 8) == FF_MERGE_MARKER){ int i; - unsigned int size, orig_pktsize = pkt->size; + unsigned int size; uint8_t *p; p = pkt->data + pkt->size - 8 - 5; @@ -413,13 +413,6 @@ int av_packet_split_side_data(AVPacket *pkt){ p-= size+5; } pkt->size -= 8; - /* FFMIN() prevents overflow in case the packet wasn't allocated with - * proper padding. - * If the side data is smaller than the buffer padding size, the - * remaining bytes should have already been filled with zeros by the - * original packet allocation anyway. */ - memset(pkt->data + pkt->size, 0, - FFMIN(orig_pktsize - pkt->size, FF_INPUT_BUFFER_PADDING_SIZE)); pkt->side_data_elems = i+1; return 1; } diff --git a/libavcodec/utils.c b/libavcodec/utils.c index 186993dc02..ae32a35b87 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -2413,6 +2413,16 @@ int avcodec_decode_subtitle2(AVCodecContext *avctx, AVSubtitle *sub, int did_split = av_packet_split_side_data(&tmp); //apply_param_change(avctx, &tmp); + if (did_split) { + /* FFMIN() prevents overflow in case the packet wasn't allocated with + * proper padding. + * If the side data is smaller than the buffer padding size, the + * remaining bytes should have already been filled with zeros by the + * original packet allocation anyway. */ + memset(tmp.data + tmp.size, 0, + FFMIN(avpkt->size - tmp.size, FF_INPUT_BUFFER_PADDING_SIZE)); + } + pkt_recoded = tmp; ret = recode_subtitle(avctx, &pkt_recoded, &tmp); if (ret < 0) { From 3ffd1c2e40b6ef1c80669a180b6c74105e0569eb Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 24 Nov 2013 03:50:20 +0100 Subject: [PATCH 055/562] avcodec/jpeg2000dec: Check precno before using it in JPEG2000_PGOD_CPRL Fixes out of array reads Fixes: asan_heap-oob_f0de57_6823_mjp2.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 3d5a5e86be2a65e33c34ab3ad7923f54e8e49c1d) Signed-off-by: Michael Niedermayer --- libavcodec/jpeg2000dec.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c index b150bc1595..d3e49a19e6 100644 --- a/libavcodec/jpeg2000dec.c +++ b/libavcodec/jpeg2000dec.c @@ -889,6 +889,10 @@ static int jpeg2000_decode_packets(Jpeg2000DecoderContext *s, Jpeg2000Tile *tile prcx = ff_jpeg2000_ceildivpow2(x, reducedresno) >> rlevel->log2_prec_width; prcy = ff_jpeg2000_ceildivpow2(y, reducedresno) >> rlevel->log2_prec_height; precno = prcx + rlevel->num_precincts_x * prcy; + + if (prcx >= rlevel->num_precincts_x || prcy >= rlevel->num_precincts_y) + return AVERROR_PATCHWELCOME; + for (layno = 0; layno < tile->codsty[0].nlayers; layno++) { if ((ret = jpeg2000_decode_packet(s, codsty, rlevel, precno, layno, From 95b5496dce829615ad7fac7dcdf6c781a72bcb8c Mon Sep 17 00:00:00 2001 From: Jan Gerber Date: Fri, 15 Nov 2013 19:00:37 +0100 Subject: [PATCH 056/562] lavf/matroska*: add support for signed integers Signed-off-by: Michael Niedermayer (cherry picked from commit d03eea36b2c329241f63c8aca2d6adbb6ea81d9c) Signed-off-by: Michael Niedermayer --- libavformat/matroskadec.c | 30 ++++++++++++++++++++++++++++++ libavformat/matroskaenc.c | 21 +++++++++++++++++++++ 2 files changed, 51 insertions(+) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index 0ed8316dd9..6bc6d23243 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -62,6 +62,7 @@ typedef enum { EBML_NEST, EBML_PASS, EBML_STOP, + EBML_SINT, EBML_TYPE_COUNT } EbmlType; @@ -758,6 +759,34 @@ static int ebml_read_uint(AVIOContext *pb, int size, uint64_t *num) return 0; } +/* + * Read the next element as a signed int. + * 0 is success, < 0 is failure. + */ +static int ebml_read_sint(AVIOContext *pb, int size, int64_t *num) +{ + int n = 1; + + if (size > 8) + return AVERROR_INVALIDDATA; + + if (size == 0) { + *num = 0; + } else { + *num = avio_r8(pb); + /* negative value */ + if (*num & 0x80) { + *num = (-1 << 8) | *num; + } + + /* big-endian ordering; build up number */ + while (n++ < size) + *num = (*num << 8) | avio_r8(pb); + } + + return 0; +} + /* * Read the next element as a float. * 0 is success, < 0 is failure. @@ -985,6 +1014,7 @@ static int ebml_parse_elem(MatroskaDemuxContext *matroska, switch (syntax->type) { case EBML_UINT: res = ebml_read_uint (pb, length, data); break; + case EBML_SINT: res = ebml_read_sint (pb, length, data); break; case EBML_FLOAT: res = ebml_read_float (pb, length, data); break; case EBML_STR: case EBML_UTF8: res = ebml_read_ascii (pb, length, data); break; diff --git a/libavformat/matroskaenc.c b/libavformat/matroskaenc.c index 671e01ee61..021098bd8c 100644 --- a/libavformat/matroskaenc.c +++ b/libavformat/matroskaenc.c @@ -202,6 +202,27 @@ static void put_ebml_uint(AVIOContext *pb, unsigned int elementid, uint64_t val) avio_w8(pb, (uint8_t)(val >> i*8)); } +static void put_ebml_sint(AVIOContext *pb, unsigned int elementid, int64_t val) +{ + int i, bytes = 1; + uint64_t uval = (val < 0 ? (-val - 1) << 1 : val << 1); + while (uval>>=8) bytes++; + + /* make unsigned */ + if (val >= 0) { + uval = val; + } else { + uval = 0x80 << (bytes - 1); + uval += val; + uval |= 0x80 << (bytes - 1); + } + + put_ebml_id(pb, elementid); + put_ebml_num(pb, bytes, 0); + for (i = bytes - 1; i >= 0; i--) + avio_w8(pb, (uint8_t)(uval >> i*8)); +} + static void put_ebml_float(AVIOContext *pb, unsigned int elementid, double val) { put_ebml_id(pb, elementid); From d86930b8ff2883ecf24ed3fa94beb73a50c00be2 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 15 Nov 2013 21:30:30 +0100 Subject: [PATCH 057/562] avformat/matroska: simplify signed int access code Signed-off-by: Michael Niedermayer (cherry picked from commit cddd15ba5c9cd2e92d2f2942e0fc40bf3bf56115) Signed-off-by: Michael Niedermayer --- libavformat/matroskadec.c | 6 +----- libavformat/matroskaenc.c | 14 +++----------- 2 files changed, 4 insertions(+), 16 deletions(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index 6bc6d23243..09f7969236 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -773,11 +773,7 @@ static int ebml_read_sint(AVIOContext *pb, int size, int64_t *num) if (size == 0) { *num = 0; } else { - *num = avio_r8(pb); - /* negative value */ - if (*num & 0x80) { - *num = (-1 << 8) | *num; - } + *num = sign_extend(avio_r8(pb), 8); /* big-endian ordering; build up number */ while (n++ < size) diff --git a/libavformat/matroskaenc.c b/libavformat/matroskaenc.c index 021098bd8c..0263cbcad5 100644 --- a/libavformat/matroskaenc.c +++ b/libavformat/matroskaenc.c @@ -205,22 +205,14 @@ static void put_ebml_uint(AVIOContext *pb, unsigned int elementid, uint64_t val) static void put_ebml_sint(AVIOContext *pb, unsigned int elementid, int64_t val) { int i, bytes = 1; - uint64_t uval = (val < 0 ? (-val - 1) << 1 : val << 1); - while (uval>>=8) bytes++; + uint64_t tmp = 2*(val < 0 ? val^-1 : val); - /* make unsigned */ - if (val >= 0) { - uval = val; - } else { - uval = 0x80 << (bytes - 1); - uval += val; - uval |= 0x80 << (bytes - 1); - } + while (tmp>>=8) bytes++; put_ebml_id(pb, elementid); put_ebml_num(pb, bytes, 0); for (i = bytes - 1; i >= 0; i--) - avio_w8(pb, (uint8_t)(uval >> i*8)); + avio_w8(pb, (uint8_t)(val >> i*8)); } static void put_ebml_float(AVIOContext *pb, unsigned int elementid, double val) From aee36a7d16db350e3b1c245c9a978586bc866967 Mon Sep 17 00:00:00 2001 From: Jan Gerber Date: Thu, 14 Nov 2013 12:58:28 +0100 Subject: [PATCH 058/562] lavf/matroska*: DiscardPadding is a signed integer according to the Matriska Specification http://matroska.org/technical/specs/index.html DiscardPadding is a signed integer. Tested-by: Jan Gerber Tested-by: James Almer Signed-off-by: Michael Niedermayer (cherry picked from commit f4b1ca99ff86c6ba78e1b4730c85eac0d5a5817a) Signed-off-by: Michael Niedermayer --- libavformat/matroskadec.c | 8 ++++---- libavformat/matroskaenc.c | 5 +++-- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index 09f7969236..77f9188c52 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -293,7 +293,7 @@ typedef struct { EbmlBin bin; uint64_t additional_id; EbmlBin additional; - uint64_t discard_padding; + int64_t discard_padding; } MatroskaBlock; static EbmlSyntax ebml_header[] = { @@ -571,7 +571,7 @@ static EbmlSyntax matroska_blockgroup[] = { { MATROSKA_ID_BLOCKADDITIONS, EBML_NEST, 0, 0, {.n=matroska_blockadditions} }, { MATROSKA_ID_SIMPLEBLOCK, EBML_BIN, 0, offsetof(MatroskaBlock,bin) }, { MATROSKA_ID_BLOCKDURATION, EBML_UINT, 0, offsetof(MatroskaBlock,duration) }, - { MATROSKA_ID_DISCARDPADDING, EBML_UINT, 0, offsetof(MatroskaBlock,discard_padding) }, + { MATROSKA_ID_DISCARDPADDING, EBML_SINT, 0, offsetof(MatroskaBlock,discard_padding) }, { MATROSKA_ID_BLOCKREFERENCE, EBML_UINT, 0, offsetof(MatroskaBlock,reference) }, { MATROSKA_ID_CODECSTATE, EBML_NONE }, { 1, EBML_UINT, 0, offsetof(MatroskaBlock,non_simple), {.u=1} }, @@ -2415,7 +2415,7 @@ static int matroska_parse_frame(MatroskaDemuxContext *matroska, uint64_t timecode, uint64_t lace_duration, int64_t pos, int is_keyframe, uint8_t *additional, uint64_t additional_id, int additional_size, - uint64_t discard_padding) + int64_t discard_padding) { MatroskaTrackEncoding *encodings = track->encodings.elem; uint8_t *pkt_data = data; @@ -2552,7 +2552,7 @@ static int matroska_parse_block(MatroskaDemuxContext *matroska, uint8_t *data, int size, int64_t pos, uint64_t cluster_time, uint64_t block_duration, int is_keyframe, uint8_t *additional, uint64_t additional_id, int additional_size, - int64_t cluster_pos, uint64_t discard_padding) + int64_t cluster_pos, int64_t discard_padding) { uint64_t timecode = AV_NOPTS_VALUE; MatroskaTrack *track; diff --git a/libavformat/matroskaenc.c b/libavformat/matroskaenc.c index 0263cbcad5..60b6e5ea78 100644 --- a/libavformat/matroskaenc.c +++ b/libavformat/matroskaenc.c @@ -1317,7 +1317,8 @@ static void mkv_write_block(AVFormatContext *s, AVIOContext *pb, uint8_t *data = NULL, *side_data = NULL; int offset = 0, size = pkt->size, side_data_size = 0; int64_t ts = mkv->tracks[pkt->stream_index].write_dts ? pkt->dts : pkt->pts; - uint64_t additional_id = 0, discard_padding = 0; + uint64_t additional_id = 0; + int64_t discard_padding = 0; ebml_master block_group, block_additions, block_more; av_log(s, AV_LOG_DEBUG, "Writing block at offset %" PRIu64 ", size %d, " @@ -1376,7 +1377,7 @@ static void mkv_write_block(AVFormatContext *s, AVIOContext *pb, av_free(data); if (discard_padding) { - put_ebml_uint(pb, MATROSKA_ID_DISCARDPADDING, discard_padding); + put_ebml_sint(pb, MATROSKA_ID_DISCARDPADDING, discard_padding); } if (side_data_size && additional_id == 1) { From 73aa4518eec4afb5805f41c01df61bf4b7b47d0d Mon Sep 17 00:00:00 2001 From: Jan Gerber Date: Sat, 16 Nov 2013 01:12:20 +0100 Subject: [PATCH 059/562] lavf/matroskadec ReferenceBlock is a signed integer according to the Matroska Specification ReferenceBlock is a signed integer too. Signed-off-by: Michael Niedermayer (cherry picked from commit 8cc59ec881b8706fb3036a2a83f7ededa468dedb) Signed-off-by: Michael Niedermayer --- libavformat/matroskadec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index 77f9188c52..babf4b8060 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -572,7 +572,7 @@ static EbmlSyntax matroska_blockgroup[] = { { MATROSKA_ID_SIMPLEBLOCK, EBML_BIN, 0, offsetof(MatroskaBlock,bin) }, { MATROSKA_ID_BLOCKDURATION, EBML_UINT, 0, offsetof(MatroskaBlock,duration) }, { MATROSKA_ID_DISCARDPADDING, EBML_SINT, 0, offsetof(MatroskaBlock,discard_padding) }, - { MATROSKA_ID_BLOCKREFERENCE, EBML_UINT, 0, offsetof(MatroskaBlock,reference) }, + { MATROSKA_ID_BLOCKREFERENCE, EBML_SINT, 0, offsetof(MatroskaBlock,reference) }, { MATROSKA_ID_CODECSTATE, EBML_NONE }, { 1, EBML_UINT, 0, offsetof(MatroskaBlock,non_simple), {.u=1} }, { 0 } From 04a4c4144ade592c97f82f016af85903300f2a47 Mon Sep 17 00:00:00 2001 From: Paul B Mahol Date: Fri, 15 Nov 2013 01:09:06 +0000 Subject: [PATCH 060/562] avcodec/libopusenc: change default frame duration to 20 ms 20 ms is used by libopus encoder. Signed-off-by: Paul B Mahol (cherry picked from commit 74906d3727ec3bd9b7b28dfa7a98ff6e8cf8b6d7) Signed-off-by: Michael Niedermayer --- doc/encoders.texi | 2 +- libavcodec/libopusenc.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/encoders.texi b/doc/encoders.texi index 67f2a39278..143862c861 100644 --- a/doc/encoders.texi +++ b/doc/encoders.texi @@ -786,7 +786,7 @@ Set maximum frame size, or duration of a frame in milliseconds. The argument must be exactly the following: 2.5, 5, 10, 20, 40, 60. Smaller frame sizes achieve lower latency but less quality at a given bitrate. Sizes greater than 20ms are only interesting at fairly low bitrates. -The default of FFmpeg is 10ms, but is 20ms in @command{opusenc}. +The default is 20ms. @item packet_loss (@emph{expect-loss}) Set expected packet loss percentage. The default is 0. diff --git a/libavcodec/libopusenc.c b/libavcodec/libopusenc.c index 97d3bba180..8ceb877f38 100644 --- a/libavcodec/libopusenc.c +++ b/libavcodec/libopusenc.c @@ -400,7 +400,7 @@ static const AVOption libopus_options[] = { { "voip", "Favor improved speech intelligibility", 0, AV_OPT_TYPE_CONST, { .i64 = OPUS_APPLICATION_VOIP }, 0, 0, FLAGS, "application" }, { "audio", "Favor faithfulness to the input", 0, AV_OPT_TYPE_CONST, { .i64 = OPUS_APPLICATION_AUDIO }, 0, 0, FLAGS, "application" }, { "lowdelay", "Restrict to only the lowest delay modes", 0, AV_OPT_TYPE_CONST, { .i64 = OPUS_APPLICATION_RESTRICTED_LOWDELAY }, 0, 0, FLAGS, "application" }, - { "frame_duration", "Duration of a frame in milliseconds", OFFSET(frame_duration), AV_OPT_TYPE_FLOAT, { .dbl = 10.0 }, 2.5, 60.0, FLAGS }, + { "frame_duration", "Duration of a frame in milliseconds", OFFSET(frame_duration), AV_OPT_TYPE_FLOAT, { .dbl = 20.0 }, 2.5, 60.0, FLAGS }, { "packet_loss", "Expected packet loss percentage", OFFSET(packet_loss), AV_OPT_TYPE_INT, { .i64 = 0 }, 0, 100, FLAGS }, { "vbr", "Variable bit rate mode", OFFSET(vbr), AV_OPT_TYPE_INT, { .i64 = 1 }, 0, 2, FLAGS, "vbr" }, { "off", "Use constant bit rate", 0, AV_OPT_TYPE_CONST, { .i64 = 0 }, 0, 0, FLAGS, "vbr" }, From 1ecd1b4aeeb419fda0320458207991b95b4da543 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 26 Nov 2013 23:27:21 +0100 Subject: [PATCH 061/562] avcodec/g2meet: fix stride calculation, use correct format field Fixes out of array accesses Fixes: asan_heap-oob_ae5f63_5415_g2m4.wmv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 83f7bd6dcf00875725c5f3b7e1bedac5a6b3c77d) Signed-off-by: Michael Niedermayer --- libavcodec/g2meet.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/g2meet.c b/libavcodec/g2meet.c index 16671497d6..b342ae7262 100644 --- a/libavcodec/g2meet.c +++ b/libavcodec/g2meet.c @@ -490,7 +490,7 @@ static int g2m_load_cursor(AVCodecContext *avctx, G2MContext *c, cursor_hot_y = bytestream2_get_byte(gb); cursor_fmt = bytestream2_get_byte(gb); - cursor_stride = FFALIGN(cursor_w, c->cursor_fmt==1 ? 32 : 1) * 4; + cursor_stride = FFALIGN(cursor_w, cursor_fmt==1 ? 32 : 1) * 4; if (cursor_w < 1 || cursor_w > 256 || cursor_h < 1 || cursor_h > 256) { From cf6cf50ac689e3dc69c54b66495cd4951105bf61 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 6 Dec 2013 15:24:10 +0100 Subject: [PATCH 062/562] do O(1) instead of O(n) atomic operations in register functions about 1ms faster startup time Signed-off-by: Michael Niedermayer (cherry picked from commit 133fbfc7811ffae7b97dd129fcd0b5e646742362) Signed-off-by: Michael Niedermayer --- libavcodec/utils.c | 5 +++-- libavfilter/avfilter.c | 2 +- libavformat/format.c | 4 ++-- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index ae32a35b87..554b30edbf 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -218,7 +218,8 @@ av_cold void avcodec_register(AVCodec *codec) avcodec_init(); p = &first_avcodec; codec->next = NULL; - while(avpriv_atomic_ptr_cas((void * volatile *)p, NULL, codec)) + + while(*p || avpriv_atomic_ptr_cas((void * volatile *)p, NULL, codec)) p = &(*p)->next; if (codec->init_static_data) @@ -3182,7 +3183,7 @@ void av_register_hwaccel(AVHWAccel *hwaccel) { AVHWAccel **p = &first_hwaccel; hwaccel->next = NULL; - while(avpriv_atomic_ptr_cas((void * volatile *)p, NULL, hwaccel)) + while(*p || avpriv_atomic_ptr_cas((void * volatile *)p, NULL, hwaccel)) p = &(*p)->next; } diff --git a/libavfilter/avfilter.c b/libavfilter/avfilter.c index f31968f394..c9c8accc2a 100644 --- a/libavfilter/avfilter.c +++ b/libavfilter/avfilter.c @@ -487,7 +487,7 @@ int avfilter_register(AVFilter *filter) filter->next = NULL; - while(avpriv_atomic_ptr_cas((void * volatile *)f, NULL, filter)) + while(*f || avpriv_atomic_ptr_cas((void * volatile *)f, NULL, filter)) f = &(*f)->next; return 0; diff --git a/libavformat/format.c b/libavformat/format.c index ac9100b604..36c0131c12 100644 --- a/libavformat/format.c +++ b/libavformat/format.c @@ -54,7 +54,7 @@ void av_register_input_format(AVInputFormat *format) AVInputFormat **p = &first_iformat; format->next = NULL; - while(avpriv_atomic_ptr_cas((void * volatile *)p, NULL, format)) + while(*p || avpriv_atomic_ptr_cas((void * volatile *)p, NULL, format)) p = &(*p)->next; } @@ -63,7 +63,7 @@ void av_register_output_format(AVOutputFormat *format) AVOutputFormat **p = &first_oformat; format->next = NULL; - while(avpriv_atomic_ptr_cas((void * volatile *)p, NULL, format)) + while(*p || avpriv_atomic_ptr_cas((void * volatile *)p, NULL, format)) p = &(*p)->next; } From e779595dcae46c1c1cde64e084759e9585f76e3f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 6 Dec 2013 23:30:34 +0100 Subject: [PATCH 063/562] avutil/log: skip IO calls on empty strings These occur when no context is set for example, thus they are common Signed-off-by: Michael Niedermayer (cherry picked from commit a044a183a3fb90b20a8deaa3ea1158510bcdd420) Signed-off-by: Michael Niedermayer --- libavutil/log.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavutil/log.c b/libavutil/log.c index 56ef53b378..fa65b9f02f 100644 --- a/libavutil/log.c +++ b/libavutil/log.c @@ -109,6 +109,9 @@ static int use_color = -1; static void colored_fputs(int level, const char *str) { + if (!*str) + return; + if (use_color < 0) { #if HAVE_SETCONSOLETEXTATTRIBUTE CONSOLE_SCREEN_BUFFER_INFO con_info; From 08808084f6e9d3fbccb67d53b4f9a25f9bf81e2f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 7 Dec 2013 02:04:31 +0100 Subject: [PATCH 064/562] swscale/utils: fill xyz tables only when they will be used makes the first call to sws_getContext() 1ms faster Signed-off-by: Michael Niedermayer (cherry picked from commit 4d18060e56aac9d7248854ba75d5fc19f5cd3db8) Signed-off-by: Michael Niedermayer --- libswscale/utils.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libswscale/utils.c b/libswscale/utils.c index 6c5fa56fce..3cc2c9d4d7 100644 --- a/libswscale/utils.c +++ b/libswscale/utils.c @@ -975,8 +975,6 @@ int sws_setColorspaceDetails(struct SwsContext *c, const int inv_table[4], c->srcRange = srcRange; c->dstRange = dstRange; - fill_xyztables(c); - if ((isYUV(c->dstFormat) || isGray(c->dstFormat)) && (isYUV(c->srcFormat) || isGray(c->srcFormat))) return -1; @@ -1067,6 +1065,8 @@ static void handle_formats(SwsContext *c) c->dst0Alpha |= handle_0alpha(&c->dstFormat); c->srcXYZ |= handle_xyz(&c->srcFormat); c->dstXYZ |= handle_xyz(&c->dstFormat); + if (c->srcXYZ || c->dstXYZ) + fill_xyztables(c); } SwsContext *sws_alloc_context(void) From 061e94815322a0702977491158c0b5cbaca3ccc4 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 18 Dec 2013 05:20:11 +0100 Subject: [PATCH 065/562] configure: support raising major version in soname this allows seperate installation of shared libs that should not conflict with whatever is already installed. Signed-off-by: Michael Niedermayer (cherry picked from commit 102b794e09482fec881e7ec903e57914895f9b74) Conflicts: libavcodec/utils.c Signed-off-by: Michael Niedermayer --- configure | 3 +++ 1 file changed, 3 insertions(+) diff --git a/configure b/configure index 82b2e7b2be..d4dc9cfc26 100755 --- a/configure +++ b/configure @@ -105,6 +105,7 @@ Configuration options: --disable-all disable building components, libraries and programs --enable-incompatible-libav-abi enable incompatible Libav fork ABI [no] --enable-incompatible-fork-abi enable incompatible Libav fork ABI (deprecated) [no] + --enable-raise-major increase major version numbers in sonames [no] Program options: --disable-programs do not build command line programs @@ -1300,6 +1301,7 @@ CONFIG_LIST=" network nonfree pic + raise_major rdft runtime_cpudetect safe_bitstream_reader @@ -4871,6 +4873,7 @@ get_version(){ name=$(toupper $lcname) file=$source_path/$lcname/version.h eval $(awk "/#define ${name}_VERSION_M/ { print \$2 \"=\" \$3 }" "$file") + enabled raise_major && eval ${name}_VERSION_MAJOR=$((${name}_VERSION_MAJOR+100)) eval ${name}_VERSION=\$${name}_VERSION_MAJOR.\$${name}_VERSION_MINOR.\$${name}_VERSION_MICRO eval echo "${lcname}_VERSION=\$${name}_VERSION" >> config.mak eval echo "${lcname}_VERSION_MAJOR=\$${name}_VERSION_MAJOR" >> config.mak From dcf0f82d08e88ea952aa97c16e4e774ce6c2ceb8 Mon Sep 17 00:00:00 2001 From: Dale Curtis Date: Thu, 2 Jan 2014 14:29:38 -0800 Subject: [PATCH 066/562] h264: Clear ERContext.cur_pic when unref'ing current picture. Signed-off-by: Dale Curtis (cherry picked from commit 4feca2214a0b69dcbe4d1c7cd145c3881459e867) Signed-off-by: Michael Niedermayer --- libavcodec/h264.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index f044a58a97..1b531f560b 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -1957,6 +1957,10 @@ static int h264_frame_start(H264Context *h) h->cur_pic_ptr = pic; unref_picture(h, &h->cur_pic); + if (CONFIG_ERROR_RESILIENCE) { + h->er.cur_pic = NULL; + } + if ((ret = ref_picture(h, &h->cur_pic, h->cur_pic_ptr)) < 0) return ret; From 572ccbd299f0aeb3c7f9661752bd111497f08166 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 17 Nov 2013 00:11:33 +0100 Subject: [PATCH 067/562] Merge commit '6139f481ac9feb1bee4e7d04789fb15d7f24ebbf' * commit '6139f481ac9feb1bee4e7d04789fb15d7f24ebbf': asvenc: use the AVFrame API properly. a64multienc: use the AVFrame API properly. Conflicts: libavcodec/vaapi_mpeg.c Merged-by: Michael Niedermayer (cherry picked from commit cc4a6435638fa2a471fef048a3e68eaf7e6e306c) Author of the merged code: Anton Khirnov Signed-off-by: Michael Niedermayer --- libavcodec/a64multienc.c | 14 ++++++++------ libavcodec/asv.c | 1 - libavcodec/asv.h | 1 - libavcodec/asvenc.c | 33 ++++++++++++++++++--------------- 4 files changed, 26 insertions(+), 23 deletions(-) diff --git a/libavcodec/a64multienc.c b/libavcodec/a64multienc.c index e5c0fa782f..d692ebfdef 100644 --- a/libavcodec/a64multienc.c +++ b/libavcodec/a64multienc.c @@ -40,9 +40,6 @@ #define C64YRES 200 typedef struct A64Context { - /* general variables */ - AVFrame picture; - /* variables for multicolor modes */ AVLFG randctx; int mc_lifetime; @@ -189,6 +186,7 @@ static void render_charset(AVCodecContext *avctx, uint8_t *charset, static av_cold int a64multi_close_encoder(AVCodecContext *avctx) { A64Context *c = avctx->priv_data; + av_frame_free(&avctx->coded_frame); av_free(c->mc_meta_charset); av_free(c->mc_best_cb); av_free(c->mc_charset); @@ -240,8 +238,12 @@ static av_cold int a64multi_init_encoder(AVCodecContext *avctx) AV_WB32(avctx->extradata, c->mc_lifetime); AV_WB32(avctx->extradata + 16, INTERLACED); - avcodec_get_frame_defaults(&c->picture); - avctx->coded_frame = &c->picture; + avctx->coded_frame = av_frame_alloc(); + if (!avctx->coded_frame) { + a64multi_close_encoder(avctx); + return AVERROR(ENOMEM); + } + avctx->coded_frame->pict_type = AV_PICTURE_TYPE_I; avctx->coded_frame->key_frame = 1; if (!avctx->codec_tag) @@ -271,7 +273,7 @@ static int a64multi_encode_frame(AVCodecContext *avctx, AVPacket *pkt, const AVFrame *pict, int *got_packet) { A64Context *c = avctx->priv_data; - AVFrame *const p = &c->picture; + AVFrame *const p = avctx->coded_frame; int frame; int x, y; diff --git a/libavcodec/asv.c b/libavcodec/asv.c index 21f179bb77..58d2a895a6 100644 --- a/libavcodec/asv.c +++ b/libavcodec/asv.c @@ -89,6 +89,5 @@ av_cold void ff_asv_common_init(AVCodecContext *avctx) { a->mb_width2 = (avctx->width + 0) / 16; a->mb_height2 = (avctx->height + 0) / 16; - avctx->coded_frame= &a->picture; a->avctx= avctx; } diff --git a/libavcodec/asv.h b/libavcodec/asv.h index ca67c67daa..ce3c73aba4 100644 --- a/libavcodec/asv.h +++ b/libavcodec/asv.h @@ -38,7 +38,6 @@ typedef struct ASV1Context{ AVCodecContext *avctx; DSPContext dsp; - AVFrame picture; PutBitContext pb; GetBitContext gb; ScanTable scantable; diff --git a/libavcodec/asvenc.c b/libavcodec/asvenc.c index 38d971abcb..066dbbab8b 100644 --- a/libavcodec/asvenc.c +++ b/libavcodec/asvenc.c @@ -148,14 +148,16 @@ static inline int encode_mb(ASV1Context *a, int16_t block[6][64]){ return 0; } -static inline void dct_get(ASV1Context *a, int mb_x, int mb_y){ +static inline void dct_get(ASV1Context *a, const AVFrame *frame, + int mb_x, int mb_y) +{ int16_t (*block)[64]= a->block; - int linesize= a->picture.linesize[0]; + int linesize = frame->linesize[0]; int i; - uint8_t *ptr_y = a->picture.data[0] + (mb_y * 16* linesize ) + mb_x * 16; - uint8_t *ptr_cb = a->picture.data[1] + (mb_y * 8 * a->picture.linesize[1]) + mb_x * 8; - uint8_t *ptr_cr = a->picture.data[2] + (mb_y * 8 * a->picture.linesize[2]) + mb_x * 8; + uint8_t *ptr_y = frame->data[0] + (mb_y * 16* linesize ) + mb_x * 16; + uint8_t *ptr_cb = frame->data[1] + (mb_y * 8 * frame->linesize[1]) + mb_x * 8; + uint8_t *ptr_cr = frame->data[2] + (mb_y * 8 * frame->linesize[2]) + mb_x * 8; a->dsp.get_pixels(block[0], ptr_y , linesize); a->dsp.get_pixels(block[1], ptr_y + 8, linesize); @@ -165,8 +167,8 @@ static inline void dct_get(ASV1Context *a, int mb_x, int mb_y){ a->dsp.fdct(block[i]); if(!(a->avctx->flags&CODEC_FLAG_GRAY)){ - a->dsp.get_pixels(block[4], ptr_cb, a->picture.linesize[1]); - a->dsp.get_pixels(block[5], ptr_cr, a->picture.linesize[2]); + a->dsp.get_pixels(block[4], ptr_cb, frame->linesize[1]); + a->dsp.get_pixels(block[5], ptr_cr, frame->linesize[2]); for(i=4; i<6; i++) a->dsp.fdct(block[i]); } @@ -176,7 +178,6 @@ static int encode_frame(AVCodecContext *avctx, AVPacket *pkt, const AVFrame *pict, int *got_packet) { ASV1Context * const a = avctx->priv_data; - AVFrame * const p= &a->picture; int size, ret; int mb_x, mb_y; @@ -186,13 +187,9 @@ static int encode_frame(AVCodecContext *avctx, AVPacket *pkt, init_put_bits(&a->pb, pkt->data, pkt->size); - *p = *pict; - p->pict_type= AV_PICTURE_TYPE_I; - p->key_frame= 1; - for(mb_y=0; mb_ymb_height2; mb_y++){ for(mb_x=0; mb_xmb_width2; mb_x++){ - dct_get(a, mb_x, mb_y); + dct_get(a, pict, mb_x, mb_y); encode_mb(a, a->block); } } @@ -200,7 +197,7 @@ static int encode_frame(AVCodecContext *avctx, AVPacket *pkt, if(a->mb_width2 != a->mb_width){ mb_x= a->mb_width2; for(mb_y=0; mb_ymb_height2; mb_y++){ - dct_get(a, mb_x, mb_y); + dct_get(a, pict, mb_x, mb_y); encode_mb(a, a->block); } } @@ -208,7 +205,7 @@ static int encode_frame(AVCodecContext *avctx, AVPacket *pkt, if(a->mb_height2 != a->mb_height){ mb_y= a->mb_height2; for(mb_x=0; mb_xmb_width; mb_x++){ - dct_get(a, mb_x, mb_y); + dct_get(a, pict, mb_x, mb_y); encode_mb(a, a->block); } } @@ -240,6 +237,12 @@ static av_cold int encode_init(AVCodecContext *avctx){ int i; const int scale= avctx->codec_id == AV_CODEC_ID_ASV1 ? 1 : 2; + avctx->coded_frame = av_frame_alloc(); + if (!avctx->coded_frame) + return AVERROR(ENOMEM); + avctx->coded_frame->pict_type = AV_PICTURE_TYPE_I; + avctx->coded_frame->key_frame = 1; + ff_asv_common_init(avctx); if(avctx->global_quality == 0) avctx->global_quality= 4*FF_QUALITY_SCALE; From 3976c50fc1ff2fe4e7c224791cecc0faacbe8274 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 17 Nov 2013 00:21:16 +0100 Subject: [PATCH 068/562] Merge commit 'cec5ce49229d61e4eb1f331a6d0dff3aa24f6655' * commit 'cec5ce49229d61e4eb1f331a6d0dff3aa24f6655': cdxl: remove an unused variable c93: use the AVFrame API properly. bethsoftvid: use the AVFrame API properly. avs: use the AVFrame API properly. Conflicts: libavcodec/bethsoftvideo.c Merged-by: Michael Niedermayer (cherry picked from commit 21c41e76d7c1ddaadafc9da50e99db51358f3754) Conflicts: libavcodec/avs.c Author of the merged code: Anton Khirnov --- libavcodec/avs.c | 21 +++++++++++++-------- libavcodec/bethsoftvideo.c | 26 +++++++++++++++----------- libavcodec/c93.c | 34 ++++++++++++++++++++-------------- 3 files changed, 48 insertions(+), 33 deletions(-) diff --git a/libavcodec/avs.c b/libavcodec/avs.c index 065345b5cd..a0d2045885 100644 --- a/libavcodec/avs.c +++ b/libavcodec/avs.c @@ -25,7 +25,7 @@ typedef struct { - AVFrame picture; + AVFrame *frame; } AvsContext; typedef enum { @@ -52,7 +52,7 @@ avs_decode_frame(AVCodecContext * avctx, int buf_size = avpkt->size; AvsContext *const avs = avctx->priv_data; AVFrame *picture = data; - AVFrame *const p = &avs->picture; + AVFrame *const p = avs->frame; const uint8_t *table, *vect; uint8_t *out; int i, j, x, y, stride, ret, vect_w = 3, vect_h = 3; @@ -65,8 +65,8 @@ avs_decode_frame(AVCodecContext * avctx, p->pict_type = AV_PICTURE_TYPE_P; p->key_frame = 0; - out = avs->picture.data[0]; - stride = avs->picture.linesize[0]; + out = p->data[0]; + stride = p->linesize[0]; if (buf_end - buf < 4) return AVERROR_INVALIDDATA; @@ -76,7 +76,7 @@ avs_decode_frame(AVCodecContext * avctx, if (type == AVS_PALETTE) { int first, last; - uint32_t *pal = (uint32_t *) avs->picture.data[1]; + uint32_t *pal = (uint32_t *) p->data[1]; first = AV_RL16(buf); last = first + AV_RL16(buf + 2); @@ -149,7 +149,7 @@ avs_decode_frame(AVCodecContext * avctx, align_get_bits(&change_map); } - if ((ret = av_frame_ref(picture, &avs->picture)) < 0) + if ((ret = av_frame_ref(picture, p)) < 0) return ret; *got_frame = 1; @@ -159,16 +159,21 @@ avs_decode_frame(AVCodecContext * avctx, static av_cold int avs_decode_init(AVCodecContext * avctx) { AvsContext *s = avctx->priv_data; + + s->frame = av_frame_alloc(); + if (!s->frame) + return AVERROR(ENOMEM); + avctx->pix_fmt = AV_PIX_FMT_PAL8; avcodec_set_dimensions(avctx, 318, 198); - avcodec_get_frame_defaults(&s->picture); + return 0; } static av_cold int avs_decode_end(AVCodecContext *avctx) { AvsContext *s = avctx->priv_data; - av_frame_unref(&s->picture); + av_frame_free(&s->frame); return 0; } diff --git a/libavcodec/bethsoftvideo.c b/libavcodec/bethsoftvideo.c index 71d111f893..37cd22eb39 100644 --- a/libavcodec/bethsoftvideo.c +++ b/libavcodec/bethsoftvideo.c @@ -34,21 +34,25 @@ #include "internal.h" typedef struct BethsoftvidContext { - AVFrame frame; + AVFrame *frame; GetByteContext g; } BethsoftvidContext; static av_cold int bethsoftvid_decode_init(AVCodecContext *avctx) { BethsoftvidContext *vid = avctx->priv_data; - avcodec_get_frame_defaults(&vid->frame); avctx->pix_fmt = AV_PIX_FMT_PAL8; + + vid->frame = av_frame_alloc(); + if (!vid->frame) + return AVERROR(ENOMEM); + return 0; } static int set_palette(BethsoftvidContext *ctx) { - uint32_t *palette = (uint32_t *)ctx->frame.data[1]; + uint32_t *palette = (uint32_t *)ctx->frame->data[1]; int a; if (bytestream2_get_bytes_left(&ctx->g) < 256*3) @@ -58,7 +62,7 @@ static int set_palette(BethsoftvidContext *ctx) palette[a] = 0xFFU << 24 | bytestream2_get_be24u(&ctx->g) * 4; palette[a] |= palette[a] >> 6 & 0x30303; } - ctx->frame.palette_has_changed = 1; + ctx->frame->palette_has_changed = 1; return 0; } @@ -75,9 +79,9 @@ static int bethsoftvid_decode_frame(AVCodecContext *avctx, int code, ret; int yoffset; - if ((ret = ff_reget_buffer(avctx, &vid->frame)) < 0) + if ((ret = ff_reget_buffer(avctx, vid->frame)) < 0) return ret; - wrap_to_next_line = vid->frame.linesize[0] - avctx->width; + wrap_to_next_line = vid->frame->linesize[0] - avctx->width; if (avpkt->side_data_elems > 0 && avpkt->side_data[0].type == AV_PKT_DATA_PALETTE) { @@ -88,8 +92,8 @@ static int bethsoftvid_decode_frame(AVCodecContext *avctx, } bytestream2_init(&vid->g, avpkt->data, avpkt->size); - dst = vid->frame.data[0]; - frame_end = vid->frame.data[0] + vid->frame.linesize[0] * avctx->height; + dst = vid->frame->data[0]; + frame_end = vid->frame->data[0] + vid->frame->linesize[0] * avctx->height; switch(block_type = bytestream2_get_byte(&vid->g)){ case PALETTE_BLOCK: { @@ -104,7 +108,7 @@ static int bethsoftvid_decode_frame(AVCodecContext *avctx, yoffset = bytestream2_get_le16(&vid->g); if(yoffset >= avctx->height) return AVERROR_INVALIDDATA; - dst += vid->frame.linesize[0] * yoffset; + dst += vid->frame->linesize[0] * yoffset; } // main code @@ -134,7 +138,7 @@ static int bethsoftvid_decode_frame(AVCodecContext *avctx, } end: - if ((ret = av_frame_ref(data, &vid->frame)) < 0) + if ((ret = av_frame_ref(data, vid->frame)) < 0) return ret; *got_frame = 1; @@ -145,7 +149,7 @@ static int bethsoftvid_decode_frame(AVCodecContext *avctx, static av_cold int bethsoftvid_decode_end(AVCodecContext *avctx) { BethsoftvidContext * vid = avctx->priv_data; - av_frame_unref(&vid->frame); + av_frame_free(&vid->frame); return 0; } diff --git a/libavcodec/c93.c b/libavcodec/c93.c index f25368b101..f220762719 100644 --- a/libavcodec/c93.c +++ b/libavcodec/c93.c @@ -24,7 +24,7 @@ #include "internal.h" typedef struct { - AVFrame pictures[2]; + AVFrame *pictures[2]; int currentpic; } C93DecoderContext; @@ -46,21 +46,27 @@ typedef enum { #define C93_HAS_PALETTE 0x01 #define C93_FIRST_FRAME 0x02 -static av_cold int decode_init(AVCodecContext *avctx) -{ - C93DecoderContext *s = avctx->priv_data; - avctx->pix_fmt = AV_PIX_FMT_PAL8; - avcodec_get_frame_defaults(&s->pictures[0]); - avcodec_get_frame_defaults(&s->pictures[1]); - return 0; -} - static av_cold int decode_end(AVCodecContext *avctx) { C93DecoderContext * const c93 = avctx->priv_data; - av_frame_unref(&c93->pictures[0]); - av_frame_unref(&c93->pictures[1]); + av_frame_free(&c93->pictures[0]); + av_frame_free(&c93->pictures[1]); + + return 0; +} + +static av_cold int decode_init(AVCodecContext *avctx) +{ + C93DecoderContext *s = avctx->priv_data; + avctx->pix_fmt = AV_PIX_FMT_PAL8; + + s->pictures[0] = av_frame_alloc(); + s->pictures[1] = av_frame_alloc(); + if (!s->pictures[0] || !s->pictures[1]) { + decode_end(avctx); + return AVERROR(ENOMEM); + } return 0; } @@ -121,8 +127,8 @@ static int decode_frame(AVCodecContext *avctx, void *data, const uint8_t *buf = avpkt->data; int buf_size = avpkt->size; C93DecoderContext * const c93 = avctx->priv_data; - AVFrame * const newpic = &c93->pictures[c93->currentpic]; - AVFrame * const oldpic = &c93->pictures[c93->currentpic^1]; + AVFrame * const newpic = c93->pictures[c93->currentpic]; + AVFrame * const oldpic = c93->pictures[c93->currentpic^1]; GetByteContext gb; uint8_t *out; int stride, ret, i, x, y, b, bt = 0; From 2d7f20d2bbb1c30686c6a55cca8e3d71832a3a2e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 17 Nov 2013 00:40:59 +0100 Subject: [PATCH 069/562] Merge commit 'a639ea7f4bc44bf6bfa452675558a342924a66a9' * commit 'a639ea7f4bc44bf6bfa452675558a342924a66a9': escape124: use the AVFrame API properly. qtrle: use the AVFrame API properly. cljr: use the AVFrame API properly. cinepak: use the AVFrame API properly. Conflicts: libavcodec/cinepak.c libavcodec/cljr.c libavcodec/qtrle.c See: 80e9e63c libavcodec/cinepak.c See: 71c378984b0bd5470f67c424a79a4750f84d2d3e Merged-by: Michael Niedermayer (cherry picked from commit bfb1f44d246f4ed97d5cad9c1eace8a20951ff76) Author of the merged code: Anton Khirnov Signed-off-by: Michael Niedermayer --- libavcodec/cljr.c | 12 +++++++++--- libavcodec/escape124.c | 21 ++++++++++++--------- 2 files changed, 21 insertions(+), 12 deletions(-) diff --git a/libavcodec/cljr.c b/libavcodec/cljr.c index 51ac10662a..7e0773b6be 100644 --- a/libavcodec/cljr.c +++ b/libavcodec/cljr.c @@ -99,16 +99,21 @@ AVCodec ff_cljr_decoder = { #if CONFIG_CLJR_ENCODER typedef struct CLJRContext { AVClass *avclass; - AVFrame picture; int dither_type; } CLJRContext; static av_cold int encode_init(AVCodecContext *avctx) { - CLJRContext * const a = avctx->priv_data; + avctx->coded_frame = av_frame_alloc(); + if (!avctx->coded_frame) + return AVERROR(ENOMEM); - avctx->coded_frame = &a->picture; + return 0; +} +static av_cold int encode_close(AVCodecContext *avctx) +{ + av_frame_free(&avctx->coded_frame); return 0; } @@ -183,6 +188,7 @@ AVCodec ff_cljr_encoder = { .priv_data_size = sizeof(CLJRContext), .init = encode_init, .encode2 = encode_frame, + .close = encode_close, .pix_fmts = (const enum AVPixelFormat[]) { AV_PIX_FMT_YUV411P, AV_PIX_FMT_NONE }, .priv_class = &cljr_class, diff --git a/libavcodec/escape124.c b/libavcodec/escape124.c index a050fcb4e9..bed1efb5c8 100644 --- a/libavcodec/escape124.c +++ b/libavcodec/escape124.c @@ -42,7 +42,7 @@ typedef struct CodeBook { } CodeBook; typedef struct Escape124Context { - AVFrame frame; + AVFrame *frame; unsigned num_superblocks; @@ -58,12 +58,15 @@ static av_cold int escape124_decode_init(AVCodecContext *avctx) { Escape124Context *s = avctx->priv_data; - avcodec_get_frame_defaults(&s->frame); avctx->pix_fmt = AV_PIX_FMT_RGB555; s->num_superblocks = ((unsigned)avctx->width / 8) * ((unsigned)avctx->height / 8); + s->frame = av_frame_alloc(); + if (!s->frame) + return AVERROR(ENOMEM); + return 0; } @@ -75,7 +78,7 @@ static av_cold int escape124_decode_close(AVCodecContext *avctx) for (i = 0; i < 3; i++) av_free(s->codebooks[i].blocks); - av_frame_unref(&s->frame); + av_frame_free(&s->frame); return 0; } @@ -227,13 +230,13 @@ static int escape124_decode_frame(AVCodecContext *avctx, // Leave last frame unchanged // FIXME: Is this necessary? I haven't seen it in any real samples if (!(frame_flags & 0x114) || !(frame_flags & 0x7800000)) { - if (!s->frame.data[0]) + if (!s->frame->data[0]) return AVERROR_INVALIDDATA; av_log(avctx, AV_LOG_DEBUG, "Skipping frame\n"); *got_frame = 1; - if ((ret = av_frame_ref(frame, &s->frame)) < 0) + if ((ret = av_frame_ref(frame, s->frame)) < 0) return ret; return frame_size; @@ -272,8 +275,8 @@ static int escape124_decode_frame(AVCodecContext *avctx, new_frame_data = (uint16_t*)frame->data[0]; new_stride = frame->linesize[0] / 2; - old_frame_data = (uint16_t*)s->frame.data[0]; - old_stride = s->frame.linesize[0] / 2; + old_frame_data = (uint16_t*)s->frame->data[0]; + old_stride = s->frame->linesize[0] / 2; for (superblock_index = 0; superblock_index < s->num_superblocks; superblock_index++) { @@ -350,8 +353,8 @@ static int escape124_decode_frame(AVCodecContext *avctx, "Escape sizes: %i, %i, %i\n", frame_size, buf_size, get_bits_count(&gb) / 8); - av_frame_unref(&s->frame); - if ((ret = av_frame_ref(&s->frame, frame)) < 0) + av_frame_unref(s->frame); + if ((ret = av_frame_ref(s->frame, frame)) < 0) return ret; *got_frame = 1; From b7cb77a3228f19e9550f7cb917dc270a553a4fd1 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 17 Nov 2013 01:07:37 +0100 Subject: [PATCH 070/562] Merge commit '2d2a92f72199823a92e4e226c32e42a27ec801c0' * commit '2d2a92f72199823a92e4e226c32e42a27ec801c0': dxa: use the AVFrame API properly. qpeg: use the AVFrame API properly. cin video: use the AVFrame API properly. msvideo1: use the AVFrame API properly. Conflicts: libavcodec/dsicinav.c libavcodec/dxa.c libavcodec/msvideo1.c libavcodec/qpeg.c Merged-by: Michael Niedermayer (cherry picked from commit 5219afc09d8e97e18917738cbc052f903df9a619) Author of the merged code: Anton Khirnov Signed-off-by: Michael Niedermayer --- libavcodec/dsicinav.c | 18 +++++++++-------- libavcodec/dxa.c | 4 ++-- libavcodec/msvideo1.c | 24 +++++++++++----------- libavcodec/qpeg.c | 46 +++++++++++++++++++++++-------------------- 4 files changed, 50 insertions(+), 42 deletions(-) diff --git a/libavcodec/dsicinav.c b/libavcodec/dsicinav.c index 14bba55e1d..2d06ad8c10 100644 --- a/libavcodec/dsicinav.c +++ b/libavcodec/dsicinav.c @@ -39,7 +39,7 @@ typedef enum CinVideoBitmapIndex { typedef struct CinVideoContext { AVCodecContext *avctx; - AVFrame frame; + AVFrame *frame; unsigned int bitmap_size; uint32_t palette[256]; uint8_t *bitmap_table[3]; @@ -118,7 +118,9 @@ static av_cold int cinvideo_decode_init(AVCodecContext *avctx) cin->avctx = avctx; avctx->pix_fmt = AV_PIX_FMT_PAL8; - avcodec_get_frame_defaults(&cin->frame); + cin->frame = av_frame_alloc(); + if (!cin->frame) + return AVERROR(ENOMEM); cin->bitmap_size = avctx->width * avctx->height; if (allocate_buffers(cin)) @@ -315,20 +317,20 @@ static int cinvideo_decode_frame(AVCodecContext *avctx, break; } - if ((res = ff_reget_buffer(avctx, &cin->frame)) < 0) + if ((res = ff_reget_buffer(avctx, cin->frame)) < 0) return res; - memcpy(cin->frame.data[1], cin->palette, sizeof(cin->palette)); - cin->frame.palette_has_changed = 1; + memcpy(cin->frame->data[1], cin->palette, sizeof(cin->palette)); + cin->frame->palette_has_changed = 1; for (y = 0; y < cin->avctx->height; ++y) - memcpy(cin->frame.data[0] + (cin->avctx->height - 1 - y) * cin->frame.linesize[0], + memcpy(cin->frame->data[0] + (cin->avctx->height - 1 - y) * cin->frame->linesize[0], cin->bitmap_table[CIN_CUR_BMP] + y * cin->avctx->width, cin->avctx->width); FFSWAP(uint8_t *, cin->bitmap_table[CIN_CUR_BMP], cin->bitmap_table[CIN_PRE_BMP]); - if ((res = av_frame_ref(data, &cin->frame)) < 0) + if ((res = av_frame_ref(data, cin->frame)) < 0) return res; *got_frame = 1; @@ -340,7 +342,7 @@ static av_cold int cinvideo_decode_end(AVCodecContext *avctx) { CinVideoContext *cin = avctx->priv_data; - av_frame_unref(&cin->frame); + av_frame_free(&cin->frame); destroy_buffers(cin); diff --git a/libavcodec/dxa.c b/libavcodec/dxa.c index 2704852768..1d96f10ef4 100644 --- a/libavcodec/dxa.c +++ b/libavcodec/dxa.c @@ -321,12 +321,12 @@ static av_cold int decode_init(AVCodecContext *avctx) { DxaDecContext * const c = avctx->priv_data; - avctx->pix_fmt = AV_PIX_FMT_PAL8; - c->prev = av_frame_alloc(); if (!c->prev) return AVERROR(ENOMEM); + avctx->pix_fmt = AV_PIX_FMT_PAL8; + c->dsize = avctx->width * avctx->height * 2; c->decomp_buf = av_malloc(c->dsize); if (!c->decomp_buf) { diff --git a/libavcodec/msvideo1.c b/libavcodec/msvideo1.c index 83c50ac46d..970c67ce12 100644 --- a/libavcodec/msvideo1.c +++ b/libavcodec/msvideo1.c @@ -47,7 +47,7 @@ typedef struct Msvideo1Context { AVCodecContext *avctx; - AVFrame frame; + AVFrame *frame; const unsigned char *buf; int size; @@ -72,7 +72,9 @@ static av_cold int msvideo1_decode_init(AVCodecContext *avctx) avctx->pix_fmt = AV_PIX_FMT_RGB555; } - avcodec_get_frame_defaults(&s->frame); + s->frame = av_frame_alloc(); + if (!s->frame) + return AVERROR(ENOMEM); return 0; } @@ -93,8 +95,8 @@ static void msvideo1_decode_8bit(Msvideo1Context *s) unsigned short flags; int skip_blocks; unsigned char colors[8]; - unsigned char *pixels = s->frame.data[0]; - int stride = s->frame.linesize[0]; + unsigned char *pixels = s->frame->data[0]; + int stride = s->frame->linesize[0]; stream_ptr = 0; skip_blocks = 0; @@ -174,7 +176,7 @@ static void msvideo1_decode_8bit(Msvideo1Context *s) /* make the palette available on the way out */ if (s->avctx->pix_fmt == AV_PIX_FMT_PAL8) - memcpy(s->frame.data[1], s->pal, AVPALETTE_SIZE); + memcpy(s->frame->data[1], s->pal, AVPALETTE_SIZE); } static void msvideo1_decode_16bit(Msvideo1Context *s) @@ -193,8 +195,8 @@ static void msvideo1_decode_16bit(Msvideo1Context *s) unsigned short flags; int skip_blocks; unsigned short colors[8]; - unsigned short *pixels = (unsigned short *)s->frame.data[0]; - int stride = s->frame.linesize[0] / 2; + unsigned short *pixels = (unsigned short *)s->frame->data[0]; + int stride = s->frame->linesize[0] / 2; stream_ptr = 0; skip_blocks = 0; @@ -298,7 +300,7 @@ static int msvideo1_decode_frame(AVCodecContext *avctx, s->buf = buf; s->size = buf_size; - if ((ret = ff_reget_buffer(avctx, &s->frame)) < 0) + if ((ret = ff_reget_buffer(avctx, s->frame)) < 0) return ret; if (s->mode_8bit) { @@ -306,7 +308,7 @@ static int msvideo1_decode_frame(AVCodecContext *avctx, if (pal) { memcpy(s->pal, pal, AVPALETTE_SIZE); - s->frame.palette_has_changed = 1; + s->frame->palette_has_changed = 1; } } @@ -315,7 +317,7 @@ static int msvideo1_decode_frame(AVCodecContext *avctx, else msvideo1_decode_16bit(s); - if ((ret = av_frame_ref(data, &s->frame)) < 0) + if ((ret = av_frame_ref(data, s->frame)) < 0) return ret; *got_frame = 1; @@ -328,7 +330,7 @@ static av_cold int msvideo1_decode_end(AVCodecContext *avctx) { Msvideo1Context *s = avctx->priv_data; - av_frame_unref(&s->frame); + av_frame_free(&s->frame); return 0; } diff --git a/libavcodec/qpeg.c b/libavcodec/qpeg.c index edde937b15..da2d3b9d16 100644 --- a/libavcodec/qpeg.c +++ b/libavcodec/qpeg.c @@ -30,7 +30,7 @@ typedef struct QpegContext{ AVCodecContext *avctx; - AVFrame pic, ref; + AVFrame *pic, *ref; uint32_t pal[256]; GetByteContext buffer; } QpegContext; @@ -255,8 +255,8 @@ static int decode_frame(AVCodecContext *avctx, { uint8_t ctable[128]; QpegContext * const a = avctx->priv_data; - AVFrame * p = &a->pic; - AVFrame * ref= &a->ref; + AVFrame * const p = a->pic; + AVFrame * const ref = a->ref; uint8_t* outdata; int delta, ret; const uint8_t *pal = av_packet_get_side_data(avpkt, AV_PKT_DATA_PALETTE, NULL); @@ -273,26 +273,26 @@ static int decode_frame(AVCodecContext *avctx, if ((ret = ff_get_buffer(avctx, p, AV_GET_BUFFER_FLAG_REF)) < 0) return ret; - outdata = a->pic.data[0]; + outdata = p->data[0]; bytestream2_skip(&a->buffer, 4); bytestream2_get_buffer(&a->buffer, ctable, 128); bytestream2_skip(&a->buffer, 1); delta = bytestream2_get_byte(&a->buffer); if(delta == 0x10) { - qpeg_decode_intra(a, outdata, a->pic.linesize[0], avctx->width, avctx->height); + qpeg_decode_intra(a, outdata, p->linesize[0], avctx->width, avctx->height); } else { - qpeg_decode_inter(a, outdata, a->pic.linesize[0], avctx->width, avctx->height, delta, ctable, a->ref.data[0]); + qpeg_decode_inter(a, outdata, p->linesize[0], avctx->width, avctx->height, delta, ctable, ref->data[0]); } /* make the palette available on the way out */ if (pal) { - a->pic.palette_has_changed = 1; + p->palette_has_changed = 1; memcpy(a->pal, pal, AVPALETTE_SIZE); } - memcpy(a->pic.data[1], a->pal, AVPALETTE_SIZE); + memcpy(p->data[1], a->pal, AVPALETTE_SIZE); - if ((ret = av_frame_ref(data, &a->pic)) < 0) + if ((ret = av_frame_ref(data, p)) < 0) return ret; *got_frame = 1; @@ -312,6 +312,16 @@ static void decode_flush(AVCodecContext *avctx){ a->pal[i] = 0xFFU<<24 | AV_RL32(pal_src+4*i); } +static av_cold int decode_end(AVCodecContext *avctx) +{ + QpegContext * const a = avctx->priv_data; + + av_frame_free(&a->pic); + av_frame_free(&a->ref); + + return 0; +} + static av_cold int decode_init(AVCodecContext *avctx){ QpegContext * const a = avctx->priv_data; @@ -322,18 +332,12 @@ static av_cold int decode_init(AVCodecContext *avctx){ decode_flush(avctx); - avcodec_get_frame_defaults(&a->pic); - - return 0; -} - -static av_cold int decode_end(AVCodecContext *avctx){ - QpegContext * const a = avctx->priv_data; - AVFrame * const p = &a->pic; - AVFrame * const ref= &a->ref; - - av_frame_unref(p); - av_frame_unref(ref); + a->pic = av_frame_alloc(); + a->ref = av_frame_alloc(); + if (!a->pic || !a->ref) { + decode_end(avctx); + return AVERROR(ENOMEM); + } return 0; } From 2fe67ddb243e16788f32c5e18abd48315ba1b8de Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 17 Nov 2013 01:16:26 +0100 Subject: [PATCH 071/562] Merge commit 'b7462a3904d71ff799584faf5b875cad59ca2f31' * commit 'b7462a3904d71ff799584faf5b875cad59ca2f31': jvdec: use the AVFrame API properly. Conflicts: libavcodec/jvdec.c See: 678431d3f2c5f35fe48b02d5035604ace742be2e Merged-by: Michael Niedermayer (cherry picked from commit ddfdcd2b5ecce0914c1eefa6269060bdbc879b17) Author of the merged code: Anton Khirnov Signed-off-by: Michael Niedermayer --- libavcodec/jvdec.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libavcodec/jvdec.c b/libavcodec/jvdec.c index 740884ad3b..cad053289a 100644 --- a/libavcodec/jvdec.c +++ b/libavcodec/jvdec.c @@ -41,11 +41,13 @@ typedef struct JvContext { static av_cold int decode_init(AVCodecContext *avctx) { JvContext *s = avctx->priv_data; - avctx->pix_fmt = AV_PIX_FMT_PAL8; - ff_dsputil_init(&s->dsp, avctx); + s->frame = av_frame_alloc(); if (!s->frame) return AVERROR(ENOMEM); + + avctx->pix_fmt = AV_PIX_FMT_PAL8; + ff_dsputil_init(&s->dsp, avctx); return 0; } From 1dcf9de6e995fb58a2514ab6fae9627a5e3481a3 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 17 Nov 2013 01:36:26 +0100 Subject: [PATCH 072/562] Merge commit '2e09096da912f563c4dd889a8f25c314529bbaa6' * commit '2e09096da912f563c4dd889a8f25c314529bbaa6': kgv1: use the AVFrame API properly. indeo2: use the AVFrame API properly. iff: use the AVFrame API properly. msrle: use the AVFrame API properly. Conflicts: libavcodec/iff.c libavcodec/indeo2.c libavcodec/kgv1dec.c libavcodec/msrle.c See: 451b2ca1b4349f9b60416cc057eaf5518d81025c See: 80e9e63c946660304fc65fa8141ccfdbe4d196d1 See: 057dce5f21cd70db1ef6e3b67644a39f0d51aba5 Merged-by: Michael Niedermayer (cherry picked from commit 9f890a165666a73376c73b3c2bd920345b5c3b79) Author of the merged code: Anton Khirnov Signed-off-by: Michael Niedermayer --- libavcodec/iff.c | 24 +++++++++++++----------- libavcodec/indeo2.c | 14 +++++++------- libavcodec/kgv1dec.c | 8 ++++---- libavcodec/msrle.c | 22 ++++++++++++---------- 4 files changed, 36 insertions(+), 32 deletions(-) diff --git a/libavcodec/iff.c b/libavcodec/iff.c index a4b90fa4a3..5d69539171 100644 --- a/libavcodec/iff.c +++ b/libavcodec/iff.c @@ -318,6 +318,16 @@ static int extract_header(AVCodecContext *const avctx, return 0; } +static av_cold int decode_end(AVCodecContext *avctx) +{ + IffContext *s = avctx->priv_data; + av_frame_free(&s->frame); + av_freep(&s->planebuf); + av_freep(&s->ham_buf); + av_freep(&s->ham_palbuf); + return 0; +} + static av_cold int decode_init(AVCodecContext *avctx) { IffContext *s = avctx->priv_data; @@ -360,8 +370,10 @@ static av_cold int decode_init(AVCodecContext *avctx) s->bpp = avctx->bits_per_coded_sample; s->frame = av_frame_alloc(); - if (!s->frame) + if (!s->frame) { + decode_end(avctx); return AVERROR(ENOMEM); + } if ((err = extract_header(avctx, NULL)) < 0) return err; @@ -858,16 +870,6 @@ static int decode_frame(AVCodecContext *avctx, return buf_size; } -static av_cold int decode_end(AVCodecContext *avctx) -{ - IffContext *s = avctx->priv_data; - av_frame_free(&s->frame); - av_freep(&s->planebuf); - av_freep(&s->ham_buf); - av_freep(&s->ham_palbuf); - return 0; -} - #if CONFIG_IFF_ILBM_DECODER AVCodec ff_iff_ilbm_decoder = { .name = "iff", diff --git a/libavcodec/indeo2.c b/libavcodec/indeo2.c index d3bbc6d20f..aabe348b4f 100644 --- a/libavcodec/indeo2.c +++ b/libavcodec/indeo2.c @@ -171,36 +171,36 @@ static int ir2_decode_frame(AVCodecContext *avctx, if (s->decode_delta) { /* intraframe */ if ((ret = ir2_decode_plane(s, avctx->width, avctx->height, - s->picture->data[0], s->picture->linesize[0], + p->data[0], p->linesize[0], ir2_luma_table)) < 0) return ret; /* swapped U and V */ if ((ret = ir2_decode_plane(s, avctx->width >> 2, avctx->height >> 2, - s->picture->data[2], s->picture->linesize[2], + p->data[2], p->linesize[2], ir2_luma_table)) < 0) return ret; if ((ret = ir2_decode_plane(s, avctx->width >> 2, avctx->height >> 2, - s->picture->data[1], s->picture->linesize[1], + p->data[1], p->linesize[1], ir2_luma_table)) < 0) return ret; } else { /* interframe */ if ((ret = ir2_decode_plane_inter(s, avctx->width, avctx->height, - s->picture->data[0], s->picture->linesize[0], + p->data[0], p->linesize[0], ir2_luma_table)) < 0) return ret; /* swapped U and V */ if ((ret = ir2_decode_plane_inter(s, avctx->width >> 2, avctx->height >> 2, - s->picture->data[2], s->picture->linesize[2], + p->data[2], p->linesize[2], ir2_luma_table)) < 0) return ret; if ((ret = ir2_decode_plane_inter(s, avctx->width >> 2, avctx->height >> 2, - s->picture->data[1], s->picture->linesize[1], + p->data[1], p->linesize[1], ir2_luma_table)) < 0) return ret; } - if ((ret = av_frame_ref(picture, s->picture)) < 0) + if ((ret = av_frame_ref(picture, p)) < 0) return ret; *got_frame = 1; diff --git a/libavcodec/kgv1dec.c b/libavcodec/kgv1dec.c index f793137306..d4f8356dab 100644 --- a/libavcodec/kgv1dec.c +++ b/libavcodec/kgv1dec.c @@ -38,7 +38,7 @@ static void decode_flush(AVCodecContext *avctx) { KgvContext * const c = avctx->priv_data; - av_frame_unref(c->prev); + av_frame_free(&c->prev); } static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame, @@ -157,13 +157,13 @@ static av_cold int decode_init(AVCodecContext *avctx) { KgvContext * const c = avctx->priv_data; - avctx->pix_fmt = AV_PIX_FMT_RGB555; - avctx->flags |= CODEC_FLAG_EMU_EDGE; - c->prev = av_frame_alloc(); if (!c->prev) return AVERROR(ENOMEM); + avctx->pix_fmt = AV_PIX_FMT_RGB555; + avctx->flags |= CODEC_FLAG_EMU_EDGE; + return 0; } diff --git a/libavcodec/msrle.c b/libavcodec/msrle.c index 2b4ab1a6a5..2836fec2fd 100644 --- a/libavcodec/msrle.c +++ b/libavcodec/msrle.c @@ -38,7 +38,7 @@ typedef struct MsrleContext { AVCodecContext *avctx; - AVFrame frame; + AVFrame *frame; GetByteContext gb; const unsigned char *buf; @@ -70,7 +70,9 @@ static av_cold int msrle_decode_init(AVCodecContext *avctx) return AVERROR_INVALIDDATA; } - avcodec_get_frame_defaults(&s->frame); + s->frame = av_frame_alloc(); + if (!s->frame) + return AVERROR(ENOMEM); if (avctx->extradata_size >= 4) for (i = 0; i < FFMIN(avctx->extradata_size, AVPALETTE_SIZE)/4; i++) @@ -92,24 +94,24 @@ static int msrle_decode_frame(AVCodecContext *avctx, s->buf = buf; s->size = buf_size; - if ((ret = ff_reget_buffer(avctx, &s->frame)) < 0) + if ((ret = ff_reget_buffer(avctx, s->frame)) < 0) return ret; if (avctx->bits_per_coded_sample > 1 && avctx->bits_per_coded_sample <= 8) { const uint8_t *pal = av_packet_get_side_data(avpkt, AV_PKT_DATA_PALETTE, NULL); if (pal) { - s->frame.palette_has_changed = 1; + s->frame->palette_has_changed = 1; memcpy(s->pal, pal, AVPALETTE_SIZE); } /* make the palette available */ - memcpy(s->frame.data[1], s->pal, AVPALETTE_SIZE); + memcpy(s->frame->data[1], s->pal, AVPALETTE_SIZE); } /* FIXME how to correctly detect RLE ??? */ if (avctx->height * istride == avpkt->size) { /* assume uncompressed */ int linesize = (avctx->width * avctx->bits_per_coded_sample + 7) / 8; - uint8_t *ptr = s->frame.data[0]; + uint8_t *ptr = s->frame->data[0]; uint8_t *buf = avpkt->data + (avctx->height-1)*istride; int i, j; @@ -125,14 +127,14 @@ static int msrle_decode_frame(AVCodecContext *avctx, memcpy(ptr, buf, linesize); } buf -= istride; - ptr += s->frame.linesize[0]; + ptr += s->frame->linesize[0]; } } else { bytestream2_init(&s->gb, buf, buf_size); - ff_msrle_decode(avctx, (AVPicture*)&s->frame, avctx->bits_per_coded_sample, &s->gb); + ff_msrle_decode(avctx, (AVPicture*)s->frame, avctx->bits_per_coded_sample, &s->gb); } - if ((ret = av_frame_ref(data, &s->frame)) < 0) + if ((ret = av_frame_ref(data, s->frame)) < 0) return ret; *got_frame = 1; @@ -146,7 +148,7 @@ static av_cold int msrle_decode_end(AVCodecContext *avctx) MsrleContext *s = avctx->priv_data; /* release the last frame */ - av_frame_unref(&s->frame); + av_frame_free(&s->frame); return 0; } From bfe4aa892a53a7586b5e51211171e61c4b5c461c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 17 Nov 2013 01:48:57 +0100 Subject: [PATCH 073/562] Merge commit 'a837c4f2df96a30bf9aa4115b426d608487c7101' * commit 'a837c4f2df96a30bf9aa4115b426d608487c7101': zmbvenc: use the AVFrame API properly. flicvideo: use the AVFrame API properly. smacker: use the AVFrame API properly. mmvideo: use the AVFrame API properly. Conflicts: libavcodec/flicvideo.c libavcodec/mmvideo.c libavcodec/smacker.c libavcodec/zmbvenc.c See: 76e27b1d0594199b4b1ff8520312069f42373944 See: 099e57bc38d7e53cf6823dfec349ff9fdaee99ba Merged-by: Michael Niedermayer (cherry picked from commit fe3808eddee81ce4712d1e729fa6fe619f1685c8) Author of the merged code: Anton Khirnov Signed-off-by: Michael Niedermayer --- libavcodec/flicvideo.c | 61 ++++++++++++++++++++++-------------------- libavcodec/mmvideo.c | 26 +++++++++--------- libavcodec/smacker.c | 8 +++--- libavcodec/zmbvenc.c | 43 +++++++++++++++-------------- 4 files changed, 73 insertions(+), 65 deletions(-) diff --git a/libavcodec/flicvideo.c b/libavcodec/flicvideo.c index 76a7976a7d..a2d59e86c3 100644 --- a/libavcodec/flicvideo.c +++ b/libavcodec/flicvideo.c @@ -71,7 +71,7 @@ typedef struct FlicDecodeContext { AVCodecContext *avctx; - AVFrame frame; + AVFrame *frame; unsigned int palette[256]; int new_palette; @@ -141,7 +141,10 @@ static av_cold int flic_decode_init(AVCodecContext *avctx) return AVERROR_INVALIDDATA; } - avcodec_get_frame_defaults(&s->frame); + s->frame = av_frame_alloc(); + if (!s->frame) + return AVERROR(ENOMEM); + s->new_palette = 0; return 0; @@ -185,11 +188,11 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, bytestream2_init(&g2, buf, buf_size); - if ((ret = ff_reget_buffer(avctx, &s->frame)) < 0) + if ((ret = ff_reget_buffer(avctx, s->frame)) < 0) return ret; - pixels = s->frame.data[0]; - pixel_limit = s->avctx->height * s->frame.linesize[0]; + pixels = s->frame->data[0]; + pixel_limit = s->avctx->height * s->frame->linesize[0]; if (buf_size < 16 || buf_size > INT_MAX - (3 * 256 + FF_INPUT_BUFFER_PADDING_SIZE)) return AVERROR_INVALIDDATA; frame_size = bytestream2_get_le32(&g2); @@ -273,12 +276,12 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, if ((line_packets & 0xC000) == 0xC000) { // line skip opcode line_packets = -line_packets; - y_ptr += line_packets * s->frame.linesize[0]; + y_ptr += line_packets * s->frame->linesize[0]; } else if ((line_packets & 0xC000) == 0x4000) { av_log(avctx, AV_LOG_ERROR, "Undefined opcode (%x) in DELTA_FLI\n", line_packets); } else if ((line_packets & 0xC000) == 0x8000) { // "last byte" opcode - pixel_ptr= y_ptr + s->frame.linesize[0] - 1; + pixel_ptr= y_ptr + s->frame->linesize[0] - 1; CHECK_PIXEL_PTR(0); pixels[pixel_ptr] = line_packets & 0xff; } else { @@ -313,7 +316,7 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, } } - y_ptr += s->frame.linesize[0]; + y_ptr += s->frame->linesize[0]; } } break; @@ -322,7 +325,7 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, /* line compressed */ starting_line = bytestream2_get_le16(&g2); y_ptr = 0; - y_ptr += starting_line * s->frame.linesize[0]; + y_ptr += starting_line * s->frame->linesize[0]; compressed_lines = bytestream2_get_le16(&g2); while (compressed_lines > 0) { @@ -359,7 +362,7 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, } } - y_ptr += s->frame.linesize[0]; + y_ptr += s->frame->linesize[0]; compressed_lines--; } break; @@ -367,7 +370,7 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, case FLI_BLACK: /* set the whole frame to color 0 (which is usually black) */ memset(pixels, 0, - s->frame.linesize[0] * s->avctx->height); + s->frame->linesize[0] * s->avctx->height); break; case FLI_BRUN: @@ -414,7 +417,7 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, } } - y_ptr += s->frame.linesize[0]; + y_ptr += s->frame->linesize[0]; } break; @@ -425,8 +428,8 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, "has incorrect size, skipping chunk\n", chunk_size - 6); bytestream2_skip(&g2, chunk_size - 6); } else { - for (y_ptr = 0; y_ptr < s->frame.linesize[0] * s->avctx->height; - y_ptr += s->frame.linesize[0]) { + for (y_ptr = 0; y_ptr < s->frame->linesize[0] * s->avctx->height; + y_ptr += s->frame->linesize[0]) { bytestream2_get_buffer(&g2, &pixels[y_ptr], s->avctx->width); } @@ -457,13 +460,13 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, buf_size - bytestream2_get_bytes_left(&g2)); /* make the palette available on the way out */ - memcpy(s->frame.data[1], s->palette, AVPALETTE_SIZE); + memcpy(s->frame->data[1], s->palette, AVPALETTE_SIZE); if (s->new_palette) { - s->frame.palette_has_changed = 1; + s->frame->palette_has_changed = 1; s->new_palette = 0; } - if ((ret = av_frame_ref(data, &s->frame)) < 0) + if ((ret = av_frame_ref(data, s->frame)) < 0) return ret; *got_frame = 1; @@ -504,11 +507,11 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, bytestream2_init(&g2, buf, buf_size); - if ((ret = ff_reget_buffer(avctx, &s->frame)) < 0) + if ((ret = ff_reget_buffer(avctx, s->frame)) < 0) return ret; - pixels = s->frame.data[0]; - pixel_limit = s->avctx->height * s->frame.linesize[0]; + pixels = s->frame->data[0]; + pixel_limit = s->avctx->height * s->frame->linesize[0]; frame_size = bytestream2_get_le32(&g2); bytestream2_skip(&g2, 2); /* skip the magic number */ @@ -556,7 +559,7 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, line_packets = bytestream2_get_le16(&g2); if (line_packets < 0) { line_packets = -line_packets; - y_ptr += line_packets * s->frame.linesize[0]; + y_ptr += line_packets * s->frame->linesize[0]; } else { compressed_lines--; pixel_ptr = y_ptr; @@ -589,7 +592,7 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, } } - y_ptr += s->frame.linesize[0]; + y_ptr += s->frame->linesize[0]; } } break; @@ -602,7 +605,7 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, case FLI_BLACK: /* set the whole frame to 0x0000 which is black in both 15Bpp and 16Bpp modes. */ memset(pixels, 0x0000, - s->frame.linesize[0] * s->avctx->height); + s->frame->linesize[0] * s->avctx->height); break; case FLI_BRUN: @@ -657,7 +660,7 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, pixel_ptr += 2; } #endif - y_ptr += s->frame.linesize[0]; + y_ptr += s->frame->linesize[0]; } break; @@ -701,7 +704,7 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, } } - y_ptr += s->frame.linesize[0]; + y_ptr += s->frame->linesize[0]; } break; @@ -714,8 +717,8 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, bytestream2_skip(&g2, chunk_size - 6); } else { - for (y_ptr = 0; y_ptr < s->frame.linesize[0] * s->avctx->height; - y_ptr += s->frame.linesize[0]) { + for (y_ptr = 0; y_ptr < s->frame->linesize[0] * s->avctx->height; + y_ptr += s->frame->linesize[0]) { pixel_countdown = s->avctx->width; pixel_ptr = 0; @@ -748,7 +751,7 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, av_log(avctx, AV_LOG_ERROR, "Processed FLI chunk where chunk size = %d " \ "and final chunk ptr = %d\n", buf_size, bytestream2_tell(&g2)); - if ((ret = av_frame_ref(data, &s->frame)) < 0) + if ((ret = av_frame_ref(data, s->frame)) < 0) return ret; *got_frame = 1; @@ -797,7 +800,7 @@ static av_cold int flic_decode_end(AVCodecContext *avctx) { FlicDecodeContext *s = avctx->priv_data; - av_frame_unref(&s->frame); + av_frame_free(&s->frame); return 0; } diff --git a/libavcodec/mmvideo.c b/libavcodec/mmvideo.c index 800e65c64c..0ba1e0ee53 100644 --- a/libavcodec/mmvideo.c +++ b/libavcodec/mmvideo.c @@ -48,7 +48,7 @@ typedef struct MmContext { AVCodecContext *avctx; - AVFrame frame; + AVFrame *frame; int palette[AVPALETTE_COUNT]; GetByteContext gb; } MmContext; @@ -61,7 +61,9 @@ static av_cold int mm_decode_init(AVCodecContext *avctx) avctx->pix_fmt = AV_PIX_FMT_PAL8; - avcodec_get_frame_defaults(&s->frame); + s->frame = av_frame_alloc(); + if (!s->frame) + return AVERROR(ENOMEM); return 0; } @@ -108,9 +110,9 @@ static int mm_decode_intra(MmContext * s, int half_horiz, int half_vert) return AVERROR_INVALIDDATA; if (color) { - memset(s->frame.data[0] + y*s->frame.linesize[0] + x, color, run_length); + memset(s->frame->data[0] + y*s->frame->linesize[0] + x, color, run_length); if (half_vert) - memset(s->frame.data[0] + (y+1)*s->frame.linesize[0] + x, color, run_length); + memset(s->frame->data[0] + (y+1)*s->frame->linesize[0] + x, color, run_length); } x+= run_length; @@ -158,13 +160,13 @@ static int mm_decode_inter(MmContext * s, int half_horiz, int half_vert) return AVERROR_INVALIDDATA; if (replace) { int color = bytestream2_get_byte(&data_ptr); - s->frame.data[0][y*s->frame.linesize[0] + x] = color; + s->frame->data[0][y*s->frame->linesize[0] + x] = color; if (half_horiz) - s->frame.data[0][y*s->frame.linesize[0] + x + 1] = color; + s->frame->data[0][y*s->frame->linesize[0] + x + 1] = color; if (half_vert) { - s->frame.data[0][(y+1)*s->frame.linesize[0] + x] = color; + s->frame->data[0][(y+1)*s->frame->linesize[0] + x] = color; if (half_horiz) - s->frame.data[0][(y+1)*s->frame.linesize[0] + x + 1] = color; + s->frame->data[0][(y+1)*s->frame->linesize[0] + x + 1] = color; } } x += 1 + half_horiz; @@ -193,7 +195,7 @@ static int mm_decode_frame(AVCodecContext *avctx, buf_size -= MM_PREAMBLE_SIZE; bytestream2_init(&s->gb, buf, buf_size); - if ((res = ff_reget_buffer(avctx, &s->frame)) < 0) + if ((res = ff_reget_buffer(avctx, s->frame)) < 0) return res; switch(type) { @@ -211,9 +213,9 @@ static int mm_decode_frame(AVCodecContext *avctx, if (res < 0) return res; - memcpy(s->frame.data[1], s->palette, AVPALETTE_SIZE); + memcpy(s->frame->data[1], s->palette, AVPALETTE_SIZE); - if ((res = av_frame_ref(data, &s->frame)) < 0) + if ((res = av_frame_ref(data, s->frame)) < 0) return res; *got_frame = 1; @@ -225,7 +227,7 @@ static av_cold int mm_decode_end(AVCodecContext *avctx) { MmContext *s = avctx->priv_data; - av_frame_unref(&s->frame); + av_frame_free(&s->frame); return 0; } diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c index 3cdb0d58b3..717e9ea033 100644 --- a/libavcodec/smacker.c +++ b/libavcodec/smacker.c @@ -584,6 +584,10 @@ static av_cold int decode_init(AVCodecContext *avctx) avctx->pix_fmt = AV_PIX_FMT_PAL8; + c->pic = av_frame_alloc(); + if (!c->pic) + return AVERROR(ENOMEM); + /* decode huffman trees from extradata */ if(avctx->extradata_size < 16){ av_log(avctx, AV_LOG_ERROR, "Extradata missing!\n"); @@ -596,10 +600,6 @@ static av_cold int decode_init(AVCodecContext *avctx) return ret; } - c->pic = av_frame_alloc(); - if (!c->pic) - return AVERROR(ENOMEM); - return 0; } diff --git a/libavcodec/zmbvenc.c b/libavcodec/zmbvenc.c index 2907c99abc..28dbe20f06 100644 --- a/libavcodec/zmbvenc.c +++ b/libavcodec/zmbvenc.c @@ -44,6 +44,7 @@ */ typedef struct ZmbvEncContext { AVCodecContext *avctx; + int range; uint8_t *comp_buf, *work_buf; uint8_t pal[768]; @@ -119,7 +120,7 @@ static int encode_frame(AVCodecContext *avctx, AVPacket *pkt, const AVFrame *pict, int *got_packet) { ZmbvEncContext * const c = avctx->priv_data; - AVFrame * const p = (AVFrame *)pict; + const AVFrame * const p = pict; uint8_t *src, *prev, *buf; uint32_t *palptr; int keyframe, chpal; @@ -132,8 +133,8 @@ static int encode_frame(AVCodecContext *avctx, AVPacket *pkt, c->curfrm++; if(c->curfrm == c->keyint) c->curfrm = 0; - p->pict_type= keyframe ? AV_PICTURE_TYPE_I : AV_PICTURE_TYPE_P; - p->key_frame= keyframe; + avctx->coded_frame->pict_type = keyframe ? AV_PICTURE_TYPE_I : AV_PICTURE_TYPE_P; + avctx->coded_frame->key_frame = keyframe; chpal = !keyframe && memcmp(p->data[1], c->pal2, 1024); palptr = (uint32_t*)p->data[1]; @@ -248,6 +249,20 @@ static int encode_frame(AVCodecContext *avctx, AVPacket *pkt, return 0; } +static av_cold int encode_end(AVCodecContext *avctx) +{ + ZmbvEncContext * const c = avctx->priv_data; + + av_freep(&c->comp_buf); + av_freep(&c->work_buf); + + deflateEnd(&c->zstream); + av_freep(&c->prev); + + av_frame_free(&avctx->coded_frame); + + return 0; +} /** * Init zmbv encoder @@ -309,23 +324,11 @@ static av_cold int encode_init(AVCodecContext *avctx) return -1; } - return 0; -} - - - -/** - * Uninit zmbv encoder - */ -static av_cold int encode_end(AVCodecContext *avctx) -{ - ZmbvEncContext * const c = avctx->priv_data; - - av_freep(&c->comp_buf); - av_freep(&c->work_buf); - - deflateEnd(&c->zstream); - av_freep(&c->prev); + avctx->coded_frame = av_frame_alloc(); + if (!avctx->coded_frame) { + encode_end(avctx); + return AVERROR(ENOMEM); + } return 0; } From dcb91e3dfe077c3ac0717b24288834d851312e04 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 17 Nov 2013 02:09:29 +0100 Subject: [PATCH 074/562] Merge commit '3c8ea9d4a74fd4d7493d40c818ca64ee492709f3' * commit '3c8ea9d4a74fd4d7493d40c818ca64ee492709f3': vmnc: use the AVFrame API properly. xan: use the AVFrame API properly. xxan: use the AVFrame API properly. zerocodec: use the AVFrame API properly. Conflicts: libavcodec/vmnc.c libavcodec/xan.c libavcodec/xxan.c See: cf5ab8b6f71699a48a6384d5e5779630b4be7b56 See: ad438f450b83882a1277a79c1c3d6dfe55573b1c See: 67607e20e882eb5639a4e9099caecb52a863ab68 Merged-by: Michael Niedermayer (cherry picked from commit 8af7774c7aca6f3b595d0417b92f543ce0c7b537) Author of the merged code: Anton Khirnov Signed-off-by: Michael Niedermayer --- libavcodec/vmnc.c | 39 +++++++++++++++++++-------------------- libavcodec/xan.c | 27 +++++++++++++-------------- libavcodec/xxan.c | 24 +++++++++++------------- libavcodec/zerocodec.c | 16 +++++++++++----- 4 files changed, 54 insertions(+), 52 deletions(-) diff --git a/libavcodec/vmnc.c b/libavcodec/vmnc.c index c1b6d4e85d..5f91ab1b31 100644 --- a/libavcodec/vmnc.c +++ b/libavcodec/vmnc.c @@ -57,7 +57,7 @@ enum HexTile_Flags { */ typedef struct VmncContext { AVCodecContext *avctx; - AVFrame *frame; + AVFrame *pic; int bpp; int bpp2; @@ -320,15 +320,14 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame, GetByteContext *gb = &c->gb; uint8_t *outptr; int dx, dy, w, h, depth, enc, chunks, res, size_left, ret; - AVFrame *frame = c->frame; - if ((ret = ff_reget_buffer(avctx, frame)) < 0) + if ((ret = ff_reget_buffer(avctx, c->pic)) < 0) return ret; bytestream2_init(gb, buf, buf_size); - frame->key_frame = 0; - frame->pict_type = AV_PICTURE_TYPE_P; + c->pic->key_frame = 0; + c->pic->pict_type = AV_PICTURE_TYPE_P; // restore screen after cursor if (c->screendta) { @@ -350,11 +349,11 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame, dy = 0; } if ((w > 0) && (h > 0)) { - outptr = frame->data[0] + dx * c->bpp2 + dy * frame->linesize[0]; + outptr = c->pic->data[0] + dx * c->bpp2 + dy * c->pic->linesize[0]; for (i = 0; i < h; i++) { memcpy(outptr, c->screendta + i * c->cur_w * c->bpp2, w * c->bpp2); - outptr += frame->linesize[0]; + outptr += c->pic->linesize[0]; } } } @@ -370,7 +369,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame, w = bytestream2_get_be16(gb); h = bytestream2_get_be16(gb); enc = bytestream2_get_be32(gb); - outptr = frame->data[0] + dx * c->bpp2 + dy * frame->linesize[0]; + outptr = c->pic->data[0] + dx * c->bpp2 + dy * c->pic->linesize[0]; size_left = bytestream2_get_bytes_left(gb); switch (enc) { case MAGIC_WMVd: // cursor @@ -424,8 +423,8 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame, bytestream2_skip(gb, 4); break; case MAGIC_WMVi: // ServerInitialization struct - frame->key_frame = 1; - frame->pict_type = AV_PICTURE_TYPE_I; + c->pic->key_frame = 1; + c->pic->pict_type = AV_PICTURE_TYPE_I; depth = bytestream2_get_byte(gb); if (depth != c->bpp) { av_log(avctx, AV_LOG_INFO, @@ -460,7 +459,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame, return AVERROR_INVALIDDATA; } paint_raw(outptr, w, h, gb, c->bpp2, c->bigendian, - frame->linesize[0]); + c->pic->linesize[0]); break; case 0x00000005: // HexTile encoded rectangle if ((dx + w > c->width) || (dy + h > c->height)) { @@ -469,7 +468,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame, w, h, dx, dy, c->width, c->height); return AVERROR_INVALIDDATA; } - res = decode_hextile(c, outptr, gb, w, h, frame->linesize[0]); + res = decode_hextile(c, outptr, gb, w, h, c->pic->linesize[0]); if (res < 0) return res; break; @@ -498,18 +497,18 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame, dy = 0; } if ((w > 0) && (h > 0)) { - outptr = frame->data[0] + dx * c->bpp2 + dy * frame->linesize[0]; + outptr = c->pic->data[0] + dx * c->bpp2 + dy * c->pic->linesize[0]; for (i = 0; i < h; i++) { memcpy(c->screendta + i * c->cur_w * c->bpp2, outptr, w * c->bpp2); - outptr += frame->linesize[0]; + outptr += c->pic->linesize[0]; } - outptr = frame->data[0]; - put_cursor(outptr, frame->linesize[0], c, c->cur_x, c->cur_y); + outptr = c->pic->data[0]; + put_cursor(outptr, c->pic->linesize[0], c, c->cur_x, c->cur_y); } } *got_frame = 1; - if ((ret = av_frame_ref(data, frame)) < 0) + if ((ret = av_frame_ref(data, c->pic)) < 0) return ret; /* always report that the buffer was completely consumed */ @@ -541,8 +540,8 @@ static av_cold int decode_init(AVCodecContext *avctx) return AVERROR_INVALIDDATA; } - c->frame = av_frame_alloc(); - if (!c->frame) + c->pic = av_frame_alloc(); + if (!c->pic) return AVERROR(ENOMEM); return 0; @@ -552,7 +551,7 @@ static av_cold int decode_end(AVCodecContext *avctx) { VmncContext * const c = avctx->priv_data; - av_frame_free(&c->frame); + av_frame_free(&c->pic); av_freep(&c->curbits); av_freep(&c->curmask); diff --git a/libavcodec/xan.c b/libavcodec/xan.c index 1c2e97cda2..c400f40307 100644 --- a/libavcodec/xan.c +++ b/libavcodec/xan.c @@ -71,7 +71,18 @@ typedef struct XanContext { } XanContext; -static av_cold int xan_decode_end(AVCodecContext *avctx); +static av_cold int xan_decode_end(AVCodecContext *avctx) +{ + XanContext *s = avctx->priv_data; + + av_frame_free(&s->last_frame); + + av_freep(&s->buffer1); + av_freep(&s->buffer2); + av_freep(&s->palettes); + + return 0; +} static av_cold int xan_decode_init(AVCodecContext *avctx) { @@ -92,6 +103,7 @@ static av_cold int xan_decode_init(AVCodecContext *avctx) av_freep(&s->buffer1); return AVERROR(ENOMEM); } + s->last_frame = av_frame_alloc(); if (!s->last_frame) { xan_decode_end(avctx); @@ -624,19 +636,6 @@ static int xan_decode_frame(AVCodecContext *avctx, return buf_size; } -static av_cold int xan_decode_end(AVCodecContext *avctx) -{ - XanContext *s = avctx->priv_data; - - av_frame_free(&s->last_frame); - - av_freep(&s->buffer1); - av_freep(&s->buffer2); - av_freep(&s->palettes); - - return 0; -} - AVCodec ff_xan_wc3_decoder = { .name = "xan_wc3", .long_name = NULL_IF_CONFIG_SMALL("Wing Commander III / Xan"), diff --git a/libavcodec/xxan.c b/libavcodec/xxan.c index 56d5f4961d..b261cdfdec 100644 --- a/libavcodec/xxan.c +++ b/libavcodec/xxan.c @@ -38,7 +38,17 @@ typedef struct XanContext { GetByteContext gb; } XanContext; -static av_cold int xan_decode_end(AVCodecContext *avctx); +static av_cold int xan_decode_end(AVCodecContext *avctx) +{ + XanContext *s = avctx->priv_data; + + av_frame_free(&s->pic); + + av_freep(&s->y_buffer); + av_freep(&s->scratch_buffer); + + return 0; +} static av_cold int xan_decode_init(AVCodecContext *avctx) { @@ -428,18 +438,6 @@ static int xan_decode_frame(AVCodecContext *avctx, return avpkt->size; } -static av_cold int xan_decode_end(AVCodecContext *avctx) -{ - XanContext *s = avctx->priv_data; - - av_frame_free(&s->pic); - - av_freep(&s->y_buffer); - av_freep(&s->scratch_buffer); - - return 0; -} - AVCodec ff_xan_wc4_decoder = { .name = "xan_wc4", .long_name = NULL_IF_CONFIG_SMALL("Wing Commander IV / Xxan"), diff --git a/libavcodec/zerocodec.c b/libavcodec/zerocodec.c index 80264b34d6..9f6c37c02a 100644 --- a/libavcodec/zerocodec.c +++ b/libavcodec/zerocodec.c @@ -23,7 +23,7 @@ #include "libavutil/common.h" typedef struct { - AVFrame previous_frame; + AVFrame *previous_frame; z_stream zstream; } ZeroCodecContext; @@ -32,7 +32,7 @@ static int zerocodec_decode_frame(AVCodecContext *avctx, void *data, { ZeroCodecContext *zc = avctx->priv_data; AVFrame *pic = data; - AVFrame *prev_pic = &zc->previous_frame; + AVFrame *prev_pic = zc->previous_frame; z_stream *zstream = &zc->zstream; uint8_t *prev = prev_pic->data[0]; uint8_t *dst; @@ -91,8 +91,8 @@ static int zerocodec_decode_frame(AVCodecContext *avctx, void *data, dst -= pic->linesize[0]; } - av_frame_unref(&zc->previous_frame); - if ((ret = av_frame_ref(&zc->previous_frame, pic)) < 0) + av_frame_unref(zc->previous_frame); + if ((ret = av_frame_ref(zc->previous_frame, pic)) < 0) return ret; *got_frame = 1; @@ -104,7 +104,7 @@ static av_cold int zerocodec_decode_close(AVCodecContext *avctx) { ZeroCodecContext *zc = avctx->priv_data; - av_frame_unref(&zc->previous_frame); + av_frame_free(&zc->previous_frame); inflateEnd(&zc->zstream); @@ -130,6 +130,12 @@ static av_cold int zerocodec_decode_init(AVCodecContext *avctx) return AVERROR(ENOMEM); } + zc->previous_frame = av_frame_alloc(); + if (!zc->previous_frame) { + zerocodec_decode_close(avctx); + return AVERROR(ENOMEM); + } + return 0; } From 8c53cacbfd3299d9a74202102b32cfd4212d779f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 17 Nov 2013 02:24:27 +0100 Subject: [PATCH 075/562] Merge commit '4a4841d4e0f0dc50998511bf6c48b518012024db' * commit '4a4841d4e0f0dc50998511bf6c48b518012024db': fraps: use the AVFrame API properly. rpza: use the AVFrame API properly. motionpixels: use the AVFrame API properly. vmdvideo: use the AVFrame API properly. Conflicts: libavcodec/fraps.c libavcodec/motionpixels.c libavcodec/rpza.c libavcodec/vmdav.c Merged-by: Michael Niedermayer (cherry picked from commit 4362f272c0ae280cde833589e5c9c6696bd878d5) Conflicts: libavcodec/vmdav.c Author of the merged code: Anton Khirnov --- libavcodec/motionpixels.c | 50 ++++++++++++++++++++++----------------- libavcodec/rpza.c | 16 +++++++------ libavcodec/vmdav.c | 49 ++++++++++++++++++++------------------ 3 files changed, 63 insertions(+), 52 deletions(-) diff --git a/libavcodec/motionpixels.c b/libavcodec/motionpixels.c index f8aa08bcb6..dbe4a68995 100644 --- a/libavcodec/motionpixels.c +++ b/libavcodec/motionpixels.c @@ -36,7 +36,7 @@ typedef struct HuffCode { typedef struct MotionPixelsContext { AVCodecContext *avctx; - AVFrame frame; + AVFrame *frame; DSPContext dsp; uint8_t *changes_map; int offset_bits_len; @@ -50,6 +50,19 @@ typedef struct MotionPixelsContext { int bswapbuf_size; } MotionPixelsContext; +static av_cold int mp_decode_end(AVCodecContext *avctx) +{ + MotionPixelsContext *mp = avctx->priv_data; + + av_freep(&mp->changes_map); + av_freep(&mp->vpt); + av_freep(&mp->hpt); + av_freep(&mp->bswapbuf); + av_frame_free(&mp->frame); + + return 0; +} + static av_cold int mp_decode_init(AVCodecContext *avctx) { MotionPixelsContext *mp = avctx->priv_data; @@ -75,7 +88,13 @@ static av_cold int mp_decode_init(AVCodecContext *avctx) return AVERROR(ENOMEM); } avctx->pix_fmt = AV_PIX_FMT_RGB555; - avcodec_get_frame_defaults(&mp->frame); + + mp->frame = av_frame_alloc(); + if (!mp->frame) { + mp_decode_end(avctx); + return AVERROR(ENOMEM); + } + return 0; } @@ -96,14 +115,14 @@ static void mp_read_changes_map(MotionPixelsContext *mp, GetBitContext *gb, int continue; w = FFMIN(w, mp->avctx->width - x); h = FFMIN(h, mp->avctx->height - y); - pixels = (uint16_t *)&mp->frame.data[0][y * mp->frame.linesize[0] + x * 2]; + pixels = (uint16_t *)&mp->frame->data[0][y * mp->frame->linesize[0] + x * 2]; while (h--) { mp->changes_map[offset] = w; if (read_color) for (i = 0; i < w; ++i) pixels[i] = color; offset += mp->avctx->width; - pixels += mp->frame.linesize[0] / 2; + pixels += mp->frame->linesize[0] / 2; } } } @@ -165,7 +184,7 @@ static YuvPixel mp_get_yuv_from_rgb(MotionPixelsContext *mp, int x, int y) { int color; - color = *(uint16_t *)&mp->frame.data[0][y * mp->frame.linesize[0] + x * 2]; + color = *(uint16_t *)&mp->frame->data[0][y * mp->frame->linesize[0] + x * 2]; return mp_rgb_yuv_table[color]; } @@ -174,7 +193,7 @@ static void mp_set_rgb_from_yuv(MotionPixelsContext *mp, int x, int y, const Yuv int color; color = mp_yuv_to_rgb(p->y, p->v, p->u, 1); - *(uint16_t *)&mp->frame.data[0][y * mp->frame.linesize[0] + x * 2] = color; + *(uint16_t *)&mp->frame->data[0][y * mp->frame->linesize[0] + x * 2] = color; } static int mp_get_vlc(MotionPixelsContext *mp, GetBitContext *gb) @@ -271,7 +290,7 @@ static int mp_decode_frame(AVCodecContext *avctx, GetBitContext gb; int i, count1, count2, sz, ret; - if ((ret = ff_reget_buffer(avctx, &mp->frame)) < 0) + if ((ret = ff_reget_buffer(avctx, mp->frame)) < 0) return ret; /* le32 bitstream msb first */ @@ -297,7 +316,7 @@ static int mp_decode_frame(AVCodecContext *avctx, goto end; if (mp->changes_map[0] == 0) { - *(uint16_t *)mp->frame.data[0] = get_bits(&gb, 15); + *(uint16_t *)mp->frame->data[0] = get_bits(&gb, 15); mp->changes_map[0] = 1; } if (mp_read_codes_table(mp, &gb) < 0) @@ -317,25 +336,12 @@ static int mp_decode_frame(AVCodecContext *avctx, ff_free_vlc(&mp->vlc); end: - if ((ret = av_frame_ref(data, &mp->frame)) < 0) + if ((ret = av_frame_ref(data, mp->frame)) < 0) return ret; *got_frame = 1; return buf_size; } -static av_cold int mp_decode_end(AVCodecContext *avctx) -{ - MotionPixelsContext *mp = avctx->priv_data; - - av_freep(&mp->changes_map); - av_freep(&mp->vpt); - av_freep(&mp->hpt); - av_freep(&mp->bswapbuf); - av_frame_unref(&mp->frame); - - return 0; -} - AVCodec ff_motionpixels_decoder = { .name = "motionpixels", .long_name = NULL_IF_CONFIG_SMALL("Motion Pixels video"), diff --git a/libavcodec/rpza.c b/libavcodec/rpza.c index 4917369de0..d4e2b17add 100644 --- a/libavcodec/rpza.c +++ b/libavcodec/rpza.c @@ -46,7 +46,7 @@ typedef struct RpzaContext { AVCodecContext *avctx; - AVFrame frame; + AVFrame *frame; const unsigned char *buf; int size; @@ -72,7 +72,7 @@ typedef struct RpzaContext { static void rpza_decode_stream(RpzaContext *s) { int width = s->avctx->width; - int stride = s->frame.linesize[0] / 2; + int stride = s->frame->linesize[0] / 2; int row_inc = stride - 4; int stream_ptr = 0; int chunk_size; @@ -82,7 +82,7 @@ static void rpza_decode_stream(RpzaContext *s) unsigned short color4[4]; unsigned char index, idx; unsigned short ta, tb; - unsigned short *pixels = (unsigned short *)s->frame.data[0]; + unsigned short *pixels = (unsigned short *)s->frame->data[0]; int row_ptr = 0; int pixel_ptr = -4; @@ -239,7 +239,9 @@ static av_cold int rpza_decode_init(AVCodecContext *avctx) s->avctx = avctx; avctx->pix_fmt = AV_PIX_FMT_RGB555; - avcodec_get_frame_defaults(&s->frame); + s->frame = av_frame_alloc(); + if (!s->frame) + return AVERROR(ENOMEM); return 0; } @@ -256,12 +258,12 @@ static int rpza_decode_frame(AVCodecContext *avctx, s->buf = buf; s->size = buf_size; - if ((ret = ff_reget_buffer(avctx, &s->frame)) < 0) + if ((ret = ff_reget_buffer(avctx, s->frame)) < 0) return ret; rpza_decode_stream(s); - if ((ret = av_frame_ref(data, &s->frame)) < 0) + if ((ret = av_frame_ref(data, s->frame)) < 0) return ret; *got_frame = 1; @@ -274,7 +276,7 @@ static av_cold int rpza_decode_end(AVCodecContext *avctx) { RpzaContext *s = avctx->priv_data; - av_frame_unref(&s->frame); + av_frame_free(&s->frame); return 0; } diff --git a/libavcodec/vmdav.c b/libavcodec/vmdav.c index ea0e8428d2..36d60eeeb9 100644 --- a/libavcodec/vmdav.c +++ b/libavcodec/vmdav.c @@ -61,7 +61,7 @@ typedef struct VmdVideoContext { AVCodecContext *avctx; - AVFrame prev_frame; + AVFrame *prev_frame; const unsigned char *buf; int size; @@ -244,11 +244,11 @@ static int vmd_decode(VmdVideoContext *s, AVFrame *frame) /* if only a certain region will be updated, copy the entire previous * frame before the decode */ - if (s->prev_frame.data[0] && + if (s->prev_frame->data[0] && (frame_x || frame_y || (frame_width != s->avctx->width) || (frame_height != s->avctx->height))) { - memcpy(frame->data[0], s->prev_frame.data[0], + memcpy(frame->data[0], s->prev_frame->data[0], s->avctx->height * frame->linesize[0]); } @@ -291,7 +291,7 @@ static int vmd_decode(VmdVideoContext *s, AVFrame *frame) } dp = &frame->data[0][frame_y * frame->linesize[0] + frame_x]; - pp = &s->prev_frame.data[0][frame_y * s->prev_frame.linesize[0] + frame_x]; + pp = &s->prev_frame->data[0][frame_y * s->prev_frame->linesize[0] + frame_x]; switch (meth) { case 1: for (i = 0; i < frame_height; i++) { @@ -307,7 +307,7 @@ static int vmd_decode(VmdVideoContext *s, AVFrame *frame) ofs += len; } else { /* interframe pixel copy */ - if (ofs + len + 1 > frame_width || !s->prev_frame.data[0]) + if (ofs + len + 1 > frame_width || !s->prev_frame->data[0]) return AVERROR_INVALIDDATA; memcpy(&dp[ofs], &pp[ofs], len + 1); ofs += len + 1; @@ -320,7 +320,7 @@ static int vmd_decode(VmdVideoContext *s, AVFrame *frame) return AVERROR_INVALIDDATA; } dp += frame->linesize[0]; - pp += s->prev_frame.linesize[0]; + pp += s->prev_frame->linesize[0]; } break; @@ -328,7 +328,7 @@ static int vmd_decode(VmdVideoContext *s, AVFrame *frame) for (i = 0; i < frame_height; i++) { bytestream2_get_buffer(&gb, dp, frame_width); dp += frame->linesize[0]; - pp += s->prev_frame.linesize[0]; + pp += s->prev_frame->linesize[0]; } break; @@ -353,7 +353,7 @@ static int vmd_decode(VmdVideoContext *s, AVFrame *frame) } } else { /* interframe pixel copy */ - if (ofs + len + 1 > frame_width || !s->prev_frame.data[0]) + if (ofs + len + 1 > frame_width || !s->prev_frame->data[0]) return AVERROR_INVALIDDATA; memcpy(&dp[ofs], &pp[ofs], len + 1); ofs += len + 1; @@ -366,13 +366,23 @@ static int vmd_decode(VmdVideoContext *s, AVFrame *frame) return AVERROR_INVALIDDATA; } dp += frame->linesize[0]; - pp += s->prev_frame.linesize[0]; + pp += s->prev_frame->linesize[0]; } break; } return 0; } +static av_cold int vmdvideo_decode_end(AVCodecContext *avctx) +{ + VmdVideoContext *s = avctx->priv_data; + + av_frame_free(&s->prev_frame); + av_freep(&s->unpack_buffer); + + return 0; +} + static av_cold int vmdvideo_decode_init(AVCodecContext *avctx) { VmdVideoContext *s = avctx->priv_data; @@ -412,7 +422,11 @@ static av_cold int vmdvideo_decode_init(AVCodecContext *avctx) palette32[i] |= palette32[i] >> 6 & 0x30303; } - avcodec_get_frame_defaults(&s->prev_frame); + s->prev_frame = av_frame_alloc(); + if (!s->prev_frame) { + vmdvideo_decode_end(avctx); + return AVERROR(ENOMEM); + } return 0; } @@ -443,8 +457,8 @@ static int vmdvideo_decode_frame(AVCodecContext *avctx, memcpy(frame->data[1], s->palette, PALETTE_COUNT * 4); /* shuffle frames */ - av_frame_unref(&s->prev_frame); - if ((ret = av_frame_ref(&s->prev_frame, frame)) < 0) + av_frame_unref(s->prev_frame); + if ((ret = av_frame_ref(s->prev_frame, frame)) < 0) return ret; *got_frame = 1; @@ -453,17 +467,6 @@ static int vmdvideo_decode_frame(AVCodecContext *avctx, return buf_size; } -static av_cold int vmdvideo_decode_end(AVCodecContext *avctx) -{ - VmdVideoContext *s = avctx->priv_data; - - av_frame_unref(&s->prev_frame); - av_free(s->unpack_buffer); - - return 0; -} - - /* * Audio Decoder */ From dbb4ff685135a39f37224fd9e85bbf59c215c6d1 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 17 Nov 2013 02:33:49 +0100 Subject: [PATCH 076/562] Merge commit '508b37557bf36eae83c18e64d42f27b44a321d81' * commit '508b37557bf36eae83c18e64d42f27b44a321d81': tiertexseqv: use the AVFrame API properly. smc: use the AVFrame API properly. truemotion2: use the AVFrame API properly. truemotion1: use the AVFrame API properly. Conflicts: libavcodec/smc.c libavcodec/tiertexseqv.c libavcodec/truemotion1.c libavcodec/truemotion2.c See: e999f2339ab0200039ee7123b75d79a52aaac5d1 Merged-by: Michael Niedermayer (cherry picked from commit 72df87088c8a6593d66b207140edd32b4d2fb6ee) Author of the merged code: Anton Khirnov Signed-off-by: Michael Niedermayer --- libavcodec/smc.c | 22 ++++++++++++---------- libavcodec/tiertexseqv.c | 28 +++++++++++++++------------- libavcodec/truemotion1.c | 22 ++++++++++++---------- libavcodec/truemotion2.c | 1 + 4 files changed, 40 insertions(+), 33 deletions(-) diff --git a/libavcodec/smc.c b/libavcodec/smc.c index 3b836e7c7a..31e6c885bf 100644 --- a/libavcodec/smc.c +++ b/libavcodec/smc.c @@ -46,7 +46,7 @@ typedef struct SmcContext { AVCodecContext *avctx; - AVFrame frame; + AVFrame *frame; GetByteContext gb; @@ -81,7 +81,7 @@ static void smc_decode_stream(SmcContext *s) { int width = s->avctx->width; int height = s->avctx->height; - int stride = s->frame.linesize[0]; + int stride = s->frame->linesize[0]; int i; int chunk_size; int buf_size = bytestream2_size(&s->gb); @@ -92,9 +92,9 @@ static void smc_decode_stream(SmcContext *s) unsigned int color_flags_b; unsigned int flag_mask; - unsigned char *pixels = s->frame.data[0]; + unsigned char *pixels = s->frame->data[0]; - int image_size = height * s->frame.linesize[0]; + int image_size = height * s->frame->linesize[0]; int row_ptr = 0; int pixel_ptr = 0; int pixel_x, pixel_y; @@ -112,7 +112,7 @@ static void smc_decode_stream(SmcContext *s) int color_octet_index = 0; /* make the palette available */ - memcpy(s->frame.data[1], s->pal, AVPALETTE_SIZE); + memcpy(s->frame->data[1], s->pal, AVPALETTE_SIZE); bytestream2_skip(&s->gb, 1); chunk_size = bytestream2_get_be24(&s->gb); @@ -417,7 +417,9 @@ static av_cold int smc_decode_init(AVCodecContext *avctx) s->avctx = avctx; avctx->pix_fmt = AV_PIX_FMT_PAL8; - avcodec_get_frame_defaults(&s->frame); + s->frame = av_frame_alloc(); + if (!s->frame) + return AVERROR(ENOMEM); return 0; } @@ -434,18 +436,18 @@ static int smc_decode_frame(AVCodecContext *avctx, bytestream2_init(&s->gb, buf, buf_size); - if ((ret = ff_reget_buffer(avctx, &s->frame)) < 0) + if ((ret = ff_reget_buffer(avctx, s->frame)) < 0) return ret; if (pal) { - s->frame.palette_has_changed = 1; + s->frame->palette_has_changed = 1; memcpy(s->pal, pal, AVPALETTE_SIZE); } smc_decode_stream(s); *got_frame = 1; - if ((ret = av_frame_ref(data, &s->frame)) < 0) + if ((ret = av_frame_ref(data, s->frame)) < 0) return ret; /* always report that the buffer was completely consumed */ @@ -456,7 +458,7 @@ static av_cold int smc_decode_end(AVCodecContext *avctx) { SmcContext *s = avctx->priv_data; - av_frame_unref(&s->frame); + av_frame_free(&s->frame); return 0; } diff --git a/libavcodec/tiertexseqv.c b/libavcodec/tiertexseqv.c index 0da9afdaa3..7c62208dc5 100644 --- a/libavcodec/tiertexseqv.c +++ b/libavcodec/tiertexseqv.c @@ -32,7 +32,7 @@ typedef struct SeqVideoContext { AVCodecContext *avctx; - AVFrame frame; + AVFrame *frame; } SeqVideoContext; @@ -93,14 +93,14 @@ static const unsigned char *seq_decode_op1(SeqVideoContext *seq, src = seq_unpack_rle_block(src, src_end, block, sizeof(block)); for (b = 0; b < 8; b++) { memcpy(dst, &block[b * 8], 8); - dst += seq->frame.linesize[0]; + dst += seq->frame->linesize[0]; } break; case 2: src = seq_unpack_rle_block(src, src_end, block, sizeof(block)); for (i = 0; i < 8; i++) { for (b = 0; b < 8; b++) - dst[b * seq->frame.linesize[0]] = block[i * 8 + b]; + dst[b * seq->frame->linesize[0]] = block[i * 8 + b]; ++dst; } break; @@ -117,7 +117,7 @@ static const unsigned char *seq_decode_op1(SeqVideoContext *seq, for (b = 0; b < 8; b++) { for (i = 0; i < 8; i++) dst[i] = color_table[get_bits(&gb, bits)]; - dst += seq->frame.linesize[0]; + dst += seq->frame->linesize[0]; } } @@ -137,7 +137,7 @@ static const unsigned char *seq_decode_op2(SeqVideoContext *seq, for (i = 0; i < 8; i++) { memcpy(dst, src, 8); src += 8; - dst += seq->frame.linesize[0]; + dst += seq->frame->linesize[0]; } return src; @@ -154,7 +154,7 @@ static const unsigned char *seq_decode_op3(SeqVideoContext *seq, if (src_end - src < 2) return NULL; pos = *src++; - offset = ((pos >> 3) & 7) * seq->frame.linesize[0] + (pos & 7); + offset = ((pos >> 3) & 7) * seq->frame->linesize[0] + (pos & 7); dst[offset] = *src++; } while (!(pos & 0x80)); @@ -173,7 +173,7 @@ static int seqvideo_decode(SeqVideoContext *seq, const unsigned char *data, int flags = *data++; if (flags & 1) { - palette = (uint32_t *)seq->frame.data[1]; + palette = (uint32_t *)seq->frame->data[1]; if (data_end - data < 256 * 3) return AVERROR_INVALIDDATA; for (i = 0; i < 256; i++) { @@ -181,7 +181,7 @@ static int seqvideo_decode(SeqVideoContext *seq, const unsigned char *data, int c[j] = (*data << 2) | (*data >> 4); palette[i] = 0xFFU << 24 | AV_RB24(c); } - seq->frame.palette_has_changed = 1; + seq->frame->palette_has_changed = 1; } if (flags & 2) { @@ -190,7 +190,7 @@ static int seqvideo_decode(SeqVideoContext *seq, const unsigned char *data, int init_get_bits(&gb, data, 128 * 8); data += 128; for (y = 0; y < 128; y += 8) for (x = 0; x < 256; x += 8) { - dst = &seq->frame.data[0][y * seq->frame.linesize[0] + x]; + dst = &seq->frame->data[0][y * seq->frame->linesize[0] + x]; op = get_bits(&gb, 2); switch (op) { case 1: @@ -217,7 +217,9 @@ static av_cold int seqvideo_decode_init(AVCodecContext *avctx) seq->avctx = avctx; avctx->pix_fmt = AV_PIX_FMT_PAL8; - avcodec_get_frame_defaults(&seq->frame); + seq->frame = av_frame_alloc(); + if (!seq->frame) + return AVERROR(ENOMEM); return 0; } @@ -232,13 +234,13 @@ static int seqvideo_decode_frame(AVCodecContext *avctx, SeqVideoContext *seq = avctx->priv_data; - if ((ret = ff_reget_buffer(avctx, &seq->frame)) < 0) + if ((ret = ff_reget_buffer(avctx, seq->frame)) < 0) return ret; if (seqvideo_decode(seq, buf, buf_size)) return AVERROR_INVALIDDATA; - if ((ret = av_frame_ref(data, &seq->frame)) < 0) + if ((ret = av_frame_ref(data, seq->frame)) < 0) return ret; *got_frame = 1; @@ -249,7 +251,7 @@ static av_cold int seqvideo_decode_end(AVCodecContext *avctx) { SeqVideoContext *seq = avctx->priv_data; - av_frame_unref(&seq->frame); + av_frame_free(&seq->frame); return 0; } diff --git a/libavcodec/truemotion1.c b/libavcodec/truemotion1.c index d72cee8aea..db49080de2 100644 --- a/libavcodec/truemotion1.c +++ b/libavcodec/truemotion1.c @@ -44,7 +44,7 @@ typedef struct TrueMotion1Context { AVCodecContext *avctx; - AVFrame frame; + AVFrame *frame; const uint8_t *buf; int size; @@ -402,7 +402,7 @@ static int truemotion1_decode_header(TrueMotion1Context *s) if (s->w != s->avctx->width || s->h != s->avctx->height || new_pix_fmt != s->avctx->pix_fmt) { - av_frame_unref(&s->frame); + av_frame_unref(s->frame); s->avctx->sample_aspect_ratio = (AVRational){ 1 << width_shift, 1 }; s->avctx->pix_fmt = new_pix_fmt; avcodec_set_dimensions(s->avctx, s->w, s->h); @@ -470,7 +470,9 @@ static av_cold int truemotion1_decode_init(AVCodecContext *avctx) // else // avctx->pix_fmt = AV_PIX_FMT_RGB555; - avcodec_get_frame_defaults(&s->frame); + s->frame = av_frame_alloc(); + if (!s->frame) + return AVERROR(ENOMEM); /* there is a vertical predictor for each pixel in a line; each vertical * predictor is 0 to start with */ @@ -613,7 +615,7 @@ static void truemotion1_decode_16bit(TrueMotion1Context *s) unsigned int horiz_pred; unsigned int *vert_pred; unsigned int *current_pixel_pair; - unsigned char *current_line = s->frame.data[0]; + unsigned char *current_line = s->frame->data[0]; int keyframe = s->flags & FLAG_KEYFRAME; /* these variables are for managing the stream of macroblock change bits */ @@ -727,7 +729,7 @@ static void truemotion1_decode_16bit(TrueMotion1Context *s) if (((y + 1) & 3) == 0) mb_change_bits += s->mb_change_bits_row_size; - current_line += s->frame.linesize[0]; + current_line += s->frame->linesize[0]; } } @@ -739,7 +741,7 @@ static void truemotion1_decode_24bit(TrueMotion1Context *s) unsigned int horiz_pred; unsigned int *vert_pred; unsigned int *current_pixel_pair; - unsigned char *current_line = s->frame.data[0]; + unsigned char *current_line = s->frame->data[0]; int keyframe = s->flags & FLAG_KEYFRAME; /* these variables are for managing the stream of macroblock change bits */ @@ -853,7 +855,7 @@ static void truemotion1_decode_24bit(TrueMotion1Context *s) if (((y + 1) & 3) == 0) mb_change_bits += s->mb_change_bits_row_size; - current_line += s->frame.linesize[0]; + current_line += s->frame->linesize[0]; } } @@ -872,7 +874,7 @@ static int truemotion1_decode_frame(AVCodecContext *avctx, if ((ret = truemotion1_decode_header(s)) < 0) return ret; - if ((ret = ff_reget_buffer(avctx, &s->frame)) < 0) + if ((ret = ff_reget_buffer(avctx, s->frame)) < 0) return ret; if (compression_types[s->compression].algorithm == ALGO_RGB24H) { @@ -881,7 +883,7 @@ static int truemotion1_decode_frame(AVCodecContext *avctx, truemotion1_decode_16bit(s); } - if ((ret = av_frame_ref(data, &s->frame)) < 0) + if ((ret = av_frame_ref(data, s->frame)) < 0) return ret; *got_frame = 1; @@ -894,7 +896,7 @@ static av_cold int truemotion1_decode_end(AVCodecContext *avctx) { TrueMotion1Context *s = avctx->priv_data; - av_frame_unref(&s->frame); + av_frame_free(&s->frame); av_freep(&s->vert_pred); return 0; diff --git a/libavcodec/truemotion2.c b/libavcodec/truemotion2.c index 42badcbf8e..a1683f5b1a 100644 --- a/libavcodec/truemotion2.c +++ b/libavcodec/truemotion2.c @@ -931,6 +931,7 @@ static av_cold int decode_init(AVCodecContext *avctx) l->avctx = avctx; avctx->pix_fmt = AV_PIX_FMT_BGR24; + l->pic = av_frame_alloc(); if (!l->pic) return AVERROR(ENOMEM); From 48c192c48c3cf563bb763cdcd4b880cf7645557d Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 17 Nov 2013 02:43:57 +0100 Subject: [PATCH 077/562] Merge commit '730bac7bab3c7dcd9fcb7c70f154e5f4cfaef9a7' * commit '730bac7bab3c7dcd9fcb7c70f154e5f4cfaef9a7': mss4: use the AVFrame API properly. mss3: use the AVFrame API properly. mss2: use the AVFrame API properly. mss1: use the AVFrame API properly. Conflicts: libavcodec/mss1.c libavcodec/mss2.c libavcodec/mss3.c libavcodec/mss4.c See: 02fe531afefa7ac3fcc552f8e83461a4bfa7f868 See: ff1c13b133d548b3ce103f91999b6cc1bb7e65cc See: 310bf283542ff81a9ec8fa7492fe7d625e80562f Merged-by: Michael Niedermayer (cherry picked from commit 8d193a24f2da825aaf5382e4aa42ab533806b033) Author of the merged code: Anton Khirnov Signed-off-by: Michael Niedermayer --- libavcodec/mss1.c | 28 +++++++++++++++------------- libavcodec/mss2.c | 1 + libavcodec/mss3.c | 33 ++++++++++++++++++--------------- libavcodec/mss4.c | 37 +++++++++++++++++++------------------ 4 files changed, 53 insertions(+), 46 deletions(-) diff --git a/libavcodec/mss1.c b/libavcodec/mss1.c index 46ea2b55d6..041898488c 100644 --- a/libavcodec/mss1.c +++ b/libavcodec/mss1.c @@ -30,7 +30,7 @@ typedef struct MSS1Context { MSS12Context ctx; - AVFrame pic; + AVFrame *pic; SliceContext sc; } MSS1Context; @@ -151,32 +151,32 @@ static int mss1_decode_frame(AVCodecContext *avctx, void *data, int *got_frame, init_get_bits(&gb, buf, buf_size * 8); arith_init(&acoder, &gb); - if ((ret = ff_reget_buffer(avctx, &ctx->pic)) < 0) + if ((ret = ff_reget_buffer(avctx, ctx->pic)) < 0) return ret; - c->pal_pic = ctx->pic.data[0] + ctx->pic.linesize[0] * (avctx->height - 1); - c->pal_stride = -ctx->pic.linesize[0]; + c->pal_pic = ctx->pic->data[0] + ctx->pic->linesize[0] * (avctx->height - 1); + c->pal_stride = -ctx->pic->linesize[0]; c->keyframe = !arith_get_bit(&acoder); if (c->keyframe) { c->corrupted = 0; ff_mss12_slicecontext_reset(&ctx->sc); pal_changed = decode_pal(c, &acoder); - ctx->pic.key_frame = 1; - ctx->pic.pict_type = AV_PICTURE_TYPE_I; + ctx->pic->key_frame = 1; + ctx->pic->pict_type = AV_PICTURE_TYPE_I; } else { if (c->corrupted) return AVERROR_INVALIDDATA; - ctx->pic.key_frame = 0; - ctx->pic.pict_type = AV_PICTURE_TYPE_P; + ctx->pic->key_frame = 0; + ctx->pic->pict_type = AV_PICTURE_TYPE_P; } c->corrupted = ff_mss12_decode_rect(&ctx->sc, &acoder, 0, 0, avctx->width, avctx->height); if (c->corrupted) return AVERROR_INVALIDDATA; - memcpy(ctx->pic.data[1], c->pal, AVPALETTE_SIZE); - ctx->pic.palette_has_changed = pal_changed; + memcpy(ctx->pic->data[1], c->pal, AVPALETTE_SIZE); + ctx->pic->palette_has_changed = pal_changed; - if ((ret = av_frame_ref(data, &ctx->pic)) < 0) + if ((ret = av_frame_ref(data, ctx->pic)) < 0) return ret; *got_frame = 1; @@ -192,7 +192,9 @@ static av_cold int mss1_decode_init(AVCodecContext *avctx) c->ctx.avctx = avctx; - avcodec_get_frame_defaults(&c->pic); + c->pic = av_frame_alloc(); + if (!c->pic) + return AVERROR(ENOMEM); ret = ff_mss12_decode_init(&c->ctx, 0, &c->sc, NULL); @@ -205,7 +207,7 @@ static av_cold int mss1_decode_end(AVCodecContext *avctx) { MSS1Context * const ctx = avctx->priv_data; - av_frame_unref(&ctx->pic); + av_frame_free(&ctx->pic); ff_mss12_decode_end(&ctx->ctx); return 0; diff --git a/libavcodec/mss2.c b/libavcodec/mss2.c index fcb50e3f09..6c616fa522 100644 --- a/libavcodec/mss2.c +++ b/libavcodec/mss2.c @@ -837,6 +837,7 @@ static av_cold int mss2_decode_init(AVCodecContext *avctx) avctx->pix_fmt = c->free_colours == 127 ? AV_PIX_FMT_RGB555 : AV_PIX_FMT_RGB24; + return 0; } diff --git a/libavcodec/mss3.c b/libavcodec/mss3.c index a3aec80c2d..c6bb838045 100644 --- a/libavcodec/mss3.c +++ b/libavcodec/mss3.c @@ -803,15 +803,24 @@ static int mss3_decode_frame(AVCodecContext *avctx, void *data, int *got_frame, return buf_size; } +static av_cold int mss3_decode_end(AVCodecContext *avctx) +{ + MSS3Context * const c = avctx->priv_data; + int i; + + av_frame_free(&c->pic); + for (i = 0; i < 3; i++) + av_freep(&c->dct_coder[i].prev_dc); + + return 0; +} + static av_cold int mss3_decode_init(AVCodecContext *avctx) { MSS3Context * const c = avctx->priv_data; int i; c->avctx = avctx; - c->pic = av_frame_alloc(); - if (!c->pic) - return AVERROR(ENOMEM); if ((avctx->width & 0xF) || (avctx->height & 0xF)) { av_log(avctx, AV_LOG_ERROR, @@ -838,6 +847,12 @@ static av_cold int mss3_decode_init(AVCodecContext *avctx) } } + c->pic = av_frame_alloc(); + if (!c->pic) { + mss3_decode_end(avctx); + return AVERROR(ENOMEM); + } + avctx->pix_fmt = AV_PIX_FMT_YUV420P; init_coders(c); @@ -845,18 +860,6 @@ static av_cold int mss3_decode_init(AVCodecContext *avctx) return 0; } -static av_cold int mss3_decode_end(AVCodecContext *avctx) -{ - MSS3Context * const c = avctx->priv_data; - int i; - - av_frame_free(&c->pic); - for (i = 0; i < 3; i++) - av_freep(&c->dct_coder[i].prev_dc); - - return 0; -} - AVCodec ff_msa1_decoder = { .name = "msa1", .long_name = NULL_IF_CONFIG_SMALL("MS ATC Screen"), diff --git a/libavcodec/mss4.c b/libavcodec/mss4.c index fd1f316bbf..662cf24df5 100644 --- a/libavcodec/mss4.c +++ b/libavcodec/mss4.c @@ -626,14 +626,23 @@ static int mss4_decode_frame(AVCodecContext *avctx, void *data, int *got_frame, return buf_size; } -static av_cold int mss4_decode_init(AVCodecContext *avctx) +static av_cold int mss4_decode_end(AVCodecContext *avctx) { MSS4Context * const c = avctx->priv_data; int i; - c->pic = av_frame_alloc(); - if (!c->pic) - return AVERROR(ENOMEM); + av_frame_free(&c->pic); + for (i = 0; i < 3; i++) + av_freep(&c->prev_dc[i]); + mss4_free_vlcs(c); + + return 0; +} + +static av_cold int mss4_decode_init(AVCodecContext *avctx) +{ + MSS4Context * const c = avctx->priv_data; + int i; if (mss4_init_vlcs(c)) { av_log(avctx, AV_LOG_ERROR, "Cannot initialise VLCs\n"); @@ -650,25 +659,17 @@ static av_cold int mss4_decode_init(AVCodecContext *avctx) } } + c->pic = av_frame_alloc(); + if (!c->pic) { + mss4_decode_end(avctx); + return AVERROR(ENOMEM); + } + avctx->pix_fmt = AV_PIX_FMT_YUV444P; return 0; } -static av_cold int mss4_decode_end(AVCodecContext *avctx) -{ - MSS4Context * const c = avctx->priv_data; - int i; - - av_frame_free(&c->pic); - - for (i = 0; i < 3; i++) - av_freep(&c->prev_dc[i]); - mss4_free_vlcs(c); - - return 0; -} - AVCodec ff_mts2_decoder = { .name = "mts2", .long_name = NULL_IF_CONFIG_SMALL("MS Expression Encoder Screen"), From badb8e15ac00a590f4b85d86b4e0277c72562acd Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 17 Nov 2013 03:17:00 +0100 Subject: [PATCH 078/562] Merge commit 'e4155f15b35c4272a235f5521d2dc6c2aabdd462' * commit 'e4155f15b35c4272a235f5521d2dc6c2aabdd462': eamad: use the AVFrame API properly. dpxenc: use the AVFrame API properly. bmpenc: use the AVFrame API properly. sgienc: use the AVFrame API properly. Conflicts: libavcodec/bmpenc.c libavcodec/dpxenc.c libavcodec/eamad.c libavcodec/sgienc.c Merged-by: Michael Niedermayer (cherry picked from commit 9ad477d9098b5281cede0bd8525ca90b0e52436d) Conflicts: libavcodec/eamad.c Author of the merged code: Anton Khirnov --- libavcodec/bmpenc.c | 17 +++++++++++++--- libavcodec/eamad.c | 49 +++++++++++++++++++++++++-------------------- libavcodec/sgienc.c | 16 ++++++++++++--- 3 files changed, 54 insertions(+), 28 deletions(-) diff --git a/libavcodec/bmpenc.c b/libavcodec/bmpenc.c index ad02a6b314..2a1956dc4a 100644 --- a/libavcodec/bmpenc.c +++ b/libavcodec/bmpenc.c @@ -60,22 +60,26 @@ static av_cold int bmp_encode_init(AVCodecContext *avctx){ return AVERROR(EINVAL); } + avctx->coded_frame = av_frame_alloc(); + if (!avctx->coded_frame) + return AVERROR(ENOMEM); + return 0; } static int bmp_encode_frame(AVCodecContext *avctx, AVPacket *pkt, const AVFrame *pict, int *got_packet) { + const AVFrame * const p = pict; int n_bytes_image, n_bytes_per_row, n_bytes, i, n, hsize, ret; const uint32_t *pal = NULL; uint32_t palette256[256]; int pad_bytes_per_row, pal_entries = 0, compression = BMP_RGB; int bit_count = avctx->bits_per_coded_sample; uint8_t *ptr, *buf; - AVFrame * const p = (AVFrame *)pict; - p->pict_type= AV_PICTURE_TYPE_I; - p->key_frame= 1; + avctx->coded_frame->pict_type = AV_PICTURE_TYPE_I; + avctx->coded_frame->key_frame = 1; switch (avctx->pix_fmt) { case AV_PIX_FMT_RGB444: compression = BMP_BITFIELDS; @@ -159,6 +163,12 @@ static int bmp_encode_frame(AVCodecContext *avctx, AVPacket *pkt, return 0; } +static av_cold int bmp_encode_close(AVCodecContext *avctx) +{ + av_frame_free(&avctx->coded_frame); + return 0; +} + AVCodec ff_bmp_encoder = { .name = "bmp", .long_name = NULL_IF_CONFIG_SMALL("BMP (Windows and OS/2 bitmap)"), @@ -166,6 +176,7 @@ AVCodec ff_bmp_encoder = { .id = AV_CODEC_ID_BMP, .init = bmp_encode_init, .encode2 = bmp_encode_frame, + .close = bmp_encode_close, .pix_fmts = (const enum AVPixelFormat[]){ AV_PIX_FMT_BGRA, AV_PIX_FMT_BGR24, AV_PIX_FMT_RGB565, AV_PIX_FMT_RGB555, AV_PIX_FMT_RGB444, diff --git a/libavcodec/eamad.c b/libavcodec/eamad.c index 6d8291e514..cfdb4c5f16 100644 --- a/libavcodec/eamad.c +++ b/libavcodec/eamad.c @@ -45,7 +45,7 @@ typedef struct MadContext { AVCodecContext *avctx; DSPContext dsp; - AVFrame last_frame; + AVFrame *last_frame; GetBitContext gb; void *bitstream_buf; unsigned int bitstream_buf_size; @@ -65,6 +65,11 @@ static av_cold int decode_init(AVCodecContext *avctx) ff_init_scantable_permutation(s->dsp.idct_permutation, FF_NO_IDCT_PERM); ff_init_scantable(s->dsp.idct_permutation, &s->scantable, ff_zigzag_direct); ff_mpeg12_init_vlcs(); + + s->last_frame = av_frame_alloc(); + if (!s->last_frame) + return AVERROR(ENOMEM); + return 0; } @@ -82,22 +87,22 @@ static inline void comp_block(MadContext *t, AVFrame *frame, int j, int mv_x, int mv_y, int add) { if (j < 4) { - unsigned offset = (mb_y*16 + ((j&2)<<2) + mv_y)*t->last_frame.linesize[0] + mb_x*16 + ((j&1)<<3) + mv_x; - if (offset >= (t->avctx->height - 7) * t->last_frame.linesize[0] - 7) + unsigned offset = (mb_y*16 + ((j&2)<<2) + mv_y)*t->last_frame->linesize[0] + mb_x*16 + ((j&1)<<3) + mv_x; + if (offset >= (t->avctx->height - 7) * t->last_frame->linesize[0] - 7) return; comp(frame->data[0] + (mb_y*16 + ((j&2)<<2))*frame->linesize[0] + mb_x*16 + ((j&1)<<3), frame->linesize[0], - t->last_frame.data[0] + offset, - t->last_frame.linesize[0], add); + t->last_frame->data[0] + offset, + t->last_frame->linesize[0], add); } else if (!(t->avctx->flags & CODEC_FLAG_GRAY)) { int index = j - 3; - unsigned offset = (mb_y * 8 + (mv_y/2))*t->last_frame.linesize[index] + mb_x * 8 + (mv_x/2); - if (offset >= (t->avctx->height/2 - 7) * t->last_frame.linesize[index] - 7) + unsigned offset = (mb_y * 8 + (mv_y/2))*t->last_frame->linesize[index] + mb_x * 8 + (mv_x/2); + if (offset >= (t->avctx->height/2 - 7) * t->last_frame->linesize[index] - 7) return; comp(frame->data[index] + (mb_y*8)*frame->linesize[index] + mb_x * 8, frame->linesize[index], - t->last_frame.data[index] + offset, - t->last_frame.linesize[index], add); + t->last_frame->data[index] + offset, + t->last_frame->linesize[index], add); } } @@ -205,7 +210,7 @@ static int decode_mb(MadContext *s, AVFrame *frame, int inter) for (j=0; j<6; j++) { if (mv_map & (1<gb); - if (s->last_frame.data[0]) + if (s->last_frame->data[0]) comp_block(s, frame, s->mb_x, s->mb_y, j, mv_x, mv_y, add); } else { s->dsp.clear_block(s->block); @@ -263,28 +268,28 @@ static int decode_frame(AVCodecContext *avctx, } if (avctx->width != width || avctx->height != height) { + av_frame_unref(s->last_frame); if((width * height)/2048*7 > buf_end-buf) return AVERROR_INVALIDDATA; if ((ret = av_image_check_size(width, height, 0, avctx)) < 0) return ret; avcodec_set_dimensions(avctx, width, height); - av_frame_unref(&s->last_frame); } if ((ret = ff_get_buffer(avctx, frame, AV_GET_BUFFER_FLAG_REF)) < 0) return ret; - if (inter && !s->last_frame.data[0]) { + if (inter && !s->last_frame->data[0]) { av_log(avctx, AV_LOG_WARNING, "Missing reference frame.\n"); - ret = ff_get_buffer(avctx, &s->last_frame, AV_GET_BUFFER_FLAG_REF); + ret = ff_get_buffer(avctx, s->last_frame, AV_GET_BUFFER_FLAG_REF); if (ret < 0) return ret; - memset(s->last_frame.data[0], 0, s->last_frame.height * - s->last_frame.linesize[0]); - memset(s->last_frame.data[1], 0x80, s->last_frame.height / 2 * - s->last_frame.linesize[1]); - memset(s->last_frame.data[2], 0x80, s->last_frame.height / 2 * - s->last_frame.linesize[2]); + memset(s->last_frame->data[0], 0, s->last_frame->height * + s->last_frame->linesize[0]); + memset(s->last_frame->data[1], 0x80, s->last_frame->height / 2 * + s->last_frame->linesize[1]); + memset(s->last_frame->data[2], 0x80, s->last_frame->height / 2 * + s->last_frame->linesize[2]); } av_fast_padded_malloc(&s->bitstream_buf, &s->bitstream_buf_size, @@ -303,8 +308,8 @@ static int decode_frame(AVCodecContext *avctx, *got_frame = 1; if (chunk_type != MADe_TAG) { - av_frame_unref(&s->last_frame); - if ((ret = av_frame_ref(&s->last_frame, frame)) < 0) + av_frame_unref(s->last_frame); + if ((ret = av_frame_ref(s->last_frame, frame)) < 0) return ret; } @@ -314,7 +319,7 @@ static int decode_frame(AVCodecContext *avctx, static av_cold int decode_end(AVCodecContext *avctx) { MadContext *t = avctx->priv_data; - av_frame_unref(&t->last_frame); + av_frame_free(&t->last_frame); av_free(t->bitstream_buf); return 0; } diff --git a/libavcodec/sgienc.c b/libavcodec/sgienc.c index 48532ff3e1..0e4f304a23 100644 --- a/libavcodec/sgienc.c +++ b/libavcodec/sgienc.c @@ -34,6 +34,9 @@ static av_cold int encode_init(AVCodecContext *avctx) av_log(avctx, AV_LOG_ERROR, "SGI does not support resolutions above 65535x65535\n"); return -1; } + avctx->coded_frame = av_frame_alloc(); + if (!avctx->coded_frame) + return AVERROR(ENOMEM); return 0; } @@ -41,14 +44,14 @@ static av_cold int encode_init(AVCodecContext *avctx) static int encode_frame(AVCodecContext *avctx, AVPacket *pkt, const AVFrame *frame, int *got_packet) { - AVFrame * const p = (AVFrame *)frame; + const AVFrame * const p = frame; uint8_t *offsettab, *lengthtab, *in_buf, *encode_buf, *buf; int x, y, z, length, tablesize, ret; unsigned int width, height, depth, dimension, bytes_per_channel, pixmax, put_be; unsigned char *end_buf; - p->pict_type = AV_PICTURE_TYPE_I; - p->key_frame = 1; + avctx->coded_frame->pict_type = AV_PICTURE_TYPE_I; + avctx->coded_frame->key_frame = 1; width = avctx->width; height = avctx->height; @@ -199,6 +202,12 @@ static int encode_frame(AVCodecContext *avctx, AVPacket *pkt, return 0; } +static av_cold int encode_close(AVCodecContext *avctx) +{ + av_frame_free(&avctx->coded_frame); + return 0; +} + AVCodec ff_sgi_encoder = { .name = "sgi", .long_name = NULL_IF_CONFIG_SMALL("SGI image"), @@ -206,6 +215,7 @@ AVCodec ff_sgi_encoder = { .id = AV_CODEC_ID_SGI, .init = encode_init, .encode2 = encode_frame, + .close = encode_close, .pix_fmts = (const enum AVPixelFormat[]){ AV_PIX_FMT_RGB24, AV_PIX_FMT_RGBA, AV_PIX_FMT_RGB48LE, AV_PIX_FMT_RGB48BE, From 9ebe344166e0050d21a548aa917dfe00c1d3d4b2 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 17 Nov 2013 11:41:26 +0100 Subject: [PATCH 079/562] Merge commit '0ea430c75b8d90449d2878ad84669a2da2ad3cbc' * commit '0ea430c75b8d90449d2878ad84669a2da2ad3cbc': lclenc: use the AVFrame API properly. Conflicts: libavcodec/lclenc.c Merged-by: Michael Niedermayer (cherry picked from commit 85b7b0c519f8d9491b4c0340329a605cc97c8984) Author of the merged code: Anton Khirnov Signed-off-by: Michael Niedermayer --- libavcodec/lclenc.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/libavcodec/lclenc.c b/libavcodec/lclenc.c index 1dac307dd2..0afe5530ba 100644 --- a/libavcodec/lclenc.c +++ b/libavcodec/lclenc.c @@ -135,6 +135,13 @@ static av_cold int encode_init(AVCodecContext *avctx) if (!avctx->extradata) return AVERROR(ENOMEM); + avctx->coded_frame = av_frame_alloc(); + if (!avctx->coded_frame) + return AVERROR(ENOMEM); + + avctx->coded_frame->pict_type = AV_PICTURE_TYPE_I; + avctx->coded_frame->key_frame = 1; + c->compression = avctx->compression_level == FF_COMPRESSION_DEFAULT ? COMP_ZLIB_NORMAL : av_clip(avctx->compression_level, 0, 9); @@ -176,6 +183,8 @@ static av_cold int encode_end(AVCodecContext *avctx) av_freep(&avctx->extradata); deflateEnd(&c->zstream); + av_frame_free(&avctx->coded_frame); + return 0; } From 8a9f4f8800c1cd35ec9e0d6b9a74db2834c94875 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 17 Nov 2013 12:02:09 +0100 Subject: [PATCH 080/562] Merge commit '45bde93eefa78c1bdb0936109fbd2e2fb27fbfe7' * commit '45bde93eefa78c1bdb0936109fbd2e2fb27fbfe7': sunrastenc: use the AVFrame API properly. targaenc: use the AVFrame API properly. tiffenc: use the AVFrame API properly. pngenc: use the AVFrame API properly. Conflicts: libavcodec/pngenc.c libavcodec/sunrastenc.c libavcodec/targaenc.c libavcodec/tiffenc.c Merged-by: Michael Niedermayer (cherry picked from commit 3ea168edeb7a20eae1fccf7da66ac7b8c8c791ba) Author of the merged code: Anton Khirnov Signed-off-by: Michael Niedermayer --- libavcodec/pngenc.c | 23 ++++++++++++++-------- libavcodec/sunrastenc.c | 7 +++++++ libavcodec/targaenc.c | 20 +++++++++++++++++++ libavcodec/tiffenc.c | 43 +++++++++++++++++++++-------------------- 4 files changed, 64 insertions(+), 29 deletions(-) diff --git a/libavcodec/pngenc.c b/libavcodec/pngenc.c index 58acc3c409..bf61be1609 100644 --- a/libavcodec/pngenc.c +++ b/libavcodec/pngenc.c @@ -38,7 +38,6 @@ typedef struct PNGEncContext { uint8_t *bytestream; uint8_t *bytestream_start; uint8_t *bytestream_end; - AVFrame picture; int filter_type; @@ -218,7 +217,7 @@ static int encode_frame(AVCodecContext *avctx, AVPacket *pkt, const AVFrame *pict, int *got_packet) { PNGEncContext *s = avctx->priv_data; - AVFrame * const p= &s->picture; + const AVFrame * const p = pict; int bit_depth, color_type, y, len, row_size, ret, is_progressive; int bits_per_pixel, pass_row_size, enc_row_size; int64_t max_packet_size; @@ -228,10 +227,6 @@ static int encode_frame(AVCodecContext *avctx, AVPacket *pkt, uint8_t *progressive_buf = NULL; uint8_t *top_buf = NULL; - *p = *pict; - p->pict_type= AV_PICTURE_TYPE_I; - p->key_frame= 1; - is_progressive = !!(avctx->flags & CODEC_FLAG_INTERLACED_DCT); switch(avctx->pix_fmt) { case AV_PIX_FMT_RGBA64BE: @@ -454,8 +449,13 @@ static av_cold int png_enc_init(AVCodecContext *avctx){ avctx->bits_per_coded_sample = 8; } - avcodec_get_frame_defaults(&s->picture); - avctx->coded_frame= &s->picture; + avctx->coded_frame = av_frame_alloc(); + if (!avctx->coded_frame) + return AVERROR(ENOMEM); + + avctx->coded_frame->pict_type = AV_PICTURE_TYPE_I; + avctx->coded_frame->key_frame = 1; + ff_dsputil_init(&s->dsp, avctx); s->filter_type = av_clip(avctx->prediction_method, PNG_FILTER_VALUE_NONE, PNG_FILTER_VALUE_MIXED); @@ -472,6 +472,12 @@ static av_cold int png_enc_init(AVCodecContext *avctx){ return 0; } +static av_cold int png_enc_close(AVCodecContext *avctx) +{ + av_frame_free(&avctx->coded_frame); + return 0; +} + #define OFFSET(x) offsetof(PNGEncContext, x) #define VE AV_OPT_FLAG_VIDEO_PARAM | AV_OPT_FLAG_ENCODING_PARAM static const AVOption options[] = { @@ -494,6 +500,7 @@ AVCodec ff_png_encoder = { .id = AV_CODEC_ID_PNG, .priv_data_size = sizeof(PNGEncContext), .init = png_enc_init, + .close = png_enc_close, .encode2 = encode_frame, .capabilities = CODEC_CAP_FRAME_THREADS | CODEC_CAP_INTRA_ONLY, .pix_fmts = (const enum AVPixelFormat[]){ diff --git a/libavcodec/sunrastenc.c b/libavcodec/sunrastenc.c index 0879ce62cb..a55e3d439a 100644 --- a/libavcodec/sunrastenc.c +++ b/libavcodec/sunrastenc.c @@ -198,6 +198,12 @@ static int sunrast_encode_frame(AVCodecContext *avctx, AVPacket *avpkt, return 0; } +static av_cold int sunrast_encode_close(AVCodecContext *avctx) +{ + av_frame_free(&avctx->coded_frame); + return 0; +} + static const AVCodecDefault sunrast_defaults[] = { { "coder", "rle" }, { NULL }, @@ -210,6 +216,7 @@ AVCodec ff_sunrast_encoder = { .id = AV_CODEC_ID_SUNRAST, .priv_data_size = sizeof(SUNRASTContext), .init = sunrast_encode_init, + .close = sunrast_encode_close, .encode2 = sunrast_encode_frame, .defaults = sunrast_defaults, .pix_fmts = (const enum AVPixelFormat[]){ AV_PIX_FMT_BGR24, diff --git a/libavcodec/targaenc.c b/libavcodec/targaenc.c index 108e1485e4..d4483ec398 100644 --- a/libavcodec/targaenc.c +++ b/libavcodec/targaenc.c @@ -170,11 +170,31 @@ static int targa_encode_frame(AVCodecContext *avctx, AVPacket *pkt, return 0; } +static av_cold int targa_encode_init(AVCodecContext *avctx) +{ + avctx->coded_frame = av_frame_alloc(); + if (!avctx->coded_frame) + return AVERROR(ENOMEM); + + avctx->coded_frame->key_frame = 1; + avctx->coded_frame->pict_type = AV_PICTURE_TYPE_I; + + return 0; +} + +static av_cold int targa_encode_close(AVCodecContext *avctx) +{ + av_frame_free(&avctx->coded_frame); + return 0; +} + AVCodec ff_targa_encoder = { .name = "targa", .long_name = NULL_IF_CONFIG_SMALL("Truevision Targa image"), .type = AVMEDIA_TYPE_VIDEO, .id = AV_CODEC_ID_TARGA, + .init = targa_encode_init, + .close = targa_encode_close, .encode2 = targa_encode_frame, .pix_fmts = (const enum AVPixelFormat[]){ AV_PIX_FMT_BGR24, AV_PIX_FMT_BGRA, AV_PIX_FMT_RGB555LE, AV_PIX_FMT_GRAY8, AV_PIX_FMT_PAL8, diff --git a/libavcodec/tiffenc.c b/libavcodec/tiffenc.c index f5d04eaf2b..7b1e5104bd 100644 --- a/libavcodec/tiffenc.c +++ b/libavcodec/tiffenc.c @@ -52,7 +52,6 @@ static const uint8_t type_sizes2[14] = { typedef struct TiffEncoderContext { AVClass *class; ///< for private options AVCodecContext *avctx; - AVFrame picture; int width; ///< picture width int height; ///< picture height @@ -195,9 +194,9 @@ static int encode_strip(TiffEncoderContext *s, const int8_t *src, } } -static void pack_yuv(TiffEncoderContext *s, uint8_t *dst, int lnum) +static void pack_yuv(TiffEncoderContext *s, const AVFrame *p, + uint8_t *dst, int lnum) { - AVFrame *p = &s->picture; int i, j, k; int w = (s->width - 1) / s->subsampling[0] + 1; uint8_t *pu = &p->data[1][lnum / s->subsampling[1] * p->linesize[1]]; @@ -223,24 +222,12 @@ static void pack_yuv(TiffEncoderContext *s, uint8_t *dst, int lnum) } } -static av_cold int encode_init(AVCodecContext *avctx) -{ - TiffEncoderContext *s = avctx->priv_data; - - avctx->coded_frame = &s->picture; - avctx->coded_frame->pict_type = AV_PICTURE_TYPE_I; - avctx->coded_frame->key_frame = 1; - s->avctx = avctx; - - return 0; -} - static int encode_frame(AVCodecContext *avctx, AVPacket *pkt, const AVFrame *pict, int *got_packet) { const AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(avctx->pix_fmt); TiffEncoderContext *s = avctx->priv_data; - AVFrame *const p = &s->picture; + const AVFrame *const p = pict; int i; uint8_t *ptr; uint8_t *offset; @@ -252,8 +239,6 @@ static int encode_frame(AVCodecContext *avctx, AVPacket *pkt, int is_yuv = 0, alpha = 0; int shift_h, shift_v; - *p = *pict; - s->width = avctx->width; s->height = avctx->height; s->subsampling[0] = 1; @@ -373,7 +358,7 @@ static int encode_frame(AVCodecContext *avctx, AVPacket *pkt, zn = 0; for (j = 0; j < s->rps; j++) { if (is_yuv) { - pack_yuv(s, s->yuv_line, j); + pack_yuv(s, p, s->yuv_line, j); memcpy(zbuf + zn, s->yuv_line, bytes_per_row); j += s->subsampling[1] - 1; } else @@ -409,7 +394,7 @@ static int encode_frame(AVCodecContext *avctx, AVPacket *pkt, s->strip_offsets[i / s->rps] = ptr - pkt->data; } if (is_yuv) { - pack_yuv(s, s->yuv_line, i); + pack_yuv(s, p, s->yuv_line, i); ret = encode_strip(s, s->yuv_line, ptr, bytes_per_row, s->compr); i += s->subsampling[1] - 1; } else @@ -497,10 +482,26 @@ fail: return ret < 0 ? ret : 0; } +static av_cold int encode_init(AVCodecContext *avctx) +{ + TiffEncoderContext *s = avctx->priv_data; + + avctx->coded_frame = av_frame_alloc(); + if (!avctx->coded_frame) + return AVERROR(ENOMEM); + + avctx->coded_frame->pict_type = AV_PICTURE_TYPE_I; + avctx->coded_frame->key_frame = 1; + s->avctx = avctx; + + return 0; +} + static av_cold int encode_close(AVCodecContext *avctx) { TiffEncoderContext *s = avctx->priv_data; + av_frame_free(&avctx->coded_frame); av_freep(&s->strip_sizes); av_freep(&s->strip_offsets); av_freep(&s->yuv_line); @@ -536,8 +537,8 @@ AVCodec ff_tiff_encoder = { .id = AV_CODEC_ID_TIFF, .priv_data_size = sizeof(TiffEncoderContext), .init = encode_init, - .encode2 = encode_frame, .close = encode_close, + .encode2 = encode_frame, .pix_fmts = (const enum AVPixelFormat[]) { AV_PIX_FMT_RGB24, AV_PIX_FMT_PAL8, AV_PIX_FMT_GRAY8, AV_PIX_FMT_GRAY8A, AV_PIX_FMT_GRAY16LE, From 6133f450bb816db578c5253de9e072078fdf8edc Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 17 Nov 2013 12:17:05 +0100 Subject: [PATCH 081/562] Merge commit '57e7b3a89f5a0879ad039e8f04273b48649799a8' * commit '57e7b3a89f5a0879ad039e8f04273b48649799a8': dnxhdenc: use the AVFrame API properly. libx264: use the AVFrame API properly. svq1enc: use the AVFrame API properly. gif: use the AVFrame API properly. Conflicts: libavcodec/gif.c libavcodec/svq1enc.c Merged-by: Michael Niedermayer (cherry picked from commit 5b0c70c2499e20529d517b712910d6f4f72e9485) Author of the merged code: Anton Khirnov Signed-off-by: Michael Niedermayer --- libavcodec/dnxhdenc.c | 28 +++++------ libavcodec/dnxhdenc.h | 1 - libavcodec/gif.c | 17 ++++--- libavcodec/libx264.c | 15 +++--- libavcodec/svq1enc.c | 111 ++++++++++++++++++++++-------------------- 5 files changed, 92 insertions(+), 80 deletions(-) diff --git a/libavcodec/dnxhdenc.c b/libavcodec/dnxhdenc.c index 5cf6d8b0f3..c2fbd5c999 100644 --- a/libavcodec/dnxhdenc.c +++ b/libavcodec/dnxhdenc.c @@ -329,9 +329,12 @@ static av_cold int dnxhd_encode_init(AVCodecContext *avctx) FF_ALLOCZ_OR_GOTO(ctx->m.avctx, ctx->mb_bits, ctx->m.mb_num *sizeof(uint16_t), fail); FF_ALLOCZ_OR_GOTO(ctx->m.avctx, ctx->mb_qscale, ctx->m.mb_num *sizeof(uint8_t), fail); - ctx->frame.key_frame = 1; - ctx->frame.pict_type = AV_PICTURE_TYPE_I; - ctx->m.avctx->coded_frame = &ctx->frame; + avctx->coded_frame = av_frame_alloc(); + if (!avctx->coded_frame) + return AVERROR(ENOMEM); + + avctx->coded_frame->key_frame = 1; + avctx->coded_frame->pict_type = AV_PICTURE_TYPE_I; if (avctx->thread_count > MAX_THREADS) { av_log(avctx, AV_LOG_ERROR, "too many threads\n"); @@ -922,19 +925,14 @@ static void dnxhd_load_picture(DNXHDEncContext *ctx, const AVFrame *frame) { int i; - for (i = 0; i < 3; i++) { - ctx->frame.data[i] = frame->data[i]; - ctx->frame.linesize[i] = frame->linesize[i]; - } - for (i = 0; i < ctx->m.avctx->thread_count; i++) { - ctx->thread[i]->m.linesize = ctx->frame.linesize[0]<interlaced; - ctx->thread[i]->m.uvlinesize = ctx->frame.linesize[1]<interlaced; + ctx->thread[i]->m.linesize = frame->linesize[0] << ctx->interlaced; + ctx->thread[i]->m.uvlinesize = frame->linesize[1] << ctx->interlaced; ctx->thread[i]->dct_y_offset = ctx->m.linesize *8; ctx->thread[i]->dct_uv_offset = ctx->m.uvlinesize*8; } - ctx->frame.interlaced_frame = frame->interlaced_frame; + ctx->m.avctx->coded_frame->interlaced_frame = frame->interlaced_frame; ctx->cur_field = frame->interlaced_frame && !frame->top_field_first; } @@ -954,9 +952,9 @@ static int dnxhd_encode_picture(AVCodecContext *avctx, AVPacket *pkt, encode_coding_unit: for (i = 0; i < 3; i++) { - ctx->src[i] = ctx->frame.data[i]; + ctx->src[i] = frame->data[i]; if (ctx->interlaced && ctx->cur_field) - ctx->src[i] += ctx->frame.linesize[i]; + ctx->src[i] += frame->linesize[i]; } dnxhd_write_header(avctx, buf); @@ -994,7 +992,7 @@ static int dnxhd_encode_picture(AVCodecContext *avctx, AVPacket *pkt, goto encode_coding_unit; } - ctx->frame.quality = ctx->qscale*FF_QP2LAMBDA; + avctx->coded_frame->quality = ctx->qscale * FF_QP2LAMBDA; pkt->flags |= AV_PKT_FLAG_KEY; *got_packet = 1; @@ -1027,6 +1025,8 @@ static av_cold int dnxhd_encode_end(AVCodecContext *avctx) for (i = 1; i < avctx->thread_count; i++) av_freep(&ctx->thread[i]); + av_frame_free(&avctx->coded_frame); + return 0; } diff --git a/libavcodec/dnxhdenc.h b/libavcodec/dnxhdenc.h index 9b59b96d3e..110b0ad9e2 100644 --- a/libavcodec/dnxhdenc.h +++ b/libavcodec/dnxhdenc.h @@ -43,7 +43,6 @@ typedef struct DNXHDEncContext { AVClass *class; MpegEncContext m; ///< Used for quantization dsp functions - AVFrame frame; int cid; const CIDEntry *cid_table; uint8_t *msip; ///< Macroblock Scan Indexes Payload diff --git a/libavcodec/gif.c b/libavcodec/gif.c index 8b9d95fe09..27d054e512 100644 --- a/libavcodec/gif.c +++ b/libavcodec/gif.c @@ -216,6 +216,13 @@ static av_cold int gif_encode_init(AVCodecContext *avctx) return AVERROR(EINVAL); } + avctx->coded_frame = av_frame_alloc(); + if (!avctx->coded_frame) + return AVERROR(ENOMEM); + + avctx->coded_frame->pict_type = AV_PICTURE_TYPE_I; + avctx->coded_frame->key_frame = 1; + s->lzw = av_mallocz(ff_lzw_encode_state_size); s->buf = av_malloc(avctx->width*avctx->height*2); s->tmpl = av_malloc(avctx->width); @@ -232,7 +239,6 @@ static int gif_encode_frame(AVCodecContext *avctx, AVPacket *pkt, const AVFrame *pict, int *got_packet) { GIFContext *s = avctx->priv_data; - AVFrame *const p = (AVFrame *)pict; uint8_t *outbuf_ptr, *end; const uint32_t *palette = NULL; int ret; @@ -242,15 +248,12 @@ static int gif_encode_frame(AVCodecContext *avctx, AVPacket *pkt, outbuf_ptr = pkt->data; end = pkt->data + pkt->size; - p->pict_type = AV_PICTURE_TYPE_I; - p->key_frame = 1; - if (avctx->pix_fmt == AV_PIX_FMT_PAL8) { uint8_t *pal_exdata = av_packet_new_side_data(pkt, AV_PKT_DATA_PALETTE, AVPALETTE_SIZE); if (!pal_exdata) return AVERROR(ENOMEM); - memcpy(pal_exdata, p->data[1], AVPALETTE_SIZE); - palette = (uint32_t*)p->data[1]; + memcpy(pal_exdata, pict->data[1], AVPALETTE_SIZE); + palette = (uint32_t*)pict->data[1]; } gif_image_write_image(avctx, &outbuf_ptr, end, palette, @@ -276,6 +279,8 @@ static int gif_encode_close(AVCodecContext *avctx) { GIFContext *s = avctx->priv_data; + av_frame_free(&avctx->coded_frame); + av_freep(&s->lzw); av_freep(&s->buf); av_frame_free(&s->last_frame); diff --git a/libavcodec/libx264.c b/libavcodec/libx264.c index 4093510c66..89df55fac6 100644 --- a/libavcodec/libx264.c +++ b/libavcodec/libx264.c @@ -44,7 +44,6 @@ typedef struct X264Context { x264_picture_t pic; uint8_t *sei; int sei_size; - AVFrame out_pic; char *preset; char *tune; char *profile; @@ -208,20 +207,20 @@ static int X264_frame(AVCodecContext *ctx, AVPacket *pkt, const AVFrame *frame, switch (pic_out.i_type) { case X264_TYPE_IDR: case X264_TYPE_I: - x4->out_pic.pict_type = AV_PICTURE_TYPE_I; + ctx->coded_frame->pict_type = AV_PICTURE_TYPE_I; break; case X264_TYPE_P: - x4->out_pic.pict_type = AV_PICTURE_TYPE_P; + ctx->coded_frame->pict_type = AV_PICTURE_TYPE_P; break; case X264_TYPE_B: case X264_TYPE_BREF: - x4->out_pic.pict_type = AV_PICTURE_TYPE_B; + ctx->coded_frame->pict_type = AV_PICTURE_TYPE_B; break; } pkt->flags |= AV_PKT_FLAG_KEY*pic_out.b_keyframe; if (ret) - x4->out_pic.quality = (pic_out.i_qpplus1 - 1) * FF_QP2LAMBDA; + ctx->coded_frame->quality = (pic_out.i_qpplus1 - 1) * FF_QP2LAMBDA; *got_packet = ret; return 0; @@ -237,6 +236,8 @@ static av_cold int X264_close(AVCodecContext *avctx) if (x4->enc) x264_encoder_close(x4->enc); + av_frame_free(&avctx->coded_frame); + return 0; } @@ -570,7 +571,9 @@ static av_cold int X264_init(AVCodecContext *avctx) if (!x4->enc) return -1; - avctx->coded_frame = &x4->out_pic; + avctx->coded_frame = av_frame_alloc(); + if (!avctx->coded_frame) + return AVERROR(ENOMEM); if (avctx->flags & CODEC_FLAG_GLOBAL_HEADER) { x264_nal_t *nal; diff --git a/libavcodec/svq1enc.c b/libavcodec/svq1enc.c index a6c94ad006..2d7e848fc7 100644 --- a/libavcodec/svq1enc.c +++ b/libavcodec/svq1enc.c @@ -45,9 +45,8 @@ typedef struct SVQ1Context { AVCodecContext *avctx; DSPContext dsp; HpelDSPContext hdsp; - AVFrame picture; - AVFrame current_picture; - AVFrame last_picture; + AVFrame *current_picture; + AVFrame *last_picture; PutBitContext pb; GetBitContext gb; @@ -264,13 +263,14 @@ static int svq1_encode_plane(SVQ1Context *s, int plane, unsigned char *decoded_plane, int width, int height, int src_stride, int stride) { + const AVFrame *f = s->avctx->coded_frame; int x, y; int i; int block_width, block_height; int level; int threshold[6]; uint8_t *src = s->scratchbuf + stride * 16; - const int lambda = (s->picture.quality * s->picture.quality) >> + const int lambda = (f->quality * f->quality) >> (2 * FF_LAMBDA_SHIFT); /* figure out the acceptable level thresholds in advance */ @@ -281,7 +281,7 @@ static int svq1_encode_plane(SVQ1Context *s, int plane, block_width = (width + 15) / 16; block_height = (height + 15) / 16; - if (s->picture.pict_type == AV_PICTURE_TYPE_P) { + if (f->pict_type == AV_PICTURE_TYPE_P) { s->m.avctx = s->avctx; s->m.current_picture_ptr = &s->m.current_picture; s->m.last_picture_ptr = &s->m.last_picture; @@ -297,13 +297,13 @@ static int svq1_encode_plane(SVQ1Context *s, int plane, s->m.mb_stride = s->m.mb_width + 1; s->m.b8_stride = 2 * s->m.mb_width + 1; s->m.f_code = 1; - s->m.pict_type = s->picture.pict_type; + s->m.pict_type = f->pict_type; s->m.me_method = s->avctx->me_method; s->m.me.scene_change_score = 0; s->m.flags = s->avctx->flags; // s->m.out_format = FMT_H263; // s->m.unrestricted_mv = 1; - s->m.lambda = s->picture.quality; + s->m.lambda = f->quality; s->m.qscale = s->m.lambda * 139 + FF_LAMBDA_SCALE * 64 >> FF_LAMBDA_SHIFT + 7; @@ -396,13 +396,13 @@ static int svq1_encode_plane(SVQ1Context *s, int plane, ff_init_block_index(&s->m); ff_update_block_index(&s->m); - if (s->picture.pict_type == AV_PICTURE_TYPE_I || + if (f->pict_type == AV_PICTURE_TYPE_I || (s->m.mb_type[x + y * s->m.mb_stride] & CANDIDATE_MB_TYPE_INTRA)) { for (i = 0; i < 6; i++) init_put_bits(&s->reorder_pb[i], reorder_buffer[0][i], 7 * 32); - if (s->picture.pict_type == AV_PICTURE_TYPE_P) { + if (f->pict_type == AV_PICTURE_TYPE_P) { const uint8_t *vlc = ff_svq1_block_type_vlc[SVQ1_BLOCK_INTRA]; put_bits(&s->reorder_pb[5], vlc[1], vlc[0]); score[0] = vlc[1] * lambda; @@ -418,7 +418,7 @@ static int svq1_encode_plane(SVQ1Context *s, int plane, best = 0; - if (s->picture.pict_type == AV_PICTURE_TYPE_P) { + if (f->pict_type == AV_PICTURE_TYPE_P) { const uint8_t *vlc = ff_svq1_block_type_vlc[SVQ1_BLOCK_INTER]; int mx, my, pred_x, pred_y, dxy; int16_t *motion_ptr; @@ -498,13 +498,48 @@ static int svq1_encode_plane(SVQ1Context *s, int plane, return 0; } +static av_cold int svq1_encode_end(AVCodecContext *avctx) +{ + SVQ1Context *const s = avctx->priv_data; + int i; + + av_log(avctx, AV_LOG_DEBUG, "RD: %f\n", + s->rd_total / (double)(avctx->width * avctx->height * + avctx->frame_number)); + + av_freep(&s->m.me.scratchpad); + av_freep(&s->m.me.map); + av_freep(&s->m.me.score_map); + av_freep(&s->mb_type); + av_freep(&s->dummy); + av_freep(&s->scratchbuf); + + for (i = 0; i < 3; i++) { + av_freep(&s->motion_val8[i]); + av_freep(&s->motion_val16[i]); + } + + av_frame_free(&s->current_picture); + av_frame_free(&s->last_picture); + av_frame_free(&avctx->coded_frame); + + return 0; +} + static av_cold int svq1_encode_init(AVCodecContext *avctx) { SVQ1Context *const s = avctx->priv_data; ff_dsputil_init(&s->dsp, avctx); ff_hpeldsp_init(&s->hdsp, avctx->flags); - avctx->coded_frame = &s->picture; + + avctx->coded_frame = av_frame_alloc(); + s->current_picture = av_frame_alloc(); + s->last_picture = av_frame_alloc(); + if (!avctx->coded_frame || !s->current_picture || !s->last_picture) { + svq1_encode_end(avctx); + return AVERROR(ENOMEM); + } s->frame_width = avctx->width; s->frame_height = avctx->height; @@ -536,8 +571,7 @@ static int svq1_encode_frame(AVCodecContext *avctx, AVPacket *pkt, const AVFrame *pict, int *got_packet) { SVQ1Context *const s = avctx->priv_data; - AVFrame *const p = &s->picture; - AVFrame temp; + AVFrame *const p = avctx->coded_frame; int i, ret; if ((ret = ff_alloc_packet2(avctx, pkt, s->y_block_width * s->y_block_height * @@ -549,35 +583,33 @@ static int svq1_encode_frame(AVCodecContext *avctx, AVPacket *pkt, return -1; } - if (!s->current_picture.data[0]) { - if ((ret = ff_get_buffer(avctx, &s->current_picture, 0))< 0 || - (ret = ff_get_buffer(avctx, &s->last_picture, 0)) < 0) { + if (!s->current_picture->data[0]) { + if ((ret = ff_get_buffer(avctx, s->current_picture, 0))< 0 || + (ret = ff_get_buffer(avctx, s->last_picture, 0)) < 0) { return ret; } - s->scratchbuf = av_malloc(s->current_picture.linesize[0] * 16 * 2); + s->scratchbuf = av_malloc(s->current_picture->linesize[0] * 16 * 2); } - av_frame_move_ref(&temp, &s->current_picture); - av_frame_move_ref(&s->current_picture, &s->last_picture); - av_frame_move_ref(&s->last_picture, &temp); + FFSWAP(AVFrame*, s->current_picture, s->last_picture); init_put_bits(&s->pb, pkt->data, pkt->size); - *p = *pict; p->pict_type = avctx->gop_size && avctx->frame_number % avctx->gop_size ? AV_PICTURE_TYPE_P : AV_PICTURE_TYPE_I; p->key_frame = p->pict_type == AV_PICTURE_TYPE_I; + p->quality = pict->quality; svq1_write_header(s, p->pict_type); for (i = 0; i < 3; i++) if (svq1_encode_plane(s, i, - s->picture.data[i], - s->last_picture.data[i], - s->current_picture.data[i], + pict->data[i], + s->last_picture->data[i], + s->current_picture->data[i], s->frame_width / (i ? 4 : 1), s->frame_height / (i ? 4 : 1), - s->picture.linesize[i], - s->current_picture.linesize[i]) < 0) + pict->linesize[i], + s->current_picture->linesize[i]) < 0) return -1; // avpriv_align_put_bits(&s->pb); @@ -594,33 +626,6 @@ static int svq1_encode_frame(AVCodecContext *avctx, AVPacket *pkt, return 0; } -static av_cold int svq1_encode_end(AVCodecContext *avctx) -{ - SVQ1Context *const s = avctx->priv_data; - int i; - - av_log(avctx, AV_LOG_DEBUG, "RD: %f\n", - s->rd_total / (double)(avctx->width * avctx->height * - avctx->frame_number)); - - av_freep(&s->m.me.scratchpad); - av_freep(&s->m.me.map); - av_freep(&s->m.me.score_map); - av_freep(&s->mb_type); - av_freep(&s->dummy); - av_freep(&s->scratchbuf); - - for (i = 0; i < 3; i++) { - av_freep(&s->motion_val8[i]); - av_freep(&s->motion_val16[i]); - } - - av_frame_unref(&s->current_picture); - av_frame_unref(&s->last_picture); - - return 0; -} - AVCodec ff_svq1_encoder = { .name = "svq1", .long_name = NULL_IF_CONFIG_SMALL("Sorenson Vector Quantizer 1 / Sorenson Video 1 / SVQ1"), From 4d373ee8e4c9db7e5d3bcdb35457211bddf2fbff Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 17 Nov 2013 12:33:27 +0100 Subject: [PATCH 082/562] Merge commit '97168b204a0b6b79bb6c5f0d40efdf7fc2262476' * commit '97168b204a0b6b79bb6c5f0d40efdf7fc2262476': eatgv: use the AVFrame API properly. libxavs: use the AVFrame API properly. nuv: use the AVFrame API properly. flashsvenc: use the AVFrame API properly. Conflicts: libavcodec/eatgv.c libavcodec/nuv.c Merged-by: Michael Niedermayer (cherry picked from commit a0c0629dd963b00f989172f0c599353b6b288c37) Conflicts: libavcodec/eatgv.c Author of the merged code: Anton Khirnov --- libavcodec/eatgv.c | 22 ++++++++++------- libavcodec/flashsvenc.c | 53 ++++++++++++++++++++++------------------- libavcodec/libxavs.c | 20 +++++++++------- libavcodec/nuv.c | 37 +++++++++++++++------------- 4 files changed, 73 insertions(+), 59 deletions(-) diff --git a/libavcodec/eatgv.c b/libavcodec/eatgv.c index bfdfb76b9b..8d898aba16 100644 --- a/libavcodec/eatgv.c +++ b/libavcodec/eatgv.c @@ -40,7 +40,7 @@ typedef struct TgvContext { AVCodecContext *avctx; - AVFrame last_frame; + AVFrame *last_frame; uint8_t *frame_buffer; int width,height; uint32_t palette[AVPALETTE_COUNT]; @@ -57,7 +57,11 @@ static av_cold int tgv_decode_init(AVCodecContext *avctx) s->avctx = avctx; avctx->time_base = (AVRational){1, 15}; avctx->pix_fmt = AV_PIX_FMT_PAL8; - avcodec_get_frame_defaults(&s->last_frame); + + s->last_frame = av_frame_alloc(); + if (!s->last_frame) + return AVERROR(ENOMEM); + return 0; } @@ -232,8 +236,8 @@ static int tgv_decode_inter(TgvContext *s, AVFrame *frame, continue; } - src = s->last_frame.data[0] + mx + my * s->last_frame.linesize[0]; - src_stride = s->last_frame.linesize[0]; + src = s->last_frame->data[0] + mx + my * s->last_frame->linesize[0]; + src_stride = s->last_frame->linesize[0]; } else { int offset = vector - num_mvs; if (offset < num_blocks_raw) @@ -283,7 +287,7 @@ static int tgv_decode_frame(AVCodecContext *avctx, if (s->avctx->width != s->width || s->avctx->height != s->height) { avcodec_set_dimensions(s->avctx, s->width, s->height); av_freep(&s->frame_buffer); - av_frame_unref(&s->last_frame); + av_frame_unref(s->last_frame); } pal_count = AV_RL16(&buf[6]); @@ -320,7 +324,7 @@ static int tgv_decode_frame(AVCodecContext *avctx, s->frame_buffer + y * s->width, s->width); } else { - if (!s->last_frame.data[0]) { + if (!s->last_frame->data[0]) { av_log(avctx, AV_LOG_WARNING, "inter frame without corresponding intra frame\n"); return buf_size; } @@ -332,8 +336,8 @@ static int tgv_decode_frame(AVCodecContext *avctx, } } - av_frame_unref(&s->last_frame); - if ((ret = av_frame_ref(&s->last_frame, frame)) < 0) + av_frame_unref(s->last_frame); + if ((ret = av_frame_ref(s->last_frame, frame)) < 0) return ret; *got_frame = 1; @@ -344,7 +348,7 @@ static int tgv_decode_frame(AVCodecContext *avctx, static av_cold int tgv_decode_end(AVCodecContext *avctx) { TgvContext *s = avctx->priv_data; - av_frame_unref(&s->last_frame); + av_frame_free(&s->last_frame); av_freep(&s->frame_buffer); av_free(s->mv_codebook); av_free(s->block_codebook); diff --git a/libavcodec/flashsvenc.c b/libavcodec/flashsvenc.c index ee67652eba..7ad15f118f 100644 --- a/libavcodec/flashsvenc.c +++ b/libavcodec/flashsvenc.c @@ -57,7 +57,6 @@ typedef struct FlashSVContext { AVCodecContext *avctx; uint8_t *previous_frame; - AVFrame frame; int image_width, image_height; int block_width, block_height; uint8_t *tmpblock; @@ -89,6 +88,21 @@ static int copy_region_enc(uint8_t *sptr, uint8_t *dptr, int dx, int dy, return 0; } +static av_cold int flashsv_encode_end(AVCodecContext *avctx) +{ + FlashSVContext *s = avctx->priv_data; + + deflateEnd(&s->zstream); + + av_free(s->encbuffer); + av_free(s->previous_frame); + av_free(s->tmpblock); + + av_frame_free(&avctx->coded_frame); + + return 0; +} + static av_cold int flashsv_encode_init(AVCodecContext *avctx) { FlashSVContext *s = avctx->priv_data; @@ -117,11 +131,17 @@ static av_cold int flashsv_encode_init(AVCodecContext *avctx) return AVERROR(ENOMEM); } + avctx->coded_frame = av_frame_alloc(); + if (!avctx->coded_frame) { + flashsv_encode_end(avctx); + return AVERROR(ENOMEM); + } + return 0; } -static int encode_bitstream(FlashSVContext *s, AVFrame *p, uint8_t *buf, +static int encode_bitstream(FlashSVContext *s, const AVFrame *p, uint8_t *buf, int buf_size, int block_width, int block_height, uint8_t *previous_frame, int *I_frame) { @@ -199,14 +219,12 @@ static int flashsv_encode_frame(AVCodecContext *avctx, AVPacket *pkt, const AVFrame *pict, int *got_packet) { FlashSVContext * const s = avctx->priv_data; - AVFrame * const p = &s->frame; + const AVFrame * const p = pict; uint8_t *pfptr; int res; int I_frame = 0; int opt_w = 4, opt_h = 4; - *p = *pict; - /* First frame needs to be a keyframe */ if (avctx->frame_number == 0) { s->previous_frame = av_mallocz(FFABS(p->linesize[0]) * s->image_height); @@ -244,37 +262,22 @@ static int flashsv_encode_frame(AVCodecContext *avctx, AVPacket *pkt, //mark the frame type so the muxer can mux it correctly if (I_frame) { - p->pict_type = AV_PICTURE_TYPE_I; - p->key_frame = 1; + avctx->coded_frame->pict_type = AV_PICTURE_TYPE_I; + avctx->coded_frame->key_frame = 1; s->last_key_frame = avctx->frame_number; av_dlog(avctx, "Inserting keyframe at frame %d\n", avctx->frame_number); } else { - p->pict_type = AV_PICTURE_TYPE_P; - p->key_frame = 0; + avctx->coded_frame->pict_type = AV_PICTURE_TYPE_P; + avctx->coded_frame->key_frame = 0; } - avctx->coded_frame = p; - - if (p->key_frame) + if (avctx->coded_frame->key_frame) pkt->flags |= AV_PKT_FLAG_KEY; *got_packet = 1; return 0; } -static av_cold int flashsv_encode_end(AVCodecContext *avctx) -{ - FlashSVContext *s = avctx->priv_data; - - deflateEnd(&s->zstream); - - av_free(s->encbuffer); - av_free(s->previous_frame); - av_free(s->tmpblock); - - return 0; -} - AVCodec ff_flashsv_encoder = { .name = "flashsv", .long_name = NULL_IF_CONFIG_SMALL("Flash Screen Video"), diff --git a/libavcodec/libxavs.c b/libavcodec/libxavs.c index f7b99e0bcd..1b72194573 100644 --- a/libavcodec/libxavs.c +++ b/libavcodec/libxavs.c @@ -45,7 +45,6 @@ typedef struct XavsContext { xavs_picture_t pic; uint8_t *sei; int sei_size; - AVFrame out_pic; int end_of_stream; float crf; int cqp; @@ -159,7 +158,7 @@ static int XAVS_frame(AVCodecContext *ctx, AVPacket *pkt, return 0; } - x4->out_pic.pts = pic_out.i_pts; + avctx->coded_frame->pts = pic_out.i_pts; pkt->pts = pic_out.i_pts; if (ctx->has_b_frames) { if (!x4->out_frame_count) @@ -172,25 +171,25 @@ static int XAVS_frame(AVCodecContext *ctx, AVPacket *pkt, switch (pic_out.i_type) { case XAVS_TYPE_IDR: case XAVS_TYPE_I: - x4->out_pic.pict_type = AV_PICTURE_TYPE_I; + avctx->coded_frame->pict_type = AV_PICTURE_TYPE_I; break; case XAVS_TYPE_P: - x4->out_pic.pict_type = AV_PICTURE_TYPE_P; + avctx->coded_frame->pict_type = AV_PICTURE_TYPE_P; break; case XAVS_TYPE_B: case XAVS_TYPE_BREF: - x4->out_pic.pict_type = AV_PICTURE_TYPE_B; + avctx->coded_frame->pict_type = AV_PICTURE_TYPE_B; break; } /* There is no IDR frame in AVS JiZhun */ /* Sequence header is used as a flag */ if (pic_out.i_type == XAVS_TYPE_I) { - x4->out_pic.key_frame = 1; + avctx->coded_frame->key_frame = 1; pkt->flags |= AV_PKT_FLAG_KEY; } - x4->out_pic.quality = (pic_out.i_qpplus1 - 1) * FF_QP2LAMBDA; + avctx->coded_frame->quality = (pic_out.i_qpplus1 - 1) * FF_QP2LAMBDA; x4->out_frame_count++; *got_packet = ret; @@ -208,6 +207,8 @@ static av_cold int XAVS_close(AVCodecContext *avctx) if (x4->enc) xavs_encoder_close(x4->enc); + av_frame_free(&avctx->coded_frame); + return 0; } @@ -355,7 +356,10 @@ static av_cold int XAVS_init(AVCodecContext *avctx) if (!(x4->pts_buffer = av_mallocz((avctx->max_b_frames+1) * sizeof(*x4->pts_buffer)))) return AVERROR(ENOMEM); - avctx->coded_frame = &x4->out_pic; + avctx->coded_frame = av_frame_alloc(); + if (!avctx->coded_frame) + return AVERROR(ENOMEM); + /* TAG: Do we have GLOBAL HEADER in AVS */ /* We Have PPS and SPS in AVS */ if (avctx->flags & CODEC_FLAG_GLOBAL_HEADER) { diff --git a/libavcodec/nuv.c b/libavcodec/nuv.c index bfbf802777..d4d9318bf7 100644 --- a/libavcodec/nuv.c +++ b/libavcodec/nuv.c @@ -32,7 +32,7 @@ #include "rtjpeg.h" typedef struct { - AVFrame pic; + AVFrame *pic; int codec_frameheader; int quality; int width, height; @@ -140,7 +140,7 @@ static int codec_reinit(AVCodecContext *avctx, int width, int height, } ff_rtjpeg_decode_init(&c->rtj, &c->dsp, c->width, c->height, c->lq, c->cq); - av_frame_unref(&c->pic); + av_frame_unref(c->pic); return 1; } else if (quality != c->quality) ff_rtjpeg_decode_init(&c->rtj, &c->dsp, c->width, c->height, @@ -248,20 +248,20 @@ retry: } if (size_change || keyframe) { - av_frame_unref(&c->pic); + av_frame_unref(c->pic); init_frame = 1; } - if ((result = ff_reget_buffer(avctx, &c->pic)) < 0) + if ((result = ff_reget_buffer(avctx, c->pic)) < 0) return result; if (init_frame) { - memset(c->pic.data[0], 0, avctx->height * c->pic.linesize[0]); - memset(c->pic.data[1], 0x80, avctx->height * c->pic.linesize[1] / 2); - memset(c->pic.data[2], 0x80, avctx->height * c->pic.linesize[2] / 2); + memset(c->pic->data[0], 0, avctx->height * c->pic->linesize[0]); + memset(c->pic->data[1], 0x80, avctx->height * c->pic->linesize[1] / 2); + memset(c->pic->data[2], 0x80, avctx->height * c->pic->linesize[2] / 2); } - c->pic.pict_type = keyframe ? AV_PICTURE_TYPE_I : AV_PICTURE_TYPE_P; - c->pic.key_frame = keyframe; + c->pic->pict_type = keyframe ? AV_PICTURE_TYPE_I : AV_PICTURE_TYPE_P; + c->pic->key_frame = keyframe; // decompress/copy/whatever data switch (comptype) { case NUV_LZO: @@ -272,19 +272,19 @@ retry: height = buf_size / c->width / 3 * 2; } if(height > 0) - copy_frame(&c->pic, buf, c->width, height); + copy_frame(c->pic, buf, c->width, height); break; } case NUV_RTJPEG_IN_LZO: case NUV_RTJPEG: - ret = ff_rtjpeg_decode_frame_yuv420(&c->rtj, &c->pic, buf, buf_size); + ret = ff_rtjpeg_decode_frame_yuv420(&c->rtj, c->pic, buf, buf_size); if (ret < 0) return ret; break; case NUV_BLACK: - memset(c->pic.data[0], 0, c->width * c->height); - memset(c->pic.data[1], 128, c->width * c->height / 4); - memset(c->pic.data[2], 128, c->width * c->height / 4); + memset(c->pic->data[0], 0, c->width * c->height); + memset(c->pic->data[1], 128, c->width * c->height / 4); + memset(c->pic->data[2], 128, c->width * c->height / 4); break; case NUV_COPY_LAST: /* nothing more to do here */ @@ -294,7 +294,7 @@ retry: return AVERROR_INVALIDDATA; } - if ((result = av_frame_ref(picture, &c->pic)) < 0) + if ((result = av_frame_ref(picture, c->pic)) < 0) return result; *got_frame = 1; @@ -306,8 +306,11 @@ static av_cold int decode_init(AVCodecContext *avctx) NuvContext *c = avctx->priv_data; int ret; + c->pic = av_frame_alloc(); + if (!c->pic) + return AVERROR(ENOMEM); + avctx->pix_fmt = AV_PIX_FMT_YUV420P; - c->pic.data[0] = NULL; c->decomp_buf = NULL; c->quality = -1; c->width = 0; @@ -331,7 +334,7 @@ static av_cold int decode_end(AVCodecContext *avctx) NuvContext *c = avctx->priv_data; av_freep(&c->decomp_buf); - av_frame_unref(&c->pic); + av_frame_free(&c->pic); return 0; } From 9918296a2df1c5a09211dabf13723a2d397489fe Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 17 Nov 2013 12:41:42 +0100 Subject: [PATCH 083/562] Merge commit 'ffe04c330335add4c6d70ab0bb98e6b3f4f7abfa' * commit 'ffe04c330335add4c6d70ab0bb98e6b3f4f7abfa': libxvid: use the AVFrame API properly. pcxenc: use the AVFrame API properly. roqvideo: remove unused variables libschroedingerenc: use the AVFrame API properly. Conflicts: libavcodec/pcxenc.c Merged-by: Michael Niedermayer (cherry picked from commit f4f7888bab7061f08c54356c285adaba24383dc0) Author of the merged code: Anton Khirnov Signed-off-by: Michael Niedermayer --- libavcodec/libschroedingerenc.c | 9 +++++---- libavcodec/libxvid.c | 8 ++++---- libavcodec/pcxenc.c | 30 +++++++++++++++++++++++------- libavcodec/roqvideo.h | 1 - 4 files changed, 32 insertions(+), 16 deletions(-) diff --git a/libavcodec/libschroedingerenc.c b/libavcodec/libschroedingerenc.c index 43530e8536..f3455df1f3 100644 --- a/libavcodec/libschroedingerenc.c +++ b/libavcodec/libschroedingerenc.c @@ -47,9 +47,6 @@ typedef struct SchroEncoderParams { /** Schroedinger frame format */ SchroFrameFormat frame_format; - /** frame being encoded */ - AVFrame picture; - /** frame size */ int frame_size; @@ -162,7 +159,9 @@ static av_cold int libschroedinger_encode_init(AVCodecContext *avctx) avctx->width, avctx->height); - avctx->coded_frame = &p_schro_params->picture; + avctx->coded_frame = av_frame_alloc(); + if (!avctx->coded_frame) + return AVERROR(ENOMEM); if (!avctx->gop_size) { schro_encoder_setting_set_double(p_schro_params->encoder, @@ -427,6 +426,8 @@ static int libschroedinger_encode_close(AVCodecContext *avctx) /* Free the video format structure. */ av_freep(&p_schro_params->format); + av_frame_free(&avctx->coded_frame); + return 0; } diff --git a/libavcodec/libxvid.c b/libavcodec/libxvid.c index d4c71490e7..40b3bffacf 100644 --- a/libavcodec/libxvid.c +++ b/libavcodec/libxvid.c @@ -56,7 +56,6 @@ struct xvid_context { int me_flags; /**< Motion Estimation flags */ int qscale; /**< Do we use constant scale? */ int quicktime_format; /**< Are we in a QT-based format? */ - AVFrame encoded_picture; /**< Encoded frame information */ char *twopassbuffer; /**< Character buffer for two-pass */ char *old_twopassbuffer; /**< Old character buffer (two-pass) */ char *twopassfile; /**< second pass temp file name */ @@ -651,7 +650,9 @@ static av_cold int xvid_encode_init(AVCodecContext *avctx) { } x->encoder_handle = xvid_enc_create.handle; - avctx->coded_frame = &x->encoded_picture; + avctx->coded_frame = av_frame_alloc(); + if (!avctx->coded_frame) + return AVERROR(ENOMEM); return 0; fail: @@ -665,7 +666,7 @@ static int xvid_encode_frame(AVCodecContext *avctx, AVPacket *pkt, int xerr, i, ret, user_packet = !!pkt->data; char *tmp; struct xvid_context *x = avctx->priv_data; - AVFrame *p = &x->encoded_picture; + AVFrame *p = avctx->coded_frame; int mb_width = (avctx->width + 15) / 16; int mb_height = (avctx->height + 15) / 16; @@ -678,7 +679,6 @@ static int xvid_encode_frame(AVCodecContext *avctx, AVPacket *pkt, /* Start setting up the frame */ xvid_enc_frame.version = XVID_VERSION; xvid_enc_stats.version = XVID_VERSION; - *p = *picture; /* Let Xvid know where to put the frame. */ xvid_enc_frame.bitstream = pkt->data; diff --git a/libavcodec/pcxenc.c b/libavcodec/pcxenc.c index fa45888466..f48063b9b2 100644 --- a/libavcodec/pcxenc.c +++ b/libavcodec/pcxenc.c @@ -33,6 +33,24 @@ static const uint32_t monoblack_pal[16] = { 0x000000, 0xFFFFFF }; +static av_cold int pcx_encode_init(AVCodecContext *avctx) +{ + avctx->coded_frame = av_frame_alloc(); + if (!avctx->coded_frame) + return AVERROR(ENOMEM); + + avctx->coded_frame->pict_type = AV_PICTURE_TYPE_I; + avctx->coded_frame->key_frame = 1; + + return 0; +} + +static av_cold int pcx_encode_close(AVCodecContext *avctx) +{ + av_frame_free(&avctx->coded_frame); + return 0; +} + /** * PCX run-length encoder * @param dst output buffer @@ -86,7 +104,6 @@ static int pcx_rle_encode( uint8_t *dst, int dst_size, static int pcx_encode_frame(AVCodecContext *avctx, AVPacket *pkt, const AVFrame *frame, int *got_packet) { - AVFrame *const pict = (AVFrame *) frame; const uint8_t *buf_end; uint8_t *buf; @@ -95,9 +112,6 @@ static int pcx_encode_frame(AVCodecContext *avctx, AVPacket *pkt, uint32_t palette256[256]; const uint8_t *src; - pict->pict_type = AV_PICTURE_TYPE_I; - pict->key_frame = 1; - if (avctx->width > 65535 || avctx->height > 65535) { av_log(avctx, AV_LOG_ERROR, "image dimensions do not fit in 16 bits\n"); return -1; @@ -121,7 +135,7 @@ static int pcx_encode_frame(AVCodecContext *avctx, AVPacket *pkt, case AV_PIX_FMT_PAL8: bpp = 8; nplanes = 1; - pal = (uint32_t *)pict->data[1]; + pal = (uint32_t *)frame->data[1]; break; case AV_PIX_FMT_MONOBLACK: bpp = 1; @@ -166,7 +180,7 @@ static int pcx_encode_frame(AVCodecContext *avctx, AVPacket *pkt, while (buf - pkt->data < 128) *buf++= 0; - src = pict->data[0]; + src = frame->data[0]; for (y = 0; y < avctx->height; y++) { if ((written = pcx_rle_encode(buf, buf_end - buf, @@ -175,7 +189,7 @@ static int pcx_encode_frame(AVCodecContext *avctx, AVPacket *pkt, return -1; } buf += written; - src += pict->linesize[0]; + src += frame->linesize[0]; } if (nplanes == 1 && bpp == 8) { @@ -201,6 +215,8 @@ AVCodec ff_pcx_encoder = { .long_name = NULL_IF_CONFIG_SMALL("PC Paintbrush PCX image"), .type = AVMEDIA_TYPE_VIDEO, .id = AV_CODEC_ID_PCX, + .init = pcx_encode_init, + .close = pcx_encode_close, .encode2 = pcx_encode_frame, .pix_fmts = (const enum AVPixelFormat[]){ AV_PIX_FMT_RGB24, diff --git a/libavcodec/roqvideo.h b/libavcodec/roqvideo.h index 3834897252..39dda0c88b 100644 --- a/libavcodec/roqvideo.h +++ b/libavcodec/roqvideo.h @@ -44,7 +44,6 @@ struct RoqTempData; typedef struct RoqContext { AVCodecContext *avctx; - AVFrame frames[2]; AVFrame *last_frame; AVFrame *current_frame; int first_frame; From 7442aa20fad1fc30c1b079b72d62cf26bee45acd Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 17 Nov 2013 03:31:32 +0100 Subject: [PATCH 084/562] Merge commit 'd48c20630214a4effcc920e93a5044bee4e2002e' * commit 'd48c20630214a4effcc920e93a5044bee4e2002e': qtrleenc: use the AVFrame API properly. ulti: use the AVFrame API properly. vc1: use the AVFrame API properly. flashsv: use the AVFrame API properly. Conflicts: libavcodec/flashsv.c libavcodec/qtrleenc.c libavcodec/ulti.c libavcodec/vc1dec.c Merged-by: Michael Niedermayer (cherry picked from commit 92cbd775687204f9750a09c69f97702719036aab) Conflicts: libavcodec/flashsv.c Author of the merged code: Anton Khirnov --- libavcodec/flashsv.c | 61 +++++++++++++++++++++++-------------------- libavcodec/qtrleenc.c | 44 +++++++++++++++++-------------- libavcodec/ulti.c | 24 ++++++++--------- libavcodec/vc1.h | 2 +- libavcodec/vc1dec.c | 16 +++++++----- 5 files changed, 80 insertions(+), 67 deletions(-) diff --git a/libavcodec/flashsv.c b/libavcodec/flashsv.c index 3d185d5184..65b9da42dd 100644 --- a/libavcodec/flashsv.c +++ b/libavcodec/flashsv.c @@ -50,7 +50,7 @@ typedef struct BlockInfo { typedef struct FlashSVContext { AVCodecContext *avctx; - AVFrame frame; + AVFrame *frame; int image_width, image_height; int block_width, block_height; uint8_t *tmpblock; @@ -100,6 +100,19 @@ static int decode_hybrid(const uint8_t *sptr, uint8_t *dptr, int dx, int dy, return sptr - orig_src; } +static av_cold int flashsv_decode_end(AVCodecContext *avctx) +{ + FlashSVContext *s = avctx->priv_data; + inflateEnd(&s->zstream); + /* release the frame if needed */ + av_frame_free(&s->frame); + + /* free the tmpblock */ + av_freep(&s->tmpblock); + + return 0; +} + static av_cold int flashsv_decode_init(AVCodecContext *avctx) { FlashSVContext *s = avctx->priv_data; @@ -115,7 +128,12 @@ static av_cold int flashsv_decode_init(AVCodecContext *avctx) return 1; } avctx->pix_fmt = AV_PIX_FMT_BGR24; - avcodec_get_frame_defaults(&s->frame); + + s->frame = av_frame_alloc(); + if (!s->frame) { + flashsv_decode_end(avctx); + return AVERROR(ENOMEM); + } return 0; } @@ -205,18 +223,18 @@ static int flashsv_decode_block(AVCodecContext *avctx, AVPacket *avpkt, /* Flash Screen Video stores the image upside down, so copy * lines to destination in reverse order. */ for (k = 1; k <= s->diff_height; k++) { - memcpy(s->frame.data[0] + x_pos * 3 + - (s->image_height - y_pos - s->diff_start - k) * s->frame.linesize[0], + memcpy(s->frame->data[0] + x_pos * 3 + + (s->image_height - y_pos - s->diff_start - k) * s->frame->linesize[0], line, width * 3); /* advance source pointer to next line */ line += width * 3; } } else { /* hybrid 15-bit/palette mode */ - decode_hybrid(s->tmpblock, s->frame.data[0], + decode_hybrid(s->tmpblock, s->frame->data[0], s->image_height - (y_pos + 1 + s->diff_start + s->diff_height), x_pos, s->diff_height, width, - s->frame.linesize[0], s->pal); + s->frame->linesize[0], s->pal); } skip_bits_long(gb, 8 * block_size); /* skip the consumed bits */ return 0; @@ -337,7 +355,7 @@ static int flashsv_decode_frame(AVCodecContext *avctx, void *data, s->image_width, s->image_height, s->block_width, s->block_height, h_blocks, v_blocks, h_part, v_part); - if ((ret = ff_reget_buffer(avctx, &s->frame)) < 0) + if ((ret = ff_reget_buffer(avctx, s->frame)) < 0) return ret; /* loop over all block columns */ @@ -362,7 +380,7 @@ static int flashsv_decode_frame(AVCodecContext *avctx, void *data, s->diff_height = cur_blk_height; if (8 * size > get_bits_left(&gb)) { - av_frame_unref(&s->frame); + av_frame_unref(s->frame); return AVERROR_INVALIDDATA; } @@ -418,11 +436,11 @@ static int flashsv_decode_frame(AVCodecContext *avctx, void *data, if (has_diff) { int k; - int off = (s->image_height - y_pos - 1) * s->frame.linesize[0]; + int off = (s->image_height - y_pos - 1) * s->frame->linesize[0]; for (k = 0; k < cur_blk_height; k++) - memcpy(s->frame.data[0] + off - k*s->frame.linesize[0] + x_pos*3, - s->keyframe + off - k*s->frame.linesize[0] + x_pos*3, + memcpy(s->frame->data[0] + off - k*s->frame->linesize[0] + x_pos*3, + s->keyframe + off - k*s->frame->linesize[0] + x_pos*3, cur_blk_width * 3); } @@ -439,16 +457,16 @@ static int flashsv_decode_frame(AVCodecContext *avctx, void *data, } if (s->is_keyframe && s->ver == 2) { if (!s->keyframe) { - s->keyframe = av_malloc(s->frame.linesize[0] * avctx->height); + s->keyframe = av_malloc(s->frame->linesize[0] * avctx->height); if (!s->keyframe) { av_log(avctx, AV_LOG_ERROR, "Cannot allocate image data\n"); return AVERROR(ENOMEM); } } - memcpy(s->keyframe, s->frame.data[0], s->frame.linesize[0] * avctx->height); + memcpy(s->keyframe, s->frame->data[0], s->frame->linesize[0] * avctx->height); } - if ((ret = av_frame_ref(data, &s->frame)) < 0) + if ((ret = av_frame_ref(data, s->frame)) < 0) return ret; *got_frame = 1; @@ -461,21 +479,6 @@ static int flashsv_decode_frame(AVCodecContext *avctx, void *data, return buf_size; } - -static av_cold int flashsv_decode_end(AVCodecContext *avctx) -{ - FlashSVContext *s = avctx->priv_data; - inflateEnd(&s->zstream); - /* release the frame if needed */ - av_frame_unref(&s->frame); - - /* free the tmpblock */ - av_free(s->tmpblock); - - return 0; -} - - #if CONFIG_FLASHSV_DECODER AVCodec ff_flashsv_decoder = { .name = "flashsv", diff --git a/libavcodec/qtrleenc.c b/libavcodec/qtrleenc.c index 2395cffb0d..7f9525abe0 100644 --- a/libavcodec/qtrleenc.c +++ b/libavcodec/qtrleenc.c @@ -36,7 +36,6 @@ typedef struct QtrleEncContext { AVCodecContext *avctx; - AVFrame frame; int pixel_size; AVPicture previous_frame; unsigned int max_buf_size; @@ -61,6 +60,19 @@ typedef struct QtrleEncContext { uint8_t* skip_table; } QtrleEncContext; +static av_cold int qtrle_encode_end(AVCodecContext *avctx) +{ + QtrleEncContext *s = avctx->priv_data; + + av_frame_free(&avctx->coded_frame); + + avpicture_free(&s->previous_frame); + av_free(s->rlecode_table); + av_free(s->length_table); + av_free(s->skip_table); + return 0; +} + static av_cold int qtrle_encode_init(AVCodecContext *avctx) { QtrleEncContext *s = avctx->priv_data; @@ -108,7 +120,13 @@ static av_cold int qtrle_encode_init(AVCodecContext *avctx) + 15 /* header + footer */ + s->avctx->height*2 /* skip code+rle end */ + s->logical_width/MAX_RLE_BULK + 1 /* rle codes */; - avctx->coded_frame = &s->frame; + + avctx->coded_frame = av_frame_alloc(); + if (!avctx->coded_frame) { + qtrle_encode_end(avctx); + return AVERROR(ENOMEM); + } + return 0; } @@ -197,7 +215,7 @@ static void qtrle_encode_line(QtrleEncContext *s, const AVFrame *p, int line, ui } } - if (!s->frame.key_frame && !memcmp(this_line, prev_line, s->pixel_size)) + if (!s->avctx->coded_frame->key_frame && !memcmp(this_line, prev_line, s->pixel_size)) skipcount = FFMIN(skipcount + 1, MAX_RLE_SKIP); else skipcount = 0; @@ -308,7 +326,7 @@ static int encode_frame(QtrleEncContext *s, const AVFrame *p, uint8_t *buf) int end_line = s->avctx->height; uint8_t *orig_buf = buf; - if (!s->frame.key_frame) { + if (!s->avctx->coded_frame->key_frame) { unsigned line_size = s->logical_width * s->pixel_size; for (start_line = 0; start_line < s->avctx->height; start_line++) if (memcmp(p->data[0] + start_line*p->linesize[0], @@ -346,11 +364,9 @@ static int qtrle_encode_frame(AVCodecContext *avctx, AVPacket *pkt, const AVFrame *pict, int *got_packet) { QtrleEncContext * const s = avctx->priv_data; - AVFrame * const p = &s->frame; + AVFrame * const p = avctx->coded_frame; int ret; - *p = *pict; - if ((ret = ff_alloc_packet2(avctx, pkt, s->max_buf_size)) < 0) return ret; @@ -367,7 +383,8 @@ static int qtrle_encode_frame(AVCodecContext *avctx, AVPacket *pkt, pkt->size = encode_frame(s, pict, pkt->data); /* save the current frame */ - av_picture_copy(&s->previous_frame, (AVPicture *)p, avctx->pix_fmt, avctx->width, avctx->height); + av_picture_copy(&s->previous_frame, (const AVPicture *)pict, + avctx->pix_fmt, avctx->width, avctx->height); if (p->key_frame) pkt->flags |= AV_PKT_FLAG_KEY; @@ -376,17 +393,6 @@ static int qtrle_encode_frame(AVCodecContext *avctx, AVPacket *pkt, return 0; } -static av_cold int qtrle_encode_end(AVCodecContext *avctx) -{ - QtrleEncContext *s = avctx->priv_data; - - avpicture_free(&s->previous_frame); - av_free(s->rlecode_table); - av_free(s->length_table); - av_free(s->skip_table); - return 0; -} - AVCodec ff_qtrle_encoder = { .name = "qtrle", .long_name = NULL_IF_CONFIG_SMALL("QuickTime Animation (RLE) video"), diff --git a/libavcodec/ulti.c b/libavcodec/ulti.c index aee713fe1d..6b762148bb 100644 --- a/libavcodec/ulti.c +++ b/libavcodec/ulti.c @@ -37,7 +37,7 @@ typedef struct UltimotionDecodeContext { AVCodecContext *avctx; int width, height, blocks; - AVFrame frame; + AVFrame *frame; const uint8_t *ulti_codebook; GetByteContext gb; } UltimotionDecodeContext; @@ -51,19 +51,19 @@ static av_cold int ulti_decode_init(AVCodecContext *avctx) s->height = avctx->height; s->blocks = (s->width / 8) * (s->height / 8); avctx->pix_fmt = AV_PIX_FMT_YUV410P; - avctx->coded_frame = &s->frame; - avctx->coded_frame = (AVFrame*) &s->frame; s->ulti_codebook = ulti_codebook; - avcodec_get_frame_defaults(&s->frame); + + s->frame = av_frame_alloc(); + if (!s->frame) + return AVERROR(ENOMEM); return 0; } static av_cold int ulti_decode_end(AVCodecContext *avctx){ UltimotionDecodeContext *s = avctx->priv_data; - AVFrame *pic = &s->frame; - av_frame_unref(pic); + av_frame_free(&s->frame); return 0; } @@ -227,7 +227,7 @@ static int ulti_decode_frame(AVCodecContext *avctx, int skip; int tmp; - if ((ret = ff_reget_buffer(avctx, &s->frame)) < 0) + if ((ret = ff_reget_buffer(avctx, s->frame)) < 0) return ret; bytestream2_init(&s->gb, buf, buf_size); @@ -368,7 +368,7 @@ static int ulti_decode_frame(AVCodecContext *avctx, Luma[14] = (tmp >> 6) & 0x3F; Luma[15] = tmp & 0x3F; - ulti_convert_yuv(&s->frame, tx, ty, Luma, chroma); + ulti_convert_yuv(s->frame, tx, ty, Luma, chroma); } else { if (bytestream2_get_bytes_left(&s->gb) < 4) goto err; @@ -380,20 +380,20 @@ static int ulti_decode_frame(AVCodecContext *avctx, Y[1] = tmp & 0x3F; Y[2] = bytestream2_get_byteu(&s->gb) & 0x3F; Y[3] = bytestream2_get_byteu(&s->gb) & 0x3F; - ulti_grad(&s->frame, tx, ty, Y, chroma, angle); //draw block + ulti_grad(s->frame, tx, ty, Y, chroma, angle); //draw block } else { // some patterns int f0, f1; f0 = bytestream2_get_byteu(&s->gb); f1 = tmp; Y[0] = bytestream2_get_byteu(&s->gb) & 0x3F; Y[1] = bytestream2_get_byteu(&s->gb) & 0x3F; - ulti_pattern(&s->frame, tx, ty, f1, f0, Y[0], Y[1], chroma); + ulti_pattern(s->frame, tx, ty, f1, f0, Y[0], Y[1], chroma); } } break; } if(code != 3) - ulti_grad(&s->frame, tx, ty, Y, chroma, angle); // draw block + ulti_grad(s->frame, tx, ty, Y, chroma, angle); // draw block } blocks++; x += 8; @@ -405,7 +405,7 @@ static int ulti_decode_frame(AVCodecContext *avctx, } *got_frame = 1; - if ((ret = av_frame_ref(data, &s->frame)) < 0) + if ((ret = av_frame_ref(data, s->frame)) < 0) return ret; return buf_size; diff --git a/libavcodec/vc1.h b/libavcodec/vc1.h index c77ab7ce09..df69c77a4d 100644 --- a/libavcodec/vc1.h +++ b/libavcodec/vc1.h @@ -378,7 +378,7 @@ typedef struct VC1Context{ //@{ int new_sprite; int two_sprites; - AVFrame sprite_output_frame; + AVFrame *sprite_output_frame; int output_width, output_height, sprite_width, sprite_height; uint8_t* sr_rows[2][2]; ///< Sprite resizer line cache //@} diff --git a/libavcodec/vc1dec.c b/libavcodec/vc1dec.c index 682a9d2000..2604a95174 100644 --- a/libavcodec/vc1dec.c +++ b/libavcodec/vc1dec.c @@ -5365,8 +5365,8 @@ static void vc1_draw_sprites(VC1Context *v, SpriteData* sd) int width = v->output_width>>!!plane; for (row = 0; row < v->output_height>>!!plane; row++) { - uint8_t *dst = v->sprite_output_frame.data[plane] + - v->sprite_output_frame.linesize[plane] * row; + uint8_t *dst = v->sprite_output_frame->data[plane] + + v->sprite_output_frame->linesize[plane] * row; for (sprite = 0; sprite <= v->two_sprites; sprite++) { uint8_t *iplane = s->current_picture.f.data[plane]; @@ -5457,8 +5457,8 @@ static int vc1_decode_sprites(VC1Context *v, GetBitContext* gb) v->two_sprites = 0; } - av_frame_unref(&v->sprite_output_frame); - if ((ret = ff_get_buffer(avctx, &v->sprite_output_frame, 0)) < 0) + av_frame_unref(v->sprite_output_frame); + if ((ret = ff_get_buffer(avctx, v->sprite_output_frame, 0)) < 0) return ret; vc1_draw_sprites(v, &sd); @@ -5685,6 +5685,10 @@ static av_cold int vc1_decode_init(AVCodecContext *avctx) v->res_sprite = (avctx->codec_id == AV_CODEC_ID_VC1IMAGE); } + v->sprite_output_frame = av_frame_alloc(); + if (!v->sprite_output_frame) + return AVERROR(ENOMEM); + avctx->profile = v->profile; if (v->profile == PROFILE_ADVANCED) avctx->level = v->level; @@ -5731,7 +5735,7 @@ av_cold int ff_vc1_decode_end(AVCodecContext *avctx) VC1Context *v = avctx->priv_data; int i; - av_frame_unref(&v->sprite_output_frame); + av_frame_free(&v->sprite_output_frame); for (i = 0; i < 4; i++) av_freep(&v->sr_rows[i >> 1][i & 1]); @@ -6186,7 +6190,7 @@ image: if (vc1_decode_sprites(v, &s->gb)) goto err; #endif - if ((ret = av_frame_ref(pict, &v->sprite_output_frame)) < 0) + if ((ret = av_frame_ref(pict, v->sprite_output_frame)) < 0) goto err; *got_frame = 1; } else { From 345e2a2b43885611f1d44d975235ba0db63b8de8 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 17 Nov 2013 13:27:46 +0100 Subject: [PATCH 085/562] Merge remote-tracking branch 'qatar/master' * qatar/master: mpegvideo_enc: use the AVFrame API properly. ffv1: use the AVFrame API properly. jpegls: use the AVFrame API properly. huffyuv: use the AVFrame API properly. Conflicts: libavcodec/ffv1.c libavcodec/ffv1.h libavcodec/ffv1dec.c libavcodec/ffv1enc.c Changes to ffv1 are more redone than merged due to them being based on an ancient codebase and a good part of that having being done already as well. Merged-by: Michael Niedermayer (cherry picked from commit be1e6e7503b2f10b0176201418eb97912cee093f) Conflicts: libavcodec/ffv1enc.c libavcodec/mpegvideo.h libavcodec/mpegvideo_enc.c Author of the merged code: Anton Khirnov --- libavcodec/ffv1.c | 1 + libavcodec/ffv1dec.c | 12 ++++----- libavcodec/ffv1enc.c | 27 ++++++++++++++----- libavcodec/huffyuv.h | 1 - libavcodec/huffyuvdec.c | 1 - libavcodec/huffyuvenc.c | 15 ++++++----- libavcodec/jpegls.h | 1 - libavcodec/jpeglsenc.c | 27 ++++++++++--------- libavcodec/mpegvideo.h | 3 +++ libavcodec/mpegvideo_enc.c | 55 +++++++++++++++++++++----------------- 10 files changed, 84 insertions(+), 59 deletions(-) diff --git a/libavcodec/ffv1.c b/libavcodec/ffv1.c index 9f3206f92c..f46ed26409 100644 --- a/libavcodec/ffv1.c +++ b/libavcodec/ffv1.c @@ -53,6 +53,7 @@ av_cold int ffv1_common_init(AVCodecContext *avctx) s->last_picture.f = av_frame_alloc(); if (!s->picture.f || !s->last_picture.f) return AVERROR(ENOMEM); + ff_dsputil_init(&s->dsp, avctx); s->width = avctx->width; diff --git a/libavcodec/ffv1dec.c b/libavcodec/ffv1dec.c index 0add4ffa57..166bc259f0 100644 --- a/libavcodec/ffv1dec.c +++ b/libavcodec/ffv1dec.c @@ -938,12 +938,12 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame, AVPac uint8_t *dst[4]; ff_thread_await_progress(&f->last_picture, INT_MAX, 0); for (j = 0; j < 4; j++) { - int sh = (j==1 || j==2) ? f->chroma_h_shift : 0; - int sv = (j==1 || j==2) ? f->chroma_v_shift : 0; - dst[j] = p->data[j] + p->linesize[j]* - (fs->slice_y>>sv) + (fs->slice_x>>sh); - src[j] = f->last_picture.f->data[j] + f->last_picture.f->linesize[j]* - (fs->slice_y>>sv) + (fs->slice_x>>sh); + int sh = (j == 1 || j == 2) ? f->chroma_h_shift : 0; + int sv = (j == 1 || j == 2) ? f->chroma_v_shift : 0; + dst[j] = p->data[j] + p->linesize[j] * + (fs->slice_y >> sv) + (fs->slice_x >> sh); + src[j] = f->last_picture.f->data[j] + f->last_picture.f->linesize[j] * + (fs->slice_y >> sv) + (fs->slice_x >> sh); } av_image_copy(dst, p->linesize, (const uint8_t **)src, f->last_picture.f->linesize, diff --git a/libavcodec/ffv1enc.c b/libavcodec/ffv1enc.c index 885e005e9e..72e15a477e 100644 --- a/libavcodec/ffv1enc.c +++ b/libavcodec/ffv1enc.c @@ -830,6 +830,12 @@ static av_cold int encode_init(AVCodecContext *avctx) if ((ret = ffv1_allocate_initial_states(s)) < 0) return ret; + avctx->coded_frame = av_frame_alloc(); + if (!avctx->coded_frame) + return AVERROR(ENOMEM); + + avctx->coded_frame->pict_type = AV_PICTURE_TYPE_I; + if (!s->transparency) s->plane_count = 2; if (!s->chroma_planes && s->version > 3) @@ -1000,7 +1006,7 @@ static int encode_slice(AVCodecContext *c, void *arg) int height = fs->slice_height; int x = fs->slice_x; int y = fs->slice_y; - AVFrame *const p = f->picture.f; + const AVFrame *const p = f->picture.f; const int ps = av_pix_fmt_desc_get(c->pix_fmt)->comp[0].step_minus1 + 1; int ret; RangeCoder c_bak = fs->c; @@ -1008,7 +1014,7 @@ static int encode_slice(AVCodecContext *c, void *arg) fs->slice_coding_mode = 0; retry: - if (p->key_frame) + if (c->coded_frame->key_frame) ffv1_clear_slice_state(f, fs); if (f->version > 2) { encode_slice_header(f, fs); @@ -1084,16 +1090,16 @@ static int encode_frame(AVCodecContext *avctx, AVPacket *pkt, av_frame_unref(p); if ((ret = av_frame_ref(p, pict)) < 0) return ret; - p->pict_type = AV_PICTURE_TYPE_I; + avctx->coded_frame->pict_type = AV_PICTURE_TYPE_I; if (avctx->gop_size == 0 || f->picture_number % avctx->gop_size == 0) { put_rac(c, &keystate, 1); - p->key_frame = 1; + avctx->coded_frame->key_frame = 1; f->gob_count++; write_header(f); } else { put_rac(c, &keystate, 0); - p->key_frame = 0; + avctx->coded_frame->key_frame = 0; } if (f->ac > 1) { @@ -1188,12 +1194,19 @@ static int encode_frame(AVCodecContext *avctx, AVPacket *pkt, f->picture_number++; pkt->size = buf_p - pkt->data; - pkt->flags |= AV_PKT_FLAG_KEY * p->key_frame; + pkt->flags |= AV_PKT_FLAG_KEY * avctx->coded_frame->key_frame; *got_packet = 1; return 0; } +static av_cold int encode_close(AVCodecContext *avctx) +{ + av_frame_free(&avctx->coded_frame); + ffv1_close(avctx); + return 0; +} + #define OFFSET(x) offsetof(FFV1Context, x) #define VE AV_OPT_FLAG_VIDEO_PARAM | AV_OPT_FLAG_ENCODING_PARAM static const AVOption options[] = { @@ -1221,7 +1234,7 @@ AVCodec ff_ffv1_encoder = { .priv_data_size = sizeof(FFV1Context), .init = encode_init, .encode2 = encode_frame, - .close = ffv1_close, + .close = encode_close, .capabilities = CODEC_CAP_SLICE_THREADS, .pix_fmts = (const enum AVPixelFormat[]) { AV_PIX_FMT_YUV420P, AV_PIX_FMT_YUVA420P, AV_PIX_FMT_YUVA422P, AV_PIX_FMT_YUV444P, diff --git a/libavcodec/huffyuv.h b/libavcodec/huffyuv.h index e34b562b76..e2cacc1ae4 100644 --- a/libavcodec/huffyuv.h +++ b/libavcodec/huffyuv.h @@ -78,7 +78,6 @@ typedef struct HYuvContext { uint32_t bits[3][256]; uint32_t pix_bgr_map[1<vlc, 0, 3 * sizeof(VLC)); - avcodec_get_frame_defaults(&s->picture); s->interlaced = s->height > 288; s->bgr32 = 1; diff --git a/libavcodec/huffyuvenc.c b/libavcodec/huffyuvenc.c index c56e281014..3a55d543a9 100644 --- a/libavcodec/huffyuvenc.c +++ b/libavcodec/huffyuvenc.c @@ -156,7 +156,12 @@ static av_cold int encode_init(AVCodecContext *avctx) } s->version = 2; - avctx->coded_frame = &s->picture; + avctx->coded_frame = av_frame_alloc(); + if (!avctx->coded_frame) + return AVERROR(ENOMEM); + + avctx->coded_frame->pict_type = AV_PICTURE_TYPE_I; + avctx->coded_frame->key_frame = 1; switch (avctx->pix_fmt) { case AV_PIX_FMT_YUV420P: @@ -446,16 +451,12 @@ static int encode_frame(AVCodecContext *avctx, AVPacket *pkt, const int fake_ystride = s->interlaced ? pict->linesize[0]*2 : pict->linesize[0]; const int fake_ustride = s->interlaced ? pict->linesize[1]*2 : pict->linesize[1]; const int fake_vstride = s->interlaced ? pict->linesize[2]*2 : pict->linesize[2]; - AVFrame * const p = &s->picture; + const AVFrame * const p = pict; int i, j, size = 0, ret; if ((ret = ff_alloc_packet2(avctx, pkt, width * height * 3 * 4 + FF_MIN_BUFFER_SIZE)) < 0) return ret; - *p = *pict; - p->pict_type = AV_PICTURE_TYPE_I; - p->key_frame = 1; - if (s->context) { for (i = 0; i < 3; i++) { ff_huff_gen_len_table(s->len[i], s->stats[i]); @@ -681,6 +682,8 @@ static av_cold int encode_end(AVCodecContext *avctx) av_freep(&avctx->extradata); av_freep(&avctx->stats_out); + av_frame_free(&avctx->coded_frame); + return 0; } diff --git a/libavcodec/jpegls.h b/libavcodec/jpegls.h index 2dc3832517..10ae054a7b 100644 --- a/libavcodec/jpegls.h +++ b/libavcodec/jpegls.h @@ -33,7 +33,6 @@ typedef struct JpeglsContext { AVCodecContext *avctx; - AVFrame picture; } JpeglsContext; typedef struct JLSState { diff --git a/libavcodec/jpeglsenc.c b/libavcodec/jpeglsenc.c index 308d6d3e68..030178f9ac 100644 --- a/libavcodec/jpeglsenc.c +++ b/libavcodec/jpeglsenc.c @@ -249,8 +249,7 @@ static void ls_store_lse(JLSState *state, PutBitContext *pb) static int encode_picture_ls(AVCodecContext *avctx, AVPacket *pkt, const AVFrame *pict, int *got_packet) { - JpeglsContext *const s = avctx->priv_data; - AVFrame *const p = &s->picture; + const AVFrame *const p = pict; const int near = avctx->prediction_method; PutBitContext pb, pb2; GetBitContext gb; @@ -259,10 +258,6 @@ static int encode_picture_ls(AVCodecContext *avctx, AVPacket *pkt, int i, size, ret; int comps; - *p = *pict; - p->pict_type = AV_PICTURE_TYPE_I; - p->key_frame = 1; - if (avctx->pix_fmt == AV_PIX_FMT_GRAY8 || avctx->pix_fmt == AV_PIX_FMT_GRAY16) comps = 1; @@ -349,7 +344,7 @@ static int encode_picture_ls(AVCodecContext *avctx, AVPacket *pkt, Rc[j] = last[j]; } last = cur; - cur += s->picture.linesize[0]; + cur += p->linesize[0]; } } else if (avctx->pix_fmt == AV_PIX_FMT_BGR24) { int j, width; @@ -363,7 +358,7 @@ static int encode_picture_ls(AVCodecContext *avctx, AVPacket *pkt, Rc[j] = last[j]; } last = cur; - cur += s->picture.linesize[0]; + cur += p->linesize[0]; } } @@ -403,12 +398,20 @@ static int encode_picture_ls(AVCodecContext *avctx, AVPacket *pkt, return 0; } +static av_cold int encode_close(AVCodecContext *avctx) +{ + av_frame_free(&avctx->coded_frame); + return 0; +} + static av_cold int encode_init_ls(AVCodecContext *ctx) { - JpeglsContext *c = (JpeglsContext *)ctx->priv_data; + ctx->coded_frame = av_frame_alloc(); + if (!ctx->coded_frame) + return AVERROR(ENOMEM); - c->avctx = ctx; - ctx->coded_frame = &c->picture; + ctx->coded_frame->pict_type = AV_PICTURE_TYPE_I; + ctx->coded_frame->key_frame = 1; if (ctx->pix_fmt != AV_PIX_FMT_GRAY8 && ctx->pix_fmt != AV_PIX_FMT_GRAY16 && @@ -426,8 +429,8 @@ AVCodec ff_jpegls_encoder = { .long_name = NULL_IF_CONFIG_SMALL("JPEG-LS"), .type = AVMEDIA_TYPE_VIDEO, .id = AV_CODEC_ID_JPEGLS, - .priv_data_size = sizeof(JpeglsContext), .init = encode_init_ls, + .close = encode_close, .encode2 = encode_picture_ls, .pix_fmts = (const enum AVPixelFormat[]) { AV_PIX_FMT_BGR24, AV_PIX_FMT_RGB24, diff --git a/libavcodec/mpegvideo.h b/libavcodec/mpegvideo.h index 2152af2e10..3e5ee1a082 100644 --- a/libavcodec/mpegvideo.h +++ b/libavcodec/mpegvideo.h @@ -745,6 +745,9 @@ typedef struct MpegEncContext { int context_reinit; ERContext er; + + /* temporary frames used by b_frame_strategy = 2 */ + AVFrame *tmp_frames[FF_MAX_B_FRAMES + 2]; } MpegEncContext; #define REBASE_PICTURE(pic, new_ctx, old_ctx) \ diff --git a/libavcodec/mpegvideo_enc.c b/libavcodec/mpegvideo_enc.c index 9b503865c6..7035df475d 100644 --- a/libavcodec/mpegvideo_enc.c +++ b/libavcodec/mpegvideo_enc.c @@ -236,7 +236,7 @@ av_cold int ff_dct_encode_init(MpegEncContext *s) { av_cold int ff_MPV_encode_init(AVCodecContext *avctx) { MpegEncContext *s = avctx->priv_data; - int i; + int i, ret; int chroma_h_shift, chroma_v_shift; MPV_encode_defaults(s); @@ -876,12 +876,29 @@ av_cold int ff_MPV_encode_init(AVCodecContext *avctx) if (ff_rate_control_init(s) < 0) return -1; + if (avctx->b_frame_strategy == 2) { + for (i = 0; i < s->max_b_frames + 2; i++) { + s->tmp_frames[i] = av_frame_alloc(); + if (!s->tmp_frames[i]) + return AVERROR(ENOMEM); + + s->tmp_frames[i]->format = AV_PIX_FMT_YUV420P; + s->tmp_frames[i]->width = s->width >> avctx->brd_scale; + s->tmp_frames[i]->height = s->height >> avctx->brd_scale; + + ret = av_frame_get_buffer(s->tmp_frames[i], 32); + if (ret < 0) + return ret; + } + } + return 0; } av_cold int ff_MPV_encode_end(AVCodecContext *avctx) { MpegEncContext *s = avctx->priv_data; + int i; ff_rate_control_uninit(s); @@ -892,6 +909,9 @@ av_cold int ff_MPV_encode_end(AVCodecContext *avctx) av_freep(&avctx->extradata); + for (i = 0; i < FF_ARRAY_ELEMS(s->tmp_frames); i++) + av_frame_free(&s->tmp_frames[i]); + return 0; } @@ -1133,7 +1153,6 @@ static int estimate_best_b_count(MpegEncContext *s) { AVCodec *codec = avcodec_find_encoder(s->avctx->codec_id); AVCodecContext *c = avcodec_alloc_context3(NULL); - AVFrame input[FF_MAX_B_FRAMES + 2]; const int scale = s->avctx->brd_scale; int i, j, out_size, p_lambda, b_lambda, lambda2; int64_t best_rd = INT64_MAX; @@ -1168,19 +1187,9 @@ static int estimate_best_b_count(MpegEncContext *s) return -1; for (i = 0; i < s->max_b_frames + 2; i++) { - int ysize = c->width * c->height; - int csize = (c->width / 2) * (c->height / 2); Picture pre_input, *pre_input_ptr = i ? s->input_picture[i - 1] : s->next_picture_ptr; - avcodec_get_frame_defaults(&input[i]); - input[i].data[0] = av_malloc(ysize + 2 * csize); - input[i].data[1] = input[i].data[0] + ysize; - input[i].data[2] = input[i].data[1] + csize; - input[i].linesize[0] = c->width; - input[i].linesize[1] = - input[i].linesize[2] = c->width / 2; - if (pre_input_ptr && (!i || s->input_picture[i - 1])) { pre_input = *pre_input_ptr; @@ -1190,13 +1199,13 @@ static int estimate_best_b_count(MpegEncContext *s) pre_input.f.data[2] += INPLACE_OFFSET; } - s->dsp.shrink[scale](input[i].data[0], input[i].linesize[0], + s->dsp.shrink[scale](s->tmp_frames[i]->data[0], s->tmp_frames[i]->linesize[0], pre_input.f.data[0], pre_input.f.linesize[0], c->width, c->height); - s->dsp.shrink[scale](input[i].data[1], input[i].linesize[1], + s->dsp.shrink[scale](s->tmp_frames[i]->data[1], s->tmp_frames[i]->linesize[1], pre_input.f.data[1], pre_input.f.linesize[1], c->width >> 1, c->height >> 1); - s->dsp.shrink[scale](input[i].data[2], input[i].linesize[2], + s->dsp.shrink[scale](s->tmp_frames[i]->data[2], s->tmp_frames[i]->linesize[2], pre_input.f.data[2], pre_input.f.linesize[2], c->width >> 1, c->height >> 1); } @@ -1210,21 +1219,21 @@ static int estimate_best_b_count(MpegEncContext *s) c->error[0] = c->error[1] = c->error[2] = 0; - input[0].pict_type = AV_PICTURE_TYPE_I; - input[0].quality = 1 * FF_QP2LAMBDA; + s->tmp_frames[0]->pict_type = AV_PICTURE_TYPE_I; + s->tmp_frames[0]->quality = 1 * FF_QP2LAMBDA; - out_size = encode_frame(c, &input[0]); + out_size = encode_frame(c, s->tmp_frames[0]); //rd += (out_size * lambda2) >> FF_LAMBDA_SHIFT; for (i = 0; i < s->max_b_frames + 1; i++) { int is_p = i % (j + 1) == j || i == s->max_b_frames; - input[i + 1].pict_type = is_p ? + s->tmp_frames[i + 1]->pict_type = is_p ? AV_PICTURE_TYPE_P : AV_PICTURE_TYPE_B; - input[i + 1].quality = is_p ? p_lambda : b_lambda; + s->tmp_frames[i + 1]->quality = is_p ? p_lambda : b_lambda; - out_size = encode_frame(c, &input[i + 1]); + out_size = encode_frame(c, s->tmp_frames[i + 1]); rd += (out_size * lambda2) >> (FF_LAMBDA_SHIFT - 3); } @@ -1246,10 +1255,6 @@ static int estimate_best_b_count(MpegEncContext *s) avcodec_close(c); av_freep(&c); - for (i = 0; i < s->max_b_frames + 2; i++) { - av_freep(&input[i].data[0]); - } - return best_b_count; } From 82ec6183bcad7d88e3ce0f9d3c9c6a4ed17b13f8 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 9 Dec 2013 12:32:37 +0100 Subject: [PATCH 086/562] Merge commit 'e2274aa555f023e4f4e4819bf29b2d7e0adec7d5' * commit 'e2274aa555f023e4f4e4819bf29b2d7e0adec7d5': mjpegdec: use the AVFrame API properly. Conflicts: libavcodec/mjpegdec.c Merged-by: Michael Niedermayer (cherry picked from commit 639303867640d1880fad675472bc47e9c95f96c7) Author of the merged code: Anton Khirnov Signed-off-by: Michael Niedermayer --- libavcodec/mjpegdec.c | 18 ++++++++++++------ libavcodec/mjpegdec.h | 2 +- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index 5c25a07ac4..986e038b9a 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -87,9 +87,12 @@ av_cold int ff_mjpeg_decode_init(AVCodecContext *avctx) { MJpegDecodeContext *s = avctx->priv_data; - if (!s->picture_ptr) - s->picture_ptr = &s->picture; - avcodec_get_frame_defaults(&s->picture); + if (!s->picture_ptr) { + s->picture = av_frame_alloc(); + if (!s->picture) + return AVERROR(ENOMEM); + s->picture_ptr = s->picture; + } s->avctx = avctx; ff_hpeldsp_init(&s->hdsp, avctx->flags); @@ -1368,7 +1371,7 @@ next_field: s->last_dc[i] = (4 << s->bits); if (s->lossless) { - av_assert0(s->picture_ptr == &s->picture); + av_assert0(s->picture_ptr == s->picture); if (CONFIG_JPEGLS_DECODER && s->ls) { // for () { // reset_ls_coding_parameters(s, 0); @@ -1389,7 +1392,7 @@ next_field: } } else { if (s->progressive && predictor) { - av_assert0(s->picture_ptr == &s->picture); + av_assert0(s->picture_ptr == s->picture); if ((ret = mjpeg_decode_scan_progressive_ac(s, predictor, ilv, prev_shift, point_transform)) < 0) @@ -2035,7 +2038,10 @@ av_cold int ff_mjpeg_decode_end(AVCodecContext *avctx) av_log(avctx, AV_LOG_INFO, "Single field\n"); } - if (s->picture_ptr) + if (s->picture) { + av_frame_free(&s->picture); + s->picture_ptr = NULL; + } else if (s->picture_ptr) av_frame_unref(s->picture_ptr); av_free(s->buffer); diff --git a/libavcodec/mjpegdec.h b/libavcodec/mjpegdec.h index fa69d50389..1335c66b8d 100644 --- a/libavcodec/mjpegdec.h +++ b/libavcodec/mjpegdec.h @@ -90,7 +90,7 @@ typedef struct MJpegDecodeContext { int h_max, v_max; /* maximum h and v counts */ int quant_index[4]; /* quant table index for each component */ int last_dc[MAX_COMPONENTS]; /* last DEQUANTIZED dc (XXX: am I right to do that ?) */ - AVFrame picture; /* picture structure */ + AVFrame *picture; /* picture structure */ AVFrame *picture_ptr; /* pointer to picture structure */ int got_picture; ///< we found a SOF and picture is valid, too. int linesize[MAX_COMPONENTS]; ///< linesize << interlaced From f448478a311f2650e0bc48c79c67f2114d898919 Mon Sep 17 00:00:00 2001 From: anatoly Date: Sun, 27 Mar 2011 22:16:25 +0200 Subject: [PATCH 087/562] Add support for picture_ptr field in MJpegDecodeContext Signed-off-by: Anton Khirnov (cherry picked from commit e0e3b8b297bae5144f23fd4b46a1309857040b63) Conflicts: libavcodec/jpeglsdec.c libavcodec/mjpegbdec.c libavcodec/mjpegdec.c Signed-off-by: Michael Niedermayer (cherry picked from commit 2fade10cb0c53e6b2a663d8ce0566ba7c61013cf) Signed-off-by: Michael Niedermayer --- libavcodec/jpeglsdec.c | 22 +++++++++++----------- libavcodec/mjpegdec.c | 12 ++++++------ 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/libavcodec/jpeglsdec.c b/libavcodec/jpeglsdec.c index 1dda2073e5..190b9b6d26 100644 --- a/libavcodec/jpeglsdec.c +++ b/libavcodec/jpeglsdec.c @@ -281,9 +281,9 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int near, JLSState *state; int off = 0, stride = 1, width, shift, ret = 0; - zero = av_mallocz(s->picture.linesize[0]); + zero = av_mallocz(s->picture_ptr->linesize[0]); last = zero; - cur = s->picture.data[0]; + cur = s->picture_ptr->data[0]; state = av_mallocz(sizeof(JLSState)); /* initialize JPEG-LS state from JPEG parameters */ @@ -330,7 +330,7 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int near, t = *((uint16_t *)last); } last = cur; - cur += s->picture.linesize[0]; + cur += s->picture_ptr->linesize[0]; if (s->restart_interval && !--s->restart_count) { align_get_bits(&s->gb); @@ -341,7 +341,7 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int near, int j; int Rc[3] = { 0, 0, 0 }; stride = (s->nb_components > 1) ? 3 : 1; - memset(cur, 0, s->picture.linesize[0]); + memset(cur, 0, s->picture_ptr->linesize[0]); width = s->width * stride; for (i = 0; i < s->height; i++) { for (j = 0; j < stride; j++) { @@ -355,7 +355,7 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int near, } } last = cur; - cur += s->picture.linesize[0]; + cur += s->picture_ptr->linesize[0]; } } else if (ilv == 2) { /* sample interleaving */ avpriv_report_missing_feature(s->avctx, "Sample interleaved images"); @@ -369,7 +369,7 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int near, w = s->width * s->nb_components; if (s->bits <= 8) { - uint8_t *src = s->picture.data[0]; + uint8_t *src = s->picture_ptr->data[0]; for (i = 0; i < s->height; i++) { switch(s->xfrm) { @@ -404,7 +404,7 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int near, } break; } - src += s->picture.linesize[0]; + src += s->picture_ptr->linesize[0]; } }else avpriv_report_missing_feature(s->avctx, "16bit xfrm"); @@ -416,20 +416,20 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int near, w = s->width * s->nb_components; if (s->bits <= 8) { - uint8_t *src = s->picture.data[0]; + uint8_t *src = s->picture_ptr->data[0]; for (i = 0; i < s->height; i++) { for (x = off; x < w; x += stride) src[x] <<= shift; - src += s->picture.linesize[0]; + src += s->picture_ptr->linesize[0]; } } else { - uint16_t *src = (uint16_t *)s->picture.data[0]; + uint16_t *src = (uint16_t *)s->picture_ptr->data[0]; for (i = 0; i < s->height; i++) { for (x = 0; x < w; x++) src[x] <<= shift; - src += s->picture.linesize[0] / 2; + src += s->picture_ptr->linesize[0] / 2; } } } diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index 986e038b9a..f4e082f05b 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -826,7 +826,7 @@ static int ljpeg_decode_rgb_scan(MJpegDecodeContext *s, int nb_components, int p buffer[0][i] = 1 << (s->bits - 1); for (mb_y = 0; mb_y < s->mb_height; mb_y++) { - uint8_t *ptr = s->picture.data[0] + (linesize * mb_y); + uint8_t *ptr = s->picture_ptr->data[0] + (linesize * mb_y); if (s->interlaced && s->bottom_field) ptr += linesize >> 1; @@ -960,7 +960,7 @@ static int ljpeg_decode_yuv_scan(MJpegDecodeContext *s, int predictor, if(dc == 0xFFFFF) return -1; if(bits<=8){ - ptr = s->picture.data[c] + (linesize * (v * mb_y + y)) + (h * mb_x + x); //FIXME optimize this crap + ptr = s->picture_ptr->data[c] + (linesize * (v * mb_y + y)) + (h * mb_x + x); //FIXME optimize this crap if(y==0 && toprow){ if(x==0 && leftcol){ pred= 1 << (bits - 1); @@ -980,7 +980,7 @@ static int ljpeg_decode_yuv_scan(MJpegDecodeContext *s, int predictor, pred &= mask; *ptr= pred + (dc << point_transform); }else{ - ptr16 = (uint16_t*)(s->picture.data[c] + 2*(linesize * (v * mb_y + y)) + 2*(h * mb_x + x)); //FIXME optimize this crap + ptr16 = (uint16_t*)(s->picture_ptr->data[c] + 2*(linesize * (v * mb_y + y)) + 2*(h * mb_x + x)); //FIXME optimize this crap if(y==0 && toprow){ if(x==0 && leftcol){ pred= 1 << (bits - 1); @@ -1028,7 +1028,7 @@ static int ljpeg_decode_yuv_scan(MJpegDecodeContext *s, int predictor, if(dc == 0xFFFFF) return -1; if(bits<=8){ - ptr = s->picture.data[c] + + ptr = s->picture_ptr->data[c] + (linesize * (v * mb_y + y)) + (h * mb_x + x); //FIXME optimize this crap PREDICT(pred, ptr[-linesize-1], ptr[-linesize], ptr[-1], predictor); @@ -1036,7 +1036,7 @@ static int ljpeg_decode_yuv_scan(MJpegDecodeContext *s, int predictor, pred &= mask; *ptr = pred + (dc << point_transform); }else{ - ptr16 = (uint16_t*)(s->picture.data[c] + 2*(linesize * (v * mb_y + y)) + 2*(h * mb_x + x)); //FIXME optimize this crap + ptr16 = (uint16_t*)(s->picture_ptr->data[c] + 2*(linesize * (v * mb_y + y)) + 2*(h * mb_x + x)); //FIXME optimize this crap PREDICT(pred, ptr16[-linesize-1], ptr16[-linesize], ptr16[-1], predictor); pred &= mask; @@ -1210,7 +1210,7 @@ static int mjpeg_decode_scan_progressive_ac(MJpegDecodeContext *s, int ss, int mb_x, mb_y; int EOBRUN = 0; int c = s->comp_index[0]; - uint8_t *data = s->picture.data[c]; + uint8_t *data = s->picture_ptr->data[c]; int linesize = s->linesize[c]; int last_scan = 0; int16_t *quant_matrix = s->quant_matrixes[s->quant_sindex[0]]; From 09965ae7d810e67af17b992a84a90ba4d2787b10 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 9 Dec 2013 12:54:59 +0100 Subject: [PATCH 088/562] Merge commit 'afa21a12bf084f905187615706b0a8d92bc98661' * commit 'afa21a12bf084f905187615706b0a8d92bc98661': p*menc: use the AVFrame API properly. Conflicts: libavcodec/Makefile libavcodec/pamenc.c libavcodec/pnmenc.c Merged-by: Michael Niedermayer (cherry picked from commit 37945584bfb29f187e38531c90bb02a32014e48d) Author of the merged code: Anton Khirnov Signed-off-by: Michael Niedermayer --- libavcodec/Makefile | 10 +++---- libavcodec/pamenc.c | 44 +++++++++++++++++++++---------- libavcodec/pnmenc.c | 63 +++++++++++++++++++++++++++++---------------- 3 files changed, 76 insertions(+), 41 deletions(-) diff --git a/libavcodec/Makefile b/libavcodec/Makefile index d46c5462a5..f60f752b75 100644 --- a/libavcodec/Makefile +++ b/libavcodec/Makefile @@ -331,22 +331,22 @@ OBJS-$(CONFIG_NUV_DECODER) += nuv.o rtjpeg.o OBJS-$(CONFIG_PAF_VIDEO_DECODER) += paf.o OBJS-$(CONFIG_PAF_AUDIO_DECODER) += paf.o OBJS-$(CONFIG_PAM_DECODER) += pnmdec.o pnm.o -OBJS-$(CONFIG_PAM_ENCODER) += pamenc.o pnm.o +OBJS-$(CONFIG_PAM_ENCODER) += pamenc.o OBJS-$(CONFIG_PBM_DECODER) += pnmdec.o pnm.o -OBJS-$(CONFIG_PBM_ENCODER) += pnmenc.o pnm.o +OBJS-$(CONFIG_PBM_ENCODER) += pnmenc.o OBJS-$(CONFIG_PCX_DECODER) += pcx.o OBJS-$(CONFIG_PCX_ENCODER) += pcxenc.o OBJS-$(CONFIG_PGM_DECODER) += pnmdec.o pnm.o -OBJS-$(CONFIG_PGM_ENCODER) += pnmenc.o pnm.o +OBJS-$(CONFIG_PGM_ENCODER) += pnmenc.o OBJS-$(CONFIG_PGMYUV_DECODER) += pnmdec.o pnm.o -OBJS-$(CONFIG_PGMYUV_ENCODER) += pnmenc.o pnm.o +OBJS-$(CONFIG_PGMYUV_ENCODER) += pnmenc.o OBJS-$(CONFIG_PGSSUB_DECODER) += pgssubdec.o OBJS-$(CONFIG_PICTOR_DECODER) += pictordec.o cga_data.o OBJS-$(CONFIG_PJS_DECODER) += textdec.o ass.o OBJS-$(CONFIG_PNG_DECODER) += png.o pngdec.o pngdsp.o OBJS-$(CONFIG_PNG_ENCODER) += png.o pngenc.o OBJS-$(CONFIG_PPM_DECODER) += pnmdec.o pnm.o -OBJS-$(CONFIG_PPM_ENCODER) += pnmenc.o pnm.o +OBJS-$(CONFIG_PPM_ENCODER) += pnmenc.o OBJS-$(CONFIG_PRORES_DECODER) += proresdec2.o proresdsp.o proresdata.o OBJS-$(CONFIG_PRORES_LGPL_DECODER) += proresdec_lgpl.o proresdsp.o proresdata.o OBJS-$(CONFIG_PRORES_ENCODER) += proresenc_anatoliy.o diff --git a/libavcodec/pamenc.c b/libavcodec/pamenc.c index 2421464204..64ab2b5faa 100644 --- a/libavcodec/pamenc.c +++ b/libavcodec/pamenc.c @@ -21,13 +21,11 @@ #include "avcodec.h" #include "internal.h" -#include "pnm.h" - static int pam_encode_frame(AVCodecContext *avctx, AVPacket *pkt, const AVFrame *p, int *got_packet) { - PNMContext *s = avctx->priv_data; + uint8_t *bytestream_start, *bytestream, *bytestream_end; int i, h, w, n, linesize, depth, maxval, ret; const char *tuple_type; uint8_t *ptr; @@ -90,14 +88,14 @@ static int pam_encode_frame(AVCodecContext *avctx, AVPacket *pkt, if ((ret = ff_alloc_packet2(avctx, pkt, n*h + 200)) < 0) return ret; - s->bytestream_start = - s->bytestream = pkt->data; - s->bytestream_end = pkt->data + pkt->size; + bytestream_start = + bytestream = pkt->data; + bytestream_end = pkt->data + pkt->size; - snprintf(s->bytestream, s->bytestream_end - s->bytestream, + snprintf(bytestream, bytestream_end - bytestream, "P7\nWIDTH %d\nHEIGHT %d\nDEPTH %d\nMAXVAL %d\nTUPLTYPE %s\nENDHDR\n", w, h, depth, maxval, tuple_type); - s->bytestream += strlen(s->bytestream); + bytestream += strlen(bytestream); ptr = p->data[0]; linesize = p->linesize[0]; @@ -106,30 +104,48 @@ static int pam_encode_frame(AVCodecContext *avctx, AVPacket *pkt, int j; for (i = 0; i < h; i++) { for (j = 0; j < w; j++) - *s->bytestream++ = ptr[j >> 3] >> (7 - j & 7) & 1; + *bytestream++ = ptr[j >> 3] >> (7 - j & 7) & 1; ptr += linesize; } } else { for (i = 0; i < h; i++) { - memcpy(s->bytestream, ptr, n); - s->bytestream += n; - ptr += linesize; + memcpy(bytestream, ptr, n); + bytestream += n; + ptr += linesize; } } - pkt->size = s->bytestream - s->bytestream_start; + pkt->size = bytestream - bytestream_start; pkt->flags |= AV_PKT_FLAG_KEY; *got_packet = 1; return 0; } +static av_cold int pam_encode_init(AVCodecContext *avctx) +{ + avctx->coded_frame = av_frame_alloc(); + if (!avctx->coded_frame) + return AVERROR(ENOMEM); + + avctx->coded_frame->pict_type = AV_PICTURE_TYPE_I; + avctx->coded_frame->key_frame = 1; + + return 0; +} + +static av_cold int pam_encode_close(AVCodecContext *avctx) +{ + av_frame_free(&avctx->coded_frame); + return 0; +} AVCodec ff_pam_encoder = { .name = "pam", .long_name = NULL_IF_CONFIG_SMALL("PAM (Portable AnyMap) image"), .type = AVMEDIA_TYPE_VIDEO, .id = AV_CODEC_ID_PAM, - .priv_data_size = sizeof(PNMContext), + .init = pam_encode_init, + .close = pam_encode_close, .encode2 = pam_encode_frame, .pix_fmts = (const enum AVPixelFormat[]){ AV_PIX_FMT_RGB24, AV_PIX_FMT_RGBA, AV_PIX_FMT_RGB48BE, AV_PIX_FMT_RGBA64BE, AV_PIX_FMT_GRAY8, AV_PIX_FMT_GRAY8A, AV_PIX_FMT_GRAY16BE, AV_PIX_FMT_MONOBLACK, AV_PIX_FMT_NONE diff --git a/libavcodec/pnmenc.c b/libavcodec/pnmenc.c index 9b2824a104..e6c3635e7b 100644 --- a/libavcodec/pnmenc.c +++ b/libavcodec/pnmenc.c @@ -22,13 +22,11 @@ #include "libavutil/pixdesc.h" #include "avcodec.h" #include "internal.h" -#include "pnm.h" - static int pnm_encode_frame(AVCodecContext *avctx, AVPacket *pkt, const AVFrame *p, int *got_packet) { - PNMContext *s = avctx->priv_data; + uint8_t *bytestream, *bytestream_start, *bytestream_end; int i, h, h1, c, n, linesize, ret; uint8_t *ptr, *ptr1, *ptr2; @@ -37,9 +35,9 @@ static int pnm_encode_frame(AVCodecContext *avctx, AVPacket *pkt, avctx->height) + 200)) < 0) return ret; - s->bytestream_start = - s->bytestream = pkt->data; - s->bytestream_end = pkt->data + pkt->size; + bytestream_start = + bytestream = pkt->data; + bytestream_end = pkt->data + pkt->size; h = avctx->height; h1 = h; @@ -81,22 +79,22 @@ static int pnm_encode_frame(AVCodecContext *avctx, AVPacket *pkt, default: return -1; } - snprintf(s->bytestream, s->bytestream_end - s->bytestream, + snprintf(bytestream, bytestream_end - bytestream, "P%c\n%d %d\n", c, avctx->width, h1); - s->bytestream += strlen(s->bytestream); + bytestream += strlen(bytestream); if (avctx->pix_fmt != AV_PIX_FMT_MONOWHITE) { int maxdepth = (1 << (av_pix_fmt_desc_get(avctx->pix_fmt)->comp[0].depth_minus1 + 1)) - 1; - snprintf(s->bytestream, s->bytestream_end - s->bytestream, + snprintf(bytestream, bytestream_end - bytestream, "%d\n", maxdepth); - s->bytestream += strlen(s->bytestream); + bytestream += strlen(bytestream); } ptr = p->data[0]; linesize = p->linesize[0]; for (i = 0; i < h; i++) { - memcpy(s->bytestream, ptr, n); - s->bytestream += n; - ptr += linesize; + memcpy(bytestream, ptr, n); + bytestream += n; + ptr += linesize; } if (avctx->pix_fmt == AV_PIX_FMT_YUV420P || avctx->pix_fmt == AV_PIX_FMT_YUV420P16BE) { @@ -105,21 +103,38 @@ static int pnm_encode_frame(AVCodecContext *avctx, AVPacket *pkt, ptr1 = p->data[1]; ptr2 = p->data[2]; for (i = 0; i < h; i++) { - memcpy(s->bytestream, ptr1, n); - s->bytestream += n; - memcpy(s->bytestream, ptr2, n); - s->bytestream += n; + memcpy(bytestream, ptr1, n); + bytestream += n; + memcpy(bytestream, ptr2, n); + bytestream += n; ptr1 += p->linesize[1]; ptr2 += p->linesize[2]; } } - pkt->size = s->bytestream - s->bytestream_start; + pkt->size = bytestream - bytestream_start; pkt->flags |= AV_PKT_FLAG_KEY; *got_packet = 1; return 0; } +static av_cold int pnm_encode_init(AVCodecContext *avctx) +{ + avctx->coded_frame = av_frame_alloc(); + if (!avctx->coded_frame) + return AVERROR(ENOMEM); + + avctx->coded_frame->pict_type = AV_PICTURE_TYPE_I; + avctx->coded_frame->key_frame = 1; + + return 0; +} + +static av_cold int pnm_encode_close(AVCodecContext *avctx) +{ + av_frame_free(&avctx->coded_frame); + return 0; +} #if CONFIG_PGM_ENCODER AVCodec ff_pgm_encoder = { @@ -127,7 +142,8 @@ AVCodec ff_pgm_encoder = { .long_name = NULL_IF_CONFIG_SMALL("PGM (Portable GrayMap) image"), .type = AVMEDIA_TYPE_VIDEO, .id = AV_CODEC_ID_PGM, - .priv_data_size = sizeof(PNMContext), + .init = pnm_encode_init, + .close = pnm_encode_close, .encode2 = pnm_encode_frame, .pix_fmts = (const enum AVPixelFormat[]){ AV_PIX_FMT_GRAY8, AV_PIX_FMT_GRAY16BE, AV_PIX_FMT_NONE @@ -141,7 +157,8 @@ AVCodec ff_pgmyuv_encoder = { .long_name = NULL_IF_CONFIG_SMALL("PGMYUV (Portable GrayMap YUV) image"), .type = AVMEDIA_TYPE_VIDEO, .id = AV_CODEC_ID_PGMYUV, - .priv_data_size = sizeof(PNMContext), + .init = pnm_encode_init, + .close = pnm_encode_close, .encode2 = pnm_encode_frame, .pix_fmts = (const enum AVPixelFormat[]){ AV_PIX_FMT_YUV420P, AV_PIX_FMT_YUV420P16BE, AV_PIX_FMT_NONE @@ -155,7 +172,8 @@ AVCodec ff_ppm_encoder = { .long_name = NULL_IF_CONFIG_SMALL("PPM (Portable PixelMap) image"), .type = AVMEDIA_TYPE_VIDEO, .id = AV_CODEC_ID_PPM, - .priv_data_size = sizeof(PNMContext), + .init = pnm_encode_init, + .close = pnm_encode_close, .encode2 = pnm_encode_frame, .pix_fmts = (const enum AVPixelFormat[]){ AV_PIX_FMT_RGB24, AV_PIX_FMT_RGB48BE, AV_PIX_FMT_NONE @@ -169,7 +187,8 @@ AVCodec ff_pbm_encoder = { .long_name = NULL_IF_CONFIG_SMALL("PBM (Portable BitMap) image"), .type = AVMEDIA_TYPE_VIDEO, .id = AV_CODEC_ID_PBM, - .priv_data_size = sizeof(PNMContext), + .init = pnm_encode_init, + .close = pnm_encode_close, .encode2 = pnm_encode_frame, .pix_fmts = (const enum AVPixelFormat[]){ AV_PIX_FMT_MONOWHITE, AV_PIX_FMT_NONE }, From caf7db0c35e81220431369f0881c831a6deddfac Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 9 Dec 2013 13:02:16 +0100 Subject: [PATCH 089/562] Merge commit 'b605b123ef1d3bac0e7c221d8d7fa74cd8c7253c' * commit 'b605b123ef1d3bac0e7c221d8d7fa74cd8c7253c': mxpegdec: use the AVFrame API properly. Merged-by: Michael Niedermayer (cherry picked from commit 8947f47fdfaf7f3a907a334fc65dc724f2fdd23f) Author of the merged code: Anton Khirnov Signed-off-by: Michael Niedermayer --- libavcodec/mxpegdec.c | 51 ++++++++++++++++++++++++------------------- 1 file changed, 29 insertions(+), 22 deletions(-) diff --git a/libavcodec/mxpegdec.c b/libavcodec/mxpegdec.c index 0069ca5885..8eee3b8e9e 100644 --- a/libavcodec/mxpegdec.c +++ b/libavcodec/mxpegdec.c @@ -31,7 +31,7 @@ typedef struct MXpegDecodeContext { MJpegDecodeContext jpg; - AVFrame picture[2]; /* pictures array */ + AVFrame *picture[2]; /* pictures array */ int picture_index; /* index of current picture */ int got_sof_data; /* true if SOF data successfully parsed */ int got_mxm_bitmask; /* true if MXM bitmask available */ @@ -42,11 +42,36 @@ typedef struct MXpegDecodeContext { unsigned mb_width, mb_height; /* size of picture in MB's from MXM header */ } MXpegDecodeContext; +static av_cold int mxpeg_decode_end(AVCodecContext *avctx) +{ + MXpegDecodeContext *s = avctx->priv_data; + MJpegDecodeContext *jpg = &s->jpg; + int i; + + jpg->picture_ptr = NULL; + ff_mjpeg_decode_end(avctx); + + for (i = 0; i < 2; ++i) + av_frame_free(&s->picture[i]); + + av_freep(&s->mxm_bitmask); + av_freep(&s->completion_bitmask); + + return 0; +} + static av_cold int mxpeg_decode_init(AVCodecContext *avctx) { MXpegDecodeContext *s = avctx->priv_data; - s->jpg.picture_ptr = &s->picture[0]; + s->picture[0] = av_frame_alloc(); + s->picture[1] = av_frame_alloc(); + if (!s->picture[0] || !s->picture[1]) { + mxpeg_decode_end(avctx); + return AVERROR(ENOMEM); + } + + s->jpg.picture_ptr = s->picture[0]; return ff_mjpeg_decode_init(avctx); } @@ -260,7 +285,7 @@ static int mxpeg_decode_frame(AVCodecContext *avctx, } if (s->got_mxm_bitmask) { - AVFrame *reference_ptr = &s->picture[s->picture_index ^ 1]; + AVFrame *reference_ptr = s->picture[s->picture_index ^ 1]; if (mxpeg_check_dimensions(s, jpg, reference_ptr) < 0) break; @@ -295,7 +320,7 @@ the_end: *got_frame = 1; s->picture_index ^= 1; - jpg->picture_ptr = &s->picture[s->picture_index]; + jpg->picture_ptr = s->picture[s->picture_index]; if (!s->has_complete_frame) { if (!s->got_mxm_bitmask) @@ -308,24 +333,6 @@ the_end: return buf_ptr - buf; } -static av_cold int mxpeg_decode_end(AVCodecContext *avctx) -{ - MXpegDecodeContext *s = avctx->priv_data; - MJpegDecodeContext *jpg = &s->jpg; - int i; - - jpg->picture_ptr = NULL; - ff_mjpeg_decode_end(avctx); - - for (i = 0; i < 2; ++i) - av_frame_unref(&s->picture[i]); - - av_freep(&s->mxm_bitmask); - av_freep(&s->completion_bitmask); - - return 0; -} - AVCodec ff_mxpeg_decoder = { .name = "mxpeg", .long_name = NULL_IF_CONFIG_SMALL("Mobotix MxPEG video"), From 117728cf8ff98942411eb55f6ccc89351f482717 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 9 Dec 2013 13:19:50 +0100 Subject: [PATCH 090/562] Merge commit 'd351ef47d0e0ccb7de96b37f137c16b2885580ac' * commit 'd351ef47d0e0ccb7de96b37f137c16b2885580ac': pthread_frame: use the AVFrame API properly. Conflicts: libavcodec/pthread_frame.c Merged-by: Michael Niedermayer (cherry picked from commit 45fd4ec9ef2b3a7074c49cdddac6e7dcc127a874) Conflicts: libavcodec/pthread_frame.c Author of the merged code: Anton Khirnov --- libavcodec/pthread.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/libavcodec/pthread.c b/libavcodec/pthread.c index b8beac3ed1..6cf51c87d7 100644 --- a/libavcodec/pthread.c +++ b/libavcodec/pthread.c @@ -95,7 +95,7 @@ typedef struct PerThreadContext { uint8_t *buf; ///< backup storage for packet data when the input packet is not refcounted int allocated_buf_size; ///< Size allocated for buf - AVFrame frame; ///< Output frame (for decoding) or input (for encoding). + AVFrame *frame; ///< Output frame (for decoding) or input (for encoding). int got_frame; ///< The output of got_picture_ptr from the last avcodec_decode_video() call. int result; ///< The result of the last codec decode/encode() call. @@ -340,13 +340,9 @@ static attribute_align_arg void *frame_worker_thread(void *arg) if (!codec->update_thread_context && THREAD_SAFE_CALLBACKS(avctx)) ff_thread_finish_setup(avctx); - avcodec_get_frame_defaults(&p->frame); + av_frame_unref(p->frame); p->got_frame = 0; - p->result = codec->decode(avctx, &p->frame, &p->got_frame, &p->avpkt); - - /* many decoders assign whole AVFrames, thus overwriting extended_data; - * make sure it's set correctly */ - p->frame.extended_data = p->frame.data; + p->result = codec->decode(avctx, p->frame, &p->got_frame, &p->avpkt); if (p->state == STATE_SETTING_UP) ff_thread_finish_setup(avctx); @@ -638,7 +634,7 @@ int ff_thread_decode_frame(AVCodecContext *avctx, pthread_mutex_unlock(&p->progress_mutex); } - av_frame_move_ref(picture, &p->frame); + av_frame_move_ref(picture, p->frame); *got_picture_ptr = p->got_frame; picture->pkt_dts = p->avpkt.dts; @@ -766,7 +762,7 @@ static void frame_thread_free(AVCodecContext *avctx, int thread_count) avctx->codec = NULL; release_delayed_buffers(p); - av_frame_unref(&p->frame); + av_frame_free(&p->frame); } for (i = 0; i < thread_count; i++) { @@ -835,6 +831,12 @@ static int frame_thread_init(AVCodecContext *avctx) pthread_cond_init(&p->progress_cond, NULL); pthread_cond_init(&p->output_cond, NULL); + p->frame = av_frame_alloc(); + if (!p->frame) { + err = AVERROR(ENOMEM); + goto error; + } + p->parent = fctx; p->avctx = copy; @@ -911,7 +913,7 @@ void ff_thread_flush(AVCodecContext *avctx) PerThreadContext *p = &fctx->threads[i]; // Make sure decode flush calls with size=0 won't return old frames p->got_frame = 0; - av_frame_unref(&p->frame); + av_frame_unref(p->frame); release_delayed_buffers(p); } From 9f864bd3247bab3939a317bfbe4444df02349587 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 9 Dec 2013 20:06:39 +0100 Subject: [PATCH 091/562] Merge commit 'd4f1188d1a662fed5347e70016da49e01563e8a8' * commit 'd4f1188d1a662fed5347e70016da49e01563e8a8': dv: use AVFrame API properly Conflicts: libavcodec/dvdec.c Merged-by: Michael Niedermayer (cherry picked from commit 94a849b8b6c3e4a90361485b2e12a9a5c35833a3) Conflicts: libavcodec/dv.h libavcodec/dvdec.c libavcodec/dvenc.c Author of the merged code: Anton Khirnov --- libavcodec/dv.c | 37 +++++++++++++++++++++++-------------- libavcodec/dvdata.h | 2 +- libavcodec/dvdec.c | 42 ++++++++++++++++-------------------------- 3 files changed, 40 insertions(+), 41 deletions(-) diff --git a/libavcodec/dv.c b/libavcodec/dv.c index ba07c71905..fca01fe04f 100644 --- a/libavcodec/dv.c +++ b/libavcodec/dv.c @@ -320,8 +320,6 @@ av_cold int ff_dvvideo_init(AVCodecContext *avctx) }else memcpy(s->dv_zigzag[1], ff_zigzag248_direct, 64); - avcodec_get_frame_defaults(&s->picture); - avctx->coded_frame = &s->picture; s->avctx = avctx; avctx->chroma_sample_location = AVCHROMA_LOC_TOPLEFT; @@ -342,6 +340,10 @@ static av_cold int dvvideo_init_encoder(AVCodecContext *avctx) return AVERROR_PATCHWELCOME; } + avctx->coded_frame = av_frame_alloc(); + if (!avctx->coded_frame) + return AVERROR(ENOMEM); + dv_vlc_map_tableinit(); return ff_dvvideo_init(avctx); @@ -687,12 +689,12 @@ static int dv_encode_video_segment(AVCodecContext *avctx, void *arg) if ((s->sys->pix_fmt == AV_PIX_FMT_YUV420P) || (s->sys->pix_fmt == AV_PIX_FMT_YUV411P && mb_x >= (704 / 8)) || (s->sys->height >= 720 && mb_y != 134)) { - y_stride = s->picture.linesize[0] << 3; + y_stride = s->frame->linesize[0] << 3; } else { y_stride = 16; } - y_ptr = s->picture.data[0] + ((mb_y * s->picture.linesize[0] + mb_x) << 3); - linesize = s->picture.linesize[0]; + y_ptr = s->frame->data[0] + ((mb_y * s->frame->linesize[0] + mb_x) << 3); + linesize = s->frame->linesize[0]; if (s->sys->video_stype == 4) { /* SD 422 */ vs_bit_size += @@ -710,12 +712,12 @@ static int dv_encode_video_segment(AVCodecContext *avctx, void *arg) enc_blk += 4; /* initializing chrominance blocks */ - c_offset = (((mb_y >> (s->sys->pix_fmt == AV_PIX_FMT_YUV420P)) * s->picture.linesize[1] + + c_offset = (((mb_y >> (s->sys->pix_fmt == AV_PIX_FMT_YUV420P)) * s->frame->linesize[1] + (mb_x >> ((s->sys->pix_fmt == AV_PIX_FMT_YUV411P) ? 2 : 1))) << 3); for (j = 2; j; j--) { - uint8_t *c_ptr = s->picture.data[j] + c_offset; - linesize = s->picture.linesize[j]; - y_stride = (mb_y == 134) ? 8 : (s->picture.linesize[j] << 3); + uint8_t *c_ptr = s->frame->data[j] + c_offset; + linesize = s->frame->linesize[j]; + y_stride = (mb_y == 134) ? 8 : (s->frame->linesize[j] << 3); if (s->sys->pix_fmt == AV_PIX_FMT_YUV411P && mb_x >= (704 / 8)) { uint8_t* d; uint8_t* b = scratch; @@ -814,7 +816,7 @@ static inline int dv_write_pack(enum dv_pack_type pack_id, DVVideoContext *c, * compression scheme (if any). */ int apt = (c->sys->pix_fmt == AV_PIX_FMT_YUV420P ? 0 : 1); - int fs = c->picture.top_field_first ? 0x00 : 0x40; + int fs = c->frame->top_field_first ? 0x00 : 0x40; uint8_t aspect = 0; if ((int)(av_q2d(c->avctx->sample_aspect_ratio) * c->avctx->width / c->avctx->height * 10) >= 17) /* 16:9 */ @@ -963,10 +965,10 @@ static int dvvideo_encode_frame(AVCodecContext *c, AVPacket *pkt, if ((ret = ff_alloc_packet2(c, pkt, s->sys->frame_size)) < 0) return ret; - c->pix_fmt = s->sys->pix_fmt; - s->picture = *frame; - s->picture.key_frame = 1; - s->picture.pict_type = AV_PICTURE_TYPE_I; + c->pix_fmt = s->sys->pix_fmt; + s->frame = frame; + c->coded_frame->key_frame = 1; + c->coded_frame->pict_type = AV_PICTURE_TYPE_I; s->buf = pkt->data; c->execute(c, dv_encode_video_segment, s->sys->work_chunks, NULL, @@ -982,6 +984,12 @@ static int dvvideo_encode_frame(AVCodecContext *c, AVPacket *pkt, return 0; } +static int dvvideo_encode_close(AVCodecContext *avctx) +{ + av_frame_free(&avctx->coded_frame); + return 0; +} + AVCodec ff_dvvideo_encoder = { .name = "dvvideo", .long_name = NULL_IF_CONFIG_SMALL("DV (Digital Video)"), @@ -990,6 +998,7 @@ AVCodec ff_dvvideo_encoder = { .priv_data_size = sizeof(DVVideoContext), .init = dvvideo_init_encoder, .encode2 = dvvideo_encode_frame, + .close = dvvideo_encode_close, .capabilities = CODEC_CAP_SLICE_THREADS, .pix_fmts = (const enum AVPixelFormat[]) { AV_PIX_FMT_YUV411P, AV_PIX_FMT_YUV422P, AV_PIX_FMT_YUV420P, AV_PIX_FMT_NONE diff --git a/libavcodec/dvdata.h b/libavcodec/dvdata.h index 97c20e3a1a..448c640bca 100644 --- a/libavcodec/dvdata.h +++ b/libavcodec/dvdata.h @@ -34,7 +34,7 @@ typedef struct DVVideoContext { const DVprofile *sys; - AVFrame picture; + AVFrame *frame; AVCodecContext *avctx; uint8_t *buf; diff --git a/libavcodec/dvdec.c b/libavcodec/dvdec.c index b86926a5a7..4f424fc30e 100644 --- a/libavcodec/dvdec.c +++ b/libavcodec/dvdec.c @@ -258,12 +258,12 @@ static int dv_decode_video_segment(AVCodecContext *avctx, void *arg) if ((s->sys->pix_fmt == AV_PIX_FMT_YUV420P) || (s->sys->pix_fmt == AV_PIX_FMT_YUV411P && mb_x >= (704 / 8)) || (s->sys->height >= 720 && mb_y != 134)) { - y_stride = (s->picture.linesize[0] << ((!is_field_mode[mb_index]) * log2_blocksize)); + y_stride = (s->frame->linesize[0] << ((!is_field_mode[mb_index]) * log2_blocksize)); } else { y_stride = (2 << log2_blocksize); } - y_ptr = s->picture.data[0] + ((mb_y * s->picture.linesize[0] + mb_x) << log2_blocksize); - linesize = s->picture.linesize[0] << is_field_mode[mb_index]; + y_ptr = s->frame->data[0] + ((mb_y * s->frame->linesize[0] + mb_x) << log2_blocksize); + linesize = s->frame->linesize[0] << is_field_mode[mb_index]; mb[0] .idct_put(y_ptr , linesize, block + 0*64); if (s->sys->video_stype == 4) { /* SD 422 */ mb[2].idct_put(y_ptr + (1 << log2_blocksize) , linesize, block + 2*64); @@ -276,19 +276,19 @@ static int dv_decode_video_segment(AVCodecContext *avctx, void *arg) block += 4*64; /* idct_put'ting chrominance */ - c_offset = (((mb_y >> (s->sys->pix_fmt == AV_PIX_FMT_YUV420P)) * s->picture.linesize[1] + + c_offset = (((mb_y >> (s->sys->pix_fmt == AV_PIX_FMT_YUV420P)) * s->frame->linesize[1] + (mb_x >> ((s->sys->pix_fmt == AV_PIX_FMT_YUV411P) ? 2 : 1))) << log2_blocksize); for (j = 2; j; j--) { - uint8_t *c_ptr = s->picture.data[j] + c_offset; + uint8_t *c_ptr = s->frame->data[j] + c_offset; if (s->sys->pix_fmt == AV_PIX_FMT_YUV411P && mb_x >= (704 / 8)) { uint64_t aligned_pixels[64/8]; uint8_t *pixels = (uint8_t*)aligned_pixels; uint8_t *c_ptr1, *ptr1; int x, y; mb->idct_put(pixels, 8, block); - for (y = 0; y < (1 << log2_blocksize); y++, c_ptr += s->picture.linesize[j], pixels += 8) { + for (y = 0; y < (1 << log2_blocksize); y++, c_ptr += s->frame->linesize[j], pixels += 8) { ptr1 = pixels + ((1 << (log2_blocksize))>>1); - c_ptr1 = c_ptr + (s->picture.linesize[j] << log2_blocksize); + c_ptr1 = c_ptr + (s->frame->linesize[j] << log2_blocksize); for (x = 0; x < (1 << FFMAX(log2_blocksize - 1, 0)); x++) { c_ptr[x] = pixels[x]; c_ptr1[x] = ptr1[x]; @@ -297,8 +297,8 @@ static int dv_decode_video_segment(AVCodecContext *avctx, void *arg) block += 64; mb++; } else { y_stride = (mb_y == 134) ? (1 << log2_blocksize) : - s->picture.linesize[j] << ((!is_field_mode[mb_index]) * log2_blocksize); - linesize = s->picture.linesize[j] << is_field_mode[mb_index]; + s->frame->linesize[j] << ((!is_field_mode[mb_index]) * log2_blocksize); + linesize = s->frame->linesize[j] << is_field_mode[mb_index]; (mb++)-> idct_put(c_ptr , linesize, block); block += 64; if (s->sys->bpm == 8) { (mb++)->idct_put(c_ptr + y_stride, linesize, block); block += 64; @@ -327,15 +327,16 @@ static int dvvideo_decode_frame(AVCodecContext *avctx, return -1; /* NOTE: we only accept several full frames */ } - s->picture.key_frame = 1; - s->picture.pict_type = AV_PICTURE_TYPE_I; + s->frame = data; + s->frame->key_frame = 1; + s->frame->pict_type = AV_PICTURE_TYPE_I; avctx->pix_fmt = s->sys->pix_fmt; avctx->time_base = s->sys->time_base; avcodec_set_dimensions(avctx, s->sys->width, s->sys->height); - if ((ret = ff_get_buffer(avctx, &s->picture, 0)) < 0) + if ((ret = ff_get_buffer(avctx, s->frame, 0)) < 0) return ret; - s->picture.interlaced_frame = 1; - s->picture.top_field_first = 0; + s->frame->interlaced_frame = 1; + s->frame->top_field_first = 0; /* Determine the codec's sample_aspect ratio and field order from the packet */ vsc_pack = buf + 80*5 + 48 + 5; @@ -343,7 +344,7 @@ static int dvvideo_decode_frame(AVCodecContext *avctx, apt = buf[4] & 0x07; is16_9 = (vsc_pack[2] & 0x07) == 0x02 || (!apt && (vsc_pack[2] & 0x07) == 0x07); avctx->sample_aspect_ratio = s->sys->sar[is16_9]; - s->picture.top_field_first = !(vsc_pack[3] & 0x40); + s->frame->top_field_first = !(vsc_pack[3] & 0x40); } s->buf = buf; @@ -354,20 +355,10 @@ static int dvvideo_decode_frame(AVCodecContext *avctx, /* return image */ *got_frame = 1; - av_frame_move_ref(data, &s->picture); return s->sys->frame_size; } -static int dvvideo_close(AVCodecContext *c) -{ - DVVideoContext *s = c->priv_data; - - av_frame_unref(&s->picture); - - return 0; -} - AVCodec ff_dvvideo_decoder = { .name = "dvvideo", .long_name = NULL_IF_CONFIG_SMALL("DV (Digital Video)"), @@ -375,7 +366,6 @@ AVCodec ff_dvvideo_decoder = { .id = AV_CODEC_ID_DVVIDEO, .priv_data_size = sizeof(DVVideoContext), .init = ff_dvvideo_init, - .close = dvvideo_close, .decode = dvvideo_decode_frame, .capabilities = CODEC_CAP_DR1 | CODEC_CAP_SLICE_THREADS, .max_lowres = 3, From ed621efb361b83db08a4ea741505660afd60fd30 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 10 Dec 2013 00:50:09 +0100 Subject: [PATCH 092/562] avcodec/libutvideodec: use av_frame_move_ref() AVFrames cannot be copied literally, their definition is in avutil and their extended_data can point to their data[] Signed-off-by: Michael Niedermayer (cherry picked from commit 4c1b4ae1baf77df7150fa8cbcece8057a261e47d) Signed-off-by: Michael Niedermayer --- libavcodec/libutvideodec.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/libutvideodec.cpp b/libavcodec/libutvideodec.cpp index 0fae9f78f4..0bf2abe769 100644 --- a/libavcodec/libutvideodec.cpp +++ b/libavcodec/libutvideodec.cpp @@ -164,7 +164,7 @@ static int utvideo_decode_frame(AVCodecContext *avctx, void *data, } *got_frame = 1; - *(AVFrame *)data = *pic; + av_frame_move_ref((AVFrame*)data, pic); return avpkt->size; } From 304260a5722f45a99e26788ed5475a1fda6cfc17 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 17 Dec 2013 14:03:38 +0100 Subject: [PATCH 093/562] avcodec/utils: implement avcodec_alloc_frame() through av_alloc_frame() This ensures that theres just one AVFrame allocation function and libs dont produce multiple AVFrame variants after a minor lib update Signed-off-by: Michael Niedermayer (cherry picked from commit 5abdda214df53f009434f19b9eb8e1375f2924d9) Signed-off-by: Michael Niedermayer --- libavcodec/utils.c | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index 554b30edbf..c0f47cb67e 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -1071,15 +1071,7 @@ void avcodec_get_frame_defaults(AVFrame *frame) AVFrame *avcodec_alloc_frame(void) { - AVFrame *frame = av_malloc(sizeof(AVFrame)); - - if (frame == NULL) - return NULL; - - frame->extended_data = NULL; - avcodec_get_frame_defaults(frame); - - return frame; + return av_frame_alloc(); } void avcodec_free_frame(AVFrame **frame) From fa220e730786f8a5e1af1dd7e4936e7ba4c6d8c4 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 17 Dec 2013 15:30:20 +0100 Subject: [PATCH 094/562] avcodec/diracdec: avoid depending on sizeof(AVFrame) Signed-off-by: Michael Niedermayer (cherry picked from commit fca7943850ecdc1e67a0275b488768be01867f75) Signed-off-by: Michael Niedermayer --- libavcodec/diracdec.c | 103 +++++++++++++++++++++++------------------- 1 file changed, 57 insertions(+), 46 deletions(-) diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c index 15baf75108..9e2d263b5c 100644 --- a/libavcodec/diracdec.c +++ b/libavcodec/diracdec.c @@ -80,7 +80,7 @@ #define DIVRNDUP(a, b) (((a) + (b) - 1) / (b)) typedef struct { - AVFrame avframe; + AVFrame *avframe; int interpolated[3]; /* 1 if hpel[] is valid */ uint8_t *hpel[3][4]; uint8_t *hpel_base[3][4]; @@ -291,7 +291,7 @@ static DiracFrame *remove_frame(DiracFrame *framelist[], int picnum) int i, remove_idx = -1; for (i = 0; framelist[i]; i++) - if (framelist[i]->avframe.display_picture_number == picnum) { + if (framelist[i]->avframe->display_picture_number == picnum) { remove_pic = framelist[i]; remove_idx = i; } @@ -364,8 +364,8 @@ static void free_sequence_buffers(DiracContext *s) int i, j, k; for (i = 0; i < MAX_FRAMES; i++) { - if (s->all_frames[i].avframe.data[0]) { - av_frame_unref(&s->all_frames[i].avframe); + if (s->all_frames[i].avframe->data[0]) { + av_frame_unref(s->all_frames[i].avframe); memset(s->all_frames[i].interpolated, 0, sizeof(s->all_frames[i].interpolated)); } @@ -393,6 +393,8 @@ static void free_sequence_buffers(DiracContext *s) static av_cold int dirac_decode_init(AVCodecContext *avctx) { DiracContext *s = avctx->priv_data; + int i; + s->avctx = avctx; s->frame_number = -1; @@ -404,6 +406,9 @@ static av_cold int dirac_decode_init(AVCodecContext *avctx) ff_dsputil_init(&s->dsp, avctx); ff_diracdsp_init(&s->diracdsp); + for (i = 0; i < MAX_FRAMES; i++) + s->all_frames[i].avframe = av_frame_alloc(); + return 0; } @@ -417,7 +422,13 @@ static void dirac_decode_flush(AVCodecContext *avctx) static av_cold int dirac_decode_end(AVCodecContext *avctx) { + DiracContext *s = avctx->priv_data; + int i; + dirac_decode_flush(avctx); + for (i = 0; i < MAX_FRAMES; i++) + av_frame_free(&s->all_frames[i].avframe); + return 0; } @@ -1519,8 +1530,8 @@ static void interpolate_refplane(DiracContext *s, DiracFrame *ref, int plane, in just use 8 for everything for the moment */ int i, edge = EDGE_WIDTH/2; - ref->hpel[plane][0] = ref->avframe.data[plane]; - s->dsp.draw_edges(ref->hpel[plane][0], ref->avframe.linesize[plane], width, height, edge, edge, EDGE_TOP | EDGE_BOTTOM); /* EDGE_TOP | EDGE_BOTTOM values just copied to make it build, this needs to be ensured */ + ref->hpel[plane][0] = ref->avframe->data[plane]; + s->dsp.draw_edges(ref->hpel[plane][0], ref->avframe->linesize[plane], width, height, edge, edge, EDGE_TOP | EDGE_BOTTOM); /* EDGE_TOP | EDGE_BOTTOM values just copied to make it build, this needs to be ensured */ /* no need for hpel if we only have fpel vectors */ if (!s->mv_precision) @@ -1528,18 +1539,18 @@ static void interpolate_refplane(DiracContext *s, DiracFrame *ref, int plane, in for (i = 1; i < 4; i++) { if (!ref->hpel_base[plane][i]) - ref->hpel_base[plane][i] = av_malloc((height+2*edge) * ref->avframe.linesize[plane] + 32); + ref->hpel_base[plane][i] = av_malloc((height+2*edge) * ref->avframe->linesize[plane] + 32); /* we need to be 16-byte aligned even for chroma */ - ref->hpel[plane][i] = ref->hpel_base[plane][i] + edge*ref->avframe.linesize[plane] + 16; + ref->hpel[plane][i] = ref->hpel_base[plane][i] + edge*ref->avframe->linesize[plane] + 16; } if (!ref->interpolated[plane]) { s->diracdsp.dirac_hpel_filter(ref->hpel[plane][1], ref->hpel[plane][2], ref->hpel[plane][3], ref->hpel[plane][0], - ref->avframe.linesize[plane], width, height); - s->dsp.draw_edges(ref->hpel[plane][1], ref->avframe.linesize[plane], width, height, edge, edge, EDGE_TOP | EDGE_BOTTOM); - s->dsp.draw_edges(ref->hpel[plane][2], ref->avframe.linesize[plane], width, height, edge, edge, EDGE_TOP | EDGE_BOTTOM); - s->dsp.draw_edges(ref->hpel[plane][3], ref->avframe.linesize[plane], width, height, edge, edge, EDGE_TOP | EDGE_BOTTOM); + ref->avframe->linesize[plane], width, height); + s->dsp.draw_edges(ref->hpel[plane][1], ref->avframe->linesize[plane], width, height, edge, edge, EDGE_TOP | EDGE_BOTTOM); + s->dsp.draw_edges(ref->hpel[plane][2], ref->avframe->linesize[plane], width, height, edge, edge, EDGE_TOP | EDGE_BOTTOM); + s->dsp.draw_edges(ref->hpel[plane][3], ref->avframe->linesize[plane], width, height, edge, edge, EDGE_TOP | EDGE_BOTTOM); } ref->interpolated[plane] = 1; } @@ -1565,7 +1576,7 @@ static int dirac_decode_frame_internal(DiracContext *s) for (comp = 0; comp < 3; comp++) { Plane *p = &s->plane[comp]; - uint8_t *frame = s->current_picture->avframe.data[comp]; + uint8_t *frame = s->current_picture->avframe->data[comp]; /* FIXME: small resolutions */ for (i = 0; i < 4; i++) @@ -1640,7 +1651,7 @@ static int dirac_decode_picture_header(DiracContext *s) GetBitContext *gb = &s->gb; /* [DIRAC_STD] 11.1.1 Picture Header. picture_header() PICTURE_NUM */ - picnum = s->current_picture->avframe.display_picture_number = get_bits_long(gb, 32); + picnum = s->current_picture->avframe->display_picture_number = get_bits_long(gb, 32); av_log(s->avctx,AV_LOG_DEBUG,"PICTURE_NUM: %d\n",picnum); @@ -1659,9 +1670,9 @@ static int dirac_decode_picture_header(DiracContext *s) /* Jordi: this is needed if the referenced picture hasn't yet arrived */ for (j = 0; j < MAX_REFERENCE_FRAMES && refdist; j++) if (s->ref_frames[j] - && FFABS(s->ref_frames[j]->avframe.display_picture_number - refnum) < refdist) { + && FFABS(s->ref_frames[j]->avframe->display_picture_number - refnum) < refdist) { s->ref_pics[i] = s->ref_frames[j]; - refdist = FFABS(s->ref_frames[j]->avframe.display_picture_number - refnum); + refdist = FFABS(s->ref_frames[j]->avframe->display_picture_number - refnum); } if (!s->ref_pics[i] || refdist) @@ -1670,21 +1681,21 @@ static int dirac_decode_picture_header(DiracContext *s) /* if there were no references at all, allocate one */ if (!s->ref_pics[i]) for (j = 0; j < MAX_FRAMES; j++) - if (!s->all_frames[j].avframe.data[0]) { + if (!s->all_frames[j].avframe->data[0]) { s->ref_pics[i] = &s->all_frames[j]; - ff_get_buffer(s->avctx, &s->ref_pics[i]->avframe, AV_GET_BUFFER_FLAG_REF); + ff_get_buffer(s->avctx, s->ref_pics[i]->avframe, AV_GET_BUFFER_FLAG_REF); break; } } /* retire the reference frames that are not used anymore */ - if (s->current_picture->avframe.reference) { + if (s->current_picture->avframe->reference) { retire = picnum + dirac_get_se_golomb(gb); if (retire != picnum) { DiracFrame *retire_pic = remove_frame(s->ref_frames, retire); if (retire_pic) - retire_pic->avframe.reference &= DELAYED_PIC_REF; + retire_pic->avframe->reference &= DELAYED_PIC_REF; else av_log(s->avctx, AV_LOG_DEBUG, "Frame to retire not found\n"); } @@ -1692,7 +1703,7 @@ static int dirac_decode_picture_header(DiracContext *s) /* if reference array is full, remove the oldest as per the spec */ while (add_frame(s->ref_frames, MAX_REFERENCE_FRAMES, s->current_picture)) { av_log(s->avctx, AV_LOG_ERROR, "Reference frame overflow\n"); - remove_frame(s->ref_frames, s->ref_frames[0]->avframe.display_picture_number)->avframe.reference &= DELAYED_PIC_REF; + remove_frame(s->ref_frames, s->ref_frames[0]->avframe->display_picture_number)->avframe->reference &= DELAYED_PIC_REF; } } @@ -1717,7 +1728,7 @@ static int get_delayed_pic(DiracContext *s, AVFrame *picture, int *got_frame) /* find frame with lowest picture number */ for (i = 1; s->delay_frames[i]; i++) - if (s->delay_frames[i]->avframe.display_picture_number < out->avframe.display_picture_number) { + if (s->delay_frames[i]->avframe->display_picture_number < out->avframe->display_picture_number) { out = s->delay_frames[i]; out_idx = i; } @@ -1726,9 +1737,9 @@ static int get_delayed_pic(DiracContext *s, AVFrame *picture, int *got_frame) s->delay_frames[i] = s->delay_frames[i+1]; if (out) { - out->avframe.reference ^= DELAYED_PIC_REF; + out->avframe->reference ^= DELAYED_PIC_REF; *got_frame = 1; - if((ret = av_frame_ref(picture, &out->avframe)) < 0) + if((ret = av_frame_ref(picture, out->avframe)) < 0) return ret; } @@ -1790,14 +1801,14 @@ static int dirac_decode_data_unit(AVCodecContext *avctx, const uint8_t *buf, int /* find an unused frame */ for (i = 0; i < MAX_FRAMES; i++) - if (s->all_frames[i].avframe.data[0] == NULL) + if (s->all_frames[i].avframe->data[0] == NULL) pic = &s->all_frames[i]; if (!pic) { av_log(avctx, AV_LOG_ERROR, "framelist full\n"); return -1; } - avcodec_get_frame_defaults(&pic->avframe); + av_frame_unref(pic->avframe); /* [DIRAC_STD] Defined in 9.6.1 ... */ tmp = parse_code & 0x03; /* [DIRAC_STD] num_refs() */ @@ -1808,16 +1819,16 @@ static int dirac_decode_data_unit(AVCodecContext *avctx, const uint8_t *buf, int s->num_refs = tmp; s->is_arith = (parse_code & 0x48) == 0x08; /* [DIRAC_STD] using_ac() */ s->low_delay = (parse_code & 0x88) == 0x88; /* [DIRAC_STD] is_low_delay() */ - pic->avframe.reference = (parse_code & 0x0C) == 0x0C; /* [DIRAC_STD] is_reference() */ - pic->avframe.key_frame = s->num_refs == 0; /* [DIRAC_STD] is_intra() */ - pic->avframe.pict_type = s->num_refs + 1; /* Definition of AVPictureType in avutil.h */ + pic->avframe->reference = (parse_code & 0x0C) == 0x0C; /* [DIRAC_STD] is_reference() */ + pic->avframe->key_frame = s->num_refs == 0; /* [DIRAC_STD] is_intra() */ + pic->avframe->pict_type = s->num_refs + 1; /* Definition of AVPictureType in avutil.h */ - if ((ret = ff_get_buffer(avctx, &pic->avframe, (parse_code & 0x0C) == 0x0C ? AV_GET_BUFFER_FLAG_REF : 0)) < 0) + if ((ret = ff_get_buffer(avctx, pic->avframe, (parse_code & 0x0C) == 0x0C ? AV_GET_BUFFER_FLAG_REF : 0)) < 0) return ret; s->current_picture = pic; - s->plane[0].stride = pic->avframe.linesize[0]; - s->plane[1].stride = pic->avframe.linesize[1]; - s->plane[2].stride = pic->avframe.linesize[2]; + s->plane[0].stride = pic->avframe->linesize[0]; + s->plane[1].stride = pic->avframe->linesize[1]; + s->plane[2].stride = pic->avframe->linesize[2]; /* [DIRAC_STD] 11.1 Picture parse. picture_parse() */ if (dirac_decode_picture_header(s)) @@ -1833,7 +1844,7 @@ static int dirac_decode_data_unit(AVCodecContext *avctx, const uint8_t *buf, int static int dirac_decode_frame(AVCodecContext *avctx, void *data, int *got_frame, AVPacket *pkt) { DiracContext *s = avctx->priv_data; - DiracFrame *picture = data; + AVFrame *picture = data; uint8_t *buf = pkt->data; int buf_size = pkt->size; int i, data_unit_size, buf_idx = 0; @@ -1841,8 +1852,8 @@ static int dirac_decode_frame(AVCodecContext *avctx, void *data, int *got_frame, /* release unused frames */ for (i = 0; i < MAX_FRAMES; i++) - if (s->all_frames[i].avframe.data[0] && !s->all_frames[i].avframe.reference) { - av_frame_unref(&s->all_frames[i].avframe); + if (s->all_frames[i].avframe->data[0] && !s->all_frames[i].avframe->reference) { + av_frame_unref(s->all_frames[i].avframe); memset(s->all_frames[i].interpolated, 0, sizeof(s->all_frames[i].interpolated)); } @@ -1887,40 +1898,40 @@ static int dirac_decode_frame(AVCodecContext *avctx, void *data, int *got_frame, if (!s->current_picture) return buf_size; - if (s->current_picture->avframe.display_picture_number > s->frame_number) { + if (s->current_picture->avframe->display_picture_number > s->frame_number) { DiracFrame *delayed_frame = remove_frame(s->delay_frames, s->frame_number); - s->current_picture->avframe.reference |= DELAYED_PIC_REF; + s->current_picture->avframe->reference |= DELAYED_PIC_REF; if (add_frame(s->delay_frames, MAX_DELAY, s->current_picture)) { - int min_num = s->delay_frames[0]->avframe.display_picture_number; + int min_num = s->delay_frames[0]->avframe->display_picture_number; /* Too many delayed frames, so we display the frame with the lowest pts */ av_log(avctx, AV_LOG_ERROR, "Delay frame overflow\n"); delayed_frame = s->delay_frames[0]; for (i = 1; s->delay_frames[i]; i++) - if (s->delay_frames[i]->avframe.display_picture_number < min_num) - min_num = s->delay_frames[i]->avframe.display_picture_number; + if (s->delay_frames[i]->avframe->display_picture_number < min_num) + min_num = s->delay_frames[i]->avframe->display_picture_number; delayed_frame = remove_frame(s->delay_frames, min_num); add_frame(s->delay_frames, MAX_DELAY, s->current_picture); } if (delayed_frame) { - delayed_frame->avframe.reference ^= DELAYED_PIC_REF; - if((ret=av_frame_ref(data, &delayed_frame->avframe)) < 0) + delayed_frame->avframe->reference ^= DELAYED_PIC_REF; + if((ret=av_frame_ref(data, delayed_frame->avframe)) < 0) return ret; *got_frame = 1; } - } else if (s->current_picture->avframe.display_picture_number == s->frame_number) { + } else if (s->current_picture->avframe->display_picture_number == s->frame_number) { /* The right frame at the right time :-) */ - if((ret=av_frame_ref(data, &s->current_picture->avframe)) < 0) + if((ret=av_frame_ref(data, s->current_picture->avframe)) < 0) return ret; *got_frame = 1; } if (*got_frame) - s->frame_number = picture->avframe.display_picture_number + 1; + s->frame_number = picture->display_picture_number + 1; return buf_idx; } From 31c52cd442794a6a5450a076dc49a94c57db3e67 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 17 Dec 2013 16:27:36 +0100 Subject: [PATCH 095/562] avcodec/msvideo1enc: drop dependancy on sizeof(AVFrame) Signed-off-by: Michael Niedermayer (cherry picked from commit c81234651f761a44a3e72829fd494211e237069c) Signed-off-by: Michael Niedermayer --- libavcodec/msvideo1enc.c | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/libavcodec/msvideo1enc.c b/libavcodec/msvideo1enc.c index 1da302a019..dd4b72f224 100644 --- a/libavcodec/msvideo1enc.c +++ b/libavcodec/msvideo1enc.c @@ -35,7 +35,6 @@ */ typedef struct Msvideo1EncContext { AVCodecContext *avctx; - AVFrame pic; AVLFG rnd; uint8_t *prev; @@ -67,7 +66,7 @@ static int encode_frame(AVCodecContext *avctx, AVPacket *pkt, const AVFrame *pict, int *got_packet) { Msvideo1EncContext * const c = avctx->priv_data; - AVFrame * const p = &c->pic; + const AVFrame *p = pict; uint16_t *src; uint8_t *prevptr; uint8_t *dst, *buf; @@ -75,12 +74,12 @@ static int encode_frame(AVCodecContext *avctx, AVPacket *pkt, int no_skips = 1; int i, j, k, x, y, ret; int skips = 0; + int quality = 24; if ((ret = ff_alloc_packet2(avctx, pkt, avctx->width*avctx->height*9 + FF_MIN_BUFFER_SIZE)) < 0) return ret; dst= buf= pkt->data; - *p = *pict; if(!c->prev) c->prev = av_malloc(avctx->width * 3 * (avctx->height + 3)); prevptr = c->prev + avctx->width * 3 * (FFALIGN(avctx->height, 4) - 1); @@ -88,7 +87,6 @@ static int encode_frame(AVCodecContext *avctx, AVPacket *pkt, if(c->keyint >= avctx->keyint_min) keyframe = 1; - p->quality = 24; for(y = 0; y < avctx->height; y += 4){ for(x = 0; x < avctx->width; x += 4){ @@ -114,7 +112,7 @@ static int encode_frame(AVCodecContext *avctx, AVPacket *pkt, bestscore += t*t; } } - bestscore /= p->quality; + bestscore /= quality; } // try to find optimal value to fill whole 4x4 block score = 0; @@ -130,7 +128,7 @@ static int encode_frame(AVCodecContext *avctx, AVPacket *pkt, } } } - score /= p->quality; + score /= quality; score += 2; if(score < bestscore){ bestscore = score; @@ -155,7 +153,7 @@ static int encode_frame(AVCodecContext *avctx, AVPacket *pkt, } } } - score /= p->quality; + score /= quality; score += 6; if(score < bestscore){ bestscore = score; @@ -182,7 +180,7 @@ static int encode_frame(AVCodecContext *avctx, AVPacket *pkt, } } } - score /= p->quality; + score /= quality; score += 18; if(score < bestscore){ bestscore = score; @@ -248,8 +246,6 @@ static int encode_frame(AVCodecContext *avctx, AVPacket *pkt, c->keyint = 0; else c->keyint++; - p->pict_type= keyframe ? AV_PICTURE_TYPE_I : AV_PICTURE_TYPE_P; - p->key_frame= keyframe; if (keyframe) pkt->flags |= AV_PKT_FLAG_KEY; pkt->size = dst - buf; *got_packet = 1; @@ -274,8 +270,6 @@ static av_cold int encode_init(AVCodecContext *avctx) return -1; } - avcodec_get_frame_defaults(&c->pic); - avctx->coded_frame = (AVFrame*)&c->pic; avctx->bits_per_coded_sample = 16; c->keyint = avctx->keyint_min; From d2578f81523728f36092859c36b34beb6a4715e1 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 17 Dec 2013 16:27:36 +0100 Subject: [PATCH 096/562] avcodec/mjpegenc: drop dependancy on sizeof(AVFrame) Signed-off-by: Michael Niedermayer (cherry picked from commit 5b3f4b3ef590b1221d44d24345a846c1aa636b69) Conflicts: libavcodec/mjpegenc.c --- libavcodec/mjpegenc.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/libavcodec/mjpegenc.c b/libavcodec/mjpegenc.c index 74817cadc2..fcac6f11c1 100644 --- a/libavcodec/mjpegenc.c +++ b/libavcodec/mjpegenc.c @@ -498,19 +498,23 @@ static int amv_encode_picture(AVCodecContext *avctx, AVPacket *pkt, { MpegEncContext *s = avctx->priv_data; - AVFrame pic = *pic_arg; - int i; + AVFrame *pic; + int i, ret; //CODEC_FLAG_EMU_EDGE have to be cleared if(s->avctx->flags & CODEC_FLAG_EMU_EDGE) return -1; + pic = av_frame_alloc(); + av_frame_ref(pic, pic_arg); //picture should be flipped upside-down for(i=0; i < 3; i++) { - pic.data[i] += (pic.linesize[i] * (s->mjpeg_vsample[i] * (8 * s->mb_height -((s->height/V_MAX)&7)) - 1 )); - pic.linesize[i] *= -1; + pic->data[i] += (pic->linesize[i] * (s->mjpeg_vsample[i] * (8 * s->mb_height -((s->height/V_MAX)&7)) - 1 )); + pic->linesize[i] *= -1; } - return ff_MPV_encode_picture(avctx, pkt, &pic, got_packet); + ret = ff_MPV_encode_picture(avctx, pkt, pic, got_packet); + av_frame_free(&pic); + return ret; } #if CONFIG_MJPEG_ENCODER From 965eb42be03c454c4cee9eca3ac565f5accc1f7e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 17 Dec 2013 16:27:36 +0100 Subject: [PATCH 097/562] avcodec/libopenjpegenc: drop dependancy on sizeof(AVFrame) Signed-off-by: Michael Niedermayer (cherry picked from commit 1458f0647ca0c882cc1c29892ac130a1056a1f47) Signed-off-by: Michael Niedermayer --- libavcodec/libopenjpegenc.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/libavcodec/libopenjpegenc.c b/libavcodec/libopenjpegenc.c index c7769f7a02..8aa2b014b3 100644 --- a/libavcodec/libopenjpegenc.c +++ b/libavcodec/libopenjpegenc.c @@ -480,7 +480,7 @@ static int libopenjpeg_encode_frame(AVCodecContext *avctx, AVPacket *pkt, opj_cio_t *stream = ctx->stream; int cpyresult = 0; int ret, len; - AVFrame gbrframe; + AVFrame *gbrframe; switch (avctx->pix_fmt) { case AV_PIX_FMT_RGB24: @@ -501,18 +501,20 @@ static int libopenjpeg_encode_frame(AVCodecContext *avctx, AVPacket *pkt, case AV_PIX_FMT_GBRP12: case AV_PIX_FMT_GBRP14: case AV_PIX_FMT_GBRP16: - gbrframe = *frame; - gbrframe.data[0] = frame->data[2]; // swap to be rgb - gbrframe.data[1] = frame->data[0]; - gbrframe.data[2] = frame->data[1]; - gbrframe.linesize[0] = frame->linesize[2]; - gbrframe.linesize[1] = frame->linesize[0]; - gbrframe.linesize[2] = frame->linesize[1]; + gbrframe = av_frame_alloc(); + av_frame_ref(gbrframe, frame); + gbrframe->data[0] = frame->data[2]; // swap to be rgb + gbrframe->data[1] = frame->data[0]; + gbrframe->data[2] = frame->data[1]; + gbrframe->linesize[0] = frame->linesize[2]; + gbrframe->linesize[1] = frame->linesize[0]; + gbrframe->linesize[2] = frame->linesize[1]; if (avctx->pix_fmt == AV_PIX_FMT_GBR24P) { - cpyresult = libopenjpeg_copy_unpacked8(avctx, &gbrframe, image); + cpyresult = libopenjpeg_copy_unpacked8(avctx, gbrframe, image); } else { - cpyresult = libopenjpeg_copy_unpacked16(avctx, &gbrframe, image); + cpyresult = libopenjpeg_copy_unpacked16(avctx, gbrframe, image); } + av_frame_free(&gbrframe); break; case AV_PIX_FMT_GRAY8: case AV_PIX_FMT_YUV410P: From ce675bd54a077baaae70610824c241f45ca6f410 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 17 Dec 2013 16:27:36 +0100 Subject: [PATCH 098/562] avcodec/j2kenc: drop dependancy on sizeof(AVFrame) Signed-off-by: Michael Niedermayer (cherry picked from commit 8443b27072a076abb28d7f2f60bc90e1d5c285df) Signed-off-by: Michael Niedermayer --- libavcodec/j2kenc.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/libavcodec/j2kenc.c b/libavcodec/j2kenc.c index d9f5eaf5f4..498c7c022c 100644 --- a/libavcodec/j2kenc.c +++ b/libavcodec/j2kenc.c @@ -60,7 +60,7 @@ typedef struct { typedef struct { AVCodecContext *avctx; - AVFrame picture; + const AVFrame *picture; int width, height; ///< image width and height uint8_t cbps[4]; ///< bits per sample in particular components @@ -390,18 +390,18 @@ static void copy_frame(Jpeg2000EncoderContext *s) for (compno = 0; compno < s->ncomponents; compno++){ Jpeg2000Component *comp = tile->comp + compno; int *dst = comp->i_data; - line = s->picture.data[compno] - + comp->coord[1][0] * s->picture.linesize[compno] + line = s->picture->data[compno] + + comp->coord[1][0] * s->picture->linesize[compno] + comp->coord[0][0]; for (y = comp->coord[1][0]; y < comp->coord[1][1]; y++){ uint8_t *ptr = line; for (x = comp->coord[0][0]; x < comp->coord[0][1]; x++) *dst++ = *ptr++ - (1 << 7); - line += s->picture.linesize[compno]; + line += s->picture->linesize[compno]; } } } else{ - line = s->picture.data[0] + tile->comp[0].coord[1][0] * s->picture.linesize[0] + line = s->picture->data[0] + tile->comp[0].coord[1][0] * s->picture->linesize[0] + tile->comp[0].coord[0][0] * s->ncomponents; i = 0; @@ -412,7 +412,7 @@ static void copy_frame(Jpeg2000EncoderContext *s) tile->comp[compno].i_data[i] = *ptr++ - (1 << 7); } } - line += s->picture.linesize[0]; + line += s->picture->linesize[0]; } } } @@ -927,10 +927,9 @@ static int encode_frame(AVCodecContext *avctx, AVPacket *pkt, s->buf = s->buf_start = pkt->data; s->buf_end = pkt->data + pkt->size; - s->picture = *pict; - avctx->coded_frame= &s->picture; + s->picture = pict; - s->lambda = s->picture.quality * LAMBDA_SCALE; + s->lambda = s->picture->quality * LAMBDA_SCALE; copy_frame(s); reinit(s); From 4d4a10cfa1ecc9381b925b6b6c10d6956c5ec783 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 17 Dec 2013 16:27:36 +0100 Subject: [PATCH 099/562] avcodec/flashsv2enc: drop dependancy on sizeof(AVFrame) Signed-off-by: Michael Niedermayer (cherry picked from commit b8f4410ff60b3a973cd13351d00a1d88eaddfb71) Signed-off-by: Michael Niedermayer --- libavcodec/flashsv2enc.c | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/libavcodec/flashsv2enc.c b/libavcodec/flashsv2enc.c index 2115a46594..436daa4be2 100644 --- a/libavcodec/flashsv2enc.c +++ b/libavcodec/flashsv2enc.c @@ -87,7 +87,6 @@ typedef struct FlashSV2Context { AVCodecContext *avctx; uint8_t *current_frame; uint8_t *key_frame; - AVFrame frame; uint8_t *encbuffer; uint8_t *keybuffer; uint8_t *databuffer; @@ -849,15 +848,12 @@ static int reconfigure_at_keyframe(FlashSV2Context * s, const uint8_t * image, } static int flashsv2_encode_frame(AVCodecContext *avctx, AVPacket *pkt, - const AVFrame *pict, int *got_packet) + const AVFrame *p, int *got_packet) { FlashSV2Context *const s = avctx->priv_data; - AVFrame *const p = &s->frame; int res; int keyframe = 0; - *p = *pict; - if ((res = ff_alloc_packet2(avctx, pkt, s->frame_size + FF_MIN_BUFFER_SIZE)) < 0) return res; @@ -891,18 +887,11 @@ static int flashsv2_encode_frame(AVCodecContext *avctx, AVPacket *pkt, if (keyframe) { new_key_frame(s); - p->pict_type = AV_PICTURE_TYPE_I; - p->key_frame = 1; s->last_key_frame = avctx->frame_number; pkt->flags |= AV_PKT_FLAG_KEY; av_log(avctx, AV_LOG_DEBUG, "Inserting key frame at frame %d\n", avctx->frame_number); - } else { - p->pict_type = AV_PICTURE_TYPE_P; - p->key_frame = 0; } - avctx->coded_frame = p; - pkt->size = res; *got_packet = 1; From e0c3c612eb4238e37f44120c3d20d9b762f9814e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 17 Dec 2013 16:27:36 +0100 Subject: [PATCH 100/562] ffprobe: drop dependancy on sizeof(AVFrame) Signed-off-by: Michael Niedermayer (cherry picked from commit bf1c87ee7ab1b98c1b92172eb1ebd6ad55564ff7) Signed-off-by: Michael Niedermayer --- ffprobe.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/ffprobe.c b/ffprobe.c index 80a286b20a..bb81b53577 100644 --- a/ffprobe.c +++ b/ffprobe.c @@ -1634,7 +1634,7 @@ static int read_interval_packets(WriterContext *w, AVFormatContext *fmt_ctx, const ReadInterval *interval, int64_t *cur_ts) { AVPacket pkt, pkt1; - AVFrame frame; + AVFrame *frame = NULL; int ret = 0, i = 0, frame_count = 0; int64_t start = -INT64_MAX, end = interval->end; int has_start = 0, has_end = interval->has_end && !interval->end_is_offset; @@ -1668,6 +1668,7 @@ static int read_interval_packets(WriterContext *w, AVFormatContext *fmt_ctx, } } + frame = av_frame_alloc(); while (!av_read_frame(fmt_ctx, &pkt)) { if (selected_streams[pkt.stream_index]) { AVRational tb = fmt_ctx->streams[pkt.stream_index]->time_base; @@ -1700,7 +1701,7 @@ static int read_interval_packets(WriterContext *w, AVFormatContext *fmt_ctx, } if (do_read_frames) { pkt1 = pkt; - while (pkt1.size && process_frame(w, fmt_ctx, &frame, &pkt1) > 0); + while (pkt1.size && process_frame(w, fmt_ctx, frame, &pkt1) > 0); } } av_free_packet(&pkt); @@ -1712,10 +1713,11 @@ static int read_interval_packets(WriterContext *w, AVFormatContext *fmt_ctx, for (i = 0; i < fmt_ctx->nb_streams; i++) { pkt.stream_index = i; if (do_read_frames) - while (process_frame(w, fmt_ctx, &frame, &pkt) > 0); + while (process_frame(w, fmt_ctx, frame, &pkt) > 0); } end: + av_frame_free(&frame); if (ret < 0) { av_log(NULL, AV_LOG_ERROR, "Could not read packets in interval "); log_read_interval(interval, NULL, AV_LOG_ERROR); From d05858351094288edff3aef3eae429ba88147278 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 17 Dec 2013 16:27:36 +0100 Subject: [PATCH 101/562] avcodec/libvorbisenc: drop dependancy on sizeof(AVFrame) Signed-off-by: Michael Niedermayer (cherry picked from commit 3c8b085764ed4b036df4a8908a0781dc6d73ee11) Signed-off-by: Michael Niedermayer --- libavcodec/libvorbisenc.c | 1 - 1 file changed, 1 deletion(-) diff --git a/libavcodec/libvorbisenc.c b/libavcodec/libvorbisenc.c index a2faac702b..fd788b77ec 100644 --- a/libavcodec/libvorbisenc.c +++ b/libavcodec/libvorbisenc.c @@ -41,7 +41,6 @@ typedef struct OggVorbisEncContext { AVClass *av_class; /**< class for AVOptions */ - AVFrame frame; vorbis_info vi; /**< vorbis_info used during init */ vorbis_dsp_state vd; /**< DSP state used for analysis */ vorbis_block vb; /**< vorbis_block used for analysis */ From ca22a2dec5613f8deef8661abcaaac8ace31312a Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 17 Dec 2013 16:27:36 +0100 Subject: [PATCH 102/562] avcodec/utils: drop 2 dependancies on sizeof(AVFrame) Signed-off-by: Michael Niedermayer (cherry picked from commit c90f31146e8b1407a4a5808d0d904d85baeed5d4) Signed-off-by: Michael Niedermayer --- libavcodec/utils.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index c0f47cb67e..38fc3d3c8c 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -1716,7 +1716,6 @@ int attribute_align_arg avcodec_encode_audio(AVCodecContext *avctx, const short *samples) { AVPacket pkt; - AVFrame frame0 = { { 0 } }; AVFrame *frame; int ret, samples_size, got_packet; @@ -1725,8 +1724,7 @@ int attribute_align_arg avcodec_encode_audio(AVCodecContext *avctx, pkt.size = buf_size; if (samples) { - frame = &frame0; - avcodec_get_frame_defaults(frame); + frame = av_frame_alloc(); if (avctx->frame_size) { frame->nb_samples = avctx->frame_size; @@ -1737,13 +1735,16 @@ int attribute_align_arg avcodec_encode_audio(AVCodecContext *avctx, if (!av_get_bits_per_sample(avctx->codec_id)) { av_log(avctx, AV_LOG_ERROR, "avcodec_encode_audio() does not " "support this codec\n"); + av_frame_free(&frame); return AVERROR(EINVAL); } nb_samples = (int64_t)buf_size * 8 / (av_get_bits_per_sample(avctx->codec_id) * avctx->channels); - if (nb_samples >= INT_MAX) + if (nb_samples >= INT_MAX) { + av_frame_free(&frame); return AVERROR(EINVAL); + } frame->nb_samples = nb_samples; } @@ -1755,8 +1756,10 @@ int attribute_align_arg avcodec_encode_audio(AVCodecContext *avctx, if ((ret = avcodec_fill_audio_frame(frame, avctx->channels, avctx->sample_fmt, (const uint8_t *)samples, - samples_size, 1)) < 0) + samples_size, 1)) < 0) { + av_frame_free(&frame); return ret; + } /* fabricate frame pts from sample count. * this is needed because the avcodec_encode_audio() API does not have @@ -1783,6 +1786,7 @@ int attribute_align_arg avcodec_encode_audio(AVCodecContext *avctx, if (frame && frame->extended_data != frame->data) av_freep(&frame->extended_data); + av_frame_free(&frame); return ret ? ret : pkt.size; } @@ -2110,7 +2114,7 @@ int attribute_align_arg avcodec_decode_audio3(AVCodecContext *avctx, int16_t *sa int *frame_size_ptr, AVPacket *avpkt) { - AVFrame frame = { { 0 } }; + AVFrame *frame = av_frame_alloc(); int ret, got_frame = 0; if (avctx->get_buffer != avcodec_default_get_buffer) { @@ -2122,26 +2126,27 @@ int attribute_align_arg avcodec_decode_audio3(AVCodecContext *avctx, int16_t *sa avctx->release_buffer = avcodec_default_release_buffer; } - ret = avcodec_decode_audio4(avctx, &frame, &got_frame, avpkt); + ret = avcodec_decode_audio4(avctx, frame, &got_frame, avpkt); if (ret >= 0 && got_frame) { int ch, plane_size; int planar = av_sample_fmt_is_planar(avctx->sample_fmt); int data_size = av_samples_get_buffer_size(&plane_size, avctx->channels, - frame.nb_samples, + frame->nb_samples, avctx->sample_fmt, 1); if (*frame_size_ptr < data_size) { av_log(avctx, AV_LOG_ERROR, "output buffer size is too small for " "the current frame (%d < %d)\n", *frame_size_ptr, data_size); + av_frame_free(&frame); return AVERROR(EINVAL); } - memcpy(samples, frame.extended_data[0], plane_size); + memcpy(samples, frame->extended_data[0], plane_size); if (planar && avctx->channels > 1) { uint8_t *out = ((uint8_t *)samples) + plane_size; for (ch = 1; ch < avctx->channels; ch++) { - memcpy(out, frame.extended_data[ch], plane_size); + memcpy(out, frame->extended_data[ch], plane_size); out += plane_size; } } @@ -2149,6 +2154,7 @@ int attribute_align_arg avcodec_decode_audio3(AVCodecContext *avctx, int16_t *sa } else { *frame_size_ptr = 0; } + av_frame_free(&frame); return ret; } From 88058b4650f59876189648c2ca9e7c5ac3d68905 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 25 Dec 2013 18:32:03 +0100 Subject: [PATCH 103/562] ffprobe: Dont clear AVFrame between uses. The old API required this clearing in the past, the new API does not require it. Fixes memleak Regression introduced by 37a749012aaacc801fe860428417a6d7b81c103f Signed-off-by: Michael Niedermayer (cherry picked from commit 565f786d1da1fea80fcea231550d5d0f174c009a) Signed-off-by: Michael Niedermayer --- ffprobe.c | 1 - 1 file changed, 1 deletion(-) diff --git a/ffprobe.c b/ffprobe.c index bb81b53577..d07a58b1c2 100644 --- a/ffprobe.c +++ b/ffprobe.c @@ -1580,7 +1580,6 @@ static av_always_inline int process_frame(WriterContext *w, AVCodecContext *dec_ctx = fmt_ctx->streams[pkt->stream_index]->codec; int ret = 0, got_frame = 0; - avcodec_get_frame_defaults(frame); if (dec_ctx->codec) { switch (dec_ctx->codec_type) { case AVMEDIA_TYPE_VIDEO: From 89205b637e23c27f43c15e3e60cab29e9bda5a38 Mon Sep 17 00:00:00 2001 From: Nicolas George Date: Sun, 29 Dec 2013 10:33:27 +0100 Subject: [PATCH 104/562] lavc/ffwavesynth: fix dependency sizeof(AVFrame). (cherry picked from commit bcfcb8b8524dfcc1c37d520ccf3fba3b3a4c104d) Signed-off-by: Michael Niedermayer --- libavcodec/ffwavesynth.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/libavcodec/ffwavesynth.c b/libavcodec/ffwavesynth.c index a62746d61c..4a5031a8ca 100644 --- a/libavcodec/ffwavesynth.c +++ b/libavcodec/ffwavesynth.c @@ -93,7 +93,6 @@ struct wavesynth_context { int64_t cur_ts; int64_t next_ts; int32_t *sin; - AVFrame frame; struct ws_interval *inter; uint32_t dither_state; uint32_t pink_state; @@ -341,8 +340,6 @@ static av_cold int wavesynth_init(AVCodecContext *avc) ws->pink_need += ws->inter[i].type == WS_NOISE; ws->pink_state = MKTAG('P','I','N','K'); ws->pink_pos = PINK_UNIT; - avcodec_get_frame_defaults(&ws->frame); - avc->coded_frame = &ws->frame; wavesynth_seek(ws, 0); avc->sample_fmt = AV_SAMPLE_FMT_S16; return 0; @@ -428,6 +425,7 @@ static int wavesynth_decode(AVCodecContext *avc, void *rframe, int *rgot_frame, AVPacket *packet) { struct wavesynth_context *ws = avc->priv_data; + AVFrame *frame = rframe; int64_t ts; int duration; int s, c, r; @@ -443,11 +441,11 @@ static int wavesynth_decode(AVCodecContext *avc, void *rframe, int *rgot_frame, duration = AV_RL32(packet->data + 8); if (duration <= 0) return AVERROR(EINVAL); - ws->frame.nb_samples = duration; - r = ff_get_buffer(avc, &ws->frame, 0); + frame->nb_samples = duration; + r = ff_get_buffer(avc, frame, 0); if (r < 0) return r; - pcm = (int16_t *)ws->frame.data[0]; + pcm = (int16_t *)frame->data[0]; for (s = 0; s < duration; s++, ts++) { memset(channels, 0, avc->channels * sizeof(*channels)); if (ts >= ws->next_ts) @@ -458,7 +456,6 @@ static int wavesynth_decode(AVCodecContext *avc, void *rframe, int *rgot_frame, } ws->cur_ts += duration; *rgot_frame = 1; - *(AVFrame *)rframe = ws->frame; return packet->size; } From a6ba0f7be91fcb4738d226b3b100a4750baf4340 Mon Sep 17 00:00:00 2001 From: Nicolas George Date: Sun, 29 Dec 2013 10:37:58 +0100 Subject: [PATCH 105/562] ffprobe: check av_frame_alloc() failure. (cherry picked from commit a55692a96099c40aabb25e1443890be99f9c845c) Signed-off-by: Michael Niedermayer --- ffprobe.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ffprobe.c b/ffprobe.c index d07a58b1c2..a7aef02ebf 100644 --- a/ffprobe.c +++ b/ffprobe.c @@ -1668,6 +1668,10 @@ static int read_interval_packets(WriterContext *w, AVFormatContext *fmt_ctx, } frame = av_frame_alloc(); + if (!frame) { + ret = AVERROR(ENOMEM); + goto end; + } while (!av_read_frame(fmt_ctx, &pkt)) { if (selected_streams[pkt.stream_index]) { AVRational tb = fmt_ctx->streams[pkt.stream_index]->time_base; From 4d70639d536da0574abeffc792d8f36e1fa62655 Mon Sep 17 00:00:00 2001 From: Nicolas George Date: Sun, 29 Dec 2013 10:42:54 +0100 Subject: [PATCH 106/562] lavc/utils: check av_frame_alloc() failure. (cherry picked from commit 38004051b53ddecb518053e6dadafa9adc4fc1b2) Signed-off-by: Michael Niedermayer --- libavcodec/utils.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index 38fc3d3c8c..25bb24580f 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -1725,6 +1725,8 @@ int attribute_align_arg avcodec_encode_audio(AVCodecContext *avctx, if (samples) { frame = av_frame_alloc(); + if (!frame) + return AVERROR(ENOMEM); if (avctx->frame_size) { frame->nb_samples = avctx->frame_size; @@ -2117,6 +2119,8 @@ int attribute_align_arg avcodec_decode_audio3(AVCodecContext *avctx, int16_t *sa AVFrame *frame = av_frame_alloc(); int ret, got_frame = 0; + if (!frame) + return AVERROR(ENOMEM); if (avctx->get_buffer != avcodec_default_get_buffer) { av_log(avctx, AV_LOG_ERROR, "Custom get_buffer() for use with" "avcodec_decode_audio3() detected. Overriding with avcodec_default_get_buffer\n"); From 4c3cd8814411aa20544f2baef72b5f3d4485a99c Mon Sep 17 00:00:00 2001 From: Nicolas George Date: Sun, 29 Dec 2013 10:49:01 +0100 Subject: [PATCH 107/562] lavc/diracdec: check av_frame_alloc() failure. (cherry picked from commit a91394f4de63ae5c2e21c548045b79393ca7fea1) Signed-off-by: Michael Niedermayer --- libavcodec/diracdec.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c index 9e2d263b5c..4990659812 100644 --- a/libavcodec/diracdec.c +++ b/libavcodec/diracdec.c @@ -406,8 +406,14 @@ static av_cold int dirac_decode_init(AVCodecContext *avctx) ff_dsputil_init(&s->dsp, avctx); ff_diracdsp_init(&s->diracdsp); - for (i = 0; i < MAX_FRAMES; i++) + for (i = 0; i < MAX_FRAMES; i++) { s->all_frames[i].avframe = av_frame_alloc(); + if (!s->all_frames[i].avframe) { + while (i > 0) + av_frame_free(&s->all_frames[--i].avframe); + return AVERROR(ENOMEM); + } + } return 0; } From 4b25b5a8a3c0f17f4821e0a943d47ca9781da8d2 Mon Sep 17 00:00:00 2001 From: Nicolas George Date: Sun, 29 Dec 2013 10:50:24 +0100 Subject: [PATCH 108/562] lavc/libopenjpegenc: check av_frame_alloc() failure. (cherry picked from commit 97af2faaba70c866ae4c11459a79a16d4a014530) Signed-off-by: Michael Niedermayer --- libavcodec/libopenjpegenc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/libopenjpegenc.c b/libavcodec/libopenjpegenc.c index 8aa2b014b3..6c5aab14ee 100644 --- a/libavcodec/libopenjpegenc.c +++ b/libavcodec/libopenjpegenc.c @@ -502,6 +502,8 @@ static int libopenjpeg_encode_frame(AVCodecContext *avctx, AVPacket *pkt, case AV_PIX_FMT_GBRP14: case AV_PIX_FMT_GBRP16: gbrframe = av_frame_alloc(); + if (!gbrframe) + return AVERROR(ENOMEM); av_frame_ref(gbrframe, frame); gbrframe->data[0] = frame->data[2]; // swap to be rgb gbrframe->data[1] = frame->data[0]; From 9189a0a71ba4bcdb4d5ddbe9561aeda18ecee594 Mon Sep 17 00:00:00 2001 From: Nicolas George Date: Sun, 29 Dec 2013 10:52:19 +0100 Subject: [PATCH 109/562] lavc/mjpegenc: check av_frame_alloc() failure. (cherry picked from commit 19a2d101acc0260bb310e79010a8491b10716189) Signed-off-by: Michael Niedermayer --- libavcodec/mjpegenc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/mjpegenc.c b/libavcodec/mjpegenc.c index fcac6f11c1..8963289456 100644 --- a/libavcodec/mjpegenc.c +++ b/libavcodec/mjpegenc.c @@ -506,6 +506,8 @@ static int amv_encode_picture(AVCodecContext *avctx, AVPacket *pkt, return -1; pic = av_frame_alloc(); + if (!pic) + return AVERROR(ENOMEM); av_frame_ref(pic, pic_arg); //picture should be flipped upside-down for(i=0; i < 3; i++) { From 3dae9d13e51c4b0a8b181e4f0a2b460e8465eeec Mon Sep 17 00:00:00 2001 From: Nicolas George Date: Sun, 29 Dec 2013 10:54:32 +0100 Subject: [PATCH 110/562] lavc/mjpegenc: use proper error codes. (cherry picked from commit 2ebaadf35c9387610ca1eb7e94c171050562a77c) Signed-off-by: Michael Niedermayer --- libavcodec/mjpegenc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavcodec/mjpegenc.c b/libavcodec/mjpegenc.c index 8963289456..eea4183b52 100644 --- a/libavcodec/mjpegenc.c +++ b/libavcodec/mjpegenc.c @@ -46,12 +46,12 @@ av_cold int ff_mjpeg_encode_init(MpegEncContext *s) if (s->width > 65500 || s->height > 65500) { av_log(s, AV_LOG_ERROR, "JPEG does not support resolutions above 65500x65500\n"); - return -1; + return AVERROR(EINVAL); } m = av_malloc(sizeof(MJpegContext)); if (!m) - return -1; + return AVERROR(ENOMEM); s->min_qcoeff=-1023; s->max_qcoeff= 1023; @@ -503,7 +503,7 @@ static int amv_encode_picture(AVCodecContext *avctx, AVPacket *pkt, //CODEC_FLAG_EMU_EDGE have to be cleared if(s->avctx->flags & CODEC_FLAG_EMU_EDGE) - return -1; + return AVERROR(EINVAL); pic = av_frame_alloc(); if (!pic) From 4b0cecb457c7eda2baf0264b97d9038bdfb531da Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 6 Jan 2014 02:51:20 +0100 Subject: [PATCH 111/562] avcodec/hevc_ps: check that VPS referenced from SPS exists This matches how its done for SPS/PPS. An alternative to this is to check it when its used. Fixes null pointer dereference Fixes: signal_sigsegv_e30a43_1437_CIP_A_Panasonic_3.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit d66bab0a69ac1860e78dd951ad8db1a507e75642) Signed-off-by: Michael Niedermayer --- libavcodec/hevc_ps.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c index 4318af01e8..529bf905f6 100644 --- a/libavcodec/hevc_ps.c +++ b/libavcodec/hevc_ps.c @@ -621,6 +621,12 @@ int ff_hevc_decode_nal_sps(HEVCContext *s) goto err; } + if (!s->vps_list[sps->vps_id]) { + av_log(s->avctx, AV_LOG_ERROR, "VPS does not exist \n"); + ret = AVERROR_INVALIDDATA; + goto err; + } + sps->max_sub_layers = get_bits(gb, 3) + 1; if (sps->max_sub_layers > MAX_SUB_LAYERS) { av_log(s->avctx, AV_LOG_ERROR, "sps_max_sub_layers out of range: %d\n", From 908b951b4e945eb0ba373548ff5921c547cec0fd Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 6 Jan 2014 02:51:20 +0100 Subject: [PATCH 112/562] avcodec/hevc: Fix modulo operations Fixes qp fields becoming out of range Fixes: asan_static-oob_e393a3_6998_WPP_A_ericsson_MAIN10_2.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 4ced5d7780fea2ea49444d6686d26f26b3a2160f) Conflicts: libavcodec/hevc_filter.c --- libavcodec/hevc.c | 4 ++-- libavcodec/hevc_filter.c | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c index 011b1ee216..2f7c5b6df1 100644 --- a/libavcodec/hevc.c +++ b/libavcodec/hevc.c @@ -636,8 +636,8 @@ static int hls_slice_header(HEVCContext *s) s->HEVClc->first_qp_group = !s->sh.dependent_slice_segment_flag; if (!s->pps->cu_qp_delta_enabled_flag) - s->HEVClc->qp_y = ((s->sh.slice_qp + 52 + 2 * s->sps->qp_bd_offset) % - (52 + s->sps->qp_bd_offset)) - s->sps->qp_bd_offset; + s->HEVClc->qp_y = FFUMOD(s->sh.slice_qp + 52 + 2 * s->sps->qp_bd_offset, + 52 + s->sps->qp_bd_offset) - s->sps->qp_bd_offset; s->slice_initialized = 1; diff --git a/libavcodec/hevc_filter.c b/libavcodec/hevc_filter.c index 0a6d7c9fb5..d040406008 100644 --- a/libavcodec/hevc_filter.c +++ b/libavcodec/hevc_filter.c @@ -155,7 +155,8 @@ void ff_hevc_set_qPy(HEVCContext *s, int xC, int yC, int xBase, int yBase, int l if (s->HEVClc->tu.cu_qp_delta != 0) { int off = s->sps->qp_bd_offset; - s->HEVClc->qp_y = ((qp_y + s->HEVClc->tu.cu_qp_delta + 52 + 2 * off) % (52 + off)) - off; + s->HEVClc->qp_y = FFUMOD(qp_y + s->HEVClc->tu.cu_qp_delta + 52 + 2 * off, + 52 + off) - off; } else s->HEVClc->qp_y = qp_y; } From 5e21989de4c8b4892d6c0c0d897515862533ce7e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 25 Nov 2013 19:45:43 +0100 Subject: [PATCH 113/562] Revert "Merge remote-tracking branch 'qatar/master'" (43dec5ef9a360c9ffac3278f464832bd99af0cb0) Fixes out of array accesses Fixes asan_static-oob_eb9812_5961_iv41.avi This reverts the merge of c9ef6b09326a24010bf86d6b0d19cfa42df4d546 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit c3d5cd1ebfba8fe36a0da7fad47df7fdf9c4ccd0) Signed-off-by: Michael Niedermayer --- libavcodec/indeo4.c | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/libavcodec/indeo4.c b/libavcodec/indeo4.c index df878c5905..0774f82ce5 100644 --- a/libavcodec/indeo4.c +++ b/libavcodec/indeo4.c @@ -284,6 +284,7 @@ static int decode_band_hdr(IVI45DecContext *ctx, IVIBandDesc *band, { int plane, band_num, indx, transform_id, scan_indx; int i; + int quant_mat; plane = get_bits(&ctx->gb, 2); band_num = get_bits(&ctx->gb, 4); @@ -382,18 +383,17 @@ static int decode_band_hdr(IVI45DecContext *ctx, IVIBandDesc *band, band->scan = scan_index_to_tab[scan_indx]; band->scan_size = band->blk_size; - band->quant_mat = get_bits(&ctx->gb, 5); - if (band->quant_mat >= FF_ARRAY_ELEMS(quant_index_to_tab)) { - - if (band->quant_mat == 31) - av_log(avctx, AV_LOG_ERROR, - "Custom quant matrix encountered!\n"); - else - avpriv_request_sample(avctx, "Quantization matrix %d", - band->quant_mat); - band->quant_mat = -1; + quant_mat = get_bits(&ctx->gb, 5); + if (quant_mat == 31) { + av_log(avctx, AV_LOG_ERROR, "Custom quant matrix encountered!\n"); return AVERROR_INVALIDDATA; } + if (quant_mat >= FF_ARRAY_ELEMS(quant_index_to_tab)) { + avpriv_request_sample(avctx, "Quantization matrix %d", + quant_mat); + return AVERROR_INVALIDDATA; + } + band->quant_mat = quant_mat; } else { if (old_blk_size != band->blk_size) { av_log(avctx, AV_LOG_ERROR, @@ -401,10 +401,6 @@ static int decode_band_hdr(IVI45DecContext *ctx, IVIBandDesc *band, "inherited\n"); return AVERROR_INVALIDDATA; } - if (band->quant_mat < 0) { - av_log(avctx, AV_LOG_ERROR, "Invalid quant_mat inherited\n"); - return AVERROR_INVALIDDATA; - } } if (quant_index_to_tab[band->quant_mat] > 4 && band->blk_size == 4) { av_log(avctx, AV_LOG_ERROR, "Invalid quant matrix for 4x4 block encountered!\n"); From c094aec76e291dccf46239a2e221f16d695452d1 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 25 Nov 2013 23:16:17 +0100 Subject: [PATCH 114/562] avcodec/ac3dec: check bap before use. Fixes out of array read Fixes assertion failure Fixes asan_static-oob_16431c0_8036_rio_bravo_mono_64_spx.ac3 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 4782c4284fa3856a9b6910fe5ff6e4fb1c65b58c) Signed-off-by: Michael Niedermayer --- libavcodec/ac3dec.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/ac3dec.c b/libavcodec/ac3dec.c index f91ded0fcb..2acd20949c 100644 --- a/libavcodec/ac3dec.c +++ b/libavcodec/ac3dec.c @@ -488,6 +488,10 @@ static void ac3_decode_transform_coeffs_ch(AC3DecodeContext *s, int ch_index, ma break; default: /* 6 to 15 */ /* Shift mantissa and sign-extend it. */ + if (bap > 15) { + av_log(s->avctx, AV_LOG_ERROR, "bap %d is invalid in plain AC-3\n", bap); + bap = 15; + } mantissa = get_sbits(gbc, quantization_tab[bap]); mantissa <<= 24 - quantization_tab[bap]; break; From 413065aff4efdc895ec2b4f5e9beedcc6b07376d Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 26 Nov 2013 21:53:47 +0100 Subject: [PATCH 115/562] avcodec/g2meet: check available space before copying palette Fixes out of array read Fixes: asan_heap-uaf_ae6067_5415_g2m4.wmv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 6d9dad6a7cb5d544d540abf941fedbd34c14d2bd) Signed-off-by: Michael Niedermayer --- libavcodec/g2meet.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/g2meet.c b/libavcodec/g2meet.c index b342ae7262..452cd7c7bb 100644 --- a/libavcodec/g2meet.c +++ b/libavcodec/g2meet.c @@ -375,6 +375,8 @@ static int kempf_decode_tile(G2MContext *c, int tile_x, int tile_y, src += 3; } npal = *src++ + 1; + if (src_end - src < npal * 3) + return AVERROR_INVALIDDATA; memcpy(pal, src, npal * 3); src += npal * 3; if (sub_type != 2) { for (i = 0; i < npal; i++) { From dcecca07585fce8716bdf73dab034a05dadb58cb Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 27 Nov 2013 17:04:05 +0100 Subject: [PATCH 116/562] avutil/log: check that len is within the buffer before reading it Fixes out of array read Fixes: asan_heap-oob_19d6979_6857_mmw_deadzy.ogg Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 808c10e728db2d92ccbb0f8b3bcd4a2f4305a2cf) Signed-off-by: Michael Niedermayer --- libavutil/log.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavutil/log.c b/libavutil/log.c index fa65b9f02f..03fb30ec75 100644 --- a/libavutil/log.c +++ b/libavutil/log.c @@ -203,7 +203,7 @@ static void format_line(void *ptr, int level, const char *fmt, va_list vl, av_vbprintf(part+2, fmt, vl); if(*part[0].str || *part[1].str || *part[2].str) { - char lastc = part[2].len ? part[2].str[part[2].len - 1] : 0; + char lastc = part[2].len && part[2].len <= part[2].size ? part[2].str[part[2].len - 1] : 0; *print_prefix = lastc == '\n' || lastc == '\r'; } } From 69aa3d5b88ecb1e57d1d1f508f1f141514bc7526 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 31 Dec 2013 15:18:47 +0100 Subject: [PATCH 117/562] avcodec/hevc: clear HEVClc when its deallocated in hevc_decode_free() Fixes reading freed memory Fixes: asan_heap-uaf_1abf8ef_3987_NUT_A_ericsson_4.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 21a2fb7e0579703fdea96f659498ef8b1f243289) Signed-off-by: Michael Niedermayer --- libavcodec/hevc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c index 2f7c5b6df1..a16b045a35 100644 --- a/libavcodec/hevc.c +++ b/libavcodec/hevc.c @@ -2624,6 +2624,8 @@ static av_cold int hevc_decode_free(AVCodecContext *avctx) av_freep(&s->sList[i]); } } + if (s->HEVClc == s->HEVClcList[0]) + s->HEVClc = NULL; av_freep(&s->HEVClcList[0]); for (i = 0; i < s->nals_allocated; i++) From 898ab02557b0f9a3d6245b72c3d454f1417f7e3f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 22 Nov 2013 15:08:04 +0100 Subject: [PATCH 118/562] avformat/avidec: Dont assert the existence of an index for video streams. Its possible in various rare cases that an index cannot be created or allocated. Fixes assertion failure Fixes: signal_sigabrt_7ffff7126425_7712_pokem.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 7865759409b27089b444bc029b2b76b06161b2cf) Signed-off-by: Michael Niedermayer --- libavformat/avidec.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libavformat/avidec.c b/libavformat/avidec.c index 1a40e94c82..81f4b18427 100644 --- a/libavformat/avidec.c +++ b/libavformat/avidec.c @@ -1306,10 +1306,9 @@ FF_ENABLE_DEPRECATION_WARNINGS size); pkt->stream_index = avi->stream_index; - if (st->codec->codec_type == AVMEDIA_TYPE_VIDEO) { + if (st->codec->codec_type == AVMEDIA_TYPE_VIDEO && st->index_entries) { AVIndexEntry *e; int index; - av_assert0(st->index_entries); index = av_index_search_timestamp(st, ast->frame_offset, 0); e = &st->index_entries[index]; From d1a91958631754359566c73aaf9a296a0710796a Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 22 Nov 2013 16:51:07 +0100 Subject: [PATCH 119/562] avcodec/mjpegdec: check len in mjpeg_decode_app() more completely Avoids len from becoming negative and causing assertion failure Fixes: signal_sigabrt_7ffff7126425_5140_fd44dc63fa7bdd12ee34fc602231ef02.jpg Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 6060234d43dcf0b5200cdd7dbd2f1542146827eb) Signed-off-by: Michael Niedermayer --- libavcodec/mjpegdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index f4e082f05b..398d758a8c 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -1444,7 +1444,7 @@ static int mjpeg_decode_app(MJpegDecodeContext *s) int len, id, i; len = get_bits(&s->gb, 16); - if (len < 5) + if (len < 6) return AVERROR_INVALIDDATA; if (8 * len > get_bits_left(&s->gb)) return AVERROR_INVALIDDATA; @@ -1558,7 +1558,7 @@ static int mjpeg_decode_app(MJpegDecodeContext *s) } /* EXIF metadata */ - if (s->start_code == APP1 && id == AV_RB32("Exif")) { + if (s->start_code == APP1 && id == AV_RB32("Exif") && len >= 2) { GetByteContext gbytes; int ret, le, ifd_offset, bytes_read; const uint8_t *aligned; From 2864c987d8ce1aa1d4875ecdfb97b3d73ab4d550 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 22 Nov 2013 19:47:34 +0100 Subject: [PATCH 120/562] avformat/ipmovie: check OPCODE_INIT_VIDEO_BUFFERS size more completely Fixes use of uninitialized data Fixes: signal_sigsegv_1571228_5930_ipmovie_interplayvideo_interplay_dpcm__bislogo.mve Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 2e97e244097c309571b383dd107252404ebb3326) Signed-off-by: Michael Niedermayer --- libavformat/ipmovie.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/ipmovie.c b/libavformat/ipmovie.c index 676363b628..368c05922d 100644 --- a/libavformat/ipmovie.c +++ b/libavformat/ipmovie.c @@ -376,7 +376,7 @@ static int process_ipmovie_chunk(IPMVEContext *s, AVIOContext *pb, case OPCODE_INIT_VIDEO_BUFFERS: av_dlog(NULL, "initialize video buffers\n"); - if ((opcode_version > 2) || (opcode_size > 8)) { + if ((opcode_version > 2) || (opcode_size > 8) || opcode_size < 4) { av_dlog(NULL, "bad init_video_buffers opcode\n"); chunk_type = CHUNK_BAD; break; From 580d3ef6fea356785496b9b06798b7aa7080c0ea Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 22 Nov 2013 20:09:03 +0100 Subject: [PATCH 121/562] avformat/mov: Check that we have a stream before accessing it in mov_read_ares() Fixes out of array read Fixes: signal_sigsegv_6f1855_3910_avid_test_alpha.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit a7f27453f64d9020b92b01687baeb5909c6cdad0) Signed-off-by: Michael Niedermayer --- libavformat/mov.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index eec8485b65..c5d4dcbed6 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -1042,15 +1042,17 @@ static int mov_read_targa_y216(MOVContext *c, AVIOContext *pb, MOVAtom atom) static int mov_read_ares(MOVContext *c, AVIOContext *pb, MOVAtom atom) { - AVCodecContext *codec = c->fc->streams[c->fc->nb_streams-1]->codec; - if (codec->codec_tag == MKTAG('A', 'V', 'i', 'n') && - codec->codec_id == AV_CODEC_ID_H264 && - atom.size > 11) { - avio_skip(pb, 10); - /* For AVID AVCI50, force width of 1440 to be able to select the correct SPS and PPS */ - if (avio_rb16(pb) == 0xd4d) - codec->width = 1440; - return 0; + if (c->fc->nb_streams >= 1) { + AVCodecContext *codec = c->fc->streams[c->fc->nb_streams-1]->codec; + if (codec->codec_tag == MKTAG('A', 'V', 'i', 'n') && + codec->codec_id == AV_CODEC_ID_H264 && + atom.size > 11) { + avio_skip(pb, 10); + /* For AVID AVCI50, force width of 1440 to be able to select the correct SPS and PPS */ + if (avio_rb16(pb) == 0xd4d) + codec->width = 1440; + return 0; + } } return mov_read_avid(c, pb, atom); From de14fe7e297f1e73223a9594e1fb3ff4fc7b529e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 8 Jan 2014 04:49:50 +0100 Subject: [PATCH 122/562] avformat/mxfdec: detect loops during header parsing The header parser uses forward and backward parsing, making the bulletproof prevention of loops difficult, thus this simple detection code. If someone improves the forward/backward parsing so it cannot loop then this commit should be reverted Fixes Ticket3278 Signed-off-by: Michael Niedermayer (cherry picked from commit 1c010fd035c1a14dc73827b84f21f593e969a5d6) --- libavformat/mxfdec.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index d0cbeead96..3d87e963dd 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -2005,6 +2005,8 @@ static int mxf_read_header(AVFormatContext *s) MXFContext *mxf = s->priv_data; KLVPacket klv; int64_t essence_offset = 0; + int64_t last_pos = -1; + uint64_t last_pos_index = 1; int ret; mxf->last_forward_tell = INT64_MAX; @@ -2022,7 +2024,12 @@ static int mxf_read_header(AVFormatContext *s) while (!url_feof(s->pb)) { const MXFMetadataReadTableEntry *metadata; - + if (avio_tell(s->pb) == last_pos) { + av_log(mxf->fc, AV_LOG_ERROR, "MXF structure loop detected\n"); + return AVERROR_INVALIDDATA; + } + if ((1ULL<<61) % last_pos_index++ == 0) + last_pos = avio_tell(s->pb); if (klv_read_packet(&klv, s->pb) < 0) { /* EOF - seek to previous partition or stop */ if(mxf_parse_handle_partition_or_eof(mxf) <= 0) From a48440d85737bcf23697780c4164acb7d60d6c59 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Tue, 7 Jan 2014 22:49:05 +0100 Subject: [PATCH 123/562] Use the h264 parser when decoding VSSH in avi. Fixes ticket #3261 visually. Analyzed-by: Michael Doilnitsyn (cherry picked from commit 94cf4f8bac12c58e30ce3b5d72cf5898baafe9a8) --- libavformat/avidec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/avidec.c b/libavformat/avidec.c index 81f4b18427..10116bd2a7 100644 --- a/libavformat/avidec.c +++ b/libavformat/avidec.c @@ -685,6 +685,8 @@ static int avi_read_header(AVFormatContext *s) /* This is needed to get the pict type which is necessary * for generating correct pts. */ st->need_parsing = AVSTREAM_PARSE_HEADERS; + if (st->codec->codec_tag == MKTAG('V', 'S', 'S', 'H')) + st->need_parsing = AVSTREAM_PARSE_FULL; if (st->codec->codec_tag == 0 && st->codec->height > 0 && st->codec->extradata_size < 1U << 30) { From d45a724192d889a8ac192424d5210c3772c2e59f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 9 Jan 2014 04:02:58 +0100 Subject: [PATCH 124/562] avcodec/msvideo1enc: fix SKIPS_MAX Fixes Ticket3270 Signed-off-by: Michael Niedermayer (cherry picked from commit fb8f5d0510619cea2204246631f1c0dcd994ee25) --- libavcodec/msvideo1enc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/msvideo1enc.c b/libavcodec/msvideo1enc.c index dd4b72f224..896e1e1f0c 100644 --- a/libavcodec/msvideo1enc.c +++ b/libavcodec/msvideo1enc.c @@ -57,7 +57,7 @@ enum MSV1Mode{ }; #define SKIP_PREFIX 0x8400 -#define SKIPS_MAX 0x0FFF +#define SKIPS_MAX 0x03FF #define MKRGB555(in, off) ((in[off] << 10) | (in[off + 1] << 5) | (in[off + 2])) static const int remap[16] = { 0, 1, 4, 5, 2, 3, 6, 7, 8, 9, 12, 13, 10, 11, 14, 15 }; From 6ce835d77f764577d2e4e6ac69b343aaa289dda2 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Fri, 10 Jan 2014 10:57:43 +0100 Subject: [PATCH 125/562] Fix libopenjpeg colour range adjust for 8numcomps; x++) - adjust[x] = FFMAX(FFMIN(16 - image->comps[x].prec, 8), 0); + adjust[x] = FFMAX(FFMIN(av_pix_fmt_desc_get(picture->format)->comp[x].depth_minus1 + 1 - image->comps[x].prec, 8), 0); for (y = 0; y < picture->height; y++) { index = y*picture->width; @@ -209,7 +209,7 @@ static inline void libopenjpeg_copyto16(AVFrame *picture, opj_image_t *image) { int index, x, y; int adjust[4]; for (x = 0; x < image->numcomps; x++) - adjust[x] = FFMAX(FFMIN(16 - image->comps[x].prec, 8), 0); + adjust[x] = FFMAX(FFMIN(av_pix_fmt_desc_get(picture->format)->comp[x].depth_minus1 + 1 - image->comps[x].prec, 8), 0); for (index = 0; index < image->numcomps; index++) { comp_data = image->comps[index].data; From 70028e917ce8121cd0f4eb63d38a9bbe92dc27b5 Mon Sep 17 00:00:00 2001 From: Hendrik Leppkes Date: Fri, 10 Jan 2014 20:18:08 +0100 Subject: [PATCH 126/562] vdpau: restore compatibility with deprecated fields in AVVDPAUContext Fixes ticket #3133. Signed-off-by: Hendrik Leppkes Tested-by: EricV Signed-off-by: Michael Niedermayer (cherry picked from commit 23bc1351ad7db698da9348e23ee63ec7300a881d) --- libavcodec/vdpau.c | 17 +++++++++++++++++ libavcodec/vdpau_h264.c | 17 +++++++++++++++++ 2 files changed, 34 insertions(+) diff --git a/libavcodec/vdpau.c b/libavcodec/vdpau.c index 7a4d1458a9..3a6684148e 100644 --- a/libavcodec/vdpau.c +++ b/libavcodec/vdpau.c @@ -69,6 +69,15 @@ int ff_vdpau_mpeg_end_frame(AVCodecContext *avctx) struct vdpau_picture_context *pic_ctx = pic->hwaccel_picture_private; VdpVideoSurface surf = ff_vdpau_get_surface_id(pic); +#if FF_API_BUFS_VDPAU +FF_DISABLE_DEPRECATION_WARNINGS + hwctx->info = pic_ctx->info; + hwctx->bitstream_buffers = pic_ctx->bitstream_buffers; + hwctx->bitstream_buffers_used = pic_ctx->bitstream_buffers_used; + hwctx->bitstream_buffers_allocated = pic_ctx->bitstream_buffers_allocated; +FF_ENABLE_DEPRECATION_WARNINGS +#endif + if (!hwctx->render) { res = hwctx->render2(avctx, &pic->f, (void *)&pic_ctx->info, pic_ctx->bitstream_buffers_used, pic_ctx->bitstream_buffers); @@ -79,6 +88,14 @@ int ff_vdpau_mpeg_end_frame(AVCodecContext *avctx) ff_mpeg_draw_horiz_band(s, 0, s->avctx->height); av_freep(&pic_ctx->bitstream_buffers); +#if FF_API_BUFS_VDPAU +FF_DISABLE_DEPRECATION_WARNINGS + hwctx->bitstream_buffers = NULL; + hwctx->bitstream_buffers_used = 0; + hwctx->bitstream_buffers_allocated = 0; +FF_ENABLE_DEPRECATION_WARNINGS +#endif + return res; } #endif diff --git a/libavcodec/vdpau_h264.c b/libavcodec/vdpau_h264.c index 3f6415d4f8..ea69c147f1 100644 --- a/libavcodec/vdpau_h264.c +++ b/libavcodec/vdpau_h264.c @@ -195,6 +195,15 @@ static int vdpau_h264_end_frame(AVCodecContext *avctx) struct vdpau_picture_context *pic_ctx = pic->hwaccel_picture_private; VdpVideoSurface surf = ff_vdpau_get_surface_id(pic); +#if FF_API_BUFS_VDPAU +FF_DISABLE_DEPRECATION_WARNINGS + hwctx->info = pic_ctx->info; + hwctx->bitstream_buffers = pic_ctx->bitstream_buffers; + hwctx->bitstream_buffers_used = pic_ctx->bitstream_buffers_used; + hwctx->bitstream_buffers_allocated = pic_ctx->bitstream_buffers_allocated; +FF_ENABLE_DEPRECATION_WARNINGS +#endif + if (!hwctx->render) { res = hwctx->render2(avctx, &pic->f, (void *)&pic_ctx->info, pic_ctx->bitstream_buffers_used, pic_ctx->bitstream_buffers); @@ -205,6 +214,14 @@ static int vdpau_h264_end_frame(AVCodecContext *avctx) ff_h264_draw_horiz_band(h, 0, h->avctx->height); av_freep(&pic_ctx->bitstream_buffers); +#if FF_API_BUFS_VDPAU +FF_DISABLE_DEPRECATION_WARNINGS + hwctx->bitstream_buffers = NULL; + hwctx->bitstream_buffers_used = 0; + hwctx->bitstream_buffers_allocated = 0; +FF_ENABLE_DEPRECATION_WARNINGS +#endif + return res; } From 6fb0f37defbf5b7969f949007d8ac96dfdd26b15 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 10 Dec 2013 23:41:50 +0100 Subject: [PATCH 127/562] avcodec/h264: fix code that blindly dereferences NULL DPB Fixes mixed flushing and decoding NULL packets Found-by: wm4 Signed-off-by: Michael Niedermayer (cherry picked from commit d9339ab55373b12f078a3e3f1e294d8ff78652dd) Conflicts: libavcodec/h264.c --- libavcodec/h264.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 1b531f560b..1d2570be56 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -1839,7 +1839,7 @@ static int decode_update_thread_context(AVCodecContext *dst, for (i = 0; h->DPB && i < MAX_PICTURE_COUNT; i++) { unref_picture(h, &h->DPB[i]); - if (h1->DPB[i].f.data[0] && + if (h1->DPB && h1->DPB[i].f.data[0] && (ret = ref_picture(h, &h->DPB[i], &h1->DPB[i])) < 0) return ret; } From 050d8d727ad68925f1ce2ce7779432d07ee1adce Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 9 Jan 2014 22:59:51 +0100 Subject: [PATCH 128/562] avformat/rmdec: when reading audio blocks, dont leave holes when reading fails The fate test is changed because the reference file depends on the use of non cleared data at the very end. Alternatively we could upload a new reference file, though that would then have to be changed every time the handling of a truncated frame changes or theres a change to error concealment, each time adding a new file ... Fixes use of uninitialized memory Fixed: msan_uninit-mem_7f3c02b81363_2787_RLG2_19.rm Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 77d2a1ca595ebe082d35c4b624ac9a9145991494) Signed-off-by: Michael Niedermayer --- libavformat/rmdec.c | 16 +++++++++++++--- tests/fate/real.mak | 3 ++- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c index b0876fe5bd..baf3f0706c 100644 --- a/libavformat/rmdec.c +++ b/libavformat/rmdec.c @@ -785,6 +785,16 @@ rm_ac3_swap_bytes (AVStream *st, AVPacket *pkt) } } +static int readfull(AVFormatContext *s, AVIOContext *pb, uint8_t *dst, int n) { + int ret = avio_read(pb, dst, n); + if (ret != n) { + if (ret >= 0) memset(dst + ret, 0, n - ret); + else memset(dst , 0, n); + av_log(s, AV_LOG_ERROR, "Failed to fully read block\n"); + } + return ret; +} + int ff_rm_parse_packet (AVFormatContext *s, AVIOContext *pb, AVStream *st, RMStream *ast, int len, AVPacket *pkt, @@ -817,14 +827,14 @@ ff_rm_parse_packet (AVFormatContext *s, AVIOContext *pb, switch (ast->deint_id) { case DEINT_ID_INT4: for (x = 0; x < h/2; x++) - avio_read(pb, ast->pkt.data+x*2*w+y*cfs, cfs); + readfull(s, pb, ast->pkt.data+x*2*w+y*cfs, cfs); break; case DEINT_ID_GENR: for (x = 0; x < w/sps; x++) - avio_read(pb, ast->pkt.data+sps*(h*x+((h+1)/2)*(y&1)+(y>>1)), sps); + readfull(s, pb, ast->pkt.data+sps*(h*x+((h+1)/2)*(y&1)+(y>>1)), sps); break; case DEINT_ID_SIPR: - avio_read(pb, ast->pkt.data + y * w, w); + readfull(s, pb, ast->pkt.data + y * w, w); break; } diff --git a/tests/fate/real.mak b/tests/fate/real.mak index 82d7e3a579..81237e484b 100644 --- a/tests/fate/real.mak +++ b/tests/fate/real.mak @@ -31,8 +31,9 @@ fate-sipr-8k5: CMD = pcm -i $(TARGET_SAMPLES)/sipr/sipr_8k5.rm fate-sipr-8k5: REF = $(SAMPLES)/sipr/sipr_8k5.pcm FATE_SIPR += fate-sipr-16k -fate-sipr-16k: CMD = pcm -i $(TARGET_SAMPLES)/sipr/sipr_16k.rm +fate-sipr-16k: CMD = pcm -i $(TARGET_SAMPLES)/sipr/sipr_16k.rm -aframes 3250 fate-sipr-16k: REF = $(SAMPLES)/sipr/sipr_16k.pcm +fate-sipr-16k: SIZE_TOLERANCE = 40000 $(FATE_SIPR): CMP = oneoff From 4f3b0afaa236f4c1cf0cce4b3b014af647b4e4a6 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 10 Jan 2014 02:11:20 +0100 Subject: [PATCH 129/562] avformat/mxfdec: check avio_read(UID) result Fixes use of uninitialized memory Fixes: msan_uninit-mem_7fc9ba2fd98e_82_02785736.mxf Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 4162ceea93684f3cd656dc21d30903e102a44e73) Signed-off-by: Michael Niedermayer --- libavformat/mxfdec.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index 3d87e963dd..e6352de1cc 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -484,7 +484,10 @@ static int mxf_read_partition_pack(void *arg, AVIOContext *pb, int tag, int size partition->index_sid = avio_rb32(pb); avio_skip(pb, 8); partition->body_sid = avio_rb32(pb); - avio_read(pb, op, sizeof(UID)); + if (avio_read(pb, op, sizeof(UID)) != sizeof(UID)) { + av_log(mxf->fc, AV_LOG_ERROR, "Failed reading UID\n"); + return AVERROR_INVALIDDATA; + } nb_essence_containers = avio_rb32(pb); /* some files don'thave FooterPartition set in every partition */ From 763a808c96bb1d95afe5a4b04d2688de4e605216 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 10 Jan 2014 20:58:19 +0100 Subject: [PATCH 130/562] avformat/flvdec: initialize context before reading from it Fixes use of uninitialized memory Fixes: msan_uninit-mem_7f9b8387069e_5377_flv_with_pcm_s16be_audio_track.flv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 396ddcf22d55fa7e735d69eed22a4a4b1649b73c) Signed-off-by: Michael Niedermayer --- libavformat/flvdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c index 1024001a47..e2498db7ed 100644 --- a/libavformat/flvdec.c +++ b/libavformat/flvdec.c @@ -916,7 +916,7 @@ retry_duration: flv->last_channels = channels = st->codec->channels; } else { - AVCodecContext ctx; + AVCodecContext ctx = {0}; ctx.sample_rate = sample_rate; flv_set_audio_codec(s, st, &ctx, flags & FLV_AUDIO_CODECID_MASK); sample_rate = ctx.sample_rate; From 6da213ce208dabda3ce1d9e8d4fb72d337fa0b3f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 10 Jan 2014 23:10:47 +0100 Subject: [PATCH 131/562] avformat/matroskadec: check generic audio deinterleaver sub_packet_size against frame_size Fixes use of uninitialized memory Fixes: msan_uninit-mem_7f67d052a530_7517_nosound.mkv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit a1ed1c2193483849df689b105bec0d26c2497999) Signed-off-by: Michael Niedermayer --- libavformat/matroskadec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index babf4b8060..cafc96edbb 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -2178,7 +2178,7 @@ static int matroska_parse_rm_audio(MatroskaDemuxContext *matroska, } memcpy(track->audio.buf + y*w, data, w); } else { - if (size < sps * w / sps || h<=0) { + if (size < sps * w / sps || h<=0 || w%sps) { av_log(matroska->ctx, AV_LOG_ERROR, "Corrupt generic RM-style audio packet size\n"); return AVERROR_INVALIDDATA; From aaaafc300df691a3b6f6f1a1837f772e81b04086 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 11 Jan 2014 01:58:36 +0100 Subject: [PATCH 132/562] avcodec/wmalosslessdec: Pass on error code from decode_tilehdr() Signed-off-by: Michael Niedermayer (cherry picked from commit 03fff09b32171e0c76d104c02ebf578c7f4fe21d) Signed-off-by: Michael Niedermayer --- libavcodec/wmalosslessdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/wmalosslessdec.c b/libavcodec/wmalosslessdec.c index 7a80248ffc..6386930f39 100644 --- a/libavcodec/wmalosslessdec.c +++ b/libavcodec/wmalosslessdec.c @@ -1038,9 +1038,9 @@ static int decode_frame(WmallDecodeCtx *s) len = get_bits(gb, s->log2_frame_size); /* decode tile information */ - if (decode_tilehdr(s)) { + if ((ret = decode_tilehdr(s))) { s->packet_loss = 1; - return 0; + return ret; } /* read drc info */ From cd753ee36b0f59123d9786c95cbc57c48bd59791 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 11 Jan 2014 01:59:20 +0100 Subject: [PATCH 133/562] avcodec/wmalosslessdec: deallocate uninitialized frame on decode_tilehdr() failure Fixes use of uninitialized memory partly fixes: msan_uninit-mem_7f7834b6a530_6473_luckynight-partial.wma Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit ae3856dcaf9c5ef339969c95a72bcaf7c4bba9ec) Signed-off-by: Michael Niedermayer --- libavcodec/wmalosslessdec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/wmalosslessdec.c b/libavcodec/wmalosslessdec.c index 6386930f39..8487af94b7 100644 --- a/libavcodec/wmalosslessdec.c +++ b/libavcodec/wmalosslessdec.c @@ -1040,6 +1040,7 @@ static int decode_frame(WmallDecodeCtx *s) /* decode tile information */ if ((ret = decode_tilehdr(s))) { s->packet_loss = 1; + av_frame_unref(s->frame); return ret; } From 57824d1ba6174a44668ff333318ab58bd8fbd8f3 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 11 Jan 2014 02:04:01 +0100 Subject: [PATCH 134/562] avcodec/wmalosslessdec: shrink output on error so no uninitialized data is returned Fixes use of uninitialized memory partly fixes: msan_uninit-mem_7f7834b6a530_6473_luckynight-partial.wma Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 6b18a6839b43ea78e70cd3e35f781d1c955bda73) Signed-off-by: Michael Niedermayer --- libavcodec/wmalosslessdec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/wmalosslessdec.c b/libavcodec/wmalosslessdec.c index 8487af94b7..86ca588936 100644 --- a/libavcodec/wmalosslessdec.c +++ b/libavcodec/wmalosslessdec.c @@ -1076,8 +1076,11 @@ static int decode_frame(WmallDecodeCtx *s) /* decode all subframes */ while (!s->parsed_all_subframes) { + int decoded_samples = s->channel[0].decoded_samples; if (decode_subframe(s) < 0) { s->packet_loss = 1; + if (s->frame->nb_samples) + s->frame->nb_samples = decoded_samples; return 0; } } From b6af89be6a2b419720b2be399de75924388777b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20B=C5=93sch?= Date: Fri, 10 Jan 2014 01:51:22 +0100 Subject: [PATCH 135/562] avformat/pjsdec: dont increase pointer when its already at the end in read_ts() Fixes use of uninitialized memory Fixes: msan_uninit-mem_7f91f2de7764_2649_PJS_capability_tester.pjs Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit b84a7330af41cec93384bf59ed68c67b09d105cd) Signed-off-by: Michael Niedermayer --- libavformat/pjsdec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/pjsdec.c b/libavformat/pjsdec.c index a69a31660d..6f5db37886 100644 --- a/libavformat/pjsdec.c +++ b/libavformat/pjsdec.c @@ -53,7 +53,8 @@ static int64_t read_ts(char **line, int *duration) int64_t start, end; if (sscanf(*line, "%"SCNd64",%"SCNd64, &start, &end) == 2) { - *line += strcspn(*line, "\"") + 1; + *line += strcspn(*line, "\""); + *line += !!**line; *duration = end - start; return start; } From b3c3dc54a595c0145c2efa4f68728aa928a9c854 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 11 Jan 2014 04:36:15 +0100 Subject: [PATCH 136/562] avcodec/alac: only set *got_frame_ptr when all channels have been decoded Fixes use of uninitialized memory Fixes: msan_uninit-mem_7f8b64436530_7895_quicktime_newcodec_applelosslessaudiocodec.m4a Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit e11983bda073f8c63f60509ee753da9fba20ed10) Signed-off-by: Michael Niedermayer --- libavcodec/alac.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/alac.c b/libavcodec/alac.c index 3f37f61883..1929839e70 100644 --- a/libavcodec/alac.c +++ b/libavcodec/alac.c @@ -490,7 +490,8 @@ static int alac_decode_frame(AVCodecContext *avctx, void *data, avpkt->size * 8 - get_bits_count(&alac->gb)); } - *got_frame_ptr = 1; + if (alac->channels == ch) + *got_frame_ptr = 1; return avpkt->size; } From 706dca18d0a849dc867f3a6e2b8909e23d2b28ad Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 11 Jan 2014 20:23:51 +0100 Subject: [PATCH 137/562] avcodec/hevc: use av_mallocz() for allocating tab_ipm Fixes use of uninitialized memory and out of stack array read Fixes: signal_sigsegv_ecc526_7846_WPP_C_ericsson_MAIN_2.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 0999f1613bc48ed9d6578a3ad7bcd17610e07fbf) Conflicts: libavcodec/hevc.c --- libavcodec/hevc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c index a16b045a35..8b15ec58b0 100644 --- a/libavcodec/hevc.c +++ b/libavcodec/hevc.c @@ -109,7 +109,7 @@ static int pic_arrays_init(HEVCContext *s) if (!s->skip_flag || !s->tab_ct_depth) goto fail; - s->tab_ipm = av_malloc(pic_size_in_min_pu); + s->tab_ipm = av_mallocz(pic_size_in_min_pu); s->cbf_luma = av_malloc(pic_width_in_min_tu * pic_height_in_min_tu); s->is_pcm = av_malloc(pic_size_in_min_pu); if (!s->tab_ipm || !s->cbf_luma || !s->is_pcm) From 738a2a04b6d863915ce2b2e2b8b7f380c00b2f01 Mon Sep 17 00:00:00 2001 From: Luca Barbato Date: Sat, 11 Jan 2014 16:52:41 +0100 Subject: [PATCH 138/562] hevc: Clip the pixel before shifting Prevent an out of array bound read. Fixes: asan_stack-oob_eae8e3_7333_WPP_B_ericsson_MAIN10_2.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 5856bca360c5bc3e340a357d91b1f993c80a7bea) Signed-off-by: Michael Niedermayer --- libavcodec/hevcdsp_template.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/hevcdsp_template.c b/libavcodec/hevcdsp_template.c index bda1dee757..0570002e40 100644 --- a/libavcodec/hevcdsp_template.c +++ b/libavcodec/hevcdsp_template.c @@ -391,7 +391,7 @@ static void FUNC(sao_band_filter)(uint8_t *_dst, uint8_t *_src, offset_table[(k + sao_left_class) & 31] = sao_offset_val[k + 1]; for (y = 0; y < height; y++) { for (x = 0; x < width; x++) - dst[x] = av_clip_pixel(src[x] + offset_table[av_clip_pixel(src[x] >> shift)]); + dst[x] = av_clip_pixel(src[x] + offset_table[av_clip_pixel(src[x]) >> shift]); dst += stride; src += stride; } From ea21b7b68cfcc7ac98ec246c34be7abb4c86f291 Mon Sep 17 00:00:00 2001 From: Guillaume Martres Date: Sat, 11 Jan 2014 22:46:24 +0100 Subject: [PATCH 139/562] hevc: clip pixels when transquant bypass is used Fixes: asan_stack-oob_eae8e3_7333_WPP_B_ericsson_MAIN10_2.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind This is a more proper fix than 5856bca360c5bc3e340a357d91b1f993c80a7bea The reconstructed picture should always be clipped (see section 8.6.5), previously we did not clip coding units where cu_transquant_bypass_flag == 1 Signed-off-by: Michael Niedermayer (cherry picked from commit c9fe0caf7a1abde7ca0b1a359f551103064867b1) Signed-off-by: Michael Niedermayer --- libavcodec/hevcdsp_template.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libavcodec/hevcdsp_template.c b/libavcodec/hevcdsp_template.c index 0570002e40..8e9db63583 100644 --- a/libavcodec/hevcdsp_template.c +++ b/libavcodec/hevcdsp_template.c @@ -51,7 +51,7 @@ static void FUNC(transquant_bypass4x4)(uint8_t *_dst, int16_t *coeffs, ptrdiff_t for (y = 0; y < 4; y++) { for (x = 0; x < 4; x++) { - dst[x] += *coeffs; + dst[x] = av_clip_pixel(dst[x] + *coeffs); coeffs++; } dst += stride; @@ -67,7 +67,7 @@ static void FUNC(transquant_bypass8x8)(uint8_t *_dst, int16_t *coeffs, ptrdiff_t for (y = 0; y < 8; y++) { for (x = 0; x < 8; x++) { - dst[x] += *coeffs; + dst[x] = av_clip_pixel(dst[x] + *coeffs); coeffs++; } dst += stride; @@ -82,7 +82,7 @@ static void FUNC(transquant_bypass16x16)(uint8_t *_dst, int16_t *coeffs, ptrdiff for (y = 0; y < 16; y++) { for (x = 0; x < 16; x++) { - dst[x] += *coeffs; + dst[x] = av_clip_pixel(dst[x] + *coeffs); coeffs++; } dst += stride; @@ -98,7 +98,7 @@ static void FUNC(transquant_bypass32x32)(uint8_t *_dst, int16_t *coeffs, ptrdiff for (y = 0; y < 32; y++) { for (x = 0; x < 32; x++) { - dst[x] += *coeffs; + dst[x] = av_clip_pixel(dst[x] + *coeffs); coeffs++; } dst += stride; From e43805d40188f2797619cdf068b64d2c3ada8a8f Mon Sep 17 00:00:00 2001 From: Guillaume Martres Date: Sat, 11 Jan 2014 22:46:25 +0100 Subject: [PATCH 140/562] hevc: remove useless clip in FUNC(sao_band_filter)() The src buffer should only contain values in the interval [0, (1 << BIT_DEPTH) - 1]. Since shift = (BIT_DEPTH - 5), src[x] >> shift must be in the interval [0, 31], so no clip is needed. This removes the code that was changed in 5856bca360c5bc3e340a357d91b1f993c80a7bea as the clip that was repositioned in that commit is removed Signed-off-by: Michael Niedermayer (cherry picked from commit b00a8b4d194f1bf23343f3f42138affa1fe26641) Signed-off-by: Michael Niedermayer --- libavcodec/hevcdsp_template.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/hevcdsp_template.c b/libavcodec/hevcdsp_template.c index 8e9db63583..4f6b7119d2 100644 --- a/libavcodec/hevcdsp_template.c +++ b/libavcodec/hevcdsp_template.c @@ -391,7 +391,7 @@ static void FUNC(sao_band_filter)(uint8_t *_dst, uint8_t *_src, offset_table[(k + sao_left_class) & 31] = sao_offset_val[k + 1]; for (y = 0; y < height; y++) { for (x = 0; x < width; x++) - dst[x] = av_clip_pixel(src[x] + offset_table[av_clip_pixel(src[x]) >> shift]); + dst[x] = av_clip_pixel(src[x] + offset_table[src[x] >> shift]); dst += stride; src += stride; } From 39545c54826c5c0afb8af83507803e0d891409ea Mon Sep 17 00:00:00 2001 From: Luca Barbato Date: Sat, 11 Jan 2014 16:52:43 +0100 Subject: [PATCH 141/562] hevc: Reject impossible dependent tile The tile 0 cannot depend on a previous one. Prevent an out of array bound load in ff_hevc_cabac_init(). Fixes: asan_heap-oob_e3a924_1630_DBLK_A_MAIN10_VIXS_2.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Reviewed-by: Guillaume Martres Signed-off-by: Michael Niedermayer (cherry picked from commit 48a5b155433ed7af20fb0a5c20ca131958727727) Signed-off-by: Michael Niedermayer --- libavcodec/hevc.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c index 8b15ec58b0..e6fd5cfbb0 100644 --- a/libavcodec/hevc.c +++ b/libavcodec/hevc.c @@ -1775,6 +1775,11 @@ static int hls_decode_entry(AVCodecContext *avctxt, void *isFilterThread) int y_ctb = 0; int ctb_addr_ts = s->pps->ctb_addr_rs_to_ts[s->sh.slice_ctb_addr_rs]; + if (!ctb_addr_ts && s->sh.dependent_slice_segment_flag) { + av_log(s->avctx, AV_LOG_ERROR, "Impossible initial tile.\n"); + return AVERROR_INVALIDDATA; + } + while (more_data && ctb_addr_ts < s->sps->ctb_size) { int ctb_addr_rs = s->pps->ctb_addr_ts_to_rs[ctb_addr_ts]; From d63476347a486ae87ef5b1279fd813529a58849c Mon Sep 17 00:00:00 2001 From: Luca Barbato Date: Sun, 12 Jan 2014 01:14:12 +0100 Subject: [PATCH 142/562] hevc: Bound check slice_qp The T-REC-H.265-2013044 page 79 states they have to be into the range [-s->sps->qp_bd_offset, 51]. Fixes: asan_stack-oob_eae8e3_9522_WP_MAIN10_B_Toshiba_3.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit aead772b5814142b0e530804486ff7970ecd9eef) Signed-off-by: Michael Niedermayer --- libavcodec/hevc.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c index e6fd5cfbb0..befe2dec16 100644 --- a/libavcodec/hevc.c +++ b/libavcodec/hevc.c @@ -630,7 +630,17 @@ static int hls_slice_header(HEVCContext *s) } // Inferred parameters - sh->slice_qp = 26 + s->pps->pic_init_qp_minus26 + sh->slice_qp_delta; + sh->slice_qp = 26U + s->pps->pic_init_qp_minus26 + sh->slice_qp_delta; + if (sh->slice_qp > 51 || + sh->slice_qp < -s->sps->qp_bd_offset) { + av_log(s->avctx, AV_LOG_ERROR, + "The slice_qp %d is outside the valid range " + "[%d, 51].\n", + sh->slice_qp, + -s->sps->qp_bd_offset); + return AVERROR_INVALIDDATA; + } + sh->slice_ctb_addr_rs = sh->slice_segment_addr; s->HEVClc->first_qp_group = !s->sh.dependent_slice_segment_flag; From a0aa5c34a964ed74217d4e7908ec4bf9536876d6 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 13 Jan 2014 03:51:39 +0100 Subject: [PATCH 143/562] avcodec/hevc: Check entry point arrays for malloc failure Fixes null pointer dereference Fixes: signal_sigsegv_e1d3b6_2192_DBLK_F_VIXS_2.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 22bfb4be284c12f33b9dac010713fe3ca6d974bf) Signed-off-by: Michael Niedermayer --- libavcodec/hevc.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c index befe2dec16..8ff51a3130 100644 --- a/libavcodec/hevc.c +++ b/libavcodec/hevc.c @@ -602,6 +602,11 @@ static int hls_slice_header(HEVCContext *s) sh->entry_point_offset = av_malloc(sh->num_entry_point_offsets * sizeof(int)); sh->offset = av_malloc(sh->num_entry_point_offsets * sizeof(int)); sh->size = av_malloc(sh->num_entry_point_offsets * sizeof(int)); + if (!sh->entry_point_offset || !sh->offset || !sh->size) { + sh->num_entry_point_offsets = 0; + av_log(s->avctx, AV_LOG_ERROR, "Failed to allocate memory\n"); + return AVERROR(ENOMEM); + } for (i = 0; i < sh->num_entry_point_offsets; i++) { int val = 0; for (j = 0; j < segments; j++) { From b336daa952d9d0ff3e1fd9f9aeb12b42f5d89b26 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Thu, 31 Oct 2013 20:17:18 +0100 Subject: [PATCH 144/562] Fix a crash on oom when decoding hevc. (cherry picked from commit 5ab1efb9d0dc65e748a0291b67915e35578b302e) Signed-off-by: Michael Niedermayer --- libavcodec/hevc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c index 8ff51a3130..2b57d13fb6 100644 --- a/libavcodec/hevc.c +++ b/libavcodec/hevc.c @@ -2604,7 +2604,8 @@ static av_cold int hevc_decode_free(AVCodecContext *avctx) pic_arrays_free(s); - av_freep(&lc->edge_emu_buffer); + if (lc) + av_freep(&lc->edge_emu_buffer); av_freep(&s->md5_ctx); for(i=0; i < s->nals_allocated; i++) { From 29353dd3f8159089ecf2fa0886f94f4cf32e75f2 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 13 Jan 2014 17:21:42 +0100 Subject: [PATCH 145/562] Update for 2.1.2 Signed-off-by: Michael Niedermayer --- RELEASE | 2 +- VERSION | 2 +- doc/Doxyfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/RELEASE b/RELEASE index 3e3c2f1e5e..eca07e4c1a 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -2.1.1 +2.1.2 diff --git a/VERSION b/VERSION index 3e3c2f1e5e..eca07e4c1a 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.1.1 +2.1.2 diff --git a/doc/Doxyfile b/doc/Doxyfile index eb1bea2141..1236ab17b4 100644 --- a/doc/Doxyfile +++ b/doc/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 2.1.1 +PROJECT_NUMBER = 2.1.2 # With the PROJECT_LOGO tag one can specify a logo or icon that is included # in the documentation. The maximum height of the logo should not exceed 55 From 15d7b7d7ccb12234fc392ffd0d773285e84d5317 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20B=C5=93sch?= Date: Mon, 18 Nov 2013 07:53:08 +0100 Subject: [PATCH 146/562] avcodec/libxavs: attempt to fix compilation after b18c7c8d. (cherry picked from commit 71cd83e34cf7ba88d766434e3d2b4d99c14bf0f2) Signed-off-by: Michael Niedermayer --- libavcodec/libxavs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/libxavs.c b/libavcodec/libxavs.c index 1b72194573..4599a0d315 100644 --- a/libavcodec/libxavs.c +++ b/libavcodec/libxavs.c @@ -110,7 +110,7 @@ static int encode_nals(AVCodecContext *ctx, AVPacket *pkt, return 1; } -static int XAVS_frame(AVCodecContext *ctx, AVPacket *pkt, +static int XAVS_frame(AVCodecContext *avctx, AVPacket *pkt, const AVFrame *frame, int *got_packet) { XavsContext *x4 = ctx->priv_data; From d9b7557732f1993cd84b6084516a6f78d1195889 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20B=C5=93sch?= Date: Mon, 18 Nov 2013 08:08:41 +0100 Subject: [PATCH 147/562] avcodec/libxavs: 2nd attempt to fix compilation after b18c7c8d. (cherry picked from commit 260fc0d95b025b03b2a15116526e4c83b1ca1a31) Signed-off-by: Michael Niedermayer --- libavcodec/libxavs.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/libavcodec/libxavs.c b/libavcodec/libxavs.c index 4599a0d315..ffe3411c96 100644 --- a/libavcodec/libxavs.c +++ b/libavcodec/libxavs.c @@ -113,7 +113,7 @@ static int encode_nals(AVCodecContext *ctx, AVPacket *pkt, static int XAVS_frame(AVCodecContext *avctx, AVPacket *pkt, const AVFrame *frame, int *got_packet) { - XavsContext *x4 = ctx->priv_data; + XavsContext *x4 = avctx->priv_data; xavs_nal_t *nal; int nnal, i, ret; xavs_picture_t pic_out; @@ -129,29 +129,29 @@ static int XAVS_frame(AVCodecContext *avctx, AVPacket *pkt, x4->pic.i_pts = frame->pts; x4->pic.i_type = XAVS_TYPE_AUTO; - x4->pts_buffer[ctx->frame_number % (ctx->max_b_frames+1)] = frame->pts; + x4->pts_buffer[avctx->frame_number % (avctx->max_b_frames+1)] = frame->pts; } if (xavs_encoder_encode(x4->enc, &nal, &nnal, frame? &x4->pic: NULL, &pic_out) < 0) return -1; - ret = encode_nals(ctx, pkt, nal, nnal); + ret = encode_nals(avctx, pkt, nal, nnal); if (ret < 0) return -1; if (!ret) { if (!frame && !(x4->end_of_stream)) { - if ((ret = ff_alloc_packet2(ctx, pkt, 4)) < 0) + if ((ret = ff_alloc_packet2(avctx, pkt, 4)) < 0) return ret; pkt->data[0] = 0x0; pkt->data[1] = 0x0; pkt->data[2] = 0x01; pkt->data[3] = 0xb1; - pkt->dts = 2*x4->pts_buffer[(x4->out_frame_count-1)%(ctx->max_b_frames+1)] - - x4->pts_buffer[(x4->out_frame_count-2)%(ctx->max_b_frames+1)]; + pkt->dts = 2*x4->pts_buffer[(x4->out_frame_count-1)%(avctx->max_b_frames+1)] - + x4->pts_buffer[(x4->out_frame_count-2)%(avctx->max_b_frames+1)]; x4->end_of_stream = END_OF_STREAM; *got_packet = 1; } @@ -160,11 +160,11 @@ static int XAVS_frame(AVCodecContext *avctx, AVPacket *pkt, avctx->coded_frame->pts = pic_out.i_pts; pkt->pts = pic_out.i_pts; - if (ctx->has_b_frames) { + if (avctx->has_b_frames) { if (!x4->out_frame_count) pkt->dts = pkt->pts - (x4->pts_buffer[1] - x4->pts_buffer[0]); else - pkt->dts = x4->pts_buffer[(x4->out_frame_count-1)%(ctx->max_b_frames+1)]; + pkt->dts = x4->pts_buffer[(x4->out_frame_count-1)%(avctx->max_b_frames+1)]; } else pkt->dts = pkt->pts; From c8d43c22dbb1c56a3e1f8f89e599a2f2a90ca110 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 13 Jan 2014 22:14:02 +0100 Subject: [PATCH 148/562] avformat/utils/av_probe_input_buffer2: Fix pd.buf_size Signed-off-by: Michael Niedermayer (cherry picked from commit 6a2064820b52568c05a9ec8f418f18840e7c43cc) Signed-off-by: Michael Niedermayer --- libavformat/utils.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index bcea353980..8854d5fc2e 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -387,7 +387,8 @@ int av_probe_input_buffer2(AVIOContext *pb, AVInputFormat **fmt, score = 0; ret = 0; /* error was end of file, nothing read */ } - pd.buf_size = buf_offset += ret; + buf_offset += ret; + pd.buf_size = buf_offset - offset; pd.buf = &buf[offset]; memset(pd.buf + pd.buf_size, 0, AVPROBE_PADDING_SIZE); From 0a055cc62e236b2475fee28cae761c3c33b4b8e5 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 13 Jan 2014 22:17:12 +0100 Subject: [PATCH 149/562] avformat/utils/av_probe_input_buffer2: fix offset check The check could fail if avio_read() read less than requested Signed-off-by: Michael Niedermayer (cherry picked from commit 8c3b026a0eeb49464d957b61b0c01cceecc416fd) Signed-off-by: Michael Niedermayer --- libavformat/utils.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index 8854d5fc2e..ef688a56f3 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -370,9 +370,6 @@ int av_probe_input_buffer2(AVIOContext *pb, AVInputFormat **fmt, for(probe_size= PROBE_BUF_MIN; probe_size<=max_probe_size && !*fmt; probe_size = FFMIN(probe_size<<1, FFMAX(max_probe_size, probe_size+1))) { - if (probe_size < offset) { - continue; - } score = probe_size < max_probe_size ? AVPROBE_SCORE_RETRY : 0; /* read probe data */ @@ -388,6 +385,8 @@ int av_probe_input_buffer2(AVIOContext *pb, AVInputFormat **fmt, ret = 0; /* error was end of file, nothing read */ } buf_offset += ret; + if (buf_offset < offset) + continue; pd.buf_size = buf_offset - offset; pd.buf = &buf[offset]; From 2156d9bd7db164e7a4e6ad53dbb2f485ef49ae3b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 13 Jan 2014 22:17:12 +0100 Subject: [PATCH 150/562] avformat/utils/av_probe_input_buffer2: fix buffer passed to ffio_rewind_with_probe_data() Signed-off-by: Michael Niedermayer (cherry picked from commit 05886c9d4edddb07a4cdc6afee8b30cd9c80b4db) Signed-off-by: Michael Niedermayer --- libavformat/utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index ef688a56f3..fd5c0dd017 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -408,7 +408,7 @@ int av_probe_input_buffer2(AVIOContext *pb, AVInputFormat **fmt, } /* rewind. reuse probe buffer to avoid seeking */ - ret = ffio_rewind_with_probe_data(pb, &buf, pd.buf_size); + ret = ffio_rewind_with_probe_data(pb, &buf, buf_offset); return ret < 0 ? ret : score; } From 7ae6229b97f38405cb8d84cb44e31e2dc24da7eb Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 28 Nov 2013 21:27:05 +0100 Subject: [PATCH 151/562] Merge commit '0673ede985a6560e7efb86dab1c58fb7f95ce587' * commit '0673ede985a6560e7efb86dab1c58fb7f95ce587': configure: add strip flags checks Merged-by: Michael Niedermayer (cherry picked from commit 71b95f2ab603ea607bc1b930fcfc3974b40ba484) Signed-off-by: Michael Niedermayer --- configure | 23 +++++++++++++++++++++++ library.mak | 2 +- 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/configure b/configure index d4dc9cfc26..d38f117d56 100755 --- a/configure +++ b/configure @@ -729,6 +729,10 @@ add_ldflags(){ append LDFLAGS $($ldflags_filter "$@") } +add_stripflags(){ + append STRIPFLAGS "$@" +} + add_extralibs(){ prepend extralibs $($ldflags_filter "$@") } @@ -886,6 +890,20 @@ check_ldflags(){ test_ldflags "$@" && add_ldflags "$@" } +test_stripflags(){ + log test_stripflags "$@" + # call check_cc to get a fresh TMPO + check_cc < $(@:.o=.d) $(YASM) $(YASMFLAGS) -I $( Date: Thu, 28 Nov 2013 21:29:13 +0100 Subject: [PATCH 152/562] build sys: rename STRIPFLAGS to ASMSTRIPFLAGS This more closely matches the actual use, also we use plain strip without these flags for striping Signed-off-by: Michael Niedermayer (cherry picked from commit e283c26c35c4f18c8eb2e79183037a883b12d1e5) Signed-off-by: Michael Niedermayer --- configure | 6 +++--- library.mak | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/configure b/configure index d38f117d56..108b662909 100755 --- a/configure +++ b/configure @@ -730,7 +730,7 @@ add_ldflags(){ } add_stripflags(){ - append STRIPFLAGS "$@" + append ASMSTRIPFLAGS "$@" } add_extralibs(){ @@ -896,7 +896,7 @@ test_stripflags(){ check_cc < $(@:.o=.d) $(YASM) $(YASMFLAGS) -I $( Date: Thu, 28 Nov 2013 21:35:12 +0100 Subject: [PATCH 153/562] configure: remove code that disables striping in the absence of some flags This prevents breaking (non asm) striping in that case Signed-off-by: Michael Niedermayer (cherry picked from commit 191454f26e5a2f5026fef9a25df6d61c2a06615c) Signed-off-by: Michael Niedermayer --- configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure b/configure index 108b662909..f831999184 100755 --- a/configure +++ b/configure @@ -4480,7 +4480,7 @@ test_ldflags -Wl,-Bsymbolic && append SHFLAGS -Wl,-Bsymbolic # add some strip flags # -wN '..@*' is more selective than -x, but not available everywhere. -check_stripflags -wN \'..@*\' || check_stripflags -x || strip='true' +check_stripflags -wN \'..@*\' || check_stripflags -x enabled xmm_clobber_test && check_ldflags -Wl,--wrap,avcodec_open2 \ From 45900618ae4d7216f531aea9c906ab614010fa78 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 28 Nov 2013 21:52:46 +0100 Subject: [PATCH 154/562] library.mak: only run asm strip if ASMSTRIP flags are set Signed-off-by: Michael Niedermayer (cherry picked from commit e975c147e18010a9f96f56b21d0cd0f026eaae0e) Signed-off-by: Michael Niedermayer --- library.mak | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library.mak b/library.mak index 36c883d034..737f5bb6cd 100644 --- a/library.mak +++ b/library.mak @@ -25,7 +25,7 @@ $(SUBDIR)%-test.i: $(SUBDIR)%.c $(SUBDIR)x86/%.o: $(SUBDIR)x86/%.asm $(DEPYASM) $(YASMFLAGS) -I $( $(@:.o=.d) $(YASM) $(YASMFLAGS) -I $( Date: Wed, 15 Jan 2014 18:29:16 +0100 Subject: [PATCH 155/562] Update for 2.1.3 Signed-off-by: Michael Niedermayer --- RELEASE | 2 +- VERSION | 2 +- doc/Doxyfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/RELEASE b/RELEASE index eca07e4c1a..ac2cdeba01 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -2.1.2 +2.1.3 diff --git a/VERSION b/VERSION index eca07e4c1a..ac2cdeba01 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.1.2 +2.1.3 diff --git a/doc/Doxyfile b/doc/Doxyfile index 1236ab17b4..bc1595f45b 100644 --- a/doc/Doxyfile +++ b/doc/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 2.1.2 +PROJECT_NUMBER = 2.1.3 # With the PROJECT_LOGO tag one can specify a logo or icon that is included # in the documentation. The maximum height of the logo should not exceed 55 From 0d45e821dc1445fe1f10d922a2ea9d999b5fb44f Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Wed, 15 Jan 2014 23:35:22 +0100 Subject: [PATCH 156/562] Do not set mkv bit_depth to av_get_bytes_per_sample() for G.726. The value is wrong and leads to broken files. (cherry picked from commit 565102dcac4959da60e6b1528dc31315d21194ca) --- libavformat/matroskaenc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/matroskaenc.c b/libavformat/matroskaenc.c index 60b6e5ea78..ea45d9c19f 100644 --- a/libavformat/matroskaenc.c +++ b/libavformat/matroskaenc.c @@ -612,7 +612,7 @@ static int mkv_write_tracks(AVFormatContext *s) continue; } - if (!bit_depth) + if (!bit_depth && codec->codec_id != AV_CODEC_ID_ADPCM_G726) bit_depth = av_get_bytes_per_sample(codec->sample_fmt) << 3; if (!bit_depth) bit_depth = codec->bits_per_coded_sample; From 2f4b781e4db5742bd85abfa1cc9e40af8c27b76b Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Wed, 15 Jan 2014 23:37:47 +0100 Subject: [PATCH 157/562] Do not read mkv audio bit_depth if bits_per_coded_sample is already set. This allows decoding broken mkv files containing G.726 audio. (cherry picked from commit 11329370770e5c982deece7d4eb4f2e95e725332) --- libavformat/matroskadec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index cafc96edbb..c5a6ddee96 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -1906,6 +1906,7 @@ static int matroska_read_header(AVFormatContext *s) st->codec->codec_type = AVMEDIA_TYPE_AUDIO; st->codec->sample_rate = track->audio.out_samplerate; st->codec->channels = track->audio.channels; + if (!st->codec->bits_per_coded_sample) st->codec->bits_per_coded_sample = track->audio.bitdepth; if (st->codec->codec_id != AV_CODEC_ID_AAC) st->need_parsing = AVSTREAM_PARSE_HEADERS; From f4e051680ec3af0d06234a3fd197b452499f9227 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Fri, 17 Jan 2014 13:09:57 +0100 Subject: [PATCH 158/562] Fix libxvid crash on failing initialisation. Fixes ticket #3297. (cherry picked from commit ee3fc8aa864f6d95356a7d9d03536e2b12b891c5) --- libavcodec/libxvid.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/libxvid.c b/libavcodec/libxvid.c index 40b3bffacf..97ab2d4a07 100644 --- a/libavcodec/libxvid.c +++ b/libavcodec/libxvid.c @@ -48,6 +48,7 @@ * This stores all the private context for the codec. */ struct xvid_context { + AVClass *class; void *encoder_handle; /**< Handle for Xvid encoder */ int xsize; /**< Frame x size */ int ysize; /**< Frame y size */ From 2c5c6affb1c32855f1452c914d35bc899f391c1f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 19 Jan 2014 04:55:01 +0100 Subject: [PATCH 159/562] avcodec/mjpegdec: update cur_scan also for non-LS jpeg This should make no difference but the variable will be used in a subsequent commit Signed-off-by: Michael Niedermayer (cherry picked from commit 8893f31e206358d933abe4a5227b5ae89f5f303d) --- libavcodec/mjpegdec.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index 398d758a8c..361f2992c1 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -1735,8 +1735,6 @@ int ff_mjpeg_find_marker(MJpegDecodeContext *s, int t = 0, b = 0; PutBitContext pb; - s->cur_scan++; - /* find marker */ while (src + t < buf_end) { uint8_t x = src[t++]; @@ -1926,6 +1924,7 @@ eoi_parser: goto the_end; case SOS: + s->cur_scan++; if ((ret = ff_mjpeg_decode_sos(s, NULL, NULL)) < 0 && (avctx->err_recognition & AV_EF_EXPLODE)) goto fail; From 83dc8f044d66379166fce96d604c8be7640cbbcd Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 19 Jan 2014 04:56:13 +0100 Subject: [PATCH 160/562] avcodec/mjpegdec: only run EOI emulation code when there was a scan Signed-off-by: Michael Niedermayer (cherry picked from commit 361e27a3d8096baacc45d2551a1ebfcbfdaa6a67) --- libavcodec/mjpegdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index 361f2992c1..b168bd9320 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -1953,7 +1953,7 @@ eoi_parser: "marker parser used %d bytes (%d bits)\n", (get_bits_count(&s->gb) + 7) / 8, get_bits_count(&s->gb)); } - if (s->got_picture) { + if (s->got_picture && s->cur_scan) { av_log(avctx, AV_LOG_WARNING, "EOI missing, emulating\n"); goto eoi_parser; } From 756cd1a305d23f9817f87c583b8d9ded28704893 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 19 Jan 2014 04:02:11 +0100 Subject: [PATCH 161/562] avcodec/mjpegdec: Dont treat the lack of a startcode differently from end of the bitstream Fixes Ticket3303 Signed-off-by: Michael Niedermayer (cherry picked from commit 31e703e899bee74c50efd8eb62c3d012ef5ab26d) --- libavcodec/mjpegdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index b168bd9320..1de773263c 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -1799,7 +1799,7 @@ int ff_mjpeg_decode_frame(AVCodecContext *avctx, void *data, int *got_frame, &unescaped_buf_size); /* EOF */ if (start_code < 0) { - goto the_end; + break; } else if (unescaped_buf_size > INT_MAX / 8) { av_log(avctx, AV_LOG_ERROR, "MJPEG packet 0x%x too big (%d/%d), corrupt data?\n", From 9d83cff1f117168899bdc97c32c8cb5244db7676 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 19 Jan 2014 06:20:46 +0100 Subject: [PATCH 162/562] avcodec/aacdec: Dont fail if channels arent known yet Fixes Ticket3312 Signed-off-by: Michael Niedermayer (cherry picked from commit 676a395ab903cac623c5d6ddd0928c789e08a59e) --- libavcodec/aacdec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/aacdec.c b/libavcodec/aacdec.c index eb6ee5e331..396aa44ec5 100644 --- a/libavcodec/aacdec.c +++ b/libavcodec/aacdec.c @@ -194,6 +194,9 @@ static int frame_configure_elements(AVCodecContext *avctx) /* get output buffer */ av_frame_unref(ac->frame); + if (!avctx->channels) + return 1; + ac->frame->nb_samples = 2048; if ((ret = ff_get_buffer(avctx, ac->frame, 0)) < 0) return ret; From 30a94f1159d4715b1fae906925dd6e852269a2ac Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 19 Jan 2014 16:44:58 +0100 Subject: [PATCH 163/562] avcodec/mjpegdec: Dont skip picture allocation if theres no picture allocated Fixes Ticket 3245 (cherry picked from commit ad8d063f230c05f8b5efbd05cc5a9f51a2549dcf) --- libavcodec/mjpegdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index 1de773263c..c434de9dbe 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -334,7 +334,7 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s) s->first_picture = 0; } - if (s->interlaced && (s->bottom_field == !s->interlace_polarity)) { + if (s->got_picture && s->interlaced && (s->bottom_field == !s->interlace_polarity)) { if (s->progressive) { avpriv_request_sample(s->avctx, "progressively coded interlaced picture"); return AVERROR_INVALIDDATA; From fc5261c2190505a6d569afa6c7ada7a18b6c4998 Mon Sep 17 00:00:00 2001 From: Nicolas George Date: Sat, 18 Jan 2014 00:34:17 +0100 Subject: [PATCH 164/562] lavfi/dualinput: fix shortest option. Fix trac ticket #3315. (cherry picked from commit 2dc5980d61493e05ccb04271a685fe804d87b155) --- libavfilter/dualinput.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavfilter/dualinput.c b/libavfilter/dualinput.c index 97e15cbe01..88f7a272f1 100644 --- a/libavfilter/dualinput.c +++ b/libavfilter/dualinput.c @@ -57,7 +57,7 @@ int ff_dualinput_init(AVFilterContext *ctx, FFDualInputContext *s) in[1].after = EXT_INFINITY; if (s->shortest) - in[1].after = EXT_STOP; + in[0].after = in[1].after = EXT_STOP; if (!s->repeatlast) { in[0].after = EXT_STOP; in[1].sync = 0; From ee3822af631c27521fd15f94a00bdbc98eabd082 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Mon, 20 Jan 2014 22:37:18 +0100 Subject: [PATCH 165/562] Allow decoding of slightly broken Nikon avi files. Fixes ticket #3330. (cherry picked from commit f9c2d4d17e3b18becb046d71811f9e8aa5946cf9) --- libavformat/avidec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavformat/avidec.c b/libavformat/avidec.c index 10116bd2a7..57beb6877d 100644 --- a/libavformat/avidec.c +++ b/libavformat/avidec.c @@ -348,6 +348,7 @@ static void avi_read_nikon(AVFormatContext *s, uint64_t end) uint16_t size = avio_rl16(s->pb); const char *name = NULL; char buffer[64] = { 0 }; + size = FFMIN(size, tag_end - avio_tell(s->pb)); size -= avio_read(s->pb, buffer, FFMIN(size, sizeof(buffer) - 1)); switch (tag) { From e6299a4cf9efc526da9c85522038a80c034b0ad3 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 16 Jan 2014 02:53:32 +0100 Subject: [PATCH 166/562] cmdutils: update year Signed-off-by: Michael Niedermayer --- cmdutils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmdutils.c b/cmdutils.c index 1fbd73cf84..26fe3c78ac 100644 --- a/cmdutils.c +++ b/cmdutils.c @@ -68,7 +68,7 @@ struct SwsContext *sws_opts; AVDictionary *swr_opts; AVDictionary *format_opts, *codec_opts, *resample_opts; -const int this_year = 2013; +const int this_year = 2014; static FILE *report_file; From c9a8dfa5ae162d719f554915af7bf0c9f918c943 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 6 Jan 2014 17:12:15 +0100 Subject: [PATCH 167/562] Merge commit '6892d145a0c80249bd61ee7dd31ec851c5076bcd' * commit '6892d145a0c80249bd61ee7dd31ec851c5076bcd': segafilm: fix leaks if reading the header fails Conflicts: libavformat/segafilm.c See: ca5456db7fa62a81d8effa20fb7547c16dd1d796 Merged-by: Michael Niedermayer (cherry picked from commit 2a58d5fc0e842ebc9a47523a8c3418580b40b4be) Signed-off-by: Michael Niedermayer --- libavformat/segafilm.c | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) diff --git a/libavformat/segafilm.c b/libavformat/segafilm.c index a56568c300..7d33189cf5 100644 --- a/libavformat/segafilm.c +++ b/libavformat/segafilm.c @@ -72,13 +72,22 @@ static int film_probe(AVProbeData *p) return AVPROBE_SCORE_MAX; } +static int film_read_close(AVFormatContext *s) +{ + FilmDemuxContext *film = s->priv_data; + + av_freep(&film->sample_table); + + return 0; +} + static int film_read_header(AVFormatContext *s) { FilmDemuxContext *film = s->priv_data; AVIOContext *pb = s->pb; AVStream *st; unsigned char scratch[256]; - int i; + int i, ret; unsigned int data_offset; unsigned int audio_frame_counter; @@ -203,14 +212,16 @@ static int film_read_header(AVFormatContext *s) for (i = 0; i < film->sample_count; i++) { /* load the next sample record and transfer it to an internal struct */ if (avio_read(pb, scratch, 16) != 16) { - av_freep(&film->sample_table); - return AVERROR(EIO); + ret = AVERROR(EIO); + goto fail; } film->sample_table[i].sample_offset = data_offset + AV_RB32(&scratch[0]); film->sample_table[i].sample_size = AV_RB32(&scratch[4]); - if (film->sample_table[i].sample_size > INT_MAX / 4) - return AVERROR_INVALIDDATA; + if (film->sample_table[i].sample_size > INT_MAX / 4) { + ret = AVERROR_INVALIDDATA; + goto fail; + } if (AV_RB32(&scratch[8]) == 0xFFFFFFFF) { film->sample_table[i].stream = film->audio_stream_index; film->sample_table[i].pts = audio_frame_counter; @@ -231,6 +242,9 @@ static int film_read_header(AVFormatContext *s) film->current_sample = 0; return 0; +fail: + film_read_close(s); + return ret; } static int film_read_packet(AVFormatContext *s, @@ -270,15 +284,6 @@ static int film_read_packet(AVFormatContext *s, return ret; } -static int film_read_close(AVFormatContext *s) -{ - FilmDemuxContext *film = s->priv_data; - - av_freep(&film->sample_table); - - return 0; -} - AVInputFormat ff_segafilm_demuxer = { .name = "film_cpk", .long_name = NULL_IF_CONFIG_SMALL("Sega FILM / CPK"), From 9e8464e81bfe4e5f2f789330f3584e2d0706e29f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 6 Jan 2014 16:39:38 +0100 Subject: [PATCH 168/562] Merge commit '9eef9eb3014b2ed9c3ff4aac510a9f04edb555cf' * commit '9eef9eb3014b2ed9c3ff4aac510a9f04edb555cf': h264: check that execute_decode_slices() is not called too many times Conflicts: libavcodec/h264.c The check is replaced by an assert() as the mb index should not ever go out of bounds. Merged-by: Michael Niedermayer (cherry picked from commit 64591f8f86f2dfeac13ee6b4e971d069675ca814) Signed-off-by: Michael Niedermayer --- libavcodec/h264.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 1d2570be56..76a82acafb 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -4605,6 +4605,8 @@ static int execute_decode_slices(H264Context *h, int context_count) H264Context *hx; int i; + av_assert0(h->mb_y < h->mb_height); + if (h->avctx->hwaccel || h->avctx->codec->capabilities & CODEC_CAP_HWACCEL_VDPAU) return 0; From 23ae7bfb4e94a13204f7b5d09e7d9f87f795d698 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 17 Jan 2014 20:09:48 +0100 Subject: [PATCH 169/562] dnxhdenc: fix mb_rc size Fixes out of array access with RC_VARIANCE set to 0 Signed-off-by: Michael Niedermayer (cherry picked from commit f1caaa1c61310beba705957e6366f0392a0b005b) Signed-off-by: Michael Niedermayer --- libavcodec/dnxhdenc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/dnxhdenc.c b/libavcodec/dnxhdenc.c index c2fbd5c999..b16c7ed97d 100644 --- a/libavcodec/dnxhdenc.c +++ b/libavcodec/dnxhdenc.c @@ -235,7 +235,7 @@ static av_cold int dnxhd_init_qmat(DNXHDEncContext *ctx, int lbias, int cbias) static av_cold int dnxhd_init_rc(DNXHDEncContext *ctx) { - FF_ALLOCZ_OR_GOTO(ctx->m.avctx, ctx->mb_rc, 8160*ctx->m.avctx->qmax*sizeof(RCEntry), fail); + FF_ALLOCZ_OR_GOTO(ctx->m.avctx, ctx->mb_rc, 8160*(ctx->m.avctx->qmax + 1)*sizeof(RCEntry), fail); if (ctx->m.avctx->mb_decision != FF_MB_DECISION_RD) FF_ALLOCZ_OR_GOTO(ctx->m.avctx, ctx->mb_cmp, ctx->m.mb_num*sizeof(RCCMPEntry), fail); From 94e2673f4e455df61073b0ed4e46545149b5f8ce Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 23 Dec 2013 18:09:58 +0100 Subject: [PATCH 170/562] avformat/ape: free packet on avio_read() failure Fixes memleak Fixes: msan_uninit-mem_7fcc198b365b_8417_sh3.ape Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 459db51271807ba26162db7b67ac1ff444cc0fa9) Signed-off-by: Michael Niedermayer --- libavformat/ape.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavformat/ape.c b/libavformat/ape.c index 613a59d5f8..05013045fb 100644 --- a/libavformat/ape.c +++ b/libavformat/ape.c @@ -411,8 +411,10 @@ static int ape_read_packet(AVFormatContext * s, AVPacket * pkt) AV_WL32(pkt->data , nblocks); AV_WL32(pkt->data + 4, ape->frames[ape->currentframe].skip); ret = avio_read(s->pb, pkt->data + extra_size, ape->frames[ape->currentframe].size); - if (ret < 0) + if (ret < 0) { + av_free_packet(pkt); return ret; + } pkt->pts = ape->frames[ape->currentframe].pts; pkt->stream_index = 0; From d35916f6ea4964410073797d9ef73c1410d12b81 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 27 Dec 2013 11:45:55 +0100 Subject: [PATCH 171/562] avformat/mpegts: check sl.timestamp_len Fixes: msan_uninit-mem_7ff4404547ba_4883_dmbts.ts Fixes assertion failure Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit e630ca5111077fa8adc972fe8a3d7e2b3e8dc91f) Signed-off-by: Michael Niedermayer --- libavformat/mpegts.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavformat/mpegts.c b/libavformat/mpegts.c index fe4ac35878..4c0c14e0bf 100644 --- a/libavformat/mpegts.c +++ b/libavformat/mpegts.c @@ -1222,6 +1222,11 @@ static int parse_MP4SLDescrTag(MP4DescrParseContext *d, int64_t off, int len) descr->sl.timestamp_res = avio_rb32(&d->pb); avio_rb32(&d->pb); descr->sl.timestamp_len = avio_r8(&d->pb); + if (descr->sl.timestamp_len > 64) { + avpriv_request_sample(NULL, "timestamp_len > 64"); + descr->sl.timestamp_len = 64; + return AVERROR_PATCHWELCOME; + } descr->sl.ocr_len = avio_r8(&d->pb); descr->sl.au_len = avio_r8(&d->pb); descr->sl.inst_bitrate_len = avio_r8(&d->pb); From fedbba5ea051a8d3f15907d4ffe10eb24da8b47b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 23 Dec 2013 18:09:58 +0100 Subject: [PATCH 172/562] avformat/rmdec: move packet allocation down Fixes memleak Fixes: msan_uninit-mem_7fc5d73327d4_6192_kuerti.ra Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 165f96cd2d687122748f862a0bc6e9908fe3d5d2) Signed-off-by: Michael Niedermayer --- libavformat/rmdec.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c index baf3f0706c..73c9d0d042 100644 --- a/libavformat/rmdec.c +++ b/libavformat/rmdec.c @@ -257,16 +257,6 @@ static int rm_read_audio_stream_info(AVFormatContext *s, AVIOContext *pb, default: av_strlcpy(st->codec->codec_name, buf, sizeof(st->codec->codec_name)); } - if (ast->deint_id == DEINT_ID_INT4 || - ast->deint_id == DEINT_ID_GENR || - ast->deint_id == DEINT_ID_SIPR) { - if (st->codec->block_align <= 0 || - ast->audio_framesize * sub_packet_h > (unsigned)INT_MAX || - ast->audio_framesize * sub_packet_h < st->codec->block_align) - return AVERROR_INVALIDDATA; - if (av_new_packet(&ast->pkt, ast->audio_framesize * sub_packet_h) < 0) - return AVERROR(ENOMEM); - } switch (ast->deint_id) { case DEINT_ID_INT4: if (ast->coded_framesize > ast->audio_framesize || @@ -288,6 +278,16 @@ static int rm_read_audio_stream_info(AVFormatContext *s, AVIOContext *pb, av_log(s, AV_LOG_ERROR, "Unknown interleaver %X\n", ast->deint_id); return AVERROR_INVALIDDATA; } + if (ast->deint_id == DEINT_ID_INT4 || + ast->deint_id == DEINT_ID_GENR || + ast->deint_id == DEINT_ID_SIPR) { + if (st->codec->block_align <= 0 || + ast->audio_framesize * sub_packet_h > (unsigned)INT_MAX || + ast->audio_framesize * sub_packet_h < st->codec->block_align) + return AVERROR_INVALIDDATA; + if (av_new_packet(&ast->pkt, ast->audio_framesize * sub_packet_h) < 0) + return AVERROR(ENOMEM); + } if (read_all) { avio_r8(pb); From 5f56e495aea44bd43d24e237e898b8a8aa6726e6 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 23 Dec 2013 18:09:58 +0100 Subject: [PATCH 173/562] avcodec/apedec: more checks for k Fixes assertion failure Fixes part of msan_uninit-mem_7fa0d8c8bd58_8417_sh3.ape Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit d5128fce38646d3f64c55feda42084888ba0e87e) Signed-off-by: Michael Niedermayer --- libavcodec/apedec.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c index ea71ea0ef3..325f36d6a6 100644 --- a/libavcodec/apedec.c +++ b/libavcodec/apedec.c @@ -603,10 +603,14 @@ static void decode_array_0000(APEContext *ctx, GetBitContext *gb, rice->ksum += out[i]; } rice->k = av_log2(rice->ksum / 10) + 1; + if (rice->k >= 24) + return; for (; i < 64; i++) { out[i] = get_rice_ook(&ctx->gb, rice->k); rice->ksum += out[i]; rice->k = av_log2(rice->ksum / ((i + 1) * 2)) + 1; + if (rice->k >= 24) + return; } ksummax = 1 << rice->k + 7; ksummin = rice->k ? (1 << rice->k + 6) : 0; From 32262ca7d781cc82126e848cc200cef36afd3f8c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 20 Jan 2014 18:08:18 +0100 Subject: [PATCH 174/562] avcodec/vmnc: Check that rectangles are within the picture Prevents out of array accesses with CODEC_FLAG_EMU_EDGE Signed-off-by: Michael Niedermayer (cherry picked from commit 6ba02602aa7fc7d38db582e75b8b093fb3c1608d) Signed-off-by: Michael Niedermayer --- libavcodec/vmnc.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/vmnc.c b/libavcodec/vmnc.c index 5f91ab1b31..46bd52ee26 100644 --- a/libavcodec/vmnc.c +++ b/libavcodec/vmnc.c @@ -291,6 +291,11 @@ static int decode_hextile(VmncContext *c, uint8_t* dst, GetByteContext *gb, fg = vmnc_get_pixel(gb, bpp, c->bigendian); xy = bytestream2_get_byte(gb); wh = bytestream2_get_byte(gb); + if ( (xy >> 4) + (wh >> 4) + 1 > w - i + || (xy & 0xF) + (wh & 0xF)+1 > h - j) { + av_log(c->avctx, AV_LOG_ERROR, "Rectangle outside picture\n"); + return AVERROR_INVALIDDATA; + } paint_rect(dst2, xy >> 4, xy & 0xF, (wh>>4)+1, (wh & 0xF)+1, fg, bpp, stride); } From a8ed3685e1931fda969e2ee601fa767845138d33 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 20 Jan 2014 18:40:37 +0100 Subject: [PATCH 175/562] avcodec/jpeg2000dec: fix error detection in pix_fmt_match() Fixes out of array accesses with CODEC_FLAG_EMU_EDGE Signed-off-by: Michael Niedermayer (cherry picked from commit 8001e9f7d17e90b4b0898ba64e3b8bbd716c513c) Signed-off-by: Michael Niedermayer --- libavcodec/jpeg2000dec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c index d3e49a19e6..21b19f52f0 100644 --- a/libavcodec/jpeg2000dec.c +++ b/libavcodec/jpeg2000dec.c @@ -344,7 +344,7 @@ static int get_siz(Jpeg2000DecoderContext *s) break; } } - if (s->avctx->pix_fmt == AV_PIX_FMT_NONE) { + if (i == possible_fmts_nb) { av_log(s->avctx, AV_LOG_ERROR, "Unknown pix_fmt, profile: %d, colour_space: %d, " "components: %d, precision: %d, " @@ -354,6 +354,7 @@ static int get_siz(Jpeg2000DecoderContext *s) ncomponents > 2 ? s->cdy[1] : 0, ncomponents > 2 ? s->cdx[2] : 0, ncomponents > 2 ? s->cdy[2] : 0); + return AVERROR_PATCHWELCOME; } s->avctx->bits_per_raw_sample = s->precision; return 0; From c5a2a65e1e923f0bcb39625ac121c5eb643cf93f Mon Sep 17 00:00:00 2001 From: Lukasz Marek Date: Tue, 21 Jan 2014 01:18:15 +0100 Subject: [PATCH 176/562] lavf/libssh: fix seek with whence==SEEK_CUR Signed-off-by: Lukasz Marek (cherry picked from commit e0d124a9209f44a34e812fb26ba581552b55a731) Conflicts: libavformat/libssh.c --- libavformat/libssh.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/libssh.c b/libavformat/libssh.c index 4a9b8674cf..5d5b91ff80 100644 --- a/libavformat/libssh.c +++ b/libavformat/libssh.c @@ -159,7 +159,7 @@ static int64_t libssh_seek(URLContext *h, int64_t pos, int whence) newpos = pos; break; case SEEK_CUR: - newpos = sftp_tell64(s->file); + newpos = sftp_tell64(s->file) + pos; break; case SEEK_END: newpos = s->filesize + pos; From 9ca79d2849896685cf372e0940952b816dc04ea9 Mon Sep 17 00:00:00 2001 From: Alex Sukhanov Date: Mon, 23 Dec 2013 01:41:35 -0800 Subject: [PATCH 177/562] avformat/matroskadec: Fix start_time Signed-off-by: Michael Niedermayer (cherry picked from commit 251c96a70b0d8cc729ded8c09c7b8bfe03f1a138) Fixes ticket #3337. --- libavformat/matroskadec.c | 2 +- tests/ref/fate/vp8-alpha | 240 +++++++++++++++++++------------------- 2 files changed, 121 insertions(+), 121 deletions(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index c5a6ddee96..f2566c950e 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -1834,7 +1834,7 @@ static int matroska_read_header(AVFormatContext *s) avpriv_set_pts_info(st, 64, matroska->time_scale*track->time_scale, 1000*1000*1000); /* 64 bit pts in ns */ st->codec->codec_id = codec_id; - st->start_time = 0; + if (strcmp(track->language, "und")) av_dict_set(&st->metadata, "language", track->language, 0); av_dict_set(&st->metadata, "title", track->name, 0); diff --git a/tests/ref/fate/vp8-alpha b/tests/ref/fate/vp8-alpha index f857a87504..2b89817964 100644 --- a/tests/ref/fate/vp8-alpha +++ b/tests/ref/fate/vp8-alpha @@ -1,121 +1,121 @@ #tb 0: 1/1000 -0, 1, 1, 0, 2108, 0x59b92a34, S=1, 1900, 0x8fb3adc5 -0, 33, 33, 0, 142, 0x2f2a3fed, F=0x0, S=1, 160, 0xa13346af -0, 66, 66, 0, 157, 0x17804767, F=0x0, S=1, 209, 0x64115f15 -0, 100, 100, 0, 206, 0x537262ca, F=0x0, S=1, 317, 0x44a09dd0 -0, 133, 133, 0, 259, 0x73ff74b6, F=0x0, S=1, 384, 0x2ee2c588 -0, 166, 166, 0, 320, 0x0fcf8ce4, F=0x0, S=1, 415, 0xff68c953 -0, 200, 200, 0, 377, 0x8fffb5f5, F=0x0, S=1, 475, 0x4166f3eb -0, 233, 233, 0, 407, 0xe476c19e, F=0x0, S=1, 193, 0x3ff75489 -0, 266, 266, 0, 539, 0x90202334, F=0x0, S=1, 681, 0x776656b0 -0, 300, 300, 0, 560, 0xc6e2168d, F=0x0, S=1, 585, 0xddc81b8a -0, 333, 333, 0, 597, 0x201a32a7, F=0x0, S=1, 574, 0x8baa1d65 -0, 366, 366, 0, 770, 0xab2b8891, F=0x0, S=1, 666, 0xcd8e51eb -0, 400, 400, 0, 708, 0xc2386711, F=0x0, S=1, 706, 0x046b6444 -0, 433, 433, 0, 905, 0x7211c52d, F=0x0, S=1, 814, 0x5e288def -0, 466, 466, 0, 770, 0xda4f8574, F=0x0, S=1, 829, 0xa0e8a949 -0, 500, 500, 0, 955, 0xf9a1d77a, F=0x0, S=1, 857, 0x9b63b955 -0, 533, 533, 0, 970, 0xff4de39a, F=0x0, S=1, 153, 0x3b00416c -0, 566, 566, 0, 978, 0x12bcf81f, F=0x0, S=1, 1181, 0xce175555 -0, 600, 600, 0, 1233, 0x2903744a, F=0x0, S=1, 860, 0x737eb566 -0, 633, 633, 0, 1118, 0x7f274f50, F=0x0, S=1, 933, 0xb669c6b6 -0, 666, 666, 0, 941, 0x6bffd4b1, F=0x0, S=1, 1058, 0x07581cee -0, 700, 700, 0, 1598, 0xc007219f, F=0x0, S=1, 939, 0x2c0bdc45 -0, 733, 733, 0, 1218, 0x25d962b6, F=0x0, S=1, 1090, 0x96482341 -0, 766, 766, 0, 1200, 0x86b85be3, F=0x0, S=1, 189, 0x3f085309 -0, 800, 800, 0, 1329, 0x298a848a, F=0x0, S=1, 1426, 0x6ea3df12 -0, 833, 833, 0, 1500, 0xe437edec, F=0x0, S=1, 1244, 0x32836b8d -0, 866, 866, 0, 1288, 0xc4447dd5, F=0x0, S=1, 1289, 0x06a57b0f -0, 900, 900, 0, 1281, 0xb5bf7e9f, F=0x0, S=1, 1227, 0xd96d5697 -0, 933, 933, 0, 1372, 0x09be9014, F=0x0, S=1, 1556, 0x2630fbff -0, 966, 966, 0, 1238, 0x42ce6316, F=0x0, S=1, 1287, 0x1d3084f6 -0, 1000, 1000, 0, 1655, 0xb94b45c2, F=0x0, S=1, 1494, 0x34dbd1a4 -0, 1033, 1033, 0, 1164, 0xf6b93ad0, F=0x0, S=1, 1337, 0xba6d9673 -0, 1066, 1066, 0, 1084, 0x58c50fb5, F=0x0, S=1, 1384, 0x3fabb82b -0, 1100, 1100, 0, 1151, 0x0b3f3359, F=0x0, S=1, 1353, 0x08e2a1d7 -0, 1133, 1133, 0, 1277, 0xa3ae77e1, F=0x0, S=1, 1409, 0xf65cb9f7 -0, 1166, 1166, 0, 782, 0xdcf671ff, F=0x0, S=1, 1408, 0x01e2ac53 -0, 1200, 1200, 0, 926, 0xe913c286, F=0x0, S=1, 1320, 0x32e38e42 -0, 1233, 1233, 0, 970, 0x3d86e5ae, F=0x0, S=1, 1608, 0x40b52618 -0, 1266, 1266, 0, 1353, 0xe4f197b2, F=0x0, S=1, 1272, 0xf1d272a5 -0, 1300, 1300, 0, 685, 0x629b4ce4, F=0x0, S=1, 1257, 0x14845de9 -0, 1333, 1333, 0, 743, 0x6f1172a3, F=0x0, S=1, 1260, 0xa6c66fda -0, 1366, 1366, 0, 789, 0x94fc84cd, F=0x0, S=1, 1009, 0x7daaf2b0 -0, 1400, 1400, 0, 1460, 0x668adb82, F=0x0, S=1, 944, 0x44b6ccf5 -0, 1433, 1433, 0, 766, 0x49c884ef, F=0x0, S=1, 996, 0x8646e6dd -0, 1466, 1466, 0, 1037, 0x24831498, F=0x0, S=1, 983, 0x14a9e7a6 -0, 1500, 1500, 0, 943, 0x1f53d180, F=0x0, S=1, 1107, 0x02f72acb -0, 1533, 1533, 0, 1152, 0xbf6a35ae, F=0x0, S=1, 1026, 0xd57afda0 -0, 1566, 1566, 0, 730, 0x42806abf, F=0x0, S=1, 1029, 0xfb0402d5 -0, 1600, 1600, 0, 975, 0xa5ffec57, F=0x0, S=1, 1081, 0xe2890cea -0, 1633, 1633, 0, 970, 0xbe8ee224, F=0x0, S=1, 1151, 0x7b0d3b20 -0, 1666, 1666, 0, 1012, 0x20c6f0d8, F=0x0, S=1, 979, 0xc25cd69c -0, 1700, 1700, 0, 874, 0x1a2fb4da, F=0x0, S=1, 943, 0xdb2dc9f8 -0, 1733, 1733, 0, 869, 0xab0caf3d, F=0x0, S=1, 934, 0x48b9bfcc -0, 1766, 1766, 0, 863, 0xd8caa2e5, F=0x0, S=1, 874, 0x0b34b026 -0, 1800, 1800, 0, 1246, 0x47866cdc, F=0x0, S=1, 818, 0x0c908eeb -0, 1833, 1833, 0, 742, 0xa6296ac1, F=0x0, S=1, 921, 0x97b6b053 -0, 1866, 1866, 0, 828, 0x0b568d7a, F=0x0, S=1, 969, 0x3314dbfa -0, 1900, 1900, 0, 825, 0x6d329394, F=0x0, S=1, 982, 0x5f66e68c -0, 1933, 1933, 0, 836, 0x8ace8dfb, F=0x0, S=1, 929, 0x9ffdc2fd -0, 1966, 1966, 0, 1774, 0xd4686726, F=0x0, S=1, 909, 0x11a9c07a -0, 2000, 2000, 0, 1803, 0x08c879ce, F=0x0, S=1, 1525, 0x1e11f02f -0, 2033, 2033, 0, 518, 0x7c32fc72, F=0x0, S=1, 785, 0xfc1f792a -0, 2066, 2066, 0, 790, 0x3dac8aa0, F=0x0, S=1, 876, 0x0918c88d -0, 2100, 2100, 0, 927, 0x4feccb24, F=0x0, S=1, 1059, 0xbcaa05c7 -0, 2133, 2133, 0, 835, 0x29d39266, F=0x0, S=1, 980, 0x4913e409 -0, 2166, 2166, 0, 951, 0xc1dddd12, F=0x0, S=1, 1041, 0x0541047e -0, 2200, 2200, 0, 876, 0x2f6eb89d, F=0x0, S=1, 949, 0x2d56c53b -0, 2233, 2233, 0, 959, 0xf0dedabd, F=0x0, S=1, 1022, 0x8d33f5fa -0, 2266, 2266, 0, 860, 0x9274ab39, F=0x0, S=1, 1061, 0x289c0132 -0, 2300, 2300, 0, 863, 0x7058ba30, F=0x0, S=1, 940, 0x1f32d4a3 -0, 2333, 2333, 0, 1021, 0xcabdf84f, F=0x0, S=1, 887, 0xda8ab95e -0, 2366, 2366, 0, 897, 0x9867c8e8, F=0x0, S=1, 840, 0xd93eaaf5 -0, 2400, 2400, 0, 897, 0x6a16b5db, F=0x0, S=1, 977, 0x7b77dc9b -0, 2433, 2433, 0, 953, 0xe9b4cf1f, F=0x0, S=1, 921, 0x75a8ca45 -0, 2466, 2466, 0, 847, 0x0335ad37, F=0x0, S=1, 1000, 0x2691f3bd -0, 2500, 2500, 0, 902, 0x3360b315, F=0x0, S=1, 1008, 0xd5e1deb6 -0, 2533, 2533, 0, 881, 0xf5309d59, F=0x0, S=1, 1113, 0xdbef3065 -0, 2566, 2566, 0, 974, 0x7c2de3ce, F=0x0, S=1, 1086, 0x365626bb -0, 2600, 2600, 0, 974, 0xf42bd9f5, F=0x0, S=1, 1039, 0xa7e9060d -0, 2633, 2633, 0, 1029, 0x7c33f4d0, F=0x0, S=1, 1041, 0xf4affa59 -0, 2666, 2666, 0, 881, 0x9021a565, F=0x0, S=1, 1039, 0xc1e00521 -0, 2700, 2700, 0, 1157, 0xe1c136f7, F=0x0, S=1, 917, 0x357ac7d3 -0, 2733, 2733, 0, 649, 0xdffb3cb7, F=0x0, S=1, 976, 0xa386e05e -0, 2766, 2766, 0, 758, 0xb67875f3, F=0x0, S=1, 1041, 0xae4e0a63 -0, 2800, 2800, 0, 1105, 0x8ffb1a26, F=0x0, S=1, 962, 0x211ddc5e -0, 2833, 2833, 0, 866, 0xa60eb2d9, F=0x0, S=1, 929, 0xe9e4c84b -0, 2866, 2866, 0, 912, 0xcd34bf9b, F=0x0, S=1, 946, 0xfce9d359 -0, 2900, 2900, 0, 868, 0x5651a343, F=0x0, S=1, 809, 0x624a8ef9 -0, 2933, 2933, 0, 997, 0xfa66eaeb, F=0x0, S=1, 992, 0xc913e5e2 -0, 2966, 2966, 0, 1111, 0x3f272497, F=0x0, S=1, 1007, 0xf78ee6a7 -0, 3000, 3000, 0, 842, 0xe442999f, F=0x0, S=1, 972, 0x25a0d25c -0, 3033, 3033, 0, 1030, 0x6f97ffad, F=0x0, S=1, 993, 0x4059fd6b -0, 3066, 3066, 0, 1176, 0x66e64926, F=0x0, S=1, 951, 0x2762cdf1 -0, 3100, 3100, 0, 803, 0xfd1699cb, F=0x0, S=1, 959, 0x5cf9d56c -0, 3133, 3133, 0, 972, 0x1cdff00e, F=0x0, S=1, 1023, 0xeaf20900 -0, 3166, 3166, 0, 907, 0x17f8acca, F=0x0, S=1, 1054, 0xeb010c4d -0, 3200, 3200, 0, 915, 0x3569b545, F=0x0, S=1, 987, 0x73b2e159 -0, 3233, 3233, 0, 1021, 0x14c5076a, F=0x0, S=1, 1007, 0x6c4bf7f0 -0, 3266, 3266, 0, 837, 0xbf86b0ef, F=0x0, S=1, 963, 0xf472d31a -0, 3300, 3300, 0, 885, 0x1caac123, F=0x0, S=1, 1052, 0x2b7bfd20 -0, 3333, 3333, 0, 1355, 0x299e8d3c, F=0x0, S=1, 858, 0x2bbca3f0 -0, 3366, 3366, 0, 784, 0xb0bd7e9d, F=0x0, S=1, 969, 0xc865dc00 -0, 3400, 3400, 0, 991, 0xbc7ddda9, F=0x0, S=1, 1028, 0x801b00a6 -0, 3433, 3433, 0, 986, 0xb356f6b1, F=0x0, S=1, 1056, 0x8b840add -0, 3466, 3466, 0, 978, 0x94a3e87e, F=0x0, S=1, 1018, 0xe766fa52 -0, 3500, 3500, 0, 976, 0x55ddd14a, F=0x0, S=1, 992, 0x58a9ddfe -0, 3533, 3533, 0, 1241, 0x1ec867f7, F=0x0, S=1, 966, 0xa329e84f -0, 3566, 3566, 0, 975, 0xecf5dbb3, F=0x0, S=1, 899, 0xa7539f4d -0, 3600, 3600, 0, 1129, 0xb7243037, F=0x0, S=1, 1057, 0xbd0d10bd -0, 3633, 3633, 0, 913, 0xe5f1d03d, F=0x0, S=1, 1092, 0xeb9621f8 -0, 3666, 3666, 0, 943, 0x87d0ed78, F=0x0, S=1, 1057, 0x079c1054 -0, 3700, 3700, 0, 917, 0x536cc3fd, F=0x0, S=1, 946, 0xd2b9d0e2 -0, 3733, 3733, 0, 892, 0x4dffb1e2, F=0x0, S=1, 930, 0x70c9cc40 -0, 3766, 3766, 0, 957, 0x1a98e71c, F=0x0, S=1, 719, 0x6fec614a -0, 3800, 3800, 0, 893, 0xf405b2c3, F=0x0, S=1, 821, 0x63529cab -0, 3833, 3833, 0, 978, 0xa0a8d5f6, F=0x0, S=1, 745, 0x3c616219 -0, 3866, 3866, 0, 887, 0xfa7cb65d, F=0x0, S=1, 768, 0xb8f07885 -0, 3900, 3900, 0, 867, 0xd808ade7, F=0x0, S=1, 783, 0xf82b6b9a -0, 3933, 3933, 0, 1068, 0x6f8b135a, F=0x0, S=1, 807, 0x52028d50 -0, 3966, 3966, 0, 2010, 0x536fe0b6, F=0x0, S=1, 1512, 0x690aeb55 +0, 0, 0, 0, 2108, 0x59b92a34, S=1, 1900, 0x8fb3adc5 +0, 32, 32, 0, 142, 0x2f2a3fed, F=0x0, S=1, 160, 0xa13346af +0, 65, 65, 0, 157, 0x17804767, F=0x0, S=1, 209, 0x64115f15 +0, 99, 99, 0, 206, 0x537262ca, F=0x0, S=1, 317, 0x44a09dd0 +0, 132, 132, 0, 259, 0x73ff74b6, F=0x0, S=1, 384, 0x2ee2c588 +0, 165, 165, 0, 320, 0x0fcf8ce4, F=0x0, S=1, 415, 0xff68c953 +0, 199, 199, 0, 377, 0x8fffb5f5, F=0x0, S=1, 475, 0x4166f3eb +0, 232, 232, 0, 407, 0xe476c19e, F=0x0, S=1, 193, 0x3ff75489 +0, 265, 265, 0, 539, 0x90202334, F=0x0, S=1, 681, 0x776656b0 +0, 299, 299, 0, 560, 0xc6e2168d, F=0x0, S=1, 585, 0xddc81b8a +0, 332, 332, 0, 597, 0x201a32a7, F=0x0, S=1, 574, 0x8baa1d65 +0, 365, 365, 0, 770, 0xab2b8891, F=0x0, S=1, 666, 0xcd8e51eb +0, 399, 399, 0, 708, 0xc2386711, F=0x0, S=1, 706, 0x046b6444 +0, 432, 432, 0, 905, 0x7211c52d, F=0x0, S=1, 814, 0x5e288def +0, 465, 465, 0, 770, 0xda4f8574, F=0x0, S=1, 829, 0xa0e8a949 +0, 499, 499, 0, 955, 0xf9a1d77a, F=0x0, S=1, 857, 0x9b63b955 +0, 532, 532, 0, 970, 0xff4de39a, F=0x0, S=1, 153, 0x3b00416c +0, 565, 565, 0, 978, 0x12bcf81f, F=0x0, S=1, 1181, 0xce175555 +0, 599, 599, 0, 1233, 0x2903744a, F=0x0, S=1, 860, 0x737eb566 +0, 632, 632, 0, 1118, 0x7f274f50, F=0x0, S=1, 933, 0xb669c6b6 +0, 665, 665, 0, 941, 0x6bffd4b1, F=0x0, S=1, 1058, 0x07581cee +0, 699, 699, 0, 1598, 0xc007219f, F=0x0, S=1, 939, 0x2c0bdc45 +0, 732, 732, 0, 1218, 0x25d962b6, F=0x0, S=1, 1090, 0x96482341 +0, 765, 765, 0, 1200, 0x86b85be3, F=0x0, S=1, 189, 0x3f085309 +0, 799, 799, 0, 1329, 0x298a848a, F=0x0, S=1, 1426, 0x6ea3df12 +0, 832, 832, 0, 1500, 0xe437edec, F=0x0, S=1, 1244, 0x32836b8d +0, 865, 865, 0, 1288, 0xc4447dd5, F=0x0, S=1, 1289, 0x06a57b0f +0, 899, 899, 0, 1281, 0xb5bf7e9f, F=0x0, S=1, 1227, 0xd96d5697 +0, 932, 932, 0, 1372, 0x09be9014, F=0x0, S=1, 1556, 0x2630fbff +0, 965, 965, 0, 1238, 0x42ce6316, F=0x0, S=1, 1287, 0x1d3084f6 +0, 999, 999, 0, 1655, 0xb94b45c2, F=0x0, S=1, 1494, 0x34dbd1a4 +0, 1032, 1032, 0, 1164, 0xf6b93ad0, F=0x0, S=1, 1337, 0xba6d9673 +0, 1065, 1065, 0, 1084, 0x58c50fb5, F=0x0, S=1, 1384, 0x3fabb82b +0, 1099, 1099, 0, 1151, 0x0b3f3359, F=0x0, S=1, 1353, 0x08e2a1d7 +0, 1132, 1132, 0, 1277, 0xa3ae77e1, F=0x0, S=1, 1409, 0xf65cb9f7 +0, 1165, 1165, 0, 782, 0xdcf671ff, F=0x0, S=1, 1408, 0x01e2ac53 +0, 1199, 1199, 0, 926, 0xe913c286, F=0x0, S=1, 1320, 0x32e38e42 +0, 1232, 1232, 0, 970, 0x3d86e5ae, F=0x0, S=1, 1608, 0x40b52618 +0, 1265, 1265, 0, 1353, 0xe4f197b2, F=0x0, S=1, 1272, 0xf1d272a5 +0, 1299, 1299, 0, 685, 0x629b4ce4, F=0x0, S=1, 1257, 0x14845de9 +0, 1332, 1332, 0, 743, 0x6f1172a3, F=0x0, S=1, 1260, 0xa6c66fda +0, 1365, 1365, 0, 789, 0x94fc84cd, F=0x0, S=1, 1009, 0x7daaf2b0 +0, 1399, 1399, 0, 1460, 0x668adb82, F=0x0, S=1, 944, 0x44b6ccf5 +0, 1432, 1432, 0, 766, 0x49c884ef, F=0x0, S=1, 996, 0x8646e6dd +0, 1465, 1465, 0, 1037, 0x24831498, F=0x0, S=1, 983, 0x14a9e7a6 +0, 1499, 1499, 0, 943, 0x1f53d180, F=0x0, S=1, 1107, 0x02f72acb +0, 1532, 1532, 0, 1152, 0xbf6a35ae, F=0x0, S=1, 1026, 0xd57afda0 +0, 1565, 1565, 0, 730, 0x42806abf, F=0x0, S=1, 1029, 0xfb0402d5 +0, 1599, 1599, 0, 975, 0xa5ffec57, F=0x0, S=1, 1081, 0xe2890cea +0, 1632, 1632, 0, 970, 0xbe8ee224, F=0x0, S=1, 1151, 0x7b0d3b20 +0, 1665, 1665, 0, 1012, 0x20c6f0d8, F=0x0, S=1, 979, 0xc25cd69c +0, 1699, 1699, 0, 874, 0x1a2fb4da, F=0x0, S=1, 943, 0xdb2dc9f8 +0, 1732, 1732, 0, 869, 0xab0caf3d, F=0x0, S=1, 934, 0x48b9bfcc +0, 1765, 1765, 0, 863, 0xd8caa2e5, F=0x0, S=1, 874, 0x0b34b026 +0, 1799, 1799, 0, 1246, 0x47866cdc, F=0x0, S=1, 818, 0x0c908eeb +0, 1832, 1832, 0, 742, 0xa6296ac1, F=0x0, S=1, 921, 0x97b6b053 +0, 1865, 1865, 0, 828, 0x0b568d7a, F=0x0, S=1, 969, 0x3314dbfa +0, 1899, 1899, 0, 825, 0x6d329394, F=0x0, S=1, 982, 0x5f66e68c +0, 1932, 1932, 0, 836, 0x8ace8dfb, F=0x0, S=1, 929, 0x9ffdc2fd +0, 1965, 1965, 0, 1774, 0xd4686726, F=0x0, S=1, 909, 0x11a9c07a +0, 1999, 1999, 0, 1803, 0x08c879ce, F=0x0, S=1, 1525, 0x1e11f02f +0, 2032, 2032, 0, 518, 0x7c32fc72, F=0x0, S=1, 785, 0xfc1f792a +0, 2065, 2065, 0, 790, 0x3dac8aa0, F=0x0, S=1, 876, 0x0918c88d +0, 2099, 2099, 0, 927, 0x4feccb24, F=0x0, S=1, 1059, 0xbcaa05c7 +0, 2132, 2132, 0, 835, 0x29d39266, F=0x0, S=1, 980, 0x4913e409 +0, 2165, 2165, 0, 951, 0xc1dddd12, F=0x0, S=1, 1041, 0x0541047e +0, 2199, 2199, 0, 876, 0x2f6eb89d, F=0x0, S=1, 949, 0x2d56c53b +0, 2232, 2232, 0, 959, 0xf0dedabd, F=0x0, S=1, 1022, 0x8d33f5fa +0, 2265, 2265, 0, 860, 0x9274ab39, F=0x0, S=1, 1061, 0x289c0132 +0, 2299, 2299, 0, 863, 0x7058ba30, F=0x0, S=1, 940, 0x1f32d4a3 +0, 2332, 2332, 0, 1021, 0xcabdf84f, F=0x0, S=1, 887, 0xda8ab95e +0, 2365, 2365, 0, 897, 0x9867c8e8, F=0x0, S=1, 840, 0xd93eaaf5 +0, 2399, 2399, 0, 897, 0x6a16b5db, F=0x0, S=1, 977, 0x7b77dc9b +0, 2432, 2432, 0, 953, 0xe9b4cf1f, F=0x0, S=1, 921, 0x75a8ca45 +0, 2465, 2465, 0, 847, 0x0335ad37, F=0x0, S=1, 1000, 0x2691f3bd +0, 2499, 2499, 0, 902, 0x3360b315, F=0x0, S=1, 1008, 0xd5e1deb6 +0, 2532, 2532, 0, 881, 0xf5309d59, F=0x0, S=1, 1113, 0xdbef3065 +0, 2565, 2565, 0, 974, 0x7c2de3ce, F=0x0, S=1, 1086, 0x365626bb +0, 2599, 2599, 0, 974, 0xf42bd9f5, F=0x0, S=1, 1039, 0xa7e9060d +0, 2632, 2632, 0, 1029, 0x7c33f4d0, F=0x0, S=1, 1041, 0xf4affa59 +0, 2665, 2665, 0, 881, 0x9021a565, F=0x0, S=1, 1039, 0xc1e00521 +0, 2699, 2699, 0, 1157, 0xe1c136f7, F=0x0, S=1, 917, 0x357ac7d3 +0, 2732, 2732, 0, 649, 0xdffb3cb7, F=0x0, S=1, 976, 0xa386e05e +0, 2765, 2765, 0, 758, 0xb67875f3, F=0x0, S=1, 1041, 0xae4e0a63 +0, 2799, 2799, 0, 1105, 0x8ffb1a26, F=0x0, S=1, 962, 0x211ddc5e +0, 2832, 2832, 0, 866, 0xa60eb2d9, F=0x0, S=1, 929, 0xe9e4c84b +0, 2865, 2865, 0, 912, 0xcd34bf9b, F=0x0, S=1, 946, 0xfce9d359 +0, 2899, 2899, 0, 868, 0x5651a343, F=0x0, S=1, 809, 0x624a8ef9 +0, 2932, 2932, 0, 997, 0xfa66eaeb, F=0x0, S=1, 992, 0xc913e5e2 +0, 2965, 2965, 0, 1111, 0x3f272497, F=0x0, S=1, 1007, 0xf78ee6a7 +0, 2999, 2999, 0, 842, 0xe442999f, F=0x0, S=1, 972, 0x25a0d25c +0, 3032, 3032, 0, 1030, 0x6f97ffad, F=0x0, S=1, 993, 0x4059fd6b +0, 3065, 3065, 0, 1176, 0x66e64926, F=0x0, S=1, 951, 0x2762cdf1 +0, 3099, 3099, 0, 803, 0xfd1699cb, F=0x0, S=1, 959, 0x5cf9d56c +0, 3132, 3132, 0, 972, 0x1cdff00e, F=0x0, S=1, 1023, 0xeaf20900 +0, 3165, 3165, 0, 907, 0x17f8acca, F=0x0, S=1, 1054, 0xeb010c4d +0, 3199, 3199, 0, 915, 0x3569b545, F=0x0, S=1, 987, 0x73b2e159 +0, 3232, 3232, 0, 1021, 0x14c5076a, F=0x0, S=1, 1007, 0x6c4bf7f0 +0, 3265, 3265, 0, 837, 0xbf86b0ef, F=0x0, S=1, 963, 0xf472d31a +0, 3299, 3299, 0, 885, 0x1caac123, F=0x0, S=1, 1052, 0x2b7bfd20 +0, 3332, 3332, 0, 1355, 0x299e8d3c, F=0x0, S=1, 858, 0x2bbca3f0 +0, 3365, 3365, 0, 784, 0xb0bd7e9d, F=0x0, S=1, 969, 0xc865dc00 +0, 3399, 3399, 0, 991, 0xbc7ddda9, F=0x0, S=1, 1028, 0x801b00a6 +0, 3432, 3432, 0, 986, 0xb356f6b1, F=0x0, S=1, 1056, 0x8b840add +0, 3465, 3465, 0, 978, 0x94a3e87e, F=0x0, S=1, 1018, 0xe766fa52 +0, 3499, 3499, 0, 976, 0x55ddd14a, F=0x0, S=1, 992, 0x58a9ddfe +0, 3532, 3532, 0, 1241, 0x1ec867f7, F=0x0, S=1, 966, 0xa329e84f +0, 3565, 3565, 0, 975, 0xecf5dbb3, F=0x0, S=1, 899, 0xa7539f4d +0, 3599, 3599, 0, 1129, 0xb7243037, F=0x0, S=1, 1057, 0xbd0d10bd +0, 3632, 3632, 0, 913, 0xe5f1d03d, F=0x0, S=1, 1092, 0xeb9621f8 +0, 3665, 3665, 0, 943, 0x87d0ed78, F=0x0, S=1, 1057, 0x079c1054 +0, 3699, 3699, 0, 917, 0x536cc3fd, F=0x0, S=1, 946, 0xd2b9d0e2 +0, 3732, 3732, 0, 892, 0x4dffb1e2, F=0x0, S=1, 930, 0x70c9cc40 +0, 3765, 3765, 0, 957, 0x1a98e71c, F=0x0, S=1, 719, 0x6fec614a +0, 3799, 3799, 0, 893, 0xf405b2c3, F=0x0, S=1, 821, 0x63529cab +0, 3832, 3832, 0, 978, 0xa0a8d5f6, F=0x0, S=1, 745, 0x3c616219 +0, 3865, 3865, 0, 887, 0xfa7cb65d, F=0x0, S=1, 768, 0xb8f07885 +0, 3899, 3899, 0, 867, 0xd808ade7, F=0x0, S=1, 783, 0xf82b6b9a +0, 3932, 3932, 0, 1068, 0x6f8b135a, F=0x0, S=1, 807, 0x52028d50 +0, 3965, 3965, 0, 2010, 0x536fe0b6, F=0x0, S=1, 1512, 0x690aeb55 From d0e0329e9d3d2a330dfe9e66d2b30aa6e36db5d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Storsj=C3=B6?= Date: Thu, 23 Jan 2014 14:07:46 +0200 Subject: [PATCH 178/562] rtpdec_asf: Copy the need_parsing field from the chained demuxer MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This fixes playback of mp3 streams in rtp/asf. This used to work until 950482bf, but mostly by coincidence. Signed-off-by: Martin Storsjö (cherry picked from commit 2aec9e228cb317cca8cda9e03986c8482ea54404) Fixes ticket #3223 --- libavformat/rtpdec_asf.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/rtpdec_asf.c b/libavformat/rtpdec_asf.c index 123894f275..541b86fe41 100644 --- a/libavformat/rtpdec_asf.c +++ b/libavformat/rtpdec_asf.c @@ -144,6 +144,8 @@ static int asfrtp_parse_sdp_line(AVFormatContext *s, int stream_index, if (s->streams[stream_index]->id == rt->asf_ctx->streams[i]->id) { *s->streams[stream_index]->codec = *rt->asf_ctx->streams[i]->codec; + s->streams[stream_index]->need_parsing = + rt->asf_ctx->streams[i]->need_parsing; rt->asf_ctx->streams[i]->codec->extradata_size = 0; rt->asf_ctx->streams[i]->codec->extradata = NULL; avpriv_set_pts_info(s->streams[stream_index], 32, 1, 1000); From ac38860ec959bff3189364b4c6773851f389a3b6 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Mon, 18 Nov 2013 17:48:17 +0100 Subject: [PATCH 179/562] Add decoder dependency to the HEVC parser. Fixes compilation with --disable-everything --enable-parser=hevc (cherry picked from commit d4a6133ab8ca1538d1d01fc187284fc99c6f6c90) --- configure | 1 + 1 file changed, 1 insertion(+) diff --git a/configure b/configure index f831999184..9390d48f6c 100755 --- a/configure +++ b/configure @@ -2036,6 +2036,7 @@ wmv3_vdpau_hwaccel_select="vc1_vdpau_hwaccel" # parsers h264_parser_select="golomb h264chroma h264dsp h264pred h264qpel videodsp" +hevc_parser_select="hevc_decoder" mpeg4video_parser_select="error_resilience mpegvideo" mpegvideo_parser_select="error_resilience mpegvideo" vc1_parser_select="mpegvideo" From 8c6a976feeea8ee0ccdb31fbddb0d9c98b44ae0d Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 31 Jan 2014 19:16:02 +0100 Subject: [PATCH 180/562] avcodec/takdec: always check bits_per_raw_sample Fixes out of array access Fixes: asan_heap-oob_19c7a94_6470_cov_1453611734_luckynight-partial.tak Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit f58eab151214d2d35ff0973f2b3e51c5eb372da4) Signed-off-by: Michael Niedermayer --- libavcodec/takdec.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/libavcodec/takdec.c b/libavcodec/takdec.c index 77de4c095f..b3a7e3a5f3 100644 --- a/libavcodec/takdec.c +++ b/libavcodec/takdec.c @@ -720,11 +720,9 @@ static int tak_decode_frame(AVCodecContext *avctx, void *data, return AVERROR_INVALIDDATA; } - if (s->ti.bps != avctx->bits_per_raw_sample) { - avctx->bits_per_raw_sample = s->ti.bps; - if ((ret = set_bps_params(avctx)) < 0) - return ret; - } + avctx->bits_per_raw_sample = s->ti.bps; + if ((ret = set_bps_params(avctx)) < 0) + return ret; if (s->ti.sample_rate != avctx->sample_rate) { avctx->sample_rate = s->ti.sample_rate; set_sample_rate_params(avctx); From 325feb8e0d5141025548c20aebcbeb92dc2b3a07 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 1 Feb 2014 19:04:37 +0100 Subject: [PATCH 181/562] avcodec/vc1: reset fcm/field_mode in non advanced header parsing Fixes NULL pointer dereference Fixes: signal_sigsegv_1ab8bf4_2847_cov_4254117347_SA10091.vc1 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit b51e9354772de446e8196dabf9aad1567b22f74d) Signed-off-by: Michael Niedermayer --- libavcodec/vc1.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/vc1.c b/libavcodec/vc1.c index 2b872476df..e4e25a8d53 100644 --- a/libavcodec/vc1.c +++ b/libavcodec/vc1.c @@ -631,6 +631,8 @@ int ff_vc1_parse_frame_header(VC1Context *v, GetBitContext* gb) { int pqindex, lowquant, status; + v->field_mode = 0; + v->fcm = 0; if (v->finterpflag) v->interpfrm = get_bits1(gb); if (!v->s.avctx->codec) From a644272a4a954ce99d03cfb5102fbc991b14bd55 Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Thu, 30 Jan 2014 14:08:38 -0500 Subject: [PATCH 182/562] samplefmt: avoid integer overflow in av_samples_get_buffer_size() CC:libav-stable@libav.org (cherry picked from commit 0e830094ad0dc251613a0aa3234d9c5c397e02e6) Signed-off-by: Michael Niedermayer --- libavutil/samplefmt.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavutil/samplefmt.c b/libavutil/samplefmt.c index 08ecc83467..a1986980f0 100644 --- a/libavutil/samplefmt.c +++ b/libavutil/samplefmt.c @@ -135,6 +135,8 @@ int av_samples_get_buffer_size(int *linesize, int nb_channels, int nb_samples, /* auto-select alignment if not specified */ if (!align) { + if (nb_samples > INT_MAX - 31) + return AVERROR(EINVAL); align = 1; nb_samples = FFALIGN(nb_samples, 32); } From f91ef98c9d740d6c1410d5cf206bda80c2416808 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 7 Feb 2014 15:07:23 +0100 Subject: [PATCH 183/562] avcodec/wmalosslessdec: fix mclms_coeffs* array size Fixes corruption of context Fixes: 8835659dde6a4f7dcdf341de6a45c6c8-signal_sigsegv_1dce67b_4564_cov_2504444599_classical_22_16_1_14000_v3c_0_extend_0_29.wma Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit ec9578d54d09b64bf112c2bf7a34b1ef3b93dbd3) Signed-off-by: Michael Niedermayer --- libavcodec/wmalosslessdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/wmalosslessdec.c b/libavcodec/wmalosslessdec.c index 86ca588936..29982bc01b 100644 --- a/libavcodec/wmalosslessdec.c +++ b/libavcodec/wmalosslessdec.c @@ -127,8 +127,8 @@ typedef struct WmallDecodeCtx { int8_t mclms_order; int8_t mclms_scaling; - int16_t mclms_coeffs[128]; - int16_t mclms_coeffs_cur[4]; + int16_t mclms_coeffs[WMALL_MAX_CHANNELS * WMALL_MAX_CHANNELS * 32]; + int16_t mclms_coeffs_cur[WMALL_MAX_CHANNELS * WMALL_MAX_CHANNELS]; int16_t mclms_prevvalues[WMALL_MAX_CHANNELS * 2 * 32]; int16_t mclms_updates[WMALL_MAX_CHANNELS * 2 * 32]; int mclms_recent; From 4a28a3ddc4eb7322409f062f422c676f93d95ac1 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 13 Feb 2014 13:59:51 +0100 Subject: [PATCH 184/562] avformat/mpegtsenc: Check data array size in mpegts_write_pmt() Prevents out of array writes Signed-off-by: Michael Niedermayer (cherry picked from commit 842b6c14bcfc1c5da1a2d288fd65386eb8c158ad) Conflicts: libavformat/mpegtsenc.c --- libavformat/mpegtsenc.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/libavformat/mpegtsenc.c b/libavformat/mpegtsenc.c index 1d51b97bdf..8045db5675 100644 --- a/libavformat/mpegtsenc.c +++ b/libavformat/mpegtsenc.c @@ -259,7 +259,7 @@ static void mpegts_write_pat(AVFormatContext *s) data, q - data); } -static void mpegts_write_pmt(AVFormatContext *s, MpegTSService *service) +static int mpegts_write_pmt(AVFormatContext *s, MpegTSService *service) { MpegTSWrite *ts = s->priv_data; uint8_t data[1012], *q, *desc_length_ptr, *program_info_length_ptr; @@ -315,6 +315,10 @@ static void mpegts_write_pmt(AVFormatContext *s, MpegTSService *service) stream_type = STREAM_TYPE_PRIVATE_DATA; break; } + + if (q - data > sizeof(data) - 32) + return AVERROR(EINVAL); + *q++ = stream_type; put16(&q, 0xe000 | ts_st->pid); desc_length_ptr = q; @@ -346,7 +350,7 @@ static void mpegts_write_pmt(AVFormatContext *s, MpegTSService *service) len_ptr = q++; *len_ptr = 0; - for (p = lang->value; next && *len_ptr < 255 / 4 * 4; p = next + 1) { + for (p = lang->value; next && *len_ptr < 255 / 4 * 4 && q - data < sizeof(data) - 4; p = next + 1) { next = strchr(p, ','); if (strlen(p) != 3 && (!next || next != p + 3)) continue; /* not a 3-letter code */ @@ -418,6 +422,7 @@ static void mpegts_write_pmt(AVFormatContext *s, MpegTSService *service) } mpegts_write_section1(&service->pmt, PMT_TID, service->sid, ts->tables_version, 0, 0, data, q - data); + return 0; } /* NOTE: str == NULL is accepted for an empty string */ From 656770e2aacf44df2be01ee7fd60b035fd42c675 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 15 Feb 2014 23:26:19 +0100 Subject: [PATCH 185/562] avcodec/hevc: make *ps_id unsigned Fixes integer overflow Fixes out of array accesses Fixes 2f65e7dbd02a12f426a423bd7bf880b4-signal_sigsegv_127c952_2793_cov_2517424539_RPLM_A_qualcomm_4.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit d1e6602665d5ec1b7e211ab27b298c26139f82cc) Signed-off-by: Michael Niedermayer --- libavcodec/hevc.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/hevc.h b/libavcodec/hevc.h index 90953ad59a..0d4f3e6373 100644 --- a/libavcodec/hevc.h +++ b/libavcodec/hevc.h @@ -373,7 +373,7 @@ typedef struct ScalingList { } ScalingList; typedef struct HEVCSPS { - int vps_id; + unsigned vps_id; int chroma_format_idc; uint8_t separate_colour_plane_flag; @@ -454,7 +454,7 @@ typedef struct HEVCSPS { } HEVCSPS; typedef struct HEVCPPS { - int sps_id; ///< seq_parameter_set_id + unsigned sps_id; ///< seq_parameter_set_id uint8_t sign_data_hiding_flag; From f8985cb9d995cb44f7ca957cdbd9b4d8654c9218 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 16 Feb 2014 01:28:26 +0100 Subject: [PATCH 186/562] avcodec/utils: set AVFrame format unconditional Fixes inconsistency and out of array accesses Fixes: 10cdd7e63e7f66e3e66273939e0863dd-asan_heap-oob_1a4ff32_7078_cov_4056274555_mov_h264_aac__mp4box_frag.mp4 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit e5c7229999182ad1cef13b9eca050dba7a5a08da) Conflicts: libavcodec/utils.c --- libavcodec/utils.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index 25bb24580f..9cef9b7f99 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -733,8 +733,7 @@ int ff_init_buffer_info(AVCodecContext *avctx, AVFrame *frame) case AVMEDIA_TYPE_VIDEO: frame->width = FFMAX(avctx->width, FF_CEIL_RSHIFT(avctx->coded_width, avctx->lowres)); frame->height = FFMAX(avctx->height, FF_CEIL_RSHIFT(avctx->coded_height, avctx->lowres)); - if (frame->format < 0) - frame->format = avctx->pix_fmt; + frame->format = avctx->pix_fmt; if (!frame->sample_aspect_ratio.num) frame->sample_aspect_ratio = avctx->sample_aspect_ratio; if (av_frame_get_colorspace(frame) == AVCOL_SPC_UNSPECIFIED) From 4cc18ee5da110087b5661ef0269ef59742e90a82 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 16 Feb 2014 23:08:52 +0100 Subject: [PATCH 187/562] avcodec/msrle: use av_image_get_linesize() to calculate the linesize Fixes out of array access Fixes: 14a74a0a2dc67ede543f0e35d834fbbe-asan_heap-oob_49572c_556_cov_215466444_44_001_engine_room.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit c919e1ca2ecfc47d796382973ba0e48b8f6f92a2) Signed-off-by: Michael Niedermayer --- libavcodec/msrle.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/msrle.c b/libavcodec/msrle.c index 2836fec2fd..750e54ae99 100644 --- a/libavcodec/msrle.c +++ b/libavcodec/msrle.c @@ -35,6 +35,7 @@ #include "avcodec.h" #include "internal.h" #include "msrledec.h" +#include "libavutil/imgutils.h" typedef struct MsrleContext { AVCodecContext *avctx; @@ -110,7 +111,7 @@ static int msrle_decode_frame(AVCodecContext *avctx, /* FIXME how to correctly detect RLE ??? */ if (avctx->height * istride == avpkt->size) { /* assume uncompressed */ - int linesize = (avctx->width * avctx->bits_per_coded_sample + 7) / 8; + int linesize = av_image_get_linesize(avctx->pix_fmt, avctx->width, 0); uint8_t *ptr = s->frame->data[0]; uint8_t *buf = avpkt->data + (avctx->height-1)*istride; int i, j; From 18eac12c6d470588afd8abc15396ba77dfdcb4ee Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 17 Feb 2014 20:49:42 +0100 Subject: [PATCH 188/562] avcodec/ansi: fix integer overflow Fixes out of array read Fixes: 5f9698e86d92f19bb08d54ff0d57027f-signal_sigsegv_b30756_3795_cov_2693691257_ansi256.ans Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit d42ec8433c687fcbccefa51a7716d81920218e4f) Signed-off-by: Michael Niedermayer --- libavcodec/ansi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/ansi.c b/libavcodec/ansi.c index 8dce61a8c6..8e2b61d912 100644 --- a/libavcodec/ansi.c +++ b/libavcodec/ansi.c @@ -417,7 +417,7 @@ static int decode_frame(AVCodecContext *avctx, switch(buf[0]) { case '0': case '1': case '2': case '3': case '4': case '5': case '6': case '7': case '8': case '9': - if (s->nb_args < MAX_NB_ARGS) + if (s->nb_args < MAX_NB_ARGS && s->args[s->nb_args] < 6553) s->args[s->nb_args] = FFMAX(s->args[s->nb_args], 0) * 10 + buf[0] - '0'; break; case ';': From a94f367424051567995829d5e4a6a04977e2ecad Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 18 Feb 2014 02:53:14 +0100 Subject: [PATCH 189/562] avcodec/snow: split block clipping checks Fixes out of array read Fixes: d4476f68ca1c1c57afbc45806f581963-asan_heap-oob_2266b27_8607_cov_4044577381_snow_chroma_bug.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 61d59703c91869f4e5cdacd8d6be52f8b89d4ba4) Signed-off-by: Michael Niedermayer --- libavcodec/snow.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libavcodec/snow.h b/libavcodec/snow.h index 1222a776de..60b00623a0 100644 --- a/libavcodec/snow.h +++ b/libavcodec/snow.h @@ -318,7 +318,8 @@ static av_always_inline void add_yblock(SnowContext *s, int sliced, slice_buffer if(!sliced && !offset_dst) dst -= src_x; src_x=0; - }else if(src_x + b_w > w){ + } + if(src_x + b_w > w){ b_w = w - src_x; } if(src_y<0){ @@ -327,7 +328,8 @@ static av_always_inline void add_yblock(SnowContext *s, int sliced, slice_buffer if(!sliced && !offset_dst) dst -= src_y*dst_stride; src_y=0; - }else if(src_y + b_h> h){ + } + if(src_y + b_h> h){ b_h = h - src_y; } From c9b961748f79f875360d5519963d08f7972bb935 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 31 Jan 2014 17:21:32 +0100 Subject: [PATCH 190/562] avformat/flac_picture: allocate buffer padding for picture Fixes: heap array overread Fixes: asan_heap-oob_14876d9_4706_cov_815472558_cover_art.flac Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit fff2953163ff466d5391b2f862bd2216fbe728b2) Signed-off-by: Michael Niedermayer --- libavformat/flac_picture.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/flac_picture.c b/libavformat/flac_picture.c index 12d73e488f..a58b3055c8 100644 --- a/libavformat/flac_picture.c +++ b/libavformat/flac_picture.c @@ -107,7 +107,7 @@ int ff_flac_parse_picture(AVFormatContext *s, uint8_t *buf, int buf_size) ret = AVERROR_INVALIDDATA; goto fail; } - if (!(data = av_buffer_alloc(len))) { + if (!(data = av_buffer_alloc(len + FF_INPUT_BUFFER_PADDING_SIZE))) { RETURN_ERROR(AVERROR(ENOMEM)); } if (avio_read(pb, data->data, len) != len) { From e266fcf0834a76c747483df408b23d5b9bb991e0 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 31 Jan 2014 17:31:21 +0100 Subject: [PATCH 191/562] avformat/flac_picture: clear padding area aviod use of uninitialized memory Fixes: asan_heap-oob_1487fa4_4706_cov_364534849_cover_art.flac Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 13aa82bbbb71c04bdcecf1341be4a23aee271bec) Signed-off-by: Michael Niedermayer --- libavformat/flac_picture.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavformat/flac_picture.c b/libavformat/flac_picture.c index a58b3055c8..5f2026d1d0 100644 --- a/libavformat/flac_picture.c +++ b/libavformat/flac_picture.c @@ -110,6 +110,7 @@ int ff_flac_parse_picture(AVFormatContext *s, uint8_t *buf, int buf_size) if (!(data = av_buffer_alloc(len + FF_INPUT_BUFFER_PADDING_SIZE))) { RETURN_ERROR(AVERROR(ENOMEM)); } + memset(data->data + len, 0, FF_INPUT_BUFFER_PADDING_SIZE); if (avio_read(pb, data->data, len) != len) { av_log(s, AV_LOG_ERROR, "Error reading attached picture data.\n"); if (s->error_recognition & AV_EF_EXPLODE) From f22e88c17772b253ad08de15e8beb922791d488e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 31 Jan 2014 17:57:17 +0100 Subject: [PATCH 192/562] avcodec/mjpegdec: pass into ff_mjpeg_decode_sos() and check bitmask size Fixes: heap array overread Fixes: asan_heap-oob_149b2bc_6577_m1.mxg Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 2884688bd51a808ccda3c0e13367619cd79e0579) Signed-off-by: Michael Niedermayer --- libavcodec/mjpegbdec.c | 2 +- libavcodec/mjpegdec.c | 14 ++++++++++---- libavcodec/mjpegdec.h | 3 ++- libavcodec/mxpegdec.c | 4 ++-- 4 files changed, 15 insertions(+), 8 deletions(-) diff --git a/libavcodec/mjpegbdec.c b/libavcodec/mjpegbdec.c index f061f0bc26..61640952ff 100644 --- a/libavcodec/mjpegbdec.c +++ b/libavcodec/mjpegbdec.c @@ -119,7 +119,7 @@ read_header: 8 * FFMIN(field_size, buf_end - buf_ptr - sos_offs)); s->mjpb_skiptosod = (sod_offs - sos_offs - show_bits(&s->gb, 16)); s->start_code = SOS; - if (ff_mjpeg_decode_sos(s, NULL, NULL) < 0 && + if (ff_mjpeg_decode_sos(s, NULL, 0, NULL) < 0 && (avctx->err_recognition & AV_EF_EXPLODE)) return AVERROR_INVALIDDATA; } diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index c434de9dbe..bafdf3a691 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -1092,6 +1092,7 @@ static void shift_output(MJpegDecodeContext *s, uint8_t *ptr, int linesize) static int mjpeg_decode_scan(MJpegDecodeContext *s, int nb_components, int Ah, int Al, const uint8_t *mb_bitmask, + int mb_bitmask_size, const AVFrame *reference) { int i, mb_x, mb_y; @@ -1101,8 +1102,13 @@ static int mjpeg_decode_scan(MJpegDecodeContext *s, int nb_components, int Ah, GetBitContext mb_bitmask_gb; int bytes_per_pixel = 1 + (s->bits > 8); - if (mb_bitmask) + if (mb_bitmask) { + if (mb_bitmask_size != (s->mb_width * s->mb_height + 7)>>3) { + av_log(s->avctx, AV_LOG_ERROR, "mb_bitmask_size mismatches\n"); + return AVERROR_INVALIDDATA; + } init_get_bits(&mb_bitmask_gb, mb_bitmask, s->mb_width * s->mb_height); + } if (s->flipped && s->avctx->lowres) { av_log(s->avctx, AV_LOG_ERROR, "Can not flip image with lowres\n"); @@ -1268,7 +1274,7 @@ static int mjpeg_decode_scan_progressive_ac(MJpegDecodeContext *s, int ss, } int ff_mjpeg_decode_sos(MJpegDecodeContext *s, const uint8_t *mb_bitmask, - const AVFrame *reference) + int mb_bitmask_size, const AVFrame *reference) { int len, nb_components, i, h, v, predictor, point_transform; int index, id, ret; @@ -1400,7 +1406,7 @@ next_field: } else { if ((ret = mjpeg_decode_scan(s, nb_components, prev_shift, point_transform, - mb_bitmask, reference)) < 0) + mb_bitmask, mb_bitmask_size, reference)) < 0) return ret; } } @@ -1925,7 +1931,7 @@ eoi_parser: goto the_end; case SOS: s->cur_scan++; - if ((ret = ff_mjpeg_decode_sos(s, NULL, NULL)) < 0 && + if ((ret = ff_mjpeg_decode_sos(s, NULL, 0, NULL)) < 0 && (avctx->err_recognition & AV_EF_EXPLODE)) goto fail; break; diff --git a/libavcodec/mjpegdec.h b/libavcodec/mjpegdec.h index 1335c66b8d..abfa9a3475 100644 --- a/libavcodec/mjpegdec.h +++ b/libavcodec/mjpegdec.h @@ -131,7 +131,8 @@ int ff_mjpeg_decode_dqt(MJpegDecodeContext *s); int ff_mjpeg_decode_dht(MJpegDecodeContext *s); int ff_mjpeg_decode_sof(MJpegDecodeContext *s); int ff_mjpeg_decode_sos(MJpegDecodeContext *s, - const uint8_t *mb_bitmask, const AVFrame *reference); + const uint8_t *mb_bitmask,int mb_bitmask_size, + const AVFrame *reference); int ff_mjpeg_find_marker(MJpegDecodeContext *s, const uint8_t **buf_ptr, const uint8_t *buf_end, const uint8_t **unescaped_buf_ptr, int *unescaped_buf_size); diff --git a/libavcodec/mxpegdec.c b/libavcodec/mxpegdec.c index 8eee3b8e9e..155d348905 100644 --- a/libavcodec/mxpegdec.c +++ b/libavcodec/mxpegdec.c @@ -295,11 +295,11 @@ static int mxpeg_decode_frame(AVCodecContext *avctx, AV_GET_BUFFER_FLAG_REF)) < 0) return ret; - ret = ff_mjpeg_decode_sos(jpg, s->mxm_bitmask, reference_ptr); + ret = ff_mjpeg_decode_sos(jpg, s->mxm_bitmask, s->bitmask_size, reference_ptr); if (ret < 0 && (avctx->err_recognition & AV_EF_EXPLODE)) return ret; } else { - ret = ff_mjpeg_decode_sos(jpg, NULL, NULL); + ret = ff_mjpeg_decode_sos(jpg, NULL, 0, NULL); if (ret < 0 && (avctx->err_recognition & AV_EF_EXPLODE)) return ret; } From 9368b91834e46149f6b97ba3dd3648e3f79edef2 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 1 Feb 2014 05:34:25 +0100 Subject: [PATCH 193/562] avcodec/vc1dec: field pictures with direct mode MBs, followed by frame pictures are not supported This case could occur when cuting and concatenating bitstreams Fixes out of array read Fixes: asan_heap-oob_1b33fdd_2849_cov_478905890_SA10143.vc1 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 85d51d8e327c666ac963acf25cf6a6763e6c6671) Signed-off-by: Michael Niedermayer --- libavcodec/vc1dec.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/vc1dec.c b/libavcodec/vc1dec.c index 2604a95174..018f1d997c 100644 --- a/libavcodec/vc1dec.c +++ b/libavcodec/vc1dec.c @@ -4342,6 +4342,10 @@ static void vc1_decode_b_mb_intfi(VC1Context *v) if (bmvtype == BMV_TYPE_DIRECT) { dmv_x[0] = dmv_y[0] = pred_flag[0] = 0; dmv_x[1] = dmv_y[1] = pred_flag[0] = 0; + if (!s->next_picture_ptr->field_picture) { + av_log(s->avctx, AV_LOG_ERROR, "Mixed field/frame direct mode not supported\n"); + return; + } } vc1_pred_b_mv_intfi(v, 0, dmv_x, dmv_y, 1, pred_flag); vc1_b_mc(v, dmv_x, dmv_y, (bmvtype == BMV_TYPE_DIRECT), bmvtype); @@ -6028,6 +6032,7 @@ static int vc1_decode_frame(AVCodecContext *avctx, void *data, goto err; } + v->s.current_picture_ptr->field_picture = v->field_mode; v->s.current_picture_ptr->f.interlaced_frame = (v->fcm != PROGRESSIVE); v->s.current_picture_ptr->f.top_field_first = v->tff; From 10a30e4de5618af812a47e6a3a3710c32ae54e60 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 1 Feb 2014 17:06:24 +0100 Subject: [PATCH 194/562] avcodec/vc1: factor read_bfraction() out Signed-off-by: Michael Niedermayer (cherry picked from commit 388b4cf86ed5ec27d35eb5069769db12a4e31af0) Signed-off-by: Michael Niedermayer --- libavcodec/vc1.c | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/libavcodec/vc1.c b/libavcodec/vc1.c index e4e25a8d53..728c7defe8 100644 --- a/libavcodec/vc1.c +++ b/libavcodec/vc1.c @@ -627,6 +627,12 @@ static void rotate_luts(VC1Context *v) } } +static int read_bfraction(VC1Context *v, GetBitContext* gb) { + v->bfraction_lut_index = get_vlc2(gb, ff_vc1_bfraction_vlc.table, VC1_BFRACTION_VLC_BITS, 1); + v->bfraction = ff_vc1_bfraction_lut[v->bfraction_lut_index]; + return 0; +} + int ff_vc1_parse_frame_header(VC1Context *v, GetBitContext* gb) { int pqindex, lowquant, status; @@ -660,8 +666,8 @@ int ff_vc1_parse_frame_header(VC1Context *v, GetBitContext* gb) v->bi_type = 0; if (v->s.pict_type == AV_PICTURE_TYPE_B) { - v->bfraction_lut_index = get_vlc2(gb, ff_vc1_bfraction_vlc.table, VC1_BFRACTION_VLC_BITS, 1); - v->bfraction = ff_vc1_bfraction_lut[v->bfraction_lut_index]; + if (read_bfraction(v, gb) < 0) + return AVERROR_INVALIDDATA; if (v->bfraction == 0) { v->s.pict_type = AV_PICTURE_TYPE_BI; } @@ -939,8 +945,8 @@ int ff_vc1_parse_frame_header_adv(VC1Context *v, GetBitContext* gb) v->refdist += get_unary(gb, 0, 16); } if ((v->s.pict_type == AV_PICTURE_TYPE_B) || (v->s.pict_type == AV_PICTURE_TYPE_BI)) { - v->bfraction_lut_index = get_vlc2(gb, ff_vc1_bfraction_vlc.table, VC1_BFRACTION_VLC_BITS, 1); - v->bfraction = ff_vc1_bfraction_lut[v->bfraction_lut_index]; + if (read_bfraction(v, gb) < 0) + return AVERROR_INVALIDDATA; v->frfd = (v->bfraction * v->refdist) >> 8; v->brfd = v->refdist - v->frfd - 1; if (v->brfd < 0) @@ -952,8 +958,8 @@ int ff_vc1_parse_frame_header_adv(VC1Context *v, GetBitContext* gb) if (v->finterpflag) v->interpfrm = get_bits1(gb); if (v->s.pict_type == AV_PICTURE_TYPE_B) { - v->bfraction_lut_index = get_vlc2(gb, ff_vc1_bfraction_vlc.table, VC1_BFRACTION_VLC_BITS, 1); - v->bfraction = ff_vc1_bfraction_lut[v->bfraction_lut_index]; + if (read_bfraction(v, gb) < 0) + return AVERROR_INVALIDDATA; if (v->bfraction == 0) { v->s.pict_type = AV_PICTURE_TYPE_BI; /* XXX: should not happen here */ } @@ -1197,8 +1203,8 @@ int ff_vc1_parse_frame_header_adv(VC1Context *v, GetBitContext* gb) break; case AV_PICTURE_TYPE_B: if (v->fcm == ILACE_FRAME) { - v->bfraction_lut_index = get_vlc2(gb, ff_vc1_bfraction_vlc.table, VC1_BFRACTION_VLC_BITS, 1); - v->bfraction = ff_vc1_bfraction_lut[v->bfraction_lut_index]; + if (read_bfraction(v, gb) < 0) + return AVERROR_INVALIDDATA; if (v->bfraction == 0) { return -1; } From ab1c7113f9ec1e169d654990dc5379af1570d2ce Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 1 Feb 2014 17:07:40 +0100 Subject: [PATCH 195/562] avcodec/vc1: Check bfraction_lut_index Fixes: out of array read Fixes: asan_static-oob_1b40507_2849_SA10143.vc1 Fixes: asan_static-oob_1b40a15_2849_cov_1182297305_SA10143.vc1 Fixes: asan_static-oob_1b40f15_2849_cov_2159513432_SA10143.vc1 Fixes: asan_static-oob_1b40f15_2849_cov_3230311510_SA10143.vc1 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit dcf5bfbdb6137ffdca66e0b7c2929ced42732951) Signed-off-by: Michael Niedermayer --- libavcodec/vc1.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libavcodec/vc1.c b/libavcodec/vc1.c index 728c7defe8..b9a6fdfb52 100644 --- a/libavcodec/vc1.c +++ b/libavcodec/vc1.c @@ -628,7 +628,13 @@ static void rotate_luts(VC1Context *v) } static int read_bfraction(VC1Context *v, GetBitContext* gb) { - v->bfraction_lut_index = get_vlc2(gb, ff_vc1_bfraction_vlc.table, VC1_BFRACTION_VLC_BITS, 1); + int bfraction_lut_index = get_vlc2(gb, ff_vc1_bfraction_vlc.table, VC1_BFRACTION_VLC_BITS, 1); + + if (bfraction_lut_index == 21 || bfraction_lut_index < 0) { + av_log(v->s.avctx, AV_LOG_ERROR, "bfraction invalid\n"); + return AVERROR_INVALIDDATA; + } + v->bfraction_lut_index = bfraction_lut_index; v->bfraction = ff_vc1_bfraction_lut[v->bfraction_lut_index]; return 0; } From ebc490e7445ccbcd1bc8ce6ded06e2fff209d40e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 2 Feb 2014 01:47:36 +0100 Subject: [PATCH 196/562] avcodec/tiff: reset geotag_count in free_geotags() Fixes null pointer dereference Fixes: signal_sigsegv_19d922e_3688_cov_1577641655_aletrek_tiff.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit a744064c4155bde063b9e8a47699542be3b8e5eb) Signed-off-by: Michael Niedermayer --- libavcodec/tiff.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c index 2b100ede5e..80c6d6e376 100644 --- a/libavcodec/tiff.c +++ b/libavcodec/tiff.c @@ -79,6 +79,7 @@ static void free_geotags(TiffContext *const s) av_freep(&s->geotags[i].val); } av_freep(&s->geotags); + s->geotag_count = 0; } #define RET_GEOKEY(TYPE, array, element)\ From d79419d0f993ed1c4145b0a71bbf63d0e0976022 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 2 Feb 2014 02:33:16 +0100 Subject: [PATCH 197/562] avcodec/hevc: propagate error code from hls_coding_quadtree() Fixes use of uninitialized memory Fixes out of array read Fixes: asan_static-oob_123cee5_2630_cov_1869071233_PICSIZE_A_Bossen_1.bin Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 96c4ba2392b9cd55a5e84cb28db5c0c7e53cd390) Signed-off-by: Michael Niedermayer --- libavcodec/hevc.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c index 2b57d13fb6..3ad8655aac 100644 --- a/libavcodec/hevc.c +++ b/libavcodec/hevc.c @@ -1694,10 +1694,16 @@ static int hls_coding_quadtree(HEVCContext *s, int x0, int y0, if (more_data < 0) return more_data; - if (more_data && x1 < s->sps->width) + if (more_data && x1 < s->sps->width) { more_data = hls_coding_quadtree(s, x1, y0, log2_cb_size - 1, cb_depth + 1); - if (more_data && y1 < s->sps->height) + if (more_data < 0) + return more_data; + } + if (more_data && y1 < s->sps->height) { more_data = hls_coding_quadtree(s, x0, y1, log2_cb_size - 1, cb_depth + 1); + if (more_data < 0) + return more_data; + } if (more_data && x1 < s->sps->width && y1 < s->sps->height) { return hls_coding_quadtree(s, x1, y1, log2_cb_size - 1, cb_depth + 1); From 9fb364babdc7788bf955100958ef596448e5c1b1 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 3 Feb 2014 05:04:42 +0100 Subject: [PATCH 198/562] avcodec/aacdec: Fix pulse position checks in decode_pulses() Fixes out of array read Fixes: asan_static-oob_1efed25_1887_cov_2013541199_HeyYa_RA10_AAC_192K_30s.rm Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 6e42ccb9dbc13836cd52cda594f819d17af9afa2) Signed-off-by: Michael Niedermayer --- libavcodec/aacdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/aacdec.c b/libavcodec/aacdec.c index 396aa44ec5..407125713c 100644 --- a/libavcodec/aacdec.c +++ b/libavcodec/aacdec.c @@ -1405,12 +1405,12 @@ static int decode_pulses(Pulse *pulse, GetBitContext *gb, return -1; pulse->pos[0] = swb_offset[pulse_swb]; pulse->pos[0] += get_bits(gb, 5); - if (pulse->pos[0] > 1023) + if (pulse->pos[0] >= swb_offset[num_swb]) return -1; pulse->amp[0] = get_bits(gb, 4); for (i = 1; i < pulse->num_pulse; i++) { pulse->pos[i] = get_bits(gb, 5) + pulse->pos[i - 1]; - if (pulse->pos[i] > 1023) + if (pulse->pos[i] >= swb_offset[num_swb]) return -1; pulse->amp[i] = get_bits(gb, 4); } From 9330bcff9ba2e74cc13630cb607a11753c1c212c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 3 Feb 2014 23:52:38 +0100 Subject: [PATCH 199/562] avcodec/h264: Disallow pps_id changing between slices Such changes are forbidden in H.264 and lead to race conditions Fixes out of array read Fixes: signal_sigsegv_f9796a_1613_cov_3114610371_FM1_BT_B.h264 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit e708424b70bef8641e8a090ec4d9e8c4490db87e) Signed-off-by: Michael Niedermayer --- libavcodec/h264.c | 10 ++++++++++ libavcodec/h264.h | 2 ++ 2 files changed, 12 insertions(+) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 76a82acafb..7b240a22fd 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -3430,6 +3430,12 @@ static int decode_slice_header(H264Context *h, H264Context *h0) pps_id); return AVERROR_INVALIDDATA; } + if (h0->au_pps_id >= 0 && pps_id != h0->au_pps_id) { + av_log(h->avctx, AV_LOG_ERROR, + "PPS change from %d to %d forbidden\n", + h0->au_pps_id, pps_id); + return AVERROR_INVALIDDATA; + } h->pps = *h0->pps_buffers[pps_id]; if (!h0->sps_buffers[h->pps.sps_id]) { @@ -4022,6 +4028,7 @@ static int decode_slice_header(H264Context *h, H264Context *h0) if (h->ref_count[0]) h->er.last_pic = &h->ref_list[0][0]; if (h->ref_count[1]) h->er.next_pic = &h->ref_list[1][0]; h->er.ref_count = h->ref_count[0]; + h0->au_pps_id = pps_id; if (h->avctx->debug & FF_DEBUG_PICT_INFO) { av_log(h->avctx, AV_LOG_DEBUG, @@ -4788,6 +4795,9 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size, continue; again: + if ( !(avctx->active_thread_type & FF_THREAD_FRAME) + || nals_needed >= nal_index) + h->au_pps_id = -1; /* Ignore per frame NAL unit type during extradata * parsing. Decoding slices is not possible in codec init * with frame-mt */ diff --git a/libavcodec/h264.h b/libavcodec/h264.h index ed7f04b853..63a343774c 100644 --- a/libavcodec/h264.h +++ b/libavcodec/h264.h @@ -390,6 +390,8 @@ typedef struct H264Context { */ PPS pps; // FIXME move to Picture perhaps? (->no) do we need that? + int au_pps_id; ///< pps_id of current access unit + uint32_t dequant4_buffer[6][QP_MAX_NUM + 1][16]; // FIXME should these be moved down? uint32_t dequant8_buffer[6][QP_MAX_NUM + 1][64]; uint32_t(*dequant4_coeff[6])[16]; From e7b7e694168663813fdf1e99e0d1142cfd88e44b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 4 Feb 2014 02:20:59 +0100 Subject: [PATCH 200/562] avcodec/h264: update current_sps & sps->new only after the whole slice header decoder and init code finished This avoids them being cleared before the full initialization finished Fixes out of array read Fixes: asan_heap-oob_f0c5e6_7071_cov_1605985132_mov_h264_aac__Demo_FlagOfOurFathers.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 8a3b85f3a7952c54a2c36ba1797f7e0cde9f85aa) Signed-off-by: Michael Niedermayer --- libavcodec/h264.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 7b240a22fd..3e209c3e9c 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -3447,9 +3447,7 @@ static int decode_slice_header(H264Context *h, H264Context *h0) if (h->pps.sps_id != h->current_sps_id || h0->sps_buffers[h->pps.sps_id]->new) { - h0->sps_buffers[h->pps.sps_id]->new = 0; - h->current_sps_id = h->pps.sps_id; h->sps = *h0->sps_buffers[h->pps.sps_id]; if (h->mb_width != h->sps.mb_width || @@ -4029,6 +4027,9 @@ static int decode_slice_header(H264Context *h, H264Context *h0) if (h->ref_count[1]) h->er.next_pic = &h->ref_list[1][0]; h->er.ref_count = h->ref_count[0]; h0->au_pps_id = pps_id; + h->sps.new = + h0->sps_buffers[h->pps.sps_id]->new = 0; + h->current_sps_id = h->pps.sps_id; if (h->avctx->debug & FF_DEBUG_PICT_INFO) { av_log(h->avctx, AV_LOG_DEBUG, From 69f99f80d1255f3ae7c4d29f8ce3a771d9aeb6b8 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 7 Feb 2014 02:37:18 +0100 Subject: [PATCH 201/562] avcodec/hevc: clear tab_slice_address in hevc_frame_start() Fixes inconsistencies Fixes use of uninitilaized memory Fixes part of cb307d24befbd109c6f054008d6777b5/asan_static-oob_124a175_1445_cov_2355279992_DBLK_D_VIXS_1.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 56985d26d7054079cbe8865532c4a2cff123f596) Conflicts: libavcodec/hevc.c --- libavcodec/hevc.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c index 3ad8655aac..310c21378a 100644 --- a/libavcodec/hevc.c +++ b/libavcodec/hevc.c @@ -2049,13 +2049,16 @@ static void restore_tqb_pixels(HEVCContext *s) static int hevc_frame_start(HEVCContext *s) { - HEVCLocalContext *lc = s->HEVClc; + HEVCLocalContext *lc = s->HEVClc; + int pic_size_in_ctb = ((s->sps->width >> s->sps->log2_min_cb_size) + 1) * + ((s->sps->height >> s->sps->log2_min_cb_size) + 1); int ret; memset(s->horizontal_bs, 0, 2 * s->bs_width * (s->bs_height + 1)); memset(s->vertical_bs, 0, 2 * s->bs_width * (s->bs_height + 1)); memset(s->cbf_luma, 0, s->sps->min_tb_width * s->sps->min_tb_height); memset(s->is_pcm, 0, s->sps->min_pu_width * s->sps->min_pu_height); + memset(s->tab_slice_address, -1, pic_size_in_ctb * sizeof(*s->tab_slice_address)); lc->start_of_tiles_x = 0; s->is_decoded = 0; From b959e6393e8a234c73621f372397759efed66e7a Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 7 Feb 2014 04:32:28 +0100 Subject: [PATCH 202/562] avcodec/hevc: hls_decode_entry: check that the previous slice segment is available before decoding the next Fixes use of uninitialized memory Fixes out of array read Fixes assertion failure Fixes part of cb307d24befbd109c6f054008d6777b5/asan_static-oob_124a175_1445_cov_2355279992_DBLK_D_VIXS_1.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 6ef57f4d9a0920c82237facb0d1f3856b17da9dc) Signed-off-by: Michael Niedermayer --- libavcodec/hevc.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c index 310c21378a..6f072b9976 100644 --- a/libavcodec/hevc.c +++ b/libavcodec/hevc.c @@ -1801,6 +1801,14 @@ static int hls_decode_entry(AVCodecContext *avctxt, void *isFilterThread) return AVERROR_INVALIDDATA; } + if (s->sh.dependent_slice_segment_flag) { + int prev_rs = s->pps->ctb_addr_ts_to_rs[ctb_addr_ts - 1]; + if (s->tab_slice_address[prev_rs] == -1) { + av_log(s->avctx, AV_LOG_ERROR, "Previous slice segment missing\n"); + return AVERROR_INVALIDDATA; + } + } + while (more_data && ctb_addr_ts < s->sps->ctb_size) { int ctb_addr_rs = s->pps->ctb_addr_ts_to_rs[ctb_addr_ts]; From aa672f5e6af4eaf1166ff95a628f9ac6e6a292b4 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 7 Feb 2014 04:30:31 +0100 Subject: [PATCH 203/562] avcodec/hevc: clear tab_slice_address of ctb on error. This allows us to detect which areas have failed to decode Signed-off-by: Michael Niedermayer (cherry picked from commit a18f11158216c22f4a69e44f8cbb59b300a7f10c) Signed-off-by: Michael Niedermayer --- libavcodec/hevc.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c index 6f072b9976..4a0907f3f2 100644 --- a/libavcodec/hevc.c +++ b/libavcodec/hevc.c @@ -1825,8 +1825,11 @@ static int hls_decode_entry(AVCodecContext *avctxt, void *isFilterThread) s->filter_slice_edges[ctb_addr_rs] = s->sh.slice_loop_filter_across_slices_enabled_flag; more_data = hls_coding_quadtree(s, x_ctb, y_ctb, s->sps->log2_ctb_size, 0); - if (more_data < 0) + if (more_data < 0) { + s->tab_slice_address[ctb_addr_rs] = -1; return more_data; + } + ctb_addr_ts++; ff_hevc_save_states(s, ctb_addr_ts); @@ -1892,8 +1895,10 @@ static int hls_decode_entry_wpp(AVCodecContext *avctxt, void *input_ctb_row, int hls_sao_param(s, x_ctb >> s->sps->log2_ctb_size, y_ctb >> s->sps->log2_ctb_size); more_data = hls_coding_quadtree(s, x_ctb, y_ctb, s->sps->log2_ctb_size, 0); - if (more_data < 0) + if (more_data < 0) { + s->tab_slice_address[ctb_addr_rs] = -1; return more_data; + } ctb_addr_ts++; From ce5d9a2b4b3092939ede3ef0c478d9f36b6d8a34 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 7 Feb 2014 16:31:11 +0100 Subject: [PATCH 204/562] avcodec/hevc: make check for previous slice segment tighter This ensures the previous one is matching the curent and not just any Signed-off-by: Michael Niedermayer (cherry picked from commit 1a3ed056c523b4670e192301be15dbc521ec8353) Signed-off-by: Michael Niedermayer --- libavcodec/hevc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c index 4a0907f3f2..1d1a578a02 100644 --- a/libavcodec/hevc.c +++ b/libavcodec/hevc.c @@ -1803,7 +1803,7 @@ static int hls_decode_entry(AVCodecContext *avctxt, void *isFilterThread) if (s->sh.dependent_slice_segment_flag) { int prev_rs = s->pps->ctb_addr_ts_to_rs[ctb_addr_ts - 1]; - if (s->tab_slice_address[prev_rs] == -1) { + if (s->tab_slice_address[prev_rs] != s->sh.slice_addr) { av_log(s->avctx, AV_LOG_ERROR, "Previous slice segment missing\n"); return AVERROR_INVALIDDATA; } From 7034e808f6b2b102d2b3f5b837915201f813a37c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 15 Feb 2014 22:29:17 +0100 Subject: [PATCH 205/562] avcodec/hevc_ps: Use get_bits_long() in decode_vui() Fix assertion failure Fixes: a225222ef88a0f5b1e93e1d0432debc3-asan_static-oob_124a17d_1448_cov_77608227_DBLK_E_VIXS_1.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit b818637b84948e917d11c987f2270cea5b3fcfea) Signed-off-by: Michael Niedermayer --- libavcodec/hevc_ps.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c index 529bf905f6..a382172ad3 100644 --- a/libavcodec/hevc_ps.c +++ b/libavcodec/hevc_ps.c @@ -489,8 +489,8 @@ static void decode_vui(HEVCContext *s, HEVCSPS *sps) vui->vui_timing_info_present_flag = get_bits1(gb); if (vui->vui_timing_info_present_flag) { - vui->vui_num_units_in_tick = get_bits(gb, 32); - vui->vui_time_scale = get_bits(gb, 32); + vui->vui_num_units_in_tick = get_bits_long(gb, 32); + vui->vui_time_scale = get_bits_long(gb, 32); vui->vui_poc_proportional_to_timing_flag = get_bits1(gb); if (vui->vui_poc_proportional_to_timing_flag) vui->vui_num_ticks_poc_diff_one_minus1 = get_ue_golomb_long(gb); From 6341a7006d74bf557c9ffb2a19f15e511d9b3b2b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 16 Feb 2014 13:12:39 +0100 Subject: [PATCH 206/562] avcodec/alsdec: check predictor order against block length Fixes out of array access Fixes: abd3c041acbcb816be113455d138166b-asan_heap-oob_b11634_3707_cov_1707137151_als_05_2ch48k16b.mp4 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 18f94df8af04f2c02a25a7dec512289feff6517f) Signed-off-by: Michael Niedermayer --- libavcodec/alsdec.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c index 7b99d8689e..e1e6738049 100644 --- a/libavcodec/alsdec.c +++ b/libavcodec/alsdec.c @@ -688,7 +688,11 @@ static int read_var_block_data(ALSDecContext *ctx, ALSBlockData *bd) } else { *bd->opt_order = sconf->max_order; } - + if (*bd->opt_order > bd->block_length) { + *bd->opt_order = bd->block_length; + av_log(avctx, AV_LOG_ERROR, "Predictor order too large.\n"); + return AVERROR_INVALIDDATA; + } opt_order = *bd->opt_order; if (opt_order) { From d0d441b35053e04bbca2149cbf08f14499a1619c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 17 Feb 2014 00:24:20 +0100 Subject: [PATCH 207/562] avcodec/h264: more completely check the loop filter parameters Fixes out of array read Fixes: caa65cc01655505705129b677189f036-signal_sigsegv_fdcc43_2681_cov_3043376737_PPH422I5_Panasonic_A.264 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 91253839e14cce9793ee93f184cef609ca8195d5) Signed-off-by: Michael Niedermayer --- libavcodec/h264.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 3e209c3e9c..3b5c126079 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -3932,8 +3932,8 @@ static int decode_slice_header(H264Context *h, H264Context *h0) if (h->deblocking_filter) { h->slice_alpha_c0_offset += get_se_golomb(&h->gb) << 1; h->slice_beta_offset += get_se_golomb(&h->gb) << 1; - if (h->slice_alpha_c0_offset > 104U || - h->slice_beta_offset > 104U) { + if (h->slice_alpha_c0_offset < 52 - 12 || h->slice_alpha_c0_offset > 52 + 12 || + h->slice_beta_offset < 52 - 12 || h->slice_beta_offset > 52 + 12) { av_log(h->avctx, AV_LOG_ERROR, "deblocking filter parameters %d %d out of range\n", h->slice_alpha_c0_offset, h->slice_beta_offset); From c8d363a3593a6ba5390ebecde720b71fbc4d6fbb Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 17 Feb 2014 23:44:49 +0100 Subject: [PATCH 208/562] avformat/bink: Check return value of av_add_index_entry() Fixes null pointer dereference Fixes: cdbf15cbd0a27cee958dd0b8800e452e-signal_sigsegv_737991_2083_cov_317652874_LBSTART.BIK Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit c57fc97e956a52edc94a38ff0ecd3058b44c15b7) Signed-off-by: Michael Niedermayer --- libavformat/bink.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libavformat/bink.c b/libavformat/bink.c index 6db73cce3a..b9c853cb14 100644 --- a/libavformat/bink.c +++ b/libavformat/bink.c @@ -79,6 +79,7 @@ static int read_header(AVFormatContext *s) uint32_t pos, next_pos; uint16_t flags; int keyframe; + int ret; vst = avformat_new_stream(s, NULL); if (!vst) @@ -177,8 +178,9 @@ static int read_header(AVFormatContext *s) av_log(s, AV_LOG_ERROR, "invalid frame index table\n"); return AVERROR(EIO); } - av_add_index_entry(vst, pos, i, next_pos - pos, 0, - keyframe ? AVINDEX_KEYFRAME : 0); + if ((ret = av_add_index_entry(vst, pos, i, next_pos - pos, 0, + keyframe ? AVINDEX_KEYFRAME : 0)) < 0) + return ret; } avio_skip(pb, 4); From 846a9c67ff6ea022a66c3a65789a1ceb367917ba Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 21 Feb 2014 23:51:33 +0100 Subject: [PATCH 209/562] avcodec/h264: use subsample factors of the used pixel format Fixes out of array read Fixes: 1cb91c36c4e55463f14aacb9bdf55b38-asan_heap-oob_106cbce_5617_cov_11212800_h264_mmx_chroma_intra_lf.mp4 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 8c55ff393340998faae887dfac19e7ef128e1e58) Signed-off-by: Michael Niedermayer --- libavcodec/h264.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 3b5c126079..2ee9e43a70 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -5021,6 +5021,7 @@ static int get_consumed_bytes(int pos, int buf_size) static int output_frame(H264Context *h, AVFrame *dst, Picture *srcp) { AVFrame *src = &srcp->f; + const AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(src->format); int i; int ret = av_frame_ref(dst, src); if (ret < 0) @@ -5031,9 +5032,9 @@ static int output_frame(H264Context *h, AVFrame *dst, Picture *srcp) if (!srcp->crop) return 0; - for (i = 0; i < 3; i++) { - int hshift = (i > 0) ? h->chroma_x_shift : 0; - int vshift = (i > 0) ? h->chroma_y_shift : 0; + for (i = 0; i < desc->nb_components; i++) { + int hshift = (i > 0) ? desc->log2_chroma_w : 0; + int vshift = (i > 0) ? desc->log2_chroma_h : 0; int off = ((srcp->crop_left >> hshift) << h->pixel_shift) + (srcp->crop_top >> vshift) * dst->linesize[i]; dst->data[i] += off; From ea7ccf3748452b614b6ae81fa814303a49733fc2 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 20 Feb 2014 05:48:54 +0100 Subject: [PATCH 210/562] avcodec/mpeg4videodec: Check for bitstream overread in decode_vol_header() Fixes out of array read Fixes: 08e48e9daae7d8f8ab6dbe3919e797e5-asan_heap-oob_157461c_5295_cov_1266798650_firefing.mpg Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 3edc3b159503d512c919b3d5902f7026e961823a) Conflicts: libavcodec/mpeg4videodec.c --- libavcodec/mpeg4videodec.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/mpeg4videodec.c b/libavcodec/mpeg4videodec.c index dd97bd791b..7a4a441100 100644 --- a/libavcodec/mpeg4videodec.c +++ b/libavcodec/mpeg4videodec.c @@ -1766,6 +1766,11 @@ static int decode_vol_header(MpegEncContext *s, GetBitContext *gb){ s->quarter_sample= get_bits1(gb); else s->quarter_sample=0; + if (get_bits_left(gb) < 4) { + av_log(s->avctx, AV_LOG_ERROR, "VOL Header truncated\n"); + return AVERROR_INVALIDDATA; + } + if(!get_bits1(gb)){ int pos= get_bits_count(gb); int estimation_method= get_bits(gb, 2); From 2368d08e701acf7942bf6d70a40a3e70186199ea Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 21 Jan 2014 15:42:51 +0100 Subject: [PATCH 211/562] Merge commit 'e22ebd04bcab7f86548794556c28ecca46d9c2ac' * commit 'e22ebd04bcab7f86548794556c28ecca46d9c2ac': hevc: Bound check cu_qp_delta Conflicts: libavcodec/hevc.c Merged-by: Michael Niedermayer (cherry picked from commit a69dd1163b1a91978e596af551c9561d121aeedf) Conflicts: libavcodec/hevc.c --- libavcodec/hevc.c | 78 ++++++++++++++++++++++++++++++++--------------- 1 file changed, 54 insertions(+), 24 deletions(-) diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c index 1d1a578a02..f8438d4bc3 100644 --- a/libavcodec/hevc.c +++ b/libavcodec/hevc.c @@ -743,11 +743,10 @@ static void hls_sao_param(HEVCContext *s, int rx, int ry) #undef SET_SAO #undef CTB - -static void hls_transform_unit(HEVCContext *s, int x0, int y0, - int xBase, int yBase, int cb_xBase, int cb_yBase, - int log2_cb_size, int log2_trafo_size, - int trafo_depth, int blk_idx) +static int hls_transform_unit(HEVCContext *s, int x0, int y0, + int xBase, int yBase, int cb_xBase, int cb_yBase, + int log2_cb_size, int log2_trafo_size, + int trafo_depth, int blk_idx) { HEVCLocalContext *lc = s->HEVClc; @@ -781,6 +780,18 @@ static void hls_transform_unit(HEVCContext *s, int x0, int y0, if (ff_hevc_cu_qp_delta_sign_flag(s) == 1) lc->tu.cu_qp_delta = -lc->tu.cu_qp_delta; lc->tu.is_cu_qp_delta_coded = 1; + + if (lc->tu.cu_qp_delta < -(26 + s->sps->qp_bd_offset / 2) || + lc->tu.cu_qp_delta > (25 + s->sps->qp_bd_offset / 2)) { + av_log(s->avctx, AV_LOG_ERROR, + "The cu_qp_delta %d is outside the valid range " + "[%d, %d].\n", + lc->tu.cu_qp_delta, + -(26 + s->sps->qp_bd_offset / 2), + (25 + s->sps->qp_bd_offset / 2)); + return AVERROR_INVALIDDATA; + } + ff_hevc_set_qPy(s, x0, y0, cb_xBase, cb_yBase, log2_cb_size); } @@ -816,6 +827,7 @@ static void hls_transform_unit(HEVCContext *s, int x0, int y0, ff_hevc_hls_residual_coding(s, xBase, yBase, log2_trafo_size, scan_idx_c, 2); } } + return 0; } static void set_deblocking_bypass(HEVCContext *s, int x0, int y0, int log2_cb_size) @@ -833,13 +845,14 @@ static void set_deblocking_bypass(HEVCContext *s, int x0, int y0, int log2_cb_si s->is_pcm[i + j * min_pu_width] = 2; } -static void hls_transform_tree(HEVCContext *s, int x0, int y0, - int xBase, int yBase, int cb_xBase, int cb_yBase, - int log2_cb_size, int log2_trafo_size, - int trafo_depth, int blk_idx) +static int hls_transform_tree(HEVCContext *s, int x0, int y0, + int xBase, int yBase, int cb_xBase, int cb_yBase, + int log2_cb_size, int log2_trafo_size, + int trafo_depth, int blk_idx) { HEVCLocalContext *lc = s->HEVClc; uint8_t split_transform_flag; + int ret; if (trafo_depth > 0 && log2_trafo_size == 2) { SAMPLE_CBF(lc->tt.cbf_cb[trafo_depth], x0, y0) = @@ -892,14 +905,26 @@ static void hls_transform_tree(HEVCContext *s, int x0, int y0, int x1 = x0 + ((1 << log2_trafo_size) >> 1); int y1 = y0 + ((1 << log2_trafo_size) >> 1); - hls_transform_tree(s, x0, y0, x0, y0, cb_xBase, cb_yBase, log2_cb_size, - log2_trafo_size - 1, trafo_depth + 1, 0); - hls_transform_tree(s, x1, y0, x0, y0, cb_xBase, cb_yBase, log2_cb_size, - log2_trafo_size - 1, trafo_depth + 1, 1); - hls_transform_tree(s, x0, y1, x0, y0, cb_xBase, cb_yBase, log2_cb_size, - log2_trafo_size - 1, trafo_depth + 1, 2); - hls_transform_tree(s, x1, y1, x0, y0, cb_xBase, cb_yBase, log2_cb_size, - log2_trafo_size - 1, trafo_depth + 1, 3); + ret = hls_transform_tree(s, x0, y0, x0, y0, cb_xBase, cb_yBase, + log2_cb_size, log2_trafo_size - 1, + trafo_depth + 1, 0); + if (ret < 0) + return ret; + ret = hls_transform_tree(s, x1, y0, x0, y0, cb_xBase, cb_yBase, + log2_cb_size, log2_trafo_size - 1, + trafo_depth + 1, 1); + if (ret < 0) + return ret; + ret = hls_transform_tree(s, x0, y1, x0, y0, cb_xBase, cb_yBase, + log2_cb_size, log2_trafo_size - 1, + trafo_depth + 1, 2); + if (ret < 0) + return ret; + ret = hls_transform_tree(s, x1, y1, x0, y0, cb_xBase, cb_yBase, + log2_cb_size, log2_trafo_size - 1, + trafo_depth + 1, 3); + if (ret < 0) + return ret; } else { int min_tu_size = 1 << s->sps->log2_min_tb_size; int log2_min_tu_size = s->sps->log2_min_tb_size; @@ -911,9 +936,11 @@ static void hls_transform_tree(HEVCContext *s, int x0, int y0, lc->tt.cbf_luma = ff_hevc_cbf_luma_decode(s, trafo_depth); } - hls_transform_unit(s, x0, y0, xBase, yBase, cb_xBase, cb_yBase, - log2_cb_size, log2_trafo_size, trafo_depth, blk_idx); - + ret = hls_transform_unit(s, x0, y0, xBase, yBase, cb_xBase, cb_yBase, + log2_cb_size, log2_trafo_size, trafo_depth, + blk_idx); + if (ret < 0) + return ret; // TODO: store cbf_luma somewhere else if (lc->tt.cbf_luma) { int i, j; @@ -932,6 +959,7 @@ static void hls_transform_tree(HEVCContext *s, int x0, int y0, set_deblocking_bypass(s, x0, y0, log2_trafo_size); } } + return 0; } static int hls_pcm_sample(HEVCContext *s, int x0, int y0, int log2_cb_size) @@ -1520,7 +1548,7 @@ static int hls_coding_unit(HEVCContext *s, int x0, int y0, int log2_cb_size) int min_cb_width = s->sps->min_cb_width; int x_cb = x0 >> log2_min_cb_size; int y_cb = y0 >> log2_min_cb_size; - int x, y; + int x, y, ret; lc->cu.x = x0; lc->cu.y = y0; @@ -1577,7 +1605,6 @@ static int hls_coding_unit(HEVCContext *s, int x0, int y0, int log2_cb_size) lc->cu.pcm_flag = ff_hevc_pcm_flag_decode(s); } if (lc->cu.pcm_flag) { - int ret; intra_prediction_unit_default_value(s, x0, y0, log2_cb_size); ret = hls_pcm_sample(s, x0, y0, log2_cb_size); if (s->sps->pcm.loop_filter_disable_flag) @@ -1636,8 +1663,11 @@ static int hls_coding_unit(HEVCContext *s, int x0, int y0, int log2_cb_size) lc->cu.max_trafo_depth = lc->cu.pred_mode == MODE_INTRA ? s->sps->max_transform_hierarchy_depth_intra + lc->cu.intra_split_flag : s->sps->max_transform_hierarchy_depth_inter; - hls_transform_tree(s, x0, y0, x0, y0, x0, y0, log2_cb_size, - log2_cb_size, 0, 0); + ret = hls_transform_tree(s, x0, y0, x0, y0, x0, y0, + log2_cb_size, + log2_cb_size, 0, 0); + if (ret < 0) + return ret; } else { if (!s->sh.disable_deblocking_filter_flag) ff_hevc_deblocking_boundary_strengths(s, x0, y0, log2_cb_size, From 0909b8acf8f76edb5a96d2e9a68b7bb78bc456ed Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 7 Feb 2014 23:28:22 +0100 Subject: [PATCH 212/562] avcodec/hevc: Simplify get_qPy_pred() Fixes use of uninitialized memory Fixes: 93728afd9aa074ba14a09bfd93a632fd-asan_static-oob_124a17d_1445_cov_1021181966_DBLK_D_VIXS_1.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 64278039e55ffc88d231a8d760ecc257a120760a) Conflicts: libavcodec/hevc_filter.c --- libavcodec/hevc.c | 16 +++++++++++++++- libavcodec/hevc.h | 2 ++ libavcodec/hevc_filter.c | 40 +--------------------------------------- 3 files changed, 18 insertions(+), 40 deletions(-) diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c index f8438d4bc3..f27eddbdc5 100644 --- a/libavcodec/hevc.c +++ b/libavcodec/hevc.c @@ -1549,6 +1549,7 @@ static int hls_coding_unit(HEVCContext *s, int x0, int y0, int log2_cb_size) int x_cb = x0 >> log2_min_cb_size; int y_cb = y0 >> log2_min_cb_size; int x, y, ret; + int qp_block_mask = (1<<(s->sps->log2_ctb_size - s->pps->diff_cu_qp_delta_depth)) - 1; lc->cu.x = x0; lc->cu.y = y0; @@ -1686,6 +1687,11 @@ static int hls_coding_unit(HEVCContext *s, int x0, int y0, int log2_cb_size) x += min_cb_width; } + if(((x0 + (1<qPy_pred = lc->qp_y; + } + set_ct_depth(s, x0, y0, log2_cb_size, lc->ct.depth); return 0; @@ -1697,6 +1703,7 @@ static int hls_coding_quadtree(HEVCContext *s, int x0, int y0, HEVCLocalContext *lc = s->HEVClc; const int cb_size = 1 << log2_cb_size; int ret; + int qp_block_mask = (1<<(s->sps->log2_ctb_size - s->pps->diff_cu_qp_delta_depth)) - 1; lc->ct.depth = cb_depth; if ((x0 + cb_size <= s->sps->width) && @@ -1736,8 +1743,15 @@ static int hls_coding_quadtree(HEVCContext *s, int x0, int y0, } if (more_data && x1 < s->sps->width && y1 < s->sps->height) { - return hls_coding_quadtree(s, x1, y1, log2_cb_size - 1, cb_depth + 1); + more_data = hls_coding_quadtree(s, x1, y1, log2_cb_size - 1, cb_depth + 1); + if (more_data < 0) + return more_data; } + + if(((x0 + (1<qPy_pred = lc->qp_y; + if (more_data) return ((x1 + cb_size_split) < s->sps->width || (y1 + cb_size_split) < s->sps->height); diff --git a/libavcodec/hevc.h b/libavcodec/hevc.h index 0d4f3e6373..1a115cf40e 100644 --- a/libavcodec/hevc.h +++ b/libavcodec/hevc.h @@ -733,6 +733,8 @@ typedef struct HEVCLocalContext { int8_t qp_y; int8_t curr_qp_y; + int qPy_pred; + TransformUnit tu; uint8_t ctb_left_flag; diff --git a/libavcodec/hevc_filter.c b/libavcodec/hevc_filter.c index d040406008..bad5359e7d 100644 --- a/libavcodec/hevc_filter.c +++ b/libavcodec/hevc_filter.c @@ -93,45 +93,7 @@ static int get_qPy_pred(HEVCContext *s, int xC, int yC, int xBase, int yBase, in lc->first_qp_group = !lc->tu.is_cu_qp_delta_coded; qPy_pred = s->sh.slice_qp; } else { - qPy_pred = lc->qp_y; - if (log2_cb_size < s->sps->log2_ctb_size - s->pps->diff_cu_qp_delta_depth) { - static const int offsetX[8][8] = { - {-1, 1, 3, 1, 7, 1, 3, 1}, - { 0, 0, 0, 0, 0, 0, 0, 0}, - { 1, 3, 1, 3, 1, 3, 1, 3}, - { 2, 2, 2, 2, 2, 2, 2, 2}, - { 3, 5, 7, 5, 3, 5, 7, 5}, - { 4, 4, 4, 4, 4, 4, 4, 4}, - { 5, 7, 5, 7, 5, 7, 5, 7}, - { 6, 6, 6, 6, 6, 6, 6, 6} - }; - static const int offsetY[8][8] = { - { 7, 0, 1, 2, 3, 4, 5, 6}, - { 0, 1, 2, 3, 4, 5, 6, 7}, - { 1, 0, 3, 2, 5, 4, 7, 6}, - { 0, 1, 2, 3, 4, 5, 6, 7}, - { 3, 0, 1, 2, 7, 4, 5, 6}, - { 0, 1, 2, 3, 4, 5, 6, 7}, - { 1, 0, 3, 2, 5, 4, 7, 6}, - { 0, 1, 2, 3, 4, 5, 6, 7} - }; - int xC0b = (xC - (xC & ctb_size_mask)) >> s->sps->log2_min_cb_size; - int yC0b = (yC - (yC & ctb_size_mask)) >> s->sps->log2_min_cb_size; - int idxX = (xQgBase & ctb_size_mask) >> s->sps->log2_min_cb_size; - int idxY = (yQgBase & ctb_size_mask) >> s->sps->log2_min_cb_size; - int idx_mask = ctb_size_mask >> s->sps->log2_min_cb_size; - int x, y; - - x = FFMIN(xC0b + offsetX[idxX][idxY], min_cb_width - 1); - y = FFMIN(yC0b + (offsetY[idxX][idxY] & idx_mask), min_cb_height - 1); - - if (xC0b == (lc->start_of_tiles_x >> s->sps->log2_min_cb_size) && - offsetX[idxX][idxY] == -1) { - x = (lc->end_of_tiles_x >> s->sps->log2_min_cb_size) - 1; - y = yC0b - 1; - } - qPy_pred = s->qp_y_tab[y * min_cb_width + x]; - } + qPy_pred = lc->qPy_pred; } // qPy_a From d3139c9733f1994fb86825e0d1fd2a5abf3be7b5 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 23 Feb 2014 17:48:16 +0100 Subject: [PATCH 213/562] update for 2.1.4 Signed-off-by: Michael Niedermayer --- RELEASE | 2 +- VERSION | 2 +- doc/Doxyfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/RELEASE b/RELEASE index ac2cdeba01..7d2ed7c702 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -2.1.3 +2.1.4 diff --git a/VERSION b/VERSION index ac2cdeba01..7d2ed7c702 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.1.3 +2.1.4 diff --git a/doc/Doxyfile b/doc/Doxyfile index bc1595f45b..c925320e12 100644 --- a/doc/Doxyfile +++ b/doc/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 2.1.3 +PROJECT_NUMBER = 2.1.4 # With the PROJECT_LOGO tag one can specify a logo or icon that is included # in the documentation. The maximum height of the logo should not exceed 55 From c7c724056ef4998a7ecc881457c2b90074490bbd Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 23 Feb 2014 18:20:05 +0100 Subject: [PATCH 214/562] avcodec/h264: clear chroma planes when flags gray is used Fixes Ticket3397 Signed-off-by: Michael Niedermayer (cherry picked from commit 72e691314027b08955679319394dd0d8477973b7) --- libavcodec/h264.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 2ee9e43a70..6c2efba222 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -452,6 +452,18 @@ static int alloc_picture(H264Context *h, Picture *pic) pic->hwaccel_picture_private = pic->hwaccel_priv_buf->data; } } + if (!h->avctx->hwaccel && CONFIG_GRAY && h->flags & CODEC_FLAG_GRAY && pic->f.data[2]) { + int h_chroma_shift, v_chroma_shift; + av_pix_fmt_get_chroma_sub_sample(pic->f.format, + &h_chroma_shift, &v_chroma_shift); + + for(i=0; iavctx->height, v_chroma_shift); i++) { + memset(pic->f.data[1] + pic->f.linesize[1]*i, + 0x80, FF_CEIL_RSHIFT(h->avctx->width, h_chroma_shift)); + memset(pic->f.data[2] + pic->f.linesize[2]*i, + 0x80, FF_CEIL_RSHIFT(h->avctx->width, h_chroma_shift)); + } + } if (!h->qscale_table_pool) { ret = init_table_pools(h); From 96603d5753c765c662a348b91a8e6d30226de700 Mon Sep 17 00:00:00 2001 From: Anton Khirnov Date: Thu, 27 Feb 2014 21:36:33 +0100 Subject: [PATCH 215/562] pthread_frame: flush all threads on flush, not just the first one avcodec_flush_buffers() must release all internally held references according to its documentation, for which all the threads need to be flushed. Bug-Id: vlc/9665 (cherry picked from commit d1f9563d502037239185c11578cc614bdf0c5870) Conflicts: libavcodec/pthread_frame.c --- libavcodec/pthread.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavcodec/pthread.c b/libavcodec/pthread.c index 6cf51c87d7..cdbe729b12 100644 --- a/libavcodec/pthread.c +++ b/libavcodec/pthread.c @@ -902,8 +902,6 @@ void ff_thread_flush(AVCodecContext *avctx) if (fctx->prev_thread) { if (fctx->prev_thread != &fctx->threads[0]) update_context_from_thread(fctx->threads[0].avctx, fctx->prev_thread->avctx, 0); - if (avctx->codec->flush) - avctx->codec->flush(fctx->threads[0].avctx); } fctx->next_decoding = fctx->next_finished = 0; @@ -916,6 +914,9 @@ void ff_thread_flush(AVCodecContext *avctx) av_frame_unref(p->frame); release_delayed_buffers(p); + + if (avctx->codec->flush) + avctx->codec->flush(fctx->threads[0].avctx); } } From d87ac93bcad353a68fd4fcf9e4878b22130e02a8 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 5 Mar 2014 17:07:28 +0100 Subject: [PATCH 216/562] avformat/oggparsevorbis: dont use invalid granules Fixes Ticket3437 Signed-off-by: Michael Niedermayer (cherry picked from commit 12b97dd375736c332989c50ea68af9d834b2621f) --- libavformat/oggparsevorbis.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/oggparsevorbis.c b/libavformat/oggparsevorbis.c index 36ad7384ea..14c7ddd04f 100644 --- a/libavformat/oggparsevorbis.c +++ b/libavformat/oggparsevorbis.c @@ -351,7 +351,7 @@ static int vorbis_packet(AVFormatContext *s, int idx) * here we parse the duration of each packet in the first page and compare * the total duration to the page granule to find the encoder delay and * set the first timestamp */ - if ((!os->lastpts || os->lastpts == AV_NOPTS_VALUE) && !(os->flags & OGG_FLAG_EOS)) { + if ((!os->lastpts || os->lastpts == AV_NOPTS_VALUE) && !(os->flags & OGG_FLAG_EOS) && (int64_t)os->granule>=0) { int seg, d; uint8_t *last_pkt = os->buf + os->pstart; uint8_t *next_pkt = last_pkt; From 910fd77967b0f068221ad6e5fc7a976571075412 Mon Sep 17 00:00:00 2001 From: Nicolas George Date: Wed, 5 Mar 2014 17:59:38 +0100 Subject: [PATCH 217/562] lavfi/af_atempo: clear references before returning error. Once the frame has been given to ff_filter_frame(), it can no longer be used, even on error. Fix trac ticket #3430. (cherry picked from commit bc6901c94944e4a81be49a6b11183cd0c55d2738) --- libavfilter/af_atempo.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavfilter/af_atempo.c b/libavfilter/af_atempo.c index ad12786584..0857257451 100644 --- a/libavfilter/af_atempo.c +++ b/libavfilter/af_atempo.c @@ -1058,11 +1058,11 @@ static int push_samples(ATempoContext *atempo, outlink->time_base); ret = ff_filter_frame(outlink, atempo->dst_buffer); - if (ret < 0) - return ret; atempo->dst_buffer = NULL; atempo->dst = NULL; atempo->dst_end = NULL; + if (ret < 0) + return ret; atempo->nsamples_out += n_out; return 0; From a9753049b54e4d3dc42cfbaecfcfab488bd9b032 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 11 Mar 2014 20:45:29 +0100 Subject: [PATCH 218/562] avcodec/vorbisdec: use the stored previous window type only when the actual previous is not known Fixes Ticket3432 Signed-off-by: Michael Niedermayer (cherry picked from commit 5171ae781a240cac3860c20f9aefc6d1b2c61cac) --- libavcodec/vorbisdec.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/libavcodec/vorbisdec.c b/libavcodec/vorbisdec.c index a2f7dd27f8..d928446722 100644 --- a/libavcodec/vorbisdec.c +++ b/libavcodec/vorbisdec.c @@ -151,7 +151,7 @@ typedef struct vorbis_context_s { uint8_t mode_count; vorbis_mode *modes; uint8_t mode_number; // mode number for the current packet - uint8_t previous_window; + int8_t previous_window; float *channel_residues; float *saved; } vorbis_context; @@ -989,7 +989,7 @@ static int vorbis_parse_id_hdr(vorbis_context *vc) if (!vc->channel_residues || !vc->saved) return AVERROR(ENOMEM); - vc->previous_window = 0; + vc->previous_window = -1; ff_mdct_init(&vc->mdct[0], bl0, 1, -1.0); ff_mdct_init(&vc->mdct[1], bl1, 1, -1.0); @@ -1548,7 +1548,7 @@ static int vorbis_parse_audio_packet(vorbis_context *vc, float **floor_ptr) { GetBitContext *gb = &vc->gb; FFTContext *mdct; - unsigned previous_window = vc->previous_window; + int previous_window = vc->previous_window; unsigned mode_number, blockflag, blocksize; int i, j; uint8_t no_residue[255]; @@ -1581,9 +1581,11 @@ static int vorbis_parse_audio_packet(vorbis_context *vc, float **floor_ptr) blocksize = vc->blocksize[blockflag]; vlen = blocksize / 2; if (blockflag) { - previous_window = get_bits(gb, 1); - skip_bits1(gb); // next_window - } + int code = get_bits(gb, 2); + if (previous_window < 0) + previous_window = code>>1; + } else if (previous_window < 0) + previous_window = 0; memset(ch_res_ptr, 0, sizeof(float) * vc->audio_channels * vlen); //FIXME can this be removed ? for (i = 0; i < vc->audio_channels; ++i) @@ -1812,7 +1814,7 @@ static av_cold void vorbis_decode_flush(AVCodecContext *avctx) memset(vc->saved, 0, (vc->blocksize[1] / 4) * vc->audio_channels * sizeof(*vc->saved)); } - vc->previous_window = 0; + vc->previous_window = -1; } AVCodec ff_vorbis_decoder = { From 4362a222e2d20aaaa894c38d77b7fb83fd600876 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 12 Mar 2014 01:50:41 +0100 Subject: [PATCH 219/562] avformat/flvdec: discard inconsistent timestamps Fixes Ticket3425 Signed-off-by: Michael Niedermayer (cherry picked from commit dbc3e1109cddd7ab653dce0f7758bad17b94803d) --- libavformat/flvdec.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c index e2498db7ed..1342bbcd42 100644 --- a/libavformat/flvdec.c +++ b/libavformat/flvdec.c @@ -938,6 +938,10 @@ retry_duration: flv->wrong_dts = 1; av_log(s, AV_LOG_WARNING, "negative cts, previous timestamps might be wrong\n"); + } else if (FFABS(dts - pts) > 1000*60*15) { + av_log(s, AV_LOG_WARNING, + "invalid timestamps %"PRId64" %"PRId64"\n", dts, pts); + dts = pts = AV_NOPTS_VALUE; } if (flv->wrong_dts) dts = AV_NOPTS_VALUE; From 3712b398e9e987b171ee31799cbf1402dd8a52aa Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 11 Mar 2014 19:04:45 +0100 Subject: [PATCH 220/562] avidec: calculate missing bitrates from index Signed-off-by: Michael Niedermayer (cherry picked from commit 01000064c9518f76bc97b72e81aa34788d88534f) --- libavformat/avidec.c | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/libavformat/avidec.c b/libavformat/avidec.c index 57beb6877d..b193a90a3d 100644 --- a/libavformat/avidec.c +++ b/libavformat/avidec.c @@ -377,6 +377,46 @@ static void avi_read_nikon(AVFormatContext *s, uint64_t end) } } +static int calculate_bitrate(AVFormatContext *s) +{ + AVIContext *avi = s->priv_data; + int i, j; + int64_t lensum = 0; + int64_t maxpos = 0; + + for (i = 0; inb_streams; i++) { + int64_t len = 0; + AVStream *st = s->streams[i]; + + if (!st->nb_index_entries) + continue; + + for (j = 0; j < st->nb_index_entries; j++) + len += st->index_entries[j].size; + maxpos = FFMAX(maxpos, st->index_entries[j-1].pos); + lensum += len; + } + if (maxpos < avi->io_fsize*9/10) // index doesnt cover the whole file + return 0; + if (lensum*9/10 > maxpos || lensum < maxpos*9/10) // frame sum and filesize mismatch + return 0; + + for (i = 0; inb_streams; i++) { + int64_t len = 0; + AVStream *st = s->streams[i]; + int64_t duration; + + for (j = 0; j < st->nb_index_entries; j++) + len += st->index_entries[j].size; + + if (st->nb_index_entries < 2 || st->codec->bit_rate > 0) + continue; + duration = st->index_entries[j-1].timestamp - st->index_entries[0].timestamp; + st->codec->bit_rate = av_rescale(8*len, st->time_base.den, duration * st->time_base.num); + } + return 1; +} + static int avi_read_header(AVFormatContext *s) { AVIContext *avi = s->priv_data; @@ -861,6 +901,7 @@ fail: if (!avi->index_loaded && pb->seekable) avi_load_index(s); + calculate_bitrate(s); avi->index_loaded |= 1; avi->non_interleaved |= guess_ni_flag(s) | (s->flags & AVFMT_FLAG_SORT_DTS); From 3e73bea05f71fbf8a4707436a48a5347fbd22260 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 11 Mar 2014 19:18:23 +0100 Subject: [PATCH 221/562] avformat/avidec: Check required demuxing buffer sizes in guess_ni_flag() Fixes Ticket3421 Signed-off-by: Michael Niedermayer (cherry picked from commit 5d75730c58f72918a41bb5abda4b448ecdd4273c) --- libavformat/avidec.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/libavformat/avidec.c b/libavformat/avidec.c index b193a90a3d..6d731feac5 100644 --- a/libavformat/avidec.c +++ b/libavformat/avidec.c @@ -1532,6 +1532,7 @@ static int guess_ni_flag(AVFormatContext *s) return 0; for (min_pos=pos=0; min_pos!=INT64_MAX; pos= min_pos+1LU) { int64_t max_dts = INT64_MIN/2, min_dts= INT64_MAX/2; + int64_t max_buffer = 0; min_pos = INT64_MAX; for (i=0; inb_streams; i++) { @@ -1544,10 +1545,20 @@ static int guess_ni_flag(AVFormatContext *s) min_dts = FFMIN(min_dts, av_rescale_q(st->index_entries[idx[i]].timestamp/FFMAX(ast->sample_size, 1), st->time_base, AV_TIME_BASE_Q)); min_pos = FFMIN(min_pos, st->index_entries[idx[i]].pos); } - if (idx[i]) - max_dts = FFMAX(max_dts, av_rescale_q(st->index_entries[idx[i]-1].timestamp/FFMAX(ast->sample_size, 1), st->time_base, AV_TIME_BASE_Q)); } - if (max_dts - min_dts > 2*AV_TIME_BASE) { + for (i=0; inb_streams; i++) { + AVStream *st = s->streams[i]; + AVIStream *ast = st->priv_data; + + if (idx[i] && min_dts != INT64_MAX/2) { + int64_t dts = av_rescale_q(st->index_entries[idx[i]-1].timestamp/FFMAX(ast->sample_size, 1), st->time_base, AV_TIME_BASE_Q); + max_dts = FFMAX(max_dts, dts); + max_buffer = FFMAX(max_buffer, av_rescale(dts - min_dts, st->codec->bit_rate, AV_TIME_BASE)); + } + } + if (max_dts - min_dts > 2*AV_TIME_BASE || + max_buffer > 1024 * 1024 * 8 *8 + ) { av_free(idx); return 1; } From c7a854af19019f57ed1fb0c2e65e9e0249b5a78c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 27 Jan 2014 18:57:52 +0100 Subject: [PATCH 222/562] mvformat/movenc: fix IMX fixes Ticket3351 Tested-by: carl Signed-off-by: Michael Niedermayer (cherry picked from commit 72d44f15834af68e2620a7051493359d7ee5b2c3) --- libavformat/movenc.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavformat/movenc.c b/libavformat/movenc.c index cfb73d7b39..c1ee3ead4d 100644 --- a/libavformat/movenc.c +++ b/libavformat/movenc.c @@ -899,11 +899,14 @@ static AVRational find_fps(AVFormatContext *s, AVStream *st) static int mov_get_mpeg2_xdcam_codec_tag(AVFormatContext *s, MOVTrack *track) { - int tag = MKTAG('m', '2', 'v', '1'); //fallback tag + int tag = track->enc->codec_tag; int interlaced = track->enc->field_order > AV_FIELD_PROGRESSIVE; AVStream *st = track->st; int rate = av_q2d(find_fps(s, st)); + if (!tag) + tag = MKTAG('m', '2', 'v', '1'); //fallback tag + if (track->enc->pix_fmt == AV_PIX_FMT_YUV420P) { if (track->enc->width == 1280 && track->enc->height == 720) { if (!interlaced) { From db53b2b2c0f7b150d0363c4de0d0ca69c9c3c805 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 16 Mar 2014 15:15:02 +0100 Subject: [PATCH 223/562] ffmpeg_opt: check that a subtitle encoder is available before auto mapping streams Fixes Ticket3470 Signed-off-by: Michael Niedermayer (cherry picked from commit 25bcf24d4d0faf0191923be8afac8f67ca98b500) --- ffmpeg_opt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ffmpeg_opt.c b/ffmpeg_opt.c index d154807bdf..4d3633fbed 100644 --- a/ffmpeg_opt.c +++ b/ffmpeg_opt.c @@ -1728,7 +1728,7 @@ static int open_output_file(OptionsContext *o, const char *filename) /* subtitles: pick first */ MATCH_PER_TYPE_OPT(codec_names, str, subtitle_codec_name, oc, "s"); - if (!o->subtitle_disable && (oc->oformat->subtitle_codec != AV_CODEC_ID_NONE || subtitle_codec_name)) { + if (!o->subtitle_disable && (avcodec_find_encoder(oc->oformat->subtitle_codec) || subtitle_codec_name)) { for (i = 0; i < nb_input_streams; i++) if (input_streams[i]->st->codec->codec_type == AVMEDIA_TYPE_SUBTITLE) { new_subtitle_stream(o, oc, i); From 9098da032975e9792971125ff93e550d853b9397 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 17 Mar 2014 02:25:20 +0100 Subject: [PATCH 224/562] avcodec/h264: be more tolerant on what pixel format changes trigger reinits Fixes Ticket3260 Signed-off-by: Michael Niedermayer (cherry picked from commit 8e92ff25469f75f5c1fcbb9ba5721cea341ca34a) --- libavcodec/h264.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 6c2efba222..b3593c674f 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -3370,6 +3370,17 @@ int ff_set_ref_count(H264Context *h) return 0; } +static enum AVPixelFormat non_j_pixfmt(enum AVPixelFormat a) +{ + switch (a) { + case AV_PIX_FMT_YUVJ420P: return AV_PIX_FMT_YUV420P; + case AV_PIX_FMT_YUVJ422P: return AV_PIX_FMT_YUV422P; + case AV_PIX_FMT_YUVJ444P: return AV_PIX_FMT_YUV444P; + default: + return a; + } +} + /** * Decode a slice header. * This will also call ff_MPV_common_init() and frame_start() as needed. @@ -3492,7 +3503,7 @@ static int decode_slice_header(H264Context *h, H264Context *h0) || h->mb_width != h->sps.mb_width || h->mb_height != h->sps.mb_height * (2 - h->sps.frame_mbs_only_flag) )); - if (h0->avctx->pix_fmt != get_pixel_format(h0, 0)) + if (non_j_pixfmt(h0->avctx->pix_fmt) != non_j_pixfmt(get_pixel_format(h0, 0))) must_reinit = 1; h->mb_width = h->sps.mb_width; From 2e99fab15c236dcdc53fe413b5625c521d90a9df Mon Sep 17 00:00:00 2001 From: Peter Ross Date: Sat, 15 Mar 2014 11:16:19 +1100 Subject: [PATCH 225/562] avcodec/adpcm: ADPCM_IMA_DK3 packets are padded to 16-bit packet boundary Fixes ticket #3461. Signed-off-by: Peter Ross Signed-off-by: Michael Niedermayer (cherry picked from commit d1bb17940dd242e56541775318636bcbe3eab73d) --- libavcodec/adpcm.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/adpcm.c b/libavcodec/adpcm.c index 8e20de2a63..b6ef0aaac5 100644 --- a/libavcodec/adpcm.c +++ b/libavcodec/adpcm.c @@ -917,6 +917,9 @@ static int adpcm_decode_frame(AVCodecContext *avctx, void *data, *samples++ = c->status[0].predictor + c->status[1].predictor; *samples++ = c->status[0].predictor - c->status[1].predictor; } + + if ((bytestream2_tell(&gb) & 1)) + bytestream2_skip(&gb, 1); break; } case AV_CODEC_ID_ADPCM_IMA_ISS: From 02d46127f5f5a5e7185e980ea92d76a316044487 Mon Sep 17 00:00:00 2001 From: Peter Ross Date: Fri, 14 Mar 2014 20:02:04 +1100 Subject: [PATCH 226/562] avcodec/adpcm: squelch 'mismatch in coded sample count' warning for AV_CODEC_ID_ADPCM_EA_R2/3 These ADPCM codecs include a per-frame flag that enables a raw 16-bit mode. Therefore the the number of samples returned by get_nb_samples() is only ever approximate. Fixes ticket #3460. Signed-off-by: Peter Ross Reviewed-by: Paul B Mahol Signed-off-by: Michael Niedermayer (cherry picked from commit 7380201451a2edfb240cd356579c4c39a87cf5bd) --- libavcodec/adpcm.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/libavcodec/adpcm.c b/libavcodec/adpcm.c index b6ef0aaac5..8e67541916 100644 --- a/libavcodec/adpcm.c +++ b/libavcodec/adpcm.c @@ -471,9 +471,11 @@ static void adpcm_swf_decode(AVCodecContext *avctx, const uint8_t *buf, int buf_ * @param[out] coded_samples set to the number of samples as coded in the * packet, or 0 if the codec does not encode the * number of samples in each frame. + * @param[out] approx_nb_samples set to non-zero if the number of samples + * returned is an approximation. */ static int get_nb_samples(AVCodecContext *avctx, GetByteContext *gb, - int buf_size, int *coded_samples) + int buf_size, int *coded_samples, int *approx_nb_samples) { ADPCMDecodeContext *s = avctx->priv_data; int nb_samples = 0; @@ -482,6 +484,7 @@ static int get_nb_samples(AVCodecContext *avctx, GetByteContext *gb, int header_size; *coded_samples = 0; + *approx_nb_samples = 0; if(ch <= 0) return 0; @@ -552,10 +555,12 @@ static int get_nb_samples(AVCodecContext *avctx, GetByteContext *gb, case AV_CODEC_ID_ADPCM_EA_R2: header_size = 4 + 5 * ch; *coded_samples = bytestream2_get_le32(gb); + *approx_nb_samples = 1; break; case AV_CODEC_ID_ADPCM_EA_R3: header_size = 4 + 5 * ch; *coded_samples = bytestream2_get_be32(gb); + *approx_nb_samples = 1; break; } *coded_samples -= *coded_samples % 28; @@ -663,11 +668,11 @@ static int adpcm_decode_frame(AVCodecContext *avctx, void *data, int16_t **samples_p; int st; /* stereo */ int count1, count2; - int nb_samples, coded_samples, ret; + int nb_samples, coded_samples, approx_nb_samples, ret; GetByteContext gb; bytestream2_init(&gb, buf, buf_size); - nb_samples = get_nb_samples(avctx, &gb, buf_size, &coded_samples); + nb_samples = get_nb_samples(avctx, &gb, buf_size, &coded_samples, &approx_nb_samples); if (nb_samples <= 0) { av_log(avctx, AV_LOG_ERROR, "invalid number of samples in packet\n"); return AVERROR_INVALIDDATA; @@ -683,7 +688,7 @@ static int adpcm_decode_frame(AVCodecContext *avctx, void *data, /* use coded_samples when applicable */ /* it is always <= nb_samples, so the output buffer will be large enough */ if (coded_samples) { - if (coded_samples != nb_samples) + if (!approx_nb_samples && coded_samples != nb_samples) av_log(avctx, AV_LOG_WARNING, "mismatch in coded sample count\n"); frame->nb_samples = nb_samples = coded_samples; } From 5a45c644e82b7fe9a3fef325f6aa83ae0f10afed Mon Sep 17 00:00:00 2001 From: Timothy Gu Date: Sun, 23 Feb 2014 16:39:18 -0800 Subject: [PATCH 227/562] configure: use pkg-config to detect libbluray The current configure fails when static libbluray is compiled with libxml2 support. Signed-off-by: Timothy Gu Signed-off-by: Michael Niedermayer (cherry picked from commit baa650cc7946a9eb1cf5a083f61a581a97122f03) Signed-off-by: Michael Niedermayer --- configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure b/configure index 9390d48f6c..1f0cbff7f9 100755 --- a/configure +++ b/configure @@ -4274,7 +4274,7 @@ enabled ladspa && { check_header ladspa.h || die "ERROR: ladspa.h hea enabled libiec61883 && require libiec61883 libiec61883/iec61883.h iec61883_cmp_connect -lraw1394 -lavc1394 -lrom1394 -liec61883 enabled libaacplus && require "libaacplus >= 2.0.0" aacplus.h aacplusEncOpen -laacplus enabled libass && require_pkg_config libass ass/ass.h ass_library_init -enabled libbluray && require libbluray libbluray/bluray.h bd_open -lbluray +enabled libbluray && require_pkg_config libbluray libbluray/bluray.h bd_open enabled libcelt && require libcelt celt/celt.h celt_decode -lcelt0 && { check_lib celt/celt.h celt_decoder_create_custom -lcelt0 || die "ERROR: libcelt must be installed and version must be >= 0.11.0."; } From 0c5f166e6f5a45e88170937cc9e694d4e78e5ce9 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 1 Mar 2014 02:40:19 +0100 Subject: [PATCH 228/562] avcodec/utvideoenc: fix slice_bits size Fixes assertion failure Signed-off-by: Michael Niedermayer (cherry picked from commit 0a8c90202bb906747168a698b6837496f82c717c) Conflicts: libavcodec/utvideoenc.c --- libavcodec/utvideoenc.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/libavcodec/utvideoenc.c b/libavcodec/utvideoenc.c index c4885a59b1..bed74c5af1 100644 --- a/libavcodec/utvideoenc.c +++ b/libavcodec/utvideoenc.c @@ -456,7 +456,7 @@ static int encode_plane(AVCodecContext *avctx, uint8_t *src, * get the offset in bits and convert to bytes. */ offset += write_huff_codes(dst + sstart * width, c->slice_bits, - width * (send - sstart), width, + width * height + 4, width, send - sstart, he) >> 3; slice_len = offset - slice_len; @@ -513,8 +513,7 @@ static int utvideo_encode_frame(AVCodecContext *avctx, AVPacket *pkt, bytestream2_init_writer(&pb, dst, pkt->size); - av_fast_malloc(&c->slice_bits, &c->slice_bits_size, - width * height + FF_INPUT_BUFFER_PADDING_SIZE); + av_fast_padded_malloc(&c->slice_bits, &c->slice_bits_size, width * height + 4); if (!c->slice_bits) { av_log(avctx, AV_LOG_ERROR, "Cannot allocate temporary buffer 2.\n"); From 3c8a12be2f67d0f34a9b280e057fcd25260554b8 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 2 Mar 2014 15:16:37 +0100 Subject: [PATCH 229/562] avcodec/g2meet: fix error returns Fixes out of array accesses This should not affect any release Fixes: 8ab69af9e5a7a7e20fe04cdd25c0d6e7-asan_heap-oob_e72b82_5505_cov_2278389485_g2m4.wmv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 6b53c1aa822e9c92be52a462dd0aef1c2010ce73) Conflicts: libavcodec/g2meet.c --- libavcodec/g2meet.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/g2meet.c b/libavcodec/g2meet.c index 452cd7c7bb..b83be23bc0 100644 --- a/libavcodec/g2meet.c +++ b/libavcodec/g2meet.c @@ -709,7 +709,8 @@ static int g2m_decode_frame(AVCodecContext *avctx, void *data, av_log(avctx, AV_LOG_ERROR, "Unknown compression method %d\n", c->compression); - return AVERROR_PATCHWELCOME; + ret = AVERROR_PATCHWELCOME; + goto header_fail; } c->tile_width = bytestream2_get_be32(&bc); c->tile_height = bytestream2_get_be32(&bc); From 44799d269fd0c5fc3436987df8af58551e62a7ac Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 13 Mar 2014 17:32:15 +0100 Subject: [PATCH 230/562] avutil/timestamp: Warn about missing __STDC_FORMAT_MACROS for C++ use Signed-off-by: Michael Niedermayer (cherry picked from commit 8b02dfd37cb3bc9521fc6e1f5b5f13c80d144cd2) Signed-off-by: Michael Niedermayer --- libavutil/timestamp.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavutil/timestamp.h b/libavutil/timestamp.h index f63a08c579..f010a7ee38 100644 --- a/libavutil/timestamp.h +++ b/libavutil/timestamp.h @@ -26,6 +26,10 @@ #include "common.h" +#if defined(__cplusplus) && !defined(__STDC_FORMAT_MACROS) && !defined(PRId64) +#error missing -D__STDC_FORMAT_MACROS / #define __STDC_FORMAT_MACROS +#endif + #define AV_TS_MAX_STRING_SIZE 32 /** From 8c8db86c0de634ed2c96f1f6a159d5e240f39d7f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 15 Mar 2014 22:52:22 +0100 Subject: [PATCH 231/562] swscale/x86/swscale: fix missing xmm clobbers in yuv2yuvX_sse3() Signed-off-by: Michael Niedermayer (cherry picked from commit 6c47a4e972485e5f0c812159373f703c6f1d089f) Signed-off-by: Michael Niedermayer --- libswscale/x86/swscale.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libswscale/x86/swscale.c b/libswscale/x86/swscale.c index a86f9f82f3..6cccf44e0f 100644 --- a/libswscale/x86/swscale.c +++ b/libswscale/x86/swscale.c @@ -266,7 +266,8 @@ static void yuv2yuvX_sse3(const int16_t *filter, int filterSize, "jb 1b \n\t"\ :: "g" (filter), "r" (dest-offset), "g" ((x86_reg)(dstW+offset)), "m" (offset) - : "%"REG_d, "%"REG_S, "%"REG_c + : XMM_CLOBBERS("%xmm0" , "%xmm1" , "%xmm2" , "%xmm3" , "%xmm4" , "%xmm5" , "%xmm7" ,) + "%"REG_d, "%"REG_S, "%"REG_c ); } #endif From 65c915d0c37e9c323e2c73eeb799a76db26ae508 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 18 Mar 2014 00:07:53 +0100 Subject: [PATCH 232/562] avcodec/utils: fix sizeof(AVFrame) dependence in avcodec_encode_audio2() This is a bit tricky, we allocate a correctly sized AVFrame but then only copy the compile time AVFrame size, this is to ensure that user applications which do not use the correct av frame API dont end with out of array reads. Note, applications using the correct API have set extended_data and the changed code will never be executed for them. Signed-off-by: Michael Niedermayer (cherry picked from commit 8ab80707841a73ca7708e1e1aa97f3513fff3d35) Signed-off-by: Michael Niedermayer --- libavcodec/utils.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index 9cef9b7f99..b056e834bd 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -1591,7 +1591,7 @@ int attribute_align_arg avcodec_encode_audio2(AVCodecContext *avctx, const AVFrame *frame, int *got_packet_ptr) { - AVFrame tmp; + AVFrame *extended_frame = NULL; AVFrame *padded_frame = NULL; int ret; AVPacket user_pkt = *avpkt; @@ -1616,9 +1616,13 @@ int attribute_align_arg avcodec_encode_audio2(AVCodecContext *avctx, } av_log(avctx, AV_LOG_WARNING, "extended_data is not set.\n"); - tmp = *frame; - tmp.extended_data = tmp.data; - frame = &tmp; + extended_frame = av_frame_alloc(); + if (!extended_frame) + return AVERROR(ENOMEM); + + memcpy(extended_frame, frame, sizeof(AVFrame)); + extended_frame->extended_data = extended_frame->data; + frame = extended_frame; } /* check for valid frame size */ @@ -1626,14 +1630,15 @@ int attribute_align_arg avcodec_encode_audio2(AVCodecContext *avctx, if (avctx->codec->capabilities & CODEC_CAP_SMALL_LAST_FRAME) { if (frame->nb_samples > avctx->frame_size) { av_log(avctx, AV_LOG_ERROR, "more samples than frame size (avcodec_encode_audio2)\n"); - return AVERROR(EINVAL); + ret = AVERROR(EINVAL); + goto end; } } else if (!(avctx->codec->capabilities & CODEC_CAP_VARIABLE_FRAME_SIZE)) { if (frame->nb_samples < avctx->frame_size && !avctx->internal->last_audio_frame) { ret = pad_last_frame(avctx, &padded_frame, frame); if (ret < 0) - return ret; + goto end; frame = padded_frame; avctx->internal->last_audio_frame = 1; @@ -1705,6 +1710,7 @@ int attribute_align_arg avcodec_encode_audio2(AVCodecContext *avctx, end: av_frame_free(&padded_frame); + av_free(extended_frame); return ret; } From 610a0646076310f090408c333a925fc82e1db8e7 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 18 Mar 2014 18:06:17 +0100 Subject: [PATCH 233/562] avcodec/h263dec: Fix use of uninitialized memory from the bitstream buffer Signed-off-by: Michael Niedermayer (cherry picked from commit f07cebcd910c97ff6012085c21493231752990e9) Conflicts: libavcodec/h263dec.c --- libavcodec/h263dec.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/libavcodec/h263dec.c b/libavcodec/h263dec.c index 7db32e76de..58358ad69e 100644 --- a/libavcodec/h263dec.c +++ b/libavcodec/h263dec.c @@ -755,10 +755,9 @@ frame_end: } if (startcode_found) { - av_fast_malloc(&s->bitstream_buffer, + av_fast_padded_mallocz(&s->bitstream_buffer, &s->allocated_bitstream_buffer_size, - buf_size - current_pos + - FF_INPUT_BUFFER_PADDING_SIZE); + buf_size - current_pos); if (!s->bitstream_buffer) return AVERROR(ENOMEM); memcpy(s->bitstream_buffer, buf + current_pos, From 63dcf7c77c4aa5656c09c46cc1ed229decb672d3 Mon Sep 17 00:00:00 2001 From: Hendrik Leppkes Date: Mon, 4 Nov 2013 16:22:27 +0100 Subject: [PATCH 234/562] avformat/mov: only force parsing for video tracks if stss is empty Fixes playback of some AAC streams, which are otherwise mangled by the parser, and stss is typically only valid for video anyway. Fixes a regression since e41ea866. Signed-off-by: Michael Niedermayer (cherry picked from commit 019247bdc326a90bf20d3ce5d2413cc642e8bb08) --- libavformat/mov.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index c5d4dcbed6..8b4f70b9cb 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -1781,7 +1781,7 @@ static int mov_read_stss(MOVContext *c, AVIOContext *pb, MOVAtom atom) if (!entries) { sc->keyframe_absent = 1; - if (!st->need_parsing) + if (!st->need_parsing && st->codec->codec_type == AVMEDIA_TYPE_VIDEO) st->need_parsing = AVSTREAM_PARSE_HEADERS; return 0; } From 3c880d2765139e204e2132e6c6e4c7b65addaa9d Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 12 Feb 2014 06:32:51 +0100 Subject: [PATCH 235/562] avformat/mov: fix keyframe flags for sample from chromium Issue 340865 Fixes ticket #3362. Signed-off-by: Michael Niedermayer (cherry picked from commit a0911b059763b8f13c70adcbbe71e10382855104) --- libavformat/mov.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavformat/mov.c b/libavformat/mov.c index 8b4f70b9cb..d19aa16483 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -2144,6 +2144,11 @@ static void mov_build_index(MOVContext *mov, AVStream *st) rap_group_index++; } } + if (sc->keyframe_absent + && !sc->stps_count + && !rap_group_present + && st->codec->codec_type == AVMEDIA_TYPE_AUDIO) + keyframe = 1; if (keyframe) distance = 0; sample_size = sc->stsz_sample_size > 0 ? sc->stsz_sample_size : sc->sample_sizes[current_sample]; From 92d336670f82ebb8ac216fb21b892ce27699b70d Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 19 Jan 2014 20:59:28 +0100 Subject: [PATCH 236/562] avformat/matroskaenc: wrap V_QUICKTIME codec private in something that looks like its part of quicktime stsd This is needed for matroska spec compliance Fixes playback of SVQ3 in matroska with vlc Fixes Ticket 3256 Signed-off-by: Michael Niedermayer (cherry picked from commit 8456bd2c0f3b08756f353646fe3b40a6772e665e) --- libavformat/matroskaenc.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/libavformat/matroskaenc.c b/libavformat/matroskaenc.c index ea45d9c19f..1a23151e83 100644 --- a/libavformat/matroskaenc.c +++ b/libavformat/matroskaenc.c @@ -546,8 +546,18 @@ static int mkv_write_codecprivate(AVFormatContext *s, AVIOContext *pb, AVCodecCo if (qt_id) { if (!codec->codec_tag) codec->codec_tag = ff_codec_get_tag(ff_codec_movvideo_tags, codec->codec_id); - if (codec->extradata_size) + if (codec->extradata_size) { + if ( ff_codec_get_id(ff_codec_movvideo_tags, codec->codec_tag) == codec->codec_id + && ff_codec_get_id(ff_codec_movvideo_tags, AV_RL32(codec->extradata+4)) != codec->codec_id + ) { + int i; + avio_wb32(dyn_cp, 0x5a + codec->extradata_size); + avio_wl32(dyn_cp, codec->codec_tag); + for(i=0; i<0x5a-8; i++) + avio_w8(dyn_cp, 0); + } avio_write(dyn_cp, codec->extradata, codec->extradata_size); + } } else { if (!codec->codec_tag) codec->codec_tag = ff_codec_get_tag(ff_codec_bmp_tags, codec->codec_id); From 353f79defc1d0cd5ae86eb21e2d7917b04fbfeee Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 19 Jan 2014 18:35:33 +0100 Subject: [PATCH 237/562] avformat/matroskadec: support SVQ3 as generated by mkvtoolnix-6.6.0 Fixes part of Ticket3256 Signed-off-by: Michael Niedermayer (cherry picked from commit 5800b08572ef5f776950fc6f1b6572ba9a6b1933) --- libavformat/matroskadec.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index f2566c950e..6552efe133 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -1723,8 +1723,12 @@ static int matroska_read_header(AVFormatContext *s) } else if (!strcmp(track->codec_id, "V_QUICKTIME") && (track->codec_priv.size >= 86) && (track->codec_priv.data != NULL)) { - fourcc = AV_RL32(track->codec_priv.data); + fourcc = AV_RL32(track->codec_priv.data + 4); codec_id = ff_codec_get_id(ff_codec_movvideo_tags, fourcc); + if (ff_codec_get_id(ff_codec_movvideo_tags, AV_RL32(track->codec_priv.data))) { + fourcc = AV_RL32(track->codec_priv.data); + codec_id = ff_codec_get_id(ff_codec_movvideo_tags, fourcc); + } } else if (codec_id == AV_CODEC_ID_PCM_S16BE) { switch (track->audio.bitdepth) { case 8: codec_id = AV_CODEC_ID_PCM_U8; break; From caeed48982a17e1cbf5857eb69b1cb3b2a64a6e2 Mon Sep 17 00:00:00 2001 From: Peter Ross Date: Sat, 19 Apr 2014 12:12:00 +1000 Subject: [PATCH 238/562] ff_id3v2_free_extra_meta: set the pointer pointing to extra_meta to NULL Fixes ticket #3530. Signed-off-by: Peter Ross Signed-off-by: Michael Niedermayer (cherry picked from commit c94305ae23318c8956a30485cd5642829f4f16a9) --- libavformat/id3v2.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/id3v2.c b/libavformat/id3v2.c index 4bc76a321c..86c5cb3196 100644 --- a/libavformat/id3v2.c +++ b/libavformat/id3v2.c @@ -860,6 +860,8 @@ void ff_id3v2_free_extra_meta(ID3v2ExtraMeta **extra_meta) av_freep(¤t); current = next; } + + *extra_meta = NULL; } int ff_id3v2_parse_apic(AVFormatContext *s, ID3v2ExtraMeta **extra_meta) From 7269ab10c5179baa6928164b1bb932a62398d365 Mon Sep 17 00:00:00 2001 From: Peter Ross Date: Fri, 18 Apr 2014 14:49:40 +1000 Subject: [PATCH 239/562] ff_id3v2_read: add option to limit ID3 magic number search Several chunked formats (AIFF, IFF,DSF) store ID3 metadata within an 'ID3 ' chunk tag. If such chunks are stored sequentially, it is possible for the ID3v2 parser to confuse the chunk tag for the ID3 magic number. e.g. [1st chunk tag ('ID3 ') | chunk size] [ID3 magic number | metadata ...] [2nd chunk tag ('ID3 ') | chunk size] [ID3 magic number | metadata ...] Fixes ticket #3530. Signed-off-by: Peter Ross Signed-off-by: Michael Niedermayer (cherry picked from commit 5331773cc33ba26b9e26ace643d926219e46a17b) Conflicts: libavformat/dsfdec.c libavformat/id3v2.c --- libavformat/aiffdec.c | 2 +- libavformat/asfdec.c | 2 +- libavformat/id3v2.c | 13 +++++++++++-- libavformat/id3v2.h | 4 +++- libavformat/omadec.c | 2 +- libavformat/utils.c | 2 +- 6 files changed, 18 insertions(+), 7 deletions(-) diff --git a/libavformat/aiffdec.c b/libavformat/aiffdec.c index 6f82d9339a..a0b6e71c47 100644 --- a/libavformat/aiffdec.c +++ b/libavformat/aiffdec.c @@ -237,7 +237,7 @@ static int aiff_read_header(AVFormatContext *s) break; case MKTAG('I', 'D', '3', ' '): position = avio_tell(pb); - ff_id3v2_read(s, ID3v2_DEFAULT_MAGIC, &id3v2_extra_meta); + ff_id3v2_read(s, ID3v2_DEFAULT_MAGIC, &id3v2_extra_meta, size); if (id3v2_extra_meta) if ((ret = ff_id3v2_parse_apic(s, &id3v2_extra_meta)) < 0) { ff_id3v2_free_extra_meta(&id3v2_extra_meta); diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c index 528bcbd5b1..d6378e97df 100644 --- a/libavformat/asfdec.c +++ b/libavformat/asfdec.c @@ -266,7 +266,7 @@ static void get_id3_tag(AVFormatContext *s, int len) { ID3v2ExtraMeta *id3v2_extra_meta = NULL; - ff_id3v2_read(s, ID3v2_DEFAULT_MAGIC, &id3v2_extra_meta); + ff_id3v2_read(s, ID3v2_DEFAULT_MAGIC, &id3v2_extra_meta, len); if (id3v2_extra_meta) ff_id3v2_parse_apic(s, &id3v2_extra_meta); ff_id3v2_free_extra_meta(&id3v2_extra_meta); diff --git a/libavformat/id3v2.c b/libavformat/id3v2.c index 86c5cb3196..a3434c9d80 100644 --- a/libavformat/id3v2.c +++ b/libavformat/id3v2.c @@ -815,16 +815,25 @@ error: } void ff_id3v2_read(AVFormatContext *s, const char *magic, - ID3v2ExtraMeta **extra_meta) + ID3v2ExtraMeta **extra_meta, unsigned int max_search_size) { int len, ret; uint8_t buf[ID3v2_HEADER_SIZE]; int found_header; - int64_t off; + int64_t start, off; + if (max_search_size && max_search_size < ID3v2_HEADER_SIZE) + return; + + start = avio_tell(s->pb); do { /* save the current offset in case there's nothing to read/skip */ off = avio_tell(s->pb); + if (max_search_size && off - start >= max_search_size - ID3v2_HEADER_SIZE) { + avio_seek(s->pb, off, SEEK_SET); + break; + } + ret = avio_read(s->pb, buf, ID3v2_HEADER_SIZE); if (ret != ID3v2_HEADER_SIZE) { avio_seek(s->pb, off, SEEK_SET); diff --git a/libavformat/id3v2.h b/libavformat/id3v2.h index e893922133..25d37f37d0 100644 --- a/libavformat/id3v2.h +++ b/libavformat/id3v2.h @@ -92,8 +92,10 @@ int ff_id3v2_tag_len(const uint8_t *buf); * Read an ID3v2 tag, including supported extra metadata * @param extra_meta If not NULL, extra metadata is parsed into a list of * ID3v2ExtraMeta structs and *extra_meta points to the head of the list + * @param[opt] max_search_search restrict ID3 magic number search (bytes from start) */ -void ff_id3v2_read(AVFormatContext *s, const char *magic, ID3v2ExtraMeta **extra_meta); +void ff_id3v2_read(AVFormatContext *s, const char *magic, ID3v2ExtraMeta **extra_meta, + unsigned int max_search_size); /** * Initialize an ID3v2 tag. diff --git a/libavformat/omadec.c b/libavformat/omadec.c index 4017db3f2b..8453aa7bf5 100644 --- a/libavformat/omadec.c +++ b/libavformat/omadec.c @@ -293,7 +293,7 @@ static int oma_read_header(AVFormatContext *s) ID3v2ExtraMeta *extra_meta = NULL; OMAContext *oc = s->priv_data; - ff_id3v2_read(s, ID3v2_EA3_MAGIC, &extra_meta); + ff_id3v2_read(s, ID3v2_EA3_MAGIC, &extra_meta, 0); ret = avio_read(s->pb, buf, EA3_HEADER_SIZE); if (ret < EA3_HEADER_SIZE) return -1; diff --git a/libavformat/utils.c b/libavformat/utils.c index fd5c0dd017..aaf4f9879f 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -538,7 +538,7 @@ int avformat_open_input(AVFormatContext **ps, const char *filename, AVInputForma /* e.g. AVFMT_NOFILE formats will not have a AVIOContext */ if (s->pb) - ff_id3v2_read(s, ID3v2_DEFAULT_MAGIC, &id3v2_extra_meta); + ff_id3v2_read(s, ID3v2_DEFAULT_MAGIC, &id3v2_extra_meta, 0); if (!(s->flags&AVFMT_FLAG_PRIV_OPT) && s->iformat->read_header) if ((ret = s->iformat->read_header(s)) < 0) From 116b959565d306fefd2c2dd676ea507e49274388 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 22 Apr 2014 04:00:32 +0200 Subject: [PATCH 240/562] avformat/avidec: Speed up keyframe detection code Fixes Ticket3531 Signed-off-by: Michael Niedermayer (cherry picked from commit 57fb570908df2e84b11635f12b5be1fb27f053eb) --- libavformat/avidec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/avidec.c b/libavformat/avidec.c index 6d731feac5..ef2032d9f6 100644 --- a/libavformat/avidec.c +++ b/libavformat/avidec.c @@ -1354,7 +1354,7 @@ FF_ENABLE_DEPRECATION_WARNINGS AVIndexEntry *e; int index; - index = av_index_search_timestamp(st, ast->frame_offset, 0); + index = av_index_search_timestamp(st, ast->frame_offset, AVSEEK_FLAG_ANY); e = &st->index_entries[index]; if (index >= 0 && e->timestamp == ast->frame_offset) { From af04f0d1ce70e265ac1c51fed954668410f211c9 Mon Sep 17 00:00:00 2001 From: Stefano Sabatini Date: Tue, 22 Apr 2014 13:01:14 +0200 Subject: [PATCH 241/562] ffprobe: fix scaling of vali in value_string() in case -prefix is selected Fix trac ticket #3523. (cherry picked from commit 1ba59b1cbeafe7cd28db04f772abd89eb7e4ce1e) --- ffprobe.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ffprobe.c b/ffprobe.c index a7aef02ebf..7f9c73738c 100644 --- a/ffprobe.c +++ b/ffprobe.c @@ -238,6 +238,7 @@ static char *value_string(char *buf, int buf_size, struct unit_value uv) vald /= pow(10, index * 3); prefix_string = decimal_unit_prefixes[index]; } + vali = vald; } if (show_float || (use_value_prefix && vald != (long long int)vald)) From 8d6de877094f144a8b15df69a5e74c2072b799bc Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 24 Apr 2014 01:25:46 +0200 Subject: [PATCH 242/562] swresample: fix AV_CH_LAYOUT_STEREO_DOWNMIX input Fixes Ticket 3542 Signed-off-by: Michael Niedermayer (cherry picked from commit 291d464161a5bf3b566bc147f83e4242b0c18d74) --- libswresample/rematrix.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libswresample/rematrix.c b/libswresample/rematrix.c index e146edfcf7..bf2abcfb20 100644 --- a/libswresample/rematrix.c +++ b/libswresample/rematrix.c @@ -127,6 +127,11 @@ av_cold static int auto_matrix(SwrContext *s) ) out_ch_layout = AV_CH_LAYOUT_STEREO; + if( in_ch_layout == AV_CH_LAYOUT_STEREO_DOWNMIX + && (out_ch_layout & AV_CH_LAYOUT_STEREO_DOWNMIX) == 0 + ) + in_ch_layout = AV_CH_LAYOUT_STEREO; + if(!sane_layout(in_ch_layout)){ av_get_channel_layout_string(buf, sizeof(buf), -1, s->in_ch_layout); av_log(s, AV_LOG_ERROR, "Input channel layout '%s' is not supported\n", buf); From 172a5cab8716fe1b865b741754de34a0159ad6e9 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 30 Apr 2014 04:12:29 +0200 Subject: [PATCH 243/562] avcodec/vorbisdec: try to workaround libvorbisenc bug Fixes Ticket3590 Signed-off-by: Michael Niedermayer (cherry picked from commit 0a266cb55af9794fc5cff695d35cae4111e4334f) --- libavcodec/vorbisdec.c | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/libavcodec/vorbisdec.c b/libavcodec/vorbisdec.c index d928446722..dfffc6f046 100644 --- a/libavcodec/vorbisdec.c +++ b/libavcodec/vorbisdec.c @@ -701,8 +701,7 @@ static int vorbis_parse_setup_hdr_residues(vorbis_context *vc) res_setup->partition_size = get_bits(gb, 24) + 1; /* Validations to prevent a buffer overflow later. */ if (res_setup->begin>res_setup->end || - res_setup->end > (res_setup->type == 2 ? vc->audio_channels : 1) * vc->blocksize[1] / 2 || - (res_setup->end-res_setup->begin) / res_setup->partition_size > V_MAX_PARTITIONS) { + (res_setup->end-res_setup->begin) / res_setup->partition_size > FFMIN(V_MAX_PARTITIONS, 65535)) { av_log(vc->avctx, AV_LOG_ERROR, "partition out of bounds: type, begin, end, size, blocksize: %"PRIu16", %"PRIu32", %"PRIu32", %u, %"PRIu32"\n", res_setup->type, res_setup->begin, res_setup->end, @@ -1372,6 +1371,7 @@ static av_always_inline int vorbis_residue_decode_internal(vorbis_context *vc, unsigned pass, ch_used, i, j, k, l; unsigned max_output = (ch - 1) * vlen; int ptns_to_read = vr->ptns_to_read; + int libvorbis_bug = 0; if (vr_type == 2) { for (j = 1; j < ch; ++j) @@ -1386,8 +1386,13 @@ static av_always_inline int vorbis_residue_decode_internal(vorbis_context *vc, } if (max_output > ch_left * vlen) { - av_log(vc->avctx, AV_LOG_ERROR, "Insufficient output buffer\n"); - return AVERROR_INVALIDDATA; + if (max_output <= ch_left * vlen + vr->partition_size*ch_used/ch) { + ptns_to_read--; + libvorbis_bug = 1; + } else { + av_log(vc->avctx, AV_LOG_ERROR, "Insufficient output buffer\n"); + return AVERROR_INVALIDDATA; + } } av_dlog(NULL, " residue type 0/1/2 decode begin, ch: %d cpc %d \n", ch, c_p_c); @@ -1496,6 +1501,14 @@ static av_always_inline int vorbis_residue_decode_internal(vorbis_context *vc, voffset += vr->partition_size; } } + if (libvorbis_bug && !pass) { + for (j = 0; j < ch_used; ++j) { + if (!do_not_decode[j]) { + get_vlc2(&vc->gb, vc->codebooks[vr->classbook].vlc.table, + vc->codebooks[vr->classbook].nb_bits, 3); + } + } + } } return 0; } From 03c5ccb4eefe7ac546822228a849ede7f687247a Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 30 Apr 2014 06:21:58 +0200 Subject: [PATCH 244/562] sws: dont use the optimized 410->420 unscaled conversion when height%4 Fixes Ticket3594 Signed-off-by: Michael Niedermayer (cherry picked from commit 421b21ca8a02a346ba03cea3bb2ecc33f791fc30) --- libswscale/swscale_unscaled.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libswscale/swscale_unscaled.c b/libswscale/swscale_unscaled.c index 83086f7865..957d781790 100644 --- a/libswscale/swscale_unscaled.c +++ b/libswscale/swscale_unscaled.c @@ -1222,7 +1222,7 @@ void ff_get_unscaled_swscale(SwsContext *c) c->swscale = ff_yuv2rgb_get_func_ptr(c); } - if (srcFormat == AV_PIX_FMT_YUV410P && + if (srcFormat == AV_PIX_FMT_YUV410P && !(dstH & 3) && (dstFormat == AV_PIX_FMT_YUV420P || dstFormat == AV_PIX_FMT_YUVA420P) && !(flags & SWS_BITEXACT)) { c->swscale = yvu9ToYv12Wrapper; From c5a2c26c55eb5bd0156c74bf4248c5123e97b30f Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Mon, 12 May 2014 18:12:28 +0200 Subject: [PATCH 245/562] Use Matroska document version 2 for WebM files if possible. Google's plugin for the Internet Explorer refuses to play files with another document version. Fixes ticket #3583. (cherry picked from commit ab21acecc72a0299895583cf83347ab5e2444b71) --- libavformat/matroskaenc.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/libavformat/matroskaenc.c b/libavformat/matroskaenc.c index 1a23151e83..8bc13f12e9 100644 --- a/libavformat/matroskaenc.c +++ b/libavformat/matroskaenc.c @@ -1057,7 +1057,7 @@ static int mkv_write_header(AVFormatContext *s) AVIOContext *pb = s->pb; ebml_master ebml_header, segment_info; AVDictionaryEntry *tag; - int ret, i; + int ret, i, version = 2; if (!strcmp(s->oformat->name, "webm")) mkv->mode = MODE_WEBM; else mkv->mode = MODE_MATROSKAv2; @@ -1065,7 +1065,12 @@ static int mkv_write_header(AVFormatContext *s) if (s->avoid_negative_ts < 0) s->avoid_negative_ts = 1; - for (i = 0; i < s->nb_streams; i++) + if (mkv->mode != MODE_WEBM || + av_dict_get(s->metadata, "stereo_mode", NULL, 0) || + av_dict_get(s->metadata, "alpha_mode", NULL, 0)) + version = 4; + + for (i = 0; i < s->nb_streams; i++) { if (s->streams[i]->codec->codec_id == AV_CODEC_ID_ATRAC3 || s->streams[i]->codec->codec_id == AV_CODEC_ID_COOK || s->streams[i]->codec->codec_id == AV_CODEC_ID_RA_288 || @@ -1077,6 +1082,11 @@ static int mkv_write_header(AVFormatContext *s) avcodec_get_name(s->streams[i]->codec->codec_id)); return AVERROR_PATCHWELCOME; } + if (s->streams[i]->codec->codec_id == AV_CODEC_ID_OPUS || + av_dict_get(s->streams[i]->metadata, "stereo_mode", NULL, 0) || + av_dict_get(s->streams[i]->metadata, "alpha_mode", NULL, 0)) + version = 4; + } mkv->tracks = av_mallocz(s->nb_streams * sizeof(*mkv->tracks)); if (!mkv->tracks) @@ -1088,7 +1098,7 @@ static int mkv_write_header(AVFormatContext *s) put_ebml_uint (pb, EBML_ID_EBMLMAXIDLENGTH , 4); put_ebml_uint (pb, EBML_ID_EBMLMAXSIZELENGTH , 8); put_ebml_string (pb, EBML_ID_DOCTYPE , s->oformat->name); - put_ebml_uint (pb, EBML_ID_DOCTYPEVERSION , 4); + put_ebml_uint (pb, EBML_ID_DOCTYPEVERSION , version); put_ebml_uint (pb, EBML_ID_DOCTYPEREADVERSION , 2); end_ebml_master(pb, ebml_header); From 83f58778cb6a08c16cf1589e91a84785162bcd64 Mon Sep 17 00:00:00 2001 From: Anshul Date: Wed, 14 May 2014 22:21:58 +0530 Subject: [PATCH 246/562] ffprobe: fix crash happening because of new streams occuring Fix trac ticket #3603. Signed-off-by: Stefano Sabatini (cherry picked from commit 73a60633143b7c51333a0772b45a47282ac445b6) Conflicts: ffprobe.c --- ffprobe.c | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/ffprobe.c b/ffprobe.c index 7f9c73738c..ba11060ccf 100644 --- a/ffprobe.c +++ b/ffprobe.c @@ -183,6 +183,7 @@ static const char unit_hertz_str[] = "Hz" ; static const char unit_byte_str[] = "byte" ; static const char unit_bit_per_second_str[] = "bit/s"; +static int nb_streams; static uint64_t *nb_streams_packets; static uint64_t *nb_streams_frames; static int *selected_streams; @@ -1456,6 +1457,14 @@ static void writer_register_all(void) #define print_section_header(s) writer_print_section_header(w, s) #define print_section_footer(s) writer_print_section_footer(w, s) +#define REALLOCZ_ARRAY_STREAM(ptr, cur_n, new_n) \ +{ \ + ret = av_reallocp_array(&(ptr), (new_n), sizeof(*(ptr))); \ + if (ret < 0) \ + goto end; \ + memset( (ptr) + (cur_n), 0, ((new_n) - (cur_n)) * sizeof(*(ptr)) ); \ +} + static inline void show_tags(WriterContext *wctx, AVDictionary *tags, int section_id) { AVDictionaryEntry *tag = NULL; @@ -1674,6 +1683,12 @@ static int read_interval_packets(WriterContext *w, AVFormatContext *fmt_ctx, goto end; } while (!av_read_frame(fmt_ctx, &pkt)) { + if (fmt_ctx->nb_streams > nb_streams) { + REALLOCZ_ARRAY_STREAM(nb_streams_frames, nb_streams, fmt_ctx->nb_streams); + REALLOCZ_ARRAY_STREAM(nb_streams_packets, nb_streams, fmt_ctx->nb_streams); + REALLOCZ_ARRAY_STREAM(selected_streams, nb_streams, fmt_ctx->nb_streams); + nb_streams = fmt_ctx->nb_streams; + } if (selected_streams[pkt.stream_index]) { AVRational tb = fmt_ctx->streams[pkt.stream_index]->time_base; @@ -2117,9 +2132,10 @@ static int probe_file(WriterContext *wctx, const char *filename) if (ret < 0) return ret; - nb_streams_frames = av_calloc(fmt_ctx->nb_streams, sizeof(*nb_streams_frames)); - nb_streams_packets = av_calloc(fmt_ctx->nb_streams, sizeof(*nb_streams_packets)); - selected_streams = av_calloc(fmt_ctx->nb_streams, sizeof(*selected_streams)); + nb_streams = fmt_ctx->nb_streams; + REALLOCZ_ARRAY_STREAM(nb_streams_frames,0,fmt_ctx->nb_streams); + REALLOCZ_ARRAY_STREAM(nb_streams_packets,0,fmt_ctx->nb_streams); + REALLOCZ_ARRAY_STREAM(selected_streams,0,fmt_ctx->nb_streams); for (i = 0; i < fmt_ctx->nb_streams; i++) { if (stream_specifier) { From be4d4a61b5346bec2ca9ad9aa6afa54b4bf58621 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 4 Jun 2014 05:04:13 +0200 Subject: [PATCH 247/562] avformat/avidec: allow rounding errors between scale/rate and timebase Fixes Ticket3670 Signed-off-by: Michael Niedermayer (cherry picked from commit 571ab8344a9a2864d22d01af41283cee9328b927) --- libavformat/avidec.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libavformat/avidec.c b/libavformat/avidec.c index ef2032d9f6..449c0656f6 100644 --- a/libavformat/avidec.c +++ b/libavformat/avidec.c @@ -1700,8 +1700,7 @@ static int avi_read_seek(AVFormatContext *s, int stream_index, continue; // av_assert1(st2->codec->block_align); - av_assert0((int64_t)st2->time_base.num * ast2->rate == - (int64_t)st2->time_base.den * ast2->scale); + av_assert0(fabs(av_q2d(st2->time_base) - ast2->scale / (double)ast2->rate) < av_q2d(st2->time_base) * 0.00000001); index = av_index_search_timestamp(st2, av_rescale_q(timestamp, st->time_base, From bdba204bd07356100b00bd4afac46615d562634f Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Tue, 3 Jun 2014 00:54:46 +0200 Subject: [PATCH 248/562] Do not limit blocksize when reading PCM from aiff. Fixes ticket #3695. (cherry picked from commit 763e714442e07f6430b003c8a9f4b62deaa7b3a5) --- libavformat/aiffdec.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/libavformat/aiffdec.c b/libavformat/aiffdec.c index a0b6e71c47..3da0d95b13 100644 --- a/libavformat/aiffdec.c +++ b/libavformat/aiffdec.c @@ -345,10 +345,16 @@ static int aiff_read_packet(AVFormatContext *s, return AVERROR_EOF; /* Now for that packet */ - if (st->codec->block_align >= 17) // GSM, QCLP, IMA4 + switch (st->codec->codec_id) { + case AV_CODEC_ID_ADPCM_IMA_QT: + case AV_CODEC_ID_GSM: + case AV_CODEC_ID_QDM2: + case AV_CODEC_ID_QCELP: size = st->codec->block_align; - else + break; + default: size = (MAX_SIZE / st->codec->block_align) * st->codec->block_align; + } size = FFMIN(max_size, size); res = av_get_packet(s->pb, pkt, size); if (res < 0) From 60e2f9bf8b7c1e570485dbf8ebf89cee605795cc Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Thu, 29 May 2014 08:41:15 +0200 Subject: [PATCH 249/562] avcodec/utvideodec: Increase vlc len Fixes a regression since fb3e380 similar to ticket #2661, reported by fluffrabbit at aol dot com. Signed-off-by: Michael Niedermayer (cherry picked from commit 673716c54b39eba9579a38ad222130e3f9549167) --- libavcodec/utvideodec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/utvideodec.c b/libavcodec/utvideodec.c index e3ef22d2a2..1c7677345c 100644 --- a/libavcodec/utvideodec.c +++ b/libavcodec/utvideodec.c @@ -70,7 +70,7 @@ static int build_huff(const uint8_t *src, VLC *vlc, int *fsym) code += 0x80000000u >> (he[i].len - 1); } - return ff_init_vlc_sparse(vlc, FFMIN(he[last].len, 10), last + 1, + return ff_init_vlc_sparse(vlc, FFMIN(he[last].len, 11), last + 1, bits, sizeof(*bits), sizeof(*bits), codes, sizeof(*codes), sizeof(*codes), syms, sizeof(*syms), sizeof(*syms), 0); From e8bb67c2a912618a41108c1f13178630f0f85471 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 4 Jun 2014 04:25:14 +0200 Subject: [PATCH 250/562] avcodec/h264: in the absence of recovery points, be more tolerant on accepting plain I frames Fixes: Ticket3652 Signed-off-by: Michael Niedermayer (cherry picked from commit 19c9d1e8e71da04c3ac940206619c0a2d01e5193) --- libavcodec/h264.c | 1 + libavcodec/h264.h | 2 ++ libavcodec/h264_refs.c | 2 +- libavcodec/h264_sei.c | 2 ++ 4 files changed, 6 insertions(+), 1 deletion(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index b3593c674f..807994f3f9 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -4854,6 +4854,7 @@ again: if(!idr_cleared) idr(h); // FIXME ensure we don't lose some frames if there is reordering idr_cleared = 1; + h->has_recovery_point = 1; case NAL_SLICE: init_get_bits(&hx->gb, ptr, bit_length); hx->intra_gb_ptr = diff --git a/libavcodec/h264.h b/libavcodec/h264.h index 63a343774c..447333462e 100644 --- a/libavcodec/h264.h +++ b/libavcodec/h264.h @@ -658,6 +658,8 @@ typedef struct H264Context { FPA sei_fpa; + int has_recovery_point; + int luma_weight_flag[2]; ///< 7.4.3.2 luma_weight_lX_flag int chroma_weight_flag[2]; ///< 7.4.3.2 chroma_weight_lX_flag diff --git a/libavcodec/h264_refs.c b/libavcodec/h264_refs.c index 3f29dafad9..e6228c2025 100644 --- a/libavcodec/h264_refs.c +++ b/libavcodec/h264_refs.c @@ -740,7 +740,7 @@ int ff_h264_execute_ref_pic_marking(H264Context *h, MMCO *mmco, int mmco_count) if ( err >= 0 && h->long_ref_count==0 && (h->short_ref_count<=2 || h->pps.ref_count[0] <= 1 && h->pps.ref_count[1] <= 1 && pps_count == 1) - && h->pps.ref_count[0]<=2 + (h->picture_structure != PICT_FRAME) + && h->pps.ref_count[0]<=2 + (h->picture_structure != PICT_FRAME) + (2*!h->has_recovery_point) && h->cur_pic_ptr->f.pict_type == AV_PICTURE_TYPE_I){ h->cur_pic_ptr->sync |= 1; if(!h->avctx->has_b_frames) diff --git a/libavcodec/h264_sei.c b/libavcodec/h264_sei.c index 7d5558acb3..d65f40e4cc 100644 --- a/libavcodec/h264_sei.c +++ b/libavcodec/h264_sei.c @@ -184,6 +184,8 @@ static int decode_recovery_point(H264Context *h) if (h->avctx->debug & FF_DEBUG_PICT_INFO) av_log(h->avctx, AV_LOG_DEBUG, "sei_recovery_frame_cnt: %d\n", h->sei_recovery_frame_cnt); + h->has_recovery_point = 1; + return 0; } From 992cdbc56a56ea9d6ccd6853e60107b438eb0bc3 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 6 Jun 2014 01:32:22 +0200 Subject: [PATCH 251/562] avcodec/mjpegdec: Improve intel jpeg flip heuristic Fixes Ticket3698 Signed-off-by: Michael Niedermayer (cherry picked from commit 0545ef7116db1e87894d978bfa400578652c716d) --- libavcodec/mjpegdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index bafdf3a691..ad00323556 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -1656,7 +1656,7 @@ static int mjpeg_decode_com(MJpegDecodeContext *s) s->interlace_polarity = 1; } else if (!strcmp(cbuf, "CS=ITU601")) s->cs_itu601 = 1; - else if ((!strncmp(cbuf, "Intel(R) JPEG Library, version 1", 32)) || + else if ((!strncmp(cbuf, "Intel(R) JPEG Library, version 1", 32) && s->avctx->codec_tag) || (!strncmp(cbuf, "Metasoft MJPEG Codec", 20))) s->flipped = 1; From 39256e54d1a47cbaf2aa02174953ad4f0d74bc42 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Storsj=C3=B6?= Date: Thu, 5 Jun 2014 11:56:10 +0300 Subject: [PATCH 252/562] adpcm: Fix trellis encoding of IMA QT This was broken in 095be4fb - samples+ch (for the previous non-planar case) equals &samples_p[ch][0]. The confusion probably stemmed from the IMA WAV case where it originally was &samples[avctx->channels + ch], which was correctly changed into &samples_p[ch][1]. Fixes part of Ticket3701 Signed-off-by: Michael Niedermayer (cherry picked from commit a32765c4252eb106a2ade543026ef6f59e699bfa) --- libavcodec/adpcmenc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/adpcmenc.c b/libavcodec/adpcmenc.c index 5391570de7..bfcce328ef 100644 --- a/libavcodec/adpcmenc.c +++ b/libavcodec/adpcmenc.c @@ -549,7 +549,7 @@ static int adpcm_encode_frame(AVCodecContext *avctx, AVPacket *avpkt, put_bits(&pb, 7, status->step_index); if (avctx->trellis > 0) { uint8_t buf[64]; - adpcm_compress_trellis(avctx, &samples_p[ch][1], buf, status, + adpcm_compress_trellis(avctx, &samples_p[ch][0], buf, status, 64, 1); for (i = 0; i < 64; i++) put_bits(&pb, 4, buf[i ^ 1]); From c5606c04cf049dc82f29bf59ebefa54bb05b852b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Storsj=C3=B6?= Date: Fri, 6 Jun 2014 12:03:09 +0300 Subject: [PATCH 253/562] adpcm: Write the proper predictor in trellis mode in IMA QT The actual predictor value, set by the trellis code, never was written back into the variable that was written into the block header. This was accidentally removed in b304244b. This significantly improves the audio quality of the trellis case, which was plain broken since b304244b. Encoding IMA QT with trellis still actually gives a slightly worse quality than without trellis, since the trellis encoder doesn't use the exact same way of rounding as in adpcm_ima_qt_compress_sample and adpcm_ima_qt_expand_nibble. Fixes part of Ticket3701 Signed-off-by: Michael Niedermayer (cherry picked from commit fa8f060b75bf9074792a0f9ff4ed002652ef62b8) Conflicts: tests/ref/acodec/adpcm-ima_qt-trellis --- libavcodec/adpcmenc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/adpcmenc.c b/libavcodec/adpcmenc.c index bfcce328ef..da149a3962 100644 --- a/libavcodec/adpcmenc.c +++ b/libavcodec/adpcmenc.c @@ -553,6 +553,7 @@ static int adpcm_encode_frame(AVCodecContext *avctx, AVPacket *avpkt, 64, 1); for (i = 0; i < 64; i++) put_bits(&pb, 4, buf[i ^ 1]); + status->prev_sample = status->predictor; } else { for (i = 0; i < 64; i += 2) { int t1, t2; From f3802aa3250c1b1315f17691724498ebcfd3ff15 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Sat, 21 Jun 2014 19:35:06 +0200 Subject: [PATCH 254/562] Show duration for large asf files as written in the file header. Fixes ticket #3428. (cherry picked from commit e3fd263f0b73e4425192d6dd1ab18027ecaa35db) --- libavformat/asfdec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c index d6378e97df..fe4c3f32ae 100644 --- a/libavformat/asfdec.c +++ b/libavformat/asfdec.c @@ -370,7 +370,8 @@ static int asf_read_stream_properties(AVFormatContext *s, int64_t size) if (!(asf->hdr.flags & 0x01)) { // if we aren't streaming... int64_t fsize = avio_size(pb); - if (fsize <= 0 || (int64_t)asf->hdr.file_size <= 0 || FFABS(fsize - (int64_t)asf->hdr.file_size) < 10000) + if (fsize <= 0 || (int64_t)asf->hdr.file_size <= 0 || + FFABS(fsize - (int64_t)asf->hdr.file_size) / (float)FFMIN(fsize, asf->hdr.file_size) < 0.05) st->duration = asf->hdr.play_time / (10000000 / 1000) - start_time; } From 946810d1da50b39b07af0f8102783539068214c5 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 21 Mar 2014 15:45:03 +0100 Subject: [PATCH 255/562] ffmpeg: dont call exit_program() from a signal hander This is unsafe and can deadlock amongth other things Signed-off-by: Michael Niedermayer (cherry picked from commit 9dca02ee541120de2a96c387faed9a4e033a60fd) Signed-off-by: Michael Niedermayer --- ffmpeg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ffmpeg.c b/ffmpeg.c index dba608931d..1dc9ef9b79 100644 --- a/ffmpeg.c +++ b/ffmpeg.c @@ -319,7 +319,7 @@ sigterm_handler(int sig) received_nb_signals++; term_exit(); if(received_nb_signals > 3) - exit_program(123); + exit(123); } void term_init(void) From 4201c7454551c87364a4cdcaed638b01520af635 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 22 Mar 2014 01:26:48 +0100 Subject: [PATCH 256/562] avformat/mp3enc: use av_copy_packet() Fixes double free Fixes Ticket3476 Signed-off-by: Michael Niedermayer (cherry picked from commit d003a0cd2e587a47627fd328f9fc5a484adc29f2) Signed-off-by: Michael Niedermayer --- libavformat/mp3enc.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libavformat/mp3enc.c b/libavformat/mp3enc.c index a5f672b257..209ddca1f2 100644 --- a/libavformat/mp3enc.c +++ b/libavformat/mp3enc.c @@ -414,14 +414,14 @@ static int mp3_write_packet(AVFormatContext *s, AVPacket *pkt) if (mp3->pics_to_write) { /* buffer audio packets until we get all the pictures */ AVPacketList *pktl = av_mallocz(sizeof(*pktl)); + int ret; if (!pktl) return AVERROR(ENOMEM); - pktl->pkt = *pkt; - pktl->pkt.buf = av_buffer_ref(pkt->buf); - if (!pktl->pkt.buf) { + ret = av_copy_packet(&pktl->pkt, pkt); + if (ret < 0) { av_freep(&pktl); - return AVERROR(ENOMEM); + return ret; } if (mp3->queue_end) From 2b5b21dbaca07794a8c24d2c9095117a9958f6fa Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 18 Mar 2014 00:08:54 +0100 Subject: [PATCH 257/562] avcodec: Add padding after the remaining AVFrames This limits ABI issues in case libavcodec is linked to a libavutil with larger AVFrame Which can happen if they are shiped in seperate binary packages and libavutil is upgraded A cleaner alternative would be to replace them by pointers but this would likely cause a small speedloss Signed-off-by: Michael Niedermayer (cherry picked from commit fc567ac49e17151f00f31b59030cd10f952612ef) Conflicts: libavcodec/h264.h (cherry picked from commit 618d062bd553a7d7fad194d4236913f2b0a0251e) Signed-off-by: Michael Niedermayer --- libavcodec/mpegvideo.h | 1 + libavcodec/utils.c | 1 + 2 files changed, 2 insertions(+) diff --git a/libavcodec/mpegvideo.h b/libavcodec/mpegvideo.h index 3e5ee1a082..0d3a8fea1f 100644 --- a/libavcodec/mpegvideo.h +++ b/libavcodec/mpegvideo.h @@ -96,6 +96,7 @@ struct MpegEncContext; */ typedef struct Picture{ struct AVFrame f; + uint8_t avframe_padding[1024]; // hack to allow linking to a avutil with larger AVFrame ThreadFrame tf; AVBufferRef *qscale_table_buf; diff --git a/libavcodec/utils.c b/libavcodec/utils.c index b056e834bd..c343bf1caf 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -780,6 +780,7 @@ int avcodec_default_get_buffer(AVCodecContext *avctx, AVFrame *frame) typedef struct CompatReleaseBufPriv { AVCodecContext avctx; AVFrame frame; + uint8_t avframe_padding[1024]; // hack to allow linking to a avutil with larger AVFrame } CompatReleaseBufPriv; static void compat_free_buffer(void *opaque, uint8_t *data) From b8f6069bf3988c3e30bdc601238378355a77e4c4 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 24 Mar 2014 05:01:32 +0100 Subject: [PATCH 258/562] swscale/swscale: fix integer overflow Should fix fate failure with clang ftrapv Signed-off-by: Michael Niedermayer (cherry picked from commit c9c0451224fd7bc38b4e135e99f114f80c1ae67f) Signed-off-by: Michael Niedermayer --- libswscale/swscale.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libswscale/swscale.c b/libswscale/swscale.c index 710dce3330..43bd69c171 100644 --- a/libswscale/swscale.c +++ b/libswscale/swscale.c @@ -208,8 +208,9 @@ static void lumRangeToJpeg16_c(int16_t *_dst, int width) { int i; int32_t *dst = (int32_t *) _dst; - for (i = 0; i < width; i++) - dst[i] = (FFMIN(dst[i], 30189 << 4) * 4769 - (39057361 << 2)) >> 12; + for (i = 0; i < width; i++) { + dst[i] = ((int)(FFMIN(dst[i], 30189 << 4) * 4769U - (39057361 << 2))) >> 12; + } } static void lumRangeFromJpeg16_c(int16_t *_dst, int width) From 998b5ac3a04358e8d6583dfb8db44ec98390b433 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 24 Mar 2014 22:04:52 +0100 Subject: [PATCH 259/562] dox/scaler:fix bicubiclin typo See Ticket3486 Signed-off-by: Michael Niedermayer (cherry picked from commit 575b957758670d6094e9095acfcc24e4e32fc4a7) Signed-off-by: Michael Niedermayer --- doc/scaler.texi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/scaler.texi b/doc/scaler.texi index 08d90bcc81..f043ffd5f2 100644 --- a/doc/scaler.texi +++ b/doc/scaler.texi @@ -35,7 +35,7 @@ Select nearest neighbor rescaling algorithm. @item area Select averaging area rescaling algorithm. -@item bicubiclin +@item bicublin Select bicubic scaling algorithm for the luma component, bilinear for chroma components. From 380587cc34c2a94bab8350c52c93ca9d171ab0fe Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 25 Mar 2014 00:15:52 +0100 Subject: [PATCH 260/562] avcodec/x86/mpegvideoenc_template: fix integer overflow Signed-off-by: Michael Niedermayer --- libavcodec/x86/mpegvideoenc_template.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/x86/mpegvideoenc_template.c b/libavcodec/x86/mpegvideoenc_template.c index 1e0505ea3c..b0ba234d4b 100644 --- a/libavcodec/x86/mpegvideoenc_template.c +++ b/libavcodec/x86/mpegvideoenc_template.c @@ -216,7 +216,7 @@ static int RENAME(dct_quantize)(MpegEncContext *s, "psubusw "MM"1, "MM"4 \n\t" "packuswb "MM"4, "MM"4 \n\t" #if COMPILE_TEMPLATE_SSE2 - "packuswb "MM"4, "MM"4 \n\t" + "packsswb "MM"4, "MM"4 \n\t" #endif "movd "MM"4, %0 \n\t" // *overflow : "=g" (*overflow) From 61e5001b265b40909ebab4723688d1074a76e37f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 26 Mar 2014 18:09:23 +0100 Subject: [PATCH 261/562] avcodec/h264_mp4toannexb_bsf: prepend global headers before any in stream parameter sets Fixes h264_mp4toannexb_bsf_failure.mkv Signed-off-by: Michael Niedermayer (cherry picked from commit 289b149cecb381522cc9ccdf382825330169c655) Signed-off-by: Michael Niedermayer --- libavcodec/h264_mp4toannexb_bsf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h264_mp4toannexb_bsf.c b/libavcodec/h264_mp4toannexb_bsf.c index 58568a7a5a..7f72d2576e 100644 --- a/libavcodec/h264_mp4toannexb_bsf.c +++ b/libavcodec/h264_mp4toannexb_bsf.c @@ -178,7 +178,7 @@ static int h264_mp4toannexb_filter(AVBitStreamFilterContext *bsfc, goto fail; /* prepend only to the first type 5 NAL unit of an IDR picture */ - if (ctx->first_idr && unit_type == 5) { + if (ctx->first_idr && (unit_type == 5 || unit_type == 7 || unit_type == 8)) { if ((ret=alloc_and_copy(poutbuf, poutbuf_size, avctx->extradata, avctx->extradata_size, buf, nal_size)) < 0) From e4f9a5efa15aa49d6c8cd742d80595ed668d58cb Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 28 Mar 2014 00:03:38 +0100 Subject: [PATCH 262/562] avcodec/libx264: move where x264opts is applied down so it isnt overridden by avctx & defaults fixes x264opts opengop=1 Signed-off-by: Michael Niedermayer (cherry picked from commit 64b79141bdfdffaa9fda69eecce140473d0a9a18) Signed-off-by: Michael Niedermayer --- libavcodec/libx264.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/libavcodec/libx264.c b/libavcodec/libx264.c index 89df55fac6..39338d3f38 100644 --- a/libavcodec/libx264.c +++ b/libavcodec/libx264.c @@ -355,19 +355,6 @@ static av_cold int X264_init(AVCodecContext *avctx) OPT_STR("level", x4->level); - if(x4->x264opts){ - const char *p= x4->x264opts; - while(p){ - char param[256]={0}, val[256]={0}; - if(sscanf(p, "%255[^:=]=%255[^:]", param, val) == 1){ - OPT_STR(param, "1"); - }else - OPT_STR(param, val); - p= strchr(p, ':'); - p+=!!p; - } - } - if (avctx->i_quant_factor > 0) x4->params.rc.f_ip_factor = 1 / fabs(avctx->i_quant_factor); @@ -543,6 +530,19 @@ static av_cold int X264_init(AVCodecContext *avctx) if (avctx->flags & CODEC_FLAG_GLOBAL_HEADER) x4->params.b_repeat_headers = 0; + if(x4->x264opts){ + const char *p= x4->x264opts; + while(p){ + char param[256]={0}, val[256]={0}; + if(sscanf(p, "%255[^:=]=%255[^:]", param, val) == 1){ + OPT_STR(param, "1"); + }else + OPT_STR(param, val); + p= strchr(p, ':'); + p+=!!p; + } + } + if (x4->x264_params) { AVDictionary *dict = NULL; AVDictionaryEntry *en = NULL; From 4c9c76af8521571b3b566b0e344f5242147db3a2 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 31 Mar 2014 03:22:20 +0200 Subject: [PATCH 263/562] avfilter/vf_pullup: fix gray8 Fixes segfault Fixes Ticket3469 Signed-off-by: Michael Niedermayer (cherry picked from commit e818ee090ac53d1b333a7d6a45274f75cf1a71a1) Signed-off-by: Michael Niedermayer --- libavfilter/vf_pullup.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavfilter/vf_pullup.c b/libavfilter/vf_pullup.c index 4ad441f996..80f448bc1d 100644 --- a/libavfilter/vf_pullup.c +++ b/libavfilter/vf_pullup.c @@ -235,6 +235,8 @@ static int alloc_buffer(PullupContext *s, PullupBuffer *b) for (i = 0; i < s->nb_planes; i++) { b->planes[i] = av_malloc(s->planeheight[i] * s->planewidth[i]); } + if (s->nb_planes == 1) + b->planes[1] = av_malloc(4*256); return 0; } From c5085a0301434347765152e5151c94eb1e300159 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 3 Apr 2014 23:46:25 +0200 Subject: [PATCH 264/562] avcodec/h264: clear cur_pic structure instead of duplicating it in ff_h264_update_thread_context() Fixes crash Found-by: iive Signed-off-by: Michael Niedermayer (cherry picked from commit 8710ee11d75eebc17e7d63bc6ffb91766933bd68) Conflicts: libavcodec/h264_slice.c (cherry picked from commit cb44d69665596d2f19e032fc852162b0a6de0562) Signed-off-by: Michael Niedermayer --- libavcodec/h264.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 807994f3f9..99f463cb5d 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -1799,6 +1799,7 @@ static int decode_update_thread_context(AVCodecContext *dst, memset(&h->mb, 0, sizeof(h->mb)); memset(&h->mb_luma_dc, 0, sizeof(h->mb_luma_dc)); memset(&h->mb_padding, 0, sizeof(h->mb_padding)); + memset(&h->cur_pic, 0, sizeof(h->cur_pic)); h->avctx = dst; h->DPB = NULL; From 46b64d9818848f8df086c8f6c0f98b54cedaa9bb Mon Sep 17 00:00:00 2001 From: Lukasz Marek Date: Fri, 4 Apr 2014 19:28:45 +0200 Subject: [PATCH 265/562] lavu/opt: validate range before dereference This change make error handling simplier. av_opt_freep_ranges may be called when some ranges are NULL, for example after memory allocation fail. Signed-off-by: Lukasz Marek Signed-off-by: Michael Niedermayer (cherry picked from commit 3aac5fcfa9d3748659d78ab2a66d0ccce22cfd4f) Signed-off-by: Michael Niedermayer --- libavutil/opt.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libavutil/opt.c b/libavutil/opt.c index a367dbbbcb..85435dd8fa 100644 --- a/libavutil/opt.c +++ b/libavutil/opt.c @@ -1507,8 +1507,10 @@ void av_opt_freep_ranges(AVOptionRanges **rangesp) for (i = 0; i < ranges->nb_ranges; i++) { AVOptionRange *range = ranges->range[i]; - av_freep(&range->str); - av_freep(&ranges->range[i]); + if (range) { + av_freep(&range->str); + av_freep(&ranges->range[i]); + } } av_freep(&ranges->range); av_freep(rangesp); From 861732246ff26186cbaa12edfcdb40abd2fd81b1 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 5 Apr 2014 21:34:03 +0200 Subject: [PATCH 266/562] avcodec/wma: use av_freep(), do not leave stale pointers in memory Signed-off-by: Michael Niedermayer (cherry picked from commit d167faafe9dfa0b82bebb267c3c4e5fa5286bd67) Signed-off-by: Michael Niedermayer --- libavcodec/wma.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavcodec/wma.c b/libavcodec/wma.c index 0122ee6fe3..b6d6351acf 100644 --- a/libavcodec/wma.c +++ b/libavcodec/wma.c @@ -386,9 +386,9 @@ int ff_wma_end(AVCodecContext *avctx) } for (i = 0; i < 2; i++) { ff_free_vlc(&s->coef_vlc[i]); - av_free(s->run_table[i]); - av_free(s->level_table[i]); - av_free(s->int_table[i]); + av_freep(&s->run_table[i]); + av_freep(&s->level_table[i]); + av_freep(&s->int_table[i]); } return 0; From 9c83914a1fd6bb9d19d5d81a4c25264176c2c25c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 6 Apr 2014 04:01:24 +0200 Subject: [PATCH 267/562] avcodec/msrle: check return code for success before use The check is possibly redundant, but better to check for errors that dont occur than to skip the check and crash Fixes CID1197060 Signed-off-by: Michael Niedermayer (cherry picked from commit 754f84663e8b3a88fa2e953b195d59230393fb8d) Signed-off-by: Michael Niedermayer --- libavcodec/msrle.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/msrle.c b/libavcodec/msrle.c index 750e54ae99..9f0cac61e3 100644 --- a/libavcodec/msrle.c +++ b/libavcodec/msrle.c @@ -116,6 +116,9 @@ static int msrle_decode_frame(AVCodecContext *avctx, uint8_t *buf = avpkt->data + (avctx->height-1)*istride; int i, j; + if (linesize < 0) + return linesize; + for (i = 0; i < avctx->height; i++) { if (avctx->bits_per_coded_sample == 4) { for (j = 0; j < avctx->width - 1; j += 2) { From 37f854f5b958486c2ca215cd54b60728d94e224f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 8 Apr 2014 00:19:07 +0200 Subject: [PATCH 268/562] swresample/resample: Limit filter length Related to CID1197063 The limit choosen is arbitrary and much larger than what makes sense. It avoids the need for checking arithmetic operations with the length for overflow Signed-off-by: Michael Niedermayer (cherry picked from commit f9158b01d0f3effb58e87fb07db0382bc1e47de5) Signed-off-by: Michael Niedermayer --- libswresample/resample.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libswresample/resample.c b/libswresample/resample.c index 8b1b6ca9af..b968447444 100644 --- a/libswresample/resample.c +++ b/libswresample/resample.c @@ -229,6 +229,11 @@ static ResampleContext *resample_init(ResampleContext *c, int out_rate, int in_r av_assert0(0); } + if (filter_size/factor > INT32_MAX/256) { + av_log(NULL, AV_LOG_ERROR, "Filter length too large\n"); + goto error; + } + c->phase_shift = phase_shift; c->phase_mask = phase_count - 1; c->linear = linear; From 15871a90aa427158335a7214dc53e8c07cafd6d3 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 8 Apr 2014 00:29:06 +0200 Subject: [PATCH 269/562] swresample/dither: use av_malloc_array() Signed-off-by: Michael Niedermayer (cherry picked from commit a5290cb1ac047851563da7aca06569e3ada55f79) Signed-off-by: Michael Niedermayer --- libswresample/dither.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libswresample/dither.c b/libswresample/dither.c index 7cbe410557..b8b592a7ce 100644 --- a/libswresample/dither.c +++ b/libswresample/dither.c @@ -26,7 +26,7 @@ void swri_get_dither(SwrContext *s, void *dst, int len, unsigned seed, enum AVSampleFormat noise_fmt) { double scale = s->dither.noise_scale; #define TMP_EXTRA 2 - double *tmp = av_malloc((len + TMP_EXTRA) * sizeof(double)); + double *tmp = av_malloc_array(len + TMP_EXTRA, sizeof(double)); int i; for(i=0; i Date: Tue, 8 Apr 2014 00:29:26 +0200 Subject: [PATCH 270/562] swresample/resample: use av_malloc_array() where appropriate Signed-off-by: Michael Niedermayer (cherry picked from commit 5027f39712fdce25b9008e72d52e5abfeefd5fe6) Signed-off-by: Michael Niedermayer --- libswresample/resample.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libswresample/resample.c b/libswresample/resample.c index b968447444..65fd817be9 100644 --- a/libswresample/resample.c +++ b/libswresample/resample.c @@ -95,7 +95,7 @@ static int build_filter(ResampleContext *c, void *filter, double factor, int tap int filter_type, int kaiser_beta){ int ph, i; double x, y, w; - double *tab = av_malloc(tap_count * sizeof(*tab)); + double *tab = av_malloc_array(tap_count, sizeof(*tab)); const int center= (tap_count-1)/2; if (!tab) From 6729193886519b779c43c738728f9c02c89d05bb Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 8 Apr 2014 18:12:12 +0200 Subject: [PATCH 271/562] swscale/x86/swscale_template: loose hardcoded dstw_offset Signed-off-by: Michael Niedermayer (cherry picked from commit f6759d9ad4a8b71e6f212ca4f1e7da9fa56d3298) Signed-off-by: Michael Niedermayer --- libswscale/x86/swscale_template.c | 78 +++++++++++++++---------------- 1 file changed, 37 insertions(+), 41 deletions(-) diff --git a/libswscale/x86/swscale_template.c b/libswscale/x86/swscale_template.c index c7a1bb46d9..c72104bd09 100644 --- a/libswscale/x86/swscale_template.c +++ b/libswscale/x86/swscale_template.c @@ -332,7 +332,7 @@ static void RENAME(yuv2yuvX)(const int16_t *filter, int filterSize, MOVNTQ( q3, 24(dst, index, 4))\ \ "add $8, "#index" \n\t"\ - "cmp "#dstw", "#index" \n\t"\ + "cmp "dstw", "#index" \n\t"\ " jb 1b \n\t" #define WRITEBGR32(dst, dstw, index, b, g, r, a, q0, q2, q3, t) REAL_WRITEBGR32(dst, dstw, index, b, g, r, a, q0, q2, q3, t) @@ -358,13 +358,13 @@ static void RENAME(yuv2rgb32_X_ar)(SwsContext *c, const int16_t *lumFilter, "psraw $3, %%mm1 \n\t" "psraw $3, %%mm7 \n\t" "packuswb %%mm7, %%mm1 \n\t" - WRITEBGR32(%4, %5, %%REGa, %%mm3, %%mm4, %%mm5, %%mm1, %%mm0, %%mm7, %%mm2, %%mm6) + WRITEBGR32(%4, "%5", %%REGa, %%mm3, %%mm4, %%mm5, %%mm1, %%mm0, %%mm7, %%mm2, %%mm6) YSCALEYUV2PACKEDX_END } else { YSCALEYUV2PACKEDX_ACCURATE YSCALEYUV2RGBX "pcmpeqd %%mm7, %%mm7 \n\t" - WRITEBGR32(%4, %5, %%REGa, %%mm2, %%mm4, %%mm5, %%mm7, %%mm0, %%mm1, %%mm3, %%mm6) + WRITEBGR32(%4, "%5", %%REGa, %%mm2, %%mm4, %%mm5, %%mm7, %%mm0, %%mm1, %%mm3, %%mm6) YSCALEYUV2PACKEDX_END } } @@ -387,13 +387,13 @@ static void RENAME(yuv2rgb32_X)(SwsContext *c, const int16_t *lumFilter, "psraw $3, %%mm1 \n\t" "psraw $3, %%mm7 \n\t" "packuswb %%mm7, %%mm1 \n\t" - WRITEBGR32(%4, %5, %%REGa, %%mm2, %%mm4, %%mm5, %%mm1, %%mm0, %%mm7, %%mm3, %%mm6) + WRITEBGR32(%4, "%5", %%REGa, %%mm2, %%mm4, %%mm5, %%mm1, %%mm0, %%mm7, %%mm3, %%mm6) YSCALEYUV2PACKEDX_END } else { YSCALEYUV2PACKEDX YSCALEYUV2RGBX "pcmpeqd %%mm7, %%mm7 \n\t" - WRITEBGR32(%4, %5, %%REGa, %%mm2, %%mm4, %%mm5, %%mm7, %%mm0, %%mm1, %%mm3, %%mm6) + WRITEBGR32(%4, "%5", %%REGa, %%mm2, %%mm4, %%mm5, %%mm7, %%mm0, %%mm1, %%mm3, %%mm6) YSCALEYUV2PACKEDX_END } } @@ -422,7 +422,7 @@ static void RENAME(yuv2rgb32_X)(SwsContext *c, const int16_t *lumFilter, MOVNTQ(%%mm1, 8(dst, index, 2))\ \ "add $8, "#index" \n\t"\ - "cmp "#dstw", "#index" \n\t"\ + "cmp "dstw", "#index" \n\t"\ " jb 1b \n\t" #define WRITERGB16(dst, dstw, index) REAL_WRITERGB16(dst, dstw, index) @@ -446,7 +446,7 @@ static void RENAME(yuv2rgb565_X_ar)(SwsContext *c, const int16_t *lumFilter, "paddusb "GREEN_DITHER"(%0), %%mm4\n\t" "paddusb "RED_DITHER"(%0), %%mm5\n\t" #endif - WRITERGB16(%4, %5, %%REGa) + WRITERGB16(%4, "%5", %%REGa) YSCALEYUV2PACKEDX_END } @@ -470,7 +470,7 @@ static void RENAME(yuv2rgb565_X)(SwsContext *c, const int16_t *lumFilter, "paddusb "GREEN_DITHER"(%0), %%mm4 \n\t" "paddusb "RED_DITHER"(%0), %%mm5 \n\t" #endif - WRITERGB16(%4, %5, %%REGa) + WRITERGB16(%4, "%5", %%REGa) YSCALEYUV2PACKEDX_END } @@ -499,7 +499,7 @@ static void RENAME(yuv2rgb565_X)(SwsContext *c, const int16_t *lumFilter, MOVNTQ(%%mm1, 8(dst, index, 2))\ \ "add $8, "#index" \n\t"\ - "cmp "#dstw", "#index" \n\t"\ + "cmp "dstw", "#index" \n\t"\ " jb 1b \n\t" #define WRITERGB15(dst, dstw, index) REAL_WRITERGB15(dst, dstw, index) @@ -523,7 +523,7 @@ static void RENAME(yuv2rgb555_X_ar)(SwsContext *c, const int16_t *lumFilter, "paddusb "GREEN_DITHER"(%0), %%mm4\n\t" "paddusb "RED_DITHER"(%0), %%mm5\n\t" #endif - WRITERGB15(%4, %5, %%REGa) + WRITERGB15(%4, "%5", %%REGa) YSCALEYUV2PACKEDX_END } @@ -547,7 +547,7 @@ static void RENAME(yuv2rgb555_X)(SwsContext *c, const int16_t *lumFilter, "paddusb "GREEN_DITHER"(%0), %%mm4 \n\t" "paddusb "RED_DITHER"(%0), %%mm5 \n\t" #endif - WRITERGB15(%4, %5, %%REGa) + WRITERGB15(%4, "%5", %%REGa) YSCALEYUV2PACKEDX_END } @@ -601,7 +601,7 @@ static void RENAME(yuv2rgb555_X)(SwsContext *c, const int16_t *lumFilter, "add $24, "#dst" \n\t"\ \ "add $8, "#index" \n\t"\ - "cmp "#dstw", "#index" \n\t"\ + "cmp "dstw", "#index" \n\t"\ " jb 1b \n\t" #define WRITEBGR24MMXEXT(dst, dstw, index) \ @@ -649,7 +649,7 @@ static void RENAME(yuv2rgb555_X)(SwsContext *c, const int16_t *lumFilter, "add $24, "#dst" \n\t"\ \ "add $8, "#index" \n\t"\ - "cmp "#dstw", "#index" \n\t"\ + "cmp "dstw", "#index" \n\t"\ " jb 1b \n\t" #if COMPILE_TEMPLATE_MMXEXT @@ -676,7 +676,7 @@ static void RENAME(yuv2bgr24_X_ar)(SwsContext *c, const int16_t *lumFilter, "pxor %%mm7, %%mm7 \n\t" "lea (%%"REG_a", %%"REG_a", 2), %%"REG_c"\n\t" //FIXME optimize "add %4, %%"REG_c" \n\t" - WRITEBGR24(%%REGc, %5, %%REGa) + WRITEBGR24(%%REGc, "%5", %%REGa) :: "r" (&c->redDither), "m" (dummy), "m" (dummy), "m" (dummy), "r" (dest), "m" (dstW_reg), "m"(uv_off) @@ -700,7 +700,7 @@ static void RENAME(yuv2bgr24_X)(SwsContext *c, const int16_t *lumFilter, "pxor %%mm7, %%mm7 \n\t" "lea (%%"REG_a", %%"REG_a", 2), %%"REG_c" \n\t" //FIXME optimize "add %4, %%"REG_c" \n\t" - WRITEBGR24(%%REGc, %5, %%REGa) + WRITEBGR24(%%REGc, "%5", %%REGa) :: "r" (&c->redDither), "m" (dummy), "m" (dummy), "m" (dummy), "r" (dest), "m" (dstW_reg), "m"(uv_off) @@ -721,7 +721,7 @@ static void RENAME(yuv2bgr24_X)(SwsContext *c, const int16_t *lumFilter, MOVNTQ(%%mm7, 8(dst, index, 2))\ \ "add $8, "#index" \n\t"\ - "cmp "#dstw", "#index" \n\t"\ + "cmp "dstw", "#index" \n\t"\ " jb 1b \n\t" #define WRITEYUY2(dst, dstw, index) REAL_WRITEYUY2(dst, dstw, index) @@ -742,7 +742,7 @@ static void RENAME(yuv2yuyv422_X_ar)(SwsContext *c, const int16_t *lumFilter, "psraw $3, %%mm4 \n\t" "psraw $3, %%mm1 \n\t" "psraw $3, %%mm7 \n\t" - WRITEYUY2(%4, %5, %%REGa) + WRITEYUY2(%4, "%5", %%REGa) YSCALEYUV2PACKEDX_END } @@ -763,7 +763,7 @@ static void RENAME(yuv2yuyv422_X)(SwsContext *c, const int16_t *lumFilter, "psraw $3, %%mm4 \n\t" "psraw $3, %%mm1 \n\t" "psraw $3, %%mm7 \n\t" - WRITEYUY2(%4, %5, %%REGa) + WRITEYUY2(%4, "%5", %%REGa) YSCALEYUV2PACKEDX_END } @@ -864,7 +864,7 @@ static void RENAME(yuv2rgb32_2)(SwsContext *c, const int16_t *buf[2], "psraw $3, %%mm1 \n\t" /* abuf0[eax] - abuf1[eax] >>7*/ "psraw $3, %%mm7 \n\t" /* abuf0[eax] - abuf1[eax] >>7*/ "packuswb %%mm7, %%mm1 \n\t" - WRITEBGR32(%4, 8280(%5), %%r8, %%mm2, %%mm4, %%mm5, %%mm1, %%mm0, %%mm7, %%mm3, %%mm6) + WRITEBGR32(%4, DSTW_OFFSET"(%5)", %%r8, %%mm2, %%mm4, %%mm5, %%mm1, %%mm0, %%mm7, %%mm3, %%mm6) :: "c" (buf0), "d" (buf1), "S" (ubuf0), "D" (ubuf1), "r" (dest), "a" (&c->redDither), "r" (abuf0), "r" (abuf1) @@ -888,7 +888,7 @@ static void RENAME(yuv2rgb32_2)(SwsContext *c, const int16_t *buf[2], "packuswb %%mm7, %%mm1 \n\t" "pop %1 \n\t" "pop %0 \n\t" - WRITEBGR32(%%REGb, 8280(%5), %%REGBP, %%mm2, %%mm4, %%mm5, %%mm1, %%mm0, %%mm7, %%mm3, %%mm6) + WRITEBGR32(%%REGb, DSTW_OFFSET"(%5)", %%REGBP, %%mm2, %%mm4, %%mm5, %%mm1, %%mm0, %%mm7, %%mm3, %%mm6) "pop %%"REG_BP" \n\t" "mov "ESP_OFFSET"(%5), %%"REG_b" \n\t" :: "c" (buf0), "d" (buf1), "S" (ubuf0), "D" (ubuf1), "m" (dest), @@ -902,7 +902,7 @@ static void RENAME(yuv2rgb32_2)(SwsContext *c, const int16_t *buf[2], "push %%"REG_BP" \n\t" YSCALEYUV2RGB(%%REGBP, %5) "pcmpeqd %%mm7, %%mm7 \n\t" - WRITEBGR32(%%REGb, 8280(%5), %%REGBP, %%mm2, %%mm4, %%mm5, %%mm7, %%mm0, %%mm1, %%mm3, %%mm6) + WRITEBGR32(%%REGb, DSTW_OFFSET"(%5)", %%REGBP, %%mm2, %%mm4, %%mm5, %%mm7, %%mm0, %%mm1, %%mm3, %%mm6) "pop %%"REG_BP" \n\t" "mov "ESP_OFFSET"(%5), %%"REG_b" \n\t" :: "c" (buf0), "d" (buf1), "S" (ubuf0), "D" (ubuf1), "m" (dest), @@ -919,14 +919,13 @@ static void RENAME(yuv2bgr24_2)(SwsContext *c, const int16_t *buf[2], const int16_t *buf0 = buf[0], *buf1 = buf[1], *ubuf0 = ubuf[0], *ubuf1 = ubuf[1]; - //Note 8280 == DSTW_OFFSET but the preprocessor can't handle that there :( __asm__ volatile( "mov %%"REG_b", "ESP_OFFSET"(%5) \n\t" "mov %4, %%"REG_b" \n\t" "push %%"REG_BP" \n\t" YSCALEYUV2RGB(%%REGBP, %5) "pxor %%mm7, %%mm7 \n\t" - WRITEBGR24(%%REGb, 8280(%5), %%REGBP) + WRITEBGR24(%%REGb, DSTW_OFFSET"(%5)", %%REGBP) "pop %%"REG_BP" \n\t" "mov "ESP_OFFSET"(%5), %%"REG_b" \n\t" :: "c" (buf0), "d" (buf1), "S" (ubuf0), "D" (ubuf1), "m" (dest), @@ -942,7 +941,6 @@ static void RENAME(yuv2rgb555_2)(SwsContext *c, const int16_t *buf[2], const int16_t *buf0 = buf[0], *buf1 = buf[1], *ubuf0 = ubuf[0], *ubuf1 = ubuf[1]; - //Note 8280 == DSTW_OFFSET but the preprocessor can't handle that there :( __asm__ volatile( "mov %%"REG_b", "ESP_OFFSET"(%5) \n\t" "mov %4, %%"REG_b" \n\t" @@ -955,7 +953,7 @@ static void RENAME(yuv2rgb555_2)(SwsContext *c, const int16_t *buf[2], "paddusb "GREEN_DITHER"(%5), %%mm4 \n\t" "paddusb "RED_DITHER"(%5), %%mm5 \n\t" #endif - WRITERGB15(%%REGb, 8280(%5), %%REGBP) + WRITERGB15(%%REGb, DSTW_OFFSET"(%5)", %%REGBP) "pop %%"REG_BP" \n\t" "mov "ESP_OFFSET"(%5), %%"REG_b" \n\t" :: "c" (buf0), "d" (buf1), "S" (ubuf0), "D" (ubuf1), "m" (dest), @@ -971,7 +969,6 @@ static void RENAME(yuv2rgb565_2)(SwsContext *c, const int16_t *buf[2], const int16_t *buf0 = buf[0], *buf1 = buf[1], *ubuf0 = ubuf[0], *ubuf1 = ubuf[1]; - //Note 8280 == DSTW_OFFSET but the preprocessor can't handle that there :( __asm__ volatile( "mov %%"REG_b", "ESP_OFFSET"(%5) \n\t" "mov %4, %%"REG_b" \n\t" @@ -984,7 +981,7 @@ static void RENAME(yuv2rgb565_2)(SwsContext *c, const int16_t *buf[2], "paddusb "GREEN_DITHER"(%5), %%mm4 \n\t" "paddusb "RED_DITHER"(%5), %%mm5 \n\t" #endif - WRITERGB16(%%REGb, 8280(%5), %%REGBP) + WRITERGB16(%%REGb, DSTW_OFFSET"(%5)", %%REGBP) "pop %%"REG_BP" \n\t" "mov "ESP_OFFSET"(%5), %%"REG_b" \n\t" :: "c" (buf0), "d" (buf1), "S" (ubuf0), "D" (ubuf1), "m" (dest), @@ -1040,13 +1037,12 @@ static void RENAME(yuv2yuyv422_2)(SwsContext *c, const int16_t *buf[2], const int16_t *buf0 = buf[0], *buf1 = buf[1], *ubuf0 = ubuf[0], *ubuf1 = ubuf[1]; - //Note 8280 == DSTW_OFFSET but the preprocessor can't handle that there :( __asm__ volatile( "mov %%"REG_b", "ESP_OFFSET"(%5) \n\t" "mov %4, %%"REG_b" \n\t" "push %%"REG_BP" \n\t" YSCALEYUV2PACKED(%%REGBP, %5) - WRITEYUY2(%%REGb, 8280(%5), %%REGBP) + WRITEYUY2(%%REGb, DSTW_OFFSET"(%5)", %%REGBP) "pop %%"REG_BP" \n\t" "mov "ESP_OFFSET"(%5), %%"REG_b" \n\t" :: "c" (buf0), "d" (buf1), "S" (ubuf0), "D" (ubuf1), "m" (dest), @@ -1189,7 +1185,7 @@ static void RENAME(yuv2rgb32_1)(SwsContext *c, const int16_t *buf0, "push %%"REG_BP" \n\t" YSCALEYUV2RGB1(%%REGBP, %5) YSCALEYUV2RGB1_ALPHA(%%REGBP) - WRITEBGR32(%%REGb, 8280(%5), %%REGBP, %%mm2, %%mm4, %%mm5, %%mm7, %%mm0, %%mm1, %%mm3, %%mm6) + WRITEBGR32(%%REGb, DSTW_OFFSET"(%5)", %%REGBP, %%mm2, %%mm4, %%mm5, %%mm7, %%mm0, %%mm1, %%mm3, %%mm6) "pop %%"REG_BP" \n\t" "mov "ESP_OFFSET"(%5), %%"REG_b" \n\t" :: "c" (buf0), "d" (abuf0), "S" (ubuf0), "D" (ubuf1), "m" (dest), @@ -1202,7 +1198,7 @@ static void RENAME(yuv2rgb32_1)(SwsContext *c, const int16_t *buf0, "push %%"REG_BP" \n\t" YSCALEYUV2RGB1(%%REGBP, %5) "pcmpeqd %%mm7, %%mm7 \n\t" - WRITEBGR32(%%REGb, 8280(%5), %%REGBP, %%mm2, %%mm4, %%mm5, %%mm7, %%mm0, %%mm1, %%mm3, %%mm6) + WRITEBGR32(%%REGb, DSTW_OFFSET"(%5)", %%REGBP, %%mm2, %%mm4, %%mm5, %%mm7, %%mm0, %%mm1, %%mm3, %%mm6) "pop %%"REG_BP" \n\t" "mov "ESP_OFFSET"(%5), %%"REG_b" \n\t" :: "c" (buf0), "d" (buf1), "S" (ubuf0), "D" (ubuf1), "m" (dest), @@ -1218,7 +1214,7 @@ static void RENAME(yuv2rgb32_1)(SwsContext *c, const int16_t *buf0, "push %%"REG_BP" \n\t" YSCALEYUV2RGB1b(%%REGBP, %5) YSCALEYUV2RGB1_ALPHA(%%REGBP) - WRITEBGR32(%%REGb, 8280(%5), %%REGBP, %%mm2, %%mm4, %%mm5, %%mm7, %%mm0, %%mm1, %%mm3, %%mm6) + WRITEBGR32(%%REGb, DSTW_OFFSET"(%5)", %%REGBP, %%mm2, %%mm4, %%mm5, %%mm7, %%mm0, %%mm1, %%mm3, %%mm6) "pop %%"REG_BP" \n\t" "mov "ESP_OFFSET"(%5), %%"REG_b" \n\t" :: "c" (buf0), "d" (abuf0), "S" (ubuf0), "D" (ubuf1), "m" (dest), @@ -1231,7 +1227,7 @@ static void RENAME(yuv2rgb32_1)(SwsContext *c, const int16_t *buf0, "push %%"REG_BP" \n\t" YSCALEYUV2RGB1b(%%REGBP, %5) "pcmpeqd %%mm7, %%mm7 \n\t" - WRITEBGR32(%%REGb, 8280(%5), %%REGBP, %%mm2, %%mm4, %%mm5, %%mm7, %%mm0, %%mm1, %%mm3, %%mm6) + WRITEBGR32(%%REGb, DSTW_OFFSET"(%5)", %%REGBP, %%mm2, %%mm4, %%mm5, %%mm7, %%mm0, %%mm1, %%mm3, %%mm6) "pop %%"REG_BP" \n\t" "mov "ESP_OFFSET"(%5), %%"REG_b" \n\t" :: "c" (buf0), "d" (buf1), "S" (ubuf0), "D" (ubuf1), "m" (dest), @@ -1257,7 +1253,7 @@ static void RENAME(yuv2bgr24_1)(SwsContext *c, const int16_t *buf0, "push %%"REG_BP" \n\t" YSCALEYUV2RGB1(%%REGBP, %5) "pxor %%mm7, %%mm7 \n\t" - WRITEBGR24(%%REGb, 8280(%5), %%REGBP) + WRITEBGR24(%%REGb, DSTW_OFFSET"(%5)", %%REGBP) "pop %%"REG_BP" \n\t" "mov "ESP_OFFSET"(%5), %%"REG_b" \n\t" :: "c" (buf0), "d" (buf1), "S" (ubuf0), "D" (ubuf1), "m" (dest), @@ -1271,7 +1267,7 @@ static void RENAME(yuv2bgr24_1)(SwsContext *c, const int16_t *buf0, "push %%"REG_BP" \n\t" YSCALEYUV2RGB1b(%%REGBP, %5) "pxor %%mm7, %%mm7 \n\t" - WRITEBGR24(%%REGb, 8280(%5), %%REGBP) + WRITEBGR24(%%REGb, DSTW_OFFSET"(%5)", %%REGBP) "pop %%"REG_BP" \n\t" "mov "ESP_OFFSET"(%5), %%"REG_b" \n\t" :: "c" (buf0), "d" (buf1), "S" (ubuf0), "D" (ubuf1), "m" (dest), @@ -1302,7 +1298,7 @@ static void RENAME(yuv2rgb555_1)(SwsContext *c, const int16_t *buf0, "paddusb "GREEN_DITHER"(%5), %%mm4 \n\t" "paddusb "RED_DITHER"(%5), %%mm5 \n\t" #endif - WRITERGB15(%%REGb, 8280(%5), %%REGBP) + WRITERGB15(%%REGb, DSTW_OFFSET"(%5)", %%REGBP) "pop %%"REG_BP" \n\t" "mov "ESP_OFFSET"(%5), %%"REG_b" \n\t" :: "c" (buf0), "d" (buf1), "S" (ubuf0), "D" (ubuf1), "m" (dest), @@ -1322,7 +1318,7 @@ static void RENAME(yuv2rgb555_1)(SwsContext *c, const int16_t *buf0, "paddusb "GREEN_DITHER"(%5), %%mm4 \n\t" "paddusb "RED_DITHER"(%5), %%mm5 \n\t" #endif - WRITERGB15(%%REGb, 8280(%5), %%REGBP) + WRITERGB15(%%REGb, DSTW_OFFSET"(%5)", %%REGBP) "pop %%"REG_BP" \n\t" "mov "ESP_OFFSET"(%5), %%"REG_b" \n\t" :: "c" (buf0), "d" (buf1), "S" (ubuf0), "D" (ubuf1), "m" (dest), @@ -1353,7 +1349,7 @@ static void RENAME(yuv2rgb565_1)(SwsContext *c, const int16_t *buf0, "paddusb "GREEN_DITHER"(%5), %%mm4 \n\t" "paddusb "RED_DITHER"(%5), %%mm5 \n\t" #endif - WRITERGB16(%%REGb, 8280(%5), %%REGBP) + WRITERGB16(%%REGb, DSTW_OFFSET"(%5)", %%REGBP) "pop %%"REG_BP" \n\t" "mov "ESP_OFFSET"(%5), %%"REG_b" \n\t" :: "c" (buf0), "d" (buf1), "S" (ubuf0), "D" (ubuf1), "m" (dest), @@ -1373,7 +1369,7 @@ static void RENAME(yuv2rgb565_1)(SwsContext *c, const int16_t *buf0, "paddusb "GREEN_DITHER"(%5), %%mm4 \n\t" "paddusb "RED_DITHER"(%5), %%mm5 \n\t" #endif - WRITERGB16(%%REGb, 8280(%5), %%REGBP) + WRITERGB16(%%REGb, DSTW_OFFSET"(%5)", %%REGBP) "pop %%"REG_BP" \n\t" "mov "ESP_OFFSET"(%5), %%"REG_b" \n\t" :: "c" (buf0), "d" (buf1), "S" (ubuf0), "D" (ubuf1), "m" (dest), @@ -1434,7 +1430,7 @@ static void RENAME(yuv2yuyv422_1)(SwsContext *c, const int16_t *buf0, "mov %4, %%"REG_b" \n\t" "push %%"REG_BP" \n\t" YSCALEYUV2PACKED1(%%REGBP, %5) - WRITEYUY2(%%REGb, 8280(%5), %%REGBP) + WRITEYUY2(%%REGb, DSTW_OFFSET"(%5)", %%REGBP) "pop %%"REG_BP" \n\t" "mov "ESP_OFFSET"(%5), %%"REG_b" \n\t" :: "c" (buf0), "d" (buf1), "S" (ubuf0), "D" (ubuf1), "m" (dest), @@ -1447,7 +1443,7 @@ static void RENAME(yuv2yuyv422_1)(SwsContext *c, const int16_t *buf0, "mov %4, %%"REG_b" \n\t" "push %%"REG_BP" \n\t" YSCALEYUV2PACKED1b(%%REGBP, %5) - WRITEYUY2(%%REGb, 8280(%5), %%REGBP) + WRITEYUY2(%%REGb, DSTW_OFFSET"(%5)", %%REGBP) "pop %%"REG_BP" \n\t" "mov "ESP_OFFSET"(%5), %%"REG_b" \n\t" :: "c" (buf0), "d" (buf1), "S" (ubuf0), "D" (ubuf1), "m" (dest), From 26d72b3df0ce82fed64dfcbc0889bf5b89b9c295 Mon Sep 17 00:00:00 2001 From: Anthoine Bourgeois Date: Wed, 9 Apr 2014 12:18:32 +0200 Subject: [PATCH 272/562] avcodec/dirac_arith: Fix build with PIC and stack-check options Fixes Ticket3540 The function dirac_get_arith_bit in libavcodec/dirac_arith.h can't be built with PIC and check-stack because the asm code needs 6 registers and PIC and check-stack options take 1 each and x86 is quite limited in this area. Signed-off-by: Michael Niedermayer (cherry picked from commit d8ab7f31dd819f7b3e0d460a2fa4261aaae87b98) Signed-off-by: Michael Niedermayer --- libavcodec/dirac_arith.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/dirac_arith.h b/libavcodec/dirac_arith.h index f9a8bba5fd..089c71a698 100644 --- a/libavcodec/dirac_arith.h +++ b/libavcodec/dirac_arith.h @@ -28,6 +28,7 @@ #ifndef AVCODEC_DIRAC_ARITH_H #define AVCODEC_DIRAC_ARITH_H +#include "libavutil/x86/asm.h" #include "bytestream.h" #include "get_bits.h" @@ -134,7 +135,7 @@ static inline int dirac_get_arith_bit(DiracArith *c, int ctx) range_times_prob = (c->range * prob_zero) >> 16; -#if HAVE_FAST_CMOV && HAVE_INLINE_ASM +#if HAVE_FAST_CMOV && HAVE_INLINE_ASM && HAVE_6REGS low -= range_times_prob << 16; range -= range_times_prob; bit = 0; From 9c358c6e3b3422b209c3fea18313bd33229c0858 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 20 Jun 2014 03:15:28 +0200 Subject: [PATCH 273/562] avutil/lzo: Fix integer overflow Embargoed-till: 2014-06-27 requested by researcher, but embargo broken by libav today (git and mailing list) Fixes: LMS-2014-06-16-4 Found-by: "Don A. Bailey" See: ccda51b14c0fcae2fad73a24872dce75a7964996 Signed-off-by: Michael Niedermayer (cherry picked from commit d6af26c55c1ea30f85a7d9edbc373f53be1743ee) Signed-off-by: Michael Niedermayer --- libavutil/lzo.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/libavutil/lzo.c b/libavutil/lzo.c index 221a66b9ab..82dba94771 100644 --- a/libavutil/lzo.c +++ b/libavutil/lzo.c @@ -65,8 +65,13 @@ static inline int get_len(LZOContext *c, int x, int mask) { int cnt = x & mask; if (!cnt) { - while (!(x = get_byte(c))) + while (!(x = get_byte(c))) { + if (cnt >= INT_MAX - 1000) { + c->error |= AV_LZO_ERROR; + break; + } cnt += 255; + } cnt += mask + x; } return cnt; From c33770e74bfcb4f9e604e8393c5dfa975cb58a0b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 23 Jun 2014 14:45:47 +0200 Subject: [PATCH 274/562] avutil/lzo: add asserts to be double sure against overflows These asserts cannot fail since d6af26c55c1ea30f85a7d9edbc373f53be1743ee Based-on: ccda51b14c0fcae2fad73a24872dce75a7964996 Signed-off-by: Michael Niedermayer (cherry picked from commit cf2b7c01f81c1fb3283a1390c0ca9a2f81f4f4a8) Signed-off-by: Michael Niedermayer --- libavutil/lzo.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavutil/lzo.c b/libavutil/lzo.c index 82dba94771..6104fc3085 100644 --- a/libavutil/lzo.c +++ b/libavutil/lzo.c @@ -22,6 +22,7 @@ #include #include "avutil.h" +#include "avassert.h" #include "common.h" #include "intreadwrite.h" #include "lzo.h" @@ -85,6 +86,7 @@ static inline void copy(LZOContext *c, int cnt) { register const uint8_t *src = c->in; register uint8_t *dst = c->out; + av_assert0(cnt >= 0); if (cnt > c->in_end - src) { cnt = FFMAX(c->in_end - src, 0); c->error |= AV_LZO_INPUT_DEPLETED; @@ -116,6 +118,7 @@ static inline void copy(LZOContext *c, int cnt) static inline void copy_backptr(LZOContext *c, int back, int cnt) { register uint8_t *dst = c->out; + av_assert0(cnt > 0); if (dst - c->out_start < back) { c->error |= AV_LZO_INVALID_BACKPTR; return; From d2e3afbbd16712af55f59252fa92a476e38032f0 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 14 Apr 2014 17:29:27 +0200 Subject: [PATCH 275/562] avcodec/x86/idct_sse2_xvid: fix non C99 inline function Found-by: Matt Oliver Signed-off-by: Michael Niedermayer (cherry picked from commit 46d5625f44185271862337d61cd246fd569c42a4) Signed-off-by: Michael Niedermayer --- libavcodec/x86/idct_sse2_xvid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/x86/idct_sse2_xvid.c b/libavcodec/x86/idct_sse2_xvid.c index af4790ca92..4c5e74b98f 100644 --- a/libavcodec/x86/idct_sse2_xvid.c +++ b/libavcodec/x86/idct_sse2_xvid.c @@ -343,7 +343,7 @@ DECLARE_ASM_CONST(16, int32_t, walkenIdctRounders)[] = { "movdqa %%xmm6, 4*16("dct") \n\t" \ "movdqa "SREG2", 7*16("dct") \n\t" -inline void ff_idct_xvid_sse2(short *block) +av_extern_inline void ff_idct_xvid_sse2(short *block) { __asm__ volatile( "movq "MANGLE(m127)", %%mm0 \n\t" From 5228655438198930ce3db3770130f6bad6d95422 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 16 Apr 2014 01:55:08 +0200 Subject: [PATCH 276/562] swscale/swscale: fix srcStride/srcSlice typo Fixes part of Ticket3466 Found by: Andrey_Karpov / PVS-Studio Signed-off-by: Michael Niedermayer (cherry picked from commit 14fa7fc6a81d5e59e05243cdc92108eab1b138ac) Signed-off-by: Michael Niedermayer --- libswscale/swscale.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libswscale/swscale.c b/libswscale/swscale.c index 43bd69c171..1d3e4731a5 100644 --- a/libswscale/swscale.c +++ b/libswscale/swscale.c @@ -922,7 +922,7 @@ int attribute_align_arg sws_scale(struct SwsContext *c, uint8_t *dst2[4]; uint8_t *rgb0_tmp = NULL; - if (!srcSlice || !dstStride || !dst || !srcSlice) { + if (!srcStride || !dstStride || !dst || !srcSlice) { av_log(c, AV_LOG_ERROR, "One of the input parameters to sws_scale() is NULL, please check the calling code\n"); return 0; } From 861e453996f42eb6e0c5ab995779be1360a0a0ef Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 16 Apr 2014 02:06:37 +0200 Subject: [PATCH 277/562] avcodec/mjpegen: Fix declared argument size Fixes part of Ticket3466 Found-by: Andrey_Karpov / PVS-Studio Signed-off-by: Michael Niedermayer (cherry picked from commit 256f530603ef3838a712a4fcd737b46b7bce455e) Signed-off-by: Michael Niedermayer --- libavcodec/mjpegenc.c | 2 +- libavcodec/mjpegenc.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/mjpegenc.c b/libavcodec/mjpegenc.c index eea4183b52..4abb0d3253 100644 --- a/libavcodec/mjpegenc.c +++ b/libavcodec/mjpegenc.c @@ -456,7 +456,7 @@ static void encode_block(MpegEncContext *s, int16_t *block, int n) put_bits(&s->pb, huff_size_ac[0], huff_code_ac[0]); } -void ff_mjpeg_encode_mb(MpegEncContext *s, int16_t block[6][64]) +void ff_mjpeg_encode_mb(MpegEncContext *s, int16_t block[12][64]) { int i; if (s->chroma_format == CHROMA_444) { diff --git a/libavcodec/mjpegenc.h b/libavcodec/mjpegenc.h index ce0c1cce15..041f026bba 100644 --- a/libavcodec/mjpegenc.h +++ b/libavcodec/mjpegenc.h @@ -56,6 +56,6 @@ void ff_mjpeg_encode_picture_trailer(MpegEncContext *s); void ff_mjpeg_encode_stuffing(MpegEncContext *s); void ff_mjpeg_encode_dc(MpegEncContext *s, int val, uint8_t *huff_size, uint16_t *huff_code); -void ff_mjpeg_encode_mb(MpegEncContext *s, int16_t block[6][64]); +void ff_mjpeg_encode_mb(MpegEncContext *s, int16_t block[12][64]); #endif /* AVCODEC_MJPEGENC_H */ From 1d912513703967023748f020dbb999ed6c3d83ea Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 16 Apr 2014 02:06:37 +0200 Subject: [PATCH 278/562] avformat/mpegts: Remove redundant check Fixes part of Ticket3466 Found-by: Andrey_Karpov / PVS-Studio Signed-off-by: Michael Niedermayer (cherry picked from commit ff6fa0b4b980fc5b9f7653d7b159ae02c3d95210) Signed-off-by: Michael Niedermayer --- libavformat/mpegts.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mpegts.c b/libavformat/mpegts.c index 4c0c14e0bf..ba92304b45 100644 --- a/libavformat/mpegts.c +++ b/libavformat/mpegts.c @@ -1338,7 +1338,7 @@ static void m4sl_cb(MpegTSFilter *filter, const uint8_t *section, int section_le AVStream *st; if (ts->pids[pid]->es_id != mp4_descr[i].es_id) continue; - if (!(ts->pids[pid] && ts->pids[pid]->type == MPEGTS_PES)) { + if (ts->pids[pid]->type != MPEGTS_PES) { av_log(s, AV_LOG_ERROR, "pid %x is not PES\n", pid); continue; } From ec2ce83913ca770f9f8dc5fb6052d36dc25011ed Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 16 Apr 2014 02:06:37 +0200 Subject: [PATCH 279/562] avcodec/diracdec: fix undefined behavior with shifts Fixes part of Ticket3466 Found-by: Andrey_Karpov / PVS-Studio Signed-off-by: Michael Niedermayer (cherry picked from commit b8598f6ce61ccda3f2ff0c730b009fb650e42986) Signed-off-by: Michael Niedermayer --- libavcodec/diracdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c index 4990659812..dfd3734edb 100644 --- a/libavcodec/diracdec.c +++ b/libavcodec/diracdec.c @@ -1360,8 +1360,8 @@ static int mc_subpel(DiracContext *s, DiracBlock *block, const uint8_t *src[5], motion_y >>= s->chroma_y_shift; } - mx = motion_x & ~(-1 << s->mv_precision); - my = motion_y & ~(-1 << s->mv_precision); + mx = motion_x & ~(-1U << s->mv_precision); + my = motion_y & ~(-1U << s->mv_precision); motion_x >>= s->mv_precision; motion_y >>= s->mv_precision; /* normalize subpel coordinates to epel */ From af109ff12581e616f7b3015c9c929ad6b54bdf3e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 16 Apr 2014 02:55:13 +0200 Subject: [PATCH 280/562] avcodec/g723_1: add assert to help static code analyzers Signed-off-by: Michael Niedermayer (cherry picked from commit 1457f3fd90e17745791354fbb87899fc4803085a) Signed-off-by: Michael Niedermayer --- libavcodec/g723_1.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/g723_1.c b/libavcodec/g723_1.c index 09da7665b8..e4bde2afd1 100644 --- a/libavcodec/g723_1.c +++ b/libavcodec/g723_1.c @@ -2285,7 +2285,8 @@ static int pack_bitstream(G723_1_Context *p, unsigned char *frame, int size) if (p->cur_rate == RATE_6300) { info_bits = 0; put_bits(&pb, 2, info_bits); - } + }else + av_assert0(0); put_bits(&pb, 8, p->lsp_index[2]); put_bits(&pb, 8, p->lsp_index[1]); From 90a384cde1631188fc87088ecbc6813c9885898e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 16 Apr 2014 02:06:37 +0200 Subject: [PATCH 281/562] avfilter/f_select: fix loss of precission in SAD calculation Fixes part of Ticket3466 Found-by: Andrey_Karpov / PVS-Studio Signed-off-by: Michael Niedermayer (cherry picked from commit 5a8ef3c66b762f265b05aa096105555f1d26879c) Signed-off-by: Michael Niedermayer --- libavfilter/f_select.c | 2 +- tests/ref/fate/filter-metadata-scenedetect | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/libavfilter/f_select.c b/libavfilter/f_select.c index 60cc311e5f..1baa5c23d6 100644 --- a/libavfilter/f_select.c +++ b/libavfilter/f_select.c @@ -279,7 +279,7 @@ static double get_scene_score(AVFilterContext *ctx, AVFrame *frame) p2 += 8 * linesize; } emms_c(); - mafd = nb_sad ? sad / nb_sad : 0; + mafd = nb_sad ? (double)sad / nb_sad : 0; diff = fabs(mafd - select->prev_mafd); ret = av_clipf(FFMIN(mafd, diff) / 100., 0, 1); select->prev_mafd = mafd; diff --git a/tests/ref/fate/filter-metadata-scenedetect b/tests/ref/fate/filter-metadata-scenedetect index 67251dfe60..4e70723fe8 100644 --- a/tests/ref/fate/filter-metadata-scenedetect +++ b/tests/ref/fate/filter-metadata-scenedetect @@ -1,10 +1,10 @@ pkt_pts=1620|tag:lavfi.scene_score=1.000000 -pkt_pts=4140|tag:lavfi.scene_score=0.880000 +pkt_pts=4140|tag:lavfi.scene_score=0.876043 pkt_pts=5800|tag:lavfi.scene_score=1.000000 -pkt_pts=6720|tag:lavfi.scene_score=0.460000 +pkt_pts=6720|tag:lavfi.scene_score=0.463259 pkt_pts=8160|tag:lavfi.scene_score=1.000000 pkt_pts=9760|tag:lavfi.scene_score=1.000000 -pkt_pts=14080|tag:lavfi.scene_score=0.840000 +pkt_pts=14080|tag:lavfi.scene_score=0.841420 pkt_pts=15700|tag:lavfi.scene_score=1.000000 -pkt_pts=18500|tag:lavfi.scene_score=0.470000 +pkt_pts=18500|tag:lavfi.scene_score=0.471738 pkt_pts=21760|tag:lavfi.scene_score=1.000000 From 4eb0b6c5905122745c4e42fbc0d9aa4e5c4bece1 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 16 Apr 2014 02:06:37 +0200 Subject: [PATCH 282/562] avfilter/vf_deshake: fix loss of precission with odd resolutions Fixes part of Ticket3466 Found-by: Andrey_Karpov / PVS-Studio Signed-off-by: Michael Niedermayer (cherry picked from commit 73734282e0e4df92269984ee1671424e39249481) Signed-off-by: Michael Niedermayer --- libavfilter/vf_deshake.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavfilter/vf_deshake.c b/libavfilter/vf_deshake.c index 24ac41d783..a8fe63a9b1 100644 --- a/libavfilter/vf_deshake.c +++ b/libavfilter/vf_deshake.c @@ -306,8 +306,8 @@ static void find_motion(DeshakeContext *deshake, uint8_t *src1, uint8_t *src2, //av_log(NULL, AV_LOG_ERROR, "\n"); } - p_x = (center_x - width / 2); - p_y = (center_y - height / 2); + p_x = (center_x - width / 2.0); + p_y = (center_y - height / 2.0); t->vector.x += (cos(t->angle)-1)*p_x - sin(t->angle)*p_y; t->vector.y += sin(t->angle)*p_x + (cos(t->angle)-1)*p_y; From df208d6ab93932abe792c764eac1c79a231b85fe Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 16 Apr 2014 02:06:37 +0200 Subject: [PATCH 283/562] iavcodec/vc1dec: Fix missing {} Fixes part of Ticket3466 Found-by: Andrey_Karpov / PVS-Studio Signed-off-by: Michael Niedermayer (cherry picked from commit cb53beb81a5b9192c79de401f1e1e13fadddc429) Signed-off-by: Michael Niedermayer --- libavcodec/vc1dec.c | 3 ++- tests/ref/fate/vc1_sa10143 | 28 ++++++++++++++-------------- 2 files changed, 16 insertions(+), 15 deletions(-) diff --git a/libavcodec/vc1dec.c b/libavcodec/vc1dec.c index 018f1d997c..6aa03c44c3 100644 --- a/libavcodec/vc1dec.c +++ b/libavcodec/vc1dec.c @@ -1917,9 +1917,10 @@ static void vc1_interp_mc(VC1Context *v) uvmx = (mx + ((mx & 3) == 3)) >> 1; uvmy = (my + ((my & 3) == 3)) >> 1; if (v->field_mode) { - if (v->cur_field_type != v->ref_field_type[1]) + if (v->cur_field_type != v->ref_field_type[1]) { my = my - 2 + 4 * v->cur_field_type; uvmy = uvmy - 2 + 4 * v->cur_field_type; + } } if (v->fastuvmc) { uvmx = uvmx + ((uvmx < 0) ? -(uvmx & 1) : (uvmx & 1)); diff --git a/tests/ref/fate/vc1_sa10143 b/tests/ref/fate/vc1_sa10143 index 6a5137f712..c0ecc3bb9d 100644 --- a/tests/ref/fate/vc1_sa10143 +++ b/tests/ref/fate/vc1_sa10143 @@ -1,31 +1,31 @@ #tb 0: 1/25 0, 0, 0, 1, 518400, 0x89407f55 -0, 2, 2, 1, 518400, 0x8611849c +0, 2, 2, 1, 518400, 0xaa896afd 0, 3, 3, 1, 518400, 0x0e69ff59 -0, 4, 4, 1, 518400, 0xf31adb03 +0, 4, 4, 1, 518400, 0x0c30bfa0 0, 5, 5, 1, 518400, 0x1a5b6a69 -0, 6, 6, 1, 518400, 0x6ae6232e +0, 6, 6, 1, 518400, 0x23470858 0, 7, 7, 1, 518400, 0x9a4e3c54 -0, 8, 8, 1, 518400, 0xe5852b45 +0, 8, 8, 1, 518400, 0xad63160b 0, 9, 9, 1, 518400, 0x0fcfeebc -0, 10, 10, 1, 518400, 0x06e22dc3 +0, 10, 10, 1, 518400, 0x20b31777 0, 11, 11, 1, 518400, 0x9d79df09 -0, 12, 12, 1, 518400, 0xcb2c716f +0, 12, 12, 1, 518400, 0x3e86766f 0, 13, 13, 1, 518400, 0x638a8746 -0, 14, 14, 1, 518400, 0xf7032efd +0, 14, 14, 1, 518400, 0x7a6c1a0e 0, 15, 15, 1, 518400, 0x306f6cef -0, 16, 16, 1, 518400, 0xe83d2518 +0, 16, 16, 1, 518400, 0x81f81281 0, 17, 17, 1, 518400, 0x49ab5bf5 -0, 18, 18, 1, 518400, 0x6b336b6f +0, 18, 18, 1, 518400, 0x8f316e44 0, 19, 19, 1, 518400, 0x95ae00c9 -0, 20, 20, 1, 518400, 0x68ddb64f +0, 20, 20, 1, 518400, 0xf71bb7f5 0, 21, 21, 1, 518400, 0x5205ea68 -0, 22, 22, 1, 518400, 0xb088e617 +0, 22, 22, 1, 518400, 0x74a1d8b9 0, 23, 23, 1, 518400, 0xa3217616 -0, 24, 24, 1, 518400, 0x1723bc53 +0, 24, 24, 1, 518400, 0x2b28bbf8 0, 25, 25, 1, 518400, 0xf024872a -0, 26, 26, 1, 518400, 0x2e81a8bb +0, 26, 26, 1, 518400, 0x2fdbaaf3 0, 27, 27, 1, 518400, 0xa3a2418e -0, 28, 28, 1, 518400, 0xb7beffed +0, 28, 28, 1, 518400, 0x55bfe435 0, 29, 29, 1, 518400, 0x50fb6c94 0, 30, 30, 1, 518400, 0x5584bb40 From 9cde200ba70f1c252ad6b1b5a13d7fe39626b9ed Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 21 Apr 2014 11:33:17 +0200 Subject: [PATCH 284/562] avfilter/filtfmts: Support dynamically allocated in/outputs Fixes crash Fixes Ticket3468 Signed-off-by: Michael Niedermayer (cherry picked from commit 59c7615d58b5b7ea9caff2c8c774677973eb4f1c) Signed-off-by: Michael Niedermayer --- libavfilter/filtfmts.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/libavfilter/filtfmts.c b/libavfilter/filtfmts.c index e6c9b039be..b3efa78343 100644 --- a/libavfilter/filtfmts.c +++ b/libavfilter/filtfmts.c @@ -38,7 +38,7 @@ static void print_formats(AVFilterContext *filter_ctx) for (j = 0; j < fmts->nb_formats; j++) \ if(av_get_pix_fmt_name(fmts->formats[j])) \ printf(#INOUT "PUT[%d] %s: fmt:%s\n", \ - i, filter_ctx->filter->inout##puts[i].name, \ + i, filter_ctx->inout##put_pads[i].name, \ av_get_pix_fmt_name(fmts->formats[j])); \ } else if (filter_ctx->inout##puts[i]->type == AVMEDIA_TYPE_AUDIO) { \ AVFilterFormats *fmts; \ @@ -47,7 +47,7 @@ static void print_formats(AVFilterContext *filter_ctx) fmts = filter_ctx->inout##puts[i]->outin##_formats; \ for (j = 0; j < fmts->nb_formats; j++) \ printf(#INOUT "PUT[%d] %s: fmt:%s\n", \ - i, filter_ctx->filter->inout##puts[i].name, \ + i, filter_ctx->inout##put_pads[i].name, \ av_get_sample_fmt_name(fmts->formats[j])); \ \ layouts = filter_ctx->inout##puts[i]->outin##_channel_layouts; \ @@ -56,7 +56,7 @@ static void print_formats(AVFilterContext *filter_ctx) av_get_channel_layout_string(buf, sizeof(buf), -1, \ layouts->channel_layouts[j]); \ printf(#INOUT "PUT[%d] %s: chlayout:%s\n", \ - i, filter_ctx->filter->inout##puts[i].name, buf); \ + i, filter_ctx->inout##put_pads[i].name, buf); \ } \ } \ } \ @@ -113,12 +113,12 @@ int main(int argc, char **argv) /* create a link for each of the input pads */ for (i = 0; i < filter_ctx->nb_inputs; i++) { AVFilterLink *link = av_mallocz(sizeof(AVFilterLink)); - link->type = filter_ctx->filter->inputs[i].type; + link->type = filter_ctx->input_pads[i].type; filter_ctx->inputs[i] = link; } for (i = 0; i < filter_ctx->nb_outputs; i++) { AVFilterLink *link = av_mallocz(sizeof(AVFilterLink)); - link->type = filter_ctx->filter->outputs[i].type; + link->type = filter_ctx->output_pads[i].type; filter_ctx->outputs[i] = link; } From ac182d6d8b50f5ee31df8d00868847b05a4ab61f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 23 Apr 2014 06:04:50 +0200 Subject: [PATCH 285/562] avformat/mux: Check for and remove invalid packet durations Fixes assertion failure Fixes Ticket3575 Signed-off-by: Michael Niedermayer (cherry picked from commit dc6a17cf74a90e41d70ea1753cdb70c0a5b2ced8) Signed-off-by: Michael Niedermayer --- libavformat/mux.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libavformat/mux.c b/libavformat/mux.c index eff7caab25..c012e3ab37 100644 --- a/libavformat/mux.c +++ b/libavformat/mux.c @@ -421,6 +421,12 @@ static int compute_pkt_fields2(AVFormatContext *s, AVStream *st, AVPacket *pkt) av_dlog(s, "compute_pkt_fields2: pts:%s dts:%s cur_dts:%s b:%d size:%d st:%d\n", av_ts2str(pkt->pts), av_ts2str(pkt->dts), av_ts2str(st->cur_dts), delay, pkt->size, pkt->stream_index); + if (pkt->duration < 0 && st->codec->codec_type != AVMEDIA_TYPE_SUBTITLE) { + av_log(s, AV_LOG_WARNING, "Packet with invalid duration %d in stream %d\n", + pkt->duration, pkt->stream_index); + pkt->duration = 0; + } + /* duration field */ if (pkt->duration == 0) { ff_compute_frame_duration(&num, &den, st, NULL, pkt); From d89e5b20f2b9191b71e75c105fc7c7e13ca4d61a Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 23 Apr 2014 21:47:48 +0200 Subject: [PATCH 286/562] avformat/h263dec: Fix h263 probe The code was missing 1 bit in the src format Signed-off-by: Michael Niedermayer (cherry picked from commit fc145e576a443bfc89efdf35b91fd3c9ca0d8388) Signed-off-by: Michael Niedermayer --- libavformat/h263dec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/h263dec.c b/libavformat/h263dec.c index e6e0345b69..19ed6a94ca 100644 --- a/libavformat/h263dec.c +++ b/libavformat/h263dec.c @@ -35,7 +35,7 @@ static int h263_probe(AVProbeData *p) for(i=0; ibuf_size; i++){ code = (code<<8) + p->buf[i]; if ((code & 0xfffffc0000) == 0x800000) { - src_fmt= (code>>2)&3; + src_fmt= (code>>2)&7; if( src_fmt != last_src_fmt && last_src_fmt>0 && last_src_fmt<6 && src_fmt<6) From 2b45eab4c91366abdb8c4f1a6741f560396bb18c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 27 Apr 2014 03:45:12 +0200 Subject: [PATCH 287/562] ffmpeg_filter: fix pointer to local outside scope Fixes CID1206652 Signed-off-by: Michael Niedermayer (cherry picked from commit 09b16619d33ddf93005060d0782f28a1c1cbb7f6) Signed-off-by: Michael Niedermayer --- ffmpeg_filter.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/ffmpeg_filter.c b/ffmpeg_filter.c index 461cc900fe..a33f0d497f 100644 --- a/ffmpeg_filter.c +++ b/ffmpeg_filter.c @@ -42,12 +42,15 @@ enum AVPixelFormat choose_pixel_fmt(AVStream *st, AVCodec *codec, enum AVPixelFo const AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(target); int has_alpha = desc ? desc->nb_components % 2 == 0 : 0; enum AVPixelFormat best= AV_PIX_FMT_NONE; + const enum AVPixelFormat mjpeg_formats[] = { AV_PIX_FMT_YUVJ420P, AV_PIX_FMT_YUVJ422P, AV_PIX_FMT_YUV420P, AV_PIX_FMT_YUV422P, AV_PIX_FMT_NONE }; + const enum AVPixelFormat ljpeg_formats[] = { AV_PIX_FMT_YUVJ420P, AV_PIX_FMT_YUVJ422P, AV_PIX_FMT_YUVJ444P, AV_PIX_FMT_YUV420P, + AV_PIX_FMT_YUV422P, AV_PIX_FMT_YUV444P, AV_PIX_FMT_BGRA, AV_PIX_FMT_NONE }; + if (st->codec->strict_std_compliance <= FF_COMPLIANCE_UNOFFICIAL) { if (st->codec->codec_id == AV_CODEC_ID_MJPEG) { - p = (const enum AVPixelFormat[]) { AV_PIX_FMT_YUVJ420P, AV_PIX_FMT_YUVJ422P, AV_PIX_FMT_YUV420P, AV_PIX_FMT_YUV422P, AV_PIX_FMT_NONE }; + p = mjpeg_formats; } else if (st->codec->codec_id == AV_CODEC_ID_LJPEG) { - p = (const enum AVPixelFormat[]) { AV_PIX_FMT_YUVJ420P, AV_PIX_FMT_YUVJ422P, AV_PIX_FMT_YUVJ444P, AV_PIX_FMT_YUV420P, - AV_PIX_FMT_YUV422P, AV_PIX_FMT_YUV444P, AV_PIX_FMT_BGRA, AV_PIX_FMT_NONE }; + p =ljpeg_formats; } } for (; *p != AV_PIX_FMT_NONE; p++) { From aaf6ddfa4d9da139b33dc8d3fa2cb30c92fd8c9e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 27 Apr 2014 05:32:56 +0200 Subject: [PATCH 288/562] avcodec/mjpegdec: Fix undefined shift Fixes CID1194388 Signed-off-by: Michael Niedermayer (cherry picked from commit b4329605289e25bb071ec1c1182bf25fc83b09aa) Signed-off-by: Michael Niedermayer --- libavcodec/mjpegdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index ad00323556..ddf6467095 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -1229,7 +1229,7 @@ static int mjpeg_decode_scan_progressive_ac(MJpegDecodeContext *s, int ss, } if (!Al) { - s->coefs_finished[c] |= (1LL << (se + 1)) - (1LL << ss); + s->coefs_finished[c] |= (2LL << se) - (1LL << ss); last_scan = !~s->coefs_finished[c]; } From 2a543e58ec5248406fd9e16d89cf5d7463006699 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 28 Apr 2014 04:01:50 +0200 Subject: [PATCH 289/562] avfilter/graphdump: Fix pointer to local outside scope Fixes CID1194435 Signed-off-by: Michael Niedermayer (cherry picked from commit 18af0ce62da322176f7bd283b85314d2f41bee2c) Signed-off-by: Michael Niedermayer --- libavfilter/graphdump.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavfilter/graphdump.c b/libavfilter/graphdump.c index 1b5932115b..3d702c6af5 100644 --- a/libavfilter/graphdump.c +++ b/libavfilter/graphdump.c @@ -31,9 +31,10 @@ static int print_link_prop(AVBPrint *buf, AVFilterLink *link) { char *format; char layout[64]; + AVBPrint dummy_buffer = { 0 }; if (!buf) - buf = &(AVBPrint){ 0 }; /* dummy buffer */ + buf = &dummy_buffer; switch (link->type) { case AVMEDIA_TYPE_VIDEO: format = av_x_if_null(av_get_pix_fmt_name(link->format), "?"); From 2572372f909a13c1e57ee8037fdf53abc6f89774 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 19 May 2014 06:19:23 +0200 Subject: [PATCH 290/562] avcodec/diracdec: move mc buffer allocation to per frame Fixes out of array accesses for non default buffers with large strides Signed-off-by: Michael Niedermayer (cherry picked from commit 4a30f08505a4e85718896ff233c97be41a9754ca) (cherry picked from commit 9c9fc79d9237d28e33161cb2e75082d8ad232b2e) Signed-off-by: Michael Niedermayer --- libavcodec/diracdec.c | 47 ++++++++++++++++++++++++++++++++++--------- 1 file changed, 37 insertions(+), 10 deletions(-) diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c index dfd3734edb..a9a8c27712 100644 --- a/libavcodec/diracdec.c +++ b/libavcodec/diracdec.c @@ -201,6 +201,7 @@ typedef struct DiracContext { uint16_t *mctmp; /* buffer holding the MC data multipled by OBMC weights */ uint8_t *mcscratch; + int buffer_stride; DECLARE_ALIGNED(16, uint8_t, obmc_weight)[3][MAX_BLOCKSIZE*MAX_BLOCKSIZE]; @@ -343,22 +344,44 @@ static int alloc_sequence_buffers(DiracContext *s) return AVERROR(ENOMEM); } - w = s->source.width; - h = s->source.height; - /* fixme: allocate using real stride here */ - s->sbsplit = av_malloc(sbwidth * sbheight); - s->blmotion = av_malloc(sbwidth * sbheight * 16 * sizeof(*s->blmotion)); - s->edge_emu_buffer_base = av_malloc((w+64)*MAX_BLOCKSIZE); + s->sbsplit = av_malloc_array(sbwidth, sbheight); + s->blmotion = av_malloc_array(sbwidth, sbheight * 16 * sizeof(*s->blmotion)); - s->mctmp = av_malloc((w+64+MAX_BLOCKSIZE) * (h+MAX_BLOCKSIZE) * sizeof(*s->mctmp)); - s->mcscratch = av_malloc((w+64)*MAX_BLOCKSIZE); - - if (!s->sbsplit || !s->blmotion || !s->mctmp || !s->mcscratch) + if (!s->sbsplit || !s->blmotion) return AVERROR(ENOMEM); return 0; } +static int alloc_buffers(DiracContext *s, int stride) +{ + int w = s->source.width; + int h = s->source.height; + + av_assert0(stride >= w); + stride += 64; + + if (s->buffer_stride >= stride) + return 0; + s->buffer_stride = 0; + + av_freep(&s->edge_emu_buffer_base); + memset(s->edge_emu_buffer, 0, sizeof(s->edge_emu_buffer)); + av_freep(&s->mctmp); + av_freep(&s->mcscratch); + + s->edge_emu_buffer_base = av_malloc_array(stride, MAX_BLOCKSIZE); + + s->mctmp = av_malloc_array((stride+MAX_BLOCKSIZE), (h+MAX_BLOCKSIZE) * sizeof(*s->mctmp)); + s->mcscratch = av_malloc_array(stride, MAX_BLOCKSIZE); + + if (!s->edge_emu_buffer_base || !s->mctmp || !s->mcscratch) + return AVERROR(ENOMEM); + + s->buffer_stride = stride; + return 0; +} + static void free_sequence_buffers(DiracContext *s) { int i, j, k; @@ -382,6 +405,7 @@ static void free_sequence_buffers(DiracContext *s) av_freep(&s->plane[i].idwt_tmp); } + s->buffer_stride = 0; av_freep(&s->sbsplit); av_freep(&s->blmotion); av_freep(&s->edge_emu_buffer_base); @@ -1836,6 +1860,9 @@ static int dirac_decode_data_unit(AVCodecContext *avctx, const uint8_t *buf, int s->plane[1].stride = pic->avframe->linesize[1]; s->plane[2].stride = pic->avframe->linesize[2]; + if (alloc_buffers(s, FFMAX3(FFABS(s->plane[0].stride), FFABS(s->plane[1].stride), FFABS(s->plane[2].stride))) < 0) + return AVERROR(ENOMEM); + /* [DIRAC_STD] 11.1 Picture parse. picture_parse() */ if (dirac_decode_picture_header(s)) return -1; From 6a51bd7360cb56cc5ec03d219e69d46ed56bf0c2 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 20 May 2014 05:23:52 +0200 Subject: [PATCH 291/562] avutil/cpu: force mmx on selection of higher x86 SIMD features Fixes various runtime failures with manually set flags that represent no existing CPU Fixes Ticket3653 Signed-off-by: Michael Niedermayer (cherry picked from commit 6310eb8010b7a3b3016e297132380cbd4e3d2d10) Signed-off-by: Michael Niedermayer --- libavutil/cpu.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/libavutil/cpu.c b/libavutil/cpu.c index 1dc5abb2b8..9c0c8747fa 100644 --- a/libavutil/cpu.c +++ b/libavutil/cpu.c @@ -45,6 +45,25 @@ static int flags, checked; void av_force_cpu_flags(int arg){ + if ( (arg & ( AV_CPU_FLAG_3DNOW | + AV_CPU_FLAG_3DNOWEXT | + AV_CPU_FLAG_SSE | + AV_CPU_FLAG_SSE2 | + AV_CPU_FLAG_SSE2SLOW | + AV_CPU_FLAG_SSE3 | + AV_CPU_FLAG_SSE3SLOW | + AV_CPU_FLAG_SSSE3 | + AV_CPU_FLAG_SSE4 | + AV_CPU_FLAG_SSE42 | + AV_CPU_FLAG_AVX | + AV_CPU_FLAG_XOP | + AV_CPU_FLAG_FMA4 | + AV_CPU_FLAG_AVX2 )) + && !(arg & AV_CPU_FLAG_MMX)) { + av_log(NULL, AV_LOG_WARNING, "MMX implied by specified flags\n"); + arg |= AV_CPU_FLAG_MMX; + } + flags = arg; checked = arg != -1; } From e3b6e23a0f641a72762cb6c9994425d3dcd6fdeb Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 21 May 2014 03:02:06 +0200 Subject: [PATCH 292/562] avcodec/libvorbisenc: dont add the duration to AV_NOPTS_VALUE Signed-off-by: Michael Niedermayer (cherry picked from commit 19e66c7232d96e4ae8f05b52da2b84dfaa4e4da3) Signed-off-by: Michael Niedermayer --- libavcodec/libvorbisenc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/libvorbisenc.c b/libavcodec/libvorbisenc.c index fd788b77ec..2a9f067409 100644 --- a/libavcodec/libvorbisenc.c +++ b/libavcodec/libvorbisenc.c @@ -350,7 +350,8 @@ static int oggvorbis_encode_frame(AVCodecContext *avctx, AVPacket *avpkt, avctx->delay = duration; av_assert0(!s->afq.remaining_delay); s->afq.frames->duration += duration; - s->afq.frames->pts -= duration; + if (s->afq.frames->pts != AV_NOPTS_VALUE) + s->afq.frames->pts -= duration; s->afq.remaining_samples += duration; } ff_af_queue_remove(&s->afq, duration, &avpkt->pts, &avpkt->duration); From 76838fb171ab218a8e02f73ea7488bcd8078b102 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 25 May 2014 03:19:47 +0200 Subject: [PATCH 293/562] avcodec/aac: fix () in IS_CODEBOOK_UNSIGNED macro Signed-off-by: Michael Niedermayer (cherry picked from commit fa915d4193e13187773c500b80c7df6baeb22c3b) Signed-off-by: Michael Niedermayer --- libavcodec/aac.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/aac.h b/libavcodec/aac.h index 89f463e341..1bcd95c7ad 100644 --- a/libavcodec/aac.h +++ b/libavcodec/aac.h @@ -81,7 +81,7 @@ enum BandType { INTENSITY_BT = 15, ///< Scalefactor data are intensity stereo positions. }; -#define IS_CODEBOOK_UNSIGNED(x) ((x - 1) & 10) +#define IS_CODEBOOK_UNSIGNED(x) (((x) - 1) & 10) enum ChannelPosition { AAC_CHANNEL_OFF = 0, From 60ed439334028e62ebded96c4f8721ce28e9db47 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 25 May 2014 03:27:56 +0200 Subject: [PATCH 294/562] avcodec/golomb-test: fix () in EXTEND() macro Signed-off-by: Michael Niedermayer (cherry picked from commit 97e6b5ee3a16fee7d130f19f4dcee030f14d91cf) Signed-off-by: Michael Niedermayer --- libavcodec/golomb-test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/golomb-test.c b/libavcodec/golomb-test.c index 8adcdf63d8..2dfe917144 100644 --- a/libavcodec/golomb-test.c +++ b/libavcodec/golomb-test.c @@ -58,7 +58,7 @@ int main(void) } } -#define EXTEND(i) (i << 3 | i & 7) +#define EXTEND(i) ((i) << 3 | (i) & 7) init_put_bits(&pb, temp, SIZE); for (i = 0; i < COUNT; i++) set_ue_golomb(&pb, EXTEND(i)); From a71b4209c26a3e55fe1c2a26e970cf4cf392fc57 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 25 May 2014 03:30:13 +0200 Subject: [PATCH 295/562] avcodec/h264: fix () in macros Signed-off-by: Michael Niedermayer (cherry picked from commit af62b42736c00332d39965168b5cc966a06f07d6) Signed-off-by: Michael Niedermayer --- libavcodec/h264.h | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/libavcodec/h264.h b/libavcodec/h264.h index 447333462e..872d09d6a8 100644 --- a/libavcodec/h264.h +++ b/libavcodec/h264.h @@ -61,10 +61,10 @@ #define MAX_SLICES 16 #ifdef ALLOW_INTERLACE -#define MB_MBAFF(h) h->mb_mbaff -#define MB_FIELD(h) h->mb_field_decoding_flag -#define FRAME_MBAFF(h) h->mb_aff_frame -#define FIELD_PICTURE(h) (h->picture_structure != PICT_FRAME) +#define MB_MBAFF(h) (h)->mb_mbaff +#define MB_FIELD(h) (h)->mb_field_decoding_flag +#define FRAME_MBAFF(h) (h)->mb_aff_frame +#define FIELD_PICTURE(h) ((h)->picture_structure != PICT_FRAME) #define LEFT_MBS 2 #define LTOP 0 #define LBOT 1 @@ -84,12 +84,12 @@ #define FIELD_OR_MBAFF_PICTURE(h) (FRAME_MBAFF(h) || FIELD_PICTURE(h)) #ifndef CABAC -#define CABAC(h) h->pps.cabac +#define CABAC(h) (h)->pps.cabac #endif -#define CHROMA(h) (h->sps.chroma_format_idc) -#define CHROMA422(h) (h->sps.chroma_format_idc == 2) -#define CHROMA444(h) (h->sps.chroma_format_idc == 3) +#define CHROMA(h) ((h)->sps.chroma_format_idc) +#define CHROMA422(h) ((h)->sps.chroma_format_idc == 2) +#define CHROMA444(h) ((h)->sps.chroma_format_idc == 3) #define EXTENDED_SAR 255 From ccbcb17960a35200b4c1772c89ef4c232c45dcc8 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 25 May 2014 03:39:08 +0200 Subject: [PATCH 296/562] avcodec/ivi_dsp: add some missing () to macros Signed-off-by: Michael Niedermayer (cherry picked from commit f276bf303cbb7a8fed3c388135007bc29f45f8d5) Signed-off-by: Michael Niedermayer --- libavcodec/ivi_dsp.c | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/libavcodec/ivi_dsp.c b/libavcodec/ivi_dsp.c index f5e5e6b52e..9537cb0376 100644 --- a/libavcodec/ivi_dsp.c +++ b/libavcodec/ivi_dsp.c @@ -235,15 +235,15 @@ void ff_ivi_recompose_haar(const IVIPlaneDesc *plane, uint8_t *dst, /** butterfly operation for the inverse Haar transform */ #define IVI_HAAR_BFLY(s1, s2, o1, o2, t) \ - t = (s1 - s2) >> 1;\ - o1 = (s1 + s2) >> 1;\ - o2 = t;\ + t = ((s1) - (s2)) >> 1;\ + o1 = ((s1) + (s2)) >> 1;\ + o2 = (t);\ /** inverse 8-point Haar transform */ #define INV_HAAR8(s1, s5, s3, s7, s2, s4, s6, s8,\ d1, d2, d3, d4, d5, d6, d7, d8,\ t0, t1, t2, t3, t4, t5, t6, t7, t8) {\ - t1 = s1 << 1; t5 = s5 << 1;\ + t1 = (s1) << 1; t5 = (s5) << 1;\ IVI_HAAR_BFLY(t1, t5, t1, t5, t0); IVI_HAAR_BFLY(t1, s3, t1, t3, t0);\ IVI_HAAR_BFLY(t5, s7, t5, t7, t0); IVI_HAAR_BFLY(t1, s2, t1, t2, t0);\ IVI_HAAR_BFLY(t3, s4, t3, t4, t0); IVI_HAAR_BFLY(t5, s6, t5, t6, t0);\ @@ -485,21 +485,21 @@ void ff_ivi_dc_haar_2d(const int32_t *in, int16_t *out, uint32_t pitch, /** butterfly operation for the inverse slant transform */ #define IVI_SLANT_BFLY(s1, s2, o1, o2, t) \ - t = s1 - s2;\ - o1 = s1 + s2;\ - o2 = t;\ + t = (s1) - (s2);\ + o1 = (s1) + (s2);\ + o2 = (t);\ /** This is a reflection a,b = 1/2, 5/4 for the inverse slant transform */ #define IVI_IREFLECT(s1, s2, o1, o2, t) \ - t = ((s1 + s2*2 + 2) >> 2) + s1;\ - o2 = ((s1*2 - s2 + 2) >> 2) - s2;\ - o1 = t;\ + t = (((s1) + (s2)*2 + 2) >> 2) + (s1);\ + o2 = (((s1)*2 - (s2) + 2) >> 2) - (s2);\ + o1 = (t);\ /** This is a reflection a,b = 1/2, 7/8 for the inverse slant transform */ #define IVI_SLANT_PART4(s1, s2, o1, o2, t) \ - t = s2 + ((s1*4 - s2 + 4) >> 3);\ - o2 = s1 + ((-s1 - s2*4 + 4) >> 3);\ - o1 = t;\ + t = (s2) + (((s1)*4 - (s2) + 4) >> 3);\ + o2 = (s1) + ((-(s1) - (s2)*4 + 4) >> 3);\ + o1 = (t);\ /** inverse slant8 transform */ #define IVI_INV_SLANT8(s1, s4, s8, s5, s2, s6, s3, s7,\ @@ -557,7 +557,7 @@ void ff_ivi_inverse_slant_8x8(const int32_t *in, int16_t *out, uint32_t pitch, c } #undef COMPENSATE -#define COMPENSATE(x) ((x + 1)>>1) +#define COMPENSATE(x) (((x) + 1)>>1) src = tmp; for (i = 0; i < 8; i++) { if (!src[0] && !src[1] && !src[2] && !src[3] && !src[4] && !src[5] && !src[6] && !src[7]) { @@ -597,7 +597,7 @@ void ff_ivi_inverse_slant_4x4(const int32_t *in, int16_t *out, uint32_t pitch, c } #undef COMPENSATE -#define COMPENSATE(x) ((x + 1)>>1) +#define COMPENSATE(x) (((x) + 1)>>1) src = tmp; for (i = 0; i < 4; i++) { if (!src[0] && !src[1] && !src[2] && !src[3]) { @@ -631,7 +631,7 @@ void ff_ivi_row_slant8(const int32_t *in, int16_t *out, uint32_t pitch, const ui int i; int t0, t1, t2, t3, t4, t5, t6, t7, t8; -#define COMPENSATE(x) ((x + 1)>>1) +#define COMPENSATE(x) (((x) + 1)>>1) for (i = 0; i < 8; i++) { if (!in[0] && !in[1] && !in[2] && !in[3] && !in[4] && !in[5] && !in[6] && !in[7]) { memset(out, 0, 8*sizeof(out[0])); @@ -673,7 +673,7 @@ void ff_ivi_col_slant8(const int32_t *in, int16_t *out, uint32_t pitch, const ui row4 = pitch << 2; row8 = pitch << 3; -#define COMPENSATE(x) ((x + 1)>>1) +#define COMPENSATE(x) (((x) + 1)>>1) for (i = 0; i < 8; i++) { if (flags[i]) { IVI_INV_SLANT8(in[0], in[8], in[16], in[24], in[32], in[40], in[48], in[56], @@ -710,7 +710,7 @@ void ff_ivi_row_slant4(const int32_t *in, int16_t *out, uint32_t pitch, const ui int i; int t0, t1, t2, t3, t4; -#define COMPENSATE(x) ((x + 1)>>1) +#define COMPENSATE(x) (((x) + 1)>>1) for (i = 0; i < 4; i++) { if (!in[0] && !in[1] && !in[2] && !in[3]) { memset(out, 0, 4*sizeof(out[0])); @@ -732,7 +732,7 @@ void ff_ivi_col_slant4(const int32_t *in, int16_t *out, uint32_t pitch, const ui row2 = pitch << 1; -#define COMPENSATE(x) ((x + 1)>>1) +#define COMPENSATE(x) (((x) + 1)>>1) for (i = 0; i < 4; i++) { if (flags[i]) { IVI_INV_SLANT4(in[0], in[4], in[8], in[12], From f1feb7e388c48634d54607ee104eb81180b68726 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 25 May 2014 05:17:51 +0200 Subject: [PATCH 297/562] avcodec/mlpdec: fix () in MSB_MASK() macro Signed-off-by: Michael Niedermayer (cherry picked from commit fa160af08b6f42f17e93124aef86e3f6eec70d51) Signed-off-by: Michael Niedermayer --- libavcodec/mlpdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mlpdec.c b/libavcodec/mlpdec.c index aab82939ab..f685c00d48 100644 --- a/libavcodec/mlpdec.c +++ b/libavcodec/mlpdec.c @@ -818,7 +818,7 @@ static int read_decoding_params(MLPDecodeContext *m, GetBitContext *gbp, return 0; } -#define MSB_MASK(bits) (-1u << bits) +#define MSB_MASK(bits) (-1u << (bits)) /** Generate PCM samples using the prediction filters and residual values * read from the data stream, and update the filter state. */ From 3065919b6566f7c57e7c7950f3cb4ec4c875da65 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 25 May 2014 05:18:47 +0200 Subject: [PATCH 298/562] avcodec/mss34dsp: fix () in SOP* macros Signed-off-by: Michael Niedermayer (cherry picked from commit 6e720c5c815e510188a0bda654662383f2c48050) Signed-off-by: Michael Niedermayer --- libavcodec/mss34dsp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/mss34dsp.c b/libavcodec/mss34dsp.c index e4d4299805..0397add17d 100644 --- a/libavcodec/mss34dsp.c +++ b/libavcodec/mss34dsp.c @@ -84,8 +84,8 @@ void ff_mss34_gen_quant_mat(uint16_t *qmat, int quality, int luma) blk[6 * step] = (-(t3 + t7) + t8 + tA) >> shift; \ blk[7 * step] = (-(t1 + t6) + t9 + tB) >> shift; \ -#define SOP_ROW(a) ((a) << 16) + 0x2000 -#define SOP_COL(a) ((a + 32) << 16) +#define SOP_ROW(a) (((a) << 16) + 0x2000) +#define SOP_COL(a) (((a) + 32) << 16) void ff_mss34_dct_put(uint8_t *dst, int stride, int *block) { From 66a9c50d42e01f23dfed12dc55112b4d27b11f8f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 25 May 2014 05:19:09 +0200 Subject: [PATCH 299/562] avcodec/mss4: Fix () in MKVAL() macro Signed-off-by: Michael Niedermayer (cherry picked from commit cf7ff0146c76b93c32edf5230a28b9590acf5105) Signed-off-by: Michael Niedermayer --- libavcodec/mss4.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mss4.c b/libavcodec/mss4.c index 662cf24df5..6dadf07313 100644 --- a/libavcodec/mss4.c +++ b/libavcodec/mss4.c @@ -364,7 +364,7 @@ static int get_value_cached(GetBitContext *gb, int vec_pos, uint8_t *vec, return prev[component]; } -#define MKVAL(vals) (vals[0] | (vals[1] << 3) | (vals[2] << 6)) +#define MKVAL(vals) ((vals)[0] | ((vals)[1] << 3) | ((vals)[2] << 6)) /* Image mode - the hardest to comprehend MSS4 coding mode. * From 4d1346d46acc3ed035ba028954c4dc86cbb72a9b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 5 Jun 2014 23:21:15 +0200 Subject: [PATCH 300/562] avcodec/aic: fix quantization table permutation Fixes Ticket3700 Signed-off-by: Michael Niedermayer (cherry picked from commit 0a2004b6d11ff962361420c3150fe760cf1f7115) Signed-off-by: Michael Niedermayer --- libavcodec/aic.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/libavcodec/aic.c b/libavcodec/aic.c index a7e3691aa0..3963642194 100644 --- a/libavcodec/aic.c +++ b/libavcodec/aic.c @@ -150,6 +150,7 @@ typedef struct AICContext { int16_t *data_ptr[NUM_BANDS]; DECLARE_ALIGNED(16, int16_t, block)[64]; + DECLARE_ALIGNED(16, uint8_t, quant_matrix)[64]; } AICContext; static int aic_decode_header(AICContext *ctx, const uint8_t *src, int size) @@ -285,7 +286,7 @@ static void recombine_block_il(int16_t *dst, const uint8_t *scan, } } -static void unquant_block(int16_t *block, int q) +static void unquant_block(int16_t *block, int q, uint8_t *quant_matrix) { int i; @@ -293,7 +294,7 @@ static void unquant_block(int16_t *block, int q) int val = (uint16_t)block[i]; int sign = val & 1; - block[i] = (((val >> 1) ^ -sign) * q * aic_quant_matrix[i] >> 4) + block[i] = (((val >> 1) ^ -sign) * q * quant_matrix[i] >> 4) + sign; } } @@ -334,7 +335,7 @@ static int aic_decode_slice(AICContext *ctx, int mb_x, int mb_y, else recombine_block_il(ctx->block, ctx->scantable.permutated, &base_y, &ext_y, blk); - unquant_block(ctx->block, ctx->quant); + unquant_block(ctx->block, ctx->quant, ctx->quant_matrix); ctx->dsp.idct(ctx->block); if (!ctx->interlaced) { @@ -352,7 +353,7 @@ static int aic_decode_slice(AICContext *ctx, int mb_x, int mb_y, for (blk = 0; blk < 2; blk++) { recombine_block(ctx->block, ctx->scantable.permutated, &base_c, &ext_c); - unquant_block(ctx->block, ctx->quant); + unquant_block(ctx->block, ctx->quant, ctx->quant_matrix); ctx->dsp.idct(ctx->block); ctx->dsp.put_signed_pixels_clamped(ctx->block, C[blk], ctx->frame->linesize[blk + 1]); @@ -430,6 +431,8 @@ static av_cold int aic_decode_init(AVCodecContext *avctx) for (i = 0; i < 64; i++) scan[i] = i; ff_init_scantable(ctx->dsp.idct_permutation, &ctx->scantable, scan); + for (i = 0; i < 64; i++) + ctx->quant_matrix[ctx->dsp.idct_permutation[i]] = aic_quant_matrix[i]; ctx->mb_width = FFALIGN(avctx->width, 16) >> 4; ctx->mb_height = FFALIGN(avctx->height, 16) >> 4; From d192ff0ece61f68d91c6bf602273cc1740963b5b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 7 Jun 2014 12:03:31 +0200 Subject: [PATCH 301/562] avformat/flvenc: Do not allow creating h263/mpeg4 in flv without unofficial format extensions being enabled. Found-by: Jean-Baptiste Kempf Signed-off-by: Michael Niedermayer (cherry picked from commit 74760883fcb4443d105814ed246b3cf51d7e9dca) Signed-off-by: Michael Niedermayer --- libavformat/flvenc.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/libavformat/flvenc.c b/libavformat/flvenc.c index 922410386e..95905a15e0 100644 --- a/libavformat/flvenc.c +++ b/libavformat/flvenc.c @@ -222,6 +222,18 @@ static int flv_write_header(AVFormatContext *s) avcodec_get_name(enc->codec_id), i); return AVERROR(EINVAL); } + if (enc->codec_id == AV_CODEC_ID_MPEG4 || + enc->codec_id == AV_CODEC_ID_H263) { + int error = enc->strict_std_compliance > FF_COMPLIANCE_UNOFFICIAL; + av_log(s, error ? AV_LOG_ERROR : AV_LOG_WARNING, + "Codec %s is not supported in the official FLV specification,\n", avcodec_get_name(enc->codec_id)); + + if (error) { + av_log(s, AV_LOG_ERROR, + "use vstrict=-1 / -strict -1 to use it anyway.\n"); + return AVERROR(EINVAL); + } + } break; case AVMEDIA_TYPE_AUDIO: if (audio_enc) { From c2c922460aa44790c816488c13f080af12232f44 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 8 Jun 2014 14:30:30 +0200 Subject: [PATCH 302/562] avcodec/alsdec: Clear MPEG4AudioConfig so that no use of uninitialized memory is possible Signed-off-by: Michael Niedermayer (cherry picked from commit 6e6bd5481cf42a9765c492c77754d4633092cece) Signed-off-by: Michael Niedermayer --- libavcodec/alsdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c index e1e6738049..a2b4be5691 100644 --- a/libavcodec/alsdec.c +++ b/libavcodec/alsdec.c @@ -280,7 +280,7 @@ static av_cold int read_specific_config(ALSDecContext *ctx) GetBitContext gb; uint64_t ht_size; int i, config_offset; - MPEG4AudioConfig m4ac; + MPEG4AudioConfig m4ac = {0}; ALSSpecificConfig *sconf = &ctx->sconf; AVCodecContext *avctx = ctx->avctx; uint32_t als_id, header_size, trailer_size; From a45a6659914303d518f69d8ede8391de5783d3d2 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 9 Jun 2014 05:17:34 +0200 Subject: [PATCH 303/562] avformat/cavsvideodec: Fix probing when the file extension is avs Signed-off-by: Michael Niedermayer (cherry picked from commit 52e563bb2f7897d615391520c3c4acba1ee7dcb4) Signed-off-by: Michael Niedermayer --- libavformat/cavsvideodec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/cavsvideodec.c b/libavformat/cavsvideodec.c index 5ca3c80b32..880f4ab534 100644 --- a/libavformat/cavsvideodec.c +++ b/libavformat/cavsvideodec.c @@ -61,7 +61,7 @@ static int cavsvideo_probe(AVProbeData *p) } } if(seq && seq*9<=pic*10) - return AVPROBE_SCORE_EXTENSION; + return AVPROBE_SCORE_EXTENSION+1; return 0; } From 0e3a1d60d3935d5cd0ce04b7e04572d32d528e68 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 9 Jun 2014 05:47:49 +0200 Subject: [PATCH 304/562] cavsdec: fix qp fixed slice handling Fixes Ticket3400 Signed-off-by: Michael Niedermayer (cherry picked from commit 0accf24b15ac5a01a67768f41c896ef4e4b8b4a2) Signed-off-by: Michael Niedermayer --- libavcodec/cavs.h | 1 + libavcodec/cavsdec.c | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/libavcodec/cavs.h b/libavcodec/cavs.h index f3c05dc9f0..f85140927b 100644 --- a/libavcodec/cavs.h +++ b/libavcodec/cavs.h @@ -214,6 +214,7 @@ typedef struct AVSContext { int luma_scan[4]; int qp; int qp_fixed; + int pic_qp_fixed; int cbp; ScanTable scantable; diff --git a/libavcodec/cavsdec.c b/libavcodec/cavsdec.c index 74983a75a9..4502084901 100644 --- a/libavcodec/cavsdec.c +++ b/libavcodec/cavsdec.c @@ -900,7 +900,7 @@ static inline int decode_slice_header(AVSContext *h, GetBitContext *gb) /* mark top macroblocks as unavailable */ h->flags &= ~(B_AVAIL | C_AVAIL); - if ((h->mby == 0) && (!h->qp_fixed)) { + if (!h->pic_qp_fixed) { h->qp_fixed = get_bits1(gb); h->qp = get_bits(gb, 6); } @@ -1023,6 +1023,7 @@ static int decode_pic(AVSContext *h) skip_bits1(&h->gb); //advanced_pred_mode_disable skip_bits1(&h->gb); //top_field_first skip_bits1(&h->gb); //repeat_first_field + h->pic_qp_fixed = h->qp_fixed = get_bits1(&h->gb); h->qp = get_bits(&h->gb, 6); if (h->cur.f->pict_type == AV_PICTURE_TYPE_I) { From 9790ed63fcd2cea3704b155ecd040a85527e84aa Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 15 Jun 2014 00:49:02 +0200 Subject: [PATCH 305/562] avformat/mpc: attempt to allocate a packet that is not smaller than the data inside it Signed-off-by: Michael Niedermayer (cherry picked from commit 86a9370e2b91d67375e66a06d6eb573b5a017775) Signed-off-by: Michael Niedermayer --- libavformat/mpc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mpc.c b/libavformat/mpc.c index 8abc488553..06b4b450b1 100644 --- a/libavformat/mpc.c +++ b/libavformat/mpc.c @@ -153,7 +153,7 @@ static int mpc_read_packet(AVFormatContext *s, AVPacket *pkt) } c->curbits = (curbits + size2) & 0x1F; - if ((ret = av_new_packet(pkt, size)) < 0) + if ((ret = av_new_packet(pkt, size + 4)) < 0) return ret; pkt->data[0] = curbits; From e7873dfccad595e9d8fc65217ebffcf3686e1d34 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 23 Jun 2014 17:46:48 +0200 Subject: [PATCH 306/562] update for FFmpeg 2.1.5 Signed-off-by: Michael Niedermayer --- RELEASE | 2 +- VERSION | 2 +- doc/Doxyfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/RELEASE b/RELEASE index 7d2ed7c702..cd57a8b95d 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -2.1.4 +2.1.5 diff --git a/VERSION b/VERSION index 7d2ed7c702..cd57a8b95d 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.1.4 +2.1.5 diff --git a/doc/Doxyfile b/doc/Doxyfile index c925320e12..be5e534d9d 100644 --- a/doc/Doxyfile +++ b/doc/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 2.1.4 +PROJECT_NUMBER = 2.1.5 # With the PROJECT_LOGO tag one can specify a logo or icon that is included # in the documentation. The maximum height of the logo should not exceed 55 From 0f09436a43299f714c5fa287f3b110de4e0aae6e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 25 Jun 2014 17:49:03 +0200 Subject: [PATCH 307/562] avfilter/vf_pullup: use ptrdiff_t as stride argument for dsp functions This should avoid issues on x86_64 Signed-off-by: Michael Niedermayer (cherry picked from commit 6dffc8f5aaab6b20385f0a0d9ef95cec7d6cdd4b) Signed-off-by: Michael Niedermayer --- libavfilter/vf_pullup.c | 8 ++++---- libavfilter/vf_pullup.h | 6 +++--- libavfilter/x86/vf_pullup_init.c | 6 +++--- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/libavfilter/vf_pullup.c b/libavfilter/vf_pullup.c index 80f448bc1d..7c658521fa 100644 --- a/libavfilter/vf_pullup.c +++ b/libavfilter/vf_pullup.c @@ -69,7 +69,7 @@ static int query_formats(AVFilterContext *ctx) #define ABS(a) (((a) ^ ((a) >> 31)) - ((a) >> 31)) -static int diff_c(const uint8_t *a, const uint8_t *b, int s) +static int diff_c(const uint8_t *a, const uint8_t *b, ptrdiff_t s) { int i, j, diff = 0; @@ -83,7 +83,7 @@ static int diff_c(const uint8_t *a, const uint8_t *b, int s) return diff; } -static int comb_c(const uint8_t *a, const uint8_t *b, int s) +static int comb_c(const uint8_t *a, const uint8_t *b, ptrdiff_t s) { int i, j, comb = 0; @@ -98,7 +98,7 @@ static int comb_c(const uint8_t *a, const uint8_t *b, int s) return comb; } -static int var_c(const uint8_t *a, const uint8_t *b, int s) +static int var_c(const uint8_t *a, const uint8_t *b, ptrdiff_t s) { int i, j, var = 0; @@ -510,7 +510,7 @@ static void pullup_release_frame(PullupFrame *f) static void compute_metric(PullupContext *s, int *dest, PullupField *fa, int pa, PullupField *fb, int pb, - int (*func)(const uint8_t *, const uint8_t *, int)) + int (*func)(const uint8_t *, const uint8_t *, ptrdiff_t)) { int mp = s->metric_plane; int xstep = 8; diff --git a/libavfilter/vf_pullup.h b/libavfilter/vf_pullup.h index 3213b4d231..8f59335180 100644 --- a/libavfilter/vf_pullup.h +++ b/libavfilter/vf_pullup.h @@ -61,9 +61,9 @@ typedef struct PullupContext { PullupBuffer buffers[10]; PullupFrame frame; - int (*diff)(const uint8_t *a, const uint8_t *b, int s); - int (*comb)(const uint8_t *a, const uint8_t *b, int s); - int (*var )(const uint8_t *a, const uint8_t *b, int s); + int (*diff)(const uint8_t *a, const uint8_t *b, ptrdiff_t s); + int (*comb)(const uint8_t *a, const uint8_t *b, ptrdiff_t s); + int (*var )(const uint8_t *a, const uint8_t *b, ptrdiff_t s); } PullupContext; void ff_pullup_init_x86(PullupContext *s); diff --git a/libavfilter/x86/vf_pullup_init.c b/libavfilter/x86/vf_pullup_init.c index 9948abf13e..5b36b68e51 100644 --- a/libavfilter/x86/vf_pullup_init.c +++ b/libavfilter/x86/vf_pullup_init.c @@ -23,9 +23,9 @@ #include "libavutil/x86/cpu.h" #include "libavfilter/vf_pullup.h" -int ff_pullup_filter_diff_mmx(const uint8_t *a, const uint8_t *b, int s); -int ff_pullup_filter_comb_mmx(const uint8_t *a, const uint8_t *b, int s); -int ff_pullup_filter_var_mmx (const uint8_t *a, const uint8_t *b, int s); +int ff_pullup_filter_diff_mmx(const uint8_t *a, const uint8_t *b, ptrdiff_t s); +int ff_pullup_filter_comb_mmx(const uint8_t *a, const uint8_t *b, ptrdiff_t s); +int ff_pullup_filter_var_mmx (const uint8_t *a, const uint8_t *b, ptrdiff_t s); av_cold void ff_pullup_init_x86(PullupContext *s) { From 97ccf31ecebc1bc22fe32e6a2bec8e1939d465e5 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 25 Jun 2014 18:10:12 +0200 Subject: [PATCH 308/562] avfilter/x86/vf_pullup: fix old typo This makes C and MMX match, no change to fate as the differences where apparently not sufficient to show up in fate Signed-off-by: Michael Niedermayer (cherry picked from commit b8255a4c7096ecddea68e12e067c7a9b2e14ed8d) Signed-off-by: Michael Niedermayer --- libavfilter/x86/vf_pullup.asm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavfilter/x86/vf_pullup.asm b/libavfilter/x86/vf_pullup.asm index 3689b04ef2..4ce8b9b6f9 100644 --- a/libavfilter/x86/vf_pullup.asm +++ b/libavfilter/x86/vf_pullup.asm @@ -68,7 +68,7 @@ cglobal pullup_filter_comb, 3, 5, 8, first, second, size sub secondq, sizeq .loop: - movq m0, [secondq] + movq m0, [firstq] movq m1, [secondq] punpcklbw m0, m7 movq m2, [secondq+sizeq] From 31b1589097cd1934fd493e19bfc28d7aaaa478c6 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 1 Jul 2014 03:50:17 +0200 Subject: [PATCH 309/562] avcodec/hevc: Use av_malloc(z)_array() Signed-off-by: Michael Niedermayer (cherry picked from commit 7faa7d3d42af12a60a4db7ecba165369ec5795d7) Conflicts: libavcodec/hevc.c --- libavcodec/hevc.c | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c index f27eddbdc5..ff42d6e5d3 100644 --- a/libavcodec/hevc.c +++ b/libavcodec/hevc.c @@ -105,24 +105,26 @@ static int pic_arrays_init(HEVCContext *s) goto fail; s->skip_flag = av_malloc(pic_size_in_ctb); - s->tab_ct_depth = av_malloc(s->sps->min_cb_height * s->sps->min_cb_width); + s->tab_ct_depth = av_malloc_array(s->sps->min_cb_height, s->sps->min_cb_width); if (!s->skip_flag || !s->tab_ct_depth) goto fail; s->tab_ipm = av_mallocz(pic_size_in_min_pu); - s->cbf_luma = av_malloc(pic_width_in_min_tu * pic_height_in_min_tu); + s->cbf_luma = av_malloc_array(pic_width_in_min_tu, pic_height_in_min_tu); s->is_pcm = av_malloc(pic_size_in_min_pu); if (!s->tab_ipm || !s->cbf_luma || !s->is_pcm) goto fail; s->filter_slice_edges = av_malloc(ctb_count); - s->tab_slice_address = av_malloc(pic_size_in_ctb * sizeof(*s->tab_slice_address)); - s->qp_y_tab = av_malloc(pic_size_in_ctb * sizeof(*s->qp_y_tab)); + s->tab_slice_address = av_malloc_array(pic_size_in_ctb, + sizeof(*s->tab_slice_address)); + s->qp_y_tab = av_malloc_array(pic_size_in_ctb, + sizeof(*s->qp_y_tab)); if (!s->qp_y_tab || !s->filter_slice_edges || !s->tab_slice_address) goto fail; - s->horizontal_bs = av_mallocz(2 * s->bs_width * (s->bs_height + 1)); - s->vertical_bs = av_mallocz(2 * s->bs_width * (s->bs_height + 1)); + s->horizontal_bs = av_mallocz_array(2 * s->bs_width, (s->bs_height + 1)); + s->vertical_bs = av_mallocz_array(2 * s->bs_width, (s->bs_height + 1)); if (!s->horizontal_bs || !s->vertical_bs) goto fail; @@ -599,9 +601,9 @@ static int hls_slice_header(HEVCContext *s) av_freep(&sh->entry_point_offset); av_freep(&sh->offset); av_freep(&sh->size); - sh->entry_point_offset = av_malloc(sh->num_entry_point_offsets * sizeof(int)); - sh->offset = av_malloc(sh->num_entry_point_offsets * sizeof(int)); - sh->size = av_malloc(sh->num_entry_point_offsets * sizeof(int)); + sh->entry_point_offset = av_malloc_array(sh->num_entry_point_offsets, sizeof(int)); + sh->offset = av_malloc_array(sh->num_entry_point_offsets, sizeof(int)); + sh->size = av_malloc_array(sh->num_entry_point_offsets, sizeof(int)); if (!sh->entry_point_offset || !sh->offset || !sh->size) { sh->num_entry_point_offsets = 0; av_log(s->avctx, AV_LOG_ERROR, "Failed to allocate memory\n"); @@ -1976,8 +1978,8 @@ static int hls_decode_entry_wpp(AVCodecContext *avctxt, void *input_ctb_row, int static int hls_slice_data_wpp(HEVCContext *s, const uint8_t *nal, int length) { HEVCLocalContext *lc = s->HEVClc; - int *ret = av_malloc((s->sh.num_entry_point_offsets + 1) * sizeof(int)); - int *arg = av_malloc((s->sh.num_entry_point_offsets + 1) * sizeof(int)); + int *ret = av_malloc_array(s->sh.num_entry_point_offsets + 1, sizeof(int)); + int *arg = av_malloc_array(s->sh.num_entry_point_offsets + 1, sizeof(int)); int offset; int startheader, cmpt = 0; int i, j, res = 0; From 969d8b9d60c138482a806e543e61ff6ddd1dbb55 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 13 Jul 2014 01:07:59 +0200 Subject: [PATCH 310/562] avformat/utils: do not wait for packets from discarded streams for genpts Fixes long loop Fixes Ticket3208 Signed-off-by: Michael Niedermayer (cherry picked from commit 8202c49b43621c04e26d4a3aa83a10e1e5cc1836) Signed-off-by: Michael Niedermayer --- libavformat/utils.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index aaf4f9879f..df8209262e 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -1481,7 +1481,8 @@ int av_read_frame(AVFormatContext *s, AVPacket *pkt) } /* read packet from packet buffer, if there is data */ - if (!(next_pkt->pts == AV_NOPTS_VALUE && + st = s->streams[next_pkt->stream_index]; + if (!(next_pkt->pts == AV_NOPTS_VALUE && st->discard < AVDISCARD_ALL && next_pkt->dts != AV_NOPTS_VALUE && !eof)) { ret = read_from_packet_buffer(&s->packet_buffer, &s->packet_buffer_end, pkt); From ab6dd7fea97f6785d16caa9acdd26bc435d1e713 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 14 Jul 2014 21:03:43 +0200 Subject: [PATCH 311/562] avformat: add av_stream_get_parser() to access avformat AVParser The AVStream.parser field is considered private and its location cannot be preserved while preserving also ABI compatibility to libav, as libav added fields before it. Some tools like ffmpeg.c access this field though Signed-off-by: Michael Niedermayer (cherry picked from commit 62227a70f0a4c07d7ead5775d8bad64797f8ef80) Conflicts: RELEASE_NOTES doc/APIchanges libavformat/utils.c libavformat/version.h (cherry picked from commit a78e6363e9a7ef90bd1ff4aeceee8e5501cbc6d4) Signed-off-by: Michael Niedermayer --- libavformat/avformat.h | 1 + libavformat/utils.c | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/libavformat/avformat.h b/libavformat/avformat.h index 4e5683c66a..97bd5db1b3 100644 --- a/libavformat/avformat.h +++ b/libavformat/avformat.h @@ -892,6 +892,7 @@ typedef struct AVStream { AVRational av_stream_get_r_frame_rate(const AVStream *s); void av_stream_set_r_frame_rate(AVStream *s, AVRational r); +struct AVCodecParserContext *av_stream_get_parser(const AVStream *s); #define AV_PROGRAM_RUNNING 1 diff --git a/libavformat/utils.c b/libavformat/utils.c index df8209262e..85a96845b7 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -102,6 +102,11 @@ MAKE_ACCESSORS(AVFormatContext, format, AVCodec *, video_codec) MAKE_ACCESSORS(AVFormatContext, format, AVCodec *, audio_codec) MAKE_ACCESSORS(AVFormatContext, format, AVCodec *, subtitle_codec) +struct AVCodecParserContext *av_stream_get_parser(const AVStream *st) +{ + return st->parser; +} + static AVCodec *find_decoder(AVFormatContext *s, AVStream *st, enum AVCodecID codec_id) { if (st->codec->codec) From 27375c25d9c810b45501f5fd5425f637d17da0bf Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 14 Jul 2014 21:06:58 +0200 Subject: [PATCH 312/562] ffmpeg: Use av_stream_get_parser() to avoid ABI issues Signed-off-by: Michael Niedermayer (cherry picked from commit 8bbadc9b6ec71abbd9dab854c47027b949997af0) Conflicts: ffmpeg.c (cherry picked from commit 8fae6207e30059611cdc788ad440b6831637f86f) Signed-off-by: Michael Niedermayer --- ffmpeg.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ffmpeg.c b/ffmpeg.c index 1dc9ef9b79..9aa094ead1 100644 --- a/ffmpeg.c +++ b/ffmpeg.c @@ -1483,7 +1483,7 @@ static void do_streamcopy(InputStream *ist, OutputStream *ost, const AVPacket *p && ost->st->codec->codec_id != AV_CODEC_ID_MPEG2VIDEO && ost->st->codec->codec_id != AV_CODEC_ID_VC1 ) { - if (av_parser_change(ist->st->parser, ost->st->codec, &opkt.data, &opkt.size, pkt->data, pkt->size, pkt->flags & AV_PKT_FLAG_KEY)) { + if (av_parser_change(av_stream_get_parser(ist->st), ost->st->codec, &opkt.data, &opkt.size, pkt->data, pkt->size, pkt->flags & AV_PKT_FLAG_KEY)) { opkt.buf = av_buffer_create(opkt.data, opkt.size, av_buffer_default_free, NULL, 0); if (!opkt.buf) exit_program(1); @@ -1883,7 +1883,7 @@ static int output_packet(InputStream *ist, const AVPacket *pkt) if (avpkt.duration) { duration = av_rescale_q(avpkt.duration, ist->st->time_base, AV_TIME_BASE_Q); } else if(ist->st->codec->time_base.num != 0 && ist->st->codec->time_base.den != 0) { - int ticks= ist->st->parser ? ist->st->parser->repeat_pict+1 : ist->st->codec->ticks_per_frame; + int ticks= av_stream_get_parser(ist->st) ? av_stream_get_parser(ist->st)->repeat_pict+1 : ist->st->codec->ticks_per_frame; duration = ((int64_t)AV_TIME_BASE * ist->st->codec->time_base.num * ticks) / ist->st->codec->time_base.den; @@ -1940,7 +1940,7 @@ static int output_packet(InputStream *ist, const AVPacket *pkt) } else if (pkt->duration) { ist->next_dts += av_rescale_q(pkt->duration, ist->st->time_base, AV_TIME_BASE_Q); } else if(ist->st->codec->time_base.num != 0) { - int ticks= ist->st->parser ? ist->st->parser->repeat_pict + 1 : ist->st->codec->ticks_per_frame; + int ticks= av_stream_get_parser(ist->st) ? av_stream_get_parser(ist->st)->repeat_pict + 1 : ist->st->codec->ticks_per_frame; ist->next_dts += ((int64_t)AV_TIME_BASE * ist->st->codec->time_base.num * ticks) / ist->st->codec->time_base.den; From 5302fa522bcf0da381fcc671ec0c22c7fbcdd73a Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 12 Jul 2014 06:36:25 +0200 Subject: [PATCH 313/562] avcodec/hevc_ps: do not loose all reference to pointers still in use Fixes leaving a pointer to unreferenced memory Fixes Ticket 3115 Signed-off-by: Michael Niedermayer (cherry picked from commit ccd6911c189d2f974dcc4095c963dfad14d703d2) Signed-off-by: Michael Niedermayer (cherry picked from commit ec0ec65ee46d1367938dc46036fe61ad0384cbd5) Conflicts: libavcodec/hevc.c --- libavcodec/hevc.c | 6 ++++++ libavcodec/hevc.h | 2 ++ libavcodec/hevc_parser.c | 3 +++ libavcodec/hevc_ps.c | 4 ++++ 4 files changed, 15 insertions(+) diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c index ff42d6e5d3..e0f35286e9 100644 --- a/libavcodec/hevc.c +++ b/libavcodec/hevc.c @@ -2700,6 +2700,8 @@ static av_cold int hevc_decode_free(AVCodecContext *avctx) for (i = 0; i < FF_ARRAY_ELEMS(s->pps_list); i++) av_buffer_unref(&s->pps_list[i]); + av_buffer_unref(&s->current_sps); + av_freep(&s->sh.entry_point_offset); av_freep(&s->sh.offset); av_freep(&s->sh.size); @@ -2813,6 +2815,10 @@ static int hevc_update_thread_context(AVCodecContext *dst, } } + if (s->current_sps && s->sps == (HEVCSPS*)s->current_sps->data) + s->sps = NULL; + av_buffer_unref(&s->current_sps); + s->seq_decode = s0->seq_decode; s->seq_output = s0->seq_output; s->pocTid0 = s0->pocTid0; diff --git a/libavcodec/hevc.h b/libavcodec/hevc.h index 1a115cf40e..ac539a2a98 100644 --- a/libavcodec/hevc.h +++ b/libavcodec/hevc.h @@ -786,6 +786,8 @@ typedef struct HEVCContext { AVBufferRef *sps_list[MAX_SPS_COUNT]; AVBufferRef *pps_list[MAX_PPS_COUNT]; + AVBufferRef *current_sps; + AVBufferPool *tab_mvf_pool; AVBufferPool *rpl_tab_pool; diff --git a/libavcodec/hevc_parser.c b/libavcodec/hevc_parser.c index 642f9752a4..0a75f20d19 100644 --- a/libavcodec/hevc_parser.c +++ b/libavcodec/hevc_parser.c @@ -329,6 +329,9 @@ static void hevc_close(AVCodecParserContext *s) for (i = 0; i < FF_ARRAY_ELEMS(h->pps_list); i++) av_buffer_unref(&h->pps_list[i]); + av_buffer_unref(&h->current_sps); + h->sps = NULL; + for (i = 0; i < h->nals_allocated; i++) av_freep(&h->nals[i].rbsp_buffer); av_freep(&h->nals); diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c index a382172ad3..99ac8efa0d 100644 --- a/libavcodec/hevc_ps.c +++ b/libavcodec/hevc_ps.c @@ -934,6 +934,10 @@ int ff_hevc_decode_nal_sps(HEVCContext *s) if (s->pps_list[i] && ((HEVCPPS*)s->pps_list[i]->data)->sps_id == sps_id) av_buffer_unref(&s->pps_list[i]); } + if (s->sps_list[sps_id] && s->sps == (HEVCSPS*)s->sps_list[sps_id]->data) { + av_buffer_unref(&s->current_sps); + s->current_sps = av_buffer_ref(s->sps_list[sps_id]); + } av_buffer_unref(&s->sps_list[sps_id]); s->sps_list[sps_id] = sps_buf; } From 0bb71a85c398cae8a66885e357490f68d38c80ac Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 15 Jul 2014 21:43:04 +0200 Subject: [PATCH 314/562] avcodec/hevc_ps: prevent stale pointer in malloc failure case Signed-off-by: Michael Niedermayer (cherry picked from commit 0fc2045d5f4eab35d943a79c3d965a2f31361f48) Signed-off-by: Michael Niedermayer (cherry picked from commit cf99ce9a7744763ea2950f45e7ffe18af8f4e0f5) Signed-off-by: Michael Niedermayer --- libavcodec/hevc_ps.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c index 99ac8efa0d..955a7afe5d 100644 --- a/libavcodec/hevc_ps.c +++ b/libavcodec/hevc_ps.c @@ -937,6 +937,8 @@ int ff_hevc_decode_nal_sps(HEVCContext *s) if (s->sps_list[sps_id] && s->sps == (HEVCSPS*)s->sps_list[sps_id]->data) { av_buffer_unref(&s->current_sps); s->current_sps = av_buffer_ref(s->sps_list[sps_id]); + if (!s->current_sps) + s->sps = NULL; } av_buffer_unref(&s->sps_list[sps_id]); s->sps_list[sps_id] = sps_buf; From b7638af9425a721459d51fe99858a1dee7080070 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 15 Jul 2014 21:43:30 +0200 Subject: [PATCH 315/562] avcodec/hevc: treat current_sps like sps_list This simplifies the management of current_sps Fixes Ticket3458 Signed-off-by: Michael Niedermayer (cherry picked from commit 880dbe43ca71982ecdfe1c73446137d6b2fd24d5) Signed-off-by: Michael Niedermayer (cherry picked from commit 30b6e9377d3b0b1341147d8484fce24301e7b8a0) Signed-off-by: Michael Niedermayer --- libavcodec/hevc.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c index e0f35286e9..9633511f43 100644 --- a/libavcodec/hevc.c +++ b/libavcodec/hevc.c @@ -2815,9 +2815,12 @@ static int hevc_update_thread_context(AVCodecContext *dst, } } - if (s->current_sps && s->sps == (HEVCSPS*)s->current_sps->data) - s->sps = NULL; av_buffer_unref(&s->current_sps); + if (s0->current_sps) { + s->current_sps = av_buffer_ref(s0->current_sps); + if (!s->current_sps) + return AVERROR(ENOMEM); + } s->seq_decode = s0->seq_decode; s->seq_output = s0->seq_output; From eb1e5cf818b90ef51c7c66f5f058f2ac9ca936e2 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 17 Jul 2014 04:25:21 +0200 Subject: [PATCH 316/562] avformat/dv: implement fallback in dv_extract_pack() Fixes Ticket2340 Fixes Ticket2341 Based-on mail from Dave Rice Tested-by: Dave Rice Signed-off-by: Michael Niedermayer (cherry picked from commit 88f038ac97a875f25c2eceac6d2107a09314984c) Signed-off-by: Michael Niedermayer --- libavformat/dv.c | 43 +++++++++++++++++++++++-------------------- 1 file changed, 23 insertions(+), 20 deletions(-) diff --git a/libavformat/dv.c b/libavformat/dv.c index e3b0d0a31e..10f6e24b35 100644 --- a/libavformat/dv.c +++ b/libavformat/dv.c @@ -72,30 +72,33 @@ static inline uint16_t dv_audio_12to16(uint16_t sample) return result; } -/* - * This is the dumbest implementation of all -- it simply looks at - * a fixed offset and if pack isn't there -- fails. We might want - * to have a fallback mechanism for complete search of missing packs. - */ static const uint8_t *dv_extract_pack(uint8_t *frame, enum dv_pack_type t) { int offs; + int c; - switch (t) { - case dv_audio_source: - offs = (80 * 6 + 80 * 16 * 3 + 3); - break; - case dv_audio_control: - offs = (80 * 6 + 80 * 16 * 4 + 3); - break; - case dv_video_control: - offs = (80 * 5 + 48 + 5); - break; - case dv_timecode: - offs = (80*1 + 3 + 3); - break; - default: - return NULL; + for (c = 0; c < 10; c++) { + switch (t) { + case dv_audio_source: + if (c&1) offs = (80 * 6 + 80 * 16 * 0 + 3 + c*12000); + else offs = (80 * 6 + 80 * 16 * 3 + 3 + c*12000); + break; + case dv_audio_control: + if (c&1) offs = (80 * 6 + 80 * 16 * 1 + 3 + c*12000); + else offs = (80 * 6 + 80 * 16 * 4 + 3 + c*12000); + break; + case dv_video_control: + if (c&1) offs = (80 * 3 + 8 + c*12000); + else offs = (80 * 5 + 48 + 5 + c*12000); + break; + case dv_timecode: + offs = (80*1 + 3 + 3); + break; + default: + return NULL; + } + if (frame[offs] == t) + break; } return frame[offs] == t ? &frame[offs] : NULL; From aa09543659d80a7b175d20af9e373218bcce101d Mon Sep 17 00:00:00 2001 From: Alessandro Ghedini Date: Mon, 21 Apr 2014 19:10:52 +0200 Subject: [PATCH 317/562] vc1: Do not return an error when skipping b frames This caused mpv (and possibly others) to fallback to software decoding after seeking a VC1 stream. Bug-Id: 667 Signed-off-by: Luca Barbato (cherry picked from commit cdf6eb5a9710566be217a3f17d3d94ac4e4d2662) Signed-off-by: Michael Niedermayer --- libavcodec/vc1dec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/vc1dec.c b/libavcodec/vc1dec.c index 6aa03c44c3..d87b89cf3f 100644 --- a/libavcodec/vc1dec.c +++ b/libavcodec/vc1dec.c @@ -6014,7 +6014,7 @@ static int vc1_decode_frame(AVCodecContext *avctx, void *data, /* skip B-frames if we don't have reference frames */ if (s->last_picture_ptr == NULL && (s->pict_type == AV_PICTURE_TYPE_B || s->droppable)) { - goto err; + goto end; } if ((avctx->skip_frame >= AVDISCARD_NONREF && s->pict_type == AV_PICTURE_TYPE_B) || (avctx->skip_frame >= AVDISCARD_NONKEY && s->pict_type != AV_PICTURE_TYPE_I) || From 6f6b1d0ddb26a95d5d210ed4566f141b83d774c1 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 11 Dec 2013 04:15:38 +0100 Subject: [PATCH 318/562] avformat/oggparseopus: factor opus_duration() out Signed-off-by: Michael Niedermayer (cherry picked from commit 39d11d599cd292485fe991cd22e10d7a1738b3bc) --- libavformat/oggparseopus.c | 36 +++++++++++++++++++++--------------- 1 file changed, 21 insertions(+), 15 deletions(-) diff --git a/libavformat/oggparseopus.c b/libavformat/oggparseopus.c index 78aa333187..5a8031471f 100644 --- a/libavformat/oggparseopus.c +++ b/libavformat/oggparseopus.c @@ -81,6 +81,26 @@ static int opus_header(AVFormatContext *avf, int idx) return 0; } +static int opus_duration(uint8_t *src, int size) +{ + unsigned nb_frames = 1; + unsigned toc = src[0]; + unsigned toc_config = toc >> 3; + unsigned toc_count = toc & 3; + unsigned frame_size = toc_config < 12 ? FFMAX(480, 960 * (toc_config & 3)) : + toc_config < 16 ? 480 << (toc_config & 1) : + 120 << (toc_config & 3); + if (toc_count == 3) { + if (size<2) + return AVERROR_INVALIDDATA; + nb_frames = src[1] & 0x3F; + } else if (toc_count) { + nb_frames = 2; + } + + return frame_size * nb_frames; +} + static int opus_packet(AVFormatContext *avf, int idx) { struct ogg *ogg = avf->priv_data; @@ -88,26 +108,12 @@ static int opus_packet(AVFormatContext *avf, int idx) AVStream *st = avf->streams[idx]; struct oggopus_private *priv = os->private; uint8_t *packet = os->buf + os->pstart; - unsigned toc, toc_config, toc_count, frame_size, nb_frames = 1; if (!os->psize) return AVERROR_INVALIDDATA; - toc = *packet; - toc_config = toc >> 3; - toc_count = toc & 3; - frame_size = toc_config < 12 ? FFMAX(480, 960 * (toc_config & 3)) : - toc_config < 16 ? 480 << (toc_config & 1) : - 120 << (toc_config & 3); - if (toc_count == 3) { - if (os->psize < 2) - return AVERROR_INVALIDDATA; - nb_frames = packet[1] & 0x3F; - } else if (toc_count) { - nb_frames = 2; - } - os->pduration = frame_size * nb_frames; + os->pduration = opus_duration(packet, os->psize); if (os->lastpts != AV_NOPTS_VALUE) { if (st->start_time == AV_NOPTS_VALUE) st->start_time = os->lastpts; From 64908f70e4362d140e288c9ee227249ef5228510 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 11 Sep 2014 23:50:35 +0200 Subject: [PATCH 319/562] avformat/oggparseopus: calculate pts/dts for initial packets after seeking based on code from oggparsevorbis Fixes Ticket3124 Signed-off-by: Michael Niedermayer (cherry picked from commit 7f39352a1b661771cf471986059027acd8e0e31f) Fixes ticket #3943. --- libavformat/oggparseopus.c | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/libavformat/oggparseopus.c b/libavformat/oggparseopus.c index 5a8031471f..6e6adcdb66 100644 --- a/libavformat/oggparseopus.c +++ b/libavformat/oggparseopus.c @@ -112,6 +112,36 @@ static int opus_packet(AVFormatContext *avf, int idx) if (!os->psize) return AVERROR_INVALIDDATA; + if ((!os->lastpts || os->lastpts == AV_NOPTS_VALUE) && !(os->flags & OGG_FLAG_EOS)) { + int seg, d; + int duration; + uint8_t *last_pkt = os->buf + os->pstart; + uint8_t *next_pkt = last_pkt; + + duration = 0; + seg = os->segp; + d = opus_duration(last_pkt, os->psize); + if (d < 0) { + os->pflags |= AV_PKT_FLAG_CORRUPT; + return 0; + } + duration += d; + last_pkt = next_pkt = next_pkt + os->psize; + for (; seg < os->nsegs; seg++) { + if (os->segments[seg] < 255) { + int d = opus_duration(last_pkt, os->segments[seg]); + if (d < 0) { + duration = os->granule; + break; + } + duration += d; + last_pkt = next_pkt + os->segments[seg]; + } + next_pkt += os->segments[seg]; + } + os->lastpts = + os->lastdts = os->granule - duration; + } os->pduration = opus_duration(packet, os->psize); if (os->lastpts != AV_NOPTS_VALUE) { From fc82ba06ee87e16b65ba1a426641e3484a69da71 Mon Sep 17 00:00:00 2001 From: James Almer Date: Thu, 12 Dec 2013 03:34:19 -0300 Subject: [PATCH 320/562] avformat/oggparseopus: Check opus_duration() return value Regression since 39d11d599cd292485fe991cd22e10d7a1738b3bc os->pduration would be wrongly assigned a negative value on invalid packets instead of aborting. Signed-off-by: James Almer Signed-off-by: Michael Niedermayer (cherry picked from commit c619e14c314b44d86a8d552259afb957c0b6775d) --- libavformat/oggparseopus.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libavformat/oggparseopus.c b/libavformat/oggparseopus.c index 6e6adcdb66..86aaaf53e0 100644 --- a/libavformat/oggparseopus.c +++ b/libavformat/oggparseopus.c @@ -108,6 +108,7 @@ static int opus_packet(AVFormatContext *avf, int idx) AVStream *st = avf->streams[idx]; struct oggopus_private *priv = os->private; uint8_t *packet = os->buf + os->pstart; + int ret; if (!os->psize) return AVERROR_INVALIDDATA; @@ -143,7 +144,10 @@ static int opus_packet(AVFormatContext *avf, int idx) os->lastdts = os->granule - duration; } - os->pduration = opus_duration(packet, os->psize); + if ((ret = opus_duration(packet, os->psize)) < 0) + return ret; + + os->pduration = ret; if (os->lastpts != AV_NOPTS_VALUE) { if (st->start_time == AV_NOPTS_VALUE) st->start_time = os->lastpts; From 2d0b2db27e84f978801a81e9ce542f4b544992a8 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 21 Nov 2014 03:08:20 +0100 Subject: [PATCH 321/562] avformat/avidec: fix handling dv in avi Fixes Ticket4086 Signed-off-by: Michael Niedermayer (cherry picked from commit f0ae0354d3f04c369257c2a28557524d28c5df15) --- libavformat/avidec.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavformat/avidec.c b/libavformat/avidec.c index 449c0656f6..86bea76624 100644 --- a/libavformat/avidec.c +++ b/libavformat/avidec.c @@ -1081,7 +1081,7 @@ start_sync: goto start_sync; } - n = avi->dv_demux ? 0 : get_stream_idx(d); + n = get_stream_idx(d); if (!((i - avi->last_pkt_pos) & 1) && get_stream_idx(d + 1) < s->nb_streams) @@ -1093,6 +1093,9 @@ start_sync: goto start_sync; } + if (avi->dv_demux && n != 0) + continue; + // parse ##dc/##wb if (n < s->nb_streams) { AVStream *st; From 712b8e712828c7c8763acd40e23c3f197dd229bf Mon Sep 17 00:00:00 2001 From: Anshul Maheswhwari Date: Thu, 31 Jul 2014 20:59:59 +0530 Subject: [PATCH 322/562] v4l2enc: adding AVClass Signed-off-by: Michael Niedermayer (cherry picked from commit fcb11ec291e9b3e3f352fa4d3e9026c0f7f64aa8) Signed-off-by: Michael Niedermayer --- libavdevice/v4l2enc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavdevice/v4l2enc.c b/libavdevice/v4l2enc.c index 21f0ef6983..db4946581e 100644 --- a/libavdevice/v4l2enc.c +++ b/libavdevice/v4l2enc.c @@ -22,6 +22,7 @@ #include "avdevice.h" typedef struct { + AVClass *class; int fd; } V4L2Context; From d5eca1651f4a93b0dad11e8d2216f08cea9b7c42 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 2 Aug 2014 00:27:23 +0200 Subject: [PATCH 323/562] avcodec/dvdsub_parser: never return 0 when the input isnt 0 Fixes a infinite loop Fixes Ticket3804 Signed-off-by: Michael Niedermayer (cherry picked from commit cfdb30d2f1241de9354a8efdbf8252d0f1a6f933) Signed-off-by: Michael Niedermayer --- libavcodec/dvdsub_parser.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/dvdsub_parser.c b/libavcodec/dvdsub_parser.c index e50c3396e4..9a6457e8b4 100644 --- a/libavcodec/dvdsub_parser.c +++ b/libavcodec/dvdsub_parser.c @@ -46,7 +46,7 @@ static int dvdsub_parse(AVCodecParserContext *s, if (pc->packet_index == 0) { if (buf_size < 2) - return 0; + return buf_size; pc->packet_len = AV_RB16(buf); if (pc->packet_len == 0) /* HD-DVD subpicture packet */ pc->packet_len = AV_RB32(buf+2); From f99675627d1ca2a403444c0e7e6763bec187b051 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 2 Aug 2014 01:15:37 +0200 Subject: [PATCH 324/562] avcodec/dvdsub_parser: Check buf_size before reading 32bit packet size Signed-off-by: Michael Niedermayer (cherry picked from commit 81c1657a593b1c0f8e46fca00ead1d30ee1cd418) Signed-off-by: Michael Niedermayer --- libavcodec/dvdsub_parser.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/dvdsub_parser.c b/libavcodec/dvdsub_parser.c index 9a6457e8b4..07ed4f72fc 100644 --- a/libavcodec/dvdsub_parser.c +++ b/libavcodec/dvdsub_parser.c @@ -45,8 +45,9 @@ static int dvdsub_parse(AVCodecParserContext *s, DVDSubParseContext *pc = s->priv_data; if (pc->packet_index == 0) { - if (buf_size < 2) + if (buf_size < 2 || AV_RB16(buf) && buf_size < 6) { return buf_size; + } pc->packet_len = AV_RB16(buf); if (pc->packet_len == 0) /* HD-DVD subpicture packet */ pc->packet_len = AV_RB32(buf+2); From 384be84bbe8ac967245da80e92b05ee7e516739e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 2 Aug 2014 01:16:14 +0200 Subject: [PATCH 325/562] avcodec/dvdsub_parser: print message if packet is smaller than the packet size field Signed-off-by: Michael Niedermayer (cherry picked from commit bcc898dd2643c883522ffa565be4b226ce798c78) Signed-off-by: Michael Niedermayer --- libavcodec/dvdsub_parser.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/dvdsub_parser.c b/libavcodec/dvdsub_parser.c index 07ed4f72fc..32a945ed65 100644 --- a/libavcodec/dvdsub_parser.c +++ b/libavcodec/dvdsub_parser.c @@ -46,6 +46,8 @@ static int dvdsub_parse(AVCodecParserContext *s, if (pc->packet_index == 0) { if (buf_size < 2 || AV_RB16(buf) && buf_size < 6) { + if (buf_size) + av_log(avctx, AV_LOG_DEBUG, "Parser input %d too small\n", buf_size); return buf_size; } pc->packet_len = AV_RB16(buf); From ded44bda27ec14aaa93152ad46b4e42d3064ad3c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 2 Aug 2014 03:29:42 +0200 Subject: [PATCH 326/562] ffmpeg_opt: Use av_guess_codec() instead of AVOutputFormat->*codec Fixes part of ticket2236 Signed-off-by: Michael Niedermayer (cherry picked from commit 956f4087c6eb717e31f3b92fe03fd56a3747eccf) Signed-off-by: Michael Niedermayer --- ffmpeg_opt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ffmpeg_opt.c b/ffmpeg_opt.c index 4d3633fbed..3c80a248c1 100644 --- a/ffmpeg_opt.c +++ b/ffmpeg_opt.c @@ -1690,7 +1690,7 @@ static int open_output_file(OptionsContext *o, const char *filename) /* pick the "best" stream of each type */ /* video: highest resolution */ - if (!o->video_disable && oc->oformat->video_codec != AV_CODEC_ID_NONE) { + if (!o->video_disable && av_guess_codec(oc->oformat, NULL, filename, NULL, AVMEDIA_TYPE_VIDEO) != AV_CODEC_ID_NONE) { int area = 0, idx = -1; int qcr = avformat_query_codec(oc->oformat, oc->oformat->video_codec, 0); for (i = 0; i < nb_input_streams; i++) { @@ -1712,7 +1712,7 @@ static int open_output_file(OptionsContext *o, const char *filename) } /* audio: most channels */ - if (!o->audio_disable && oc->oformat->audio_codec != AV_CODEC_ID_NONE) { + if (!o->audio_disable && av_guess_codec(oc->oformat, NULL, filename, NULL, AVMEDIA_TYPE_AUDIO) != AV_CODEC_ID_NONE) { int channels = 0, idx = -1; for (i = 0; i < nb_input_streams; i++) { ist = input_streams[i]; From 72149fcb1b79ce38f4c9e0e49d9b1062a9d92d64 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 2 Aug 2014 22:30:03 +0200 Subject: [PATCH 327/562] avformat/tee: flip assigment direction Found-by: CSA Reviewed-by: Nicolas George Signed-off-by: Michael Niedermayer (cherry picked from commit 2e6fdcb7f3c86491408a3699f0aa9dc52b7c5686) Signed-off-by: Michael Niedermayer --- libavformat/tee.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/tee.c b/libavformat/tee.c index 12ea0ea27d..90c9759af5 100644 --- a/libavformat/tee.c +++ b/libavformat/tee.c @@ -468,7 +468,7 @@ static int tee_write_packet(AVFormatContext *avf, AVPacket *pkt) if ((ret = av_copy_packet(&pkt2, pkt)) < 0 || (ret = av_dup_packet(&pkt2))< 0) if (!ret_all) { - ret = ret_all; + ret_all = ret; continue; } tb = avf ->streams[s ]->time_base; From 7d69132775e643963ddcc67f75e58d65a66d3e58 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 2 Aug 2014 18:15:12 +0200 Subject: [PATCH 328/562] avcodec/wavpackenc: Fix log2sample() result value Found-by: CSA Reviewed-by: Paul B Mahol Signed-off-by: Michael Niedermayer (cherry picked from commit e706fe764049b3f1ccf10ba9f686426a4c007906) Signed-off-by: Michael Niedermayer --- libavcodec/wavpackenc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/wavpackenc.c b/libavcodec/wavpackenc.c index d7a1c61e91..bf9f918cd9 100644 --- a/libavcodec/wavpackenc.c +++ b/libavcodec/wavpackenc.c @@ -638,7 +638,7 @@ static uint32_t log2sample(uint32_t v, int limit, uint32_t *result) if ((v += v >> 9) < (1 << 8)) { dbits = nbits_table[v]; - result += (dbits << 8) + wp_log2_table[(v << (9 - dbits)) & 0xff]; + *result += (dbits << 8) + wp_log2_table[(v << (9 - dbits)) & 0xff]; } else { if (v < (1L << 16)) dbits = nbits_table[v >> 8] + 8; @@ -647,7 +647,7 @@ static uint32_t log2sample(uint32_t v, int limit, uint32_t *result) else dbits = nbits_table[v >> 24] + 24; - result += dbits = (dbits << 8) + wp_log2_table[(v >> (dbits - 9)) & 0xff]; + *result += dbits = (dbits << 8) + wp_log2_table[(v >> (dbits - 9)) & 0xff]; if (limit && dbits >= limit) return 1; From 150ae7692efc5890b944699534904af378c06711 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 2 Aug 2014 14:03:30 +0200 Subject: [PATCH 329/562] ffserver: initialize pbuffer in prepare_sdp_description() also check pbuffer before use Found-by: CSA Reviewed-by: Stefano Sabatini Signed-off-by: Michael Niedermayer (cherry picked from commit 1d8d21b90ab91aa471f369e0f9d1ea20fb40733b) Signed-off-by: Michael Niedermayer --- ffserver.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ffserver.c b/ffserver.c index 5ecdb08d38..44f843eb4b 100644 --- a/ffserver.c +++ b/ffserver.c @@ -2972,6 +2972,8 @@ static int prepare_sdp_description(FFStream *stream, uint8_t **pbuffer, AVOutputFormat *rtp_format = av_guess_format("rtp", NULL, NULL); int i; + *pbuffer = NULL; + avc = avformat_alloc_context(); if (avc == NULL || !rtp_format) { return -1; @@ -3008,7 +3010,7 @@ static int prepare_sdp_description(FFStream *stream, uint8_t **pbuffer, av_free(avc); av_free(avs); - return strlen(*pbuffer); + return *pbuffer ? strlen(*pbuffer) : AVERROR(ENOMEM); } static void rtsp_cmd_options(HTTPContext *c, const char *url) From f7ed48938a3346e6493fa64bebc7ff242d2c9cfe Mon Sep 17 00:00:00 2001 From: Anton Khirnov Date: Wed, 6 Aug 2014 10:56:34 +0000 Subject: [PATCH 330/562] cdgraphics: do not return 0 from the decode function 0 means no data consumed, so it can trigger an infinite loop in the caller. CC:libav-stable@libav.org (cherry picked from commit c7d9b473e28238d4a4ef1b7e8b42c1cca256da36) Signed-off-by: Michael Niedermayer --- libavcodec/cdgraphics.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libavcodec/cdgraphics.c b/libavcodec/cdgraphics.c index b7a8fa7ba2..3c07fc726e 100644 --- a/libavcodec/cdgraphics.c +++ b/libavcodec/cdgraphics.c @@ -353,10 +353,9 @@ static int cdg_decode_frame(AVCodecContext *avctx, *got_frame = 1; } else { *got_frame = 0; - buf_size = 0; } - return buf_size; + return avpkt->size; } static av_cold int cdg_decode_end(AVCodecContext *avctx) From f405267493c8baf900195bf7989f371b861041f6 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 10 Aug 2014 21:59:33 +0200 Subject: [PATCH 331/562] avcodec/iff: check pixfmt for rgb8 / rgbn Fixes out of array access Found-by: Piotr Bandurski Signed-off-by: Michael Niedermayer (cherry picked from commit 3539d6c63a16e1b2874bb037a86f317449c58770) Signed-off-by: Michael Niedermayer --- libavcodec/iff.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/iff.c b/libavcodec/iff.c index 5d69539171..f69b420d1e 100644 --- a/libavcodec/iff.c +++ b/libavcodec/iff.c @@ -841,9 +841,9 @@ static int decode_frame(AVCodecContext *avctx, break; case 4: bytestream2_init(&gb, buf, buf_size); - if (avctx->codec_tag == MKTAG('R', 'G', 'B', '8')) + if (avctx->codec_tag == MKTAG('R', 'G', 'B', '8') && avctx->pix_fmt == AV_PIX_FMT_RGB32) decode_rgb8(&gb, s->frame->data[0], avctx->width, avctx->height, s->frame->linesize[0]); - else if (avctx->codec_tag == MKTAG('R', 'G', 'B', 'N')) + else if (avctx->codec_tag == MKTAG('R', 'G', 'B', 'N') && avctx->pix_fmt == AV_PIX_FMT_RGB444) decode_rgbn(&gb, s->frame->data[0], avctx->width, avctx->height, s->frame->linesize[0]); else return unsupported(avctx); From c9da441eb4606a9eeaa12a8f8f9ef8201c01db46 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 11 Aug 2014 15:36:22 +0200 Subject: [PATCH 332/562] avcodec/snow: fix null pointer dereference in cleanup after allocation failure Fixes: snowf.avi Found-by: Piotr Bandurski Signed-off-by: Michael Niedermayer (cherry picked from commit 9a162146ca6cc12ef7ad4a15164349482885962c) Signed-off-by: Michael Niedermayer --- libavcodec/snow.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/snow.c b/libavcodec/snow.c index b54c491f42..9a07d976e5 100644 --- a/libavcodec/snow.c +++ b/libavcodec/snow.c @@ -688,7 +688,7 @@ av_cold void ff_snow_common_end(SnowContext *s) for(i=0; iref_mvs[i]); av_freep(&s->ref_scores[i]); - if(s->last_picture[i]->data[0]) { + if(s->last_picture[i] && s->last_picture[i]->data[0]) { av_assert0(s->last_picture[i]->data[0] != s->current_picture->data[0]); } av_frame_free(&s->last_picture[i]); From e1ed566c1cda19bde0e523c76848ac9ee8b2f139 Mon Sep 17 00:00:00 2001 From: Christophe Gisquet Date: Mon, 11 Aug 2014 22:06:07 +0000 Subject: [PATCH 333/562] proresenc_kostya: remove unneeded parameters Signed-off-by: Michael Niedermayer (cherry picked from commit bf10f09bccdcfdb41b9f5bbae01d55961bfd0693) Signed-off-by: Michael Niedermayer --- libavcodec/proresenc_kostya.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libavcodec/proresenc_kostya.c b/libavcodec/proresenc_kostya.c index 510b4084e2..07198229a6 100644 --- a/libavcodec/proresenc_kostya.c +++ b/libavcodec/proresenc_kostya.c @@ -470,7 +470,6 @@ static void put_alpha_run(PutBitContext *pb, int run) // todo alpha quantisation for high quants static int encode_alpha_plane(ProresContext *ctx, PutBitContext *pb, - const uint16_t *src, int linesize, int mbs_per_slice, uint16_t *blocks, int quant) { @@ -565,7 +564,7 @@ static int encode_slice(AVCodecContext *avctx, const AVFrame *pic, get_alpha_data(ctx, src, linesize, xp, yp, pwidth, avctx->height / ctx->pictures_per_frame, ctx->blocks[0], mbs_per_slice, ctx->alpha_bits); - sizes[i] = encode_alpha_plane(ctx, pb, src, linesize, + sizes[i] = encode_alpha_plane(ctx, pb, mbs_per_slice, ctx->blocks[0], quant); } From 92096acc0a04c108f0393c78592269b748170d0a Mon Sep 17 00:00:00 2001 From: Christophe Gisquet Date: Mon, 11 Aug 2014 22:06:08 +0000 Subject: [PATCH 334/562] proresenc_kostya: report buffer overflow If the allocated size, despite best efforts, is too small, exit with the appropriate error. Signed-off-by: Michael Niedermayer (cherry picked from commit 52b81ff4635c077b2bc8b8d3637d933b6629d803) Signed-off-by: Michael Niedermayer --- libavcodec/proresenc_kostya.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/libavcodec/proresenc_kostya.c b/libavcodec/proresenc_kostya.c index 07198229a6..6e539b0813 100644 --- a/libavcodec/proresenc_kostya.c +++ b/libavcodec/proresenc_kostya.c @@ -569,6 +569,11 @@ static int encode_slice(AVCodecContext *avctx, const AVFrame *pic, quant); } total_size += sizes[i]; + if (put_bits_left(pb) < 0) { + av_log(avctx, AV_LOG_ERROR, "Serious underevaluation of" + "required buffer size"); + return AVERROR_BUFFER_TOO_SMALL; + } } return total_size; } @@ -939,9 +944,9 @@ static int encode_frame(AVCodecContext *avctx, AVPacket *pkt, avctx->coded_frame->pict_type = AV_PICTURE_TYPE_I; avctx->coded_frame->key_frame = 1; - pkt_size = ctx->frame_size_upper_bound + FF_MIN_BUFFER_SIZE; + pkt_size = ctx->frame_size_upper_bound; - if ((ret = ff_alloc_packet2(avctx, pkt, pkt_size)) < 0) + if ((ret = ff_alloc_packet2(avctx, pkt, pkt_size + FF_MIN_BUFFER_SIZE)) < 0) return ret; orig_buf = pkt->data; @@ -1018,7 +1023,9 @@ static int encode_frame(AVCodecContext *avctx, AVPacket *pkt, slice_hdr = buf; buf += slice_hdr_size - 1; init_put_bits(&pb, buf, (pkt_size - (buf - orig_buf)) * 8); - encode_slice(avctx, pic, &pb, sizes, x, y, q, mbs_per_slice); + ret = encode_slice(avctx, pic, &pb, sizes, x, y, q, mbs_per_slice); + if (ret < 0) + return ret; bytestream_put_byte(&slice_hdr, q); slice_size = slice_hdr_size + sizes[ctx->num_planes - 1]; From 407982b8f945f66aa60afbdffe3247ceb26e5ae8 Mon Sep 17 00:00:00 2001 From: Christophe Gisquet Date: Mon, 11 Aug 2014 19:43:27 +0200 Subject: [PATCH 335/562] proresenc_kostya: properly account for alpha The packet buffer allocation considered as dct-coded, while it is actually run-coded and thus requires a larger buffer. Signed-off-by: Michael Niedermayer (cherry picked from commit 117bc8e6ffc744fedcf77edf2fdb33c964b83370) Signed-off-by: Michael Niedermayer --- libavcodec/proresenc_kostya.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/libavcodec/proresenc_kostya.c b/libavcodec/proresenc_kostya.c index 6e539b0813..c411beceda 100644 --- a/libavcodec/proresenc_kostya.c +++ b/libavcodec/proresenc_kostya.c @@ -1193,8 +1193,6 @@ static av_cold int encode_init(AVCodecContext *avctx) ctx->bits_per_mb = ls * 8; if (ctx->chroma_factor == CFACTOR_Y444) ctx->bits_per_mb += ls * 4; - if (ctx->num_planes == 4) - ctx->bits_per_mb += ls * 4; } ctx->frame_size_upper_bound = ctx->pictures_per_frame * @@ -1203,6 +1201,14 @@ static av_cold int encode_init(AVCodecContext *avctx) (mps * ctx->bits_per_mb) / 8) + 200; + if (ctx->alpha_bits) { + // alpha plane is run-coded and might run over bit budget + ctx->frame_size_upper_bound += ctx->pictures_per_frame * + ctx->slices_per_picture * + /* num pixels per slice */ (ctx->mbs_per_slice * 256 * + /* bits per pixel */ (1 + ctx->alpha_bits + 1) + 7 >> 3); + } + avctx->codec_tag = ctx->profile_info->tag; av_log(avctx, AV_LOG_DEBUG, From 656bf0ca79baa7adb64df7c71b8ad6211fb99cdb Mon Sep 17 00:00:00 2001 From: Christophe Gisquet Date: Tue, 19 Aug 2014 12:26:47 +0000 Subject: [PATCH 336/562] wavpack: report if there is no bits left Reviewed-by: Paul B Mahol Signed-off-by: Michael Niedermayer (cherry picked from commit 11a39bdf534a4ead634b4a593c66ebf756910b9b) Signed-off-by: Michael Niedermayer --- libavcodec/wavpack.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c index 203cd28f6d..367150cbb0 100644 --- a/libavcodec/wavpack.c +++ b/libavcodec/wavpack.c @@ -253,6 +253,10 @@ static int wv_get_value(WavpackFrameContext *ctx, GetBitContext *gb, return sign ? ~ret : ret; error: + ret = get_bits_left(gb); + if (ret <= 0) { + av_log(ctx->avctx, AV_LOG_ERROR, "Too few bits (%d) left\n", ret); + } *last = 1; return 0; } From 80b6632b360a6647c1fac798f2af474380cffe8a Mon Sep 17 00:00:00 2001 From: Christophe Gisquet Date: Tue, 19 Aug 2014 12:26:49 +0000 Subject: [PATCH 337/562] wavpackenc: proper buffer allocation The allocation didn't account for headers, that can be easily 79 bytes. As a result, buffers allocated for a few samples (e.g. 5 in the original bug) could be undersized. Fixed ticket #2881. Reviewed-by: Paul B Mahol Signed-off-by: Michael Niedermayer (cherry picked from commit 2ba58bec20b0039ccc40cfba59af6d56de16e8b1) Signed-off-by: Michael Niedermayer --- libavcodec/wavpackenc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavcodec/wavpackenc.c b/libavcodec/wavpackenc.c index bf9f918cd9..80cc088154 100644 --- a/libavcodec/wavpackenc.c +++ b/libavcodec/wavpackenc.c @@ -2876,10 +2876,11 @@ static int wavpack_encode_frame(AVCodecContext *avctx, AVPacket *avpkt, return AVERROR(ENOMEM); } - if ((ret = ff_alloc_packet2(avctx, avpkt, s->block_samples * avctx->channels * 8)) < 0) + buf_size = s->block_samples * avctx->channels * 8 + + 200 /* for headers */; + if ((ret = ff_alloc_packet2(avctx, avpkt, buf_size)) < 0) return ret; buf = avpkt->data; - buf_size = avpkt->size; for (s->ch_offset = 0; s->ch_offset < avctx->channels;) { set_samplerate(s); From 6ab793c2b9bbe1196f9b8af2dd66eef55e631605 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 22 Aug 2014 01:15:57 +0200 Subject: [PATCH 338/562] avcodec: fix aac/ac3 parser bitstream buffer size Buffers containing copies of the AAC and AC3 header bits were not padded before parsing, violating init_get_bits() buffer padding requirement, leading to potential buffer read overflows. This change adds FF_INPUT_BUFFER_PADDING_SIZE bytes to the bit buffer for parsing the header in each of aac_parser.c and ac3_parser.c. Based on patch by: Matt Wolenetz Signed-off-by: Michael Niedermayer (cherry picked from commit fccd85b9f30525f88692f53134eba41f1f2d90db) Signed-off-by: Michael Niedermayer --- libavcodec/aac_parser.c | 2 +- libavcodec/ac3_parser.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/aac_parser.c b/libavcodec/aac_parser.c index ab6ca4e268..cb93ba9482 100644 --- a/libavcodec/aac_parser.c +++ b/libavcodec/aac_parser.c @@ -34,7 +34,7 @@ static int aac_sync(uint64_t state, AACAC3ParseContext *hdr_info, int size; union { uint64_t u64; - uint8_t u8[8]; + uint8_t u8[8 + FF_INPUT_BUFFER_PADDING_SIZE]; } tmp; tmp.u64 = av_be2ne64(state); diff --git a/libavcodec/ac3_parser.c b/libavcodec/ac3_parser.c index 8dc4c0d480..acfbc2ea66 100644 --- a/libavcodec/ac3_parser.c +++ b/libavcodec/ac3_parser.c @@ -147,7 +147,7 @@ static int ac3_sync(uint64_t state, AACAC3ParseContext *hdr_info, int err; union { uint64_t u64; - uint8_t u8[8]; + uint8_t u8[8 + FF_INPUT_BUFFER_PADDING_SIZE]; } tmp = { av_be2ne64(state) }; AC3HeaderInfo hdr; GetBitContext gbc; From cb8f645fafec180b3cdba23838dc9340c0faef11 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 24 Aug 2014 23:33:40 +0200 Subject: [PATCH 339/562] avcodec/utils: add GBRP16 to avcodec_align_dimensions2() Fixes Ticket3869 Signed-off-by: Michael Niedermayer (cherry picked from commit 3fe9e7be4c70c8fccdcd56fd19276e668cfb7de8) Signed-off-by: Michael Niedermayer --- libavcodec/utils.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index c343bf1caf..8b50c45d66 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -327,6 +327,8 @@ void avcodec_align_dimensions2(AVCodecContext *s, int *width, int *height, case AV_PIX_FMT_GBRP12BE: case AV_PIX_FMT_GBRP14LE: case AV_PIX_FMT_GBRP14BE: + case AV_PIX_FMT_GBRP16LE: + case AV_PIX_FMT_GBRP16BE: w_align = 16; //FIXME assume 16 pixel per macroblock h_align = 16 * 2; // interlaced needs 2 macroblocks height break; From 0f8863df86408b9e1ebb473274a2f1ddd8962604 Mon Sep 17 00:00:00 2001 From: Timothy Gu Date: Tue, 26 Aug 2014 16:13:52 -0700 Subject: [PATCH 340/562] bktr: Fix Fabrice's name Signed-off-by: Timothy Gu This file with the incorrect name was added after the name was fixed in all other files. This is thus fixing a mistake Signed-off-by: Michael Niedermayer (cherry picked from commit 25cb697d0c866a7048a11e9321e60df94dfeaeca) Signed-off-by: Michael Niedermayer --- libavdevice/bktr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavdevice/bktr.c b/libavdevice/bktr.c index 4e25aa6ad8..ac6b61a2d4 100644 --- a/libavdevice/bktr.c +++ b/libavdevice/bktr.c @@ -3,7 +3,7 @@ * Copyright (c) 2002 Steve O'Hara-Smith * based on * Linux video grab interface - * Copyright (c) 2000,2001 Gerard Lantau + * Copyright (c) 2000, 2001 Fabrice Bellard * and * simple_grab.c Copyright (c) 1999 Roger Hardiman * From 8c8950f982c5473e5e95d3a7f421d8464be25471 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 30 Aug 2014 02:12:10 +0200 Subject: [PATCH 341/562] avcodec/snow: check coeffs for validity Fixes deadlock Fixes integer overflow Fixes Ticket 3892 Signed-off-by: Michael Niedermayer (cherry picked from commit 596636a474ab201badaae269f3a2cef4824b8c1f) Signed-off-by: Michael Niedermayer --- libavcodec/snow.h | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/libavcodec/snow.h b/libavcodec/snow.h index 60b00623a0..9910f3f6c1 100644 --- a/libavcodec/snow.h +++ b/libavcodec/snow.h @@ -655,7 +655,10 @@ static inline void unpack_coeffs(SnowContext *s, SubBand *b, SubBand * parent, i if(v){ v= 2*(get_symbol2(&s->c, b->state[context + 2], context-4) + 1); v+=get_rac(&s->c, &b->state[0][16 + 1 + 3 + ff_quant3bA[l&0xFF] + 3*ff_quant3bA[t&0xFF]]); - + if ((uint16_t)v != v) { + av_log(s->avctx, AV_LOG_ERROR, "Coefficient damaged\n"); + v = 1; + } xc->x=x; (xc++)->coeff= v; } @@ -665,6 +668,10 @@ static inline void unpack_coeffs(SnowContext *s, SubBand *b, SubBand * parent, i else run= INT_MAX; v= 2*(get_symbol2(&s->c, b->state[0 + 2], 0-4) + 1); v+=get_rac(&s->c, &b->state[0][16 + 1 + 3]); + if ((uint16_t)v != v) { + av_log(s->avctx, AV_LOG_ERROR, "Coefficient damaged\n"); + v = 1; + } xc->x=x; (xc++)->coeff= v; From 17f30ab6a154e18e3d7b6bf57490dc971cd274ca Mon Sep 17 00:00:00 2001 From: wm4 Date: Sat, 30 Aug 2014 15:39:15 +0200 Subject: [PATCH 342/562] oggdec: fix invalid free on error The read_packet callback passes a pointer to a stack-allocated AVPacket. Attempting to free it with av_free() makes no sense. Signed-off-by: Michael Niedermayer (cherry picked from commit b173f5c15572cc82f68128599722e689df4ff137) Conflicts: libavformat/oggdec.c (cherry picked from commit a82401b7284e05e2cf6fb89aeed53738af06a7fd) Signed-off-by: Michael Niedermayer --- libavformat/oggdec.c | 1 - 1 file changed, 1 deletion(-) diff --git a/libavformat/oggdec.c b/libavformat/oggdec.c index e052c27da8..d6e09b4e08 100644 --- a/libavformat/oggdec.c +++ b/libavformat/oggdec.c @@ -780,7 +780,6 @@ retry: 10); if(side_data == NULL) { av_free_packet(pkt); - av_free(pkt); return AVERROR(ENOMEM); } AV_WL32(side_data + 4, os->end_trimming); From cb10e05ff06e13d28c254b9de8473fb3e471e708 Mon Sep 17 00:00:00 2001 From: Mika Raento Date: Mon, 1 Sep 2014 20:10:03 +0300 Subject: [PATCH 343/562] segment: don't access outside seg->frames array Fixes wrong number of segments output and undefined memory access. Signed-off-by: Michael Niedermayer (cherry picked from commit 58e0402e02ae5e466c33b9465c1465fdee68d342) Signed-off-by: Michael Niedermayer --- libavformat/segment.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/segment.c b/libavformat/segment.c index 05e29d427a..dca7822f24 100644 --- a/libavformat/segment.c +++ b/libavformat/segment.c @@ -646,7 +646,7 @@ static int seg_write_packet(AVFormatContext *s, AVPacket *pkt) end_pts = seg->segment_count < seg->nb_times ? seg->times[seg->segment_count] : INT64_MAX; } else if (seg->frames) { - start_frame = seg->segment_count <= seg->nb_frames ? + start_frame = seg->segment_count < seg->nb_frames ? seg->frames[seg->segment_count] : INT_MAX; } else { end_pts = seg->time * (seg->segment_count+1); From 255ebf3aff52e1d0ad32901f883ffad0e58203e6 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 2 Sep 2014 05:22:26 +0200 Subject: [PATCH 344/562] avformat/swfdec: Use side data to communicate w/h changes to the decoder Fixes reading from freed data Fixes part of Ticket3539 Reviewed-by: Paul B Mahol Signed-off-by: Michael Niedermayer (cherry picked from commit 1c55d0ff3202a04ebc67a72d72391104e9bdb633) Signed-off-by: Michael Niedermayer (cherry picked from commit a9734e7d3017ffc9539eaac2a8acce3ad427f746) Signed-off-by: Michael Niedermayer --- libavformat/swfdec.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/libavformat/swfdec.c b/libavformat/swfdec.c index 54e0f6dc0e..00926c8274 100644 --- a/libavformat/swfdec.c +++ b/libavformat/swfdec.c @@ -347,11 +347,15 @@ static int swf_read_packet(AVFormatContext *s, AVPacket *pkt) avpriv_set_pts_info(vst, 64, 256, swf->frame_rate); st = vst; } - st->codec->width = width; - st->codec->height = height; if ((res = av_new_packet(pkt, out_len - colormapsize * colormapbpp)) < 0) goto bitmap_end; + if (!st->codec->width && !st->codec->height) { + st->codec->width = width; + st->codec->height = height; + } else { + ff_add_param_change(pkt, 0, 0, 0, width, height); + } pkt->pos = pos; pkt->stream_index = st->index; From 72f0d13802ba12ff0a89fb8a716d8799117cb5f1 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 2 Sep 2014 16:42:33 +0200 Subject: [PATCH 345/562] avformat/swfdec: Do not change the pixel format This is currently not supported Fixes part of Ticket 3539 Signed-off-by: Michael Niedermayer (cherry picked from commit c2430304dfb3cc0e3a59ce6d1b59ebdcc934a0c2) Signed-off-by: Michael Niedermayer --- libavformat/swfdec.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/libavformat/swfdec.c b/libavformat/swfdec.c index 00926c8274..bf5b581d5d 100644 --- a/libavformat/swfdec.c +++ b/libavformat/swfdec.c @@ -283,6 +283,7 @@ static int swf_read_packet(AVFormatContext *s, AVPacket *pkt) const int bmp_fmt = avio_r8(pb); const int width = avio_rl16(pb); const int height = avio_rl16(pb); + int pix_fmt; len -= 2+1+2+2; @@ -361,7 +362,7 @@ static int swf_read_packet(AVFormatContext *s, AVPacket *pkt) switch (bmp_fmt) { case 3: - st->codec->pix_fmt = AV_PIX_FMT_PAL8; + pix_fmt = AV_PIX_FMT_PAL8; for (i = 0; i < colormapsize; i++) if (alpha_bmp) colormap[i] = buf[3]<<24 | AV_RB24(buf + 4*i); else colormap[i] = 0xffU <<24 | AV_RB24(buf + 3*i); @@ -373,14 +374,20 @@ static int swf_read_packet(AVFormatContext *s, AVPacket *pkt) memcpy(pal, colormap, AVPALETTE_SIZE); break; case 4: - st->codec->pix_fmt = AV_PIX_FMT_RGB555; + pix_fmt = AV_PIX_FMT_RGB555; break; case 5: - st->codec->pix_fmt = alpha_bmp ? AV_PIX_FMT_ARGB : AV_PIX_FMT_0RGB; + pix_fmt = alpha_bmp ? AV_PIX_FMT_ARGB : AV_PIX_FMT_0RGB; break; default: av_assert0(0); } + if (st->codec->pix_fmt != AV_PIX_FMT_NONE && st->codec->pix_fmt != pix_fmt) { + av_log(s, AV_LOG_ERROR, "pixel format change unsupported\n"); + res = AVERROR_PATCHWELCOME; + goto bitmap_end; + } + st->codec->pix_fmt = pix_fmt; if (linesize * height > pkt->size) { res = AVERROR_INVALIDDATA; From f7086be79a59b0982d441af9b1db615946bb1139 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 7 Sep 2014 01:42:28 +0200 Subject: [PATCH 346/562] avcodec/h264: Allow partial escaping Fixes Ticket3923 Signed-off-by: Michael Niedermayer (cherry picked from commit 033a5334badd8af48f13c6fd1e6827f8e3f2c2f3) Signed-off-by: Michael Niedermayer --- libavcodec/h264.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 99f463cb5d..63dcdb9a32 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -631,7 +631,7 @@ const uint8_t *ff_h264_decode_nal(H264Context *h, const uint8_t *src, #define STARTCODE_TEST \ if (i + 2 < length && src[i + 1] == 0 && src[i + 2] <= 3) { \ - if (src[i + 2] != 3) { \ + if (src[i + 2] != 3 && src[i + 2] != 0) { \ /* startcode, so we must be past the end */ \ length = i; \ } \ @@ -704,7 +704,7 @@ const uint8_t *ff_h264_decode_nal(H264Context *h, const uint8_t *src, if (src[si + 2] > 3) { dst[di++] = src[si++]; dst[di++] = src[si++]; - } else if (src[si] == 0 && src[si + 1] == 0) { + } else if (src[si] == 0 && src[si + 1] == 0 && src[si + 2] != 0) { if (src[si + 2] == 3) { // escape dst[di++] = 0; dst[di++] = 0; From 7644b292222c0adcbc49c5a20ebf5b10b8984c66 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 7 Sep 2014 12:52:24 +0200 Subject: [PATCH 347/562] avcodec/mpegvideo: Use "goto fail" for all error paths in ff_mpv_common_frame_size_change() Signed-off-by: Michael Niedermayer (cherry picked from commit 2762323c37511fbbc98b164c07620b9ebc59ec68) Signed-off-by: Michael Niedermayer --- libavcodec/mpegvideo.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mpegvideo.c b/libavcodec/mpegvideo.c index 84e32b4d66..f3c7ea5815 100644 --- a/libavcodec/mpegvideo.c +++ b/libavcodec/mpegvideo.c @@ -1214,7 +1214,7 @@ int ff_MPV_common_frame_size_change(MpegEncContext *s) if ((s->width || s->height) && av_image_check_size(s->width, s->height, 0, s->avctx)) - return AVERROR_INVALIDDATA; + goto fail; if ((err = init_context_frame(s))) goto fail; From 31f5d5f6903ce2296c773fa06da0477f8e7dbef3 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 7 Sep 2014 13:00:47 +0200 Subject: [PATCH 348/562] avcodec/mpegvideo: check that the context is initialized in ff_mpv_common_frame_size_change() The function otherwise would initialize the context without setting context_initialized alternatively we could set context_initialized Fixes valgrind anomalies related to ticket 3928 Signed-off-by: Michael Niedermayer (cherry picked from commit 0d0f7f0ba43f64312ae4a05d97afecf1b7b1330c) Signed-off-by: Michael Niedermayer --- libavcodec/mpegvideo.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/mpegvideo.c b/libavcodec/mpegvideo.c index f3c7ea5815..1fd3e52fed 100644 --- a/libavcodec/mpegvideo.c +++ b/libavcodec/mpegvideo.c @@ -1184,6 +1184,9 @@ int ff_MPV_common_frame_size_change(MpegEncContext *s) { int i, err = 0; + if (!s->context_initialized) + return AVERROR(EINVAL); + if (s->slice_context_count > 1) { for (i = 0; i < s->slice_context_count; i++) { free_duplicate_context(s->thread_context[i]); From cd190f0c3fd38e7c71cbcc185f5dd7eb57480d20 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 7 Sep 2014 14:14:52 +0200 Subject: [PATCH 349/562] avcodec/mpegvideo: Set err on failure in ff_mpv_common_frame_size_change() Found-by: ubitux Signed-off-by: Michael Niedermayer (cherry picked from commit cfce6f7efd28130bf0dd409b2367ca0f8c9b2417) Signed-off-by: Michael Niedermayer --- libavcodec/mpegvideo.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/mpegvideo.c b/libavcodec/mpegvideo.c index 1fd3e52fed..834cc0d551 100644 --- a/libavcodec/mpegvideo.c +++ b/libavcodec/mpegvideo.c @@ -1216,7 +1216,7 @@ int ff_MPV_common_frame_size_change(MpegEncContext *s) s->mb_height = (s->height + 15) / 16; if ((s->width || s->height) && - av_image_check_size(s->width, s->height, 0, s->avctx)) + (err = av_image_check_size(s->width, s->height, 0, s->avctx)) < 0) goto fail; if ((err = init_context_frame(s))) @@ -1233,7 +1233,7 @@ int ff_MPV_common_frame_size_change(MpegEncContext *s) } for (i = 0; i < nb_slices; i++) { - if (init_duplicate_context(s->thread_context[i]) < 0) + if ((err = init_duplicate_context(s->thread_context[i])) < 0) goto fail; s->thread_context[i]->start_mb_y = (s->mb_height * (i) + nb_slices / 2) / nb_slices; From 5bd45a1b27ddc1091b10f425c09cb9a955b0e26e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 7 Sep 2014 16:39:39 +0200 Subject: [PATCH 350/562] avformat/m4vdec: Check for non startcode 00 00 00 sequences in probe Fixes miss detection of PCM as m4v Fixes Ticket 3928 Signed-off-by: Michael Niedermayer (cherry picked from commit 7c1835c52a4be2e4e996f83c91a8d5a147b01100) Signed-off-by: Michael Niedermayer --- libavformat/m4vdec.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/libavformat/m4vdec.c b/libavformat/m4vdec.c index c2fd4d7ab6..7a8f79fe7e 100644 --- a/libavformat/m4vdec.c +++ b/libavformat/m4vdec.c @@ -33,13 +33,15 @@ static int mpeg4video_probe(AVProbeData *probe_packet) for(i=0; ibuf_size; i++){ temp_buffer = (temp_buffer<<8) + probe_packet->buf[i]; - if ((temp_buffer & 0xffffff00) != 0x100) + if (temp_buffer & 0xfffffe00) + continue; + if (temp_buffer < 2) continue; if (temp_buffer == VOP_START_CODE) VOP++; else if (temp_buffer == VISUAL_OBJECT_START_CODE) VISO++; - else if (temp_buffer < 0x120) VO++; - else if (temp_buffer < 0x130) VOL++; + else if (temp_buffer >= 0x100 && temp_buffer < 0x120) VO++; + else if (temp_buffer >= 0x120 && temp_buffer < 0x130) VOL++; else if ( !(0x1AF < temp_buffer && temp_buffer < 0x1B7) && !(0x1B9 < temp_buffer && temp_buffer < 0x1C4)) res++; } From 5e4a821b8a418cd9b050dfc90a1e839e1a5a70f3 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 16 Sep 2014 18:04:51 +0200 Subject: [PATCH 351/562] tools/crypto_bench: fix build when AV_READ_TIME is unavailable Found-by: Andreas Cadhalpun Signed-off-by: Michael Niedermayer (cherry picked from commit 4a99134f1a71994a0dc4542a0d6bee8e36146b60) Signed-off-by: Michael Niedermayer --- tools/crypto_bench.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tools/crypto_bench.c b/tools/crypto_bench.c index 1a699ce684..5300380ebe 100644 --- a/tools/crypto_bench.c +++ b/tools/crypto_bench.c @@ -33,6 +33,10 @@ #include "libavutil/intreadwrite.h" #include "libavutil/timer.h" +#ifndef AV_READ_TIME +#define AV_READ_TIME(x) 0 +#endif + #if HAVE_UNISTD_H #include /* for getopt */ #endif From 36ec1c2c5519044ef7adb1f2d43347d84b56f80b Mon Sep 17 00:00:00 2001 From: Katerina Barone-Adesi Date: Tue, 16 Sep 2014 01:40:24 +0200 Subject: [PATCH 352/562] apetag: Fix APE tag size check The size variable is (correctly) unsigned, but is passed to several functions which take signed parameters, such as avio_read, sometimes after having numbers added to it. So ensure that size remains within the bounds that these functions can handle. CC: libav-stable@libav.org Signed-off-by: Diego Biurrun (cherry picked from commit c5560e72d0bb69f8a1ac9536570398f84388f396) Signed-off-by: Michael Niedermayer --- libavformat/apetag.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libavformat/apetag.c b/libavformat/apetag.c index a376a0bc4a..fda8f95441 100644 --- a/libavformat/apetag.c +++ b/libavformat/apetag.c @@ -53,8 +53,10 @@ static int ape_tag_read_field(AVFormatContext *s) av_log(s, AV_LOG_WARNING, "Invalid APE tag key '%s'.\n", key); return -1; } - if (size >= UINT_MAX) - return -1; + if (size > INT32_MAX - FF_INPUT_BUFFER_PADDING_SIZE) { + av_log(s, AV_LOG_ERROR, "APE tag size too large.\n"); + return AVERROR_INVALIDDATA; + } if (flags & APE_TAG_FLAG_IS_BINARY) { uint8_t filename[1024]; enum AVCodecID id; From 5ecc4a644a1f5ee0ee677dd2db9560001d8c80c8 Mon Sep 17 00:00:00 2001 From: Pascal Massimino Date: Tue, 16 Sep 2014 17:01:07 +0200 Subject: [PATCH 353/562] libavcodec/webp: treat out-of-bound palette index as translucent black See https://code.google.com/p/webp/issues/detail?id=206 for a description of the problem/fix. Signed-off-by: Michael Niedermayer This patch makes the decoder follow the recommendation of the spec. There is some disagreement (see "[FFmpeg-devel] [PATCH]: libavcodec/webp") about what would be best to be written in the spec, so in case the spec is changed again, this potentially would need to be amended or reverted (cherry picked from commit 4fd21d58a72c38ab63c3a4483b420db260fa7b8d) Signed-off-by: Michael Niedermayer --- libavcodec/webp.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/libavcodec/webp.c b/libavcodec/webp.c index 213e1cef16..457f1adf75 100644 --- a/libavcodec/webp.c +++ b/libavcodec/webp.c @@ -1002,7 +1002,7 @@ static int apply_color_indexing_transform(WebPContext *s) ImageContext *img; ImageContext *pal; int i, x, y; - uint8_t *p, *pi; + uint8_t *p; img = &s->image[IMAGE_ROLE_ARGB]; pal = &s->image[IMAGE_ROLE_COLOR_INDEXING]; @@ -1040,11 +1040,11 @@ static int apply_color_indexing_transform(WebPContext *s) p = GET_PIXEL(img->frame, x, y); i = p[2]; if (i >= pal->frame->width) { - av_log(s->avctx, AV_LOG_ERROR, "invalid palette index %d\n", i); - return AVERROR_INVALIDDATA; + AV_WB32(p, 0xFF000000); + } else { + const uint8_t *pi = GET_PIXEL(pal->frame, i, 0); + AV_COPY32(p, pi); } - pi = GET_PIXEL(pal->frame, i, 0); - AV_COPY32(p, pi); } } From 84487650e23b702b5f077a1913c435cdf697da77 Mon Sep 17 00:00:00 2001 From: James Almer Date: Wed, 5 Mar 2014 19:44:36 -0300 Subject: [PATCH 354/562] x86/dsputil: add emms to ff_scalarproduct_int16_mmxext() Also undo the changes to ra144enc.c from previous commits. Should fix ticket #3429 Signed-off-by: James Almer Signed-off-by: Michael Niedermayer (cherry picked from commit 9e0e1f9067430de1655a7b28536b5afed48bded5) Conflicts: libavcodec/ra144enc.c Signed-off-by: Michael Niedermayer --- libavcodec/ra144enc.c | 1 - libavcodec/x86/dsputil.asm | 3 +++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/libavcodec/ra144enc.c b/libavcodec/ra144enc.c index 3558254e56..a01833381f 100644 --- a/libavcodec/ra144enc.c +++ b/libavcodec/ra144enc.c @@ -34,7 +34,6 @@ #include "celp_filters.h" #include "ra144.h" - static av_cold int ra144_encode_close(AVCodecContext *avctx) { RA144Context *ractx = avctx->priv_data; diff --git a/libavcodec/x86/dsputil.asm b/libavcodec/x86/dsputil.asm index 77069e20f8..d7825ee387 100644 --- a/libavcodec/x86/dsputil.asm +++ b/libavcodec/x86/dsputil.asm @@ -61,6 +61,9 @@ cglobal scalarproduct_int16, 3,3,3, v1, v2, order %endif paddd m2, m0 movd eax, m2 +%if mmsize == 8 + emms +%endif RET ; int scalarproduct_and_madd_int16(int16_t *v1, int16_t *v2, int16_t *v3, int order, int mul) From 34ef754854ee6551d0db09c9ae4018e803c50b44 Mon Sep 17 00:00:00 2001 From: Gianluigi Tiesi Date: Fri, 19 Sep 2014 04:49:36 +0200 Subject: [PATCH 355/562] avcodec/libilbc: support for latest git of libilbc in the latest git commits of libilbc developers removed WebRtc_xxx typedefs This commit uses int types instead, it's safe to apply also for previous versions since WebRtc_Word16 was always a typedef of int16_t and WebRtc_UWord16 a typedef of uint16_t Reviewed-by: Timothy Gu Signed-off-by: Michael Niedermayer (cherry picked from commit 59af5383c18c8cf3fe2a4b5cc1ebf2f3300bdfe5) Signed-off-by: Michael Niedermayer --- libavcodec/libilbc.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/libavcodec/libilbc.c b/libavcodec/libilbc.c index 898fe83b1c..9fdd3c83f5 100644 --- a/libavcodec/libilbc.c +++ b/libavcodec/libilbc.c @@ -96,8 +96,7 @@ static int ilbc_decode_frame(AVCodecContext *avctx, void *data, if ((ret = ff_get_buffer(avctx, frame, 0)) < 0) return ret; - WebRtcIlbcfix_DecodeImpl((WebRtc_Word16*) frame->data[0], - (const WebRtc_UWord16*) buf, &s->decoder, 1); + WebRtcIlbcfix_DecodeImpl((int16_t *) frame->data[0], (const uint16_t *) buf, &s->decoder, 1); *got_frame_ptr = 1; @@ -170,7 +169,7 @@ static int ilbc_encode_frame(AVCodecContext *avctx, AVPacket *avpkt, if ((ret = ff_alloc_packet2(avctx, avpkt, 50)) < 0) return ret; - WebRtcIlbcfix_EncodeImpl((WebRtc_UWord16*) avpkt->data, (const WebRtc_Word16*) frame->data[0], &s->encoder); + WebRtcIlbcfix_EncodeImpl((uint16_t *) avpkt->data, (const int16_t *) frame->data[0], &s->encoder); avpkt->size = s->encoder.no_of_bytes; *got_packet_ptr = 1; From 77367f27280ccf82273de119d2e872855d1bf608 Mon Sep 17 00:00:00 2001 From: Pascal Massimino Date: Mon, 22 Sep 2014 14:48:57 -0700 Subject: [PATCH 356/562] avcodec/webp: fix default palette color 0xff000000 -> 0x00000000 Signed-off-by: Michael Niedermayer (cherry picked from commit e5b3112996c3da45aa03b39c5ade375d40d4407d) Signed-off-by: Michael Niedermayer --- libavcodec/webp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/webp.c b/libavcodec/webp.c index 457f1adf75..2044aaf00a 100644 --- a/libavcodec/webp.c +++ b/libavcodec/webp.c @@ -1040,7 +1040,7 @@ static int apply_color_indexing_transform(WebPContext *s) p = GET_PIXEL(img->frame, x, y); i = p[2]; if (i >= pal->frame->width) { - AV_WB32(p, 0xFF000000); + AV_WB32(p, 0x00000000); } else { const uint8_t *pi = GET_PIXEL(pal->frame, i, 0); AV_COPY32(p, pi); From dc319a52f920a522e257a2b878430d916048d9f8 Mon Sep 17 00:00:00 2001 From: Benoit Fouet Date: Tue, 23 Sep 2014 10:07:10 +0200 Subject: [PATCH 357/562] avformat/riffenc: Filter out "BottomUp" in ff_put_bmp_header() Fixes Ticket1304 Commit message and extradata size bugfix by commiter Signed-off-by: Michael Niedermayer (cherry picked from commit 6843b9dc78bc966bb30121828ef4f6b6755cf877) Signed-off-by: Michael Niedermayer --- libavformat/riffenc.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/libavformat/riffenc.c b/libavformat/riffenc.c index 7b4b7ddffe..183fb7f525 100644 --- a/libavformat/riffenc.c +++ b/libavformat/riffenc.c @@ -203,11 +203,15 @@ int ff_put_wav_header(AVIOContext *pb, AVCodecContext *enc) void ff_put_bmp_header(AVIOContext *pb, AVCodecContext *enc, const AVCodecTag *tags, int for_asf, int ignore_extradata) { + int keep_height = enc->extradata_size >= 9 && + !memcmp(enc->extradata + enc->extradata_size - 9, "BottomUp", 9); + int extradata_size = enc->extradata_size - 9*keep_height; + /* size */ - avio_wl32(pb, 40 + (ignore_extradata ? 0 : enc->extradata_size)); + avio_wl32(pb, 40 + (ignore_extradata ? 0 :extradata_size)); avio_wl32(pb, enc->width); //We always store RGB TopDown - avio_wl32(pb, enc->codec_tag ? enc->height : -enc->height); + avio_wl32(pb, enc->codec_tag || keep_height ? enc->height : -enc->height); /* planes */ avio_wl16(pb, 1); /* depth */ @@ -221,9 +225,9 @@ void ff_put_bmp_header(AVIOContext *pb, AVCodecContext *enc, avio_wl32(pb, 0); if (!ignore_extradata) { - avio_write(pb, enc->extradata, enc->extradata_size); + avio_write(pb, enc->extradata, extradata_size); - if (!for_asf && enc->extradata_size & 1) + if (!for_asf && extradata_size & 1) avio_w8(pb, 0); } } From 9c61b4494113dbedea1419632a368b77e414d26e Mon Sep 17 00:00:00 2001 From: Philip DeCamp Date: Wed, 24 Sep 2014 16:15:18 -0400 Subject: [PATCH 358/562] libavutil/opt: fix av_opt_set_channel_layout() to access correct memory address Signed-off-by: Philip DeCamp Signed-off-by: Michael Niedermayer (cherry picked from commit 857fc0a71f1b52fbba3281ba64b5a35195458622) Signed-off-by: Michael Niedermayer --- libavutil/opt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavutil/opt.c b/libavutil/opt.c index 85435dd8fa..95d92a7221 100644 --- a/libavutil/opt.c +++ b/libavutil/opt.c @@ -566,7 +566,7 @@ int av_opt_set_channel_layout(void *obj, const char *name, int64_t cl, int searc "The value set by option '%s' is not a channel layout.\n", o->name); return AVERROR(EINVAL); } - *(int *)(((int64_t *)target_obj) + o->offset) = cl; + *(int64_t *)(((uint8_t *)target_obj) + o->offset) = cl; return 0; } From 8dd6075a7f286e46d01da6790ec66a5a9d42a5f9 Mon Sep 17 00:00:00 2001 From: lvqcl Date: Sat, 27 Sep 2014 13:21:31 +0200 Subject: [PATCH 359/562] avutil/x86/cpu: fix cpuid sub-leaf selection Signed-off-by: Michael Niedermayer (cherry picked from commit e58fc44649d07d523fcd17aa10d9eb0d3a5ef3f4) Signed-off-by: Michael Niedermayer --- libavutil/x86/cpu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavutil/x86/cpu.c b/libavutil/x86/cpu.c index 18049eaead..65ec8259ab 100644 --- a/libavutil/x86/cpu.c +++ b/libavutil/x86/cpu.c @@ -45,7 +45,7 @@ "cpuid \n\t" \ "xchg %%"REG_b", %%"REG_S \ : "=a" (eax), "=S" (ebx), "=c" (ecx), "=d" (edx) \ - : "0" (index)) + : "0" (index), "2"(0)) #define xgetbv(index, eax, edx) \ __asm__ (".byte 0x0f, 0x01, 0xd0" : "=a"(eax), "=d"(edx) : "c" (index)) From c658f6c34d0fc7c833e81aac4a661f9e98e5a3e1 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 27 Sep 2014 20:34:44 +0200 Subject: [PATCH 360/562] avcodec/ac3enc_template: fix out of array read Found-by: Andreas Cadhalpun Signed-off-by: Michael Niedermayer (cherry picked from commit d85ebea3f3b68ebccfe308fa839fc30fa634e4de) Signed-off-by: Michael Niedermayer --- libavcodec/ac3enc_template.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/ac3enc_template.c b/libavcodec/ac3enc_template.c index 354be53c7f..69dd135898 100644 --- a/libavcodec/ac3enc_template.c +++ b/libavcodec/ac3enc_template.c @@ -260,7 +260,7 @@ static void apply_channel_coupling(AC3EncodeContext *s) energy_cpl = energy[blk][CPL_CH][bnd]; energy_ch = energy[blk][ch][bnd]; blk1 = blk+1; - while (!s->blocks[blk1].new_cpl_coords[ch] && blk1 < s->num_blocks) { + while (blk1 < s->num_blocks && !s->blocks[blk1].new_cpl_coords[ch]) { if (s->blocks[blk1].cpl_in_use) { energy_cpl += energy[blk1][CPL_CH][bnd]; energy_ch += energy[blk1][ch][bnd]; From d61a325a68aa7864fb6769436f0b20a6df36abea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Sun, 21 Sep 2014 09:58:10 +0100 Subject: [PATCH 361/562] configure: add noexecstack to linker options if supported. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Reimar Döffinger (cherry picked from commit b7082d953fda93f7841ffffe7d15a6c3cd15bdee) Signed-off-by: Michael Niedermayer --- configure | 1 + 1 file changed, 1 insertion(+) diff --git a/configure b/configure index 1f0cbff7f9..08777a79d9 100755 --- a/configure +++ b/configure @@ -4092,6 +4092,7 @@ EOF fi check_ldflags -Wl,--as-needed +check_ldflags -Wl,-z,noexecstack if check_func dlopen; then ldl= From 23a22b0da90df0ecf0eda0e9e360526854337eea Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 2 Oct 2014 23:17:21 +0200 Subject: [PATCH 362/562] avcodec/jpeglsdec: Check run value more completely in ls_decode_line() previously it could have been by 1 too large Fixes out of array access Fixes: asan_heap-oob_12240f5_1_asan_heap-oob_12240f5_448_t8c1e3.jls Fixes: asan_heap-oob_12240f5_1_asan_heap-oob_12240f5_448_t8nde0.jls Fixes: asan_heap-oob_12240fa_1_asan_heap-oob_12240fa_448_t16e3.jls Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 06e7d58410a17dc72c30ee7f3145fcacc425f4f2) Signed-off-by: Michael Niedermayer --- libavcodec/jpeglsdec.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/jpeglsdec.c b/libavcodec/jpeglsdec.c index 190b9b6d26..5740aaafe5 100644 --- a/libavcodec/jpeglsdec.c +++ b/libavcodec/jpeglsdec.c @@ -217,6 +217,11 @@ static inline void ls_decode_line(JLSState *state, MJpegDecodeContext *s, x += stride; } + if (x >= w) { + av_log(NULL, AV_LOG_ERROR, "run overflow\n"); + return; + } + /* decode run termination value */ Rb = R(last, x); RItype = (FFABS(Ra - Rb) <= state->near) ? 1 : 0; From 9ec550c364835caaa928c361d009b75f25d774a9 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 3 Oct 2014 01:50:27 +0200 Subject: [PATCH 363/562] avcodec/mjpegdec: check bits per pixel for changes similar to dimensions Fixes out of array accesses Fixes: asan_heap-oob_16668e9_2_asan_heap-oob_16668e9_346_miss_congeniality_pegasus_mjpg.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 5c378d6a6df8243f06c87962b873bd563e58cd39) Conflicts: libavcodec/mjpegdec.c --- libavcodec/mjpegdec.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index ddf6467095..e84e331a51 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -218,7 +218,7 @@ int ff_mjpeg_decode_dht(MJpegDecodeContext *s) int ff_mjpeg_decode_sof(MJpegDecodeContext *s) { - int len, nb_components, i, width, height, pix_fmt_id; + int len, nb_components, i, width, height, bits, pix_fmt_id; int h_count[MAX_COMPONENTS]; int v_count[MAX_COMPONENTS]; @@ -228,11 +228,11 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s) /* XXX: verify len field validity */ len = get_bits(&s->gb, 16); s->avctx->bits_per_raw_sample = - s->bits = get_bits(&s->gb, 8); + bits = get_bits(&s->gb, 8); if (s->pegasus_rct) - s->bits = 9; - if (s->bits == 9 && !s->pegasus_rct) + bits = 9; + if (bits == 9 && !s->pegasus_rct) s->rct = 1; // FIXME ugly if(s->lossless && s->avctx->lowres){ @@ -262,7 +262,7 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s) return AVERROR_INVALIDDATA; } } - if (s->ls && !(s->bits <= 8 || nb_components == 1)) { + if (s->ls && !(bits <= 8 || nb_components == 1)) { avpriv_report_missing_feature(s->avctx, "JPEG-LS that is not <= 8 " "bits/component or 16-bit gray"); @@ -308,11 +308,13 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s) /* if different size, realloc/alloc picture */ if ( width != s->width || height != s->height + || bits != s->bits || memcmp(s->h_count, h_count, sizeof(h_count)) || memcmp(s->v_count, v_count, sizeof(v_count))) { s->width = width; s->height = height; + s->bits = bits; memcpy(s->h_count, h_count, sizeof(h_count)); memcpy(s->v_count, v_count, sizeof(v_count)); s->interlaced = 0; From b5298c464f0519b1f7e51f4513021fd004486543 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 3 Oct 2014 04:30:58 +0200 Subject: [PATCH 364/562] avcodec/utils: Add case for jv to avcodec_align_dimensions2() Fixes out of array accesses Fixes: asan_heap-oob_12304aa_8_asan_heap-oob_4da4f3_300_intro.jv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 105654e376a736d243aef4a1d121abebce912e6b) Signed-off-by: Michael Niedermayer --- libavcodec/utils.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index 8b50c45d66..46c0745680 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -358,6 +358,10 @@ void avcodec_align_dimensions2(AVCodecContext *s, int *width, int *height, w_align = 4; h_align = 4; } + if (s->codec_id == AV_CODEC_ID_JV) { + w_align = 8; + h_align = 8; + } break; case AV_PIX_FMT_BGR24: if ((s->codec_id == AV_CODEC_ID_MSZH) || From ce9d497755fd3a8a03221ddf3e7624630c3a14c0 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 3 Oct 2014 14:45:04 +0200 Subject: [PATCH 365/562] avcodec/mmvideo: Bounds check 2nd line of HHV Intra blocks Fixes out of array access Fixes: asan_heap-oob_4da4f3_8_asan_heap-oob_4da4f3_419_scene1a.mm Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 8b0e96e1f21b761ca15dbb470cd619a1ebf86c3e) Signed-off-by: Michael Niedermayer --- libavcodec/mmvideo.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mmvideo.c b/libavcodec/mmvideo.c index 0ba1e0ee53..1150485e25 100644 --- a/libavcodec/mmvideo.c +++ b/libavcodec/mmvideo.c @@ -111,7 +111,7 @@ static int mm_decode_intra(MmContext * s, int half_horiz, int half_vert) if (color) { memset(s->frame->data[0] + y*s->frame->linesize[0] + x, color, run_length); - if (half_vert) + if (half_vert && y + half_vert < s->avctx->height) memset(s->frame->data[0] + (y+1)*s->frame->linesize[0] + x, color, run_length); } x+= run_length; From ceb9d67a0ad1a4076ef349c8756ce8b732d03a34 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 3 Oct 2014 16:08:32 +0200 Subject: [PATCH 366/562] avcodec/tiff: more completely check bpp/bppcount Fixes pixel format selection Fixes out of array accesses Fixes: asan_heap-oob_1766029_6_asan_heap-oob_20aa045_332_cov_1823216757_m2-d1d366d7965db766c19a66c7a2ccbb6b.tif Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit e1c0cfaa419aa5d320540d5a1b3f8fd9b82ab7e5) Signed-off-by: Michael Niedermayer --- libavcodec/tiff.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c index 80c6d6e376..cedab34970 100644 --- a/libavcodec/tiff.c +++ b/libavcodec/tiff.c @@ -604,13 +604,13 @@ static int tiff_decode_tag(TiffContext *s, AVFrame *frame) s->height = value; break; case TIFF_BPP: - s->bppcount = count; - if (count > 4) { + if (count > 4U) { av_log(s->avctx, AV_LOG_ERROR, "This format is not supported (bpp=%d, %d components)\n", - s->bpp, count); + value, count); return AVERROR_INVALIDDATA; } + s->bppcount = count; if (count == 1) s->bpp = value; else { @@ -628,6 +628,13 @@ static int tiff_decode_tag(TiffContext *s, AVFrame *frame) s->bpp = -1; } } + if (s->bpp > 64U) { + av_log(s->avctx, AV_LOG_ERROR, + "This format is not supported (bpp=%d, %d components)\n", + s->bpp, count); + s->bpp = 0; + return AVERROR_INVALIDDATA; + } break; case TIFF_SAMPLES_PER_PIXEL: if (count != 1) { From 5d852f338d5b7f57126666ba8f8f27b02597686f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 3 Oct 2014 17:35:58 +0200 Subject: [PATCH 367/562] avcodec/pngdec: Check bits per pixel before setting monoblack pixel format Fixes out of array accesses Fixes: asan_heap-oob_14dbfcf_4_asan_heap-oob_1ce5767_179_add_method_small.png Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 3e2b745020c2dbf0201fe7df3dad9e7e0b2e1bb6) Signed-off-by: Michael Niedermayer --- libavcodec/pngdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c index 3d21e50288..576679350e 100644 --- a/libavcodec/pngdec.c +++ b/libavcodec/pngdec.c @@ -633,7 +633,7 @@ static int decode_frame(AVCodecContext *avctx, } else if ((s->bits_per_pixel == 1 || s->bits_per_pixel == 2 || s->bits_per_pixel == 4 || s->bits_per_pixel == 8) && s->color_type == PNG_COLOR_TYPE_PALETTE) { avctx->pix_fmt = AV_PIX_FMT_PAL8; - } else if (s->bit_depth == 1) { + } else if (s->bit_depth == 1 && s->bits_per_pixel == 1) { avctx->pix_fmt = AV_PIX_FMT_MONOBLACK; } else if (s->bit_depth == 8 && s->color_type == PNG_COLOR_TYPE_GRAY_ALPHA) { From 4841b2759f110bbb4afd832685d18ec4b3216e1d Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 3 Oct 2014 17:54:21 +0200 Subject: [PATCH 368/562] avcodec/pngdec: Calculate MPNG bytewidth more defensively Signed-off-by: Michael Niedermayer (cherry picked from commit e830902934a29df05c7af65aef2a480b15f572c4) Conflicts: libavcodec/pngdec.c --- libavcodec/pngdec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c index 576679350e..f01df75e48 100644 --- a/libavcodec/pngdec.c +++ b/libavcodec/pngdec.c @@ -841,10 +841,11 @@ static int decode_frame(AVCodecContext *avctx, int i, j; uint8_t *pd = p->data[0]; uint8_t *pd_last = s->last_picture.f->data[0]; + int ls = FFMIN(av_image_get_linesize(p->format, s->width, 0), s->width * s->bpp); ff_thread_await_progress(&s->last_picture, INT_MAX, 0); for (j = 0; j < s->height; j++) { - for (i = 0; i < s->width * s->bpp; i++) { + for (i = 0; i < ls; i++) { pd[i] += pd_last[i]; } pd += s->image_linesize; From 96357894ff9ac019edced85d51cf4a509c12116c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 3 Oct 2014 19:33:01 +0200 Subject: [PATCH 369/562] avcodec/cinepak: fix integer underflow Fixes out of array access Fixes: asan_heap-oob_4da0ba_6_asan_heap-oob_4da0ba_241_cvid_crash.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit e7e5114c506957f40aafd794e06de1a7e341e9d5) Signed-off-by: Michael Niedermayer --- libavcodec/cinepak.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/cinepak.c b/libavcodec/cinepak.c index 082d0b232a..d0d07bc9ef 100644 --- a/libavcodec/cinepak.c +++ b/libavcodec/cinepak.c @@ -135,7 +135,7 @@ static int cinepak_decode_vectors (CinepakContext *s, cvid_strip *strip, const uint8_t *eod = (data + size); uint32_t flag, mask; uint8_t *cb0, *cb1, *cb2, *cb3; - unsigned int x, y; + int x, y; char *ip0, *ip1, *ip2, *ip3; flag = 0; From 05d7e92e4fdd04fd67ff23d931efcb02f4f4d0de Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 3 Oct 2014 20:15:52 +0200 Subject: [PATCH 370/562] avcodec/gifdec: factorize interleave end handling out also change it to a loop Fixes out of array access Fixes: asan_heap-oob_ca5410_8_asan_heap-oob_ca5410_97_ID_LSD_Size_Less_Then_Data_Inter_3.gif Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 8f1457864be8fb9653643519dea1c6492f1dde57) Signed-off-by: Michael Niedermayer --- libavcodec/gifdec.c | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/libavcodec/gifdec.c b/libavcodec/gifdec.c index 4151b88856..73cbb7c39d 100644 --- a/libavcodec/gifdec.c +++ b/libavcodec/gifdec.c @@ -251,26 +251,21 @@ static int gif_read_image(GifState *s, AVFrame *frame) case 1: y1 += 8; ptr += linesize * 8; - if (y1 >= height) { - y1 = pass ? 2 : 4; - ptr = ptr1 + linesize * y1; - pass++; - } break; case 2: y1 += 4; ptr += linesize * 4; - if (y1 >= height) { - y1 = 1; - ptr = ptr1 + linesize; - pass++; - } break; case 3: y1 += 2; ptr += linesize * 2; break; } + while (y1 >= height) { + y1 = 4 >> pass; + ptr = ptr1 + linesize * y1; + pass++; + } } else { ptr += linesize; } From c10c71452fff0aa7563405815cb89914274ddc61 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 3 Oct 2014 21:08:52 +0200 Subject: [PATCH 371/562] avcodec/qpeg: fix off by 1 error in MV bounds check Fixes out of array access Fixes: asan_heap-oob_153760f_4_asan_heap-oob_1d7a4cf_164_VWbig6.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit dd3bfe3cc1ca26d0fff3a3baf61a40207032143f) Signed-off-by: Michael Niedermayer --- libavcodec/qpeg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/qpeg.c b/libavcodec/qpeg.c index da2d3b9d16..eb1be3bf1d 100644 --- a/libavcodec/qpeg.c +++ b/libavcodec/qpeg.c @@ -163,7 +163,7 @@ static void qpeg_decode_inter(QpegContext *qctx, uint8_t *dst, /* check motion vector */ if ((me_x + filled < 0) || (me_x + me_w + filled > width) || - (height - me_y - me_h < 0) || (height - me_y > orig_height) || + (height - me_y - me_h < 0) || (height - me_y >= orig_height) || (filled + me_w > width) || (height - me_h < 0)) av_log(NULL, AV_LOG_ERROR, "Bogus motion vector (%i,%i), block size %ix%i at %i,%i\n", me_x, me_y, me_w, me_h, filled, height); From bf2605c35610e76bb83175407927ffca226dd6fd Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 3 Oct 2014 22:50:45 +0200 Subject: [PATCH 372/562] avcodec/smc: fix off by 1 error Fixes out of array access Fixes: asan_heap-oob_1685bf0_5_asan_heap-oob_1f35116_430_smc.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit c727401aa9d62335e89d118a5b4e202edf39d905) Signed-off-by: Michael Niedermayer --- libavcodec/smc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/smc.c b/libavcodec/smc.c index 31e6c885bf..791612ebd4 100644 --- a/libavcodec/smc.c +++ b/libavcodec/smc.c @@ -70,7 +70,7 @@ typedef struct SmcContext { row_ptr += stride * 4; \ } \ total_blocks--; \ - if (total_blocks < 0) \ + if (total_blocks < 0 + !!n_blocks) \ { \ av_log(s->avctx, AV_LOG_INFO, "warning: block counter just went negative (this should not happen)\n"); \ return; \ From 21808e2181800dabaadca695157ae8e391d6a2aa Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 4 Oct 2014 03:12:34 +0200 Subject: [PATCH 373/562] avcodec/vorbisdec: Fix off by 1 error in ptns_to_read Fixes read of uninitialized memory Fixes: asan_heap-uaf_18dac2b_9_asan_heap-uaf_22eb375_208_beta3_test_small.ogg Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 8c50704ebf1777bee76772c4835d9760b3721057) Signed-off-by: Michael Niedermayer --- libavcodec/vorbisdec.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/libavcodec/vorbisdec.c b/libavcodec/vorbisdec.c index dfffc6f046..1221326561 100644 --- a/libavcodec/vorbisdec.c +++ b/libavcodec/vorbisdec.c @@ -1314,7 +1314,9 @@ static av_always_inline int setup_classifs(vorbis_context *vc, vorbis_residue *vr, uint8_t *do_not_decode, unsigned ch_used, - int partition_count) + int partition_count, + int ptns_to_read + ) { int p, j, i; unsigned c_p_c = vc->codebooks[vr->classbook].dimensions; @@ -1336,7 +1338,7 @@ static av_always_inline int setup_classifs(vorbis_context *vc, for (i = partition_count + c_p_c - 1; i >= partition_count; i--) { temp2 = (((uint64_t)temp) * inverse_class) >> 32; - if (i < vr->ptns_to_read) + if (i < ptns_to_read) vr->classifs[p + i] = temp - temp2 * vr->classifications; temp = temp2; } @@ -1344,13 +1346,13 @@ static av_always_inline int setup_classifs(vorbis_context *vc, for (i = partition_count + c_p_c - 1; i >= partition_count; i--) { temp2 = temp / vr->classifications; - if (i < vr->ptns_to_read) + if (i < ptns_to_read) vr->classifs[p + i] = temp - temp2 * vr->classifications; temp = temp2; } } } - p += vr->ptns_to_read; + p += ptns_to_read; } return 0; } @@ -1404,7 +1406,7 @@ static av_always_inline int vorbis_residue_decode_internal(vorbis_context *vc, for (partition_count = 0; partition_count < ptns_to_read;) { // SPEC error if (!pass) { int ret; - if ((ret = setup_classifs(vc, vr, do_not_decode, ch_used, partition_count)) < 0) + if ((ret = setup_classifs(vc, vr, do_not_decode, ch_used, partition_count, ptns_to_read)) < 0) return ret; } for (i = 0; (i < c_p_c) && (partition_count < ptns_to_read); ++i) { From ea61dfe0abf4e57c8cd798b1853f0e376a02ec03 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 4 Oct 2014 04:29:40 +0200 Subject: [PATCH 374/562] avformat/mpegts: Check desc_len / get8() return code Fixes out of array read Fixes: signal_sigsegv_844d59_10_signal_sigsegv_a17bb7_366_mpegts_mpeg2video_mp2_dvbsub_topfield.rec Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit c3d7f00ee3e09801f56f25db8b5961f25e842bd2) Signed-off-by: Michael Niedermayer --- libavformat/mpegts.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mpegts.c b/libavformat/mpegts.c index ba92304b45..b57eaf5908 100644 --- a/libavformat/mpegts.c +++ b/libavformat/mpegts.c @@ -1766,7 +1766,7 @@ static void sdt_cb(MpegTSFilter *filter, const uint8_t *section, int section_len break; desc_len = get8(&p, desc_list_end); desc_end = p + desc_len; - if (desc_end > desc_list_end) + if (desc_len < 0 || desc_end > desc_list_end) break; av_dlog(ts->stream, "tag: 0x%02x len=%d\n", From f335275c50b8fb0f61f35aa93fa808dcfc3b2338 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 4 Oct 2014 14:51:46 +0200 Subject: [PATCH 375/562] avcodec/h264: Check mode before considering mixed mode intra prediction Fixes out of array read Fixes: asan_heap-oob_e476fc_2_asan_heap-oob_1333ec6_61_CAMACI3_Sony_C.jsv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 9734a7a1de3043f012ad0f1ef11027d9488067e6) Signed-off-by: Michael Niedermayer --- libavcodec/h264.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 63dcdb9a32..c8facbcccf 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -598,18 +598,18 @@ int ff_h264_check_intra_pred_mode(H264Context *h, int mode, int is_chroma) if ((h->left_samples_available & 0x8080) != 0x8080) { mode = left[mode]; - if (is_chroma && (h->left_samples_available & 0x8080)) { - // mad cow disease mode, aka MBAFF + constrained_intra_pred - mode = ALZHEIMER_DC_L0T_PRED8x8 + - (!(h->left_samples_available & 0x8000)) + - 2 * (mode == DC_128_PRED8x8); - } if (mode < 0) { av_log(h->avctx, AV_LOG_ERROR, "left block unavailable for requested intra mode at %d %d\n", h->mb_x, h->mb_y); return AVERROR_INVALIDDATA; } + if (is_chroma && (h->left_samples_available & 0x8080)) { + // mad cow disease mode, aka MBAFF + constrained_intra_pred + mode = ALZHEIMER_DC_L0T_PRED8x8 + + (!(h->left_samples_available & 0x8000)) + + 2 * (mode == DC_128_PRED8x8); + } } return mode; From 11313263ab37c433286189de4ac51d29d2e5e18e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 6 Oct 2014 01:08:20 +0200 Subject: [PATCH 376/562] swresample/swresample: fix sample drop loop end condition Fixes Ticket3985 Signed-off-by: Michael Niedermayer (cherry picked from commit f9fefa499f0af48f47ea73c8ce0b25df0976c315) Signed-off-by: Michael Niedermayer --- libswresample/swresample.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libswresample/swresample.c b/libswresample/swresample.c index 30c34348e4..ec0c770ab4 100644 --- a/libswresample/swresample.c +++ b/libswresample/swresample.c @@ -753,6 +753,8 @@ int swr_convert(struct SwrContext *s, uint8_t *out_arg[SWR_CH_MAX], int out_coun in_count = 0; if(ret>0) { s->drop_output -= ret; + if (!s->drop_output && !out_arg) + return 0; continue; } From 3fd2ff1b4f2efe5a8eb9e4c7e0976a7758269bd6 Mon Sep 17 00:00:00 2001 From: Christophe Gisquet Date: Thu, 9 Oct 2014 23:27:38 +0200 Subject: [PATCH 377/562] utvideoenc: properly set slice height/last line Mimic decoder and obey sampling. Does not affect fate tests for utvideo. Fixes ticket #3949. Signed-off-by: Michael Niedermayer (cherry picked from commit cb530dda7d76790b08ee3b7f67e251f3ce48c359) Signed-off-by: Michael Niedermayer --- libavcodec/utvideoenc.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/libavcodec/utvideoenc.c b/libavcodec/utvideoenc.c index bed74c5af1..b165b37629 100644 --- a/libavcodec/utvideoenc.c +++ b/libavcodec/utvideoenc.c @@ -351,7 +351,7 @@ static int write_huff_codes(uint8_t *src, uint8_t *dst, int dst_size, } static int encode_plane(AVCodecContext *avctx, uint8_t *src, - uint8_t *dst, int stride, + uint8_t *dst, int stride, int plane_no, int width, int height, PutByteContext *pb) { UtvideoContext *c = avctx->priv_data; @@ -361,6 +361,7 @@ static int encode_plane(AVCodecContext *avctx, uint8_t *src, HuffEntry he[256]; uint32_t offset = 0, slice_len = 0; + const int cmask = ~(!plane_no && avctx->pix_fmt == AV_PIX_FMT_YUV420P); int i, sstart, send = 0; int symbol; @@ -369,7 +370,7 @@ static int encode_plane(AVCodecContext *avctx, uint8_t *src, case PRED_NONE: for (i = 0; i < c->slices; i++) { sstart = send; - send = height * (i + 1) / c->slices; + send = height * (i + 1) / c->slices & cmask; av_image_copy_plane(dst + sstart * width, width, src + sstart * stride, stride, width, send - sstart); @@ -378,7 +379,7 @@ static int encode_plane(AVCodecContext *avctx, uint8_t *src, case PRED_LEFT: for (i = 0; i < c->slices; i++) { sstart = send; - send = height * (i + 1) / c->slices; + send = height * (i + 1) / c->slices & cmask; left_predict(src + sstart * stride, dst + sstart * width, stride, width, send - sstart); } @@ -386,7 +387,7 @@ static int encode_plane(AVCodecContext *avctx, uint8_t *src, case PRED_MEDIAN: for (i = 0; i < c->slices; i++) { sstart = send; - send = height * (i + 1) / c->slices; + send = height * (i + 1) / c->slices & cmask; median_predict(c, src + sstart * stride, dst + sstart * width, stride, width, send - sstart); } @@ -449,7 +450,7 @@ static int encode_plane(AVCodecContext *avctx, uint8_t *src, send = 0; for (i = 0; i < c->slices; i++) { sstart = send; - send = height * (i + 1) / c->slices; + send = height * (i + 1) / c->slices & cmask; /* * Write the huffman codes to a buffer, @@ -531,7 +532,7 @@ static int utvideo_encode_frame(AVCodecContext *avctx, AVPacket *pkt, case AV_PIX_FMT_RGBA: for (i = 0; i < c->planes; i++) { ret = encode_plane(avctx, c->slice_buffer[i] + 2 * c->slice_stride, - c->slice_buffer[i], c->slice_stride, + c->slice_buffer[i], c->slice_stride, i, width, height, &pb); if (ret) { @@ -543,7 +544,7 @@ static int utvideo_encode_frame(AVCodecContext *avctx, AVPacket *pkt, case AV_PIX_FMT_YUV422P: for (i = 0; i < c->planes; i++) { ret = encode_plane(avctx, pic->data[i], c->slice_buffer[0], - pic->linesize[i], width >> !!i, height, &pb); + pic->linesize[i], i, width >> !!i, height, &pb); if (ret) { av_log(avctx, AV_LOG_ERROR, "Error encoding plane %d.\n", i); @@ -554,7 +555,7 @@ static int utvideo_encode_frame(AVCodecContext *avctx, AVPacket *pkt, case AV_PIX_FMT_YUV420P: for (i = 0; i < c->planes; i++) { ret = encode_plane(avctx, pic->data[i], c->slice_buffer[0], - pic->linesize[i], width >> !!i, height >> !!i, + pic->linesize[i], i, width >> !!i, height >> !!i, &pb); if (ret) { From a90ed80d05b7851316c1f71e68d03c2c13b7044c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 12 Oct 2014 20:26:27 +0200 Subject: [PATCH 378/562] postproc/postprocess: fix quant store for fq mode Signed-off-by: Michael Niedermayer (cherry picked from commit 941aaa39e8cd78ba4d16dfcec767290aec9a0136) Conflicts: tests/ref/fate/filter-pp3 (cherry picked from commit 705748caf3f6a4a3e74ad3d2fc547a5a0213a521) Signed-off-by: Michael Niedermayer --- libpostproc/postprocess.c | 2 +- tests/ref/fate/filter-pp3 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/libpostproc/postprocess.c b/libpostproc/postprocess.c index b34943f983..fb18776f94 100644 --- a/libpostproc/postprocess.c +++ b/libpostproc/postprocess.c @@ -1000,7 +1000,7 @@ void pp_postprocess(const uint8_t * src[3], const int srcStride[3], if((pict_type&7)!=3){ if (QPStride >= 0){ int i; - const int count= mbHeight * QPStride; + const int count= mbHeight * FFMAX(QPStride, mbWidth); for(i=0; i<(count>>2); i++){ ((uint32_t*)c->nonBQPTable)[i] = ((const uint32_t*)QP_store)[i] & 0x3F3F3F3F; } diff --git a/tests/ref/fate/filter-pp3 b/tests/ref/fate/filter-pp3 index ccf2eebc62..1af87610c8 100644 --- a/tests/ref/fate/filter-pp3 +++ b/tests/ref/fate/filter-pp3 @@ -1 +1 @@ -pp3 39af1a30d0ea0e906df264773adfcaa6 +pp3 c8277ef31ab01bad51356841c9634522 From 95fa91d97525b9064d7d0b5e7ec03112e9f8a729 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 13 Oct 2014 16:02:42 +0200 Subject: [PATCH 379/562] postproc: fix qp count Found-by: ubitux Signed-off-by: Michael Niedermayer (cherry picked from commit 0b7e5d0d75e7d8762dd04d35f8c0821736164372) Signed-off-by: Michael Niedermayer --- libpostproc/postprocess.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libpostproc/postprocess.c b/libpostproc/postprocess.c index fb18776f94..8e5b043060 100644 --- a/libpostproc/postprocess.c +++ b/libpostproc/postprocess.c @@ -975,7 +975,7 @@ void pp_postprocess(const uint8_t * src[3], const int srcStride[3], if(pict_type & PP_PICT_TYPE_QP2){ int i; - const int count= mbHeight * absQPStride; + const int count= FFMAX(mbHeight * absQPStride, mbWidth); for(i=0; i<(count>>2); i++){ ((uint32_t*)c->stdQPTable)[i] = (((const uint32_t*)QP_store)[i]>>1) & 0x7F7F7F7F; } @@ -1000,7 +1000,7 @@ void pp_postprocess(const uint8_t * src[3], const int srcStride[3], if((pict_type&7)!=3){ if (QPStride >= 0){ int i; - const int count= mbHeight * FFMAX(QPStride, mbWidth); + const int count= FFMAX(mbHeight * QPStride, mbWidth); for(i=0; i<(count>>2); i++){ ((uint32_t*)c->nonBQPTable)[i] = ((const uint32_t*)QP_store)[i] & 0x3F3F3F3F; } From 917946e1c96e0e6763970d3e39991f3efa923316 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 28 Oct 2014 01:23:40 +0100 Subject: [PATCH 380/562] avcodec/diracdec: Use 64bit in calculation of codeblock coordinates Fixes integer overflow Fixes out of array read Fixes: asan_heap-oob_107866c_42_041.drc Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 526886e6069636a918c8c04db17e864e3d8151c1) Signed-off-by: Michael Niedermayer --- libavcodec/diracdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c index a9a8c27712..c0b5a65cdb 100644 --- a/libavcodec/diracdec.c +++ b/libavcodec/diracdec.c @@ -615,10 +615,10 @@ static av_always_inline void decode_subband_internal(DiracContext *s, SubBand *b top = 0; for (cb_y = 0; cb_y < cb_height; cb_y++) { - bottom = (b->height * (cb_y+1)) / cb_height; + bottom = (b->height * (cb_y+1LL)) / cb_height; left = 0; for (cb_x = 0; cb_x < cb_width; cb_x++) { - right = (b->width * (cb_x+1)) / cb_width; + right = (b->width * (cb_x+1LL)) / cb_width; codeblock(s, b, &gb, &c, left, right, top, bottom, blockcnt_one, is_arith); left = right; } From 824f29e4fbb770b678f18ec94f07bdef356a0b7f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 28 Oct 2014 01:23:40 +0100 Subject: [PATCH 381/562] avcodec/diracdec: Tighter checks on CODEBLOCKS_X/Y Fixes very long but finite loop Fixes: asan_heap-oob_107866c_42_041.drc Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 5145d22b88b9835db81c4d286b931a78e08ab76a) Signed-off-by: Michael Niedermayer --- libavcodec/diracdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c index c0b5a65cdb..80cf297406 100644 --- a/libavcodec/diracdec.c +++ b/libavcodec/diracdec.c @@ -1007,8 +1007,8 @@ static int dirac_unpack_idwt_params(DiracContext *s) /* Codeblock parameters (core syntax only) */ if (get_bits1(gb)) { for (i = 0; i <= s->wavelet_depth; i++) { - CHECKEDREAD(s->codeblock[i].width , tmp < 1, "codeblock width invalid\n") - CHECKEDREAD(s->codeblock[i].height, tmp < 1, "codeblock height invalid\n") + CHECKEDREAD(s->codeblock[i].width , tmp < 1 || tmp > (s->avctx->width >>s->wavelet_depth-i), "codeblock width invalid\n") + CHECKEDREAD(s->codeblock[i].height, tmp < 1 || tmp > (s->avctx->height>>s->wavelet_depth-i), "codeblock height invalid\n") } CHECKEDREAD(s->codeblock_mode, tmp > 1, "unknown codeblock mode\n") From dc2f4b72673a54590f74c6b39d18aa783e4a3b81 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 28 Oct 2014 02:14:41 +0100 Subject: [PATCH 382/562] avcodec/dirac_arith: fix integer overflow Fixes: asan_heap-oob_1078676_9_008.drc Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 39680caceebfc6abf09b17032048752c014e57a8) Signed-off-by: Michael Niedermayer --- libavcodec/dirac_arith.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/dirac_arith.h b/libavcodec/dirac_arith.h index 089c71a698..a1fa96b5bc 100644 --- a/libavcodec/dirac_arith.h +++ b/libavcodec/dirac_arith.h @@ -171,6 +171,10 @@ static inline int dirac_get_arith_uint(DiracArith *c, int follow_ctx, int data_c { int ret = 1; while (!dirac_get_arith_bit(c, follow_ctx)) { + if (ret >= 0x40000000) { + av_log(NULL, AV_LOG_ERROR, "dirac_get_arith_uint overflow\n"); + return -1; + } ret <<= 1; ret += dirac_get_arith_bit(c, data_ctx); follow_ctx = ff_dirac_next_ctx[follow_ctx]; From 8c5c45b9e1b636c84ba4b928ac00fe2f78ac48be Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 28 Oct 2014 15:26:42 +0100 Subject: [PATCH 383/562] avcodec/dxa: check dimensions Fixes out of array access Fixes: asan_heap-oob_11222fb_21_020.dxa Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit e70312dfc22c4e54d5716f28f28db8f99c74cc90) Signed-off-by: Michael Niedermayer --- libavcodec/dxa.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/dxa.c b/libavcodec/dxa.c index 1d96f10ef4..ff7581f757 100644 --- a/libavcodec/dxa.c +++ b/libavcodec/dxa.c @@ -321,6 +321,11 @@ static av_cold int decode_init(AVCodecContext *avctx) { DxaDecContext * const c = avctx->priv_data; + if (avctx->width%4 || avctx->height%4) { + avpriv_request_sample(avctx, "dimensions are not a multiple of 4"); + return AVERROR_INVALIDDATA; + } + c->prev = av_frame_alloc(); if (!c->prev) return AVERROR(ENOMEM); From a2619a0a36db9d06aa4b1168c2cc894463bc8feb Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 29 Oct 2014 00:57:07 +0100 Subject: [PATCH 384/562] avcodec/dnxhddec: treat pix_fmt like width/height Fixes out of array accesses Fixes: asan_heap-oob_22c9a39_16_015.mxf Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit f3c0e0bf6f53df0977f3878d4f5cec99dff8de9e) Conflicts: libavcodec/dnxhddec.c --- libavcodec/dnxhddec.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/libavcodec/dnxhddec.c b/libavcodec/dnxhddec.c index 15e6c679e4..b70665fd89 100644 --- a/libavcodec/dnxhddec.c +++ b/libavcodec/dnxhddec.c @@ -35,6 +35,7 @@ typedef struct DNXHDContext { GetBitContext gb; int64_t cid; ///< compression id unsigned int width, height; + enum AVPixelFormat pix_fmt; unsigned int mb_width, mb_height; uint32_t mb_scan_index[68]; /* max for 1080p */ int cur_field; ///< current interlaced field @@ -128,7 +129,7 @@ static int dnxhd_decode_header(DNXHDContext *ctx, AVFrame *frame, av_dlog(ctx->avctx, "width %d, height %d\n", ctx->width, ctx->height); if (buf[0x21] & 0x40) { - ctx->avctx->pix_fmt = AV_PIX_FMT_YUV422P10; + ctx->pix_fmt = AV_PIX_FMT_YUV422P10; ctx->avctx->bits_per_raw_sample = 10; if (ctx->bit_depth != 10) { ff_dsputil_init(&ctx->dsp, ctx->avctx); @@ -136,7 +137,7 @@ static int dnxhd_decode_header(DNXHDContext *ctx, AVFrame *frame, ctx->decode_dct_block = dnxhd_decode_dct_block_10; } } else { - ctx->avctx->pix_fmt = AV_PIX_FMT_YUV422P; + ctx->pix_fmt = AV_PIX_FMT_YUV422P; ctx->avctx->bits_per_raw_sample = 8; if (ctx->bit_depth != 8) { ff_dsputil_init(&ctx->dsp, ctx->avctx); @@ -376,9 +377,15 @@ static int dnxhd_decode_frame(AVCodecContext *avctx, void *data, int *got_frame, avctx->width, avctx->height, ctx->width, ctx->height); first_field = 1; } + if (avctx->pix_fmt != AV_PIX_FMT_NONE && avctx->pix_fmt != ctx->pix_fmt) { + av_log(avctx, AV_LOG_WARNING, "pix_fmt changed: %s -> %s\n", + av_get_pix_fmt_name(avctx->pix_fmt), av_get_pix_fmt_name(ctx->pix_fmt)); + first_field = 1; + } if (av_image_check_size(ctx->width, ctx->height, 0, avctx)) return -1; + avctx->pix_fmt = ctx->pix_fmt; avcodec_set_dimensions(avctx, ctx->width, ctx->height); if (first_field) { From a4b6d5574f056ca535894b486a14ea22c11a5df1 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 29 Oct 2014 14:15:29 +0100 Subject: [PATCH 385/562] avcodec/utils: Align dimensions by at least their chroma sub-sampling factors. Fixes: out of array accesses Fixes: asan_heap-oob_112c6b3_13_012.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit df74811cd53e45fcbbd3b77a1c42416816687c5c) Signed-off-by: Michael Niedermayer --- libavcodec/utils.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index 46c0745680..3b1199064c 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -251,6 +251,12 @@ void avcodec_align_dimensions2(AVCodecContext *s, int *width, int *height, int i; int w_align = 1; int h_align = 1; + AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(s->pix_fmt); + + if (desc) { + w_align = 1 << desc->log2_chroma_w; + h_align = 1 << desc->log2_chroma_h; + } switch (s->pix_fmt) { case AV_PIX_FMT_YUV420P: @@ -377,8 +383,6 @@ void avcodec_align_dimensions2(AVCodecContext *s, int *width, int *height, } break; default: - w_align = 1; - h_align = 1; break; } From ffd5ccee5df504ea8a9f0a8da71e2ce5433da728 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 30 Oct 2014 01:19:17 +0100 Subject: [PATCH 386/562] avcodec/g2meet: check tile dimensions to avoid integer overflow Fixes out of array access Fixes: asan_heap-oob_12a55d3_30_029.wmv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 32e666c354e4a3160d8cf1d303cb51990b095c87) Conflicts: libavcodec/g2meet.c --- libavcodec/g2meet.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavcodec/g2meet.c b/libavcodec/g2meet.c index b83be23bc0..a9c44cfcad 100644 --- a/libavcodec/g2meet.c +++ b/libavcodec/g2meet.c @@ -714,7 +714,10 @@ static int g2m_decode_frame(AVCodecContext *avctx, void *data, } c->tile_width = bytestream2_get_be32(&bc); c->tile_height = bytestream2_get_be32(&bc); - if (!c->tile_width || !c->tile_height) { + if (c->tile_width <= 0 || c->tile_height <= 0 || + ((c->tile_width | c->tile_height) & 0xF) || + c->tile_width * 4LL * c->tile_height >= INT_MAX + ) { av_log(avctx, AV_LOG_ERROR, "Invalid tile dimensions %dx%d\n", c->tile_width, c->tile_height); From 3467dfed6bf363061a2f428557293807aa5ea5a6 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 30 Oct 2014 16:53:09 +0100 Subject: [PATCH 387/562] avcodec/cook: check that the subpacket sizes fit in block_align Fixes out of array read Fixes: asan_heap-oob_fb5c50_19_018.rmvb Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 10e32618acce9c3fc64c061eb7907e8a8d2749ae) Signed-off-by: Michael Niedermayer --- libavcodec/cook.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/cook.c b/libavcodec/cook.c index 083d26bf6f..008dee93ef 100644 --- a/libavcodec/cook.c +++ b/libavcodec/cook.c @@ -1217,8 +1217,8 @@ static av_cold int cook_decode_init(AVCodecContext *avctx) q->num_subpackets++; s++; - if (s > MAX_SUBPACKETS) { - avpriv_request_sample(avctx, "subpackets > %d", MAX_SUBPACKETS); + if (s > FFMIN(MAX_SUBPACKETS, avctx->block_align)) { + avpriv_request_sample(avctx, "subpackets > %d", FFMIN(MAX_SUBPACKETS, avctx->block_align)); return AVERROR_PATCHWELCOME; } } From bc0a6add0aeaa7582d8757f80a9476a8a08f5804 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 30 Oct 2014 18:16:25 +0100 Subject: [PATCH 388/562] avcodec/svq1dec: zero terminate embedded message before printing Fixes out of array access Fixes: asan_stack-oob_49b1e5_10_009.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit e91ba2efa949470e9157b652535d207a101f91e0) Signed-off-by: Michael Niedermayer --- libavcodec/svq1dec.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/libavcodec/svq1dec.c b/libavcodec/svq1dec.c index 5193798ea4..b1aadcde6c 100644 --- a/libavcodec/svq1dec.c +++ b/libavcodec/svq1dec.c @@ -495,7 +495,7 @@ static int svq1_decode_delta_block(AVCodecContext *avctx, HpelDSPContext *hdsp, return result; } -static void svq1_parse_string(GetBitContext *bitbuf, uint8_t *out) +static void svq1_parse_string(GetBitContext *bitbuf, uint8_t out[257]) { uint8_t seed; int i; @@ -507,6 +507,7 @@ static void svq1_parse_string(GetBitContext *bitbuf, uint8_t *out) out[i] = get_bits(bitbuf, 8) ^ seed; seed = string_table[out[i] ^ seed]; } + out[i] = 0; } static int svq1_decode_frame_header(AVCodecContext *avctx, AVFrame *frame) @@ -549,12 +550,12 @@ static int svq1_decode_frame_header(AVCodecContext *avctx, AVFrame *frame) } if ((s->frame_code ^ 0x10) >= 0x50) { - uint8_t msg[256]; + uint8_t msg[257]; svq1_parse_string(bitbuf, msg); av_log(avctx, AV_LOG_INFO, - "embedded message:\n%s\n", (char *)msg); + "embedded message:\n%s\n", ((char *)msg) + 1); } skip_bits(bitbuf, 2); From 4352a971afeb88c13f786b2d409480c49e45c7ed Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 2 Nov 2014 01:55:40 +0100 Subject: [PATCH 389/562] avcodec/h264_slice: Clear table pointers to avoid stale pointers Might fix Ticket3889 Signed-off-by: Michael Niedermayer (cherry picked from commit 547fce95858ef83f8c25ae347e3ae3b8ba437fd9) Conflicts: libavcodec/h264_slice.c --- libavcodec/h264.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index c8facbcccf..7ea833fa83 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -1807,6 +1807,17 @@ static int decode_update_thread_context(AVCodecContext *dst, h->mb_type_pool = NULL; h->ref_index_pool = NULL; h->motion_val_pool = NULL; + h->intra4x4_pred_mode= NULL; + h->non_zero_count = NULL; + h->slice_table_base = NULL; + h->slice_table = NULL; + h->cbp_table = NULL; + h->chroma_pred_mode_table = NULL; + memset(h->mvd_table, 0, sizeof(h->mvd_table)); + h->direct_table = NULL; + h->list_counts = NULL; + h->mb2b_xy = NULL; + h->mb2br_xy = NULL; for (i = 0; i < 2; i++) { h->rbsp_buffer[i] = NULL; h->rbsp_buffer_size[i] = 0; From 1987afe5a0c51c686f1e8a54d5bfcb218b7c7ec6 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Thu, 30 Oct 2014 00:27:04 +0100 Subject: [PATCH 390/562] lavc/utils: Make pix_fmt desc pointer const. Fixes an "initialization discards qualifiers from pointer target type" warning. (cherry picked from commit f05855414ed4cce97c06ba2a31f4987af47e6d4e) Signed-off-by: Michael Niedermayer --- libavcodec/utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index 3b1199064c..7391a69611 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -251,7 +251,7 @@ void avcodec_align_dimensions2(AVCodecContext *s, int *width, int *height, int i; int w_align = 1; int h_align = 1; - AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(s->pix_fmt); + AVPixFmtDescriptor const *desc = av_pix_fmt_desc_get(s->pix_fmt); if (desc) { w_align = 1 << desc->log2_chroma_w; From de259f32ac12b1d87d2b4965c7e717d5414edd38 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 3 Nov 2014 13:20:24 +0100 Subject: [PATCH 391/562] avcodec/options_table fix min of audio channels and sample rate Found-by: Lukasz Marek Signed-off-by: Michael Niedermayer (cherry picked from commit 206c98f303e833c9e94427c9e3f9867f85265f78) Signed-off-by: Michael Niedermayer --- libavcodec/options_table.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/options_table.h b/libavcodec/options_table.h index c1a4ceb3a9..516722db78 100644 --- a/libavcodec/options_table.h +++ b/libavcodec/options_table.h @@ -92,8 +92,8 @@ static const AVOption avcodec_options[] = { {"extradata_size", NULL, OFFSET(extradata_size), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX}, {"time_base", NULL, OFFSET(time_base), AV_OPT_TYPE_RATIONAL, {.dbl = 0}, INT_MIN, INT_MAX}, {"g", "set the group of picture (GOP) size", OFFSET(gop_size), AV_OPT_TYPE_INT, {.i64 = 12 }, INT_MIN, INT_MAX, V|E}, -{"ar", "set audio sampling rate (in Hz)", OFFSET(sample_rate), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, A|D|E}, -{"ac", "set number of audio channels", OFFSET(channels), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, A|D|E}, +{"ar", "set audio sampling rate (in Hz)", OFFSET(sample_rate), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, 0, INT_MAX, A|D|E}, +{"ac", "set number of audio channels", OFFSET(channels), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, 0, INT_MAX, A|D|E}, {"cutoff", "set cutoff bandwidth", OFFSET(cutoff), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, A|E}, {"frame_size", NULL, OFFSET(frame_size), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, A|E}, {"frame_number", NULL, OFFSET(frame_number), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX}, From 58e673b9a3457bcffae39b3f90c7d9a20f29d68d Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 10 Nov 2014 19:44:20 +0100 Subject: [PATCH 392/562] avcodec/utvideodec: fix assumtation that slice_height >= 1 Fixes out of array read Fixes: asan_heap-oob_2573085_3783_utvideo_rgba_median.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 7656c4c6e66f8a787d384f027ad824cc1677fda1) Signed-off-by: Michael Niedermayer --- libavcodec/utvideodec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/utvideodec.c b/libavcodec/utvideodec.c index 1c7677345c..ff69a25002 100644 --- a/libavcodec/utvideodec.c +++ b/libavcodec/utvideodec.c @@ -222,7 +222,7 @@ static void restore_median(uint8_t *src, int step, int stride, A = bsrc[i]; } bsrc += stride; - if (slice_height == 1) + if (slice_height <= 1) continue; // second line - first element has top prediction, the rest uses median C = bsrc[-stride]; @@ -282,7 +282,7 @@ static void restore_median_il(uint8_t *src, int step, int stride, A = bsrc[stride + i]; } bsrc += stride2; - if (slice_height == 1) + if (slice_height <= 1) continue; // second line - first element has top prediction, the rest uses median C = bsrc[-stride2]; From d3e19509cf4350063711d7cdb069c11f2423d8a1 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 10 Nov 2014 23:07:50 +0100 Subject: [PATCH 393/562] avcodec/wmaprodec: Fix integer overflow in sfb_offsets initialization Fixes out of array read Fixes: asan_heap-oob_2aec5b0_1828_classical_22_16_2_16000_v3c_0_exclusive_0_29.wma Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 5dcb99033df16eccc4dbbc4a099ad64457f9f090) Signed-off-by: Michael Niedermayer --- libavcodec/wmaprodec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/wmaprodec.c b/libavcodec/wmaprodec.c index d57c24dddf..19f5566e8d 100644 --- a/libavcodec/wmaprodec.c +++ b/libavcodec/wmaprodec.c @@ -420,6 +420,9 @@ static av_cold int decode_init(AVCodecContext *avctx) offset &= ~3; if (offset > s->sfb_offsets[i][band - 1]) s->sfb_offsets[i][band++] = offset; + + if (offset >= subframe_len) + break; } s->sfb_offsets[i][band - 1] = subframe_len; s->num_sfb[i] = band - 1; From c4034e4e192e6e9db2c2362479b576d449af5ece Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 16 Nov 2014 04:02:56 +0100 Subject: [PATCH 394/562] avformat/hlsenc: Free context after hls_append_segment Fixes reading uninitialized memory Signed-off-by: Michael Niedermayer (cherry picked from commit 530eb6acf8ee867bf00728bf7efaf505da107e17) Conflicts: libavformat/hlsenc.c (cherry picked from commit 0ac22f043bee2f1c4daf5e1044b014326325d929) Conflicts: libavformat/hlsenc.c (cherry picked from commit 134d3e1c0331462ea94c78a5e13a63b20d283653) Signed-off-by: Michael Niedermayer --- libavformat/hlsenc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/hlsenc.c b/libavformat/hlsenc.c index dcd53e5f40..6f5fe1eb87 100644 --- a/libavformat/hlsenc.c +++ b/libavformat/hlsenc.c @@ -306,9 +306,10 @@ static int hls_write_trailer(struct AVFormatContext *s) av_write_trailer(oc); avio_closep(&oc->pb); - avformat_free_context(oc); av_free(hls->basename); append_entry(hls, hls->duration); + avformat_free_context(oc); + hls->avf = NULL; hls_window(s, 1); free_entries(hls); From 51c32a535bb40c8e978a7bc06ad6eccb5cebf2a0 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 20 Nov 2014 00:43:45 +0100 Subject: [PATCH 395/562] swscale/x86/rgb2rgb_template: handle the first 2 lines with C in rgb24toyv12_*() This avoids out of array accesses Should fix Ticket3451 Signed-off-by: Michael Niedermayer (cherry picked from commit 4388e78a0f022c8572996f9ab568a39b5f716f9d) Signed-off-by: Michael Niedermayer --- libswscale/x86/rgb2rgb_template.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/libswscale/x86/rgb2rgb_template.c b/libswscale/x86/rgb2rgb_template.c index d684b70d4c..004621a824 100644 --- a/libswscale/x86/rgb2rgb_template.c +++ b/libswscale/x86/rgb2rgb_template.c @@ -1623,6 +1623,16 @@ static inline void RENAME(rgb24toyv12)(const uint8_t *src, uint8_t *ydst, uint8_ #define BGR2V_IDX "16*4+16*34" int y; const x86_reg chromWidth= width>>1; + + if (height > 2) { + ff_rgb24toyv12_c(src, ydst, udst, vdst, width, 2, lumStride, chromStride, srcStride, rgb2yuv); + src += 2*srcStride; + ydst += 2*lumStride; + udst += chromStride; + vdst += chromStride; + height -= 2; + } + for (y=0; y Date: Tue, 25 Nov 2014 13:53:06 +0100 Subject: [PATCH 396/562] avcodec/mjpegdec: Fix context fields becoming inconsistent Fixes out of array access Fixes: asan_heap-oob_1ca4f85_2760_cov_144449187_miss_congeniality_pegasus_ljpg.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 0eecf40935b22644e6cd74c586057237ecfd6844) Signed-off-by: Michael Niedermayer --- libavcodec/mjpegdec.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index e84e331a51..748107d1fb 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -1528,6 +1528,8 @@ static int mjpeg_decode_app(MJpegDecodeContext *s) } if (id == AV_RB32("LJIF")) { + int rgb = s->rgb; + int pegasus_rct = s->pegasus_rct; if (s->avctx->debug & FF_DEBUG_PICT_INFO) av_log(s->avctx, AV_LOG_INFO, "Pegasus lossless jpeg header found\n"); @@ -1537,17 +1539,27 @@ static int mjpeg_decode_app(MJpegDecodeContext *s) skip_bits(&s->gb, 16); /* unknown always 0? */ switch (i=get_bits(&s->gb, 8)) { case 1: - s->rgb = 1; - s->pegasus_rct = 0; + rgb = 1; + pegasus_rct = 0; break; case 2: - s->rgb = 1; - s->pegasus_rct = 1; + rgb = 1; + pegasus_rct = 1; break; default: av_log(s->avctx, AV_LOG_ERROR, "unknown colorspace %d\n", i); } + len -= 9; + if (s->got_picture) + if (rgb != s->rgb || pegasus_rct != s->pegasus_rct) { + av_log(s->avctx, AV_LOG_WARNING, "Mismatching LJIF tag\n"); + goto out; + } + + s->rgb = rgb; + s->pegasus_rct = pegasus_rct; + goto out; } if (id == AV_RL32("colr") && len > 0) { From 126ee72e47c9d94ec674b96b541c8a921984286e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 25 Nov 2014 14:45:30 +0100 Subject: [PATCH 397/562] avcodec/utils: Check that the data is complete in avpriv_bprint_to_extradata() Fixes out of array read Fixes: asan_heap-oob_4d2250_814_cov_2745172097_JACOsub_capability_tester.jss Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 3d5d95db3f5d8e2093e9e19d0c46e86f54ed2a5d) Signed-off-by: Michael Niedermayer --- libavcodec/utils.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index 7391a69611..61bf5675f4 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -3405,6 +3405,11 @@ int avpriv_bprint_to_extradata(AVCodecContext *avctx, struct AVBPrint *buf) ret = av_bprint_finalize(buf, &str); if (ret < 0) return ret; + if (!av_bprint_is_complete(buf)) { + av_free(str); + return AVERROR(ENOMEM); + } + avctx->extradata = str; /* Note: the string is NUL terminated (so extradata can be read as a * string), but the ending character is not accounted in the size (in From 431d66b1d560bc36e3788bfc072e2fa1d1ef53a6 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 26 Nov 2014 03:29:03 +0100 Subject: [PATCH 398/562] avcodec/flacdec: Call ff_flacdsp_init() unconditionally Fixes out of array access Fixes: signal_sigsegv_324b135_3398_cov_246853371_short.flac Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit e5c01ccdf5a9a330d4c51a9b9ea721fd8f1fb70b) Conflicts: libavcodec/flacdec.c --- libavcodec/flacdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/flacdec.c b/libavcodec/flacdec.c index 9bf950ae3e..bd246f7af6 100644 --- a/libavcodec/flacdec.c +++ b/libavcodec/flacdec.c @@ -465,10 +465,10 @@ static int decode_frame(FLACContext *s) ret = allocate_buffers(s); if (ret < 0) return ret; - ff_flacdsp_init(&s->dsp, s->avctx->sample_fmt, s->bps); s->got_streaminfo = 1; dump_headers(s->avctx, (FLACStreaminfo *)s); } + ff_flacdsp_init(&s->dsp, s->avctx->sample_fmt, s->bps); // dump_headers(s->avctx, (FLACStreaminfo *)s); From ef8fbb4878dc8059f17b9ba4ab882bcc706a58c3 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 26 Nov 2014 15:45:47 +0100 Subject: [PATCH 399/562] avcodec/pngdec: Check IHDR/IDAT order Fixes out of array access Fixes: asan_heap-oob_20a6c26_2690_cov_3434532168_mail.png Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 79ceaf827be0b070675d4cd0a55c3386542defd8) Conflicts: libavcodec/pngdec.c --- libavcodec/pngdec.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c index f01df75e48..a279f40ed8 100644 --- a/libavcodec/pngdec.c +++ b/libavcodec/pngdec.c @@ -565,6 +565,12 @@ static int decode_frame(AVCodecContext *avctx, case MKTAG('I', 'H', 'D', 'R'): if (length != 13) goto fail; + + if (s->state & PNG_IDAT) { + av_log(avctx, AV_LOG_ERROR, "IHDR after IDAT\n"); + goto fail; + } + s->width = bytestream2_get_be32(&s->gb); s->height = bytestream2_get_be32(&s->gb); if (av_image_check_size(s->width, s->height, 0, avctx)) { From 6212758c075775a9f3e5eedfa09613a1ec984424 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 26 Nov 2014 18:56:39 +0100 Subject: [PATCH 400/562] avcodec/rawdec: Check the return code of avpicture_get_size() Fixes out of array access Fixes: asan_heap-oob_22388d0_3435_cov_3297128910_small_roll5_FlashCine1.cine Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 1d3a3b9f8907625b361420d48fe05716859620ff) Conflicts: libavcodec/rawdec.c --- libavcodec/rawdec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/rawdec.c b/libavcodec/rawdec.c index dd47f532fd..5e98e24b32 100644 --- a/libavcodec/rawdec.c +++ b/libavcodec/rawdec.c @@ -144,6 +144,9 @@ static av_cold int raw_init_decoder(AVCodecContext *avctx) context->frame_size = avpicture_get_size(avctx->pix_fmt, avctx->width, avctx->height); } + if (context->frame_size < 0) + return context->frame_size; + if ((avctx->extradata_size >= 9 && !memcmp(avctx->extradata + avctx->extradata_size - 9, "BottomUp", 9)) || From 35cfb99c15ddfbeae1f2f702091a7b8122c2d514 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 28 Nov 2014 03:46:56 +0100 Subject: [PATCH 401/562] avcodec/hevc_ps: Check num_long_term_ref_pics_sps Fixes out of array access Fixes: signal_sigsegv_35bd0f0_1182_cov_791726764_STRUCT_B_Samsung_4.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit ea38e5a6b75706477898eb1e6582d667dbb9946c) Signed-off-by: Michael Niedermayer --- libavcodec/hevc_ps.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c index 955a7afe5d..ff881ea70d 100644 --- a/libavcodec/hevc_ps.c +++ b/libavcodec/hevc_ps.c @@ -824,6 +824,11 @@ int ff_hevc_decode_nal_sps(HEVCContext *s) sps->long_term_ref_pics_present_flag = get_bits1(gb); if (sps->long_term_ref_pics_present_flag) { sps->num_long_term_ref_pics_sps = get_ue_golomb_long(gb); + if (sps->num_long_term_ref_pics_sps > 31U) { + av_log(0, AV_LOG_ERROR, "num_long_term_ref_pics_sps %d is out of range.\n", + sps->num_long_term_ref_pics_sps); + goto err; + } for (i = 0; i < sps->num_long_term_ref_pics_sps; i++) { sps->lt_ref_pic_poc_lsb_sps[i] = get_bits(gb, sps->log2_max_poc_lsb); sps->used_by_curr_pic_lt_sps_flag[i] = get_bits1(gb); From e4f0f854c47630826f28cf899fa91f3de6e73de9 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 4 Oct 2014 00:13:26 +0200 Subject: [PATCH 402/562] avcodec/svq3: Dont memcpy AVFrame This avoids out of array accesses Fixes: asan_heap-uaf_21f42e4_9_asan_heap-uaf_21f42e4_278_gl2.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 075a165d2715837d125a9cc714fb430ccf6c9d6b) Signed-off-by: Michael Niedermayer --- libavcodec/svq3.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/svq3.c b/libavcodec/svq3.c index 89bb616797..a983dce7cd 100644 --- a/libavcodec/svq3.c +++ b/libavcodec/svq3.c @@ -1157,7 +1157,7 @@ static int svq3_decode_frame(AVCodecContext *avctx, void *data, h->cur_pic_ptr = s->cur_pic; av_frame_unref(&h->cur_pic.f); - h->cur_pic = *s->cur_pic; + memcpy(&h->cur_pic.tf, &s->cur_pic->tf, sizeof(h->cur_pic) - offsetof(Picture, tf)); ret = av_frame_ref(&h->cur_pic.f, &s->cur_pic->f); if (ret < 0) return ret; From 27172a5ca360e61a07ff16bf22f2ec91208f4e00 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 28 Nov 2014 20:04:28 +0100 Subject: [PATCH 403/562] Update for 2.1.6 Signed-off-by: Michael Niedermayer --- RELEASE | 2 +- VERSION | 2 +- doc/Doxyfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/RELEASE b/RELEASE index cd57a8b95d..399088bf46 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -2.1.5 +2.1.6 diff --git a/VERSION b/VERSION index cd57a8b95d..399088bf46 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.1.5 +2.1.6 diff --git a/doc/Doxyfile b/doc/Doxyfile index be5e534d9d..ae456008ca 100644 --- a/doc/Doxyfile +++ b/doc/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 2.1.5 +PROJECT_NUMBER = 2.1.6 # With the PROJECT_LOGO tag one can specify a logo or icon that is included # in the documentation. The maximum height of the logo should not exceed 55 From ea1d0bc02919108f46d30dff393cb79bad3e3dec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20B=C5=93sch?= Date: Sat, 20 Dec 2014 00:17:43 +0100 Subject: [PATCH 404/562] avformat/rsd: make tag_buf string larger av_get_codec_tag_string() uses more that 1 char for unprintable characters. (cherry picked from commit edbbb11488e1fce9b9703535936d2e1731e2e318) --- libavformat/rsd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/rsd.c b/libavformat/rsd.c index 37e544acb1..19d197dfa3 100644 --- a/libavformat/rsd.c +++ b/libavformat/rsd.c @@ -67,7 +67,7 @@ static int rsd_read_header(AVFormatContext *s) codec->codec_tag = avio_rl32(pb); codec->codec_id = ff_codec_get_id(rsd_tags, codec->codec_tag); if (!codec->codec_id) { - char tag_buf[5]; + char tag_buf[32]; av_get_codec_tag_string(tag_buf, sizeof(tag_buf), codec->codec_tag); for (i=0; i < FF_ARRAY_ELEMS(rsd_unsupported_tags); i++) { From bf5df31b4f922666c1e8d3533dafdf53744f89a9 Mon Sep 17 00:00:00 2001 From: Michael Stypa Date: Fri, 28 Nov 2014 15:54:50 +0100 Subject: [PATCH 405/562] fix Makefile objects for pulseaudio support Signed-off-by: Michael Niedermayer (cherry picked from commit cb58c771ade66afcc623250e1c7ac8191381d991) Signed-off-by: Michael Niedermayer --- libavdevice/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavdevice/Makefile b/libavdevice/Makefile index 21ca954eeb..bc7cb83e2d 100644 --- a/libavdevice/Makefile +++ b/libavdevice/Makefile @@ -34,7 +34,7 @@ OBJS-$(CONFIG_OPENAL_INDEV) += openal-dec.o OBJS-$(CONFIG_OSS_INDEV) += oss_audio.o OBJS-$(CONFIG_OSS_OUTDEV) += oss_audio.o OBJS-$(CONFIG_PULSE_INDEV) += pulse_audio_dec.o \ - pulse_audio_common.o + pulse_audio_common.o timefilter.o OBJS-$(CONFIG_PULSE_OUTDEV) += pulse_audio_enc.o \ pulse_audio_common.o OBJS-$(CONFIG_SDL_OUTDEV) += sdl.o From 8240fa5701aacdbf63c1512f3cf54341be42733f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 1 Dec 2014 13:23:24 +0100 Subject: [PATCH 406/562] avcodec/motion_est: use 2x8x8 for interlaced qpel Fixes out of array read Fixes Ticket4121 Signed-off-by: Michael Niedermayer (cherry picked from commit b50e003e1cb6a215df44ffa3354603bf600b4aa3) Signed-off-by: Michael Niedermayer --- libavcodec/motion_est.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libavcodec/motion_est.c b/libavcodec/motion_est.c index f4d217bf30..02aeb2ef90 100644 --- a/libavcodec/motion_est.c +++ b/libavcodec/motion_est.c @@ -189,7 +189,13 @@ static av_always_inline int cmp_inline(MpegEncContext *s, const int x, const int int uvdxy; /* no, it might not be used uninitialized */ if(dxy){ if(qpel){ - c->qpel_put[size][dxy](c->temp, ref[0] + x + y*stride, stride); //FIXME prototype (add h) + if (h << size == 16) { + c->qpel_put[size][dxy](c->temp, ref[0] + x + y*stride, stride); //FIXME prototype (add h) + } else if (size == 0 && h == 8) { + c->qpel_put[1][dxy](c->temp , ref[0] + x + y*stride , stride); + c->qpel_put[1][dxy](c->temp + 8, ref[0] + x + y*stride + 8, stride); + } else + av_assert2(0); if(chroma){ int cx= hx/2; int cy= hy/2; From 80ba4b5d45368bb9f18c0a327b1a929f64b55784 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 3 Dec 2014 20:01:18 +0100 Subject: [PATCH 407/562] avformat/rmdec: Check codec_data_size Fixes infinite loop Fixes Ticket4154 Signed-off-by: Michael Niedermayer (cherry picked from commit a6f730730b82645a9d31aad0968487cb77d6946c) Signed-off-by: Michael Niedermayer --- libavformat/rmdec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c index 73c9d0d042..235ff138e1 100644 --- a/libavformat/rmdec.c +++ b/libavformat/rmdec.c @@ -308,6 +308,9 @@ ff_rm_read_mdpr_codecdata (AVFormatContext *s, AVIOContext *pb, int64_t codec_pos; int ret; + if (codec_data_size < 0) + return AVERROR_INVALIDDATA; + avpriv_set_pts_info(st, 64, 1, 1000); codec_pos = avio_tell(pb); v = avio_rb32(pb); From 56c5e009a184f1575a9477343c7a4a1387cfaeb1 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 3 Dec 2014 20:21:56 +0100 Subject: [PATCH 408/562] swscale/x86/rgb2rgb_template: fix crash with tiny size and nv12 output Fixes Ticket4151 Signed-off-by: Michael Niedermayer (cherry picked from commit 8524558858b7e14bc50afa10233e0194f591ab9d) Signed-off-by: Michael Niedermayer --- libswscale/x86/rgb2rgb_template.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libswscale/x86/rgb2rgb_template.c b/libswscale/x86/rgb2rgb_template.c index 004621a824..80e5670465 100644 --- a/libswscale/x86/rgb2rgb_template.c +++ b/libswscale/x86/rgb2rgb_template.c @@ -1874,6 +1874,7 @@ static void RENAME(interleaveBytes)(const uint8_t *src1, const uint8_t *src2, ui for (h=0; h < height; h++) { int w; + if (width >= 16) #if COMPILE_TEMPLATE_SSE2 __asm__( "xor %%"REG_a", %%"REG_a" \n\t" From 68b6a5efbfd530e705a4b1e91da38f1350406264 Mon Sep 17 00:00:00 2001 From: wm4 Date: Sat, 6 Dec 2014 16:53:30 +0100 Subject: [PATCH 409/562] avformat/matroskadec: fix handling of recursive SeekHead elements When matroska_execute_seekhead() is called, it goes through the list of seekhead entries and attempts to read elements not read yet. When doing this, the parser can find further SeekHead elements, and will extend the matroska->seekhead list. This can lead to a (practically) infinite loop with certain broken files. (Maybe it can happen even with valid files. The demuxer doesn't seem to check correctly whether an element has already been read.) Fix this by ignoring elements that were added to the seekhead field during executing seekhead entries. This does not fix the possible situation when multiple SeekHead elements after the file header (i.e. occur after the "before_pos" file position) point to the same elements. These elements will probably be parsed multiple times, likely leading to bugs. Fixes ticket #4162. Signed-off-by: Michael Niedermayer (cherry picked from commit 6551acab6877addae815decd02aeca33ba4990c8) Signed-off-by: Michael Niedermayer --- libavformat/matroskadec.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index 6552efe133..884960bd5d 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -1425,13 +1425,17 @@ static void matroska_execute_seekhead(MatroskaDemuxContext *matroska) EbmlList *seekhead_list = &matroska->seekhead; int64_t before_pos = avio_tell(matroska->ctx->pb); int i; + int nb_elem; // we should not do any seeking in the streaming case if (!matroska->ctx->pb->seekable || (matroska->ctx->flags & AVFMT_FLAG_IGNIDX)) return; - for (i = 0; i < seekhead_list->nb_elem; i++) { + // do not read entries that are added while parsing seekhead entries + nb_elem = seekhead_list->nb_elem; + + for (i = 0; i < nb_elem; i++) { MatroskaSeekhead *seekhead = seekhead_list->elem; if (seekhead[i].pos <= before_pos) continue; From 059762d9da0830176ea2cbfabf49cadeb28b61c8 Mon Sep 17 00:00:00 2001 From: Rob Sykes Date: Sat, 13 Dec 2014 21:12:56 +0100 Subject: [PATCH 410/562] swresample/soxr_resample: fix error handling Fixes CID1257659 Signed-off-by: Michael Niedermayer (cherry picked from commit 4b6f2253741f3023928e61ae5105ccd4b1c515fb) Signed-off-by: Michael Niedermayer --- libswresample/soxr_resample.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/libswresample/soxr_resample.c b/libswresample/soxr_resample.c index 4c000db0ca..7467f8d5cc 100644 --- a/libswresample/soxr_resample.c +++ b/libswresample/soxr_resample.c @@ -76,8 +76,12 @@ static int process( AudioData *src, int src_size, int *consumed){ size_t idone, odone; soxr_error_t error = soxr_set_error((soxr_t)c, soxr_set_num_channels((soxr_t)c, src->ch_count)); - error = soxr_process((soxr_t)c, src->ch, (size_t)src_size, - &idone, dst->ch, (size_t)dst_size, &odone); + if (!error) + error = soxr_process((soxr_t)c, src->ch, (size_t)src_size, + &idone, dst->ch, (size_t)dst_size, &odone); + else + idone = 0; + *consumed = (int)idone; return error? -1 : odone; } From 844f7f78aa523fb452c0271cb7dc6742039b9d3c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 14 Dec 2014 17:26:11 +0100 Subject: [PATCH 411/562] avformat/aviobuf: Check that avio_seek() target is non negative Fixes out of array access Suggested-by: Andrew Scherkus Signed-off-by: Michael Niedermayer (cherry picked from commit ed86dbd05d61363dc1c0d33f3267e2177c985fdd) Signed-off-by: Michael Niedermayer --- libavformat/aviobuf.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/aviobuf.c b/libavformat/aviobuf.c index 8218078dae..87ad388fa6 100644 --- a/libavformat/aviobuf.c +++ b/libavformat/aviobuf.c @@ -217,6 +217,9 @@ int64_t avio_seek(AVIOContext *s, int64_t offset, int whence) return offset1; offset += offset1; } + if (offset < 0) + return AVERROR(EINVAL); + offset1 = offset - pos; if (!s->must_flush && (!s->direct || !s->seek) && offset1 >= 0 && offset1 <= (s->buf_end - s->buffer)) { From df1ea139b4fbf98351ebb23dad748e8f74002616 Mon Sep 17 00:00:00 2001 From: wm4 Date: Mon, 15 Dec 2014 04:32:58 +0100 Subject: [PATCH 412/562] lavu/frame: fix malloc error path in av_frame_copy_props() The error path frees all side data, but forgets to reset the side data count. This can blow up later in av_frame_unref() and free_side_data(). Signed-off-by: Michael Niedermayer (cherry picked from commit a400edbb6d00c0211de38e4f1b4f593681db91d8) Signed-off-by: Michael Niedermayer --- libavutil/frame.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavutil/frame.c b/libavutil/frame.c index 654f17428b..774413fa21 100644 --- a/libavutil/frame.c +++ b/libavutil/frame.c @@ -489,6 +489,7 @@ int av_frame_copy_props(AVFrame *dst, const AVFrame *src) av_dict_free(&dst->side_data[i]->metadata); } av_freep(&dst->side_data); + dst->nb_side_data = 0; return AVERROR(ENOMEM); } memcpy(sd_dst->data, sd_src->data, sd_src->size); From b4c4f9dba613b654cd19630d7a846b81844f8778 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 15 Dec 2014 04:32:23 +0100 Subject: [PATCH 413/562] configure: create the tests directory like the doc directory This fixes an issue where the tests directory is not created for out of tree builds before its needed Tested-by: Dave Yeo Signed-off-by: Michael Niedermayer (cherry picked from commit e631872f13b6be0583603d45a11e53319754bc8d) Signed-off-by: Michael Niedermayer --- configure | 1 + 1 file changed, 1 insertion(+) diff --git a/configure b/configure index 08777a79d9..54a1065c1c 100755 --- a/configure +++ b/configure @@ -4938,6 +4938,7 @@ enabled getenv || echo "#define getenv(x) NULL" >> $TMPH mkdir -p doc +mkdir -p tests echo "@c auto-generated by configure" > doc/config.texi print_config ARCH_ "$config_files" $ARCH_LIST From 96981b092c0971ac4c572692141cda87f5371989 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 16 Dec 2014 16:24:55 +0100 Subject: [PATCH 414/562] avcodec/vmdvideo: Check len before using it in method 3 Fixes out of array access Fixes: asan_heap-oob_4d23ba_91_cov_3853393937_128.vmd Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 3030fb7e0d41836f8add6399e9a7c7b740b48bfd) Signed-off-by: Michael Niedermayer --- libavcodec/vmdav.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/vmdav.c b/libavcodec/vmdav.c index 36d60eeeb9..8710f333d3 100644 --- a/libavcodec/vmdav.c +++ b/libavcodec/vmdav.c @@ -348,6 +348,9 @@ static int vmd_decode(VmdVideoContext *s, AVFrame *frame) ofs += slen; bytestream2_skip(&gb, len); } else { + if (ofs + len > frame_width || + bytestream2_get_bytes_left(&gb) < len) + return AVERROR_INVALIDDATA; bytestream2_get_buffer(&gb, &dp[ofs], len); ofs += len; } From ba99e90357c97f7845f1d463f73d9a4a7e77d78a Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 16 Dec 2014 20:45:31 +0100 Subject: [PATCH 415/562] avcodec/utvideodec: Fix handling of slice_height=0 Fixes out of array accesses Fixes: asan_heap-oob_25bcd7e_3783_cov_3553517262_utvideo_rgba_median.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 3881606240953b9275a247a1c98a567f3c44890f) Signed-off-by: Michael Niedermayer --- libavcodec/utvideodec.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/utvideodec.c b/libavcodec/utvideodec.c index ff69a25002..05db9623cf 100644 --- a/libavcodec/utvideodec.c +++ b/libavcodec/utvideodec.c @@ -212,6 +212,8 @@ static void restore_median(uint8_t *src, int step, int stride, slice_height = ((((slice + 1) * height) / slices) & cmask) - slice_start; + if (!slice_height) + continue; bsrc = src + slice_start * stride; // first line - left neighbour prediction @@ -267,6 +269,8 @@ static void restore_median_il(uint8_t *src, int step, int stride, slice_height = ((((slice + 1) * height) / slices) & cmask) - slice_start; slice_height >>= 1; + if (!slice_height) + continue; bsrc = src + slice_start * stride; From 07a37001a32339a72a8e45ff4f65072b3e506a2c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 16 Dec 2014 21:14:40 +0100 Subject: [PATCH 416/562] avformat/mov: check atom nesting depth Fixes call stack overflow Fixes: case1_call_stack_overflow.mp4 Found-by: Michal Zalewski Signed-off-by: Michael Niedermayer (cherry picked from commit caa7a3914f499f74b3ee346f26d598ebdc0ec210) Conflicts: libavformat/isom.h Conflicts: libavformat/isom.h --- libavformat/isom.h | 1 + libavformat/mov.c | 13 ++++++++++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/libavformat/isom.h b/libavformat/isom.h index 828e5005ad..9fc30d418a 100644 --- a/libavformat/isom.h +++ b/libavformat/isom.h @@ -164,6 +164,7 @@ typedef struct MOVContext { int64_t next_root_atom; ///< offset of the next root atom int *bitrates; ///< bitrates read before streams creation int bitrates_count; + int atom_depth; } MOVContext; int ff_mp4_read_descr_len(AVIOContext *pb); diff --git a/libavformat/mov.c b/libavformat/mov.c index d19aa16483..407c5902ec 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -2984,6 +2984,12 @@ static int mov_read_default(MOVContext *c, AVIOContext *pb, MOVAtom atom) MOVAtom a; int i; + if (c->atom_depth > 10) { + av_log(c->fc, AV_LOG_ERROR, "Atoms too deeply nested\n"); + return AVERROR_INVALIDDATA; + } + c->atom_depth ++; + if (atom.size < 0) atom.size = INT64_MAX; while (total_size + 8 <= atom.size && !url_feof(pb)) { @@ -3000,6 +3006,7 @@ static int mov_read_default(MOVContext *c, AVIOContext *pb, MOVAtom atom) { av_log(c->fc, AV_LOG_ERROR, "Broken file, trak/mdat not at top-level\n"); avio_skip(pb, -8); + c->atom_depth --; return 0; } } @@ -3036,13 +3043,16 @@ static int mov_read_default(MOVContext *c, AVIOContext *pb, MOVAtom atom) int64_t start_pos = avio_tell(pb); int64_t left; int err = parse(c, pb, a); - if (err < 0) + if (err < 0) { + c->atom_depth --; return err; + } if (c->found_moov && c->found_mdat && ((!pb->seekable || c->fc->flags & AVFMT_FLAG_IGNIDX) || start_pos + a.size == avio_size(pb))) { if (!pb->seekable || c->fc->flags & AVFMT_FLAG_IGNIDX) c->next_root_atom = start_pos + a.size; + c->atom_depth --; return 0; } left = a.size - avio_tell(pb) + start_pos; @@ -3062,6 +3072,7 @@ static int mov_read_default(MOVContext *c, AVIOContext *pb, MOVAtom atom) if (total_size < atom.size && atom.size < 0x7ffff) avio_skip(pb, atom.size - total_size); + c->atom_depth --; return 0; } From 9354c47d2ec9133cbb7fd82dc049f6eba07fc154 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 16 Dec 2014 22:21:21 +0100 Subject: [PATCH 417/562] swscale: increase yuv2rgb table headroom Fixes out of array access Fixes: case2_bad_read_yuv2rgbx32.mp4 Found-by: Michal Zalewski Signed-off-by: Michael Niedermayer --- libswscale/swscale_internal.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libswscale/swscale_internal.h b/libswscale/swscale_internal.h index 33fdfc2771..c9f6a063a2 100644 --- a/libswscale/swscale_internal.h +++ b/libswscale/swscale_internal.h @@ -37,7 +37,7 @@ #define STR(s) AV_TOSTRING(s) // AV_STRINGIFY is too long -#define YUVRGB_TABLE_HEADROOM 128 +#define YUVRGB_TABLE_HEADROOM 256 #define MAX_FILTER_SIZE 256 From ac499d8142f38f0f82aa06a4cf425498ee19c32f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 17 Dec 2014 01:31:48 +0100 Subject: [PATCH 418/562] avcodec/h264: make the first field of H264Context an AVClass Fixes use of freed memory Fixes: asan_heap-uaf_3660f67_757_cov_1257014655_Hi422FR1_SONY_A.jsv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit f3b5b139ad853b6f69c6a0b036815a60e7b3f261) Signed-off-by: Michael Niedermayer --- libavcodec/h264.h | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/h264.h b/libavcodec/h264.h index 872d09d6a8..bc7db9f298 100644 --- a/libavcodec/h264.h +++ b/libavcodec/h264.h @@ -284,6 +284,7 @@ typedef struct MMCO { * H264Context */ typedef struct H264Context { + AVClass *av_class; AVCodecContext *avctx; VideoDSPContext vdsp; H264DSPContext h264dsp; From 35819400e7821a8acbd11cb5c537cd84601e077b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 17 Dec 2014 03:14:21 +0100 Subject: [PATCH 419/562] avcodec/indeo3: use signed variables to avoid underflow Fixes out of array read Fixes: signal_sigsegv_1b0a4da_1865_cov_2167818389_computer_anger.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 3305acdc92fa37869f160a11a87741c8a0de0454) Signed-off-by: Michael Niedermayer --- libavcodec/indeo3.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavcodec/indeo3.c b/libavcodec/indeo3.c index b8827634e1..ea8e4d8238 100644 --- a/libavcodec/indeo3.c +++ b/libavcodec/indeo3.c @@ -94,7 +94,7 @@ typedef struct Indeo3DecodeContext { int16_t width, height; uint32_t frame_num; ///< current frame number (zero-based) - uint32_t data_size; ///< size of the frame data in bytes + int data_size; ///< size of the frame data in bytes uint16_t frame_flags; ///< frame properties uint8_t cb_offset; ///< needed for selecting VQ tables uint8_t buf_sel; ///< active frame buffer: 0 - primary, 1 -secondary @@ -899,7 +899,8 @@ static int decode_frame_headers(Indeo3DecodeContext *ctx, AVCodecContext *avctx, GetByteContext gb; const uint8_t *bs_hdr; uint32_t frame_num, word2, check_sum, data_size; - uint32_t y_offset, u_offset, v_offset, starts[3], ends[3]; + int y_offset, u_offset, v_offset; + uint32_t starts[3], ends[3]; uint16_t height, width; int i, j; From 9dc6a7f13a23110c04568e890ef340f014c23303 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 17 Dec 2014 19:42:57 +0100 Subject: [PATCH 420/562] avcodec/hevc: clear filter_slice_edges() on allocation This avoids use of uninitialized memory Fixes: asan_static-oob_17aa046_582_cov_212287884_DBLK_G_VIXS_1.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 8aa8d12554868c32436750f881954193087219c8) Signed-off-by: Michael Niedermayer --- libavcodec/hevc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c index 9633511f43..bdfc131de3 100644 --- a/libavcodec/hevc.c +++ b/libavcodec/hevc.c @@ -115,7 +115,7 @@ static int pic_arrays_init(HEVCContext *s) if (!s->tab_ipm || !s->cbf_luma || !s->is_pcm) goto fail; - s->filter_slice_edges = av_malloc(ctb_count); + s->filter_slice_edges = av_mallocz(ctb_count); s->tab_slice_address = av_malloc_array(pic_size_in_ctb, sizeof(*s->tab_slice_address)); s->qp_y_tab = av_malloc_array(pic_size_in_ctb, From 84bc2cea237725de468f53dbba6d53140fae21c5 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 17 Dec 2014 21:27:37 +0100 Subject: [PATCH 421/562] avcodec/h264: Clear delayed_pic on deallocation Fixes use of freed memory Fixes: case5_av_frame_copy_props.mp4 Found-by: Michal Zalewski Signed-off-by: Michael Niedermayer (cherry picked from commit e8714f6f93d1a32f4e4655209960afcf4c185214) Conflicts: libavcodec/h264.c --- libavcodec/h264.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 7ea833fa83..1194fd9da9 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -1231,6 +1231,7 @@ static void free_tables(H264Context *h, int free_rbsp) av_buffer_pool_uninit(&h->ref_index_pool); if (free_rbsp && h->DPB) { + memset(h->delayed_pic, 0, sizeof(h->delayed_pic)); for (i = 0; i < MAX_PICTURE_COUNT; i++) unref_picture(h, &h->DPB[i]); av_freep(&h->DPB); From 7bd8ea83a0ba91c9b637536df3438487db001b17 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 18 Dec 2014 02:09:23 +0100 Subject: [PATCH 422/562] avcodec/hevc_ps: Check diff_cu_qp_delta_depth Fixes undefined behavior Fixes: asan_static-oob_17aa046_582_cov_1577759978_DBLK_G_VIXS_1.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 3281fa892599d71b4dc298a426af8296419cd90e) Signed-off-by: Michael Niedermayer --- libavcodec/hevc_ps.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c index ff881ea70d..461bf34c6d 100644 --- a/libavcodec/hevc_ps.c +++ b/libavcodec/hevc_ps.c @@ -1049,6 +1049,14 @@ int ff_hevc_decode_nal_pps(HEVCContext *s) if (pps->cu_qp_delta_enabled_flag) pps->diff_cu_qp_delta_depth = get_ue_golomb_long(gb); + if (pps->diff_cu_qp_delta_depth < 0 || + pps->diff_cu_qp_delta_depth > sps->log2_diff_max_min_coding_block_size) { + av_log(s->avctx, AV_LOG_ERROR, "diff_cu_qp_delta_depth %d is invalid\n", + pps->diff_cu_qp_delta_depth); + ret = AVERROR_INVALIDDATA; + goto err; + } + pps->cb_qp_offset = get_se_golomb(gb); if (pps->cb_qp_offset < -12 || pps->cb_qp_offset > 12) { av_log(s->avctx, AV_LOG_ERROR, "pps_cb_qp_offset out of range: %d\n", From b188ff5e183de064eb1eeb95fd88a0a74a747a8c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 18 Dec 2014 03:16:39 +0100 Subject: [PATCH 423/562] avcodec/h264: Check *log2_weight_denom Fixes undefined behavior Fixes: signal_sigsegv_14768d2_2248_cov_3629497219_h264_h264___pi_20070614T182942.h264 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 61296d41e2de3b41304339e4631dd44c2e15f805) Signed-off-by: Michael Niedermayer --- libavcodec/h264.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 1194fd9da9..450aa36c70 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -2641,6 +2641,16 @@ int ff_pred_weight_table(H264Context *h) h->luma_log2_weight_denom = get_ue_golomb(&h->gb); if (h->sps.chroma_format_idc) h->chroma_log2_weight_denom = get_ue_golomb(&h->gb); + + if (h->luma_log2_weight_denom > 7U) { + av_log(h->avctx, AV_LOG_ERROR, "luma_log2_weight_denom %d is out of range\n", h->luma_log2_weight_denom); + h->luma_log2_weight_denom = 0; + } + if (h->chroma_log2_weight_denom > 7U) { + av_log(h->avctx, AV_LOG_ERROR, "chroma_log2_weight_denom %d is out of range\n", h->chroma_log2_weight_denom); + h->chroma_log2_weight_denom = 0; + } + luma_def = 1 << h->luma_log2_weight_denom; chroma_def = 1 << h->chroma_log2_weight_denom; From d3853ad11f216cb57edf7b1f2bfbc49449fb8f65 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 18 Dec 2014 18:57:27 +0100 Subject: [PATCH 424/562] avcodec/indeo3: ensure offsets are non negative Signed-off-by: Michael Niedermayer (cherry picked from commit 368642361f3a589d7b0c23ea327d988edb434e3f) Signed-off-by: Michael Niedermayer --- libavcodec/indeo3.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/indeo3.c b/libavcodec/indeo3.c index ea8e4d8238..b6633f8c15 100644 --- a/libavcodec/indeo3.c +++ b/libavcodec/indeo3.c @@ -981,7 +981,8 @@ static int decode_frame_headers(Indeo3DecodeContext *ctx, AVCodecContext *avctx, ctx->y_data_size = ends[0] - starts[0]; ctx->v_data_size = ends[1] - starts[1]; ctx->u_data_size = ends[2] - starts[2]; - if (FFMAX3(y_offset, v_offset, u_offset) >= ctx->data_size - 16 || + if (FFMIN3(y_offset, v_offset, u_offset) < 0 || + FFMAX3(y_offset, v_offset, u_offset) >= ctx->data_size - 16 || FFMIN3(y_offset, v_offset, u_offset) < gb.buffer - bs_hdr + 16 || FFMIN3(ctx->y_data_size, ctx->v_data_size, ctx->u_data_size) <= 0) { av_log(avctx, AV_LOG_ERROR, "One of the y/u/v offsets is invalid\n"); From 01c83f4cb197ba9e2317ea4e4ade4cf46e138113 Mon Sep 17 00:00:00 2001 From: Anton Khirnov Date: Sun, 14 Dec 2014 21:01:59 +0100 Subject: [PATCH 425/562] jvdec: check frame dimensions The frame size must be set by the caller and each dimension must be a multiple of 8. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer See: 105654e376a736d243aef4a1d121abebce912e6b These should be redundant, but are backported for saftey anyway (cherry picked from commit e012cb8dea7969c7b3927dbf846ef2742cd4a7ab) Signed-off-by: Michael Niedermayer --- libavcodec/jvdec.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/libavcodec/jvdec.c b/libavcodec/jvdec.c index cad053289a..7c0a42b04e 100644 --- a/libavcodec/jvdec.c +++ b/libavcodec/jvdec.c @@ -42,6 +42,13 @@ static av_cold int decode_init(AVCodecContext *avctx) { JvContext *s = avctx->priv_data; + if (!avctx->width || !avctx->height || + (avctx->width & 7) || (avctx->height & 7)) { + av_log(avctx, AV_LOG_ERROR, "Invalid video dimensions: %dx%d\n", + avctx->width, avctx->height); + return AVERROR(EINVAL); + } + s->frame = av_frame_alloc(); if (!s->frame) return AVERROR(ENOMEM); From 823a9177a3ea14bbce2cb6ae97435918953e2d3b Mon Sep 17 00:00:00 2001 From: Anton Khirnov Date: Sun, 14 Dec 2014 21:01:59 +0100 Subject: [PATCH 426/562] mmvideo: check frame dimensions The frame size must be set by the caller and each dimension must be a multiple of 2. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer See: 8b0e96e1f21b761ca15dbb470cd619a1ebf86c3e These should be redundant, but are backported for saftey anyway (cherry picked from commit b0273232d8fffdc8a977ccdad460b8071a0e353c) Signed-off-by: Michael Niedermayer --- libavcodec/mmvideo.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/libavcodec/mmvideo.c b/libavcodec/mmvideo.c index 1150485e25..22251269bc 100644 --- a/libavcodec/mmvideo.c +++ b/libavcodec/mmvideo.c @@ -61,6 +61,13 @@ static av_cold int mm_decode_init(AVCodecContext *avctx) avctx->pix_fmt = AV_PIX_FMT_PAL8; + if (!avctx->width || !avctx->height || + (avctx->width & 1) || (avctx->height & 1)) { + av_log(avctx, AV_LOG_ERROR, "Invalid video dimensions: %dx%d\n", + avctx->width, avctx->height); + return AVERROR(EINVAL); + } + s->frame = av_frame_alloc(); if (!s->frame) return AVERROR(ENOMEM); From a736171b69b0a05acbb463fdbbc6114305c7c99b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 26 Nov 2014 18:16:15 +0100 Subject: [PATCH 427/562] avformat/mov: Fix memleaks for duplicate STCO/CO64/STSC atoms Also see [FFmpeg-devel] [PATCH] avformat/mov: strengthen some table allocations which contains more fixes but is unfinished Fixes: signal_sigabrt_7ffff6ac7bb9_3484_cov_1830000177_starfox2.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 1b5d11240692025f036e945bc37968735679320a) Signed-off-by: Michael Niedermayer --- libavformat/mov.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/libavformat/mov.c b/libavformat/mov.c index 407c5902ec..b0893726a4 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -1193,6 +1193,10 @@ static int mov_read_stco(MOVContext *c, AVIOContext *pb, MOVAtom atom) if (entries >= UINT_MAX/sizeof(int64_t)) return AVERROR_INVALIDDATA; + if (sc->chunk_offsets) + av_log(c->fc, AV_LOG_WARNING, "Duplicate STCO atom\n"); + av_free(sc->chunk_offsets); + sc->chunk_count = 0; sc->chunk_offsets = av_malloc(entries * sizeof(int64_t)); if (!sc->chunk_offsets) return AVERROR(ENOMEM); @@ -1709,6 +1713,10 @@ static int mov_read_stsc(MOVContext *c, AVIOContext *pb, MOVAtom atom) return 0; if (entries >= UINT_MAX / sizeof(*sc->stsc_data)) return AVERROR_INVALIDDATA; + if (sc->stsc_data) + av_log(c->fc, AV_LOG_WARNING, "Duplicate STSC atom\n"); + av_free(sc->stsc_data); + sc->stsc_count = 0; sc->stsc_data = av_malloc(entries * sizeof(*sc->stsc_data)); if (!sc->stsc_data) return AVERROR(ENOMEM); From 67e2394cc68eea02c3789c8a097c5e2906bac5d2 Mon Sep 17 00:00:00 2001 From: Stefano Sabatini Date: Tue, 21 Jan 2014 19:58:41 +0100 Subject: [PATCH 428/562] lavf/segment: remove duplicated and inconsistent cleanup code in seg_write_packet() In particular, avoid to leave around the seg->avf pointer to freed structure, and fix crash with: ffmpeg -f lavfi -i testsrc -c:v h264 -map 0 -f segment foo-%d.ts (cherry picked from commit 169065fbfb3da1ab776379c333aebc54bb1f1bc4) Found-by: Qinghao Tang Signed-off-by: Michael Niedermayer --- libavformat/segment.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/libavformat/segment.c b/libavformat/segment.c index dca7822f24..ce4af8bb9e 100644 --- a/libavformat/segment.c +++ b/libavformat/segment.c @@ -710,12 +710,6 @@ fail: if (pkt->stream_index == seg->reference_stream_index) seg->frame_count++; - if (ret < 0) { - if (seg->list) - avio_close(seg->list_pb); - avformat_free_context(oc); - } - return ret; } From c27539cd1eaaab1327383cfcbb9ee44b1f9ddaab Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 30 Dec 2014 16:16:23 +0100 Subject: [PATCH 429/562] Update for 2.1.7 --- RELEASE | 2 +- VERSION | 2 +- doc/Doxyfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/RELEASE b/RELEASE index 399088bf46..04b10b4f15 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -2.1.6 +2.1.7 diff --git a/VERSION b/VERSION index 399088bf46..04b10b4f15 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.1.6 +2.1.7 diff --git a/doc/Doxyfile b/doc/Doxyfile index ae456008ca..3747d7a3c8 100644 --- a/doc/Doxyfile +++ b/doc/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 2.1.6 +PROJECT_NUMBER = 2.1.7 # With the PROJECT_LOGO tag one can specify a logo or icon that is included # in the documentation. The maximum height of the logo should not exceed 55 From 41802887eb647bee21238e0a575a7c4bbf954b86 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 31 Dec 2014 21:41:46 +0100 Subject: [PATCH 430/562] avformat/cdxl: Fix integer overflow of image_size Signed-off-by: Michael Niedermayer (cherry picked from commit 3eb5cbe0c50d0a0bbe10bcabbd6b16d73d93c128) Signed-off-by: Michael Niedermayer --- libavformat/cdxl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/cdxl.c b/libavformat/cdxl.c index ab8a846cc5..51b9567d20 100644 --- a/libavformat/cdxl.c +++ b/libavformat/cdxl.c @@ -127,6 +127,8 @@ static int cdxl_read_packet(AVFormatContext *s, AVPacket *pkt) height = AV_RB16(&cdxl->header[16]); palette_size = AV_RB16(&cdxl->header[20]); audio_size = AV_RB16(&cdxl->header[22]); + if (FFALIGN(width, 16) * (uint64_t)height * cdxl->header[19] > INT_MAX) + return AVERROR_INVALIDDATA; image_size = FFALIGN(width, 16) * height * cdxl->header[19] / 8; video_size = palette_size + image_size; From fbc998ce3f907f642c1536d6b7a9d9a06f70785a Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 1 Jan 2015 18:07:24 +0100 Subject: [PATCH 431/562] avformat/flvdec: do not inject dts=0 metadata packets which failed to be parsed into a new data stream Such data streams (which then contain no other packets except the faulty one) confuse some user applications, like VLC Works around vlcticket 12389 Signed-off-by: Michael Niedermayer (cherry picked from commit 322f0f5960a743cac47252d90a0f1ea7a025feff) Conflicts: libavformat/flvdec.c --- libavformat/flvdec.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c index 1342bbcd42..f2936bcece 100644 --- a/libavformat/flvdec.c +++ b/libavformat/flvdec.c @@ -540,13 +540,13 @@ static int flv_read_metabody(AVFormatContext *s, int64_t next_pos) type = avio_r8(ioc); if (type != AMF_DATA_TYPE_STRING || amf_get_string(ioc, buffer, sizeof(buffer)) < 0) - return -1; + return 2; if (!strcmp(buffer, "onTextData")) return 1; if (strcmp(buffer, "onMetaData")) - return -1; + return 2; // find the streams now so that amf_parse_object doesn't need to do // the lookup every time it is called. @@ -813,7 +813,7 @@ static int flv_read_packet(AVFormatContext *s, AVPacket *pkt) stream_type=FLV_STREAM_TYPE_DATA; if (size > 13 + 1 + 4 && dts == 0) { // Header-type metadata stuff meta_pos = avio_tell(s->pb); - if (flv_read_metabody(s, next) == 0) { + if (flv_read_metabody(s, next) <= 0) { goto skip; } avio_seek(s->pb, meta_pos, SEEK_SET); From bfdf15943d65a6278dd5639ab46259b4f8a28355 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 1 Jan 2015 18:15:16 +0100 Subject: [PATCH 432/562] avformat/flvdec: Increase string array size Fixes parsing httphostheader of Scarlatti\,\ Pieter-Jan\ Belder\ -\ Sonata\ K113\ in\ A\ major\ -\ Alle.flv Signed-off-by: Michael Niedermayer (cherry picked from commit eb767a276bfdb9a0493bdb0b38203638230b7ccb) Signed-off-by: Michael Niedermayer --- libavformat/flvdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c index f2936bcece..04196ad00a 100644 --- a/libavformat/flvdec.c +++ b/libavformat/flvdec.c @@ -375,7 +375,7 @@ static int amf_parse_object(AVFormatContext *s, AVStream *astream, FLVContext *flv = s->priv_data; AVIOContext *ioc; AMFDataType amf_type; - char str_val[256]; + char str_val[1024]; double num_val; num_val = 0; From 19475c0d749c8d056cb41cb158fcc0a2c72eeb00 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 4 Jan 2015 01:03:26 +0100 Subject: [PATCH 433/562] avfilter/vf_sab: fix filtering tiny images Fixes out of array reads Signed-off-by: Michael Niedermayer (cherry picked from commit 9bff052b51f27f6cce04e8d7d8b405c710d7ad67) Signed-off-by: Michael Niedermayer --- libavfilter/vf_sab.c | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/libavfilter/vf_sab.c b/libavfilter/vf_sab.c index 1d970fa95f..67c24a9bce 100644 --- a/libavfilter/vf_sab.c +++ b/libavfilter/vf_sab.c @@ -220,6 +220,19 @@ static int config_props(AVFilterLink *inlink) #define NB_PLANES 4 +static inline int mirror(int x, int w) +{ + if (!w) + return 0; + + while ((unsigned)x > (unsigned)w) { + x = -x; + if (x < 0) + x += 2 * w; + } + return x; +} + static void blur(uint8_t *dst, const int dst_linesize, const uint8_t *src, const int src_linesize, const int w, const int h, FilterParam *fp) @@ -253,8 +266,7 @@ static void blur(uint8_t *dst, const int dst_linesize, for (dy = 0; dy < radius*2 + 1; dy++) { int dx; int iy = y+dy - radius; - if (iy < 0) iy = -iy; - else if (iy >= h) iy = h+h-iy-1; + iy = mirror(iy, h-1); for (dx = 0; dx < radius*2 + 1; dx++) { const int ix = x+dx - radius; @@ -265,13 +277,11 @@ static void blur(uint8_t *dst, const int dst_linesize, for (dy = 0; dy < radius*2+1; dy++) { int dx; int iy = y+dy - radius; - if (iy < 0) iy = -iy; - else if (iy >= h) iy = h+h-iy-1; + iy = mirror(iy, h-1); for (dx = 0; dx < radius*2 + 1; dx++) { int ix = x+dx - radius; - if (ix < 0) ix = -ix; - else if (ix >= w) ix = w+w-ix-1; + ix = mirror(ix, w-1); UPDATE_FACTOR; } } From 0bdbf1aba3b155e14c7223302e6e2e9615e17d38 Mon Sep 17 00:00:00 2001 From: wm4 Date: Mon, 5 Jan 2015 04:45:26 +0100 Subject: [PATCH 434/562] avcodec/dvdsubdec: fix out of bounds accesses The code blindly trusted buffer offsets read from the file in the RLE decoder. Explicitly check the offset. Also error out on other RLE decoding errors. Signed-off-by: Michael Niedermayer (cherry picked from commit c9151de7c42553bb145be608df8513c1287f1f24) Signed-off-by: Michael Niedermayer --- libavcodec/dvdsubdec.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/libavcodec/dvdsubdec.c b/libavcodec/dvdsubdec.c index f0dd289139..64f4bffb86 100644 --- a/libavcodec/dvdsubdec.c +++ b/libavcodec/dvdsubdec.c @@ -103,6 +103,9 @@ static int decode_rle(uint8_t *bitmap, int linesize, int w, int h, int x, y, len, color; uint8_t *d; + if (start >= buf_size) + return -1; + bit_len = (buf_size - start) * 8; init_get_bits(&gb, buf + start, bit_len); @@ -354,10 +357,12 @@ static int decode_dvd_subtitles(DVDSubContext *ctx, AVSubtitle *sub_header, sub_header->rects[0] = av_mallocz(sizeof(AVSubtitleRect)); sub_header->num_rects = 1; sub_header->rects[0]->pict.data[0] = bitmap; - decode_rle(bitmap, w * 2, w, (h + 1) / 2, - buf, offset1, buf_size, is_8bit); - decode_rle(bitmap + w, w * 2, w, h / 2, - buf, offset2, buf_size, is_8bit); + if (decode_rle(bitmap, w * 2, w, (h + 1) / 2, + buf, offset1, buf_size, is_8bit) < 0) + goto fail; + if (decode_rle(bitmap + w, w * 2, w, h / 2, + buf, offset2, buf_size, is_8bit) < 0) + goto fail; sub_header->rects[0]->pict.data[1] = av_mallocz(AVPALETTE_SIZE); if (is_8bit) { if (yuv_palette == 0) From 6832b1fde7b6c324362b908aafc3a74577987c07 Mon Sep 17 00:00:00 2001 From: Dale Curtis Date: Mon, 5 Jan 2015 16:19:09 -0800 Subject: [PATCH 435/562] mov: Avoid overflow with mov_metadata_raw() The code previously added 1 to len without checking its size, resulting in an overflow which can corrupt value[-1] -- which may be used to store unaligned ptr information for certain allocators. Found-by: Paul Mehta Signed-off-by: Dale Curtis Signed-off-by: Michael Niedermayer --- libavformat/mov.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/mov.c b/libavformat/mov.c index b0893726a4..02b8aeb856 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -278,6 +278,9 @@ static int mov_read_covr(MOVContext *c, AVIOContext *pb, int type, int len) static int mov_metadata_raw(MOVContext *c, AVIOContext *pb, unsigned len, const char *key) { + // Check for overflow. + if (len >= INT_MAX) + return AVERROR(EINVAL); char *value = av_malloc(len + 1); if (!value) return AVERROR(ENOMEM); From 71d0cfff15ea89b63124a9eaf8032c27d7f2a99a Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 6 Jan 2015 04:29:10 +0100 Subject: [PATCH 436/562] avformat/mov: fix integer overflow in mov_read_udta_string() Found-by: Paul Mehta Signed-off-by: Michael Niedermayer (cherry picked from commit 3859868c75313e318ebc5d0d33baada62d45dd75) Signed-off-by: Michael Niedermayer --- libavformat/mov.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index 02b8aeb856..bfc5c44d87 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -385,7 +385,7 @@ static int mov_read_udta_string(MOVContext *c, AVIOContext *pb, MOVAtom atom) if (!key) return 0; - if (atom.size < 0) + if (atom.size < 0 || str_size >= INT_MAX/2) return AVERROR_INVALIDDATA; str_size = FFMIN3(sizeof(str)-1, str_size, atom.size); From 13d4d8a9c6bb6acdec8be0638299d0ce08bfd061 Mon Sep 17 00:00:00 2001 From: Dale Curtis Date: Mon, 5 Jan 2015 16:34:17 -0800 Subject: [PATCH 437/562] mov: Fix negative size calculation in mov_read_default(). The previous code assumed if an atom was marked with a 64-bit size extension, it actually had that data available. The new code verfies there's enough data in the atom for this to be done. Failure to verify causes total_size > atom.size which will result in negative size calculations later on. Found-by: Paul Mehta Signed-off-by: Dale Curtis Signed-off-by: Michael Niedermayer (cherry picked from commit 3ebd76a9c57558e284e94da367dd23b435e6a6d0) Signed-off-by: Michael Niedermayer --- libavformat/mov.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index bfc5c44d87..16435e9fb2 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -3022,7 +3022,7 @@ static int mov_read_default(MOVContext *c, AVIOContext *pb, MOVAtom atom) } } total_size += 8; - if (a.size == 1) { /* 64 bit extended size */ + if (a.size == 1 && total_size + 8 <= atom.size) { /* 64 bit extended size */ a.size = avio_rb64(pb) - 8; total_size += 8; } From ac1905cd5bffd423f666729954b06ce7c148d3f4 Mon Sep 17 00:00:00 2001 From: Paul B Mahol Date: Tue, 6 Jan 2015 09:42:59 +0000 Subject: [PATCH 438/562] lavfi: check av_strdup() return value Signed-off-by: Paul B Mahol (cherry picked from commit 145a84717b62e086cdb5f26649ad9f1b51ef38d0) Signed-off-by: Michael Niedermayer --- libavfilter/af_amix.c | 2 ++ libavfilter/af_join.c | 2 ++ libavfilter/split.c | 2 ++ libavfilter/src_movie.c | 2 ++ 4 files changed, 8 insertions(+) diff --git a/libavfilter/af_amix.c b/libavfilter/af_amix.c index 0902c2ac50..9d7b728145 100644 --- a/libavfilter/af_amix.c +++ b/libavfilter/af_amix.c @@ -496,6 +496,8 @@ static av_cold int init(AVFilterContext *ctx) snprintf(name, sizeof(name), "input%d", i); pad.type = AVMEDIA_TYPE_AUDIO; pad.name = av_strdup(name); + if (!pad.name) + return AVERROR(ENOMEM); pad.filter_frame = filter_frame; ff_insert_inpad(ctx, i, &pad); diff --git a/libavfilter/af_join.c b/libavfilter/af_join.c index a266a248cd..045c15e68e 100644 --- a/libavfilter/af_join.c +++ b/libavfilter/af_join.c @@ -214,6 +214,8 @@ static av_cold int join_init(AVFilterContext *ctx) snprintf(name, sizeof(name), "input%d", i); pad.type = AVMEDIA_TYPE_AUDIO; pad.name = av_strdup(name); + if (!pad.name) + return AVERROR(ENOMEM); pad.filter_frame = filter_frame; pad.needs_fifo = 1; diff --git a/libavfilter/split.c b/libavfilter/split.c index 21e1a60f38..a14cf0503e 100644 --- a/libavfilter/split.c +++ b/libavfilter/split.c @@ -52,6 +52,8 @@ static av_cold int split_init(AVFilterContext *ctx) snprintf(name, sizeof(name), "output%d", i); pad.type = ctx->filter->inputs[0].type; pad.name = av_strdup(name); + if (!pad.name) + return AVERROR(ENOMEM); ff_insert_outpad(ctx, i, &pad); } diff --git a/libavfilter/src_movie.c b/libavfilter/src_movie.c index dfb4289f3c..ecb8ea4821 100644 --- a/libavfilter/src_movie.c +++ b/libavfilter/src_movie.c @@ -291,6 +291,8 @@ static av_cold int movie_common_init(AVFilterContext *ctx) snprintf(name, sizeof(name), "out%d", i); pad.type = movie->st[i].st->codec->codec_type; pad.name = av_strdup(name); + if (!pad.name) + return AVERROR(ENOMEM); pad.config_props = movie_config_output_props; pad.request_frame = movie_request_frame; ff_insert_outpad(ctx, i, &pad); From 83700aced1917f372f453eea1cc6543aeae2c2a1 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 6 Jan 2015 12:48:38 +0100 Subject: [PATCH 439/562] avformat/matroskadec: Use av_freep() to avoid leaving stale pointers in memory Signed-off-by: Michael Niedermayer (cherry picked from commit 6e70e4aca50696040cc9256ec96e5c31d9641432) Signed-off-by: Michael Niedermayer --- libavformat/matroskadec.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index 884960bd5d..f0a0d0424e 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -1049,7 +1049,7 @@ static void ebml_free(EbmlSyntax *syntax, void *data) char *ptr = list->elem; for (j=0; jnb_elem; j++, ptr+=syntax[i].list_elem_size) ebml_free(syntax[i].def.n, ptr); - av_free(list->elem); + av_freep(&list->elem); } else ebml_free(syntax[i].def.n, data_off); default: break; @@ -2008,7 +2008,7 @@ static int matroska_deliver_packet(MatroskaDemuxContext *matroska, { if (matroska->num_packets > 0) { memcpy(pkt, matroska->packets[0], sizeof(AVPacket)); - av_free(matroska->packets[0]); + av_freep(&matroska->packets[0]); if (matroska->num_packets > 1) { void *newpackets; memmove(&matroska->packets[0], &matroska->packets[1], @@ -2038,7 +2038,7 @@ static void matroska_clear_queue(MatroskaDemuxContext *matroska) int n; for (n = 0; n < matroska->num_packets; n++) { av_free_packet(matroska->packets[n]); - av_free(matroska->packets[n]); + av_freep(&matroska->packets[n]); } av_freep(&matroska->packets); matroska->num_packets = 0; @@ -2878,7 +2878,7 @@ static int matroska_read_close(AVFormatContext *s) for (n=0; n < matroska->tracks.nb_elem; n++) if (tracks[n].type == MATROSKA_TRACK_TYPE_AUDIO) - av_free(tracks[n].audio.buf); + av_freep(&tracks[n].audio.buf); ebml_free(matroska_cluster, &matroska->current_cluster); ebml_free(matroska_segment, matroska); From fa0194e9ca704d1b6f8f85762f513202bde6482d Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 6 Jan 2015 12:53:53 +0100 Subject: [PATCH 440/562] avformat/utils: Clear pointer in ff_alloc_extradata() to avoid leaving a stale pointer in memory Signed-off-by: Michael Niedermayer (cherry picked from commit bbfca8e84b0e69abba523d665536c0135fc1c00e) Signed-off-by: Michael Niedermayer --- libavformat/utils.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavformat/utils.c b/libavformat/utils.c index 85a96845b7..d2efda0727 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -2698,6 +2698,7 @@ int ff_alloc_extradata(AVCodecContext *avctx, int size) int ret; if (size < 0 || size >= INT32_MAX - FF_INPUT_BUFFER_PADDING_SIZE) { + avctx->extradata = NULL; avctx->extradata_size = 0; return AVERROR(EINVAL); } From 36ac58454832032623ca9584bbdbc837a02a8bcc Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 6 Jan 2015 19:51:38 +0100 Subject: [PATCH 441/562] avformat/mov: Fix mixed declaration and statement warning Signed-off-by: Michael Niedermayer (cherry picked from commit db27f50e0658e91758e8a17fdcf390e6bc93c1d2) Signed-off-by: Michael Niedermayer --- libavformat/mov.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index 16435e9fb2..e0f9495d7e 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -278,10 +278,11 @@ static int mov_read_covr(MOVContext *c, AVIOContext *pb, int type, int len) static int mov_metadata_raw(MOVContext *c, AVIOContext *pb, unsigned len, const char *key) { + char *value; // Check for overflow. if (len >= INT_MAX) return AVERROR(EINVAL); - char *value = av_malloc(len + 1); + value = av_malloc(len + 1); if (!value) return AVERROR(ENOMEM); avio_read(pb, value, len); From e4fddd18e7f4bf666f598a608d63dd16c3da41f4 Mon Sep 17 00:00:00 2001 From: Johan Andersson Date: Sat, 3 Jan 2015 17:31:36 +0100 Subject: [PATCH 442/562] cmdutils: update copyright year to 2015. (cherry picked from commit 3e160652219ff4da433f5672ae1e5f4956abb815) Conflicts: cmdutils.c --- cmdutils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmdutils.c b/cmdutils.c index 26fe3c78ac..ca9bc50020 100644 --- a/cmdutils.c +++ b/cmdutils.c @@ -68,7 +68,7 @@ struct SwsContext *sws_opts; AVDictionary *swr_opts; AVDictionary *format_opts, *codec_opts, *resample_opts; -const int this_year = 2014; +const int this_year = 2015; static FILE *report_file; From f04b323a460fd026d1cab31ad82464d34d5d2011 Mon Sep 17 00:00:00 2001 From: wm4 Date: Wed, 7 Jan 2015 23:57:50 +0100 Subject: [PATCH 443/562] avcodec/dvdsubdec: error on bitmaps with size 0 Attemtping to decode them could lead to invalid writes with some fuzzed samples. Signed-off-by: Michael Niedermayer (cherry picked from commit bcaa9099b3648b47060e1724a97dc98b63c83702) Signed-off-by: Michael Niedermayer --- libavcodec/dvdsubdec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/dvdsubdec.c b/libavcodec/dvdsubdec.c index 64f4bffb86..2a9b63a321 100644 --- a/libavcodec/dvdsubdec.c +++ b/libavcodec/dvdsubdec.c @@ -106,6 +106,9 @@ static int decode_rle(uint8_t *bitmap, int linesize, int w, int h, if (start >= buf_size) return -1; + if (w <= 0 || h <= 0) + return -1; + bit_len = (buf_size - start) * 8; init_get_bits(&gb, buf + start, bit_len); From 5a98a000018e0563ddf3316d1594cc438b0c696e Mon Sep 17 00:00:00 2001 From: wm4 Date: Thu, 8 Jan 2015 17:19:17 +0100 Subject: [PATCH 444/562] avcodec/dvdsubdec: fix accessing dangling pointers dvdsub_decode() can call append_to_cached_buf() 2 times, the second time with ctx->buf as argument. If the second append_to_cached_buf() reallocs ctx->buf, the argument will be a pointer to the previous, freed block. This can cause invalid reads at least with some fuzzed files - and possibly with valid files. Since packets can apparently not be larger than 64K (even if packets are combined), just use a fixed size buffer. It will be allocated as part of the DVDSubContext, and although some memory is "wasted", it's relatively minimal by modern standards and should be acceptable. Signed-off-by: Michael Niedermayer (cherry picked from commit 816577716bc6170bccfea3b9e865618b69a4b426) Signed-off-by: Michael Niedermayer --- libavcodec/dvdsubdec.c | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/libavcodec/dvdsubdec.c b/libavcodec/dvdsubdec.c index 2a9b63a321..524930867d 100644 --- a/libavcodec/dvdsubdec.c +++ b/libavcodec/dvdsubdec.c @@ -35,7 +35,7 @@ typedef struct DVDSubContext int has_palette; uint8_t colormap[4]; uint8_t alpha[256]; - uint8_t *buf; + uint8_t buf[0x10000]; int buf_size; #ifdef DEBUG int sub_id; @@ -503,15 +503,11 @@ static int append_to_cached_buf(AVCodecContext *avctx, { DVDSubContext *ctx = avctx->priv_data; - if (ctx->buf_size > 0xffff - buf_size) { + if (ctx->buf_size >= sizeof(ctx->buf) - buf_size) { av_log(avctx, AV_LOG_WARNING, "Attempt to reconstruct " "too large SPU packets aborted.\n"); - av_freep(&ctx->buf); return AVERROR_INVALIDDATA; } - ctx->buf = av_realloc(ctx->buf, ctx->buf_size + buf_size); - if (!ctx->buf) - return AVERROR(ENOMEM); memcpy(ctx->buf + ctx->buf_size, buf, buf_size); ctx->buf_size += buf_size; return 0; @@ -527,7 +523,7 @@ static int dvdsub_decode(AVCodecContext *avctx, AVSubtitle *sub = data; int is_menu; - if (ctx->buf) { + if (ctx->buf_size) { int ret = append_to_cached_buf(avctx, buf, buf_size); if (ret < 0) { *data_size = 0; @@ -565,7 +561,6 @@ static int dvdsub_decode(AVCodecContext *avctx, } #endif - av_freep(&ctx->buf); ctx->buf_size = 0; *data_size = 1; return buf_size; @@ -643,7 +638,6 @@ static av_cold int dvdsub_init(AVCodecContext *avctx) static av_cold int dvdsub_close(AVCodecContext *avctx) { DVDSubContext *ctx = avctx->priv_data; - av_freep(&ctx->buf); ctx->buf_size = 0; return 0; } From ccca7ae8c6dba1a98d6ecfb1c6ae2f5c2bb32253 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 8 Jan 2015 23:02:30 +0100 Subject: [PATCH 445/562] ffmpeg: Clear error message array at init. This avoids printing uninitialized bytes if no error message is set Signed-off-by: Michael Niedermayer (cherry picked from commit 6d1a2efb8ac399a003ea7d3b6f8c641d192567ee) Signed-off-by: Michael Niedermayer --- ffmpeg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ffmpeg.c b/ffmpeg.c index 9aa094ead1..d0124e7efb 100644 --- a/ffmpeg.c +++ b/ffmpeg.c @@ -2117,7 +2117,7 @@ static int transcode_init(void) AVCodecContext *codec; OutputStream *ost; InputStream *ist; - char error[1024]; + char error[1024] = {0}; int want_sdp = 1; for (i = 0; i < nb_filtergraphs; i++) { From 9d156e24d779702850d6c66893837534b18dd3ea Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 17 Jan 2015 01:56:03 +0100 Subject: [PATCH 446/562] avcodec/flac_parser: fix handling EOF if no headers are found Fixes assertion failure Fixes Ticket4269 Signed-off-by: Michael Niedermayer (cherry picked from commit c4d85fc23c100f7a27d9bad710eb153214868e27) Signed-off-by: Michael Niedermayer --- libavcodec/flac_parser.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/flac_parser.c b/libavcodec/flac_parser.c index ba1f060fd9..0512575d85 100644 --- a/libavcodec/flac_parser.c +++ b/libavcodec/flac_parser.c @@ -685,7 +685,7 @@ static int flac_parse(AVCodecParserContext *s, AVCodecContext *avctx, handle_error: *poutbuf = NULL; *poutbuf_size = 0; - return read_end - buf; + return buf_size ? read_end - buf : 0; } static av_cold int flac_parse_init(AVCodecParserContext *c) From d00e2fa28410f8eb088bd2a1653946284ab81856 Mon Sep 17 00:00:00 2001 From: Vittorio Giovara Date: Wed, 17 Dec 2014 16:02:07 +0100 Subject: [PATCH 447/562] swscale: check memory allocations Bug-Id: CID 1257779 (cherry picked from commit 1dd797e3c9f179f957316a0becbec048b42df8aa) Signed-off-by: Michael Niedermayer --- libswscale/yuv2rgb.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/libswscale/yuv2rgb.c b/libswscale/yuv2rgb.c index 77c56a9772..7f7ec7873a 100644 --- a/libswscale/yuv2rgb.c +++ b/libswscale/yuv2rgb.c @@ -775,9 +775,13 @@ av_cold int ff_yuv2rgb_c_init_tables(SwsContext *c, const int inv_table[4], av_freep(&c->yuvTable); +#define ALLOC_YUV_TABLE(x) \ + c->yuvTable = av_malloc(x); \ + if (!c->yuvTable) \ + return AVERROR(ENOMEM); switch (bpp) { case 1: - c->yuvTable = av_malloc(1024); + ALLOC_YUV_TABLE(1024); y_table = c->yuvTable; yb = -(384 << 16) - oy; for (i = 0; i < 1024 - 110; i++) { @@ -792,7 +796,7 @@ av_cold int ff_yuv2rgb_c_init_tables(SwsContext *c, const int inv_table[4], rbase = isRgb ? 3 : 0; gbase = 1; bbase = isRgb ? 0 : 3; - c->yuvTable = av_malloc(1024 * 3); + ALLOC_YUV_TABLE(1024 * 3); y_table = c->yuvTable; yb = -(384 << 16) - oy; for (i = 0; i < 1024 - 110; i++) { @@ -811,7 +815,7 @@ av_cold int ff_yuv2rgb_c_init_tables(SwsContext *c, const int inv_table[4], rbase = isRgb ? 5 : 0; gbase = isRgb ? 2 : 3; bbase = isRgb ? 0 : 6; - c->yuvTable = av_malloc(1024 * 3); + ALLOC_YUV_TABLE(1024 * 3); y_table = c->yuvTable; yb = -(384 << 16) - oy; for (i = 0; i < 1024 - 38; i++) { @@ -830,7 +834,7 @@ av_cold int ff_yuv2rgb_c_init_tables(SwsContext *c, const int inv_table[4], rbase = isRgb ? 8 : 0; gbase = 4; bbase = isRgb ? 0 : 8; - c->yuvTable = av_malloc(1024 * 3 * 2); + ALLOC_YUV_TABLE(1024 * 3 * 2); y_table16 = c->yuvTable; yb = -(384 << 16) - oy; for (i = 0; i < 1024; i++) { @@ -853,7 +857,7 @@ av_cold int ff_yuv2rgb_c_init_tables(SwsContext *c, const int inv_table[4], rbase = isRgb ? bpp - 5 : 0; gbase = 5; bbase = isRgb ? 0 : (bpp - 5); - c->yuvTable = av_malloc(1024 * 3 * 2); + ALLOC_YUV_TABLE(1024 * 3 * 2); y_table16 = c->yuvTable; yb = -(384 << 16) - oy; for (i = 0; i < 1024; i++) { @@ -873,7 +877,7 @@ av_cold int ff_yuv2rgb_c_init_tables(SwsContext *c, const int inv_table[4], break; case 24: case 48: - c->yuvTable = av_malloc(1024); + ALLOC_YUV_TABLE(1024); y_table = c->yuvTable; yb = -(384 << 16) - oy; for (i = 0; i < 1024; i++) { @@ -895,7 +899,7 @@ av_cold int ff_yuv2rgb_c_init_tables(SwsContext *c, const int inv_table[4], needAlpha = CONFIG_SWSCALE_ALPHA && isALPHA(c->srcFormat); if (!needAlpha) abase = (base + 24) & 31; - c->yuvTable = av_malloc(1024 * 3 * 4); + ALLOC_YUV_TABLE(1024 * 3 * 4); y_table32 = c->yuvTable; yb = -(384 << 16) - oy; for (i = 0; i < 1024; i++) { From 7c54f1416859e6fb3a5f72efc6b002642abfff02 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 6 Dec 2014 00:18:29 +0100 Subject: [PATCH 448/562] avformat/rmdec: Check for overflow in ff_rm_read_mdpr_codecdata() Signed-off-by: Michael Niedermayer (cherry picked from commit 03abf55f252945c70f4a79eaf4d609cee4d98710) Signed-off-by: Michael Niedermayer --- libavformat/rmdec.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c index 235ff138e1..3fa0200a3d 100644 --- a/libavformat/rmdec.c +++ b/libavformat/rmdec.c @@ -393,7 +393,11 @@ ff_rm_read_mdpr_codecdata (AVFormatContext *s, AVIOContext *pb, skip: /* skip codec info */ size = avio_tell(pb) - codec_pos; - avio_skip(pb, codec_data_size - size); + if (codec_data_size >= size) { + avio_skip(pb, codec_data_size - size); + } else { + av_log(s, AV_LOG_WARNING, "codec_data_size %u < size %d\n", codec_data_size, size); + } return 0; } From e651a2f88c219e74c9851563e74100f7652a6005 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 1 Feb 2015 19:19:25 +0100 Subject: [PATCH 449/562] avformat/utils: Fix number suffixes in tb_unreliable() Signed-off-by: Michael Niedermayer (cherry picked from commit 4b15bba2aec93776bfdc69a1bca42a4795a7d191) Conflicts: libavformat/utils.c --- libavformat/utils.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index d2efda0727..5465498c3d 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -2674,8 +2674,8 @@ static int get_std_framerate(int i){ * And there are "variable" fps files this needs to detect as well. */ static int tb_unreliable(AVCodecContext *c){ - if( c->time_base.den >= 101L*c->time_base.num - || c->time_base.den < 5L*c->time_base.num + if( c->time_base.den >= 101LL*c->time_base.num + || c->time_base.den < 5LL*c->time_base.num /* || c->codec_tag == AV_RL32("DIVX") || c->codec_tag == AV_RL32("XVID")*/ || c->codec_tag == AV_RL32("mp4v") From 364bdddaad04f3adafd7699dd5cb739e14b3c90a Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 1 Feb 2015 19:27:00 +0100 Subject: [PATCH 450/562] swresample/dither: Cleanup number suffixes The <<31 case needs LL Signed-off-by: Michael Niedermayer (cherry picked from commit c77cc2c1766666cdb5f14daee0f75e397bf7a194) Signed-off-by: Michael Niedermayer --- libswresample/dither.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/libswresample/dither.c b/libswresample/dither.c index b8b592a7ce..8121f11c2f 100644 --- a/libswresample/dither.c +++ b/libswresample/dither.c @@ -84,14 +84,14 @@ int swri_dither_init(SwrContext *s, enum AVSampleFormat out_fmt, enum AVSampleFo in_fmt = av_get_packed_sample_fmt( in_fmt); if(in_fmt == AV_SAMPLE_FMT_FLT || in_fmt == AV_SAMPLE_FMT_DBL){ - if(out_fmt == AV_SAMPLE_FMT_S32) scale = 1.0/(1L<<31); - if(out_fmt == AV_SAMPLE_FMT_S16) scale = 1.0/(1L<<15); - if(out_fmt == AV_SAMPLE_FMT_U8 ) scale = 1.0/(1L<< 7); + if(out_fmt == AV_SAMPLE_FMT_S32) scale = 1.0/(1LL<<31); + if(out_fmt == AV_SAMPLE_FMT_S16) scale = 1.0/(1LL<<15); + if(out_fmt == AV_SAMPLE_FMT_U8 ) scale = 1.0/(1LL<< 7); } if(in_fmt == AV_SAMPLE_FMT_S32 && out_fmt == AV_SAMPLE_FMT_S32 && (s->dither.output_sample_bits&31)) scale = 1; - if(in_fmt == AV_SAMPLE_FMT_S32 && out_fmt == AV_SAMPLE_FMT_S16) scale = 1L<<16; - if(in_fmt == AV_SAMPLE_FMT_S32 && out_fmt == AV_SAMPLE_FMT_U8 ) scale = 1L<<24; - if(in_fmt == AV_SAMPLE_FMT_S16 && out_fmt == AV_SAMPLE_FMT_U8 ) scale = 1L<<8; + if(in_fmt == AV_SAMPLE_FMT_S32 && out_fmt == AV_SAMPLE_FMT_S16) scale = 1<<16; + if(in_fmt == AV_SAMPLE_FMT_S32 && out_fmt == AV_SAMPLE_FMT_U8 ) scale = 1<<24; + if(in_fmt == AV_SAMPLE_FMT_S16 && out_fmt == AV_SAMPLE_FMT_U8 ) scale = 1<<8; scale *= s->dither.scale; From 201d626bb90ea3ca22f0168b8e2085bbd16ac984 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 1 Feb 2015 19:34:52 +0100 Subject: [PATCH 451/562] avformat/matroskadec: Fix number suffixes Signed-off-by: Michael Niedermayer (cherry picked from commit fc3cdb00d084222a107e61e7168903bf3d3d0b47) Conflicts: libavformat/matroskadec.c --- libavformat/matroskadec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index f0a0d0424e..99baa08e7e 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -1883,7 +1883,7 @@ static int matroska_read_header(AVFormatContext *s) av_reduce(&st->avg_frame_rate.num, &st->avg_frame_rate.den, 1000000000, track->default_duration, 30000); #if FF_API_R_FRAME_RATE - if (st->avg_frame_rate.num < st->avg_frame_rate.den * 1000L) + if (st->avg_frame_rate.num < st->avg_frame_rate.den * 1000LL) st->r_frame_rate = st->avg_frame_rate; #endif } From 633ce6baaaabc44d619b890c8afacb1e906bc2bb Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 1 Feb 2015 19:36:13 +0100 Subject: [PATCH 452/562] avformat/smacker: Fix number suffix Signed-off-by: Michael Niedermayer (cherry picked from commit 465f3705b1ef832fd6904750d018f81f9044f3ab) Signed-off-by: Michael Niedermayer --- libavformat/smacker.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/smacker.c b/libavformat/smacker.c index 527faf7dd8..cbacb6216d 100644 --- a/libavformat/smacker.c +++ b/libavformat/smacker.c @@ -314,7 +314,7 @@ static int smacker_read_packet(AVFormatContext *s, AVPacket *pkt) int err; size = avio_rl32(s->pb) - 4; - if (!size || size + 4L > frame_size) { + if (!size || size + 4LL > frame_size) { av_log(s, AV_LOG_ERROR, "Invalid audio part size\n"); return AVERROR_INVALIDDATA; } From 6862970dbfd81a86afcf6d57cafab60e01e2c8e5 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 1 Feb 2015 19:36:36 +0100 Subject: [PATCH 453/562] avformat/omadec: fix number suffix Signed-off-by: Michael Niedermayer (cherry picked from commit f1f7f5903ab49b84789af5341492afbaba808a70) Signed-off-by: Michael Niedermayer --- libavformat/omadec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/omadec.c b/libavformat/omadec.c index 8453aa7bf5..b10f56f07b 100644 --- a/libavformat/omadec.c +++ b/libavformat/omadec.c @@ -171,7 +171,7 @@ static int nprobe(AVFormatContext *s, uint8_t *enc_header, unsigned size, taglen = AV_RB32(&enc_header[pos + 32]); datalen = AV_RB32(&enc_header[pos + 36]) >> 4; - pos += 44L + taglen; + pos += 44LL + taglen; if (pos + (((uint64_t)datalen) << 4) > size) return -1; From 5feffd62688b61d7e9c2aff63e7fbf3c0cd9b04c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 1 Feb 2015 19:39:22 +0100 Subject: [PATCH 454/562] avcodec/h264_cabac: use int instead of long for mbb_xy The mb address fits in int Signed-off-by: Michael Niedermayer (cherry picked from commit 592ba6ec106206f97133c9345313010c76361e12) Signed-off-by: Michael Niedermayer --- libavcodec/h264_cabac.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h264_cabac.c b/libavcodec/h264_cabac.c index 7b1ee05e3d..14b8e6850a 100644 --- a/libavcodec/h264_cabac.c +++ b/libavcodec/h264_cabac.c @@ -1279,7 +1279,7 @@ void ff_h264_init_cabac_states(H264Context *h) { } static int decode_cabac_field_decoding_flag(H264Context *h) { - const long mbb_xy = h->mb_xy - 2L*h->mb_stride; + const int mbb_xy = h->mb_xy - 2*h->mb_stride; unsigned long ctx = 0; From 37723e0d0c3e9ac137ba53c2f02912a27ed97a7a Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 1 Feb 2015 19:40:13 +0100 Subject: [PATCH 455/562] avcodec/mpegvideo_enc: Fix number suffixes in rc_buffer_size calculation Signed-off-by: Michael Niedermayer (cherry picked from commit 4531e2c489d279bfc90d54ca26ed898c5b265a7f) Signed-off-by: Michael Niedermayer --- libavcodec/mpegvideo_enc.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libavcodec/mpegvideo_enc.c b/libavcodec/mpegvideo_enc.c index 7035df475d..399c1c940d 100644 --- a/libavcodec/mpegvideo_enc.c +++ b/libavcodec/mpegvideo_enc.c @@ -351,18 +351,18 @@ av_cold int ff_MPV_encode_init(AVCodecContext *avctx) switch(avctx->codec_id) { case AV_CODEC_ID_MPEG1VIDEO: case AV_CODEC_ID_MPEG2VIDEO: - avctx->rc_buffer_size = FFMAX(avctx->rc_max_rate, 15000000) * 112L / 15000000 * 16384; + avctx->rc_buffer_size = FFMAX(avctx->rc_max_rate, 15000000) * 112LL / 15000000 * 16384; break; case AV_CODEC_ID_MPEG4: case AV_CODEC_ID_MSMPEG4V1: case AV_CODEC_ID_MSMPEG4V2: case AV_CODEC_ID_MSMPEG4V3: if (avctx->rc_max_rate >= 15000000) { - avctx->rc_buffer_size = 320 + (avctx->rc_max_rate - 15000000L) * (760-320) / (38400000 - 15000000); + avctx->rc_buffer_size = 320 + (avctx->rc_max_rate - 15000000LL) * (760-320) / (38400000 - 15000000); } else if(avctx->rc_max_rate >= 2000000) { - avctx->rc_buffer_size = 80 + (avctx->rc_max_rate - 2000000L) * (320- 80) / (15000000 - 2000000); + avctx->rc_buffer_size = 80 + (avctx->rc_max_rate - 2000000LL) * (320- 80) / (15000000 - 2000000); } else if(avctx->rc_max_rate >= 384000) { - avctx->rc_buffer_size = 40 + (avctx->rc_max_rate - 384000L) * ( 80- 40) / ( 2000000 - 384000); + avctx->rc_buffer_size = 40 + (avctx->rc_max_rate - 384000LL) * ( 80- 40) / ( 2000000 - 384000); } else avctx->rc_buffer_size = 40; avctx->rc_buffer_size *= 16384; From 6e7f183ae632f160638203c4a9302c25f1bc7bc6 Mon Sep 17 00:00:00 2001 From: wm4 Date: Tue, 3 Feb 2015 14:41:10 +0100 Subject: [PATCH 456/562] avformat/tta: fix crash with corrupted files av_add_index_entry() can fail, for example because the parameters are invalid, or because memory allocation fails. Check this; it can actually happen with corrupted files. The second hunk is just for robustness. Just in case functions like ff_reduce_index() remove entries. (Not sure if this can actually happen.) Fixes ticket #4294. Reviewed-by: Paul B Mahol Signed-off-by: Michael Niedermayer (cherry picked from commit 6a0cd529a35190d9374b0b26504e71857cd67b83) Signed-off-by: Michael Niedermayer --- libavformat/tta.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/libavformat/tta.c b/libavformat/tta.c index 7174fd5438..d3b3fb0471 100644 --- a/libavformat/tta.c +++ b/libavformat/tta.c @@ -118,8 +118,10 @@ static int tta_read_header(AVFormatContext *s) ffio_init_checksum(s->pb, tta_check_crc, UINT32_MAX); for (i = 0; i < c->totalframes; i++) { uint32_t size = avio_rl32(s->pb); - av_add_index_entry(st, framepos, i * c->frame_size, size, 0, - AVINDEX_KEYFRAME); + int r; + if ((r = av_add_index_entry(st, framepos, i * c->frame_size, size, 0, + AVINDEX_KEYFRAME)) < 0) + return r; framepos += size; } crc = ffio_get_checksum(s->pb) ^ UINT32_MAX; @@ -153,6 +155,11 @@ static int tta_read_packet(AVFormatContext *s, AVPacket *pkt) if (c->currentframe >= c->totalframes) return AVERROR_EOF; + if (st->nb_index_entries < c->totalframes) { + av_log(s, AV_LOG_ERROR, "Index entry disappeared\n"); + return AVERROR_INVALIDDATA; + } + size = st->index_entries[c->currentframe].size; ret = av_get_packet(s->pb, pkt, size); From 28f303542e90bc34f96e2e04af6f1b9e9b9d65ab Mon Sep 17 00:00:00 2001 From: wm4 Date: Tue, 3 Feb 2015 19:04:12 +0100 Subject: [PATCH 457/562] avformat/mpc8: fix hang with fuzzed file This can lead to an endless loop by seeking back a few bytes after each attempted chunk read. Assuming negative sizes are always invalid, this is easy to fix. Other code in this demuxer treats negative sizes as invalid as well. Fixes ticket #4262. Signed-off-by: Michael Niedermayer (cherry picked from commit 56cc024220886927350cfc26ee695062ca7ecaf4) Signed-off-by: Michael Niedermayer --- libavformat/mpc8.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavformat/mpc8.c b/libavformat/mpc8.c index 7017c187f7..31026fef1c 100644 --- a/libavformat/mpc8.c +++ b/libavformat/mpc8.c @@ -216,6 +216,10 @@ static int mpc8_read_header(AVFormatContext *s) while(!url_feof(pb)){ pos = avio_tell(pb); mpc8_get_chunk_header(pb, &tag, &size); + if (size < 0) { + av_log(s, AV_LOG_ERROR, "Invalid chunk length\n"); + return AVERROR_INVALIDDATA; + } if(tag == TAG_STREAMHDR) break; mpc8_handle_chunk(s, tag, pos, size); From 55b75ece704395b5580dabcd3f426f51ed82ee3c Mon Sep 17 00:00:00 2001 From: wm4 Date: Tue, 3 Feb 2015 19:04:11 +0100 Subject: [PATCH 458/562] avformat/mpc8: fix broken pointer math MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This could overflow and crash at least on 32 bit systems. Reviewed-by: Reimar Döffinger Signed-off-by: Michael Niedermayer (cherry picked from commit b737a2c52857b214be246ff615c6293730033cfa) Signed-off-by: Michael Niedermayer --- libavformat/mpc8.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mpc8.c b/libavformat/mpc8.c index 31026fef1c..6ef8cab955 100644 --- a/libavformat/mpc8.c +++ b/libavformat/mpc8.c @@ -91,7 +91,7 @@ static int mpc8_probe(AVProbeData *p) size = bs_get_v(&bs); if (size < 2) return 0; - if (bs + size - 2 >= bs_end) + if (size >= bs_end - bs + 2) return AVPROBE_SCORE_EXTENSION - 1; // seems to be valid MPC but no header yet if (header_found) { if (size < 11 || size > 28) From af0544ca3d40d1277dec1175a1939a74c5b12ce4 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 4 Feb 2015 14:47:41 +0100 Subject: [PATCH 459/562] avformat/mpc8: Use uint64_t in *_get_v() to avoid undefined behavior Signed-off-by: Michael Niedermayer (cherry picked from commit 05e161952954acf247e0fd1fdef00559675c4d4d) Signed-off-by: Michael Niedermayer --- libavformat/mpc8.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavformat/mpc8.c b/libavformat/mpc8.c index 6ef8cab955..4352c78b92 100644 --- a/libavformat/mpc8.c +++ b/libavformat/mpc8.c @@ -57,7 +57,7 @@ typedef struct { static inline int64_t bs_get_v(const uint8_t **bs) { - int64_t v = 0; + uint64_t v = 0; int br = 0; int c; @@ -108,7 +108,7 @@ static int mpc8_probe(AVProbeData *p) static inline int64_t gb_get_v(GetBitContext *gb) { - int64_t v = 0; + uint64_t v = 0; int bits = 0; while(get_bits1(gb) && bits < 64-7){ v <<= 7; From a6ba4c1116c16c01a2faf188d47c9ed7bb727a06 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 4 Feb 2015 20:48:30 +0100 Subject: [PATCH 460/562] avcodec/mjpegdec: Check number of components for JPEG-LS Fixes out of array accesses Fixes: asan_heap-oob_1c1a4ea_1242_cov_2274415971_TESTcmyk.jpg Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit fabbfaa095660982cc0bc63242c459561fa37037) Conflicts: libavcodec/mjpegdec.c --- libavcodec/mjpegdec.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index 748107d1fb..f12210a5a1 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -471,9 +471,12 @@ unk_pixfmt: } if (s->ls) { s->upscale_h = s->upscale_v = 0; - if (s->nb_components > 1) + if (s->nb_components == 3) { s->avctx->pix_fmt = AV_PIX_FMT_RGB24; - else if (s->bits <= 8) + } else if (s->nb_components != 1) { + av_log(s->avctx, AV_LOG_ERROR, "Unsupported number of components %d\n", s->nb_components); + return AVERROR_PATCHWELCOME; + } else if (s->bits <= 8) s->avctx->pix_fmt = AV_PIX_FMT_GRAY8; else s->avctx->pix_fmt = AV_PIX_FMT_GRAY16; From b844584c10170e47654d7f8d58d8126cde62e8ba Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 4 Feb 2015 20:13:18 +0100 Subject: [PATCH 461/562] avcodec/mjpegdec: Check escape sequence validity Fixes assertion failure Fixes: asan_heap-oob_1c1a4ea_1242_cov_2274415971_TESTcmyk.jpg Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer --- libavcodec/mjpegdec.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index f12210a5a1..37369c2d65 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -1779,6 +1779,10 @@ int ff_mjpeg_find_marker(MJpegDecodeContext *s, put_bits(&pb, 8, x); if (x == 0xFF) { x = src[b++]; + if (x & 0x80) { + av_log(s->avctx, AV_LOG_WARNING, "Invalid escape sequence\n"); + x &= 0x7f; + } put_bits(&pb, 7, x); bit_count--; } From 813054c4bd5d47fc9b2b45fa53c020239af66b70 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 5 Feb 2015 00:12:08 +0100 Subject: [PATCH 462/562] swscale/utils: Limit filter shifting so as not to read from prior the array Fixes out of array read Fixes: asan_heap-oob_1fb2f9b_3780_cov_3984375136_usf.mkv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 692b22626ec9a9585f667c124a186b1a9796e432) Signed-off-by: Michael Niedermayer --- libswscale/utils.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libswscale/utils.c b/libswscale/utils.c index 3cc2c9d4d7..970e3a931e 100644 --- a/libswscale/utils.c +++ b/libswscale/utils.c @@ -596,14 +596,15 @@ static av_cold int initFilter(int16_t **outFilter, int32_t **filterPos, } if ((*filterPos)[i] + filterSize > srcW) { - int shift = (*filterPos)[i] + filterSize - srcW; + int shift = (*filterPos)[i] + FFMIN(filterSize - srcW, 0); + // move filter coefficients right to compensate for filterPos for (j = filterSize - 2; j >= 0; j--) { int right = FFMIN(j + shift, filterSize - 1); filter[i * filterSize + right] += filter[i * filterSize + j]; filter[i * filterSize + j] = 0; } - (*filterPos)[i]= srcW - filterSize; + (*filterPos)[i]-= shift; } } From 07a55344e636dac584a6f7c6e468b53bd8c3a56d Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 5 Feb 2015 03:45:21 +0100 Subject: [PATCH 463/562] avformat/thp: Check av_get_packet() for failure not only for partial output Fixes null pointer dereference Fixes: signal_sigsegv_db2c1f_3108_cov_163322880_pikmin2_opening1_partial.thp Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit f2579dbb4b31e6ae731e7f5555680528ef3020ab) Signed-off-by: Michael Niedermayer --- libavformat/thp.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/thp.c b/libavformat/thp.c index 568807d6f7..3ef9497b42 100644 --- a/libavformat/thp.c +++ b/libavformat/thp.c @@ -180,6 +180,8 @@ static int thp_read_packet(AVFormatContext *s, pkt->stream_index = thp->video_stream_index; } else { ret = av_get_packet(pb, pkt, thp->audiosize); + if (ret < 0) + return ret; if (ret != thp->audiosize) { av_free_packet(pkt); return AVERROR(EIO); From 17ecc8a7716e9ac610a2226baceaeade0c82d2a4 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 6 Feb 2015 04:11:56 +0100 Subject: [PATCH 464/562] avcodec/h264_ps: More completely check the bit depths Fixes out of array read Fixes: asan_static-oob_30328b6_719_cov_3325483287_H264_artifacts_motion.h264 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 69aa79365c1e8e1cb597d33e77bf1062c2ef47d4) Conflicts: libavcodec/h264_ps.c Signed-off-by: Michael Niedermayer --- libavcodec/h264_ps.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavcodec/h264_ps.c b/libavcodec/h264_ps.c index e667359e2b..5f95f65c35 100644 --- a/libavcodec/h264_ps.c +++ b/libavcodec/h264_ps.c @@ -376,7 +376,9 @@ int ff_h264_decode_seq_parameter_set(H264Context *h) } sps->bit_depth_luma = get_ue_golomb(&h->gb) + 8; sps->bit_depth_chroma = get_ue_golomb(&h->gb) + 8; - if (sps->bit_depth_luma > 14U || sps->bit_depth_chroma > 14U || sps->bit_depth_luma != sps->bit_depth_chroma) { + if (sps->bit_depth_luma < 8 || sps->bit_depth_luma > 14 || + sps->bit_depth_chroma < 8 || sps->bit_depth_chroma > 14 || + sps->bit_depth_luma != sps->bit_depth_chroma) { av_log(h->avctx, AV_LOG_ERROR, "illegal bit depth value (%d, %d)\n", sps->bit_depth_luma, sps->bit_depth_chroma); goto fail; From 01e2e746bad3a5a498703ae8b82812e140db1157 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 6 Feb 2015 15:09:54 +0100 Subject: [PATCH 465/562] avcodec/h264: Be more strict on rejecting pps/sps changes Fixes race condition Fixes: signal_sigsegv_1472ac3_468_cov_2915641226_CABACI3_Sony_B.jsv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 6fafc62b0bd0e206deb77a7aabbf3a370ad80789) Conflicts: libavcodec/h264.c --- libavcodec/h264.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 450aa36c70..1c9ddd697b 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -3424,6 +3424,8 @@ static int decode_slice_header(H264Context *h, H264Context *h0) int must_reinit; int needs_reinit = 0; int field_pic_flag, bottom_field_flag; + int first_slice = h == h0 && !h0->current_slice; + PPS *pps; h->me.qpel_put = h->h264qpel.put_h264_qpel_pixels_tab; h->me.qpel_avg = h->h264qpel.avg_h264_qpel_pixels_tab; @@ -3482,17 +3484,26 @@ static int decode_slice_header(H264Context *h, H264Context *h0) h0->au_pps_id, pps_id); return AVERROR_INVALIDDATA; } - h->pps = *h0->pps_buffers[pps_id]; - if (!h0->sps_buffers[h->pps.sps_id]) { + pps = h0->pps_buffers[pps_id]; + + if (!h0->sps_buffers[pps->sps_id]) { av_log(h->avctx, AV_LOG_ERROR, "non-existing SPS %u referenced\n", h->pps.sps_id); return AVERROR_INVALIDDATA; } + if (first_slice) + h->pps = *h0->pps_buffers[pps_id]; - if (h->pps.sps_id != h->current_sps_id || - h0->sps_buffers[h->pps.sps_id]->new) { + if (pps->sps_id != h->current_sps_id || + h0->sps_buffers[pps->sps_id]->new) { + + if (!first_slice) { + av_log(h->avctx, AV_LOG_ERROR, + "SPS changed in the middle of the frame\n"); + return AVERROR_INVALIDDATA; + } h->sps = *h0->sps_buffers[h->pps.sps_id]; From cab930604011477d27eab7738c3e26f3bba8b132 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 7 Feb 2015 02:06:20 +0100 Subject: [PATCH 466/562] avcodec/h264_slice: Do not change frame_num after the first slice Fixes potential race condition Fixes: signal_sigsegv_1472ac3_468_cov_2915641226_CABACI3_Sony_B.jsv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit f906982c9411f3062e3ce68013309b37c213c4dd) Signed-off-by: Michael Niedermayer Conflicts: libavcodec/h264_slice.c --- libavcodec/h264.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 1c9ddd697b..d9c86a3e3e 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -3425,6 +3425,7 @@ static int decode_slice_header(H264Context *h, H264Context *h0) int needs_reinit = 0; int field_pic_flag, bottom_field_flag; int first_slice = h == h0 && !h0->current_slice; + int frame_num; PPS *pps; h->me.qpel_put = h->h264qpel.put_h264_qpel_pixels_tab; @@ -3617,7 +3618,15 @@ static int decode_slice_header(H264Context *h, H264Context *h0) init_dequant_tables(h); } - h->frame_num = get_bits(&h->gb, h->sps.log2_max_frame_num); + frame_num = get_bits(&h->gb, h->sps.log2_max_frame_num); + if (!first_slice) { + if (h0->frame_num != frame_num) { + av_log(h->avctx, AV_LOG_ERROR, "Frame num change from %d to %d\n", + h0->frame_num, frame_num); + return AVERROR_INVALIDDATA; + } + } + h->frame_num = frame_num; h->mb_mbaff = 0; h->mb_aff_frame = 0; From 6c67cc2ad119493f3258241f64ea49cb87d07112 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 7 Feb 2015 02:22:44 +0100 Subject: [PATCH 467/562] avcodec/h264_slice: Check picture structure before setting the related fields This might fix a hypothetical race condition Signed-off-by: Michael Niedermayer (cherry picked from commit f111831ed61103f9fa8fdda41473a23da016bdaa) Signed-off-by: Michael Niedermayer Conflicts: libavcodec/h264_slice.c --- libavcodec/h264.c | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index d9c86a3e3e..b1a139f536 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -3425,7 +3425,7 @@ static int decode_slice_header(H264Context *h, H264Context *h0) int needs_reinit = 0; int field_pic_flag, bottom_field_flag; int first_slice = h == h0 && !h0->current_slice; - int frame_num; + int frame_num, picture_structure, droppable; PPS *pps; h->me.qpel_put = h->h264qpel.put_h264_qpel_pixels_tab; @@ -3626,39 +3626,35 @@ static int decode_slice_header(H264Context *h, H264Context *h0) return AVERROR_INVALIDDATA; } } - h->frame_num = frame_num; h->mb_mbaff = 0; h->mb_aff_frame = 0; last_pic_structure = h0->picture_structure; last_pic_droppable = h0->droppable; - h->droppable = h->nal_ref_idc == 0; + droppable = h->nal_ref_idc == 0; if (h->sps.frame_mbs_only_flag) { - h->picture_structure = PICT_FRAME; + picture_structure = PICT_FRAME; } else { if (!h->sps.direct_8x8_inference_flag && slice_type == AV_PICTURE_TYPE_B) { av_log(h->avctx, AV_LOG_ERROR, "This stream was generated by a broken encoder, invalid 8x8 inference\n"); return -1; } field_pic_flag = get_bits1(&h->gb); + if (field_pic_flag) { bottom_field_flag = get_bits1(&h->gb); - h->picture_structure = PICT_TOP_FIELD + bottom_field_flag; + picture_structure = PICT_TOP_FIELD + bottom_field_flag; } else { - h->picture_structure = PICT_FRAME; + picture_structure = PICT_FRAME; h->mb_aff_frame = h->sps.mb_aff; } } - h->mb_field_decoding_flag = h->picture_structure != PICT_FRAME; - - if (h0->current_slice != 0) { - if (last_pic_structure != h->picture_structure || - last_pic_droppable != h->droppable) { + if (h0->current_slice) { + if (last_pic_structure != picture_structure || + last_pic_droppable != droppable) { av_log(h->avctx, AV_LOG_ERROR, "Changing field mode (%d -> %d) between slices is not allowed\n", last_pic_structure, h->picture_structure); - h->picture_structure = last_pic_structure; - h->droppable = last_pic_droppable; return AVERROR_INVALIDDATA; } else if (!h0->cur_pic_ptr) { av_log(h->avctx, AV_LOG_ERROR, @@ -3666,7 +3662,14 @@ static int decode_slice_header(H264Context *h, H264Context *h0) h0->current_slice + 1); return AVERROR_INVALIDDATA; } - } else { + } + + h->picture_structure = picture_structure; + h->droppable = droppable; + h->frame_num = frame_num; + h->mb_field_decoding_flag = picture_structure != PICT_FRAME; + + if (h0->current_slice == 0) { /* Shorten frame num gaps so we don't have to allocate reference * frames just to throw them away */ if (h->frame_num != h->prev_frame_num) { From 6ab48096f5bdd2a3218052bf65f919b8780d2c7d Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 7 Feb 2015 03:34:48 +0100 Subject: [PATCH 468/562] avcodec/h264_slice: ignore SAR changes in slices after the first Fixes race condition and null pointer dereference Fixes: signal_sigsegv_1472ac3_468_cov_2915641226_CABACI3_Sony_B.jsv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 38d5241b7f36c1571a88517a0650caade16dd5f4) Signed-off-by: Michael Niedermayer Conflicts: libavcodec/h264_slice.c --- libavcodec/h264.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index b1a139f536..bace34be42 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -3534,13 +3534,15 @@ static int decode_slice_header(H264Context *h, H264Context *h0) || 16*h->sps.mb_height * (2 - h->sps.frame_mbs_only_flag) != h->avctx->coded_height || h->avctx->bits_per_raw_sample != h->sps.bit_depth_luma || h->cur_chroma_format_idc != h->sps.chroma_format_idc - || av_cmp_q(h->sps.sar, h->avctx->sample_aspect_ratio) || h->mb_width != h->sps.mb_width || h->mb_height != h->sps.mb_height * (2 - h->sps.frame_mbs_only_flag) )); if (non_j_pixfmt(h0->avctx->pix_fmt) != non_j_pixfmt(get_pixel_format(h0, 0))) must_reinit = 1; + if (first_slice && av_cmp_q(h->sps.sar, h->avctx->sample_aspect_ratio)) + must_reinit = 1; + h->mb_width = h->sps.mb_width; h->mb_height = h->sps.mb_height * (2 - h->sps.frame_mbs_only_flag); h->mb_num = h->mb_width * h->mb_height; From 1aea2213a68674b61f09bcde2a4ff94fb9d586a4 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 20 Feb 2015 20:13:06 +0100 Subject: [PATCH 469/562] avformat/idcin: Use 64bit for ret to avoid overflow Signed-off-by: Michael Niedermayer (cherry picked from commit d1923d15a3544cbb94563a59e7169291db76b312) Signed-off-by: Michael Niedermayer --- libavformat/idcin.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/idcin.c b/libavformat/idcin.c index 9671fca6f8..e45376f0fa 100644 --- a/libavformat/idcin.c +++ b/libavformat/idcin.c @@ -357,7 +357,7 @@ static int idcin_read_seek(AVFormatContext *s, int stream_index, IdcinDemuxContext *idcin = s->priv_data; if (idcin->first_pkt_pos > 0) { - int ret = avio_seek(s->pb, idcin->first_pkt_pos, SEEK_SET); + int64_t ret = avio_seek(s->pb, idcin->first_pkt_pos, SEEK_SET); if (ret < 0) return ret; ff_update_cur_dts(s, s->streams[idcin->video_stream_index], 0); From 1480d9b3d39b8f4ba4f9a327c2f7d492118f75ad Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 20 Feb 2015 20:14:56 +0100 Subject: [PATCH 470/562] avformat/gxf: Use 64bit for res to avoid overflow Signed-off-by: Michael Niedermayer (cherry picked from commit 12987f89007ee82b9d3a6090085dfaef8461ab8b) Signed-off-by: Michael Niedermayer --- libavformat/gxf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/gxf.c b/libavformat/gxf.c index e15d06aaf9..c0a38171fc 100644 --- a/libavformat/gxf.c +++ b/libavformat/gxf.c @@ -556,7 +556,7 @@ static int gxf_packet(AVFormatContext *s, AVPacket *pkt) { } static int gxf_seek(AVFormatContext *s, int stream_index, int64_t timestamp, int flags) { - int res = 0; + int64_t res = 0; uint64_t pos; uint64_t maxlen = 100 * 1024 * 1024; AVStream *st = s->streams[0]; From 3b17f32ec3cca0f9f1593f8bfce18a91a128e5ce Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 20 Feb 2015 20:41:35 +0100 Subject: [PATCH 471/562] avformat/mvdec: Use 64bit for ret to avoid overflow Signed-off-by: Michael Niedermayer (cherry picked from commit 26c0cc154e06cb0064b3a3da49447ac44d82444f) Signed-off-by: Michael Niedermayer --- libavformat/mvdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mvdec.c b/libavformat/mvdec.c index 5525233db5..8d6a26cd6c 100644 --- a/libavformat/mvdec.c +++ b/libavformat/mvdec.c @@ -371,7 +371,7 @@ static int mv_read_packet(AVFormatContext *avctx, AVPacket *pkt) AVStream *st = avctx->streams[mv->stream_index]; const AVIndexEntry *index; int frame = mv->frame[mv->stream_index]; - int ret; + int64_t ret; uint64_t pos; if (frame < st->nb_index_entries) { From f8b6ba5574c73c87ebf4be178a319e2e2d278749 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 20 Feb 2015 21:00:57 +0100 Subject: [PATCH 472/562] avformat/vqf: Use 64bit for ret to avoid overflow Signed-off-by: Michael Niedermayer (cherry picked from commit cb08687180683a755d0fe9d425280d0e4d1e6db2) Signed-off-by: Michael Niedermayer --- libavformat/vqf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/vqf.c b/libavformat/vqf.c index 4cd0a6deec..9fa31a15b9 100644 --- a/libavformat/vqf.c +++ b/libavformat/vqf.c @@ -262,7 +262,7 @@ static int vqf_read_seek(AVFormatContext *s, { VqfContext *c = s->priv_data; AVStream *st; - int ret; + int64_t ret; int64_t pos; st = s->streams[stream_index]; From 94ebfef2fb69f9bc66dc17e533c5d25d68a37924 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 20 Feb 2015 21:01:54 +0100 Subject: [PATCH 473/562] avformat/omadec: Use 64bit for ret to avoid overflow Signed-off-by: Michael Niedermayer (cherry picked from commit 0f55bc29d41585d110b126cb4ed4b395fd46d7ac) Signed-off-by: Michael Niedermayer --- libavformat/omadec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/omadec.c b/libavformat/omadec.c index b10f56f07b..f5d09f65ae 100644 --- a/libavformat/omadec.c +++ b/libavformat/omadec.c @@ -470,7 +470,7 @@ static int oma_read_seek(struct AVFormatContext *s, int stream_index, int64_t timestamp, int flags) { OMAContext *oc = s->priv_data; - int err = ff_pcm_read_seek(s, stream_index, timestamp, flags); + int64_t err = ff_pcm_read_seek(s, stream_index, timestamp, flags); if (!oc->encrypted) return err; From d005972995ee9b13ca6573a396cdb70808e12814 Mon Sep 17 00:00:00 2001 From: Anton Khirnov Date: Thu, 12 Feb 2015 13:06:49 +0100 Subject: [PATCH 474/562] h264: initialize H264Context.avctx in init_thread_copy This prevents using a wrong (first thread's) AVCodecContext if decoding a frame in the first pass over all threads fails. (cherry picked from commit a06b0b1295c51d100101e0ca0434e199ad6de6b5) Conflicts: libavcodec/h264.c Signed-off-by: Michael Niedermayer --- libavcodec/h264.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index bace34be42..262ea8a608 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -1699,6 +1699,7 @@ static int decode_init_thread_copy(AVCodecContext *avctx) memset(h->sps_buffers, 0, sizeof(h->sps_buffers)); memset(h->pps_buffers, 0, sizeof(h->pps_buffers)); + h->avctx = avctx; h->rbsp_buffer[0] = NULL; h->rbsp_buffer[1] = NULL; h->rbsp_buffer_size[0] = 0; From b62a3478e92be87e2b508b9aae6f86b20db9f9e2 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 19 Feb 2015 16:25:29 +0100 Subject: [PATCH 475/562] avcodec/x86/mlpdsp_init: Simplify mlp_filter_channel_x86() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Based on patch by Francisco Blas Izquierdo Riera Commit message partly taken from carl fixes a compilation error in mlpdsp_init.c with -fstack-check and some gcc compilers (I reproduced the issue with gcc 4.7.3) by simplifying the code. See also https://bugs.gentoo.org/show_bug.cgi?id=471756 $ make libavcodec/x86/mlpdsp_init.o libavcodec/x86/mlpdsp_init.c: In function ‘mlp_filter_channel_x86’: libavcodec/x86/mlpdsp_init.c:142:5: error: can’t find a register in class ‘GENERAL_REGS’ while reloading ‘asm’ libavcodec/x86/mlpdsp_init.c:142:5: error: ‘asm’ operand has impossible constraints 4551 -> 4509 dezicycles Reviewed-by: Ramiro Polla Signed-off-by: Michael Niedermayer (cherry picked from commit 03f39fbb2a558153a3c464edec1378d637a755fe) Signed-off-by: Michael Niedermayer --- libavcodec/x86/mlpdsp.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/libavcodec/x86/mlpdsp.c b/libavcodec/x86/mlpdsp.c index 94849b7e79..a3ac207a60 100644 --- a/libavcodec/x86/mlpdsp.c +++ b/libavcodec/x86/mlpdsp.c @@ -132,8 +132,8 @@ static void mlp_filter_channel_x86(int32_t *state, const int32_t *coeff, FIRMUL (ff_mlp_firorder_6, 0x14 ) FIRMUL (ff_mlp_firorder_5, 0x10 ) FIRMUL (ff_mlp_firorder_4, 0x0c ) - FIRMULREG(ff_mlp_firorder_3, 0x08,10) - FIRMULREG(ff_mlp_firorder_2, 0x04, 9) + FIRMUL (ff_mlp_firorder_3, 0x08 ) + FIRMUL (ff_mlp_firorder_2, 0x04 ) FIRMULREG(ff_mlp_firorder_1, 0x00, 8) LABEL_MANGLE(ff_mlp_firorder_0)":\n\t" "jmp *%6 \n\t" @@ -162,8 +162,6 @@ static void mlp_filter_channel_x86(int32_t *state, const int32_t *coeff, : /* 4*/"r"((x86_reg)mask), /* 5*/"r"(firjump), /* 6*/"r"(iirjump) , /* 7*/"c"(filter_shift) , /* 8*/"r"((int64_t)coeff[0]) - , /* 9*/"r"((int64_t)coeff[1]) - , /*10*/"r"((int64_t)coeff[2]) : "rax", "rdx", "rsi" #else /* ARCH_X86_32 */ /* 3*/"+m"(blocksize) From d0da72ebb04a1812433099c8effd8f753a4f7e61 Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun Date: Sun, 22 Feb 2015 20:43:30 +0100 Subject: [PATCH 476/562] avcodec/a64multienc: use av_frame_ref instead of copying the frame This fixes freeing the frame buffer twice on cleanup leading to a crash. Signed-off-by: Michael Niedermayer (cherry picked from commit 39e4ed7c1d8d840be47f6d604704d47a59a9ae5d) Signed-off-by: Michael Niedermayer --- libavcodec/a64multienc.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavcodec/a64multienc.c b/libavcodec/a64multienc.c index d692ebfdef..888b87be1a 100644 --- a/libavcodec/a64multienc.c +++ b/libavcodec/a64multienc.c @@ -317,7 +317,9 @@ static int a64multi_encode_frame(AVCodecContext *avctx, AVPacket *pkt, } else { /* fill up mc_meta_charset with data until lifetime exceeds */ if (c->mc_frame_counter < c->mc_lifetime) { - *p = *pict; + ret = av_frame_ref(p, pict); + if (ret < 0) + return ret; p->pict_type = AV_PICTURE_TYPE_I; p->key_frame = 1; to_meta_with_crop(avctx, p, meta + 32000 * c->mc_frame_counter); From 91ced1608cf4e2a8f8c6b26884a39a368c8cde79 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 23 Feb 2015 01:21:30 +0100 Subject: [PATCH 477/562] avcodec/a64multienc: don't set incorrect packet size This fixes invalid reads of the packet buffer in av_dup_packet Based on patch by Andreas Cadhalpun Signed-off-by: Michael Niedermayer (cherry picked from commit d96142e9af92ded84f2580620c571ab96c4bb657) Conflicts: libavcodec/a64multienc.c --- libavcodec/a64multienc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavcodec/a64multienc.c b/libavcodec/a64multienc.c index 888b87be1a..ad4c6118ae 100644 --- a/libavcodec/a64multienc.c +++ b/libavcodec/a64multienc.c @@ -336,8 +336,8 @@ static int a64multi_encode_frame(AVCodecContext *avctx, AVPacket *pkt, req_size = 0; /* any frames to encode? */ if (c->mc_lifetime) { - req_size = charset_size + c->mc_lifetime*(screen_size + colram_size); - if ((ret = ff_alloc_packet2(avctx, pkt, req_size)) < 0) + int alloc_size = charset_size + c->mc_lifetime*(screen_size + colram_size); + if ((ret = ff_alloc_packet2(avctx, pkt, alloc_size)) < 0) return ret; buf = pkt->data; @@ -354,6 +354,7 @@ static int a64multi_encode_frame(AVCodecContext *avctx, AVPacket *pkt, /* advance pointers */ buf += charset_size; charset += charset_size; + req_size += charset_size; } /* write x frames to buf */ From 1a8f9f0e589892f3d2d6f08e8fb3592d709bfb96 Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun Date: Sun, 22 Feb 2015 20:48:38 +0100 Subject: [PATCH 478/562] avcodec/a64multienc: fix use of uninitialized values in to_meta_with_crop Averaging over 2 pixels doesn't work correctly for the last pixel, because the rest of the buffer is not initialized. Signed-off-by: Michael Niedermayer (cherry picked from commit 87513d654546a99f8ddb045ca4fa5d33778a617e) Signed-off-by: Michael Niedermayer --- libavcodec/a64multienc.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/libavcodec/a64multienc.c b/libavcodec/a64multienc.c index ad4c6118ae..1bdb662759 100644 --- a/libavcodec/a64multienc.c +++ b/libavcodec/a64multienc.c @@ -78,9 +78,13 @@ static void to_meta_with_crop(AVCodecContext *avctx, AVFrame *p, int *dest) for (y = blocky; y < blocky + 8 && y < C64YRES; y++) { for (x = blockx; x < blockx + 8 && x < C64XRES; x += 2) { if(x < width && y < height) { - /* build average over 2 pixels */ - luma = (src[(x + 0 + y * p->linesize[0])] + - src[(x + 1 + y * p->linesize[0])]) / 2; + if (x + 1 < width) { + /* build average over 2 pixels */ + luma = (src[(x + 0 + y * p->linesize[0])] + + src[(x + 1 + y * p->linesize[0])]) / 2; + } else { + luma = src[(x + y * p->linesize[0])]; + } /* write blocks as linear data now so they are suitable for elbg */ dest[0] = luma; } From a79e5c994cf9af9cdd527fd9a2f7b8f9e02e84b0 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 24 Feb 2015 00:32:39 +0100 Subject: [PATCH 479/562] swscale/utils: More carefully merge and clear coefficients outside the input Fixes out of array read Fixes: asan_heap-oob_35ca682_1474_cov_3230122439_aletrek_tga_16bit.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 1895d414aaacece3b57d7bf19502305e9a064fae) Signed-off-by: Michael Niedermayer --- libswscale/utils.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/libswscale/utils.c b/libswscale/utils.c index 970e3a931e..7e74fe85de 100644 --- a/libswscale/utils.c +++ b/libswscale/utils.c @@ -597,14 +597,24 @@ static av_cold int initFilter(int16_t **outFilter, int32_t **filterPos, if ((*filterPos)[i] + filterSize > srcW) { int shift = (*filterPos)[i] + FFMIN(filterSize - srcW, 0); + int64_t acc = 0; - // move filter coefficients right to compensate for filterPos - for (j = filterSize - 2; j >= 0; j--) { - int right = FFMIN(j + shift, filterSize - 1); - filter[i * filterSize + right] += filter[i * filterSize + j]; - filter[i * filterSize + j] = 0; + for (j = filterSize - 1; j >= 0; j--) { + if ((*filterPos)[i] + j >= srcW) { + acc += filter[i * filterSize + j]; + filter[i * filterSize + j] = 0; + } } + for (j = filterSize - 1; j >= 0; j--) { + if (j < shift) { + filter[i * filterSize + j] = 0; + } else { + filter[i * filterSize + j] = filter[i * filterSize + j - shift]; + } + } + (*filterPos)[i]-= shift; + filter[i * filterSize + srcW - 1 - (*filterPos)[i]] += acc; } } From 7afb16c9a1c8d6e04d7ba084d1cd6b8557805d72 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 24 Feb 2015 03:12:22 +0100 Subject: [PATCH 480/562] avcodec/snowdec: Fix ref value check Fixes integer overflow and out of array read. Fixes: signal_sigsegv_24169e6_3445_cov_3778346427_snow_chroma_bug.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 8f4cbf940212079a34753c7f4d6c6b5a43586d30) Signed-off-by: Michael Niedermayer --- libavcodec/snowdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/snowdec.c b/libavcodec/snowdec.c index c9d40b84e3..5aae25ae0f 100644 --- a/libavcodec/snowdec.c +++ b/libavcodec/snowdec.c @@ -153,7 +153,7 @@ static int decode_q_branch(SnowContext *s, int level, int x, int y){ int l = left->color[0]; int cb= left->color[1]; int cr= left->color[2]; - int ref = 0; + unsigned ref = 0; int ref_context= av_log2(2*left->ref) + av_log2(2*top->ref); int mx_context= av_log2(2*FFABS(left->mx - top->mx)) + 0*av_log2(2*FFABS(tr->mx - top->mx)); int my_context= av_log2(2*FFABS(left->my - top->my)) + 0*av_log2(2*FFABS(tr->my - top->my)); From 232b1f83de57057821ef2730ec9f39268cf6d015 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 24 Feb 2015 20:49:07 +0100 Subject: [PATCH 481/562] avcodec/h264: Only reinit quant tables if a new PPS is allowed Fixes null pointer dereference Fixes: signal_sigsegv_3042097_3007_cov_1741463594_non_monotone_timestamps1.mkv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit c23a0e77dd492d6c794f89dbff3a438c95745e70) Conflicts: libavcodec/h264_slice.c --- libavcodec/h264.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 262ea8a608..4e10b93e2e 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -3616,7 +3616,7 @@ static int decode_slice_header(H264Context *h, H264Context *h0) } } - if (h == h0 && h->dequant_coeff_pps != pps_id) { + if (first_slice && h->dequant_coeff_pps != pps_id) { h->dequant_coeff_pps = pps_id; init_dequant_tables(h); } From 41ca0489ba9276c2f716863384742a04358423eb Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 25 Feb 2015 12:29:10 +0100 Subject: [PATCH 482/562] avcodec/zmbv: Check len before reading in decode_frame() Fixes out of array read Fixes: asan_heap-oob_4d4eb0_3994_cov_3169972261_zmbv_15bit.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 1f5c7781e63d6519192ada59c1e36bcecc92791d) Signed-off-by: Michael Niedermayer --- libavcodec/zmbv.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/zmbv.c b/libavcodec/zmbv.c index 71e828771a..048cbb5eed 100644 --- a/libavcodec/zmbv.c +++ b/libavcodec/zmbv.c @@ -410,11 +410,16 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame, AVPac int hi_ver, lo_ver, ret; /* parse header */ + if (len < 1) + return AVERROR_INVALIDDATA; c->flags = buf[0]; buf++; len--; if (c->flags & ZMBV_KEYFRAME) { void *decode_intra = NULL; c->decode_intra= NULL; + + if (len < 6) + return AVERROR_INVALIDDATA; hi_ver = buf[0]; lo_ver = buf[1]; c->comp = buf[2]; From c417b7b5663b85b054fea44f9e917f3ced20d1c3 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 25 Feb 2015 15:51:28 +0100 Subject: [PATCH 483/562] avcodec/hevc_ps: Sanity checks for some log2_* values log2 values which imply numeric overflow are not supported Signed-off-by: Michael Niedermayer (cherry picked from commit 205b2ba3d677330e023aac2f4bd3f624039256b9) Signed-off-by: Michael Niedermayer --- libavcodec/hevc_ps.c | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c index 461bf34c6d..f16651ade2 100644 --- a/libavcodec/hevc_ps.c +++ b/libavcodec/hevc_ps.c @@ -768,11 +768,30 @@ int ff_hevc_decode_nal_sps(HEVCContext *s) log2_diff_max_min_transform_block_size = get_ue_golomb_long(gb); sps->log2_max_trafo_size = log2_diff_max_min_transform_block_size + sps->log2_min_tb_size; - if (sps->log2_min_tb_size >= sps->log2_min_cb_size) { + if (sps->log2_min_cb_size < 3 || sps->log2_min_cb_size > 30) { + av_log(s->avctx, AV_LOG_ERROR, "Invalid value %d for log2_min_cb_size", sps->log2_min_cb_size); + ret = AVERROR_INVALIDDATA; + goto err; + } + + if (sps->log2_diff_max_min_coding_block_size > 30) { + av_log(s->avctx, AV_LOG_ERROR, "Invalid value %d for log2_diff_max_min_coding_block_size", sps->log2_diff_max_min_coding_block_size); + ret = AVERROR_INVALIDDATA; + goto err; + } + + if (sps->log2_min_tb_size >= sps->log2_min_cb_size || sps->log2_min_tb_size < 2) { av_log(s->avctx, AV_LOG_ERROR, "Invalid value for log2_min_tb_size"); ret = AVERROR_INVALIDDATA; goto err; } + + if (log2_diff_max_min_transform_block_size < 0 || log2_diff_max_min_transform_block_size > 30) { + av_log(s->avctx, AV_LOG_ERROR, "Invalid value %d for log2_diff_max_min_transform_block_size", log2_diff_max_min_transform_block_size); + ret = AVERROR_INVALIDDATA; + goto err; + } + sps->max_transform_hierarchy_depth_inter = get_ue_golomb_long(gb); sps->max_transform_hierarchy_depth_intra = get_ue_golomb_long(gb); From 11141fb9ff3258c0e2563a984e358d7d71ed0467 Mon Sep 17 00:00:00 2001 From: James Cowgill Date: Thu, 26 Feb 2015 13:42:52 +0000 Subject: [PATCH 484/562] mips/acelp_filters: fix incorrect register constraint Change register constraint on the v variable from = to +. This was causing GCC to think that the v variable was never read and therefore not initialize it. This fixes about 20 fate failures on mips64el. Signed-off-by: James Cowgill Signed-off-by: Michael Niedermayer (cherry picked from commit b9de1303a6414174ab2f3bccefa801bfabcf0f88) Signed-off-by: Michael Niedermayer --- libavcodec/mips/acelp_filters_mips.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mips/acelp_filters_mips.c b/libavcodec/mips/acelp_filters_mips.c index c8d980aa00..ffc0fe6250 100644 --- a/libavcodec/mips/acelp_filters_mips.c +++ b/libavcodec/mips/acelp_filters_mips.c @@ -89,7 +89,7 @@ static void ff_acelp_interpolatef_mips(float *out, const float *in, "addu %[p_filter_coeffs_m], %[p_filter_coeffs_m], %[prec] \n\t" "madd.s %[v],%[v],%[in_val_m], %[fc_val_m] \n\t" - : [v] "=&f" (v),[p_in_p] "+r" (p_in_p), [p_in_m] "+r" (p_in_m), + : [v] "+&f" (v),[p_in_p] "+r" (p_in_p), [p_in_m] "+r" (p_in_m), [p_filter_coeffs_p] "+r" (p_filter_coeffs_p), [in_val_p] "=&f" (in_val_p), [in_val_m] "=&f" (in_val_m), [fc_val_p] "=&f" (fc_val_p), [fc_val_m] "=&f" (fc_val_m), From b49f8de4ec33e8c8c599b5fba00416f2935ff4a7 Mon Sep 17 00:00:00 2001 From: Dyami Caliri Date: Thu, 26 Feb 2015 10:17:01 -0800 Subject: [PATCH 485/562] Fix buffer_size argument to init_put_bits() in multiple encoders. Several encoders were multiplying the buffer size by 8, in order to get a bit size. However, the buffer_size argument is for the byte size of the buffer. We had experienced crashes encoding prores (Anatoliy) at size 4096x4096. (cherry picked from commit 50833c9f7b4e1922197a8955669f8ab3589c8cef) Conflicts: libavcodec/proresenc_kostya.c --- libavcodec/aacenc.c | 2 +- libavcodec/adpcmenc.c | 4 ++-- libavcodec/faxcompr.c | 2 +- libavcodec/flashsv2enc.c | 2 +- libavcodec/flashsvenc.c | 2 +- libavcodec/nellymoserenc.c | 2 +- libavcodec/proresenc_anatoliy.c | 2 +- libavcodec/proresenc_kostya.c | 2 +- libavcodec/s302menc.c | 2 +- 9 files changed, 10 insertions(+), 10 deletions(-) diff --git a/libavcodec/aacenc.c b/libavcodec/aacenc.c index 5596b4bfad..24de94f327 100644 --- a/libavcodec/aacenc.c +++ b/libavcodec/aacenc.c @@ -165,7 +165,7 @@ static void put_audio_specific_config(AVCodecContext *avctx) PutBitContext pb; AACEncContext *s = avctx->priv_data; - init_put_bits(&pb, avctx->extradata, avctx->extradata_size*8); + init_put_bits(&pb, avctx->extradata, avctx->extradata_size); put_bits(&pb, 5, 2); //object type - AAC-LC put_bits(&pb, 4, s->samplerate_index); //sample rate index put_bits(&pb, 4, s->channels); diff --git a/libavcodec/adpcmenc.c b/libavcodec/adpcmenc.c index da149a3962..e0737e221f 100644 --- a/libavcodec/adpcmenc.c +++ b/libavcodec/adpcmenc.c @@ -541,7 +541,7 @@ static int adpcm_encode_frame(AVCodecContext *avctx, AVPacket *avpkt, case AV_CODEC_ID_ADPCM_IMA_QT: { PutBitContext pb; - init_put_bits(&pb, dst, pkt_size * 8); + init_put_bits(&pb, dst, pkt_size); for (ch = 0; ch < avctx->channels; ch++) { ADPCMChannelStatus *status = &c->status[ch]; @@ -571,7 +571,7 @@ static int adpcm_encode_frame(AVCodecContext *avctx, AVPacket *avpkt, case AV_CODEC_ID_ADPCM_SWF: { PutBitContext pb; - init_put_bits(&pb, dst, pkt_size * 8); + init_put_bits(&pb, dst, pkt_size); n = frame->nb_samples - 1; diff --git a/libavcodec/faxcompr.c b/libavcodec/faxcompr.c index 900851b3f1..d2ba7068ca 100644 --- a/libavcodec/faxcompr.c +++ b/libavcodec/faxcompr.c @@ -251,7 +251,7 @@ static void put_line(uint8_t *dst, int size, int width, const int *runs) PutBitContext pb; int run, mode = ~0, pix_left = width, run_idx = 0; - init_put_bits(&pb, dst, size * 8); + init_put_bits(&pb, dst, size); while (pix_left > 0) { run = runs[run_idx++]; mode = ~mode; diff --git a/libavcodec/flashsv2enc.c b/libavcodec/flashsv2enc.c index 436daa4be2..5fff04cb00 100644 --- a/libavcodec/flashsv2enc.c +++ b/libavcodec/flashsv2enc.c @@ -287,7 +287,7 @@ static int write_header(FlashSV2Context * s, uint8_t * buf, int buf_size) if (buf_size < 5) return -1; - init_put_bits(&pb, buf, buf_size * 8); + init_put_bits(&pb, buf, buf_size); put_bits(&pb, 4, (s->block_width >> 4) - 1); put_bits(&pb, 12, s->image_width); diff --git a/libavcodec/flashsvenc.c b/libavcodec/flashsvenc.c index 7ad15f118f..6d406e9fa6 100644 --- a/libavcodec/flashsvenc.c +++ b/libavcodec/flashsvenc.c @@ -151,7 +151,7 @@ static int encode_bitstream(FlashSVContext *s, const AVFrame *p, uint8_t *buf, int buf_pos, res; int pred_blocks = 0; - init_put_bits(&pb, buf, buf_size * 8); + init_put_bits(&pb, buf, buf_size); put_bits(&pb, 4, block_width / 16 - 1); put_bits(&pb, 12, s->image_width); diff --git a/libavcodec/nellymoserenc.c b/libavcodec/nellymoserenc.c index f9d1389a78..8f15757888 100644 --- a/libavcodec/nellymoserenc.c +++ b/libavcodec/nellymoserenc.c @@ -301,7 +301,7 @@ static void encode_block(NellyMoserEncodeContext *s, unsigned char *output, int apply_mdct(s); - init_put_bits(&pb, output, output_size * 8); + init_put_bits(&pb, output, output_size); i = 0; for (band = 0; band < NELLY_BANDS; band++) { diff --git a/libavcodec/proresenc_anatoliy.c b/libavcodec/proresenc_anatoliy.c index e124b41bdd..1e842d63eb 100644 --- a/libavcodec/proresenc_anatoliy.c +++ b/libavcodec/proresenc_anatoliy.c @@ -304,7 +304,7 @@ static int encode_slice_plane(AVCodecContext *avctx, int mb_count, } blocks_per_slice = mb_count << (2 - chroma); - init_put_bits(&pb, buf, buf_size << 3); + init_put_bits(&pb, buf, buf_size); encode_dc_coeffs(&pb, blocks, blocks_per_slice, qmat); encode_ac_coeffs(avctx, &pb, blocks, blocks_per_slice, qmat); diff --git a/libavcodec/proresenc_kostya.c b/libavcodec/proresenc_kostya.c index c411beceda..8e5ab36ab6 100644 --- a/libavcodec/proresenc_kostya.c +++ b/libavcodec/proresenc_kostya.c @@ -1022,7 +1022,7 @@ static int encode_frame(AVCodecContext *avctx, AVPacket *pkt, bytestream_put_byte(&buf, slice_hdr_size << 3); slice_hdr = buf; buf += slice_hdr_size - 1; - init_put_bits(&pb, buf, (pkt_size - (buf - orig_buf)) * 8); + init_put_bits(&pb, buf, (pkt_size - (buf - orig_buf))); ret = encode_slice(avctx, pic, &pb, sizes, x, y, q, mbs_per_slice); if (ret < 0) return ret; diff --git a/libavcodec/s302menc.c b/libavcodec/s302menc.c index c428d54353..cb902826be 100644 --- a/libavcodec/s302menc.c +++ b/libavcodec/s302menc.c @@ -81,7 +81,7 @@ static int s302m_encode2_frame(AVCodecContext *avctx, AVPacket *avpkt, return ret; o = avpkt->data; - init_put_bits(&pb, o, buf_size * 8); + init_put_bits(&pb, o, buf_size); put_bits(&pb, 16, buf_size - AES3_HEADER_LEN); put_bits(&pb, 2, (avctx->channels - 2) >> 1); // number of channels put_bits(&pb, 8, 0); // channel ID From cd74b344c23572080a47e22eb09e380cbbddb0e0 Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun Date: Wed, 25 Feb 2015 22:55:44 +0100 Subject: [PATCH 486/562] avformat/adxdec: check avctx->channels for invalid values This avoids a null pointer dereference of pkt->data. Signed-off-by: Andreas Cadhalpun Signed-off-by: Michael Niedermayer (cherry picked from commit 7faa40af982960608b117e20fec999b48011e5e0) Signed-off-by: Michael Niedermayer --- libavformat/adxdec.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavformat/adxdec.c b/libavformat/adxdec.c index 0a0436f184..e5caa095f6 100644 --- a/libavformat/adxdec.c +++ b/libavformat/adxdec.c @@ -41,6 +41,11 @@ static int adx_read_packet(AVFormatContext *s, AVPacket *pkt) AVCodecContext *avctx = s->streams[0]->codec; int ret, size; + if (avctx->channels <= 0) { + av_log(s, AV_LOG_ERROR, "invalid number of channels %d\n", avctx->channels); + return AVERROR_INVALIDDATA; + } + size = BLOCK_SIZE * avctx->channels; pkt->pos = avio_tell(s->pb); From 81196b6d6018c8a303ad0c7ad28307b3c1c685d8 Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun Date: Thu, 26 Feb 2015 21:38:50 +0100 Subject: [PATCH 487/562] avformat/bit: check that pkt->size is 10 in write_packet Ohter packet sizes are not supported by this muxer. This avoids a null pointer dereference of pkt->data. Signed-off-by: Andreas Cadhalpun Signed-off-by: Michael Niedermayer (cherry picked from commit eeda2c3de8a8484d9e7d1e47ac836bec850b31fc) Signed-off-by: Michael Niedermayer --- libavformat/bit.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/bit.c b/libavformat/bit.c index 0be471ac4f..42df0c2fae 100644 --- a/libavformat/bit.c +++ b/libavformat/bit.c @@ -133,6 +133,9 @@ static int write_packet(AVFormatContext *s, AVPacket *pkt) GetBitContext gb; int i; + if (pkt->size != 10) + return AVERROR(EINVAL); + avio_wl16(pb, SYNC_WORD); avio_wl16(pb, 8 * 10); From 8a9d5a8140d523ca7960396f57e96d5bf1803f15 Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun Date: Thu, 26 Feb 2015 21:42:02 +0100 Subject: [PATCH 488/562] avformat/bit: only accept the g729 codec and 1 channel Other codecs/channel numbers are not supported by this muxer. Signed-off-by: Andreas Cadhalpun Signed-off-by: Michael Niedermayer (cherry picked from commit d0b8640f75ff7569c98d6fdb03d83451104e088c) Signed-off-by: Michael Niedermayer --- libavformat/bit.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/libavformat/bit.c b/libavformat/bit.c index 42df0c2fae..f5112c2fea 100644 --- a/libavformat/bit.c +++ b/libavformat/bit.c @@ -119,8 +119,12 @@ static int write_header(AVFormatContext *s) { AVCodecContext *enc = s->streams[0]->codec; - enc->codec_id = AV_CODEC_ID_G729; - enc->channels = 1; + if ((enc->codec_id != AV_CODEC_ID_G729) || enc->channels != 1) { + av_log(s, AV_LOG_ERROR, + "only codec g729 with 1 channel is supported by this format\n"); + return AVERROR(EINVAL); + } + enc->bits_per_coded_sample = 16; enc->block_align = (enc->bits_per_coded_sample * enc->channels) >> 3; From dfc3cd73ff5554045b8035221c8f24d8a708717b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 11 Feb 2015 03:33:53 +0100 Subject: [PATCH 489/562] avcodec/mjpegdec: Skip blocks which are outside the visible area Fixes out of array accesses Fixes: ffmpeg_mjpeg_crash.avi Found-by: Thomas Lindroth Signed-off-by: Michael Niedermayer (cherry picked from commit 08509c8f86626815a3e9e68d600d1aacbb8df4bf) Conflicts: libavcodec/mjpegdec.c (cherry picked from commit 0861bb66d7c281c92a0746167bb141735a660856) Signed-off-by: Michael Niedermayer --- libavcodec/mjpegdec.c | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index 37369c2d65..11f7500761 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -1164,13 +1164,18 @@ static int mjpeg_decode_scan(MJpegDecodeContext *s, int nb_components, int Ah, if (s->interlaced && s->bottom_field) block_offset += linesize[c] >> 1; - ptr = data[c] + block_offset; + if ( 8*(h * mb_x + x) < s->width + && 8*(v * mb_y + y) < s->height) { + ptr = data[c] + block_offset; + } else + ptr = NULL; if (!s->progressive) { - if (copy_mb) - mjpeg_copy_block(s, ptr, reference_data[c] + block_offset, - linesize[c], s->avctx->lowres); + if (copy_mb) { + if (ptr) + mjpeg_copy_block(s, ptr, reference_data[c] + block_offset, + linesize[c], s->avctx->lowres); - else { + } else { s->dsp.clear_block(s->block); if (decode_block(s, s->block, i, s->dc_index[i], s->ac_index[i], @@ -1179,9 +1184,11 @@ static int mjpeg_decode_scan(MJpegDecodeContext *s, int nb_components, int Ah, "error y=%d x=%d\n", mb_y, mb_x); return AVERROR_INVALIDDATA; } - s->dsp.idct_put(ptr, linesize[c], s->block); - if (s->bits & 7) - shift_output(s, ptr, linesize[c]); + if (ptr) { + s->dsp.idct_put(ptr, linesize[c], s->block); + if (s->bits & 7) + shift_output(s, ptr, linesize[c]); + } } } else { int block_idx = s->block_stride[c] * (v * mb_y + y) + From 0b0a8cd133c711e6d74a57a3fa1d8eaa28b74ce8 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 27 Feb 2015 03:12:23 +0100 Subject: [PATCH 490/562] swscale/utils: clear formatConvBuffer on allocation Fixes use of uninitialized memory Fixes: asan_heap-oob_35ca682_1474_cov_3230122439_aletrek_tga_16bit.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 007498fc1a639ecee2cda1892cbcff66c7c8c951) Signed-off-by: Michael Niedermayer --- libswscale/utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libswscale/utils.c b/libswscale/utils.c index 7e74fe85de..2da0756485 100644 --- a/libswscale/utils.c +++ b/libswscale/utils.c @@ -1314,7 +1314,7 @@ av_cold int sws_init_context(SwsContext *c, SwsFilter *srcFilter, c->chrDstW = FF_CEIL_RSHIFT(dstW, c->chrDstHSubSample); c->chrDstH = FF_CEIL_RSHIFT(dstH, c->chrDstVSubSample); - FF_ALLOC_OR_GOTO(c, c->formatConvBuffer, FFALIGN(srcW*2+78, 16) * 2, fail); + FF_ALLOCZ_OR_GOTO(c, c->formatConvBuffer, FFALIGN(srcW*2+78, 16) * 2, fail); /* unscaled special cases */ if (unscaled && !usesHFilter && !usesVFilter && From 86c024ea9e65f9c4c0b01f02712f4fd7313371e7 Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun Date: Sat, 28 Feb 2015 20:58:31 +0100 Subject: [PATCH 491/562] avformat/flvenc: check that the codec_tag fits in the available bits flags is later written with avio_w8 and if it doesn't fit in one byte it triggers an av_assert2. Signed-off-by: Michael Niedermayer (cherry picked from commit e8565d21c276ab9ac5ce785549420321fbd0b093) Signed-off-by: Michael Niedermayer --- libavformat/flvenc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/flvenc.c b/libavformat/flvenc.c index 95905a15e0..31f23712ce 100644 --- a/libavformat/flvenc.c +++ b/libavformat/flvenc.c @@ -484,7 +484,7 @@ static int flv_write_packet(AVFormatContext *s, AVPacket *pkt) avio_w8(pb, FLV_TAG_TYPE_VIDEO); flags = enc->codec_tag; - if (flags == 0) { + if (flags <= 0 || flags > 15) { av_log(s, AV_LOG_ERROR, "Video codec '%s' is not compatible with FLV\n", avcodec_get_name(enc->codec_id)); From dc2d15360cd7a266feff5f2c0980c187aba8c5ab Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun Date: Thu, 5 Mar 2015 22:48:28 +0100 Subject: [PATCH 492/562] webp: ensure that each transform is only used once According to the WebP Lossless Bitstream Specification "each transform is allowed to be used only once". If a transform is more than once this can lead to memory corruption. Signed-off-by: Michael Niedermayer (cherry picked from commit c089e720c1b753790c746a13053636d7facf6bf0) Signed-off-by: Michael Niedermayer --- libavcodec/webp.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/libavcodec/webp.c b/libavcodec/webp.c index 2044aaf00a..931fdc50b3 100644 --- a/libavcodec/webp.c +++ b/libavcodec/webp.c @@ -1056,7 +1056,7 @@ static int vp8_lossless_decode_frame(AVCodecContext *avctx, AVFrame *p, unsigned int data_size, int is_alpha_chunk) { WebPContext *s = avctx->priv_data; - int w, h, ret, i; + int w, h, ret, i, used; if (!is_alpha_chunk) { s->lossless = 1; @@ -1106,8 +1106,16 @@ static int vp8_lossless_decode_frame(AVCodecContext *avctx, AVFrame *p, /* parse transformations */ s->nb_transforms = 0; s->reduced_width = 0; + used = 0; while (get_bits1(&s->gb)) { enum TransformType transform = get_bits(&s->gb, 2); + if (used & (1 << transform)) { + av_log(avctx, AV_LOG_ERROR, "Transform %d used more than once\n", + transform); + ret = AVERROR_INVALIDDATA; + goto free_and_return; + } + used |= (1 << transform); s->transforms[s->nb_transforms++] = transform; switch (transform) { case PREDICTOR_TRANSFORM: From 3f30c49f7ed0f16a33589b2db1df6c8ba2a10366 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 7 Mar 2015 14:30:34 +0100 Subject: [PATCH 493/562] avcodec/utils: Align YUV411 by as much as the other YUV variants Fixes out of array accesses Fixes: ffmpeg_mjpeg_crash2.avi Found-by: Thomas Lindroth Tested-by: Thomas Lindroth Signed-off-by: Michael Niedermayer (cherry picked from commit e3201c38d53d2b8b24d0bc95d726b2cb1752dc12) Signed-off-by: Michael Niedermayer --- libavcodec/utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index 61bf5675f4..922bd7aa8d 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -342,7 +342,7 @@ void avcodec_align_dimensions2(AVCodecContext *s, int *width, int *height, case AV_PIX_FMT_YUVJ411P: case AV_PIX_FMT_UYYVYY411: w_align = 32; - h_align = 8; + h_align = 16 * 2; break; case AV_PIX_FMT_YUV410P: if (s->codec_id == AV_CODEC_ID_SVQ1) { From 6e43bb2dc29c1257256501c0c85668391a4a651c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 8 Mar 2015 23:27:43 +0100 Subject: [PATCH 494/562] avcodec/tiff: move bpp check to after "end:" This ensures that all current and future code-pathes get bpp checked Signed-off-by: Michael Niedermayer (cherry picked from commit d5e9fc782150d4596c72440a0aa02b7f4f1254b1) Signed-off-by: Michael Niedermayer --- libavcodec/tiff.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c index cedab34970..f3abfd950d 100644 --- a/libavcodec/tiff.c +++ b/libavcodec/tiff.c @@ -628,13 +628,6 @@ static int tiff_decode_tag(TiffContext *s, AVFrame *frame) s->bpp = -1; } } - if (s->bpp > 64U) { - av_log(s->avctx, AV_LOG_ERROR, - "This format is not supported (bpp=%d, %d components)\n", - s->bpp, count); - s->bpp = 0; - return AVERROR_INVALIDDATA; - } break; case TIFF_SAMPLES_PER_PIXEL: if (count != 1) { @@ -926,6 +919,13 @@ static int tiff_decode_tag(TiffContext *s, AVFrame *frame) } } end: + if (s->bpp > 64U) { + av_log(s->avctx, AV_LOG_ERROR, + "This format is not supported (bpp=%d, %d components)\n", + s->bpp, count); + s->bpp = 0; + return AVERROR_INVALIDDATA; + } bytestream2_seek(&s->gb, start, SEEK_SET); return 0; } From 803db3b6fe86036b8860f62c8f385595bb01f5e9 Mon Sep 17 00:00:00 2001 From: Vittorio Giovara Date: Fri, 27 Feb 2015 19:00:25 +0000 Subject: [PATCH 495/562] aic: Fix decoding files with odd dimensions Normally the aic decoder finds the proper slice combination (multiple of some number less than 32) but in case of odd width, it resorts to the default values, which were actually swapped. The number of slices is modified to account for such odd width cases. CC: libav-stable@libav.org (cherry picked from commit e878ec0d47cd6228c367b2f3128b76d7523f7255) Signed-off-by: Michael Niedermayer --- libavcodec/aic.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/aic.c b/libavcodec/aic.c index 3963642194..674f230875 100644 --- a/libavcodec/aic.c +++ b/libavcodec/aic.c @@ -437,8 +437,8 @@ static av_cold int aic_decode_init(AVCodecContext *avctx) ctx->mb_width = FFALIGN(avctx->width, 16) >> 4; ctx->mb_height = FFALIGN(avctx->height, 16) >> 4; - ctx->num_x_slices = 16; - ctx->slice_width = ctx->mb_width / 16; + ctx->num_x_slices = (ctx->mb_width + 15) >> 4; + ctx->slice_width = 16; for (i = 1; i < 32; i++) { if (!(ctx->mb_width % i) && (ctx->mb_width / i < 32)) { ctx->slice_width = ctx->mb_width / i; From 0b84dbeca95dd1470b6f74d4af2cac55a26d12db Mon Sep 17 00:00:00 2001 From: Federico Tomassetti Date: Wed, 18 Feb 2015 12:11:43 +0000 Subject: [PATCH 496/562] mdec: check for out of bounds read Bug-Id: CID 1257501 CC: libav-stable@libav.org Signed-off-by: Luca Barbato (cherry picked from commit 2c63081b48d98f3a0d0bed7b0ec3c0347b99144c) Signed-off-by: Michael Niedermayer --- libavcodec/mdec.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/libavcodec/mdec.c b/libavcodec/mdec.c index ea47822e28..c0c8219b67 100644 --- a/libavcodec/mdec.c +++ b/libavcodec/mdec.c @@ -83,7 +83,12 @@ static inline int mdec_decode_block_intra(MDECContext *a, int16_t *block, int n) if (level == 127) { break; } else if (level != 0) { - i += run; + i += run; + if (i > 63) { + av_log(a->avctx, AV_LOG_ERROR, + "ac-tex damaged at %d %d\n", a->mb_x, a->mb_y); + return AVERROR_INVALIDDATA; + } j = scantable[i]; level = (level * qscale * quant_matrix[j]) >> 3; level = (level ^ SHOW_SBITS(re, &a->gb, 1)) - SHOW_SBITS(re, &a->gb, 1); @@ -93,8 +98,13 @@ static inline int mdec_decode_block_intra(MDECContext *a, int16_t *block, int n) run = SHOW_UBITS(re, &a->gb, 6)+1; LAST_SKIP_BITS(re, &a->gb, 6); UPDATE_CACHE(re, &a->gb); level = SHOW_SBITS(re, &a->gb, 10); SKIP_BITS(re, &a->gb, 10); - i += run; - j = scantable[i]; + i += run; + if (i > 63) { + av_log(a->avctx, AV_LOG_ERROR, + "ac-tex damaged at %d %d\n", a->mb_x, a->mb_y); + return AVERROR_INVALIDDATA; + } + j = scantable[i]; if (level < 0) { level = -level; level = (level * qscale * quant_matrix[j]) >> 3; @@ -105,10 +115,6 @@ static inline int mdec_decode_block_intra(MDECContext *a, int16_t *block, int n) level = (level - 1) | 1; } } - if (i > 63) { - av_log(a->avctx, AV_LOG_ERROR, "ac-tex damaged at %d %d\n", a->mb_x, a->mb_y); - return AVERROR_INVALIDDATA; - } block[j] = level; } From 66a1ed96bf3d5a6755a24769f29075618ec6131a Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun Date: Mon, 2 Mar 2015 20:27:26 +0100 Subject: [PATCH 497/562] avcodec/rv10: check size of s->mb_width * s->mb_height If it doesn't fit into 12 bits it triggers an assertion. Signed-off-by: Andreas Cadhalpun Signed-off-by: Michael Niedermayer (cherry picked from commit 2578a546183da09d49d5bba8ab5e982dece1dede) Signed-off-by: Michael Niedermayer --- libavcodec/mpegvideo.h | 2 +- libavcodec/mpegvideo_enc.c | 7 +++++-- libavcodec/rv10enc.c | 7 ++++++- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/libavcodec/mpegvideo.h b/libavcodec/mpegvideo.h index 0d3a8fea1f..d21a71d1ac 100644 --- a/libavcodec/mpegvideo.h +++ b/libavcodec/mpegvideo.h @@ -931,7 +931,7 @@ extern const uint8_t ff_h263_chroma_qscale_table[32]; extern const uint8_t ff_h263_loop_filter_strength[32]; /* rv10.c */ -void ff_rv10_encode_picture_header(MpegEncContext *s, int picture_number); +int ff_rv10_encode_picture_header(MpegEncContext *s, int picture_number); int ff_rv_decode_dc(MpegEncContext *s, int n); void ff_rv20_encode_picture_header(MpegEncContext *s, int picture_number); diff --git a/libavcodec/mpegvideo_enc.c b/libavcodec/mpegvideo_enc.c index 399c1c940d..417d8c8952 100644 --- a/libavcodec/mpegvideo_enc.c +++ b/libavcodec/mpegvideo_enc.c @@ -3390,8 +3390,11 @@ static int encode_picture(MpegEncContext *s, int picture_number) ff_msmpeg4_encode_picture_header(s, picture_number); else if (CONFIG_MPEG4_ENCODER && s->h263_pred) ff_mpeg4_encode_picture_header(s, picture_number); - else if (CONFIG_RV10_ENCODER && s->codec_id == AV_CODEC_ID_RV10) - ff_rv10_encode_picture_header(s, picture_number); + else if (CONFIG_RV10_ENCODER && s->codec_id == AV_CODEC_ID_RV10) { + ret = ff_rv10_encode_picture_header(s, picture_number); + if (ret < 0) + return ret; + } else if (CONFIG_RV20_ENCODER && s->codec_id == AV_CODEC_ID_RV20) ff_rv20_encode_picture_header(s, picture_number); else if (CONFIG_FLV_ENCODER && s->codec_id == AV_CODEC_ID_FLV1) diff --git a/libavcodec/rv10enc.c b/libavcodec/rv10enc.c index 1f85743b7b..ae4993c81b 100644 --- a/libavcodec/rv10enc.c +++ b/libavcodec/rv10enc.c @@ -28,7 +28,7 @@ #include "mpegvideo.h" #include "put_bits.h" -void ff_rv10_encode_picture_header(MpegEncContext *s, int picture_number) +int ff_rv10_encode_picture_header(MpegEncContext *s, int picture_number) { int full_frame= 0; @@ -48,12 +48,17 @@ void ff_rv10_encode_picture_header(MpegEncContext *s, int picture_number) /* if multiple packets per frame are sent, the position at which to display the macroblocks is coded here */ if(!full_frame){ + if (s->mb_width * s->mb_height >= (1U << 12)) { + avpriv_report_missing_feature(s, "Encoding frames with 4096 or more macroblocks"); + return AVERROR(ENOSYS); + } put_bits(&s->pb, 6, 0); /* mb_x */ put_bits(&s->pb, 6, 0); /* mb_y */ put_bits(&s->pb, 12, s->mb_width * s->mb_height); } put_bits(&s->pb, 3, 0); /* ignored */ + return 0; } FF_MPV_GENERIC_CLASS(rv10) From 3f5a2831744c3e55261ca5e2a6d05f7a87143b33 Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun Date: Mon, 2 Mar 2015 20:47:57 +0100 Subject: [PATCH 498/562] avcodec/webp: validate the distance prefix code According to the WebP Lossless Bitstream Specification the highest allowed value for a prefix code is 39. If prefix_code is too large, the calculated extra_bits has an invalid value and triggers an assertion in get_bits. Signed-off-by: Andreas Cadhalpun Signed-off-by: Michael Niedermayer (cherry picked from commit 5de2dab12b951b2fe121eb18503accfc91cd1565) Signed-off-by: Michael Niedermayer --- libavcodec/webp.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/webp.c b/libavcodec/webp.c index 931fdc50b3..b78822c6bb 100644 --- a/libavcodec/webp.c +++ b/libavcodec/webp.c @@ -668,6 +668,11 @@ static int decode_entropy_coded_image(WebPContext *s, enum ImageRole role, length = offset + get_bits(&s->gb, extra_bits) + 1; } prefix_code = huff_reader_get_symbol(&hg[HUFF_IDX_DIST], &s->gb); + if (prefix_code > 39) { + av_log(s->avctx, AV_LOG_ERROR, + "distance prefix code too large: %d\n", prefix_code); + return AVERROR_INVALIDDATA; + } if (prefix_code < 4) { distance = prefix_code + 1; } else { From 61d5ec7c32b8b35e9712c27da9c74100b4cd089d Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun Date: Mon, 2 Mar 2015 15:46:44 +0100 Subject: [PATCH 499/562] avformat/rm: limit packet size The chunk size is limited to 0xFFFF (written by avio_wb16), so make sure that the packet size is not too large. Such large frames need to be split into slices smaller than 64 kB, but that is currently supported neither by the rv10/rv20 encoders nor the rm muxer. Signed-off-by: Andreas Cadhalpun See Ticket244 Signed-off-by: Michael Niedermayer (cherry picked from commit 08728f400b8367dc8c983036cb2eff3a2891322b) Signed-off-by: Michael Niedermayer --- libavformat/rmenc.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavformat/rmenc.c b/libavformat/rmenc.c index 17192ff275..a4e97a02e9 100644 --- a/libavformat/rmenc.c +++ b/libavformat/rmenc.c @@ -391,6 +391,11 @@ static int rm_write_video(AVFormatContext *s, const uint8_t *buf, int size, int /* Well, I spent some time finding the meaning of these bits. I am not sure I understood everything, but it works !! */ #if 1 + /* 0xFFFF is the maximal chunk size; header needs at most 7 + 4 + 12 B */ + if (size > 0xFFFF - 7 - 4 - 12) { + av_log(s, AV_LOG_ERROR, "large packet size %d not supported\n", size); + return AVERROR_PATCHWELCOME; + } write_packet_header(s, stream, size + 7 + (size >= 0x4000)*4, key_frame); /* bit 7: '1' if final packet of a frame converted in several packets */ avio_w8(pb, 0x81); From 9a52cbdb00975110b3b66289bdbfd40fc960a23c Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun Date: Sun, 8 Mar 2015 23:31:48 +0100 Subject: [PATCH 500/562] ffmdec: fix infinite loop at EOF If EOF is reached, while skipping bytes, avio_tell(pb) won't change anymore, resulting in an infinite loop. Signed-off-by: Andreas Cadhalpun Signed-off-by: Michael Niedermayer (cherry picked from commit 6fa98822eba501a4898fdec5b75acd3026201005) Signed-off-by: Michael Niedermayer --- libavformat/ffmdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavformat/ffmdec.c b/libavformat/ffmdec.c index b20ee131b6..de11f8a006 100644 --- a/libavformat/ffmdec.c +++ b/libavformat/ffmdec.c @@ -345,7 +345,7 @@ static int ffm2_read_header(AVFormatContext *s) } /* get until end of block reached */ - while ((avio_tell(pb) % ffm->packet_size) != 0) + while ((avio_tell(pb) % ffm->packet_size) != 0 && !pb->eof_reached) avio_r8(pb); /* init packet demux */ @@ -473,7 +473,7 @@ static int ffm_read_header(AVFormatContext *s) } /* get until end of block reached */ - while ((avio_tell(pb) % ffm->packet_size) != 0) + while ((avio_tell(pb) % ffm->packet_size) != 0 && !pb->eof_reached) avio_r8(pb); /* init packet demux */ From 907d7d972ada4eb4da59fd2db97442d2f865f270 Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun Date: Mon, 9 Mar 2015 14:59:44 +0100 Subject: [PATCH 501/562] ffmdec: limit the backward seek to the last resync position If resyncing leads to the same position as previously, it will again lead to a resync attempt, resulting in an infinite loop. Thus don't seek back beyond the last syncpoint. Signed-off-by: Andreas Cadhalpun Signed-off-by: Michael Niedermayer (cherry picked from commit 6b8263b03ab3d16d70525ae1893cb106be7852f1) Signed-off-by: Michael Niedermayer --- libavformat/ffmdec.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/libavformat/ffmdec.c b/libavformat/ffmdec.c index de11f8a006..09a76e5995 100644 --- a/libavformat/ffmdec.c +++ b/libavformat/ffmdec.c @@ -77,6 +77,7 @@ static int ffm_read_data(AVFormatContext *s, FFMContext *ffm = s->priv_data; AVIOContext *pb = s->pb; int len, fill_size, size1, frame_offset, id; + int64_t last_pos = -1; size1 = size; while (size > 0) { @@ -96,9 +97,11 @@ static int ffm_read_data(AVFormatContext *s, avio_seek(pb, tell, SEEK_SET); } id = avio_rb16(pb); /* PACKET_ID */ - if (id != PACKET_ID) + if (id != PACKET_ID) { if (ffm_resync(s, id) < 0) return -1; + last_pos = avio_tell(pb); + } fill_size = avio_rb16(pb); ffm->dts = avio_rb64(pb); frame_offset = avio_rb16(pb); @@ -112,7 +115,9 @@ static int ffm_read_data(AVFormatContext *s, if (!frame_offset) { /* This packet has no frame headers in it */ if (avio_tell(pb) >= ffm->packet_size * 3LL) { - avio_seek(pb, -ffm->packet_size * 2LL, SEEK_CUR); + int64_t seekback = FFMIN(ffm->packet_size * 2LL, avio_tell(pb) - last_pos); + seekback = FFMAX(seekback, 0); + avio_seek(pb, -seekback, SEEK_CUR); goto retry_read; } /* This is bad, we cannot find a valid frame header */ From fa5ec2c354afce694a8f69687ffd72db21069ba1 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 9 Mar 2015 03:42:00 +0100 Subject: [PATCH 502/562] avcodec/options_table: remove extradata_size from the AVOptions table allowing access to the size but not the extradata itself is not useful and could lead to potential problems if writing happens through this field Reviewed-by: Andreas Cadhalpun Reviewed-by: Lukasz Marek Reviewed-by: Nicolas George Signed-off-by: Michael Niedermayer (cherry picked from commit 1f4088b28540080ce1d42345c5614be3e1a6a197) Signed-off-by: Michael Niedermayer --- libavcodec/options_table.h | 1 - 1 file changed, 1 deletion(-) diff --git a/libavcodec/options_table.h b/libavcodec/options_table.h index 516722db78..933a949c61 100644 --- a/libavcodec/options_table.h +++ b/libavcodec/options_table.h @@ -89,7 +89,6 @@ static const AVOption avcodec_options[] = { {"hex", "hex motion estimation", 0, AV_OPT_TYPE_CONST, {.i64 = ME_HEX }, INT_MIN, INT_MAX, V|E, "me_method" }, {"umh", "umh motion estimation", 0, AV_OPT_TYPE_CONST, {.i64 = ME_UMH }, INT_MIN, INT_MAX, V|E, "me_method" }, {"iter", "iter motion estimation", 0, AV_OPT_TYPE_CONST, {.i64 = ME_ITER }, INT_MIN, INT_MAX, V|E, "me_method" }, -{"extradata_size", NULL, OFFSET(extradata_size), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX}, {"time_base", NULL, OFFSET(time_base), AV_OPT_TYPE_RATIONAL, {.dbl = 0}, INT_MIN, INT_MAX}, {"g", "set the group of picture (GOP) size", OFFSET(gop_size), AV_OPT_TYPE_INT, {.i64 = 12 }, INT_MIN, INT_MAX, V|E}, {"ar", "set audio sampling rate (in Hz)", OFFSET(sample_rate), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, 0, INT_MAX, A|D|E}, From 41dffa883a176d5c9bfea2b144241a160924d524 Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun Date: Mon, 9 Mar 2015 19:24:09 +0100 Subject: [PATCH 503/562] roqvideoenc: set enc->avctx in roq_encode_init So far it is only set in roq_encode_frame, but it is used in roq_encode_end to free the coded_frame. This currently segfaults if roq_encode_frame is not called between roq_encode_init and roq_encode_end. Signed-off-by: Andreas Cadhalpun Signed-off-by: Michael Niedermayer (cherry picked from commit cf82c426fadf90105e1fb9d5ecd267cc3aa2b288) Signed-off-by: Michael Niedermayer --- libavcodec/roqvideoenc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/roqvideoenc.c b/libavcodec/roqvideoenc.c index bf0756cbe3..30548ebf35 100644 --- a/libavcodec/roqvideoenc.c +++ b/libavcodec/roqvideoenc.c @@ -959,6 +959,8 @@ static av_cold int roq_encode_init(AVCodecContext *avctx) av_lfg_init(&enc->randctx, 1); + enc->avctx = avctx; + enc->framesSinceKeyframe = 0; if ((avctx->width & 0xf) || (avctx->height & 0xf)) { av_log(avctx, AV_LOG_ERROR, "Dimensions must be divisible by 16\n"); From 0b25a4d253baa8f6b786b04b4417824857e2eb73 Mon Sep 17 00:00:00 2001 From: Xiaohan Wang Date: Thu, 6 Nov 2014 12:59:54 -0800 Subject: [PATCH 504/562] Fix read-after-free in matroska_read_seek(). In matroska_read_seek(), |tracks| is assigned at the begining of the function. However, functions like matroska_parse_cues() could reallocate the tracks so that |tracks| can get invalidated. This CL assigns |tracks| only before we use it so that it won't be invalidated. BUG=427266 TEST=Test case in associated bug passes now. Change-Id: I9c7065fe8f4311ca846076281df2282d190ed344 Signed-off-by: Michael Niedermayer (cherry picked from commit 33301f001747d7a542073c634cc81da5eff051cf) Conflicts: libavformat/matroskadec.c --- libavformat/matroskadec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index 99baa08e7e..e52245dd90 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -2797,7 +2797,7 @@ static int matroska_read_seek(AVFormatContext *s, int stream_index, int64_t timestamp, int flags) { MatroskaDemuxContext *matroska = s->priv_data; - MatroskaTrack *tracks = matroska->tracks.elem; + MatroskaTrack *tracks = NULL; AVStream *st = s->streams[stream_index]; int i, index, index_sub, index_min; @@ -2826,6 +2826,7 @@ static int matroska_read_seek(AVFormatContext *s, int stream_index, goto err; index_min = index; + tracks = matroska->tracks.elem; for (i=0; i < matroska->tracks.nb_elem; i++) { tracks[i].audio.pkt_cnt = 0; tracks[i].audio.sub_packet_cnt = 0; From 436f530a51abb194548d0a2d635b0c3415d6ebb6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Storsj=C3=B6?= Date: Thu, 5 Mar 2015 23:38:00 +0200 Subject: [PATCH 505/562] arm: Suppress tags about used cpu arch and extensions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When all the codepaths using manually set .arch/.fpu code is behind runtime detection, the elf attributes should be suppressed. This allows tools to know that the final built binary doesn't strictly require these extensions. Signed-off-by: Martin Storsjö (cherry picked from commit dcae2e32f7d8a1ca5fb8c1e4aa81313be854dd73 and b77e335e441040a40fc6156b8e4a134745d10233) Signed-off-by: Martin Storsjö (cherry picked from commit 9841654c158c80e9d525ba03754135d3f34e306e) Signed-off-by: Michael Niedermayer --- configure | 6 ++++++ libavutil/arm/asm.S | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/configure b/configure index 54a1065c1c..39b5f6258f 100755 --- a/configure +++ b/configure @@ -1466,6 +1466,7 @@ HAVE_LIST=" alsa_asoundlib_h altivec_h arpa_inet_h + as_object_arch asm_mod_q asm_mod_y asm_types_h @@ -3964,6 +3965,11 @@ EOF [ $target_os != win32 ] && enabled_all armv6t2 shared !pic && enable_weak_pic + # llvm's integrated assembler supports .object_arch from llvm 3.5 + [ "$objformat" = elf ] && check_as < Date: Tue, 10 Mar 2015 20:21:14 +0100 Subject: [PATCH 506/562] avcodec/012v: Check dimensions more completely Fixes division by 0 Found-by: Thomas Lindroth Signed-off-by: Michael Niedermayer (cherry picked from commit d3b25383daffac154846daeb4e4fb46569e728db) Signed-off-by: Michael Niedermayer --- libavcodec/012v.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/012v.c b/libavcodec/012v.c index c2b6a35041..7526e8fcba 100644 --- a/libavcodec/012v.c +++ b/libavcodec/012v.c @@ -45,8 +45,8 @@ static int zero12v_decode_frame(AVCodecContext *avctx, void *data, const uint8_t *line_end, *src = avpkt->data; int stride = avctx->width * 8 / 3; - if (width == 1) { - av_log(avctx, AV_LOG_ERROR, "Width 1 not supported.\n"); + if (width <= 1 || avctx->height <= 0) { + av_log(avctx, AV_LOG_ERROR, "Dimensions %dx%d not supported.\n", width, avctx->height); return AVERROR_INVALIDDATA; } From 95d92601771b8a27b99c0142fe9fc6fb08f3a582 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 10 Mar 2015 19:18:34 +0100 Subject: [PATCH 507/562] avcodec/012v: redesign main loop Fixes out of array accesses Fixes: ffmpeg_012v_crash.ts Found-by: Thomas Lindroth Reviewed-by: Thomas Lindroth Signed-off-by: Michael Niedermayer (cherry picked from commit 48df30d36c3ca360c407d84f96749888d1fbe853) Signed-off-by: Michael Niedermayer --- libavcodec/012v.c | 82 ++++++++++++++++++++++------------------------- 1 file changed, 39 insertions(+), 43 deletions(-) diff --git a/libavcodec/012v.c b/libavcodec/012v.c index 7526e8fcba..b87551e0a5 100644 --- a/libavcodec/012v.c +++ b/libavcodec/012v.c @@ -38,7 +38,7 @@ static av_cold int zero12v_decode_init(AVCodecContext *avctx) static int zero12v_decode_frame(AVCodecContext *avctx, void *data, int *got_frame, AVPacket *avpkt) { - int line = 0, ret; + int line, ret; const int width = avctx->width; AVFrame *pic = data; uint16_t *y, *u, *v; @@ -67,45 +67,45 @@ static int zero12v_decode_frame(AVCodecContext *avctx, void *data, pic->pict_type = AV_PICTURE_TYPE_I; pic->key_frame = 1; - y = (uint16_t *)pic->data[0]; - u = (uint16_t *)pic->data[1]; - v = (uint16_t *)pic->data[2]; line_end = avpkt->data + stride; + for (line = 0; line < avctx->height; line++) { + uint16_t y_temp[6] = {0x8000, 0x8000, 0x8000, 0x8000, 0x8000, 0x8000}; + uint16_t u_temp[3] = {0x8000, 0x8000, 0x8000}; + uint16_t v_temp[3] = {0x8000, 0x8000, 0x8000}; + int x; + y = (uint16_t *)(pic->data[0] + line * pic->linesize[0]); + u = (uint16_t *)(pic->data[1] + line * pic->linesize[1]); + v = (uint16_t *)(pic->data[2] + line * pic->linesize[2]); - while (line++ < avctx->height) { - while (1) { - uint32_t t = AV_RL32(src); + for (x = 0; x < width; x += 6) { + uint32_t t; + + if (width - x < 6 || line_end - src < 16) { + y = y_temp; + u = u_temp; + v = v_temp; + } + + if (line_end - src < 4) + break; + + t = AV_RL32(src); src += 4; *u++ = t << 6 & 0xFFC0; *y++ = t >> 4 & 0xFFC0; *v++ = t >> 14 & 0xFFC0; - if (src >= line_end - 1) { - *y = 0x80; - src++; - line_end += stride; - y = (uint16_t *)(pic->data[0] + line * pic->linesize[0]); - u = (uint16_t *)(pic->data[1] + line * pic->linesize[1]); - v = (uint16_t *)(pic->data[2] + line * pic->linesize[2]); + if (line_end - src < 4) break; - } t = AV_RL32(src); src += 4; *y++ = t << 6 & 0xFFC0; *u++ = t >> 4 & 0xFFC0; *y++ = t >> 14 & 0xFFC0; - if (src >= line_end - 2) { - if (!(width & 1)) { - *y = 0x80; - src += 2; - } - line_end += stride; - y = (uint16_t *)(pic->data[0] + line * pic->linesize[0]); - u = (uint16_t *)(pic->data[1] + line * pic->linesize[1]); - v = (uint16_t *)(pic->data[2] + line * pic->linesize[2]); + + if (line_end - src < 4) break; - } t = AV_RL32(src); src += 4; @@ -113,15 +113,8 @@ static int zero12v_decode_frame(AVCodecContext *avctx, void *data, *y++ = t >> 4 & 0xFFC0; *u++ = t >> 14 & 0xFFC0; - if (src >= line_end - 1) { - *y = 0x80; - src++; - line_end += stride; - y = (uint16_t *)(pic->data[0] + line * pic->linesize[0]); - u = (uint16_t *)(pic->data[1] + line * pic->linesize[1]); - v = (uint16_t *)(pic->data[2] + line * pic->linesize[2]); + if (line_end - src < 4) break; - } t = AV_RL32(src); src += 4; @@ -129,18 +122,21 @@ static int zero12v_decode_frame(AVCodecContext *avctx, void *data, *v++ = t >> 4 & 0xFFC0; *y++ = t >> 14 & 0xFFC0; - if (src >= line_end - 2) { - if (width & 1) { - *y = 0x80; - src += 2; - } - line_end += stride; - y = (uint16_t *)(pic->data[0] + line * pic->linesize[0]); - u = (uint16_t *)(pic->data[1] + line * pic->linesize[1]); - v = (uint16_t *)(pic->data[2] + line * pic->linesize[2]); + if (width - x < 6) break; - } } + + if (x < width) { + y = x + (uint16_t *)(pic->data[0] + line * pic->linesize[0]); + u = x/2 + (uint16_t *)(pic->data[1] + line * pic->linesize[1]); + v = x/2 + (uint16_t *)(pic->data[2] + line * pic->linesize[2]); + memcpy(y, y_temp, sizeof(*y) * (width - x)); + memcpy(u, u_temp, sizeof(*u) * (width - x + 1) / 2); + memcpy(v, v_temp, sizeof(*v) * (width - x + 1) / 2); + } + + line_end += stride; + src = line_end - stride; } *got_frame = 1; From 2aa21e8d95517893d75e0056c7a07218884ac356 Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun Date: Sun, 8 Mar 2015 23:12:59 +0100 Subject: [PATCH 508/562] ffmdec: make sure the time base is valid A negative time base can trigger assertions. Signed-off-by: Andreas Cadhalpun Signed-off-by: Michael Niedermayer (cherry picked from commit 4c91d81be23ffacfa3897b2bcfa77445bb0c2f89) Conflicts: libavformat/ffmdec.c (cherry picked from commit 9678ceb6976ca8194848b24535785a298521211f) Signed-off-by: Michael Niedermayer --- libavformat/ffmdec.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/libavformat/ffmdec.c b/libavformat/ffmdec.c index 09a76e5995..5196e1d17a 100644 --- a/libavformat/ffmdec.c +++ b/libavformat/ffmdec.c @@ -295,6 +295,11 @@ static int ffm2_read_header(AVFormatContext *s) case MKBETAG('S', 'T', 'V', 'I'): codec->time_base.num = avio_rb32(pb); codec->time_base.den = avio_rb32(pb); + if (codec->time_base.num <= 0 || codec->time_base.den <= 0) { + av_log(s, AV_LOG_ERROR, "Invalid time base %d/%d\n", + codec->time_base.num, codec->time_base.den); + goto fail; + } codec->width = avio_rb16(pb); codec->height = avio_rb16(pb); codec->gop_size = avio_rb16(pb); @@ -419,6 +424,11 @@ static int ffm_read_header(AVFormatContext *s) case AVMEDIA_TYPE_VIDEO: codec->time_base.num = avio_rb32(pb); codec->time_base.den = avio_rb32(pb); + if (codec->time_base.num <= 0 || codec->time_base.den <= 0) { + av_log(s, AV_LOG_ERROR, "Invalid time base %d/%d\n", + codec->time_base.num, codec->time_base.den); + goto fail; + } codec->width = avio_rb16(pb); codec->height = avio_rb16(pb); codec->gop_size = avio_rb16(pb); From eface550b9d3cc8f6b01d709af53e206257f04ae Mon Sep 17 00:00:00 2001 From: Rainer Hochecker Date: Thu, 12 Mar 2015 14:08:25 +0100 Subject: [PATCH 509/562] hevc: delay ff_thread_finish_setup for hwaccel Signed-off-by: Michael Niedermayer (cherry picked from commit 31816eae32019ff0e2243533f618efa2a4da9c33) Signed-off-by: Michael Niedermayer --- libavcodec/hevc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c index bdfc131de3..4290e5d1d1 100644 --- a/libavcodec/hevc.c +++ b/libavcodec/hevc.c @@ -2148,7 +2148,8 @@ static int hevc_frame_start(HEVCContext *s) if (ret < 0) goto fail; - ff_thread_finish_setup(s->avctx); + if (!s->avctx->hwaccel) + ff_thread_finish_setup(s->avctx); return 0; fail: From 88f2d31d4e929f5592ed03d5f167ce3addccbe5f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 14 Mar 2015 21:23:32 +0100 Subject: [PATCH 510/562] avformat/mov: Use sizeof(filename) instead of a literal number Signed-off-by: Michael Niedermayer (cherry picked from commit 21a53dd08dce7cc5b3fdf9c4826b4b74d8300ea0) Signed-off-by: Michael Niedermayer --- libavformat/mov.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index e0f9495d7e..e23c77a493 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -2312,9 +2312,9 @@ static int mov_open_dref(AVIOContext **pb, const char *src, MOVDref *ref, filename[src_path - src] = 0; for (i = 1; i < ref->nlvl_from; i++) - av_strlcat(filename, "../", 1024); + av_strlcat(filename, "../", sizeof(filename)); - av_strlcat(filename, ref->path + l + 1, 1024); + av_strlcat(filename, ref->path + l + 1, sizeof(filename)); if (!avio_open2(pb, filename, AVIO_FLAG_READ, int_cb, NULL)) return 0; From f000df4ce2a70bbbdfbd9efb7650f970ed65bd19 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 14 Mar 2015 21:24:54 +0100 Subject: [PATCH 511/562] avformat/mov: Check for string truncation in mov_open_dref() Signed-off-by: Michael Niedermayer (cherry picked from commit 8003816e1619e77d8de051883264aa090e0d78cc) Signed-off-by: Michael Niedermayer --- libavformat/mov.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index e23c77a493..97e02b4a53 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -2286,7 +2286,7 @@ static int mov_open_dref(AVIOContext **pb, const char *src, MOVDref *ref, /* try relative path, we do not try the absolute because it can leak information about our system to an attacker */ if (ref->nlvl_to > 0 && ref->nlvl_from > 0) { - char filename[1024]; + char filename[1025]; const char *src_path; int i, l; @@ -2316,6 +2316,8 @@ static int mov_open_dref(AVIOContext **pb, const char *src, MOVDref *ref, av_strlcat(filename, ref->path + l + 1, sizeof(filename)); + if (strlen(filename) + 1 == sizeof(filename)) + return AVERROR(ENOENT); if (!avio_open2(pb, filename, AVIO_FLAG_READ, int_cb, NULL)) return 0; } From 5922e5a84eb3bcd19c09def7046a595dece989d3 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 14 Mar 2015 21:32:35 +0100 Subject: [PATCH 512/562] avformat/mov: Disallow ".." in dref unless use_absolute_path is set as this kind of allows to circumvent it to some extend. We also could add a separate parameter or value to choose this Found-by: ramiro Signed-off-by: Michael Niedermayer (cherry picked from commit 1e4d0498df6621143da1a550006ddc3526ad51cb) Signed-off-by: Michael Niedermayer --- libavformat/mov.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/mov.c b/libavformat/mov.c index 97e02b4a53..1e550177ce 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -2315,6 +2315,9 @@ static int mov_open_dref(AVIOContext **pb, const char *src, MOVDref *ref, av_strlcat(filename, "../", sizeof(filename)); av_strlcat(filename, ref->path + l + 1, sizeof(filename)); + if (!use_absolute_path) + if(strstr(ref->path + l + 1, "..") || ref->nlvl_from > 1) + return AVERROR(ENOENT); if (strlen(filename) + 1 == sizeof(filename)) return AVERROR(ENOENT); From 5da5e47a1797f198190115b6bbe634b571b1b776 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 19 Mar 2015 23:28:39 +0100 Subject: [PATCH 513/562] avcodec/dnxhddec: Check that the frame is interlaced before using cur_field Fixes Ticket4227 Signed-off-by: Michael Niedermayer (cherry picked from commit 2c660e34cf3c2b77cd2bef6f292920334dfd9192) Signed-off-by: Michael Niedermayer --- libavcodec/dnxhddec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/dnxhddec.c b/libavcodec/dnxhddec.c index b70665fd89..bef750af5c 100644 --- a/libavcodec/dnxhddec.c +++ b/libavcodec/dnxhddec.c @@ -312,7 +312,7 @@ static int dnxhd_decode_macroblock(DNXHDContext *ctx, AVFrame *frame, int x, int dest_u = frame->data[1] + ((y * dct_linesize_chroma) << 4) + (x << (3 + shift1)); dest_v = frame->data[2] + ((y * dct_linesize_chroma) << 4) + (x << (3 + shift1)); - if (ctx->cur_field) { + if (frame->interlaced_frame && ctx->cur_field) { dest_y += frame->linesize[0]; dest_u += frame->linesize[1]; dest_v += frame->linesize[2]; From e4f32ef8063302fe791c16438a2c19a4a820814b Mon Sep 17 00:00:00 2001 From: Anton Khirnov Date: Fri, 20 Mar 2015 21:28:34 +0100 Subject: [PATCH 514/562] hevc: make the crop sizes unsigned (cherry picked from commit c929659bdd7d2d5848ea52e685a3164c7b901bb0) Signed-off-by: Michael Niedermayer --- libavcodec/hevc.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libavcodec/hevc.h b/libavcodec/hevc.h index ac539a2a98..4a9f17f5b9 100644 --- a/libavcodec/hevc.h +++ b/libavcodec/hevc.h @@ -280,10 +280,10 @@ typedef struct RefPicListTab { } RefPicListTab; typedef struct HEVCWindow { - int left_offset; - int right_offset; - int top_offset; - int bottom_offset; + unsigned int left_offset; + unsigned int right_offset; + unsigned int top_offset; + unsigned int bottom_offset; } HEVCWindow; typedef struct VUI { From 5628a5406299585c916cb4bedd768b1d370ad0fb Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 27 Nov 2014 15:03:35 +0100 Subject: [PATCH 515/562] avcodec/hevc_ps: More complete window reset Fixes out of array read Fixes: signal_sigsegv_35bcf26_471_cov_2806540268_CAINIT_A_SHARP_4.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 57e5812198aada016e9ba4149123c541f8c8a7ec) Conflicts: libavcodec/hevc_ps.c --- libavcodec/hevc_ps.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c index f16651ade2..7d75b058e5 100644 --- a/libavcodec/hevc_ps.c +++ b/libavcodec/hevc_ps.c @@ -887,10 +887,8 @@ int ff_hevc_decode_nal_sps(HEVCContext *s) goto err; } av_log(s->avctx, AV_LOG_WARNING, "Displaying the whole video surface.\n"); - sps->pic_conf_win.left_offset = - sps->pic_conf_win.right_offset = - sps->pic_conf_win.top_offset = - sps->pic_conf_win.bottom_offset = 0; + memset(&sps->pic_conf_win, 0, sizeof(sps->pic_conf_win)); + memset(&sps->output_window, 0, sizeof(sps->output_window)); sps->output_width = sps->width; sps->output_height = sps->height; } From 09a5a754fe56dd5fd44f338d939d323d06a537ca Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 21 Mar 2015 12:54:16 +0100 Subject: [PATCH 516/562] avcodec/hevc_ps: Check cropping parameters more correctly Signed-off-by: Michael Niedermayer (cherry picked from commit 06c70d45373dedc600f28e345685b130b60203c1) Signed-off-by: Michael Niedermayer --- libavcodec/hevc_ps.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c index 7d75b058e5..4f7f12ba37 100644 --- a/libavcodec/hevc_ps.c +++ b/libavcodec/hevc_ps.c @@ -879,7 +879,8 @@ int ff_hevc_decode_nal_sps(HEVCContext *s) (sps->output_window.left_offset + sps->output_window.right_offset); sps->output_height = sps->height - (sps->output_window.top_offset + sps->output_window.bottom_offset); - if (sps->output_width <= 0 || sps->output_height <= 0) { + if (sps->width <= sps->output_window.left_offset + (int64_t)sps->output_window.right_offset || + sps->height <= sps->output_window.top_offset + (int64_t)sps->output_window.bottom_offset) { av_log(s->avctx, AV_LOG_WARNING, "Invalid visible frame dimensions: %dx%d.\n", sps->output_width, sps->output_height); if (s->avctx->err_recognition & AV_EF_EXPLODE) { From 99a69249837079417ca8bec6dd0515ca996a748e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 24 Mar 2015 15:50:12 +0100 Subject: [PATCH 517/562] avcodec/msrledec: restructure msrle_decode_pal4() based on the line number instead of the pixel pointer Fixes out of array access Fixes: da14e86d8462be6493eab16bc2d40f88/asan_heap-oob_204cfd2_528_cov_340150052_COMPRESS.BMP Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit f7e1367f58263593e6cee3c282f7277d7ee9d553) Signed-off-by: Michael Niedermayer --- libavcodec/msrledec.c | 25 +++++++++++-------------- 1 file changed, 11 insertions(+), 14 deletions(-) diff --git a/libavcodec/msrledec.c b/libavcodec/msrledec.c index 4d3da5ba17..deb6f86523 100644 --- a/libavcodec/msrledec.c +++ b/libavcodec/msrledec.c @@ -37,16 +37,14 @@ static int msrle_decode_pal4(AVCodecContext *avctx, AVPicture *pic, unsigned char extra_byte, odd_pixel; unsigned char stream_byte; unsigned int pixel_ptr = 0; - int row_dec = pic->linesize[0]; - int row_ptr = (avctx->height - 1) * row_dec; - int frame_size = row_dec * avctx->height; + int line = avctx->height - 1; int i; - while (row_ptr >= 0) { + while (line >= 0 && pixel_ptr <= avctx->width) { if (bytestream2_get_bytes_left(gb) <= 0) { av_log(avctx, AV_LOG_ERROR, - "MS RLE: bytestream overrun, %d rows left\n", - row_ptr); + "MS RLE: bytestream overrun, %dx%d left\n", + avctx->width - pixel_ptr, line); return AVERROR_INVALIDDATA; } rle_code = stream_byte = bytestream2_get_byteu(gb); @@ -55,7 +53,7 @@ static int msrle_decode_pal4(AVCodecContext *avctx, AVPicture *pic, stream_byte = bytestream2_get_byte(gb); if (stream_byte == 0) { /* line is done, goto the next one */ - row_ptr -= row_dec; + line--; pixel_ptr = 0; } else if (stream_byte == 1) { /* decode is done */ @@ -65,13 +63,12 @@ static int msrle_decode_pal4(AVCodecContext *avctx, AVPicture *pic, stream_byte = bytestream2_get_byte(gb); pixel_ptr += stream_byte; stream_byte = bytestream2_get_byte(gb); - row_ptr -= stream_byte * row_dec; } else { // copy pixels from encoded stream odd_pixel = stream_byte & 1; rle_code = (stream_byte + 1) / 2; extra_byte = rle_code & 0x01; - if (row_ptr + pixel_ptr + stream_byte > frame_size || + if (pixel_ptr + 2*rle_code - odd_pixel > avctx->width || bytestream2_get_bytes_left(gb) < rle_code) { av_log(avctx, AV_LOG_ERROR, "MS RLE: frame/stream ptr just went out of bounds (copy)\n"); @@ -82,13 +79,13 @@ static int msrle_decode_pal4(AVCodecContext *avctx, AVPicture *pic, if (pixel_ptr >= avctx->width) break; stream_byte = bytestream2_get_byteu(gb); - pic->data[0][row_ptr + pixel_ptr] = stream_byte >> 4; + pic->data[0][line * pic->linesize[0] + pixel_ptr] = stream_byte >> 4; pixel_ptr++; if (i + 1 == rle_code && odd_pixel) break; if (pixel_ptr >= avctx->width) break; - pic->data[0][row_ptr + pixel_ptr] = stream_byte & 0x0F; + pic->data[0][line * pic->linesize[0] + pixel_ptr] = stream_byte & 0x0F; pixel_ptr++; } @@ -98,7 +95,7 @@ static int msrle_decode_pal4(AVCodecContext *avctx, AVPicture *pic, } } else { // decode a run of data - if (row_ptr + pixel_ptr + stream_byte > frame_size) { + if (pixel_ptr + rle_code > avctx->width + 1) { av_log(avctx, AV_LOG_ERROR, "MS RLE: frame ptr just went out of bounds (run)\n"); return AVERROR_INVALIDDATA; @@ -108,9 +105,9 @@ static int msrle_decode_pal4(AVCodecContext *avctx, AVPicture *pic, if (pixel_ptr >= avctx->width) break; if ((i & 1) == 0) - pic->data[0][row_ptr + pixel_ptr] = stream_byte >> 4; + pic->data[0][line * pic->linesize[0] + pixel_ptr] = stream_byte >> 4; else - pic->data[0][row_ptr + pixel_ptr] = stream_byte & 0x0F; + pic->data[0][line * pic->linesize[0] + pixel_ptr] = stream_byte & 0x0F; pixel_ptr++; } } From 44d447f31cf97388b644e221cc60aa89083b7918 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 30 Mar 2015 04:37:42 +0200 Subject: [PATCH 518/562] avutil/pca: Check for av_malloc* failures Signed-off-by: Michael Niedermayer (cherry picked from commit dadc43eee4d9036aa532665a04720238cc15e922) Signed-off-by: Michael Niedermayer --- libavutil/pca.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/libavutil/pca.c b/libavutil/pca.c index 311b6bc9cb..a745136e1d 100644 --- a/libavutil/pca.c +++ b/libavutil/pca.c @@ -41,12 +41,20 @@ PCA *ff_pca_init(int n){ return NULL; pca= av_mallocz(sizeof(*pca)); + if (!pca) + return NULL; + pca->n= n; pca->z = av_malloc(sizeof(*pca->z) * n); pca->count=0; pca->covariance= av_calloc(n*n, sizeof(double)); pca->mean= av_calloc(n, sizeof(double)); + if (!pca->z || !pca->covariance || !pca->mean) { + ff_pca_free(pca); + return NULL; + } + return pca; } From dcf23f12979e355af06a2a7655019bf7c5370c5f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 4 Apr 2015 18:08:23 +0200 Subject: [PATCH 519/562] avcodec/h264_refs: Do not set reference to things which dont exist Fixes deadlock Fixes Ticket4428 Fixes Ticket4429 Signed-off-by: Michael Niedermayer (cherry picked from commit 429de043202286a2b5bcc082cc02de860b734db2) Signed-off-by: Michael Niedermayer --- libavcodec/h264_refs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h264_refs.c b/libavcodec/h264_refs.c index e6228c2025..bb99b03247 100644 --- a/libavcodec/h264_refs.c +++ b/libavcodec/h264_refs.c @@ -681,7 +681,7 @@ int ff_h264_execute_ref_pic_marking(H264Context *h, MMCO *mmco, int mmco_count) */ if (h->short_ref_count && h->short_ref[0] == h->cur_pic_ptr) { /* Just mark the second field valid */ - h->cur_pic_ptr->reference = PICT_FRAME; + h->cur_pic_ptr->reference |= h->picture_structure; } else if (h->cur_pic_ptr->long_ref) { av_log(h->avctx, AV_LOG_ERROR, "illegal short term reference " "assignment for second field " From ba7ccddb82dc9be8d272d8fa5ece6561a7025757 Mon Sep 17 00:00:00 2001 From: Timothy Gu Date: Mon, 9 Jun 2014 21:46:37 -0700 Subject: [PATCH 520/562] tests/fate.sh: report different status for different errors The order of error codes will be useful in my future fateserver patches. Signed-off-by: Timothy Gu Signed-off-by: Michael Niedermayer (cherry picked from commit cc0057a31c7097839f9c4e4da61e2933b5b0e055) Signed-off-by: Timothy Gu --- tests/fate.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/fate.sh b/tests/fate.sh index c474be7139..fd2d8fc21c 100755 --- a/tests/fate.sh +++ b/tests/fate.sh @@ -111,8 +111,8 @@ echo ${version} >version-$slot rm -rf "${build}" *.log mkdir -p ${build} -configure >configure.log 2>&1 || fail $? "error configuring" -compile >compile.log 2>&1 || fail $? "error compiling" -fate >test.log 2>&1 || fail $? "error testing" +configure >configure.log 2>&1 || fail 3 "error configuring" +compile >compile.log 2>&1 || fail 2 "error compiling" +fate >test.log 2>&1 || fail 1 "error testing" report 0 success clean From a43f9e6895fed3a2feb3a24491f528a3a4c153f1 Mon Sep 17 00:00:00 2001 From: Timothy Gu Date: Sun, 9 Nov 2014 21:37:18 -0800 Subject: [PATCH 521/562] tests: Fix test name for pixfmts tests(cherry picked from commit e1ee0521a698809ed216e9e5c11bd2bbb466ed04) Signed-off-by: Michael Niedermayer --- tests/fate-run.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/fate-run.sh b/tests/fate-run.sh index 48e9dd0bdc..7f88dff246 100755 --- a/tests/fate-run.sh +++ b/tests/fate-run.sh @@ -200,12 +200,14 @@ pixfmts(){ $showfiltfmts $filter | awk -F '[ \r]' '/^INPUT/{ fmt=substr($3, 5); print fmt }' | sort >$in_fmts pix_fmts=$(comm -12 $scale_exclude_fmts $in_fmts) + outertest=$test for pix_fmt in $pix_fmts; do test=$pix_fmt video_filter "${prefilter_chain}format=$pix_fmt,$filter=$filter_args" -pix_fmt $pix_fmt done rm $in_fmts $scale_in_fmts $scale_out_fmts $scale_exclude_fmts + test=$outertest } mkdir -p "$outdir" From 38c8264d193c0093b78a9394f06b98529ac8a433 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 9 Apr 2015 00:04:44 +0200 Subject: [PATCH 522/562] avcodec/aacdec: Fix storing state before PCE decode Fixes Ticket4460 Signed-off-by: Michael Niedermayer (cherry picked from commit e88b3852aefaa39b2170ef185ad03dda18732821) Signed-off-by: Michael Niedermayer --- libavcodec/aacdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/aacdec.c b/libavcodec/aacdec.c index 407125713c..e564f118ab 100644 --- a/libavcodec/aacdec.c +++ b/libavcodec/aacdec.c @@ -423,7 +423,7 @@ static uint64_t sniff_channel_order(uint8_t (*layout_map)[3], int tags) * Save current output configuration if and only if it has been locked. */ static void push_output_configuration(AACContext *ac) { - if (ac->oc[1].status == OC_LOCKED) { + if (ac->oc[1].status == OC_LOCKED || ac->oc[0].status == OC_NONE) { ac->oc[0] = ac->oc[1]; } ac->oc[1].status = OC_NONE; From 12e005f7e7a91a5e7cd30c486529bbbb8b2ae210 Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun Date: Thu, 16 Apr 2015 14:49:08 +0200 Subject: [PATCH 523/562] msrledec: use signed pixel_ptr in msrle_decode_pal4 This fixes segmentation faults, when pic->linesize[0] is negative. In that case 'line * pic->linesize[0] + pixel_ptr' is treated as unsigned and wraps around. This reverts commit 7d78a964. The problem was introduced in commit f7e1367f, which should obsolete that commit. Signed-off-by: Andreas Cadhalpun Signed-off-by: Michael Niedermayer (cherry picked from commit ae6fd7300b4e9f81d3b5ba201096ffe7cccf26fb) Signed-off-by: Michael Niedermayer --- libavcodec/msrledec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/msrledec.c b/libavcodec/msrledec.c index deb6f86523..200221a0ee 100644 --- a/libavcodec/msrledec.c +++ b/libavcodec/msrledec.c @@ -36,7 +36,7 @@ static int msrle_decode_pal4(AVCodecContext *avctx, AVPicture *pic, unsigned char rle_code; unsigned char extra_byte, odd_pixel; unsigned char stream_byte; - unsigned int pixel_ptr = 0; + int pixel_ptr = 0; int line = avctx->height - 1; int i; From 11752d17b8b4b7a8912bcb9f521045497abddfb1 Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun Date: Thu, 16 Apr 2015 16:58:32 +0200 Subject: [PATCH 524/562] aacdec: consistently use avctx for logging in decode_eld_specific_config ac may be NULL and then accessing ac->avctx results in a segmentation fault. Signed-off-by: Andreas Cadhalpun Signed-off-by: Michael Niedermayer (cherry picked from commit 5b75689b987e4c4dd4f34d5c8be389547e9cc701) Signed-off-by: Michael Niedermayer --- libavcodec/aacdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/aacdec.c b/libavcodec/aacdec.c index e564f118ab..2feb4af9cc 100644 --- a/libavcodec/aacdec.c +++ b/libavcodec/aacdec.c @@ -860,7 +860,7 @@ static int decode_eld_specific_config(AACContext *ac, AVCodecContext *avctx, if (len == 15 + 255) len += get_bits(gb, 16); if (get_bits_left(gb) < len * 8 + 4) { - av_log(ac->avctx, AV_LOG_ERROR, overread_err); + av_log(avctx, AV_LOG_ERROR, overread_err); return AVERROR_INVALIDDATA; } skip_bits_long(gb, 8 * len); From 13178541369f73822def06170efadb180625202d Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun Date: Thu, 16 Apr 2015 19:12:02 +0200 Subject: [PATCH 525/562] aasc: return correct buffer size from aasc_decode_frame Signed-off-by: Andreas Cadhalpun Signed-off-by: Michael Niedermayer (cherry picked from commit 0be54ad280cf114c02306b7063147e8379f8ed1e) Signed-off-by: Michael Niedermayer --- libavcodec/aasc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/aasc.c b/libavcodec/aasc.c index 38658f86c4..a23f9b3ec3 100644 --- a/libavcodec/aasc.c +++ b/libavcodec/aasc.c @@ -137,7 +137,7 @@ static int aasc_decode_frame(AVCodecContext *avctx, return ret; /* report that the buffer was completely consumed */ - return buf_size; + return avpkt->size; } static av_cold int aasc_decode_end(AVCodecContext *avctx) From 49ff079f0c0ec03cfb50e4f1198475f72cfe81f5 Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun Date: Thu, 16 Apr 2015 20:04:54 +0200 Subject: [PATCH 526/562] aacpsy: avoid psy_band->threshold becoming NaN If band->thr is 0.0f, the division is undefined, making norm_fac not a number or infinity, which causes psy_band->threshold to become NaN. This is passed on to other variables until it finally reaches sce->sf_idx and is converted to an integer (-2147483648). This causes a segmentation fault when it is used as array index. Signed-off-by: Andreas Cadhalpun Reviewed-by: Claudio Freire Signed-off-by: Michael Niedermayer (cherry picked from commit e224aa41917454e7b5c23d9f2541425743ce595a) Signed-off-by: Michael Niedermayer --- libavcodec/aacpsy.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavcodec/aacpsy.c b/libavcodec/aacpsy.c index d2a782e8dd..a1183bea3f 100644 --- a/libavcodec/aacpsy.c +++ b/libavcodec/aacpsy.c @@ -727,7 +727,10 @@ static void psy_3gpp_analyze_channel(FFPsyContext *ctx, int channel, if (active_lines > 0.0f) band->thr = calc_reduced_thr_3gpp(band, coeffs[g].min_snr, reduction); pe += calc_pe_3gpp(band); - band->norm_fac = band->active_lines / band->thr; + if (band->thr > 0.0f) + band->norm_fac = band->active_lines / band->thr; + else + band->norm_fac = 0.0f; norm_fac += band->norm_fac; } } From 307c5cb9d4cc3b9373cac5b00ebdc28fc0d593fe Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun Date: Thu, 16 Apr 2015 21:25:26 +0200 Subject: [PATCH 527/562] ac3: validate end in ff_ac3_bit_alloc_calc_mask This fixes an invalid read if end is 0: band_end = ff_ac3_bin_to_band_tab[end-1] + 1; Depending on what is before the array, this can cause stack smashing, when band_end becomes too large. Signed-off-by: Andreas Cadhalpun Signed-off-by: Michael Niedermayer (cherry picked from commit bc4fee7f2a51635fa3c0f61d1e5164da1efeded3) Signed-off-by: Michael Niedermayer --- libavcodec/ac3.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/ac3.c b/libavcodec/ac3.c index 29e132f5d1..8d39bbe83b 100644 --- a/libavcodec/ac3.c +++ b/libavcodec/ac3.c @@ -131,6 +131,9 @@ int ff_ac3_bit_alloc_calc_mask(AC3BitAllocParameters *s, int16_t *band_psd, int band_start, band_end, begin, end1; int lowcomp, fastleak, slowleak; + if (end <= 0) + return AVERROR_INVALIDDATA; + /* excitation function */ band_start = ff_ac3_bin_to_band_tab[start]; band_end = ff_ac3_bin_to_band_tab[end-1] + 1; From bfd65092a2b7fc1ae95e8fe79c7f0a61f25b111b Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun Date: Sat, 18 Apr 2015 18:31:36 +0200 Subject: [PATCH 528/562] alsdec: ensure channel reordering is reversible If the same idx is used for more than one i, at least one entry in sconf->chan_pos remains uninitialized. This can cause segmentation faults. Signed-off-by: Andreas Cadhalpun Signed-off-by: Michael Niedermayer (cherry picked from commit ef16501aebed43e34a3721336e8bee732eca2877) Signed-off-by: Michael Niedermayer --- libavcodec/alsdec.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c index a2b4be5691..c0367d4ba2 100644 --- a/libavcodec/alsdec.c +++ b/libavcodec/alsdec.c @@ -355,11 +355,15 @@ static av_cold int read_specific_config(ALSDecContext *ctx) ctx->cs_switch = 1; + for (i = 0; i < avctx->channels; i++) { + sconf->chan_pos[i] = -1; + } + for (i = 0; i < avctx->channels; i++) { int idx; idx = get_bits(&gb, chan_pos_bits); - if (idx >= avctx->channels) { + if (idx >= avctx->channels || sconf->chan_pos[idx] != -1) { av_log(avctx, AV_LOG_WARNING, "Invalid channel reordering.\n"); ctx->cs_switch = 0; break; From 455bc87c8f00abbcb2dd305b677bbe56140bd5f4 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 18 Apr 2015 20:50:23 +0200 Subject: [PATCH 529/562] avcodec/alsdec: Use av_mallocz_array() for chan_data to ensure the arrays never contain random data Signed-off-by: Michael Niedermayer (cherry picked from commit 7e104647a3556fc61a139483cee1cb7dfa2dc5bd) Conflicts: libavcodec/alsdec.c --- libavcodec/alsdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c index c0367d4ba2..fa93b75c88 100644 --- a/libavcodec/alsdec.c +++ b/libavcodec/alsdec.c @@ -1719,9 +1719,9 @@ static av_cold int decode_init(AVCodecContext *avctx) // allocate and assign channel data buffer for mcc mode if (sconf->mc_coding) { - ctx->chan_data_buffer = av_malloc(sizeof(*ctx->chan_data_buffer) * + ctx->chan_data_buffer = av_mallocz(sizeof(*ctx->chan_data_buffer) * num_buffers * num_buffers); - ctx->chan_data = av_malloc(sizeof(*ctx->chan_data) * + ctx->chan_data = av_mallocz(sizeof(*ctx->chan_data) * num_buffers); ctx->reverted_channels = av_malloc(sizeof(*ctx->reverted_channels) * num_buffers); From d18f8959b3c6374846c83ec28f1761e8e3253929 Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun Date: Sat, 18 Apr 2015 20:09:28 +0200 Subject: [PATCH 530/562] alsdec: validate time diff index If begin is smaller than t, the subtraction 'begin -= t' wraps around, because begin is unsigned. The same applies for end < t. This causes segmentation faults. Signed-off-by: Andreas Cadhalpun Signed-off-by: Michael Niedermayer (cherry picked from commit faf9fe2c224ea81a98afd53e2f0be0a2e13aeca9) Signed-off-by: Michael Niedermayer --- libavcodec/alsdec.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c index fa93b75c88..2cf01b278d 100644 --- a/libavcodec/alsdec.c +++ b/libavcodec/alsdec.c @@ -1284,8 +1284,16 @@ static int revert_channel_correlation(ALSDecContext *ctx, ALSBlockData *bd, if (ch[dep].time_diff_sign) { t = -t; + if (t > 0 && begin < t) { + av_log(ctx->avctx, AV_LOG_ERROR, "begin %u smaller than time diff index %d.\n", begin, t); + return AVERROR_INVALIDDATA; + } begin -= t; } else { + if (t > 0 && end < t) { + av_log(ctx->avctx, AV_LOG_ERROR, "end %u smaller than time diff index %d.\n", end, t); + return AVERROR_INVALIDDATA; + } end -= t; } From 74e714f81597f09401252a72388cc788ed4a6a1a Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 20 Apr 2015 22:22:31 +0200 Subject: [PATCH 531/562] avformat/utils: Ensure that AVFMT_FLAG_CUSTOM_IO is set before use Signed-off-by: Michael Niedermayer (cherry picked from commit ba631b791435c395361e2026fc7419b341e57813) Signed-off-by: Michael Niedermayer --- libavformat/utils.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/utils.c b/libavformat/utils.c index 5465498c3d..3a979c63ee 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -508,6 +508,9 @@ int avformat_open_input(AVFormatContext **ps, const char *filename, AVInputForma if (options) av_dict_copy(&tmp, *options, 0); + if (s->pb) // must be before any goto fail + s->flags |= AVFMT_FLAG_CUSTOM_IO; + if ((ret = av_opt_set_dict(s, &tmp)) < 0) goto fail; From 0b5405c443ec8adc3c114e508b71ce2012c83f0d Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun Date: Tue, 21 Apr 2015 19:25:50 +0200 Subject: [PATCH 532/562] alsdec: check sample pointer range in revert_channel_correlation Also change the type of begin, end and smp to ptrdiff_t to make the comparison well-defined. Signed-off-by: Andreas Cadhalpun Reviewed-by: Thilo Borgmann Signed-off-by: Michael Niedermayer (cherry picked from commit afc7748d1f6abc4b3b1cc957b0fa6941837db3d0) Conflicts: libavcodec/alsdec.c --- libavcodec/alsdec.c | 34 +++++++++++++++++++++++++++------- 1 file changed, 27 insertions(+), 7 deletions(-) diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c index 2cf01b278d..5219d10f40 100644 --- a/libavcodec/alsdec.c +++ b/libavcodec/alsdec.c @@ -1242,6 +1242,7 @@ static int revert_channel_correlation(ALSDecContext *ctx, ALSBlockData *bd, ALSChannelData *ch = cd[c]; unsigned int dep = 0; unsigned int channels = ctx->avctx->channels; + unsigned int channel_size = ctx->sconf.frame_length + ctx->sconf.max_order; if (reverted[c]) return 0; @@ -1273,9 +1274,9 @@ static int revert_channel_correlation(ALSDecContext *ctx, ALSBlockData *bd, dep = 0; while (!ch[dep].stop_flag) { - unsigned int smp; - unsigned int begin = 1; - unsigned int end = bd->block_length - 1; + ptrdiff_t smp; + ptrdiff_t begin = 1; + ptrdiff_t end = bd->block_length - 1; int64_t y; int32_t *master = ctx->raw_samples[ch[dep].master_channel] + offset; @@ -1284,19 +1285,28 @@ static int revert_channel_correlation(ALSDecContext *ctx, ALSBlockData *bd, if (ch[dep].time_diff_sign) { t = -t; - if (t > 0 && begin < t) { - av_log(ctx->avctx, AV_LOG_ERROR, "begin %u smaller than time diff index %d.\n", begin, t); + if (begin < t) { + av_log(ctx->avctx, AV_LOG_ERROR, "begin %td smaller than time diff index %d.\n", begin, t); return AVERROR_INVALIDDATA; } begin -= t; } else { - if (t > 0 && end < t) { - av_log(ctx->avctx, AV_LOG_ERROR, "end %u smaller than time diff index %d.\n", end, t); + if (end < t) { + av_log(ctx->avctx, AV_LOG_ERROR, "end %td smaller than time diff index %d.\n", end, t); return AVERROR_INVALIDDATA; } end -= t; } + if (FFMIN(begin - 1, begin - 1 + t) < ctx->raw_buffer - master || + FFMAX(end + 1, end + 1 + t) > ctx->raw_buffer + channels * channel_size - master) { + av_log(ctx->avctx, AV_LOG_ERROR, + "sample pointer range [%p, %p] not contained in raw_buffer [%p, %p].\n", + master + FFMIN(begin - 1, begin - 1 + t), master + FFMAX(end + 1, end + 1 + t), + ctx->raw_buffer, ctx->raw_buffer + channels * channel_size); + return AVERROR_INVALIDDATA; + } + for (smp = begin; smp < end; smp++) { y = (1 << 6) + MUL64(ch[dep].weighting[0], master[smp - 1 ]) + @@ -1309,6 +1319,16 @@ static int revert_channel_correlation(ALSDecContext *ctx, ALSBlockData *bd, bd->raw_samples[smp] += y >> 7; } } else { + + if (begin - 1 < ctx->raw_buffer - master || + end + 1 > ctx->raw_buffer + channels * channel_size - master) { + av_log(ctx->avctx, AV_LOG_ERROR, + "sample pointer range [%p, %p] not contained in raw_buffer [%p, %p].\n", + master + begin - 1, master + end + 1, + ctx->raw_buffer, ctx->raw_buffer + channels * channel_size); + return AVERROR_INVALIDDATA; + } + for (smp = begin; smp < end; smp++) { y = (1 << 6) + MUL64(ch[dep].weighting[0], master[smp - 1]) + From 3339bae2197a2a02b090e74a8720282b5b87598e Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun Date: Wed, 22 Apr 2015 16:32:42 +0200 Subject: [PATCH 533/562] mpeg4videodec: only allow a positive length Signed-off-by: Andreas Cadhalpun Signed-off-by: Michael Niedermayer (cherry picked from commit b3408ae4c64cb674b1d5f0f30171759113ce722a) Conflicts: libavcodec/mpeg4videodec.c --- libavcodec/mpeg4videodec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/mpeg4videodec.c b/libavcodec/mpeg4videodec.c index 7a4a441100..6d2a0eddd4 100644 --- a/libavcodec/mpeg4videodec.c +++ b/libavcodec/mpeg4videodec.c @@ -186,13 +186,13 @@ static int mpeg4_decode_sprite_trajectory(MpegEncContext *s, GetBitContext *gb) int x=0, y=0; length= get_vlc2(gb, sprite_trajectory.table, SPRITE_TRAJ_VLC_BITS, 3); - if(length){ + if(length > 0){ x= get_xbits(gb, length); } if(!(s->divx_version==500 && s->divx_build==413)) skip_bits1(gb); /* marker bit */ length= get_vlc2(gb, sprite_trajectory.table, SPRITE_TRAJ_VLC_BITS, 3); - if(length){ + if(length > 0){ y=get_xbits(gb, length); } skip_bits1(gb); /* marker bit */ From bb95df33a0d41087d469bebaf8be04f03dc3b397 Mon Sep 17 00:00:00 2001 From: Vittorio Giovara Date: Wed, 22 Apr 2015 14:59:56 +0100 Subject: [PATCH 534/562] lavf: Reset global flag on deinit Signed-off-by: Michael Niedermayer (cherry picked from commit 32da94fa7f73ac749e0a1e2f20499fad2f6f57fe) Signed-off-by: Michael Niedermayer --- libavformat/utils.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavformat/utils.c b/libavformat/utils.c index 3a979c63ee..7e4a6ffc14 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -4055,6 +4055,7 @@ int avformat_network_deinit(void) #if CONFIG_NETWORK ff_network_close(); ff_tls_deinit(); + ff_network_inited_globally = 0; #endif return 0; } From 89b83042a9c5fc2a4b18dcfe7932918f6593cf2c Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun Date: Wed, 22 Apr 2015 16:03:41 +0200 Subject: [PATCH 535/562] alsdec: only adapt order for positive max_order For max_order = 0 the clipping range is invalid. (amin = 2, amax = 1) Signed-off-by: Andreas Cadhalpun Signed-off-by: Michael Niedermayer (cherry picked from commit 58d605ee9b3277289278dc40e022311f8e083833) Signed-off-by: Michael Niedermayer --- libavcodec/alsdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c index 5219d10f40..97afe68609 100644 --- a/libavcodec/alsdec.c +++ b/libavcodec/alsdec.c @@ -680,7 +680,7 @@ static int read_var_block_data(ALSDecContext *ctx, ALSBlockData *bd) if (!sconf->rlslms) { - if (sconf->adapt_order) { + if (sconf->adapt_order && sconf->max_order) { int opt_order_length = av_ceil_log2(av_clip((bd->block_length >> 3) - 1, 2, sconf->max_order + 1)); *bd->opt_order = get_bits(gb, opt_order_length); From 3144044e0142c3f99c181feafdfabbf9207f586b Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun Date: Fri, 24 Apr 2015 00:01:43 +0200 Subject: [PATCH 536/562] alac: reject rice_limit 0 if compression is used If rice_limit is 0, k can be 0 in decode_scalar, which calls show_bits(gb, k). Signed-off-by: Andreas Cadhalpun Signed-off-by: Michael Niedermayer (cherry picked from commit 4b657a1b1eedcf38bcf36e89a2f4be6f76b5ce09) Signed-off-by: Michael Niedermayer --- libavcodec/alac.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/alac.c b/libavcodec/alac.c index 1929839e70..0021e87baf 100644 --- a/libavcodec/alac.c +++ b/libavcodec/alac.c @@ -311,6 +311,11 @@ static int decode_element(AVCodecContext *avctx, AVFrame *frame, int ch_index, int lpc_quant[2]; int rice_history_mult[2]; + if (!alac->rice_limit) { + avpriv_request_sample(alac->avctx, "Compression with rice limit 0"); + return AVERROR(ENOSYS); + } + decorr_shift = get_bits(&alac->gb, 8); decorr_left_weight = get_bits(&alac->gb, 8); From fb5f3241e40ddcd0686e727ddf925eb9e6065406 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 23 Apr 2015 04:27:56 +0200 Subject: [PATCH 537/562] tests/fate-run: do not attempt to parse tiny_psnrs output if it failed This avoids confusing syntax errors with awk later Likely fixes awk errors at: http://buildd.debian-ports.org/status/fetch.php?pkg=ffmpeg&arch=sparc64&ver=7%3A2.6.2-1&stamp=1428928967 Reviewed-by: Timothy Gu Thanks-to: Andreas Cadhalpun for the link Signed-off-by: Michael Niedermayer (cherry picked from commit c0d847e457c1ef72843a63853f1135d52b74131e) Signed-off-by: Michael Niedermayer --- tests/fate-run.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/fate-run.sh b/tests/fate-run.sh index 7f88dff246..391cef541c 100755 --- a/tests/fate-run.sh +++ b/tests/fate-run.sh @@ -42,7 +42,7 @@ compare(){ } do_tiny_psnr(){ - psnr=$(tests/tiny_psnr "$1" "$2" $cmp_unit $cmp_shift 0) + psnr=$(tests/tiny_psnr "$1" "$2" $cmp_unit $cmp_shift 0) || return 1 val=$(expr "$psnr" : ".*$3: *\([0-9.]*\)") size1=$(expr "$psnr" : '.*bytes: *\([0-9]*\)') size2=$(expr "$psnr" : '.*bytes:[ 0-9]*/ *\([0-9]*\)') From be7dc34bcf00b8c5b6503c600e7f6bc9324801ff Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun Date: Tue, 28 Apr 2015 00:30:51 +0200 Subject: [PATCH 538/562] apedec: set s->samples only when init_frame_decoder succeeded Otherwise range_start_decoding is not necessarily run and thus ctx->rc.range still 0 in range_dec_normalize leading to an infinite loop. Signed-off-by: Andreas Cadhalpun Signed-off-by: Michael Niedermayer (cherry picked from commit 464c49155ce7ffc88ed39eb2511e7a75565c24be) Signed-off-by: Michael Niedermayer --- libavcodec/apedec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c index 325f36d6a6..f6de304006 100644 --- a/libavcodec/apedec.c +++ b/libavcodec/apedec.c @@ -1471,13 +1471,13 @@ static int ape_decode_frame(AVCodecContext *avctx, void *data, av_log(avctx, AV_LOG_ERROR, "Invalid sample count: %u.\n", nblocks); return AVERROR_INVALIDDATA; } - s->samples = nblocks; /* Initialize the frame decoder */ if (init_frame_decoder(s) < 0) { av_log(avctx, AV_LOG_ERROR, "Error reading frame header\n"); return AVERROR_INVALIDDATA; } + s->samples = nblocks; } if (!s->data) { From 60201e27efa6bf98f9dbdf6ea18c3c91183f937f Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun Date: Tue, 28 Apr 2015 11:13:43 +0200 Subject: [PATCH 539/562] apedec: prevent out of array writes in decode_array_0000 s->decoded_buffer is allocated with a min_size of: 2 * FFALIGN(blockstodecode, 8) * sizeof(*s->decoded_buffer) Then it is assigned to s->decoded[0] (and s->decoded_buffer + FFALIGN(blockstodecode, 8) to s->decoded[1]) and passed as out buffer to decode_array_0000. In this function 64 elements of the out buffer are written unconditionally and outside the array if blockstodecode is too small. This causes memory corruption, leading to segmentation faults or other crashes. Thus change decode_array_0000 to write at most blockstodecode elements of the out buffer. Signed-off-by: Andreas Cadhalpun Signed-off-by: Michael Niedermayer (cherry picked from commit 699341d647f7af785fb8ceed67604467b0b9ab12) Signed-off-by: Michael Niedermayer --- libavcodec/apedec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c index f6de304006..e1e7da7a39 100644 --- a/libavcodec/apedec.c +++ b/libavcodec/apedec.c @@ -598,14 +598,14 @@ static void decode_array_0000(APEContext *ctx, GetBitContext *gb, int ksummax, ksummin; rice->ksum = 0; - for (i = 0; i < 5; i++) { + for (i = 0; i < FFMIN(blockstodecode, 5); i++) { out[i] = get_rice_ook(&ctx->gb, 10); rice->ksum += out[i]; } rice->k = av_log2(rice->ksum / 10) + 1; if (rice->k >= 24) return; - for (; i < 64; i++) { + for (; i < FFMIN(blockstodecode, 64); i++) { out[i] = get_rice_ook(&ctx->gb, rice->k); rice->ksum += out[i]; rice->k = av_log2(rice->ksum / ((i + 1) * 2)) + 1; From 0397e998b3aa90470f023f62e0bb034fa21b631f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 23 Apr 2015 14:29:47 +0200 Subject: [PATCH 540/562] ffmpeg: remove incorrect network deinit Signed-off-by: Michael Niedermayer (cherry picked from commit e2877bdf3862325c2982c3237d9bf28f1bbf793f) Signed-off-by: Michael Niedermayer --- ffmpeg.c | 1 - 1 file changed, 1 deletion(-) diff --git a/ffmpeg.c b/ffmpeg.c index d0124e7efb..94780f9ffe 100644 --- a/ffmpeg.c +++ b/ffmpeg.c @@ -349,7 +349,6 @@ void term_init(void) signal(SIGQUIT, sigterm_handler); /* Quit (POSIX). */ } #endif - avformat_network_deinit(); signal(SIGINT , sigterm_handler); /* Interrupt (ANSI). */ signal(SIGTERM, sigterm_handler); /* Termination (ANSI). */ From ac323fa46330756b60ff4338954de389d268a8fb Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun Date: Tue, 28 Apr 2015 20:31:56 +0200 Subject: [PATCH 541/562] nutdec: check for negative frame rate in decode_info_header A negative frame rate triggers an av_assert2 in av_rescale_rnd. Signed-off-by: Andreas Cadhalpun Signed-off-by: Michael Niedermayer (cherry picked from commit 6621105877ce0d65724a8ab60b3a50160adbe65d) Signed-off-by: Michael Niedermayer --- libavformat/nutdec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c index aa7ca676fb..75149693c5 100644 --- a/libavformat/nutdec.c +++ b/libavformat/nutdec.c @@ -534,7 +534,8 @@ static int decode_info_header(NUTContext *nut) if (stream_id_plus1 && !strcmp(name, "r_frame_rate")) { sscanf(str_value, "%d/%d", &st->r_frame_rate.num, &st->r_frame_rate.den); - if (st->r_frame_rate.num >= 1000LL*st->r_frame_rate.den) + if (st->r_frame_rate.num >= 1000LL*st->r_frame_rate.den || + st->r_frame_rate.num < 0 || st->r_frame_rate.num < 0) st->r_frame_rate.num = st->r_frame_rate.den = 0; continue; } From 84981c8a87a34c542fbff342c33226dd106e9ed0 Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun Date: Tue, 28 Apr 2015 20:57:59 +0200 Subject: [PATCH 542/562] nutdec: check chapter creation in decode_info_header This fixes a segmentation fault when accessing the metadata. Signed-off-by: Michael Niedermayer (cherry picked from commit 3ff1af2b0db7132d5717be6395227a94c8abab07) Signed-off-by: Michael Niedermayer --- libavformat/nutdec.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c index 75149693c5..f6fe203671 100644 --- a/libavformat/nutdec.c +++ b/libavformat/nutdec.c @@ -491,6 +491,10 @@ static int decode_info_header(NUTContext *nut) nut->time_base[chapter_start % nut->time_base_count], start, start + chapter_len, NULL); + if (!chapter) { + av_log(s, AV_LOG_ERROR, "could not create chapter\n"); + return AVERROR(ENOMEM); + } metadata = &chapter->metadata; } else if (stream_id_plus1) { st = s->streams[stream_id_plus1 - 1]; From e7cb5d41d1d66cf328253a14ccb209d4e34687d4 Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun Date: Tue, 28 Apr 2015 22:37:19 +0200 Subject: [PATCH 543/562] nutdec: fix illegal count check in decode_main_header The existing check has two problems: 1) i + count can overflow, so that the check '< 256' returns true. 2) In the (i == 'N') case occurs a j-- so that the loop runs once more. This can trigger the assertion 'nut->header_len[0] == 0' or cause segmentation faults or infinite hangs. Signed-off-by: Andreas Cadhalpun Signed-off-by: Michael Niedermayer (cherry picked from commit 7c24ca1bda2d4df1dc9b2b982941be532d60da21) Signed-off-by: Michael Niedermayer --- libavformat/nutdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c index f6fe203671..0b4b12c00c 100644 --- a/libavformat/nutdec.c +++ b/libavformat/nutdec.c @@ -288,7 +288,7 @@ static int decode_main_header(NUTContext *nut) while (tmp_fields-- > 8) ffio_read_varlen(bc); - if (count == 0 || i + count > 256) { + if (count <= 0 || count > 256 - (i <= 'N') - i) { av_log(s, AV_LOG_ERROR, "illegal count %d at %d\n", count, i); return AVERROR_INVALIDDATA; } From 68f89b8264d46d5812e710ca0f903d4d323ec899 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 30 Apr 2015 02:04:38 +0200 Subject: [PATCH 544/562] Update for 2.1.8 Signed-off-by: Michael Niedermayer --- RELEASE | 2 +- VERSION | 2 +- doc/Doxyfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/RELEASE b/RELEASE index 04b10b4f15..ebf14b4698 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -2.1.7 +2.1.8 diff --git a/VERSION b/VERSION index 04b10b4f15..ebf14b4698 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.1.7 +2.1.8 diff --git a/doc/Doxyfile b/doc/Doxyfile index 3747d7a3c8..e3305c44a8 100644 --- a/doc/Doxyfile +++ b/doc/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 2.1.7 +PROJECT_NUMBER = 2.1.8 # With the PROJECT_LOGO tag one can specify a logo or icon that is included # in the documentation. The maximum height of the logo should not exceed 55 From 819889e7376442a70b3f85dba90bae5222b27c10 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Wed, 25 Feb 2015 15:07:18 +0100 Subject: [PATCH 545/562] lavfi/fade: Do not overread input buffer. (cherry picked from commit ab3ff19f08b7a83e320c39ab066f289c242b8030) --- libavfilter/vf_fade.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavfilter/vf_fade.c b/libavfilter/vf_fade.c index 1473273a97..e482fa7550 100644 --- a/libavfilter/vf_fade.c +++ b/libavfilter/vf_fade.c @@ -125,7 +125,9 @@ static int config_props(AVFilterLink *inlink) s->hsub = pixdesc->log2_chroma_w; s->vsub = pixdesc->log2_chroma_h; - s->bpp = av_get_bits_per_pixel(pixdesc) >> 3; + s->bpp = pixdesc->flags & AV_PIX_FMT_FLAG_PLANAR ? + 1 : + av_get_bits_per_pixel(pixdesc) >> 3; s->alpha &= !!(pixdesc->flags & AV_PIX_FMT_FLAG_ALPHA); s->is_packed_rgb = ff_fill_rgba_map(s->rgba_map, inlink->format) >= 0; From c77d226f7116d15ccdb84d18a8dde8e673703bfb Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 27 May 2015 04:31:30 +0200 Subject: [PATCH 546/562] avfilter/x86/vf_hqdn3d: Fix register types Fixes Ticket4301 Signed-off-by: Michael Niedermayer (cherry picked from commit 52fc3e372f8ed4de5735abed1f7f7569fe37b023) --- libavfilter/x86/vf_hqdn3d.asm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavfilter/x86/vf_hqdn3d.asm b/libavfilter/x86/vf_hqdn3d.asm index 961127e670..e3b1bdca53 100644 --- a/libavfilter/x86/vf_hqdn3d.asm +++ b/libavfilter/x86/vf_hqdn3d.asm @@ -27,8 +27,8 @@ SECTION .text %if lut_bits != 8 sar %1q, 8-lut_bits %endif - movsx %1d, word [%3q+%1q*2] - add %1d, %2d + movsx %1q, word [%3q+%1q*2] + add %1q, %2q %endmacro %macro LOAD 3 ; dstreg, x, bitdepth From a444857db31894c48efc4d6521efb425dabc04f0 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 25 May 2015 01:26:55 +0200 Subject: [PATCH 547/562] avformat/mov: Mark avio context of decompressed atoms as seekable Fixes Ticket4329 Signed-off-by: Michael Niedermayer (cherry picked from commit 8ce564ea280b61d21eebf8a2fd741f792ce81638) --- libavformat/mov.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavformat/mov.c b/libavformat/mov.c index 1e550177ce..e5af31d4e1 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -2786,6 +2786,7 @@ static int mov_read_cmov(MOVContext *c, AVIOContext *pb, MOVAtom atom) goto free_and_return; if (ffio_init_context(&ctx, moov_data, moov_len, 0, NULL, NULL, NULL, NULL) != 0) goto free_and_return; + ctx.seekable = AVIO_SEEKABLE_NORMAL; atom.type = MKTAG('m','o','o','v'); atom.size = moov_len; ret = mov_read_default(c, &ctx, atom); From e0537e49a45ef9c9cf2d8b3d7d72e10897259bed Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 9 Jun 2015 05:11:09 +0200 Subject: [PATCH 548/562] avcodec/x86/h264_weight: handle weight1=128 Fix ticket4596 Signed-off-by: Michael Niedermayer (cherry picked from commit e1009665759d4a3938dd2dd07b7e84d8bc9c5290) --- libavcodec/x86/h264_weight.asm | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/x86/h264_weight.asm b/libavcodec/x86/h264_weight.asm index 4759a063a6..f6b9d5f6ad 100644 --- a/libavcodec/x86/h264_weight.asm +++ b/libavcodec/x86/h264_weight.asm @@ -135,8 +135,11 @@ WEIGHT_FUNC_HALF_MM 8, 8 add off_regd, 1 or off_regd, 1 add r4, 1 + cmp r6d, 128 + je .nonnormal cmp r5, 128 jne .normal +.nonnormal sar r5, 1 sar r6, 1 sar off_regd, 1 From ada778c7002a53d1e1efb3d91843a5c574f17571 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 8 Jul 2015 02:43:02 +0200 Subject: [PATCH 549/562] avformat/swfdec: Do not error out on pixel format changes Instead print an error and continue Fixes Ticket4702 Signed-off-by: Michael Niedermayer (cherry picked from commit 6a1204a1a46674084b1e6b92562f81aaab7aac69) --- libavformat/swfdec.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/libavformat/swfdec.c b/libavformat/swfdec.c index bf5b581d5d..43a82b8b0e 100644 --- a/libavformat/swfdec.c +++ b/libavformat/swfdec.c @@ -384,10 +384,8 @@ static int swf_read_packet(AVFormatContext *s, AVPacket *pkt) } if (st->codec->pix_fmt != AV_PIX_FMT_NONE && st->codec->pix_fmt != pix_fmt) { av_log(s, AV_LOG_ERROR, "pixel format change unsupported\n"); - res = AVERROR_PATCHWELCOME; - goto bitmap_end; - } - st->codec->pix_fmt = pix_fmt; + }else + st->codec->pix_fmt = pix_fmt; if (linesize * height > pkt->size) { res = AVERROR_INVALIDDATA; From 52fa2a2f60440f1c552979afccc62b6b1f5b7d85 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 31 Jul 2015 15:54:38 +0200 Subject: [PATCH 550/562] MAINTAINERS: Remove myself as leader Signed-off-by: Michael Niedermayer (cherry picked from commit f2c58931e629343f7d68258cc2b2d62c5f501ba5) Signed-off-by: Michael Niedermayer --- MAINTAINERS | 1 - 1 file changed, 1 deletion(-) diff --git a/MAINTAINERS b/MAINTAINERS index a9a55dfe4a..3ea7c23759 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -14,7 +14,6 @@ patches and related discussions. Project Leader ============== -Michael Niedermayer final design decisions From c83569e5f15199ef251dbd6b6d3cb4bdc5da7f8d Mon Sep 17 00:00:00 2001 From: wm4 Date: Wed, 30 Sep 2015 14:53:35 +0200 Subject: [PATCH 551/562] avcodec/mp3: fix skipping zeros Commits 43bc5cf9 and c5371f77 add code for skipping initial zeros in mp3 packets. This code forgot to report to the user that data was skipped at all. Since audio codecs allow partial packet decoding, the user application has to rely on the return value. It will remove the data reported as consumed by the decoder, and feed it to the decoder again. This resulted in the mp3 frame after the zero region to be decoded over and over again, until the zero region was finally skipped by the application. Fix this by including the amount of skipped bytes to the number of consumed bytes returned by the decode call. Fixes trac ticket #4890. (cherry picked from commit cb1da9fb8d71bb611a7b0028914c97afc3f5711d) --- libavcodec/mpegaudiodec.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavcodec/mpegaudiodec.c b/libavcodec/mpegaudiodec.c index fc900d855b..4d06f891eb 100644 --- a/libavcodec/mpegaudiodec.c +++ b/libavcodec/mpegaudiodec.c @@ -1667,9 +1667,11 @@ static int decode_frame(AVCodecContext * avctx, void *data, int *got_frame_ptr, uint32_t header; int ret; + int skipped = 0; while(buf_size && !*buf){ buf++; buf_size--; + skipped++; } if (buf_size < HEADER_SIZE) @@ -1724,7 +1726,7 @@ static int decode_frame(AVCodecContext * avctx, void *data, int *got_frame_ptr, return ret; } s->frame_size = 0; - return buf_size; + return buf_size + skipped; } static void mp_flush(MPADecodeContext *ctx) From b0d9042f9dbebde7311ca6ee729753ecb60e6f60 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 24 Sep 2015 23:49:30 +0200 Subject: [PATCH 552/562] avcodec/ffv1: seperate slice_count from max_slice_count Fix segfault with too large slice_count Fixes Ticket4879 Signed-off-by: Michael Niedermayer (cherry picked from commit aa6c43f3fdec8a7518534b9dab20c9eb4be11568) Conflicts: libavcodec/ffv1enc.c libavcodec/ffv1.c --- libavcodec/ffv1.c | 14 +++++++------- libavcodec/ffv1.h | 1 + libavcodec/ffv1dec.c | 8 +++++--- libavcodec/ffv1enc.c | 3 ++- 4 files changed, 15 insertions(+), 11 deletions(-) diff --git a/libavcodec/ffv1.c b/libavcodec/ffv1.c index f46ed26409..ed0f29a5c5 100644 --- a/libavcodec/ffv1.c +++ b/libavcodec/ffv1.c @@ -103,7 +103,7 @@ av_cold int ffv1_init_slice_state(FFV1Context *f, FFV1Context *fs) av_cold int ffv1_init_slices_state(FFV1Context *f) { int i, ret; - for (i = 0; i < f->slice_count; i++) { + for (i = 0; i < f->max_slice_count; i++) { FFV1Context *fs = f->slice_context[i]; if ((ret = ffv1_init_slice_state(f, fs)) < 0) return AVERROR(ENOMEM); @@ -115,10 +115,10 @@ av_cold int ffv1_init_slice_contexts(FFV1Context *f) { int i; - f->slice_count = f->num_h_slices * f->num_v_slices; - av_assert0(f->slice_count > 0); + f->max_slice_count = f->num_h_slices * f->num_v_slices; + av_assert0(f->max_slice_count > 0); - for (i = 0; i < f->slice_count; i++) { + for (i = 0; i < f->max_slice_count; i++) { FFV1Context *fs = av_mallocz(sizeof(*fs)); int sx = i % f->num_h_slices; int sy = i / f->num_h_slices; @@ -203,7 +203,7 @@ av_cold int ffv1_close(AVCodecContext *avctx) ff_thread_release_buffer(avctx, &s->last_picture); av_frame_free(&s->last_picture.f); - for (j = 0; j < s->slice_count; j++) { + for (j = 0; j < s->max_slice_count; j++) { FFV1Context *fs = s->slice_context[j]; for (i = 0; i < s->plane_count; i++) { PlaneContext *p = &fs->plane[i]; @@ -217,14 +217,14 @@ av_cold int ffv1_close(AVCodecContext *avctx) av_freep(&avctx->stats_out); for (j = 0; j < s->quant_table_count; j++) { av_freep(&s->initial_states[j]); - for (i = 0; i < s->slice_count; i++) { + for (i = 0; i < s->max_slice_count; i++) { FFV1Context *sf = s->slice_context[i]; av_freep(&sf->rc_stat2[j]); } av_freep(&s->rc_stat2[j]); } - for (i = 0; i < s->slice_count; i++) + for (i = 0; i < s->max_slice_count; i++) av_freep(&s->slice_context[i]); return 0; diff --git a/libavcodec/ffv1.h b/libavcodec/ffv1.h index bdc7b862d0..d859bd2e60 100644 --- a/libavcodec/ffv1.h +++ b/libavcodec/ffv1.h @@ -122,6 +122,7 @@ typedef struct FFV1Context { struct FFV1Context *slice_context[MAX_SLICES]; int slice_count; + int max_slice_count; int num_v_slices; int num_h_slices; int slice_width; diff --git a/libavcodec/ffv1dec.c b/libavcodec/ffv1dec.c index 166bc259f0..48f68c3189 100644 --- a/libavcodec/ffv1dec.c +++ b/libavcodec/ffv1dec.c @@ -737,6 +737,7 @@ static int read_header(FFV1Context *f) av_log(f->avctx, AV_LOG_ERROR, "read_quant_table error\n"); return AVERROR_INVALIDDATA; } + f->slice_count = f->max_slice_count; } else if (f->version < 3) { f->slice_count = get_symbol(c, state, 0); } else { @@ -751,8 +752,8 @@ static int read_header(FFV1Context *f) p -= size + trailer; } } - if (f->slice_count > (unsigned)MAX_SLICES || f->slice_count <= 0) { - av_log(f->avctx, AV_LOG_ERROR, "slice count %d is invalid\n", f->slice_count); + if (f->slice_count > (unsigned)MAX_SLICES || f->slice_count <= 0 || f->slice_count > f->max_slice_count) { + av_log(f->avctx, AV_LOG_ERROR, "slice count %d is invalid (max=%d)\n", f->slice_count, f->max_slice_count); return AVERROR_INVALIDDATA; } @@ -975,6 +976,7 @@ static int init_thread_copy(AVCodecContext *avctx) f->picture.f = NULL; f->last_picture.f = NULL; f->sample_buffer = NULL; + f->max_slice_count = 0; f->slice_count = 0; for (i = 0; i < f->quant_table_count; i++) { @@ -1045,7 +1047,7 @@ static int update_thread_context(AVCodecContext *dst, const AVCodecContext *src) av_assert0(!fdst->sample_buffer); } - av_assert1(fdst->slice_count == fsrc->slice_count); + av_assert1(fdst->max_slice_count == fsrc->max_slice_count); ff_thread_release_buffer(dst, &fdst->picture); diff --git a/libavcodec/ffv1enc.c b/libavcodec/ffv1enc.c index 72e15a477e..c7d6ada20d 100644 --- a/libavcodec/ffv1enc.c +++ b/libavcodec/ffv1enc.c @@ -947,6 +947,7 @@ slices_ok: if ((ret = ffv1_init_slice_contexts(s)) < 0) return ret; + s->slice_count = s->max_slice_count; if ((ret = ffv1_init_slices_state(s)) < 0) return ret; @@ -956,7 +957,7 @@ slices_ok: if (!avctx->stats_out) return AVERROR(ENOMEM); for (i = 0; i < s->quant_table_count; i++) - for (j = 0; j < s->slice_count; j++) { + for (j = 0; j < s->max_slice_count; j++) { FFV1Context *sf = s->slice_context[j]; av_assert0(!sf->rc_stat2[i]); sf->rc_stat2[i] = av_mallocz(s->context_count[i] * From f3dfb14f6c408537ed60934dcd9bec065a582d13 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 15 Sep 2015 04:01:27 +0200 Subject: [PATCH 553/562] avformat/avidec: Workaround broken initial frame Fixes Ticket4851 Signed-off-by: Michael Niedermayer (cherry picked from commit 3e2ef00394b8079e93835d47c993868229f07502) --- libavformat/avidec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/avidec.c b/libavformat/avidec.c index 86bea76624..2ad9a94ba8 100644 --- a/libavformat/avidec.c +++ b/libavformat/avidec.c @@ -1467,7 +1467,8 @@ static int avi_read_idx1(AVFormatContext *s, int size) ast = st->priv_data; if (first_packet && first_packet_pos) { - data_offset = first_packet_pos - pos; + if (avi->movi_list + 4 != pos || pos + 500 > first_packet_pos) + data_offset = first_packet_pos - pos; first_packet = 0; } pos += data_offset; From 01fa1dc22914b6f01602df34b27f80ab1d007bbe Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 27 Aug 2015 04:08:42 +0200 Subject: [PATCH 554/562] avformat/oggenc: Check segments_count for headers too Fixes infinite loop and segfault in ogg_buffer_data() Fixes Ticket4806 Signed-off-by: Michael Niedermayer (cherry picked from commit 81a8701eb52d2b6469ae16ef442ce425388141b7) --- libavformat/oggenc.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/libavformat/oggenc.c b/libavformat/oggenc.c index 1883501745..6b90a5ce80 100644 --- a/libavformat/oggenc.c +++ b/libavformat/oggenc.c @@ -255,7 +255,7 @@ static int ogg_buffer_data(AVFormatContext *s, AVStream *st, if (i == total_segments) page->granule = granule; - if (!header) { + { AVStream *st = s->streams[page->stream_index]; int64_t start = av_rescale_q(page->start_granule, st->time_base, @@ -263,10 +263,13 @@ static int ogg_buffer_data(AVFormatContext *s, AVStream *st, int64_t next = av_rescale_q(page->granule, st->time_base, AV_TIME_BASE_Q); - if (page->segments_count == 255 || - (ogg->pref_size > 0 && page->size >= ogg->pref_size) || - (ogg->pref_duration > 0 && next - start >= ogg->pref_duration)) { + if (page->segments_count == 255) { ogg_buffer_page(s, oggstream); + } else if (!header) { + if ((ogg->pref_size > 0 && page->size >= ogg->pref_size) || + (ogg->pref_duration > 0 && next - start >= ogg->pref_duration)) { + ogg_buffer_page(s, oggstream); + } } } } From 50ac23fd7fd9292e65214cb137d7dd595e5f898b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 21 Aug 2015 02:49:21 +0200 Subject: [PATCH 555/562] avcodec/h264_mp4toannexb_bsf: Reorder operations in nal_size check Fixes Ticket4778 Signed-off-by: Michael Niedermayer (cherry picked from commit 2bb54b82b5094fd906aa28c0443be08c95662a31) --- libavcodec/h264_mp4toannexb_bsf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h264_mp4toannexb_bsf.c b/libavcodec/h264_mp4toannexb_bsf.c index 7f72d2576e..06861b7ce3 100644 --- a/libavcodec/h264_mp4toannexb_bsf.c +++ b/libavcodec/h264_mp4toannexb_bsf.c @@ -174,7 +174,7 @@ static int h264_mp4toannexb_filter(AVBitStreamFilterContext *bsfc, buf += ctx->length_size; unit_type = *buf & 0x1f; - if (buf + nal_size > buf_end || nal_size < 0) + if (nal_size > buf_end - buf || nal_size < 0) goto fail; /* prepend only to the first type 5 NAL unit of an IDR picture */ From 206129843857f00bb29c1b5e62e8940f792acbde Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Fri, 23 Oct 2015 11:11:53 -0400 Subject: [PATCH 556/562] videodsp: don't overread edges in vfix3 emu_edge. Fixes trac ticket 3226. Also see Andreas' analysis in https://bugs.debian.org/801745, which was very helpful. (cherry picked from commit 52f84d82bdf1851ecfcc412c1719e5f6f3396209) --- libavcodec/x86/videodsp.asm | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/libavcodec/x86/videodsp.asm b/libavcodec/x86/videodsp.asm index 1ac02574d6..77189fa6ef 100644 --- a/libavcodec/x86/videodsp.asm +++ b/libavcodec/x86/videodsp.asm @@ -185,8 +185,12 @@ hvar_fn %elif (%2-%%off) == 2 mov valw, [srcq+%2-2] %elifidn %1, body - mov vald, [srcq+%2-3] -%else + mov valb, [srcq+%2-1] + sal vald, 16 + mov valw, [srcq+%2-3] +%elifidn %1, bottom + movd mm %+ %%mmx_idx, [srcq+%2-4] +%else ; top movd mm %+ %%mmx_idx, [srcq+%2-3] %endif %endif ; (%2-%%off) >= 1 @@ -242,12 +246,15 @@ hvar_fn mov [dstq+%2-2], valw %elifidn %1, body mov [dstq+%2-3], valw - shr vald, 16 + sar vald, 16 mov [dstq+%2-1], valb %else movd vald, mm %+ %%mmx_idx +%ifidn %1, bottom + sar vald, 8 +%endif mov [dstq+%2-3], valw - shr vald, 16 + sar vald, 16 mov [dstq+%2-1], valb %endif %endif ; (%2-%%off) >= 1 From 32ba667dc7fd737dda5b2cec11eed6a01d8e5bc9 Mon Sep 17 00:00:00 2001 From: Andrey Utkin Date: Tue, 1 Dec 2015 21:15:53 +0200 Subject: [PATCH 557/562] doc/filters/drawtext: fix centering example Signed-off-by: Andrey Utkin Signed-off-by: Lou Logan (cherry picked from commit 648b26acc5e25ab40c43fddc54b50e9f0b13ebd8) Signed-off-by: Timothy Gu --- doc/filters.texi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/filters.texi b/doc/filters.texi index 0cf53aeb6f..41b676936b 100644 --- a/doc/filters.texi +++ b/doc/filters.texi @@ -3656,7 +3656,7 @@ within the parameter list. @item Show the text at the center of the video frame: @example -drawtext="fontsize=30:fontfile=FreeSerif.ttf:text='hello world':x=(w-text_w)/2:y=(h-text_h-line_h)/2" +drawtext="fontsize=30:fontfile=FreeSerif.ttf:text='hello world':x=(w-text_w)/2:y=(h-text_h)/2" @end example @item From fde9b80c17e1f7ac7f8861d43180c94eaf8ee362 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 5 Nov 2015 00:36:59 +0100 Subject: [PATCH 558/562] avcodec/ffv1dec: Check for 0 quant tables Fixes assertion failure Fixes: 07ec1fc3c1cbf2d3edcd7d9b52ca156c/asan_heap-oob_13624c5_491_ecd4720a03e697ba750b235690656c8f.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 5745cf799a4389bc5d14f2b4daf32fe4631c50bc) --- libavcodec/ffv1dec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/ffv1dec.c b/libavcodec/ffv1dec.c index 48f68c3189..168a393874 100644 --- a/libavcodec/ffv1dec.c +++ b/libavcodec/ffv1dec.c @@ -533,7 +533,7 @@ static int read_extra_header(FFV1Context *f) } f->quant_table_count = get_symbol(c, state, 0); - if (f->quant_table_count > (unsigned)MAX_QUANT_TABLES) + if (f->quant_table_count > (unsigned)MAX_QUANT_TABLES || !f->quant_table_count) return AVERROR_INVALIDDATA; for (i = 0; i < f->quant_table_count; i++) { From d9593e075161b321afc639adeff9aca6f7d83da3 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 5 Nov 2015 01:25:50 +0100 Subject: [PATCH 559/562] avcodec/ffv1dec: Print an error if the quant table count is invalid Signed-off-by: Michael Niedermayer (cherry picked from commit a8b254e436dce2f5c8c6459108dab4b02cc6b79b) --- libavcodec/ffv1dec.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavcodec/ffv1dec.c b/libavcodec/ffv1dec.c index 168a393874..a019f75549 100644 --- a/libavcodec/ffv1dec.c +++ b/libavcodec/ffv1dec.c @@ -533,8 +533,10 @@ static int read_extra_header(FFV1Context *f) } f->quant_table_count = get_symbol(c, state, 0); - if (f->quant_table_count > (unsigned)MAX_QUANT_TABLES || !f->quant_table_count) + if (f->quant_table_count > (unsigned)MAX_QUANT_TABLES || !f->quant_table_count) { + av_log(f->avctx, AV_LOG_ERROR, "quant table count %d is invalid\n", f->quant_table_count); return AVERROR_INVALIDDATA; + } for (i = 0; i < f->quant_table_count; i++) { f->context_count[i] = read_quant_tables(c, f->quant_tables[i]); From 65f4425ad58072dcb5fbe6ce5d922de7f50a2c81 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 14 Nov 2015 13:21:58 +0100 Subject: [PATCH 560/562] avcodec/ffv1dec: Clear quant_table_count if its invalid Fixes deallocation of corrupted pointer Fixes: 343dfbe142a38b521ed069dc4ea7c03b/signal_sigsegv_421427_4074_ffb11959610278cd40dbc153464aa254.avi No releases affected Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit e04126072e984f8db5db9da9303c89ae01f7d6bb) Fixes ticket #5052. --- libavcodec/ffv1dec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/ffv1dec.c b/libavcodec/ffv1dec.c index a019f75549..ffba37f033 100644 --- a/libavcodec/ffv1dec.c +++ b/libavcodec/ffv1dec.c @@ -535,6 +535,7 @@ static int read_extra_header(FFV1Context *f) f->quant_table_count = get_symbol(c, state, 0); if (f->quant_table_count > (unsigned)MAX_QUANT_TABLES || !f->quant_table_count) { av_log(f->avctx, AV_LOG_ERROR, "quant table count %d is invalid\n", f->quant_table_count); + f->quant_table_count = 0; return AVERROR_INVALIDDATA; } From 00c016a5f7d23eb790abd3c4d1325a6ebc143f2c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 15 Dec 2015 02:06:04 +0100 Subject: [PATCH 561/562] swscale/x86/rgb2rgb_template: Do not crash on misaligend stride Fixes Ticket5013 Signed-off-by: Michael Niedermayer (cherry picked from commit 80bfce35ccd11458e97f68f417fc094c5347070c) --- libswscale/x86/rgb2rgb_template.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libswscale/x86/rgb2rgb_template.c b/libswscale/x86/rgb2rgb_template.c index 80e5670465..bfcaead9d0 100644 --- a/libswscale/x86/rgb2rgb_template.c +++ b/libswscale/x86/rgb2rgb_template.c @@ -1874,8 +1874,10 @@ static void RENAME(interleaveBytes)(const uint8_t *src1, const uint8_t *src2, ui for (h=0; h < height; h++) { int w; - if (width >= 16) + if (width >= 16 #if COMPILE_TEMPLATE_SSE2 + && !((((intptr_t)src1) | ((intptr_t)src2) | ((intptr_t)dest))&15) + ) __asm__( "xor %%"REG_a", %%"REG_a" \n\t" "1: \n\t" @@ -1895,6 +1897,7 @@ static void RENAME(interleaveBytes)(const uint8_t *src1, const uint8_t *src2, ui : "memory", "%"REG_a"" ); #else + ) __asm__( "xor %%"REG_a", %%"REG_a" \n\t" "1: \n\t" From a9a5f5b388aaa2f9882a44fddb6f26f2873985e9 Mon Sep 17 00:00:00 2001 From: Paul B Mahol Date: Wed, 2 Mar 2016 11:20:07 +0100 Subject: [PATCH 562/562] doc/utils: fix typo for min() description Signed-off-by: Paul B Mahol (cherry picked from commit bdf474bcff29f5b40fe14f6fa1dbe10e69c73ab7) Signed-off-by: Timothy Gu --- doc/utils.texi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/utils.texi b/doc/utils.texi index 937713902a..69a612249a 100644 --- a/doc/utils.texi +++ b/doc/utils.texi @@ -858,7 +858,7 @@ Return 1 if @var{x} is lesser than or equal to @var{y}, 0 otherwise. Return the maximum between @var{x} and @var{y}. @item min(x, y) -Return the maximum between @var{x} and @var{y}. +Return the minimum between @var{x} and @var{y}. @item mod(x, y) Compute the remainder of division of @var{x} by @var{y}.