From 9f8d8c57fbb780d6e6e630f16d530f392b31faae Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 11 Dec 2011 21:11:40 +0100 Subject: [PATCH 001/331] update for 0.9 Signed-off-by: Michael Niedermayer --- Changelog | 2 +- Doxyfile | 2 +- RELEASE | 2 +- VERSION | 1 + doc/RELEASE_NOTES | 54 +++-------------------------------------------- 5 files changed, 7 insertions(+), 54 deletions(-) create mode 100644 VERSION diff --git a/Changelog b/Changelog index 89d1893369..346d8ed8fc 100644 --- a/Changelog +++ b/Changelog @@ -1,7 +1,7 @@ Entries are sorted chronologically from oldest to youngest within each release, releases are sorted from youngest to oldest. -version next: +version 0.9: - openal input device added - boxblur filter added diff --git a/Doxyfile b/Doxyfile index 91907aeff9..98b2a43ee4 100644 --- a/Doxyfile +++ b/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = +PROJECT_NUMBER = 0.9 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. diff --git a/RELEASE b/RELEASE index 32b6aeee56..b63ba696b7 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -0.8.7.git +0.9 diff --git a/VERSION b/VERSION new file mode 100644 index 0000000000..9a7d84f2a9 --- /dev/null +++ b/VERSION @@ -0,0 +1 @@ +0.9 \ No newline at end of file diff --git a/doc/RELEASE_NOTES b/doc/RELEASE_NOTES index 7861bfd4bc..74a5dcd94c 100644 --- a/doc/RELEASE_NOTES +++ b/doc/RELEASE_NOTES @@ -1,65 +1,17 @@ Release Notes ============= -* 0.8 "Love" June, 2011 -* 0.7 "Peace" June, 2011 (identical to 0.8 but using 0.6 ABI/API) +* 0.9 "Harmony" December, 2011 General notes ------------- -This release enables frame-based multithreaded decoding for a number of codecs, -including theora, huffyuv, VP8, H.263, mpeg4 and H.264. Additionally, there has -been a major cleanup of -both internal and external APIs. For this reason, the major versions of all -libraries except libpostproc have been bumped. This means that 0.8 can be installed -side-by-side with previous releases, on the other hand applications need to be -recompiled to use 0.8. - -Other important changes are more than 200 bugfixes, known regressions were fixed -w.r.t 0.5 and 0.6, additions of decoders including, but not limited to, -AMR-WB, single stream LATM/LOAS, G.722 ADPCM, a native VP8 decoder -and HE-AACv2. Additionally, many new de/muxers such as WebM in Matroska, Apple -HTTP Live Streaming, SAP, IEC 61937 (S/PDIF) have been added. - -See the Changelog file for a list of significant changes. +See the Changelog file for a list of significant changes. Note, there +are many more new features and bugfixes than whats listed there. Bugreports against FFmpeg git master or the most recent FFmpeg release are accepted. If you are experiencing issues with any formally released version of FFmpeg, please try git master to check if the issue still exists. If it does, make your report against the development code following the usual bug reporting guidelines. - -Note, if you have difficulty building for mingw, try --disable-outdev=sdl - - -API changes ------------ - -Please see git log of the public headers or the file doc/APIchanges for -programmer-centric information. Note that some long-time deprecated APIs have -been removed. Also, a number of additional APIs have been deprecated and might -be removed in the next release. - - -Other notable changes ---------------------- - -- high quality dithering in swscale to fix banding issues -- ffmpeg is now interactive and various information can be turned on/off while its running -- resolution changing support in ffmpeg -- sdl output device -- optimizations in libavfilter that make it much faster -- split, buffer, select, lut, negate filters amongth others -- more than 50 new video filters from mplayers libmpcodecs -- many ARM NEON optimizations -- nonfree libfaad support for AAC decoding removed -- 4:4:4 H.264 decoding -- 9/10bit H.264 decoding -- Win64 Assembler support -- native MMSH/MMST support -- Windows TV demuxing -- native AMR-WB decoding -- native GSM-MS decoding -- SMPTE 302M decoding -- AVS encoding From 7881dad2b287117a789693942c2b002cc3ecc75b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 12 Dec 2011 02:03:38 +0100 Subject: [PATCH 002/331] seek-test: use standard format specifiers in snprintf() Signed-off-by: Michael Niedermayer (cherry picked from commit cd2f7ed0007f4803b6bd845366b2398abb32c355) Signed-off-by: Michael Niedermayer --- libavformat/seek-test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/seek-test.c b/libavformat/seek-test.c index 519f9492ab..34238e0e5d 100644 --- a/libavformat/seek-test.c +++ b/libavformat/seek-test.c @@ -53,7 +53,7 @@ static void ts_str(char buffer[60], int64_t ts, AVRational base) return; } ts= av_rescale_q(ts, base, (AVRational){1, 1000000}); - snprintf(buffer, 60, "%c%Ld.%06Ld", ts<0 ? '-' : ' ', FFABS(ts)/1000000, FFABS(ts)%1000000); + snprintf(buffer, 60, "%c%"PRId64".%06"PRId64"", ts<0 ? '-' : ' ', FFABS(ts)/1000000, FFABS(ts)%1000000); } int main(int argc, char **argv) From b8c41e5c08a80e8f4772572a5b61ad414e7fcbc0 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 12 Dec 2011 01:44:11 +0100 Subject: [PATCH 003/331] fate: replace forgotten avconv by ffmpeg in vsynth / asynth stuff Signed-off-by: Michael Niedermayer (cherry picked from commit 02a01c2fa168fcf3943c81aa0360076dd4856427) Signed-off-by: Michael Niedermayer --- tests/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/Makefile b/tests/Makefile index 9c192b78d9..15675dc9e6 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -4,8 +4,8 @@ AREF = fate-acodec-aref VREF = fate-vsynth1-vref fate-vsynth2-vref REFS = $(AREF) $(VREF) -$(VREF): avconv$(EXESUF) tests/vsynth1/00.pgm tests/vsynth2/00.pgm -$(AREF): avconv$(EXESUF) tests/data/asynth1.sw +$(VREF): ffmpeg$(EXESUF) tests/vsynth1/00.pgm tests/vsynth2/00.pgm +$(AREF): ffmpeg$(EXESUF) tests/data/asynth1.sw ffservertest: ffserver$(EXESUF) tests/vsynth1/00.pgm tests/data/asynth1.sw @echo From e6a5de4421a8b46abf362247bb9ff015c7550144 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 12 Dec 2011 17:30:55 +0100 Subject: [PATCH 004/331] ffmpeg: fix codecids with ffserver + ffmpeg + ffm Signed-off-by: Michael Niedermayer (cherry picked from commit ee731c1ab071ee51839fd6c2db15dc719349ebb2) Signed-off-by: Michael Niedermayer --- ffmpeg.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ffmpeg.c b/ffmpeg.c index ee79e32039..12089413f0 100644 --- a/ffmpeg.c +++ b/ffmpeg.c @@ -3962,6 +3962,7 @@ static int read_ffserver_streams(OptionsContext *o, AVFormatContext *s, const ch ost = new_output_stream(o, s, codec->type); st = ost->st; avctx = st->codec; + ost->enc = codec; // FIXME: a more elegant solution is needed memcpy(st, ic->streams[i], sizeof(AVStream)); From 57111c558e9f4785e5b6f203ddc4fd44da0694de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tomas=20H=C3=A4rdin?= Date: Fri, 9 Dec 2011 15:48:33 +0100 Subject: [PATCH 005/331] mxfdec: Bring back accumulated_offset that was removed in 5e67e3e I thought it had to do with file offsets, but's actually the offset inside the essence container. In other words, unbreak multiple EditUnitByteCounts. Signed-off-by: Michael Niedermayer (cherry picked from commit c0ee522df6c9ef09cdcb5bce7adb4b745aa6485a) Signed-off-by: Michael Niedermayer --- libavformat/mxfdec.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index d61c1154de..1f2782bade 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -1080,6 +1080,7 @@ static int mxf_absolute_bodysid_offset(MXFContext *mxf, int body_sid, int64_t of static int mxf_parse_index(MXFContext *mxf, int track_id, AVStream *st) { + int64_t accumulated_offset = 0; int j, k, ret, nb_sorted_segments; MXFIndexTableSegment **sorted_segments = NULL; int n_delta = track_id - 1; /* TrackID = 1-based stream index */ @@ -1104,6 +1105,10 @@ static int mxf_parse_index(MXFContext *mxf, int track_id, AVStream *st) int64_t segment_size; MXFIndexTableSegment *tableseg = sorted_segments[j]; + /* reset accumulated_offset on BodySID change */ + if (j > 0 && tableseg->body_sid != sorted_segments[j-1]->body_sid) + accumulated_offset = 0; + if (n_delta >= tableseg->nb_delta_entries && st->index != 0) continue; duration = tableseg->index_duration > 0 ? tableseg->index_duration : @@ -1155,7 +1160,7 @@ static int mxf_parse_index(MXFContext *mxf, int track_id, AVStream *st) size = 0; flags = !(tableseg->flag_entries[k] & 0x30) ? AVINDEX_KEYFRAME : 0; } else { - pos = (int64_t)(tableseg->index_start_position + k) * tableseg->edit_unit_byte_count; + pos = (int64_t)k * tableseg->edit_unit_byte_count + accumulated_offset; if (n_delta < tableseg->nb_delta_entries - 1) size = tableseg->element_delta[n_delta+1] - tableseg->element_delta[n_delta]; else { @@ -1183,6 +1188,7 @@ static int mxf_parse_index(MXFContext *mxf, int track_id, AVStream *st) if ((ret = av_add_index_entry(st, pos, sample_duration * st->nb_index_entries, size, 0, flags)) < 0) return ret; } + accumulated_offset += segment_size; } av_free(sorted_segments); From 56934434466445919875f608aff7036573326352 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tomas=20H=C3=A4rdin?= Date: Fri, 9 Dec 2011 16:08:29 +0100 Subject: [PATCH 006/331] mxfdec: Check slice_count before freeing slice_offset_entries This fixes SIGSEGV on sliceless (single stream) VBR files Signed-off-by: Michael Niedermayer (cherry picked from commit 89cc8c17dfc2e49d2507eb72bfba10baba372d7f) Signed-off-by: Michael Niedermayer --- libavformat/mxfdec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index 1f2782bade..2b2eb98a0c 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -1713,6 +1713,7 @@ static int mxf_read_close(AVFormatContext *s) break; case IndexTableSegment: seg = (MXFIndexTableSegment *)mxf->metadata_sets[i]; + if (seg->slice_count) for (j = 0; j < seg->nb_index_entries; j++) av_freep(&seg->slice_offset_entries[j]); av_freep(&seg->slice); From 849ee7ee8246c401d07cb5996b4b350ce17f0824 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 12 Dec 2011 20:59:04 +0100 Subject: [PATCH 007/331] build: Disable avconv more completely while leaving the user the option to enable it Signed-off-by: Michael Niedermayer (cherry picked from commit c83ef636a665b2e17f1b6745a98ec7a5719264df) Signed-off-by: Michael Niedermayer --- Makefile | 2 +- configure | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 24fc455f46..c0af5c2c74 100644 --- a/Makefile +++ b/Makefile @@ -47,7 +47,7 @@ include $(SRC_PATH)/common.mak FF_EXTRALIBS := $(FFEXTRALIBS) FF_DEP_LIBS := $(DEP_LIBS) -all: $(filter-out avconv, $(PROGS)) +all: $(PROGS) $(PROGS): %$(EXESUF): %$(PROGSSUF)_g$(EXESUF) $(CP) $< $@$(PROGSSUF) diff --git a/configure b/configure index cc7ba534df..50b5c3a369 100755 --- a/configure +++ b/configure @@ -81,7 +81,7 @@ Configuration options: and binaries will be unredistributable [no] --disable-doc do not build documentation --disable-ffmpeg disable ffmpeg build - --disable-avconv disable avconv build + --enable-avconv enable avconv build --disable-ffplay disable ffplay build --disable-ffprobe disable ffprobe build --disable-ffserver disable ffserver build @@ -1799,7 +1799,6 @@ enable debug enable doc enable fastdiv enable ffmpeg -enable avconv enable ffplay enable ffprobe enable ffserver From 6289b6c81165234ef0cf4d331f05fc9c250f4fe4 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 13 Dec 2011 19:54:31 +0100 Subject: [PATCH 008/331] twinnvq: remove ;; Signed-off-by: Michael Niedermayer (cherry picked from commit 35f707abe1bd3b80b1951010539285d4c3a14dba) Signed-off-by: Michael Niedermayer --- libavcodec/twinvq.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/twinvq.c b/libavcodec/twinvq.c index 1810ce8c88..6a0bd4d145 100644 --- a/libavcodec/twinvq.c +++ b/libavcodec/twinvq.c @@ -871,7 +871,7 @@ static int twin_decode_frame(AVCodecContext * avctx, void *data, } *got_frame_ptr = 1; - *(AVFrame *)data = tctx->frame;; + *(AVFrame *)data = tctx->frame; return buf_size; } From b92ef485c712fe8af2c32ddd28e4470abcb7e5ff Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 13 Dec 2011 20:01:49 +0100 Subject: [PATCH 009/331] Fix all GNU %Ld Signed-off-by: Michael Niedermayer (cherry picked from commit 9aeaf629038c572073e836277cd1fa981465dd6c) Signed-off-by: Michael Niedermayer --- libavcodec/ratecontrol.c | 2 +- libavformat/avienc.c | 2 +- libavformat/movenc.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/libavcodec/ratecontrol.c b/libavcodec/ratecontrol.c index 5919ea2b23..dda8b2616a 100644 --- a/libavcodec/ratecontrol.c +++ b/libavcodec/ratecontrol.c @@ -708,7 +708,7 @@ float ff_rate_estimate_qscale(MpegEncContext *s, int dry_run) dts_pic= s->last_picture_ptr; //if(dts_pic) -// av_log(NULL, AV_LOG_ERROR, "%Ld %Ld %Ld %d\n", s->current_picture_ptr->pts, s->user_specified_pts, dts_pic->pts, picture_number); +// av_log(NULL, AV_LOG_ERROR, "%"PRId64" %"PRId64" %"PRId64" %d\n", s->current_picture_ptr->pts, s->user_specified_pts, dts_pic->pts, picture_number); if (!dts_pic || dts_pic->f.pts == AV_NOPTS_VALUE) wanted_bits= (uint64_t)(s->bit_rate*(double)picture_number/fps); diff --git a/libavformat/avienc.c b/libavformat/avienc.c index 091d4cbb1e..d27c2f58ed 100644 --- a/libavformat/avienc.c +++ b/libavformat/avienc.c @@ -525,7 +525,7 @@ static int avi_write_packet(AVFormatContext *s, AVPacket *pkt) AVPacket empty_packet; if(pkt->dts - avist->packet_count > 60000){ - av_log(s, AV_LOG_ERROR, "Too large number of skiped frames %Ld\n", pkt->dts - avist->packet_count); + av_log(s, AV_LOG_ERROR, "Too large number of skiped frames %"PRId64"\n", pkt->dts - avist->packet_count); return AVERROR(EINVAL); } diff --git a/libavformat/movenc.c b/libavformat/movenc.c index 181965f720..420e5f8403 100644 --- a/libavformat/movenc.c +++ b/libavformat/movenc.c @@ -2562,7 +2562,7 @@ static int update_first_fragment(AVFormatContext *s) if(mov->reserved_moov_size){ int64_t size= mov->reserved_moov_size - (avio_tell(pb) - mov->reserved_moov_pos); if(size < 8){ - av_log(s, AV_LOG_ERROR, "reserved_moov_size is too small, needed %Ld additional\n", 8-size); + av_log(s, AV_LOG_ERROR, "reserved_moov_size is too small, needed %"PRId64" additional\n", 8-size); return -1; } avio_wb32(pb, size); From 657737e58d65a1f1c10f1059231592a0a9ad652e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 13 Dec 2011 20:53:21 +0100 Subject: [PATCH 010/331] clenaup: #ifdec CONFIG* Signed-off-by: Michael Niedermayer (cherry picked from commit b39e01a6e887745192da8c105ffac1f297b00da9) Signed-off-by: Michael Niedermayer --- libavcodec/rv34_parser.c | 4 ++-- libavformat/bit.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/libavcodec/rv34_parser.c b/libavcodec/rv34_parser.c index 4c1d2e396e..9672f26182 100644 --- a/libavcodec/rv34_parser.c +++ b/libavcodec/rv34_parser.c @@ -76,7 +76,7 @@ static int rv34_parse(AVCodecParserContext *s, return buf_size; } -#ifdef CONFIG_RV30_PARSER +#if CONFIG_RV30_PARSER AVCodecParser ff_rv30_parser = { .codec_ids = { CODEC_ID_RV30 }, .priv_data_size = sizeof(RV34ParseContext), @@ -84,7 +84,7 @@ AVCodecParser ff_rv30_parser = { }; #endif -#ifdef CONFIG_RV40_PARSER +#if CONFIG_RV40_PARSER AVCodecParser ff_rv40_parser = { .codec_ids = { CODEC_ID_RV40 }, .priv_data_size = sizeof(RV34ParseContext), diff --git a/libavformat/bit.c b/libavformat/bit.c index 3449ce1b21..1249ea1aee 100644 --- a/libavformat/bit.c +++ b/libavformat/bit.c @@ -113,7 +113,7 @@ AVInputFormat ff_bit_demuxer = { .extensions = "bit", }; -#ifdef CONFIG_MUXERS +#if CONFIG_MUXERS static int write_header(AVFormatContext *s) { AVCodecContext *enc = s->streams[0]->codec; From 834aef341d77d60edef92fe4270f7b1e223bc0a4 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 13 Dec 2011 21:01:45 +0100 Subject: [PATCH 011/331] cleanup: for(int Signed-off-by: Michael Niedermayer (cherry picked from commit 16b771b1f47daa9fec84477040984d83a92ba4a6) Signed-off-by: Michael Niedermayer --- ffplay.c | 3 ++- libavcodec/proresenc.c | 10 +++++----- libavdevice/dv1394.h | 3 ++- libavfilter/transform.c | 9 ++++++--- 4 files changed, 15 insertions(+), 10 deletions(-) diff --git a/ffplay.c b/ffplay.c index 7ebe6f3b44..6af3df3300 100644 --- a/ffplay.c +++ b/ffplay.c @@ -2776,10 +2776,11 @@ static void stream_cycle_channel(VideoState *is, int codec_type) static void toggle_full_screen(VideoState *is) { + int i; is_full_screen = !is_full_screen; #if defined(__APPLE__) && SDL_VERSION_ATLEAST(1, 2, 14) /* OS X needs to reallocate the SDL overlays */ - for (int i = 0; i < VIDEO_PICTURE_QUEUE_SIZE; i++) { + for (i = 0; i < VIDEO_PICTURE_QUEUE_SIZE; i++) { is->pictq[i].reallocate = 1; } #endif diff --git a/libavcodec/proresenc.c b/libavcodec/proresenc.c index d27719d368..8cdcff3c49 100644 --- a/libavcodec/proresenc.c +++ b/libavcodec/proresenc.c @@ -234,10 +234,10 @@ static void encode_ac_coeffs(AVCodecContext *avctx, PutBitContext *pb, int prev_run = 4; int prev_level = 2; - int run = 0, level, code; - for (int i = 1; i < 64; i++) { + int run = 0, level, code, i, j; + for (i = 1; i < 64; i++) { int indp = progressive_scan[i]; - for (int j = 0; j < blocks_per_slice; j++) { + for (j = 0; j < blocks_per_slice; j++) { int val = QSCALE(qmat, indp, in[(j << 6) + indp]); if (val) { encode_codeword(pb, run, run_to_cb[FFMIN(prev_run, 15)]); @@ -441,13 +441,13 @@ static int prores_encode_picture(AVCodecContext *avctx, AVFrame *pic, { int mb_width = (avctx->width + 15) >> 4; int mb_height = (avctx->height + 15) >> 4; - int hdr_size, sl_size; + int hdr_size, sl_size, i; int mb_y, sl_data_size, qp; int unsafe_bot, unsafe_right; uint8_t *sl_data, *sl_data_sizes; int slice_per_line = 0, rem = mb_width; - for (int i = av_log2(DEFAULT_SLICE_MB_WIDTH); i >= 0; --i) { + for (i = av_log2(DEFAULT_SLICE_MB_WIDTH); i >= 0; --i) { slice_per_line += rem >> i; rem &= (1 << i) - 1; } diff --git a/libavdevice/dv1394.h b/libavdevice/dv1394.h index 00706f7541..1bab0314c5 100644 --- a/libavdevice/dv1394.h +++ b/libavdevice/dv1394.h @@ -175,7 +175,8 @@ if(status.dropped_frames > 0) { reset_dv1394(); } else { - for(int i = 0; i < status.n_clear_frames; i++) { + int i; + for(i = 0; i < status.n_clear_frames; i++) { copy_DV_frame(); } } diff --git a/libavfilter/transform.c b/libavfilter/transform.c index 800f784446..8afc5fea6a 100644 --- a/libavfilter/transform.c +++ b/libavfilter/transform.c @@ -116,19 +116,22 @@ void avfilter_get_matrix(float x_shift, float y_shift, float angle, float zoom, void avfilter_add_matrix(const float *m1, const float *m2, float *result) { - for (int i = 0; i < 9; i++) + int i; + for (i = 0; i < 9; i++) result[i] = m1[i] + m2[i]; } void avfilter_sub_matrix(const float *m1, const float *m2, float *result) { - for (int i = 0; i < 9; i++) + int i; + for (i = 0; i < 9; i++) result[i] = m1[i] - m2[i]; } void avfilter_mul_matrix(const float *m1, float scalar, float *result) { - for (int i = 0; i < 9; i++) + int i; + for (i = 0; i < 9; i++) result[i] = m1[i] * scalar; } From 9aaf250fb3b76c14f2a257cdac80d9a403057e7a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20B=C5=93sch?= Date: Tue, 13 Dec 2011 15:54:59 +0100 Subject: [PATCH 012/331] lavfi: skip the frame in case of error. This fixes playback with some audio files through filters. (cherry picked from commit 220481e1d6582277ae4c02b05f87251a8670e6cc) Signed-off-by: Michael Niedermayer --- libavfilter/src_movie.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavfilter/src_movie.c b/libavfilter/src_movie.c index 5806339eb7..a2a9f11732 100644 --- a/libavfilter/src_movie.c +++ b/libavfilter/src_movie.c @@ -416,8 +416,10 @@ static int amovie_get_samples(AVFilterLink *outlink) /* decode and update the movie pkt */ ret = avcodec_decode_audio3(movie->codec_ctx, movie->samples_buf, &decoded_data_size, &movie->pkt); - if (ret < 0) + if (ret < 0) { + movie->pkt.size = 0; return ret; + } movie->pkt.data += ret; movie->pkt.size -= ret; From 238c7ffd7dc23b33596c0a49dcb7d8d4fc3f2c46 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Wed, 14 Dec 2011 15:09:30 +0100 Subject: [PATCH 013/331] Do not reject LIST tags in wav with size 4. Fixes ticket #745. (cherry picked from commit a8e93ce4cb74dc26153bdccfbe8a487674e583a6) --- libavformat/wav.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/wav.c b/libavformat/wav.c index 87d97b4c0c..9d4b0708b8 100644 --- a/libavformat/wav.c +++ b/libavformat/wav.c @@ -507,7 +507,7 @@ static int wav_read_header(AVFormatContext *s, goto break_loop; case MKTAG('L', 'I', 'S', 'T'): list_type = avio_rl32(pb); - if (size <= 4) { + if (size < 4) { av_log(s, AV_LOG_ERROR, "too short LIST"); return AVERROR_INVALIDDATA; } From 866d5c958f24c67127286a82a4d7a730f00253e2 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Fri, 16 Dec 2011 02:33:25 +0100 Subject: [PATCH 014/331] Export ff_vdpau_vc1_decode_picture(). XBMC's configure script checks for this function in installed libavcodec.so to determine VDPAU support. Fixes ticket #762 reported by Christian Marillat (cherry picked from commit 9994643fdd6c06b4f986be8879953a139fbd1a40) --- libavcodec/libavcodec.v | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/libavcodec.v b/libavcodec/libavcodec.v index 9f6b01d103..6539d7bdb7 100644 --- a/libavcodec/libavcodec.v +++ b/libavcodec/libavcodec.v @@ -25,5 +25,7 @@ LIBAVCODEC_$MAJOR { ff_mmxext_idct; ff_idct_xvid*; ff_jpeg_fdct*; + #XBMC's configure checks for ff_vdpau_vc1_decode_picture() + ff_vdpau_vc1_decode_picture; local: *; }; From 388e3e7853d800c53ffcefc187bebb722c31a0fd Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 19 Nov 2011 20:37:42 +0100 Subject: [PATCH 015/331] ac3dec: update checked AV_EF flags. A user who wishes to use default error concealment cannot set the AV_EF_CRCCHECK flag because not every CRC in every format is a reliable indicator of bitstream damage. In some formats crcrs can be nonsensical in absence of any damage. We thus add the AV_EF_CAREFUL flag in addition to the AV_EF_CRCCHECK flag to allow a user to enable this reliable CRC check without having to enable all CRC checks in all formats. Signed-off-by: Michael Niedermayer (cherry picked from commit eda3758c87dafe8a6179b16e25e60b11746213ad) Signed-off-by: Michael Niedermayer --- libavcodec/ac3dec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/ac3dec.c b/libavcodec/ac3dec.c index 5e8b36404b..0cb7c67a1f 100644 --- a/libavcodec/ac3dec.c +++ b/libavcodec/ac3dec.c @@ -1371,7 +1371,7 @@ static int ac3_decode_frame(AVCodecContext * avctx, void *data, if (s->frame_size > buf_size) { av_log(avctx, AV_LOG_ERROR, "incomplete frame\n"); err = AAC_AC3_PARSE_ERROR_FRAME_SIZE; - } else if (avctx->err_recognition & AV_EF_CRCCHECK) { + } else if (avctx->err_recognition & (AV_EF_CRCCHECK|AV_EF_CAREFUL)) { /* check for crc mismatch */ if (av_crc(av_crc_get_table(AV_CRC_16_ANSI), 0, &buf[2], s->frame_size - 2)) { From 6db6fe82cae8b61b769144a479213f7d8d5c1549 Mon Sep 17 00:00:00 2001 From: Matthieu Bouron Date: Wed, 14 Dec 2011 14:30:39 +0100 Subject: [PATCH 016/331] mpeg12enc: fix drop_frame_timecode value Signed-off-by: Michael Niedermayer (cherry picked from commit 366605ff5dc1471304e8999b8961bc9e4417fc5a) Signed-off-by: Michael Niedermayer --- libavcodec/mpeg12enc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/mpeg12enc.c b/libavcodec/mpeg12enc.c index 3cfe733139..1c620c8489 100644 --- a/libavcodec/mpeg12enc.c +++ b/libavcodec/mpeg12enc.c @@ -184,6 +184,7 @@ static av_cold int encode_init(AVCodecContext *avctx) s->tc.rate = avpriv_frame_rate_tab[s->frame_rate_index]; if (ff_init_smtpe_timecode(s, &s->tc) < 0) return -1; + s->drop_frame_timecode = s->tc.drop; s->avctx->timecode_frame_start = s->tc.start; } else { s->avctx->timecode_frame_start = 0; // default is -1 From 964d75735f6a4412437b3fc0ea9a0c5bb586811b Mon Sep 17 00:00:00 2001 From: Marton Balint Date: Tue, 13 Dec 2011 23:27:24 +0100 Subject: [PATCH 017/331] ffplay: force setting video mode on fullscreen toggle Fixes ticket #736. Based on the patch by glangshaw. Signed-off-by: Marton Balint (cherry picked from commit 9fb2b412585f94d4a74eb93598b0b1cc3482c189) Signed-off-by: Michael Niedermayer --- ffplay.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ffplay.c b/ffplay.c index 6af3df3300..04289dfeeb 100644 --- a/ffplay.c +++ b/ffplay.c @@ -922,7 +922,7 @@ static void do_exit(VideoState *is) exit(0); } -static int video_open(VideoState *is){ +static int video_open(VideoState *is, int force_set_video_mode){ int flags = SDL_HWSURFACE|SDL_ASYNCBLIT|SDL_HWACCEL; int w,h; @@ -949,7 +949,7 @@ static int video_open(VideoState *is){ h = 480; } if(screen && is->width == screen->w && screen->w == w - && is->height== screen->h && screen->h == h) + && is->height== screen->h && screen->h == h && !force_set_video_mode) return 0; screen = SDL_SetVideoMode(w, h, 0, flags); if (!screen) { @@ -970,7 +970,7 @@ static int video_open(VideoState *is){ static void video_display(VideoState *is) { if(!screen) - video_open(is); + video_open(is, 0); if (is->audio_st && is->show_mode != SHOW_MODE_VIDEO) video_audio_display(is); else if (is->video_st) @@ -2784,7 +2784,7 @@ static void toggle_full_screen(VideoState *is) is->pictq[i].reallocate = 1; } #endif - video_open(is); + video_open(is, 1); } static void toggle_pause(VideoState *is) @@ -2936,7 +2936,7 @@ static void event_loop(VideoState *cur_stream) do_exit(cur_stream); break; case FF_ALLOC_EVENT: - video_open(event.user.data1); + video_open(event.user.data1, 0); alloc_picture(event.user.data1); break; case FF_REFRESH_EVENT: From 2a66a653413b36e8171aa4db758f7c51e1304f4d Mon Sep 17 00:00:00 2001 From: "Panagiotis H.M. Issaris" Date: Mon, 28 Nov 2011 13:48:13 +0100 Subject: [PATCH 018/331] ffplay: add 10 minute seek support to ffplay Signed-off-by: Marton Balint (cherry picked from commit 91a3ea671adda0039c6c221f158a88391416b574) Signed-off-by: Michael Niedermayer --- doc/ffplay.texi | 3 +++ ffplay.c | 7 +++++++ 2 files changed, 10 insertions(+) diff --git a/doc/ffplay.texi b/doc/ffplay.texi index b4d6dbcdcb..06666f6e59 100644 --- a/doc/ffplay.texi +++ b/doc/ffplay.texi @@ -168,6 +168,9 @@ Seek backward/forward 10 seconds. @item down/up Seek backward/forward 1 minute. +@item page down/page up +Seek backward/forward 10 minutes. + @item mouse click Seek to percentage in file corresponding to fraction of width. diff --git a/ffplay.c b/ffplay.c index 04289dfeeb..9f3be0ced0 100644 --- a/ffplay.c +++ b/ffplay.c @@ -2853,6 +2853,12 @@ static void event_loop(VideoState *cur_stream) case SDLK_w: toggle_audio_display(cur_stream); break; + case SDLK_PAGEUP: + incr = 600.0; + goto do_seek; + case SDLK_PAGEDOWN: + incr = -600.0; + goto do_seek; case SDLK_LEFT: incr = -10.0; goto do_seek; @@ -3122,6 +3128,7 @@ static int opt_help(const char *opt, const char *arg) "s activate frame-step mode\n" "left/right seek backward/forward 10 seconds\n" "down/up seek backward/forward 1 minute\n" + "page down/page up seek backward/forward 10 minutes\n" "mouse click seek to percentage in file corresponding to fraction of width\n" ); return 0; From f600d709f05abfd22d5424c223bc076e8fdcffc8 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 14 Dec 2011 00:38:22 +0100 Subject: [PATCH 019/331] ffplay: Fix got_frame type. Signed-off-by: Michael Niedermayer Signed-off-by: Marton Balint (cherry picked from commit a5a1e3cb8a5f554818c2e491ab4d2cad833a4556) Signed-off-by: Michael Niedermayer --- ffplay.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ffplay.c b/ffplay.c index 9f3be0ced0..b68f798607 100644 --- a/ffplay.c +++ b/ffplay.c @@ -2043,7 +2043,8 @@ static int audio_decode_frame(VideoState *is, double *pts_ptr) AVPacket *pkt = &is->audio_pkt; AVCodecContext *dec= is->audio_st->codec; int len1, len2, data_size, resampled_data_size; - int64_t dec_channel_layout, got_frame; + int64_t dec_channel_layout; + int got_frame; double pts; int new_packet = 0; int flush_complete = 0; From eee78ef30daca0ed40a7ef21c749fd468667c09b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 14 Dec 2011 00:38:23 +0100 Subject: [PATCH 020/331] ffplay: clear pkt_temp when pkt is freed. Signed-off-by: Michael Niedermayer Signed-off-by: Marton Balint (cherry picked from commit efe8a1ba08dd868e5a96f5759258b0733bb2004c) Signed-off-by: Michael Niedermayer --- ffplay.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ffplay.c b/ffplay.c index b68f798607..947a84b06c 100644 --- a/ffplay.c +++ b/ffplay.c @@ -2145,6 +2145,7 @@ static int audio_decode_frame(VideoState *is, double *pts_ptr) /* free the current packet */ if (pkt->data) av_free_packet(pkt); + memset(pkt_temp, 0, sizeof(*pkt_temp)); if (is->paused || is->audioq.abort_request) { return -1; From f52324629a0f8e3a022a494fabfe0a4354f78f99 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 14 Dec 2011 21:23:03 +0100 Subject: [PATCH 021/331] riff: Fix freeing of random value. Fixes Ticket752 Bug-found-by: Diana Elena Muscalu (cherry picked from commit 76b9a0961c33c9eb19b220c6f0edfbb3e79fcd59) Signed-off-by: Michael Niedermayer --- libavformat/riff.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libavformat/riff.c b/libavformat/riff.c index 3cc3c354c0..9915eb259b 100644 --- a/libavformat/riff.c +++ b/libavformat/riff.c @@ -713,8 +713,7 @@ int ff_read_riff_info(AVFormatContext *s, int64_t size) AV_WL32(key, chunk_code); if (avio_read(pb, value, chunk_size) != chunk_size) { - av_freep(key); - av_freep(value); + av_freep(&value); av_log(s, AV_LOG_ERROR, "premature end of file while reading INFO tag\n"); return AVERROR_INVALIDDATA; } From bf928ebed2c5569e20ccbe4d44b66a41f532f316 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 14 Dec 2011 22:20:39 +0100 Subject: [PATCH 022/331] 4xm: check if there are bits left in decode_i_block() Fixed Ticket753 Bug Found by: Diana Elena Muscalu Signed-off-by: Michael Niedermayer (cherry picked from commit e1ba29c76430ce511fd901c8b7a1bd199b169dc0) Signed-off-by: Michael Niedermayer --- libavcodec/4xm.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/4xm.c b/libavcodec/4xm.c index 9350f06e9b..f854f1cfb5 100644 --- a/libavcodec/4xm.c +++ b/libavcodec/4xm.c @@ -459,6 +459,11 @@ static int decode_p_frame(FourXContext *f, const uint8_t *buf, int length){ static int decode_i_block(FourXContext *f, DCTELEM *block){ int code, i, j, level, val; + if(get_bits_left(&f->gb) < 2){ + av_log(f->avctx, AV_LOG_ERROR, "%d bits left before decode_i_block()\n", get_bits_left(&f->gb)); + return -1; + } + /* DC coef */ val = get_vlc2(&f->pre_gb, f->pre_vlc.table, ACDC_VLC_BITS, 3); if (val>>4){ From de69052b1a75feb597b01d0d192d07833ebddef4 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 14 Dec 2011 22:48:30 +0100 Subject: [PATCH 023/331] ljpeg: Check that lowres is 0 as lowres is not possible with ljpeg. Signed-off-by: Michael Niedermayer --- libavcodec/mjpegdec.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index 5a51201d9d..b3b02daab6 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -233,6 +233,11 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s) return -1; } + if(s->lossless && s->avctx->lowres){ + av_log(s->avctx, AV_LOG_ERROR, "lowres is not possible with lossless jpeg\n"); + return -1; + } + height = get_bits(&s->gb, 16); width = get_bits(&s->gb, 16); From 35a42ca0bfdccbdc5511ca387659477f530c0165 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tomas=20H=C3=A4rdin?= Date: Thu, 15 Dec 2011 13:16:36 +0100 Subject: [PATCH 024/331] mxfdec: Only use the new demuxing logic for OPAtom This is a stopgap for ticket #746. Signed-off-by: Michael Niedermayer --- libavformat/mxfdec.c | 4 ++-- tests/ref/seek/lavf_mxf | 41 +++++++++++++++++++++++------------------ 2 files changed, 25 insertions(+), 20 deletions(-) diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index 2b2eb98a0c..4a90827374 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -433,7 +433,7 @@ static int mxf_read_packet(AVFormatContext *s, AVPacket *pkt) /* TODO: better logic for this? * only files that lack all index segments prior to the essence need this */ - if (!s->pb->seekable && mxf->op != OPAtom || mxf->d10 || mxf->broken_index) + if (mxf->op != OPAtom) return mxf_read_packet_old(s, pkt); if (mxf->current_stream >= s->nb_streams) { @@ -1761,7 +1761,7 @@ static int mxf_read_seek(AVFormatContext *s, int stream_index, int64_t sample_ti int64_t seekpos; int index; - if (mxf->d10) { + if (mxf->op != OPAtom) { if (!s->bit_rate) return -1; if (sample_time < 0) diff --git a/tests/ref/seek/lavf_mxf b/tests/ref/seek/lavf_mxf index 00dea3d8fd..4c1aecc68e 100644 --- a/tests/ref/seek/lavf_mxf +++ b/tests/ref/seek/lavf_mxf @@ -2,47 +2,52 @@ ret: 0 st: 0 flags:1 dts: 0.000000 pts: NOPTS pos: 6144 size: 24801 ret: 0 st:-1 flags:0 ts:-1.000000 ret: 0 st: 0 flags:1 dts: 0.000000 pts: NOPTS pos: 6144 size: 24801 ret: 0 st:-1 flags:1 ts: 1.894167 -ret: 0 st: 0 flags:1 dts: 0.880000 pts: NOPTS pos: 460800 size: 24712 +ret:-1 ret: 0 st: 0 flags:0 ts: 0.800000 -ret: 0 st: 0 flags:1 dts: 0.880000 pts: NOPTS pos: 460800 size: 24712 +ret:-1 ret: 0 st: 0 flags:1 ts:-0.320000 ret: 0 st: 0 flags:1 dts: 0.000000 pts: NOPTS pos: 6144 size: 24801 -ret:-1 st: 1 flags:0 ts: 2.560000 +ret: 0 st: 1 flags:0 ts: 2.560000 +ret:-1 ret: 0 st: 1 flags:1 ts: 1.480000 -ret: 0 st: 0 flags:1 dts: 0.880000 pts: NOPTS pos: 460800 size: 24712 +ret:-1 ret: 0 st:-1 flags:0 ts: 0.365002 -ret: 0 st: 0 flags:1 dts: 0.400000 pts: NOPTS pos: 211968 size: 24787 +ret: 0 st: 0 flags:1 dts: 0.360000 pts: NOPTS pos: 6144 size: 24801 ret: 0 st:-1 flags:1 ts:-0.740831 ret: 0 st: 0 flags:1 dts: 0.000000 pts: NOPTS pos: 6144 size: 24801 -ret:-1 st: 0 flags:0 ts: 2.160000 +ret: 0 st: 0 flags:0 ts: 2.160000 +ret:-1 ret: 0 st: 0 flags:1 ts: 1.040000 -ret: 0 st: 0 flags:1 dts: 0.880000 pts: NOPTS pos: 460800 size: 24712 +ret:-1 ret: 0 st: 1 flags:0 ts:-0.040000 ret: 0 st: 0 flags:1 dts: 0.000000 pts: NOPTS pos: 6144 size: 24801 ret: 0 st: 1 flags:1 ts: 2.840000 -ret: 0 st: 0 flags:1 dts: 0.880000 pts: NOPTS pos: 460800 size: 24712 -ret:-1 st:-1 flags:0 ts: 1.730004 +ret:-1 +ret: 0 st:-1 flags:0 ts: 1.730004 +ret:-1 ret: 0 st:-1 flags:1 ts: 0.624171 -ret: 0 st: 0 flags:1 dts: 0.400000 pts: NOPTS pos: 211968 size: 24787 +ret:-1 ret: 0 st: 0 flags:0 ts:-0.480000 ret: 0 st: 0 flags:1 dts: 0.000000 pts: NOPTS pos: 6144 size: 24801 ret: 0 st: 0 flags:1 ts: 2.400000 -ret: 0 st: 0 flags:1 dts: 0.880000 pts: NOPTS pos: 460800 size: 24712 -ret:-1 st: 1 flags:0 ts: 1.320000 +ret:-1 +ret: 0 st: 1 flags:0 ts: 1.320000 +ret:-1 ret: 0 st: 1 flags:1 ts: 0.200000 -ret: 0 st: 0 flags:1 dts: 0.000000 pts: NOPTS pos: 6144 size: 24801 +ret: 0 st: 0 flags:1 dts: 0.200000 pts: NOPTS pos: 6144 size: 24801 ret: 0 st:-1 flags:0 ts:-0.904994 ret: 0 st: 0 flags:1 dts: 0.000000 pts: NOPTS pos: 6144 size: 24801 ret: 0 st:-1 flags:1 ts: 1.989173 -ret: 0 st: 0 flags:1 dts: 0.880000 pts: NOPTS pos: 460800 size: 24712 +ret:-1 ret: 0 st: 0 flags:0 ts: 0.880000 -ret: 0 st: 0 flags:1 dts: 0.880000 pts: NOPTS pos: 460800 size: 24712 +ret:-1 ret: 0 st: 0 flags:1 ts:-0.240000 ret: 0 st: 0 flags:1 dts: 0.000000 pts: NOPTS pos: 6144 size: 24801 -ret:-1 st: 1 flags:0 ts: 2.680000 +ret: 0 st: 1 flags:0 ts: 2.680000 +ret:-1 ret: 0 st: 1 flags:1 ts: 1.560000 -ret: 0 st: 0 flags:1 dts: 0.880000 pts: NOPTS pos: 460800 size: 24712 +ret:-1 ret: 0 st:-1 flags:0 ts: 0.460008 -ret: 0 st: 0 flags:1 dts: 0.880000 pts: NOPTS pos: 460800 size: 24712 +ret: 0 st: 0 flags:1 dts: 0.480000 pts: NOPTS pos: 6144 size: 24801 ret: 0 st:-1 flags:1 ts:-0.645825 ret: 0 st: 0 flags:1 dts: 0.000000 pts: NOPTS pos: 6144 size: 24801 From 7614facf8a250227b21de168614b2982a63ea48d Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 17 Dec 2011 04:42:04 +0100 Subject: [PATCH 025/331] h264: fix init of topleft ref/mv. Fixes Ticket778 Signed-off-by: Michael Niedermayer (cherry picked from commit 4d70023a2a83c5c7690708a5a5acfe8ac8ed8f19) --- libavcodec/h264_mvpred.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h264_mvpred.h b/libavcodec/h264_mvpred.h index 4cf79ea161..20cc5dacd1 100644 --- a/libavcodec/h264_mvpred.h +++ b/libavcodec/h264_mvpred.h @@ -633,7 +633,7 @@ static void fill_decode_caches(H264Context *h, int mb_type){ AV_ZERO32(mv_cache[4 - 1*8]); ref_cache[4 - 1*8]= topright_type ? LIST_NOT_USED : PART_NOT_AVAILABLE; } - if(ref_cache[4 - 1*8] < 0){ + if(ref_cache[2 - 1*8] < 0 || ref_cache[4 - 1*8] < 0){ if(USES_LIST(topleft_type, list)){ const int b_xy = h->mb2b_xy[topleft_xy] + 3 + b_stride + (h->topleft_partition & 2*b_stride); const int b8_xy= 4*topleft_xy + 1 + (h->topleft_partition & 2); From f7c196a1f99615f7a3139fb3b260bfabc8dbda9a Mon Sep 17 00:00:00 2001 From: Tom Evans Date: Thu, 15 Dec 2011 20:21:54 +0000 Subject: [PATCH 026/331] libavdevice: Fix v4l2 compilation under FreeBSD Signed-off-by: Michael Niedermayer (cherry picked from commit ffa1f541b350946591ea80e134917b28a860fcad) --- configure | 2 ++ libavdevice/v4l2.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/configure b/configure index 50b5c3a369..62be5867d6 100755 --- a/configure +++ b/configure @@ -1137,6 +1137,7 @@ HAVE_LIST=" altivec_h arpa_inet_h asm_mod_y + asm_types_h attribute_may_alias attribute_packed bswap @@ -2996,6 +2997,7 @@ check_header termios.h check_header vdpau/vdpau.h check_header vdpau/vdpau_x11.h check_header X11/extensions/XvMClib.h +check_header asm/types.h disabled zlib || check_lib zlib.h zlibVersion -lz || disable zlib disabled bzlib || check_lib2 bzlib.h BZ2_bzlibVersion -lbz2 || disable bzlib diff --git a/libavdevice/v4l2.c b/libavdevice/v4l2.c index dc54c4a205..15356fe980 100644 --- a/libavdevice/v4l2.c +++ b/libavdevice/v4l2.c @@ -41,7 +41,9 @@ #if HAVE_SYS_VIDEOIO_H #include #else +#if HAVE_ASM_TYPES_H #include +#endif #include #endif #include From 1506becf36ecf1a6608bc56615cdb317ea2fb7f5 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 1 Jan 2012 15:27:38 +0100 Subject: [PATCH 027/331] h264: Print pass in NAL debug output Signed-off-by: Michael Niedermayer (cherry picked from commit 393253b4b3b454830b22c8e69acbe11e2684da7e) --- libavcodec/h264.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 7daca10c02..fbf4208e01 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -3839,7 +3839,7 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size){ bit_length= !dst_length ? 0 : (8*dst_length - ff_h264_decode_rbsp_trailing(h, ptr + dst_length - 1)); if(s->avctx->debug&FF_DEBUG_STARTCODE){ - av_log(h->s.avctx, AV_LOG_DEBUG, "NAL %d/%d at %d/%d length %d\n", hx->nal_unit_type, hx->nal_ref_idc, buf_index, buf_size, dst_length); + av_log(h->s.avctx, AV_LOG_DEBUG, "NAL %d/%d at %d/%d length %d pass %d\n", hx->nal_unit_type, hx->nal_ref_idc, buf_index, buf_size, dst_length, pass); } if (h->is_avc && (nalsize != consumed) && nalsize){ From 96545777d7f95ee6a91eba77a886f3efdbd8e11d Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 1 Jan 2012 16:09:23 +0100 Subject: [PATCH 028/331] h264: add forgotten \n to "Invalid mix of idr and non-idr slices" Signed-off-by: Michael Niedermayer (cherry picked from commit ecb14b8af73b92e5a1be47c119d2f528ff402ebd) --- libavcodec/h264.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index fbf4208e01..8139c304ac 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -3876,7 +3876,7 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size){ switch(hx->nal_unit_type){ case NAL_IDR_SLICE: if (h->nal_unit_type != NAL_IDR_SLICE) { - av_log(h->s.avctx, AV_LOG_ERROR, "Invalid mix of idr and non-idr slices"); + av_log(h->s.avctx, AV_LOG_ERROR, "Invalid mix of idr and non-idr slices\n"); return -1; } idr(h); //FIXME ensure we don't loose some frames if there is reordering From 01ff5378f057277c994384d0ffb935763079bc2e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 31 Dec 2011 22:14:53 +0100 Subject: [PATCH 029/331] h264: reset picture->sync on allocation. Signed-off-by: Michael Niedermayer (cherry picked from commit 36fa781bd6b4e0f40abd31431af2d29d87e9b194) --- libavcodec/h264.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 8139c304ac..8d86677922 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -1324,6 +1324,7 @@ int ff_h264_frame_start(H264Context *h){ * See decode_nal_units(). */ s->current_picture_ptr->f.key_frame = 0; + s->current_picture_ptr->sync = 0; s->current_picture_ptr->mmco_reset= 0; assert(s->linesize && s->uvlinesize); From b84683a906c0dc8103948b39d4887fadd398baa5 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 31 Dec 2011 22:15:45 +0100 Subject: [PATCH 030/331] h264: Fix recovery_frame initialization when recovery_frame is -1 Signed-off-by: Michael Niedermayer (cherry picked from commit fba6777363eb74d926aa0eed281a77ff152a3ad5) --- libavcodec/h264.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 8d86677922..0b90d3749d 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -3891,7 +3891,8 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size){ break; if ( h->sei_recovery_frame_cnt >= 0 - && ((h->recovery_frame - h->frame_num) & ((1 << h->sps.log2_max_frame_num)-1)) > h->sei_recovery_frame_cnt) { + && ( h->recovery_frame<0 + || ((h->recovery_frame - h->frame_num) & ((1 << h->sps.log2_max_frame_num)-1)) > h->sei_recovery_frame_cnt)) { h->recovery_frame = (h->frame_num + h->sei_recovery_frame_cnt) % (1 << h->sps.log2_max_frame_num); } From 23ed56d307b66eeeedde98e0697e28373a207225 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 31 Dec 2011 20:25:02 +0100 Subject: [PATCH 031/331] h264: Fix seeking in 00017.MTS Fixes Ticket852 Signed-off-by: Michael Niedermayer (cherry picked from commit 9d9316ae34ea2a5e481ac15f31d42c87a8ef4380) --- libavcodec/h264_refs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h264_refs.c b/libavcodec/h264_refs.c index cdc1fca1a0..d030fec05f 100644 --- a/libavcodec/h264_refs.c +++ b/libavcodec/h264_refs.c @@ -653,7 +653,7 @@ int ff_h264_execute_ref_pic_marking(H264Context *h, MMCO *mmco, int mmco_count){ print_short_term(h); print_long_term(h); - if(err >= 0 && h->long_ref_count==0 && h->short_ref_count<=2 && h->pps.ref_count[0]<=1 && s->current_picture_ptr->f.pict_type == AV_PICTURE_TYPE_I){ + if(err >= 0 && h->long_ref_count==0 && h->short_ref_count<=2 && h->pps.ref_count[0]<=1 + (s->picture_structure != PICT_FRAME) && s->current_picture_ptr->f.pict_type == AV_PICTURE_TYPE_I){ h->sync |= 1; s->current_picture_ptr->sync |= h->sync; } From 2a442eb70fcb380c043bae62328a89217c725bb0 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 31 Dec 2011 22:16:57 +0100 Subject: [PATCH 032/331] h264: Fix frame sync / random access handling. It seems I have misunderstood the spec when I implemented this originally. Signed-off-by: Michael Niedermayer (cherry picked from commit 9ba43e50efa2483fb3ca1e3f62a474db7dd3ac8d) --- libavcodec/h264.c | 8 +++----- libavcodec/h264_refs.c | 3 +-- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 0b90d3749d..fbe4e3682b 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -3901,13 +3901,13 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size){ (hx->nal_unit_type == NAL_IDR_SLICE); if (h->recovery_frame == h->frame_num) { - h->sync |= 1; + s->current_picture_ptr->sync |= 1; h->recovery_frame = -1; } h->sync |= !!s->current_picture_ptr->f.key_frame; h->sync |= 3*!!(s->flags2 & CODEC_FLAG2_SHOW_ALL); - s->current_picture_ptr->sync = h->sync; + s->current_picture_ptr->sync |= h->sync; if (h->current_slice == 1) { if(!(s->flags2 & CODEC_FLAG2_CHUNKS)) { @@ -4103,11 +4103,9 @@ static int decode_frame(AVCodecContext *avctx, field_end(h, 0); *data_size = 0; /* Wait for second field. */ - if (h->next_output_pic && h->next_output_pic->sync) { - if(h->sync>1 || h->next_output_pic->f.pict_type != AV_PICTURE_TYPE_B){ + if (h->next_output_pic && (h->next_output_pic->sync || h->sync>1)) { *data_size = sizeof(AVFrame); *pict = *(AVFrame*)h->next_output_pic; - } } } diff --git a/libavcodec/h264_refs.c b/libavcodec/h264_refs.c index d030fec05f..8432a8a5b6 100644 --- a/libavcodec/h264_refs.c +++ b/libavcodec/h264_refs.c @@ -654,8 +654,7 @@ int ff_h264_execute_ref_pic_marking(H264Context *h, MMCO *mmco, int mmco_count){ print_long_term(h); if(err >= 0 && h->long_ref_count==0 && h->short_ref_count<=2 && h->pps.ref_count[0]<=1 + (s->picture_structure != PICT_FRAME) && s->current_picture_ptr->f.pict_type == AV_PICTURE_TYPE_I){ - h->sync |= 1; - s->current_picture_ptr->sync |= h->sync; + s->current_picture_ptr->sync |= 1; } return (h->s.avctx->err_recognition & AV_EF_EXPLODE) ? err : 0; From 980e4263bc7a91af2b3a8afbbd41d261292d1b35 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Sun, 1 Jan 2012 21:52:45 +0100 Subject: [PATCH 033/331] Add missing PIX_FMT_NONE to libopenjpegenc fixes ticket #813 Reviewed-by: Michael Niedermayer Reviewed-by: Jean First Reviewed-by: Paul B Mahol Signed-off-by: Michael Niedermayer (cherry picked from commit ef611095f0d0c1256cbb6654f94cae61a60f2736) --- libavcodec/libopenjpegenc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/libopenjpegenc.c b/libavcodec/libopenjpegenc.c index 6b37fb08cf..409abd6c60 100644 --- a/libavcodec/libopenjpegenc.c +++ b/libavcodec/libopenjpegenc.c @@ -372,6 +372,7 @@ AVCodec ff_libopenjpeg_encoder = { PIX_FMT_YUV440P,PIX_FMT_YUV444P, PIX_FMT_YUV420P9,PIX_FMT_YUV422P9,PIX_FMT_YUV444P9, PIX_FMT_YUV420P10,PIX_FMT_YUV422P10,PIX_FMT_YUV444P10, - PIX_FMT_YUV420P16,PIX_FMT_YUV422P16,PIX_FMT_YUV444P16}, + PIX_FMT_YUV420P16,PIX_FMT_YUV422P16,PIX_FMT_YUV444P16, + PIX_FMT_NONE}, .long_name = NULL_IF_CONFIG_SMALL("OpenJPEG based JPEG 2000 encoder"), } ; From a46fa584c5290817b12f472f77f8343c2f9bfc1c Mon Sep 17 00:00:00 2001 From: Hendrik Leppkes Date: Sun, 18 Dec 2011 15:25:25 +0100 Subject: [PATCH 034/331] mlpdec: fix channel order for wide 7.1 truehd layouts (cherry picked from commit b9d8af03270223202c9a991655d3f75b5a8b56b5) --- libavcodec/mlpdec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/mlpdec.c b/libavcodec/mlpdec.c index e91295084c..339c75778d 100644 --- a/libavcodec/mlpdec.c +++ b/libavcodec/mlpdec.c @@ -476,7 +476,8 @@ static int read_restart_header(MLPDecodeContext *m, GetBitContext *gbp, } } if (m->avctx->codec_id == CODEC_ID_TRUEHD && - m->avctx->channel_layout == AV_CH_LAYOUT_7POINT1) { + (m->avctx->channel_layout == AV_CH_LAYOUT_7POINT1 || + m->avctx->channel_layout == AV_CH_LAYOUT_7POINT1_WIDE)) { FFSWAP(int, s->ch_assign[4], s->ch_assign[6]); FFSWAP(int, s->ch_assign[5], s->ch_assign[7]); } From 55e2dc7f77d6af421ceefb0df7d13b9d43ea91d3 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Sun, 18 Dec 2011 15:28:18 +0100 Subject: [PATCH 035/331] Fix channel order for some less common TrueHD layouts. Reported and tested by TDiTP_ Fixes ticket #779. (cherry picked from commit 1af0ace3a4b8aa8c6240a99de3c40f495ab279e9) --- libavcodec/mlpdec.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/libavcodec/mlpdec.c b/libavcodec/mlpdec.c index 339c75778d..47aee286ff 100644 --- a/libavcodec/mlpdec.c +++ b/libavcodec/mlpdec.c @@ -480,6 +480,14 @@ static int read_restart_header(MLPDecodeContext *m, GetBitContext *gbp, m->avctx->channel_layout == AV_CH_LAYOUT_7POINT1_WIDE)) { FFSWAP(int, s->ch_assign[4], s->ch_assign[6]); FFSWAP(int, s->ch_assign[5], s->ch_assign[7]); + } else if (m->avctx->codec_id == CODEC_ID_TRUEHD && + (m->avctx->channel_layout == AV_CH_LAYOUT_6POINT1 || + m->avctx->channel_layout == (AV_CH_LAYOUT_6POINT1 | AV_CH_TOP_CENTER) || + m->avctx->channel_layout == (AV_CH_LAYOUT_6POINT1 | AV_CH_TOP_FRONT_CENTER))) { + int i = s->ch_assign[6]; + s->ch_assign[6] = s->ch_assign[5]; + s->ch_assign[5] = s->ch_assign[4]; + s->ch_assign[4] = i; } checksum = ff_mlp_restart_checksum(buf, get_bits_count(gbp) - start_count); From 46d0aee3c498521f5fbde9d5ec587978ff203f0d Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 21 Dec 2011 15:49:56 +0100 Subject: [PATCH 036/331] lavc: Do not fail audio decoding if user has set a custom get_buffer. Signed-off-by: Michael Niedermayer (cherry picked from commit c3846e3ebab610be691adb8b40d376dc2f675dc4) Signed-off-by: Michael Niedermayer --- libavcodec/utils.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index 1685b4d196..d15f652263 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -999,9 +999,10 @@ int attribute_align_arg avcodec_decode_audio3(AVCodecContext *avctx, int16_t *sa int ret, got_frame = 0; if (avctx->get_buffer != avcodec_default_get_buffer) { - av_log(avctx, AV_LOG_ERROR, "A custom get_buffer() cannot be used with " + av_log(avctx, AV_LOG_ERROR, "Overriding custom get_buffer() for " "avcodec_decode_audio3()\n"); - return AVERROR(EINVAL); + avctx->get_buffer = avcodec_default_get_buffer; + avctx->release_buffer = avcodec_default_release_buffer; } ret = avcodec_decode_audio4(avctx, &frame, &got_frame, avpkt); From dfdf616773c3f9a1b610978f120f811cf0bd581a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20B=C5=93sch?= Date: Mon, 2 Jan 2012 09:39:11 +0100 Subject: [PATCH 037/331] mp3enc: fix playback with mp3 encoded files on some devices. This partially reverts 1fea432b; header variable needs to keep its value in case it triggers "if (needed <= c.frame_size)". (cherry picked from commit e1a8164d62fb8d1943b3f7a66500f0315ca8fe76) Conflicts: libavformat/mp3enc.c --- libavformat/mp3enc.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/libavformat/mp3enc.c b/libavformat/mp3enc.c index 1200d0f297..8d82452689 100644 --- a/libavformat/mp3enc.c +++ b/libavformat/mp3enc.c @@ -160,7 +160,7 @@ static int mp3_write_xing(AVFormatContext *s) int best_bitrate_idx; int best_bitrate_error= INT_MAX; int64_t xing_offset; - int32_t mask, header; + int32_t header, mask; MPADecodeHeader c; int srate_idx, i, channels; int needed; @@ -200,8 +200,9 @@ static int mp3_write_xing(AVFormatContext *s) for (bitrate_idx= best_bitrate_idx;; bitrate_idx++) { if (15 == bitrate_idx) return -1; - - avpriv_mpegaudio_decode_header(&c, header | (bitrate_idx << (4+8))); + mask = bitrate_idx << (4+8); + header |= mask; + avpriv_mpegaudio_decode_header(&c, header); xing_offset=xing_offtbl[c.lsf == 1][c.nb_channels == 1]; needed = 4 // header + xing_offset @@ -213,6 +214,7 @@ static int mp3_write_xing(AVFormatContext *s) if (needed <= c.frame_size) break; + header &= ~mask; } avio_wb32(s->pb, header); From b9e09c9eab3f1fdbc93043908a23092c8a691491 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 28 Dec 2011 21:29:03 +0100 Subject: [PATCH 038/331] cljrenc: fix scaling Signed-off-by: Michael Niedermayer (cherry picked from commit a1ca45317df0993e98b4e3aec9ebdae64449478b) Signed-off-by: Michael Niedermayer --- libavcodec/cljr.c | 12 ++++++------ tests/ref/vsynth1/cljr | 6 +++--- tests/ref/vsynth2/cljr | 6 +++--- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/libavcodec/cljr.c b/libavcodec/cljr.c index 7ae3e7eeeb..0d87f3d7e5 100644 --- a/libavcodec/cljr.c +++ b/libavcodec/cljr.c @@ -156,13 +156,13 @@ static int encode_frame(AVCodecContext *avctx, unsigned char *buf, case 1: dither = dither * 1664525 + 1013904223; break; case 2: dither = ordered_dither[ y&1 ][ (x>>2)&1 ];break; } - put_bits(&pb, 5, (luma[3] + (dither>>29) ) >> 3); - put_bits(&pb, 5, (luma[2] + ((dither>>26)&7)) >> 3); - put_bits(&pb, 5, (luma[1] + ((dither>>23)&7)) >> 3); - put_bits(&pb, 5, (luma[0] + ((dither>>20)&7)) >> 3); + put_bits(&pb, 5, (249*(luma[3] + (dither>>29) )) >> 11); + put_bits(&pb, 5, (249*(luma[2] + ((dither>>26)&7))) >> 11); + put_bits(&pb, 5, (249*(luma[1] + ((dither>>23)&7))) >> 11); + put_bits(&pb, 5, (249*(luma[0] + ((dither>>20)&7))) >> 11); luma += 4; - put_bits(&pb, 6, (*(cb++) + ((dither>>18)&3)) >> 2); - put_bits(&pb, 6, (*(cr++) + ((dither>>16)&3)) >> 2); + put_bits(&pb, 6, (253*(*(cb++) + ((dither>>18)&3))) >> 10); + put_bits(&pb, 6, (253*(*(cr++) + ((dither>>16)&3))) >> 10); } } diff --git a/tests/ref/vsynth1/cljr b/tests/ref/vsynth1/cljr index 9a7a980b41..181f32f829 100644 --- a/tests/ref/vsynth1/cljr +++ b/tests/ref/vsynth1/cljr @@ -1,4 +1,4 @@ -ff4eebcd5bd7b6470f97867cdecb0bec *./tests/data/vsynth1/cljr.avi +041982e4fa83428c621a127647d47b3f *./tests/data/vsynth1/cljr.avi 5075660 ./tests/data/vsynth1/cljr.avi -0d473eb49653a05685178dd261de861c *./tests/data/cljr.vsynth1.out.yuv -stddev: 30.70 PSNR: 18.39 MAXDIFF: 255 bytes: 7603200/ 7603200 +f5173ae479fc104903b203260cadf507 *./tests/data/cljr.vsynth1.out.yuv +stddev: 30.71 PSNR: 18.38 MAXDIFF: 225 bytes: 7603200/ 7603200 diff --git a/tests/ref/vsynth2/cljr b/tests/ref/vsynth2/cljr index cf3c8e1abf..4a69a4c46e 100644 --- a/tests/ref/vsynth2/cljr +++ b/tests/ref/vsynth2/cljr @@ -1,4 +1,4 @@ -8ca3f24da468f32561100d3a1a71348d *./tests/data/vsynth2/cljr.avi +fdc1926e0a599de94513f0a3472b598f *./tests/data/vsynth2/cljr.avi 5075660 ./tests/data/vsynth2/cljr.avi -a0126ba9f2b2192b6b63b485e0118114 *./tests/data/cljr.vsynth2.out.yuv -stddev: 10.26 PSNR: 27.90 MAXDIFF: 62 bytes: 7603200/ 7603200 +3db163e55149786e7cf5499b3387bdb1 *./tests/data/cljr.vsynth2.out.yuv +stddev: 10.80 PSNR: 27.46 MAXDIFF: 65 bytes: 7603200/ 7603200 From c30e59383b0fd958cd45ade28485543589c61a31 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 28 Dec 2011 21:46:57 +0100 Subject: [PATCH 039/331] cljrdec: improve scaling somewhat Signed-off-by: Michael Niedermayer (cherry picked from commit 7e5cbb3c2d96c27d526aa69cbdbd1ab23739d7e5) Signed-off-by: Michael Niedermayer --- libavcodec/cljr.c | 8 ++--- tests/ref/fate/cljr | 72 +++++++++++++++++++++--------------------- tests/ref/vsynth1/cljr | 4 +-- tests/ref/vsynth2/cljr | 4 +-- 4 files changed, 44 insertions(+), 44 deletions(-) diff --git a/libavcodec/cljr.c b/libavcodec/cljr.c index 0d87f3d7e5..d36e0a0a12 100644 --- a/libavcodec/cljr.c +++ b/libavcodec/cljr.c @@ -82,10 +82,10 @@ static int decode_frame(AVCodecContext *avctx, uint8_t *cb = &a->picture.data[1][y * a->picture.linesize[1]]; uint8_t *cr = &a->picture.data[2][y * a->picture.linesize[2]]; for (x = 0; x < avctx->width; x += 4) { - luma[3] = get_bits(&gb, 5) << 3; - luma[2] = get_bits(&gb, 5) << 3; - luma[1] = get_bits(&gb, 5) << 3; - luma[0] = get_bits(&gb, 5) << 3; + luma[3] = (get_bits(&gb, 5)*33) >> 2; + luma[2] = (get_bits(&gb, 5)*33) >> 2; + luma[1] = (get_bits(&gb, 5)*33) >> 2; + luma[0] = (get_bits(&gb, 5)*33) >> 2; luma += 4; *(cb++) = get_bits(&gb, 6) << 2; *(cr++) = get_bits(&gb, 6) << 2; diff --git a/tests/ref/fate/cljr b/tests/ref/fate/cljr index 7221b9e4e6..208b9511be 100644 --- a/tests/ref/fate/cljr +++ b/tests/ref/fate/cljr @@ -1,36 +1,36 @@ -0, 0, 64800, 0x44a1c47c -0, 3169, 64800, 0x649cc3a4 -0, 6338, 64800, 0xcab1b88c -0, 9507, 64800, 0xf56cb788 -0, 12676, 64800, 0x5336b618 -0, 15845, 64800, 0x2704b438 -0, 19013, 64800, 0x04c7b8e4 -0, 22182, 64800, 0x3185b288 -0, 25351, 64800, 0xa537c410 -0, 28520, 64800, 0x6495c0f8 -0, 31689, 64800, 0x06a1ca14 -0, 34858, 64800, 0x69cdd2a0 -0, 38027, 64800, 0x4ad2d828 -0, 41196, 64800, 0x9604dea4 -0, 44365, 64800, 0x1c00e430 -0, 47534, 64800, 0x9afeefe0 -0, 50702, 64800, 0xc13fdd78 -0, 53871, 64800, 0x8438da7c -0, 57040, 64800, 0xa0ead278 -0, 60209, 64800, 0xbeced2d8 -0, 63378, 64800, 0x85bbd7dc -0, 66547, 64800, 0xbe59ce34 -0, 69716, 64800, 0xd76ecccc -0, 72885, 64800, 0xe182b474 -0, 76054, 64800, 0x916cc394 -0, 79223, 64800, 0x7efebd14 -0, 82391, 64800, 0x8d28c9f0 -0, 85560, 64800, 0x00a1c960 -0, 88729, 64800, 0xc164c400 -0, 91898, 64800, 0xfd4dc544 -0, 95067, 64800, 0x01bfbe38 -0, 98236, 64800, 0xff11b5d0 -0, 101405, 64800, 0x4876bb20 -0, 104574, 64800, 0x756ecb04 -0, 107743, 64800, 0x3b8cd540 -0, 110912, 64800, 0x063ed444 +0, 0, 64800, 0x63132a60 +0, 3169, 64800, 0xb3c729a3 +0, 6338, 64800, 0xa27b1e0e +0, 9507, 64800, 0xb9131d00 +0, 12676, 64800, 0xaf9a1bae +0, 15845, 64800, 0x11e319c5 +0, 19013, 64800, 0xee6e1e6b +0, 22182, 64800, 0x418417e9 +0, 25351, 64800, 0x339d29f4 +0, 28520, 64800, 0x198926c4 +0, 31689, 64800, 0x439a3044 +0, 34858, 64800, 0x0a4e38e1 +0, 38027, 64800, 0x6e043e7e +0, 41196, 64800, 0xde434533 +0, 44365, 64800, 0xb58a4ad1 +0, 47534, 64800, 0xaa105710 +0, 50702, 64800, 0x1723440c +0, 53871, 64800, 0x3b064116 +0, 57040, 64800, 0x853f38e4 +0, 60209, 64800, 0x52f53917 +0, 63378, 64800, 0xea363e5a +0, 66547, 64800, 0x4d0a344e +0, 69716, 64800, 0xe49232fc +0, 72885, 64800, 0x747b1a02 +0, 76054, 64800, 0xbaa82992 +0, 79223, 64800, 0x8e9322db +0, 82391, 64800, 0x029a2fcf +0, 85560, 64800, 0xb9a62f6a +0, 88729, 64800, 0x553329fe +0, 91898, 64800, 0x9a052b5b +0, 95067, 64800, 0xe2ff2404 +0, 98236, 64800, 0xaacd1b59 +0, 101405, 64800, 0x17d820de +0, 104574, 64800, 0x1c9e312c +0, 107743, 64800, 0x84df3b99 +0, 110912, 64800, 0xf7d13aa1 diff --git a/tests/ref/vsynth1/cljr b/tests/ref/vsynth1/cljr index 181f32f829..73dc6ba578 100644 --- a/tests/ref/vsynth1/cljr +++ b/tests/ref/vsynth1/cljr @@ -1,4 +1,4 @@ 041982e4fa83428c621a127647d47b3f *./tests/data/vsynth1/cljr.avi 5075660 ./tests/data/vsynth1/cljr.avi -f5173ae479fc104903b203260cadf507 *./tests/data/cljr.vsynth1.out.yuv -stddev: 30.71 PSNR: 18.38 MAXDIFF: 225 bytes: 7603200/ 7603200 +e1c4c96c74de3435d0f9f6118c5ed9b5 *./tests/data/cljr.vsynth1.out.yuv +stddev: 30.53 PSNR: 18.43 MAXDIFF: 225 bytes: 7603200/ 7603200 diff --git a/tests/ref/vsynth2/cljr b/tests/ref/vsynth2/cljr index 4a69a4c46e..75466437ff 100644 --- a/tests/ref/vsynth2/cljr +++ b/tests/ref/vsynth2/cljr @@ -1,4 +1,4 @@ fdc1926e0a599de94513f0a3472b598f *./tests/data/vsynth2/cljr.avi 5075660 ./tests/data/vsynth2/cljr.avi -3db163e55149786e7cf5499b3387bdb1 *./tests/data/cljr.vsynth2.out.yuv -stddev: 10.80 PSNR: 27.46 MAXDIFF: 65 bytes: 7603200/ 7603200 +7df03229ee6361ea11a0d83d4926cb10 *./tests/data/cljr.vsynth2.out.yuv +stddev: 10.30 PSNR: 27.87 MAXDIFF: 65 bytes: 7603200/ 7603200 From 60cb07196f0cdd63cf3c98ea8354113af7436adb Mon Sep 17 00:00:00 2001 From: Anton Khirnov Date: Sun, 11 Dec 2011 10:34:08 +0100 Subject: [PATCH 040/331] lavf: add avformat_close_input(). It sets the supplied AVFormatContext pointer to NULL after freeing it, which is safer and its name is consistent with other lavf functions. Also deprecate av_close_input_file(). (cherry picked from commit 526604545fb1cc0c11af356fbffd5cddf8cdc95f) Conflicts: doc/APIchanges libavformat/utils.c libavformat/version.h --- doc/APIchanges | 4 ++++ libavformat/avformat.h | 10 ++++++++++ libavformat/utils.c | 9 +++++++++ libavformat/version.h | 5 ++++- 4 files changed, 27 insertions(+), 1 deletion(-) diff --git a/doc/APIchanges b/doc/APIchanges index 7e8365e4eb..260efb0164 100644 --- a/doc/APIchanges +++ b/doc/APIchanges @@ -31,6 +31,10 @@ API changes, most recent first: 2011-10-20 - b35e9e1 - lavu 51.22.0 Add av_strtok() to avstring.h. +2011-xx-xx - xxxxxxx - lavf 53.17.0 + Add avformat_open_input(). + Deprecate av_close_input_file() and av_close_input_stream(). + 2011-xx-xx - xxxxxxx - lavc 53.25.0 Add nb_samples and extended_data fields to AVFrame. Deprecate AVCODEC_MAX_AUDIO_FRAME_SIZE. diff --git a/libavformat/avformat.h b/libavformat/avformat.h index 1f3506d158..f2b431730e 100644 --- a/libavformat/avformat.h +++ b/libavformat/avformat.h @@ -1641,12 +1641,22 @@ int av_read_pause(AVFormatContext *s); */ void av_close_input_stream(AVFormatContext *s); +#if FF_API_CLOSE_INPUT_FILE /** + * @deprecated use avformat_close_input() * Close a media file (but not its codecs). * * @param s media file handle */ +attribute_deprecated void av_close_input_file(AVFormatContext *s); +#endif + +/** + * Close an opened input AVFormatContext. Free it and all its contents + * and set *s to NULL. + */ +void avformat_close_input(AVFormatContext **s); /** * @} */ diff --git a/libavformat/utils.c b/libavformat/utils.c index 3e5a7b76dd..eddca1c78e 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -2797,11 +2797,20 @@ void avformat_free_context(AVFormatContext *s) av_free(s); } +#if FF_API_CLOSE_INPUT_FILE void av_close_input_file(AVFormatContext *s) { + avformat_close_input(&s); +} +#endif + +void avformat_close_input(AVFormatContext **ps) +{ + AVFormatContext *s = *ps; AVIOContext *pb = (s->iformat->flags & AVFMT_NOFILE) || (s->flags & AVFMT_FLAG_CUSTOM_IO) ? NULL : s->pb; av_close_input_stream(s); + *ps = NULL; if (pb) avio_close(pb); } diff --git a/libavformat/version.h b/libavformat/version.h index 0fb0b18197..c2b5e0156d 100644 --- a/libavformat/version.h +++ b/libavformat/version.h @@ -31,7 +31,7 @@ #define LIBAVFORMAT_VERSION_MAJOR 53 #define LIBAVFORMAT_VERSION_MINOR 24 -#define LIBAVFORMAT_VERSION_MICRO 0 +#define LIBAVFORMAT_VERSION_MICRO 1 #define LIBAVFORMAT_VERSION_INT AV_VERSION_INT(LIBAVFORMAT_VERSION_MAJOR, \ LIBAVFORMAT_VERSION_MINOR, \ @@ -125,5 +125,8 @@ #ifndef FF_API_SET_PTS_INFO #define FF_API_SET_PTS_INFO (LIBAVFORMAT_VERSION_MAJOR < 54) #endif +#ifndef FF_API_CLOSE_INPUT_FILE +#define FF_API_CLOSE_INPUT_FILE (LIBAVFORMAT_VERSION_MAJOR < 54) +#endif #endif /* AVFORMAT_VERSION_H */ From b4ad6413349c88833a7e48af68283fcf04f9433b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 13 Dec 2011 15:45:04 +0100 Subject: [PATCH 041/331] aascdec: Check input buffer size on raw data. Signed-off-by: Michael Niedermayer (cherry picked from commit be5db7004f9d7b42b5ae9068b181dff383367e36) Signed-off-by: Michael Niedermayer --- libavcodec/aasc.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/aasc.c b/libavcodec/aasc.c index 919bbc72bd..197bfe5f05 100644 --- a/libavcodec/aasc.c +++ b/libavcodec/aasc.c @@ -79,8 +79,13 @@ static int aasc_decode_frame(AVCodecContext *avctx, case 0: stride = (avctx->width * 3 + 3) & ~3; for(i = avctx->height - 1; i >= 0; i--){ + if(avctx->width*3 > buf_size){ + av_log(avctx, AV_LOG_ERROR, "Next line is beyond buffer bounds\n"); + break; + } memcpy(s->frame.data[0] + i*s->frame.linesize[0], buf, avctx->width*3); buf += stride; + buf_size -= stride; } break; case 1: From 0a2fbb0a8435e0d29bf5067cb13344e1d6e11939 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 13 Dec 2011 15:45:43 +0100 Subject: [PATCH 042/331] msrledec: Check for overreads Signed-off-by: Michael Niedermayer (cherry picked from commit 53be37e368928e7f274e33ef8d118109da373c79) Signed-off-by: Michael Niedermayer --- libavcodec/msrledec.c | 6 +++++- tests/ref/fate/aasc | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/libavcodec/msrledec.c b/libavcodec/msrledec.c index db8de7032d..129f0e0bc0 100644 --- a/libavcodec/msrledec.c +++ b/libavcodec/msrledec.c @@ -140,7 +140,7 @@ static int msrle_decode_8_16_24_32(AVCodecContext *avctx, AVPicture *pic, int de output = pic->data[0] + (avctx->height - 1) * pic->linesize[0]; output_end = pic->data[0] + avctx->height * pic->linesize[0]; - while(src < data + srcsize) { + while(src + 1 < data + srcsize) { p1 = *src++; if(p1 == 0) { //Escape code p2 = *src++; @@ -172,6 +172,10 @@ static int msrle_decode_8_16_24_32(AVCodecContext *avctx, AVPicture *pic, int de src += p2 * (depth >> 3); continue; } + if(data + srcsize - src < p2 * (depth >> 3)){ + av_log(avctx, AV_LOG_ERROR, "Copy beyond input buffer\n"); + return -1; + } if ((depth == 8) || (depth == 24)) { for(i = 0; i < p2 * (depth >> 3); i++) { *output++ = *src++; diff --git a/tests/ref/fate/aasc b/tests/ref/fate/aasc index 07b326983d..5da230f052 100644 --- a/tests/ref/fate/aasc +++ b/tests/ref/fate/aasc @@ -21,4 +21,4 @@ 0, 72000, 168000, 0x646fa087 0, 75600, 168000, 0x404450a2 0, 79200, 168000, 0x5214c456 -0, 82800, 168000, 0xe573025c +0, 82800, 168000, 0xaef602d3 From 399e5b675be9bfb08c1cb53ed8b62393ce69c6f1 Mon Sep 17 00:00:00 2001 From: Gaurav Narula Date: Tue, 13 Dec 2011 23:11:37 +0530 Subject: [PATCH 043/331] ulti: Fix invalid reads MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Storsjö (cherry picked from commit a99273ebf328658c183c2d267f1c2b8bfac58bb3) Signed-off-by: Michael Niedermayer --- libavcodec/ulti.c | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/libavcodec/ulti.c b/libavcodec/ulti.c index f96c6ac43c..4f0d90f665 100644 --- a/libavcodec/ulti.c +++ b/libavcodec/ulti.c @@ -40,6 +40,14 @@ typedef struct UltimotionDecodeContext { const uint8_t *ulti_codebook; } UltimotionDecodeContext; +#define CHECK_OVERREAD_SIZE(size) \ + do { \ + if (buf_end - buf < (size)) { \ + av_log(avctx, AV_LOG_ERROR, "Insufficient data\n"); \ + return AVERROR_INVALIDDATA; \ + } \ + } while(0) + static av_cold int ulti_decode_init(AVCodecContext *avctx) { UltimotionDecodeContext *s = avctx->priv_data; @@ -224,6 +232,7 @@ static int ulti_decode_frame(AVCodecContext *avctx, int i; int skip; int tmp; + const uint8_t *buf_end = buf + buf_size; s->frame.reference = 3; s->frame.buffer_hints = FF_BUFFER_HINTS_VALID | FF_BUFFER_HINTS_PRESERVE | FF_BUFFER_HINTS_REUSABLE; @@ -237,10 +246,12 @@ static int ulti_decode_frame(AVCodecContext *avctx, if(blocks >= s->blocks || y >= s->height) break;//all blocks decoded + CHECK_OVERREAD_SIZE(1); idx = *buf++; if((idx & 0xF8) == 0x70) { switch(idx) { case 0x70: //change modifier + CHECK_OVERREAD_SIZE(1); modifier = *buf++; if(modifier>1) av_log(avctx, AV_LOG_INFO, "warning: modifier must be 0 or 1, got %i\n", modifier); @@ -255,6 +266,7 @@ static int ulti_decode_frame(AVCodecContext *avctx, done = 1; break; case 0x74: //skip some blocks + CHECK_OVERREAD_SIZE(1); skip = *buf++; if ((blocks + skip) >= s->blocks) break; @@ -281,19 +293,24 @@ static int ulti_decode_frame(AVCodecContext *avctx, chroma = 0; } else { cf = 0; - if (idx) + if (idx) { + CHECK_OVERREAD_SIZE(1); chroma = *buf++; + } } for (i = 0; i < 4; i++) { // for every subblock code = (idx >> (6 - i*2)) & 3; //extract 2 bits if(!code) //skip subblock continue; - if(cf) + if(cf) { + CHECK_OVERREAD_SIZE(1); chroma = *buf++; + } tx = x + block_coords[i * 2]; ty = y + block_coords[(i * 2) + 1]; switch(code) { case 1: + CHECK_OVERREAD_SIZE(1); tmp = *buf++; angle = angle_by_index[(tmp >> 6) & 0x3]; @@ -314,6 +331,7 @@ static int ulti_decode_frame(AVCodecContext *avctx, case 2: if (modifier) { // unpack four luma samples + CHECK_OVERREAD_SIZE(3); tmp = bytestream_get_be24(&buf); Y[0] = (tmp >> 18) & 0x3F; @@ -322,6 +340,7 @@ static int ulti_decode_frame(AVCodecContext *avctx, Y[3] = tmp & 0x3F; angle = 16; } else { // retrieve luma samples from codebook + CHECK_OVERREAD_SIZE(2); tmp = bytestream_get_be16(&buf); angle = (tmp >> 12) & 0xF; @@ -338,6 +357,8 @@ static int ulti_decode_frame(AVCodecContext *avctx, if (modifier) { // all 16 luma samples uint8_t Luma[16]; + CHECK_OVERREAD_SIZE(12); + tmp = bytestream_get_be24(&buf); Luma[0] = (tmp >> 18) & 0x3F; Luma[1] = (tmp >> 12) & 0x3F; @@ -364,6 +385,7 @@ static int ulti_decode_frame(AVCodecContext *avctx, ulti_convert_yuv(&s->frame, tx, ty, Luma, chroma); } else { + CHECK_OVERREAD_SIZE(4); tmp = *buf++; if(tmp & 0x80) { angle = (tmp >> 4) & 0x7; From 9e4d30397b6c3fbbf567fba8eb9249aacad1187d Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 13 Dec 2011 19:47:57 +0100 Subject: [PATCH 044/331] decoding example: reset pts/dts after subpacket. Signed-off-by: Michael Niedermayer (cherry picked from commit 0e187fd13c2e38e8ec90757101c33410c69ac16a) Signed-off-by: Michael Niedermayer --- doc/examples/decoding_encoding.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/examples/decoding_encoding.c b/doc/examples/decoding_encoding.c index f87a8c9c41..5271edf34e 100644 --- a/doc/examples/decoding_encoding.c +++ b/doc/examples/decoding_encoding.c @@ -180,6 +180,8 @@ static void audio_decode_example(const char *outfilename, const char *filename) } avpkt.size -= len; avpkt.data += len; + avpkt.dts = + avpkt.pts = AV_NOPTS_VALUE; if (avpkt.size < AUDIO_REFILL_THRESH) { /* Refill the input buffer, to avoid trying to decode * incomplete frames. Instead of this, one could also use From 97e6a0fa2ac5f18c7f7fe593add9a4e64b9a29dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Sun, 11 Dec 2011 17:37:40 +0100 Subject: [PATCH 045/331] Support "VLB " audio in NSV files. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit See samples/nsv/vlb_audio. Signed-off-by: Reimar Döffinger (cherry picked from commit 36be045ed7942e07742c3cf3d3012b1d2a9ec344) Signed-off-by: Michael Niedermayer --- libavcodec/aac.h | 1 + libavcodec/aacdec.c | 11 ++++++----- libavformat/nsvdec.c | 1 + 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/libavcodec/aac.h b/libavcodec/aac.h index d31103684c..631fdd405f 100644 --- a/libavcodec/aac.h +++ b/libavcodec/aac.h @@ -300,6 +300,7 @@ typedef struct { DECLARE_ALIGNED(32, float, temp)[128]; enum OCStatus output_configured; + int warned_num_aac_frames; } AACContext; #endif /* AVCODEC_AAC_H */ diff --git a/libavcodec/aacdec.c b/libavcodec/aacdec.c index a046d991e6..2b2ae8a80d 100644 --- a/libavcodec/aacdec.c +++ b/libavcodec/aacdec.c @@ -2125,13 +2125,14 @@ static int parse_adts_frame_header(AACContext *ac, GetBitContext *gb) } if (!ac->avctx->sample_rate) ac->avctx->sample_rate = hdr_info.sample_rate; - if (hdr_info.num_aac_frames == 1) { - if (!hdr_info.crc_absent) - skip_bits(gb, 16); - } else { + if (!ac->warned_num_aac_frames && hdr_info.num_aac_frames != 1) { + // This is 2 for "VLB " audio in NSV files. + // See samples/nsv/vlb_audio. av_log_missing_feature(ac->avctx, "More than one AAC RDB per ADTS frame is", 0); - return -1; + ac->warned_num_aac_frames = 1; } + if (!hdr_info.crc_absent) + skip_bits(gb, 16); } return size; } diff --git a/libavformat/nsvdec.c b/libavformat/nsvdec.c index 9da036eb2b..72d626af73 100644 --- a/libavformat/nsvdec.c +++ b/libavformat/nsvdec.c @@ -206,6 +206,7 @@ static const AVCodecTag nsv_codec_audio_tags[] = { { CODEC_ID_MP3, MKTAG('M', 'P', '3', ' ') }, { CODEC_ID_AAC, MKTAG('A', 'A', 'C', ' ') }, { CODEC_ID_AAC, MKTAG('A', 'A', 'C', 'P') }, + { CODEC_ID_AAC, MKTAG('V', 'L', 'B', ' ') }, { CODEC_ID_SPEEX, MKTAG('S', 'P', 'X', ' ') }, { CODEC_ID_PCM_U16LE, MKTAG('P', 'C', 'M', ' ') }, { CODEC_ID_NONE, 0 }, From bfe7d96ed26a8ba7143e3b5a610dad1c3fe84780 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 14 Dec 2011 00:57:34 +0100 Subject: [PATCH 046/331] MAINTAINERS: add 0.9 Signed-off-by: Michael Niedermayer (cherry picked from commit 635a301683db314aa21717276420ad8b5267f07e) Signed-off-by: Michael Niedermayer --- MAINTAINERS | 1 + 1 file changed, 1 insertion(+) diff --git a/MAINTAINERS b/MAINTAINERS index a254985f98..38941c4368 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -388,6 +388,7 @@ Releases 0.6 *Deprecated/Unmaintained* 0.7 Michael Niedermayer 0.8 Michael Niedermayer +0.9 Michael Niedermayer From 93442a27c5a6947ee35021c61e99a4ce67896040 Mon Sep 17 00:00:00 2001 From: Derek Buitenhuis Date: Tue, 13 Dec 2011 14:24:56 -0500 Subject: [PATCH 047/331] v410 encoder and decoder v410 is a packed 10-bit 4:4:4 YCbCr format used in QuickTime. Signed-off-by: Derek Buitenhuis Signed-off-by: Michael Niedermayer (cherry picked from commit 309ffa4fe3388d842a51000dc7d56abac53ff759) Conflicts: libavcodec/version.h Signed-off-by: Michael Niedermayer --- Changelog | 2 +- MAINTAINERS | 1 + doc/general.texi | 1 + libavcodec/Makefile | 2 + libavcodec/allcodecs.c | 1 + libavcodec/avcodec.h | 1 + libavcodec/v410dec.c | 113 +++++++++++++++++++++++++++++++++++++++++ libavcodec/v410enc.c | 99 ++++++++++++++++++++++++++++++++++++ libavformat/isom.c | 1 + libavformat/riff.c | 1 + 10 files changed, 221 insertions(+), 1 deletion(-) create mode 100644 libavcodec/v410dec.c create mode 100644 libavcodec/v410enc.c diff --git a/Changelog b/Changelog index 346d8ed8fc..2699bcea74 100644 --- a/Changelog +++ b/Changelog @@ -134,7 +134,7 @@ easier to use. The changes are: - new option: -report - Dxtory capture format decoder - cellauto source - +- v410 Quicktime Uncompressed 4:4:4 10-bit encoder and decoder version 0.8: diff --git a/MAINTAINERS b/MAINTAINERS index 38941c4368..a617fd3c17 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -218,6 +218,7 @@ Codecs: tta.c Alex Beregszaszi, Jaikrishnan Menon txd.c Ivo van Poorten ulti* Kostya Shishkov + v410*.c Derek Buitenhuis vb.c Kostya Shishkov vble.c Derek Buitenhuis vc1* Kostya Shishkov diff --git a/doc/general.texi b/doc/general.texi index fc4ee1cf3a..d2bcd53f10 100644 --- a/doc/general.texi +++ b/doc/general.texi @@ -602,6 +602,7 @@ following image formats are supported: @tab Codec used in DOS CD-ROM FlashBack game. @item Ut Video @tab @tab X @item V210 Quicktime Uncompressed 4:2:2 10-bit @tab X @tab X +@item v410 Quicktime Uncompressed 4:4:4 10-bit @tab X @tab X @item VBLE Lossless Codec @tab @tab X @item VMware Screen Codec / VMware Video @tab @tab X @tab Codec used in videos captured by VMware. diff --git a/libavcodec/Makefile b/libavcodec/Makefile index 6410ed47f3..1a651c1b1a 100644 --- a/libavcodec/Makefile +++ b/libavcodec/Makefile @@ -413,6 +413,8 @@ OBJS-$(CONFIG_ULTI_DECODER) += ulti.o OBJS-$(CONFIG_UTVIDEO_DECODER) += utvideo.o OBJS-$(CONFIG_V210_DECODER) += v210dec.o OBJS-$(CONFIG_V210_ENCODER) += v210enc.o +OBJS-$(CONFIG_V410_DECODER) += v410dec.o +OBJS-$(CONFIG_V410_ENCODER) += v410enc.o OBJS-$(CONFIG_V210X_DECODER) += v210x.o OBJS-$(CONFIG_VB_DECODER) += vb.o OBJS-$(CONFIG_VBLE_DECODER) += vble.o diff --git a/libavcodec/allcodecs.c b/libavcodec/allcodecs.c index 9e130477dd..4c85056af8 100644 --- a/libavcodec/allcodecs.c +++ b/libavcodec/allcodecs.c @@ -215,6 +215,7 @@ void avcodec_register_all(void) REGISTER_DECODER (UTVIDEO, utvideo); REGISTER_ENCDEC (V210, v210); REGISTER_DECODER (V210X, v210x); + REGISTER_ENCDEC (V410, v410); REGISTER_DECODER (VB, vb); REGISTER_DECODER (VBLE, vble); REGISTER_DECODER (VC1, vc1); diff --git a/libavcodec/avcodec.h b/libavcodec/avcodec.h index 23048ddb72..84b5e21fb3 100644 --- a/libavcodec/avcodec.h +++ b/libavcodec/avcodec.h @@ -254,6 +254,7 @@ enum CodecID { CODEC_ID_BMV_VIDEO, CODEC_ID_VBLE, CODEC_ID_DXTORY, + CODEC_ID_V410, CODEC_ID_UTVIDEO = 0x800, CODEC_ID_ESCAPE130 = MKBETAG('E','1','3','0'), diff --git a/libavcodec/v410dec.c b/libavcodec/v410dec.c new file mode 100644 index 0000000000..6640ba0345 --- /dev/null +++ b/libavcodec/v410dec.c @@ -0,0 +1,113 @@ +/* + * v410 decoder + * + * Copyright (c) 2011 Derek Buitenhuis + * + * This file is part of FFmpeg. + * + * FFmpeg is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * FFmpeg is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with FFmpeg; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#include "avcodec.h" +#include "get_bits.h" + +static av_cold int v410_decode_init(AVCodecContext *avctx) +{ + avctx->pix_fmt = PIX_FMT_YUV444P10; + avctx->bits_per_raw_sample = 10; + + if (avctx->width & 1) { + av_log(avctx, AV_LOG_ERROR, "v410 requires width to be even.\n"); + return AVERROR_INVALIDDATA; + } + + avctx->coded_frame = avcodec_alloc_frame(); + + if (!avctx->coded_frame) { + av_log(avctx, AV_LOG_ERROR, "Could not allocate frame.\n"); + return AVERROR(ENOMEM); + } + + return 0; +} + +static int v410_decode_frame(AVCodecContext *avctx, void *data, + int *data_size, AVPacket *avpkt) +{ + AVFrame *pic = avctx->coded_frame; + uint8_t *src = avpkt->data; + uint16_t *y, *u, *v; + uint32_t val; + int i, j; + + if (pic->data[0]) + avctx->release_buffer(avctx, pic); + + pic->reference = 0; + + if (avctx->get_buffer(avctx, pic) < 0) { + av_log(avctx, AV_LOG_ERROR, "Could not allocate buffer.\n"); + return AVERROR(ENOMEM); + } + + pic->key_frame = 1; + pic->pict_type = FF_I_TYPE; + + y = (uint16_t *)pic->data[0]; + u = (uint16_t *)pic->data[1]; + v = (uint16_t *)pic->data[2]; + + for (i = 0; i < avctx->height; i++) { + for (j = 0; j < avctx->width; j++) { + val = AV_RL32(src); + + u[j] = (val >> 2) & 0x3FF; + y[j] = (val >> 12) & 0x3FF; + v[j] = (val >> 22); + + src += 4; + } + + y += pic->linesize[0] >> 1; + u += pic->linesize[1] >> 1; + v += pic->linesize[2] >> 1; + } + + *data_size = sizeof(AVFrame); + *(AVFrame *)data = *pic; + + return avpkt->size; +} + +static av_cold int v410_decode_close(AVCodecContext *avctx) +{ + if (avctx->coded_frame->data[0]) + avctx->release_buffer(avctx, avctx->coded_frame); + + av_freep(&avctx->coded_frame); + + return 0; +} + +AVCodec ff_v410_decoder = { + .name = "v410", + .type = AVMEDIA_TYPE_VIDEO, + .id = CODEC_ID_V410, + .init = v410_decode_init, + .decode = v410_decode_frame, + .close = v410_decode_close, + .capabilities = CODEC_CAP_DR1, + .long_name = NULL_IF_CONFIG_SMALL("Uncompressed 4:4:4 10-bit"), +}; diff --git a/libavcodec/v410enc.c b/libavcodec/v410enc.c new file mode 100644 index 0000000000..ea66653412 --- /dev/null +++ b/libavcodec/v410enc.c @@ -0,0 +1,99 @@ +/* + * v410 encoder + * + * Copyright (c) 2011 Derek Buitenhuis + * + * This file is part of FFmpeg. + * + * FFmpeg is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * FFmpeg is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with FFmpeg; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#include "avcodec.h" +#include "put_bits.h" + +static av_cold int v410_encode_init(AVCodecContext *avctx) +{ + if (avctx->width & 1) { + av_log(avctx, AV_LOG_ERROR, "v410 requires width to be even.\n"); + return AVERROR_INVALIDDATA; + } + + avctx->coded_frame = avcodec_alloc_frame(); + + if (!avctx->coded_frame) { + av_log(avctx, AV_LOG_ERROR, "Could not allocate frame.\n"); + return AVERROR(ENOMEM); + } + + return 0; +} + +static int v410_encode_frame(AVCodecContext *avctx, uint8_t *buf, + int buf_size, void *data) +{ + AVFrame *pic = data; + uint8_t *dst = buf; + uint16_t *y, *u, *v; + uint32_t val; + int i, j; + int output_size = 0; + + if (buf_size < avctx->width * avctx->height * 3) { + av_log(avctx, AV_LOG_ERROR, "Out buffer is too small.\n"); + return AVERROR(ENOMEM); + } + + avctx->coded_frame->reference = 0; + avctx->coded_frame->key_frame = 1; + avctx->coded_frame->pict_type = FF_I_TYPE; + + y = (uint16_t *)pic->data[0]; + u = (uint16_t *)pic->data[1]; + v = (uint16_t *)pic->data[2]; + + for (i = 0; i < avctx->height; i++) { + for (j = 0; j < avctx->width; j++) { + val = u[j] << 2; + val |= y[j] << 12; + val |= v[j] << 22; + AV_WL32(dst, val); + dst += 4; + output_size += 4; + } + y += pic->linesize[0] >> 1; + u += pic->linesize[1] >> 1; + v += pic->linesize[2] >> 1; + } + + return output_size; +} + +static av_cold int v410_encode_close(AVCodecContext *avctx) +{ + av_freep(&avctx->coded_frame); + + return 0; +} + +AVCodec ff_v410_encoder = { + .name = "v410", + .type = AVMEDIA_TYPE_VIDEO, + .id = CODEC_ID_V410, + .init = v410_encode_init, + .encode = v410_encode_frame, + .close = v410_encode_close, + .pix_fmts = (const enum PixelFormat[]){ PIX_FMT_YUV444P10, PIX_FMT_NONE }, + .long_name = NULL_IF_CONFIG_SMALL("Uncompressed 4:4:4 10-bit"), +}; diff --git a/libavformat/isom.c b/libavformat/isom.c index 7a625780f3..0a01e78ed1 100644 --- a/libavformat/isom.c +++ b/libavformat/isom.c @@ -90,6 +90,7 @@ const AVCodecTag codec_movvideo_tags[] = { { CODEC_ID_R10K, MKTAG('R', '1', '0', 'g') }, /* UNCOMPRESSED 10BIT RGB */ { CODEC_ID_R210, MKTAG('r', '2', '1', '0') }, /* UNCOMPRESSED 10BIT RGB */ { CODEC_ID_V210, MKTAG('v', '2', '1', '0') }, /* UNCOMPRESSED 10BIT 4:2:2 */ + { CODEC_ID_V410, MKTAG('v', '4', '1', '0') }, /* UNCOMPRESSED 10BIT 4:4:4 */ { CODEC_ID_MJPEG, MKTAG('j', 'p', 'e', 'g') }, /* PhotoJPEG */ { CODEC_ID_MJPEG, MKTAG('m', 'j', 'p', 'a') }, /* Motion-JPEG (format A) */ diff --git a/libavformat/riff.c b/libavformat/riff.c index 9915eb259b..003f0f271a 100644 --- a/libavformat/riff.c +++ b/libavformat/riff.c @@ -198,6 +198,7 @@ const AVCodecTag ff_codec_bmp_tags[] = { { CODEC_ID_R10K, MKTAG('R', '1', '0', 'k') }, { CODEC_ID_R210, MKTAG('r', '2', '1', '0') }, { CODEC_ID_V210, MKTAG('v', '2', '1', '0') }, + { CODEC_ID_V410, MKTAG('v', '4', '1', '0') }, { CODEC_ID_INDEO3, MKTAG('I', 'V', '3', '1') }, { CODEC_ID_INDEO3, MKTAG('I', 'V', '3', '2') }, { CODEC_ID_INDEO4, MKTAG('I', 'V', '4', '1') }, From 84f3bdb8f4f745f54d0ec702e67e9d591294fe48 Mon Sep 17 00:00:00 2001 From: Derek Buitenhuis Date: Tue, 13 Dec 2011 17:19:00 -0500 Subject: [PATCH 048/331] fate: Add FATE tests for v410 encoder and decoder Signed-off-by: Derek Buitenhuis Signed-off-by: Michael Niedermayer (cherry picked from commit 64a0b826e1d4731f82fcbbc1137c897945a5477c) Signed-off-by: Michael Niedermayer --- tests/fate2.mak | 7 +++++++ tests/ref/fate/v410dec | 1 + tests/ref/fate/v410enc | 1 + 3 files changed, 9 insertions(+) create mode 100644 tests/ref/fate/v410dec create mode 100644 tests/ref/fate/v410enc diff --git a/tests/fate2.mak b/tests/fate2.mak index 969fd95961..2eb4facac7 100644 --- a/tests/fate2.mak +++ b/tests/fate2.mak @@ -265,3 +265,10 @@ fate-utvideo_yuv422_left: CMD = framecrc -i $(SAMPLES)/utvideo/utvideo_yuv422_le FATE_TESTS += fate-utvideo_yuv422_median fate-utvideo_yuv422_median: CMD = framecrc -i $(SAMPLES)/utvideo/utvideo_yuv422_median.avi + +FATE_TESTS += fate-v410dec +fate-v410dec: CMD = framecrc -i $(SAMPLES)/v410/lenav410.mov + +FATE_TESTS += fate-v410enc +fate-v410enc: tests/vsynth1/00.pgm +fate-v410enc: CMD = md5 -f image2 -vcodec pgmyuv -i $(TARGET_PATH)/tests/vsynth1/%02d.pgm -flags +bitexact -vcodec v410 -f avi diff --git a/tests/ref/fate/v410dec b/tests/ref/fate/v410dec new file mode 100644 index 0000000000..f72d74fc38 --- /dev/null +++ b/tests/ref/fate/v410dec @@ -0,0 +1 @@ +0, 0, 393216, 0xfe11a6b0 diff --git a/tests/ref/fate/v410enc b/tests/ref/fate/v410enc new file mode 100644 index 0000000000..e5332dedd4 --- /dev/null +++ b/tests/ref/fate/v410enc @@ -0,0 +1 @@ +979c9a9a09e8eaaf6467b8c22c0ac8bb From 485d088f9437985f92720f9a19e278f1820a9922 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 14 Dec 2011 05:19:53 +0100 Subject: [PATCH 049/331] fate: fix v410 on big endian Signed-off-by: Michael Niedermayer (cherry picked from commit 0a11e7ffbaaade9630e492ebfabfd587e191df72) Signed-off-by: Michael Niedermayer --- tests/fate2.mak | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/fate2.mak b/tests/fate2.mak index 2eb4facac7..b06e0ab317 100644 --- a/tests/fate2.mak +++ b/tests/fate2.mak @@ -267,7 +267,7 @@ FATE_TESTS += fate-utvideo_yuv422_median fate-utvideo_yuv422_median: CMD = framecrc -i $(SAMPLES)/utvideo/utvideo_yuv422_median.avi FATE_TESTS += fate-v410dec -fate-v410dec: CMD = framecrc -i $(SAMPLES)/v410/lenav410.mov +fate-v410dec: CMD = framecrc -i $(SAMPLES)/v410/lenav410.mov -pix_fmt yuv444p10le FATE_TESTS += fate-v410enc fate-v410enc: tests/vsynth1/00.pgm From d344e45f19d8bd52b9150304b1ab78e4f5e99bef Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Wed, 14 Dec 2011 15:08:59 +0100 Subject: [PATCH 050/331] Detect 'yuv2' as rawvideo also in avi. Signed-off-by: Michael Niedermayer --- libavformat/riff.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavformat/riff.c b/libavformat/riff.c index 003f0f271a..ea598d272e 100644 --- a/libavformat/riff.c +++ b/libavformat/riff.c @@ -174,6 +174,7 @@ const AVCodecTag ff_codec_bmp_tags[] = { { CODEC_ID_RAWVIDEO, MKTAG('2', 'V', 'u', '1') }, { CODEC_ID_RAWVIDEO, MKTAG('2', 'v', 'u', 'y') }, { CODEC_ID_RAWVIDEO, MKTAG('y', 'u', 'v', 's') }, + { CODEC_ID_RAWVIDEO, MKTAG('y', 'u', 'v', '2') }, { CODEC_ID_RAWVIDEO, MKTAG('P', '4', '2', '2') }, { CODEC_ID_RAWVIDEO, MKTAG('Y', 'V', '1', '2') }, { CODEC_ID_RAWVIDEO, MKTAG('Y', 'V', '1', '6') }, From 63d5fa55fe1aad9eb64c91c41e11c581808085c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Storsj=C3=B6?= Date: Wed, 14 Dec 2011 20:33:39 +0200 Subject: [PATCH 051/331] applehttp: Avoid reading uninitialized memory MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Storsjö (cherry picked from commit c41b9842ceac42bedfd74a7ba2d02add82f818a9) Signed-off-by: Michael Niedermayer --- libavformat/applehttp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/applehttp.c b/libavformat/applehttp.c index 1694096d9b..18b19d81eb 100644 --- a/libavformat/applehttp.c +++ b/libavformat/applehttp.c @@ -204,7 +204,7 @@ static int parse_playlist(AppleHTTPContext *c, const char *url, enum KeyType key_type = KEY_NONE; uint8_t iv[16] = ""; int has_iv = 0; - char key[MAX_URL_SIZE]; + char key[MAX_URL_SIZE] = ""; char line[1024]; const char *ptr; int close_in = 0; From bf9af661b8647c9ecbfe75e24b0aa3497c4ddd73 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Storsj=C3=B6?= Date: Wed, 14 Dec 2011 20:34:58 +0200 Subject: [PATCH 052/331] applehttp: Properly clean up if unable to probe a segment MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This avoids a segfault if the probe function wasn't able to determine the format. The bug was found by Panagiotis H.M. Issaris. Signed-off-by: Martin Storsjö (cherry picked from commit 115a57302a7d6661426304bec3a5bc72d0edf4b0) Signed-off-by: Michael Niedermayer --- libavformat/applehttp.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/libavformat/applehttp.c b/libavformat/applehttp.c index 18b19d81eb..d530db4952 100644 --- a/libavformat/applehttp.c +++ b/libavformat/applehttp.c @@ -503,8 +503,15 @@ static int applehttp_read_header(AVFormatContext *s, AVFormatParameters *ap) v->pb.seekable = 0; ret = av_probe_input_buffer(&v->pb, &in_fmt, v->segments[0]->url, NULL, 0, 0); - if (ret < 0) + if (ret < 0) { + /* Free the ctx - it isn't initialized properly at this point, + * so avformat_close_input shouldn't be called. If + * avformat_open_input fails below, it frees and zeros the + * context, so it doesn't need any special treatment like this. */ + avformat_free_context(v->ctx); + v->ctx = NULL; goto fail; + } v->ctx->pb = &v->pb; ret = avformat_open_input(&v->ctx, v->segments[0]->url, in_fmt, NULL); if (ret < 0) From 09453e6bd363da877d0ad7cf8b6df02e6d747116 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 15 Dec 2011 00:26:14 +0100 Subject: [PATCH 053/331] mtv: Fix FPE with 0 dimensions. Fixes Ticket755 Bug Found by: Diana Elena Muscalu Signed-off-by: Michael Niedermayer (cherry picked from commit 8b9b6332dfeb169098c8ab1351d66fc5b474dd55) Signed-off-by: Michael Niedermayer --- libavformat/mtv.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/libavformat/mtv.c b/libavformat/mtv.c index 00da9a1e49..b31e4cb88f 100644 --- a/libavformat/mtv.c +++ b/libavformat/mtv.c @@ -96,16 +96,26 @@ static int mtv_read_header(AVFormatContext *s, AVFormatParameters *ap) /* Calculate width and height if missing from header */ - if(!mtv->img_width) + if(mtv->img_bpp>>3){ + if(!mtv->img_width && mtv->img_height) mtv->img_width=mtv->img_segment_size / (mtv->img_bpp>>3) / mtv->img_height; - if(!mtv->img_height) + if(!mtv->img_height && mtv->img_width) mtv->img_height=mtv->img_segment_size / (mtv->img_bpp>>3) / mtv->img_width; + } + if(!mtv->img_height || !mtv->img_width){ + av_log(s, AV_LOG_ERROR, "width or height is invalid and I cannot calculate them from other information\n"); + return AVERROR(EINVAL); + } avio_skip(pb, 4); audio_subsegments = avio_rl16(pb); + if(!audio_subsegments){ + av_log(s, AV_LOG_ERROR, "audio_subsegments is 0\n"); + return AVERROR(EINVAL); + } mtv->full_segment_size = audio_subsegments * (MTV_AUDIO_PADDING_SIZE + MTV_ASUBCHUNK_DATA_SIZE) + mtv->img_segment_size; From e8bd1af0950de54ea33bbcf46766ad4633f263d9 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 15 Dec 2011 01:30:38 +0100 Subject: [PATCH 054/331] indeo3: check return values of allocate_frame_buffers() Bug Found by: Diana Elena Muscalu Signed-off-by: Michael Niedermayer (cherry picked from commit cd645c15d8d91444e49aea589ace4d9f76210641) Signed-off-by: Michael Niedermayer --- libavcodec/indeo3.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/libavcodec/indeo3.c b/libavcodec/indeo3.c index 1bb73fe790..2c966624dd 100644 --- a/libavcodec/indeo3.c +++ b/libavcodec/indeo3.c @@ -884,7 +884,8 @@ static int decode_frame_headers(Indeo3DecodeContext *ctx, AVCodecContext *avctx, ctx->height = height; free_frame_buffers(ctx); - allocate_frame_buffers(ctx, avctx); + if(allocate_frame_buffers(ctx, avctx) < 0) + return AVERROR_INVALIDDATA; avcodec_set_dimensions(avctx, width, height); } @@ -984,9 +985,7 @@ static av_cold int decode_init(AVCodecContext *avctx) dsputil_init(&ctx->dsp, avctx); - allocate_frame_buffers(ctx, avctx); - - return 0; + return allocate_frame_buffers(ctx, avctx); } From b6c19c9c918aee09d28606df4fe0481f96bc3695 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 15 Dec 2011 02:43:03 +0100 Subject: [PATCH 055/331] h264: check chroma_format_idc range. Fixes Ticket758 Bug found by: Diana Elena Muscalu Signed-off-by: Michael Niedermayer (cherry picked from commit 7fff64e00d886fde11d61958888c82b461cf99b9) Signed-off-by: Michael Niedermayer --- libavcodec/h264_ps.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/h264_ps.c b/libavcodec/h264_ps.c index 3184cadb21..f87957673d 100644 --- a/libavcodec/h264_ps.c +++ b/libavcodec/h264_ps.c @@ -347,6 +347,10 @@ int ff_h264_decode_seq_parameter_set(H264Context *h){ if(sps->profile_idc >= 100){ //high profile sps->chroma_format_idc= get_ue_golomb_31(&s->gb); + if (sps->chroma_format_idc > 3U) { + av_log(h->s.avctx, AV_LOG_ERROR, "chroma_format_idc %d is illegal\n", sps->chroma_format_idc); + goto fail; + } if(sps->chroma_format_idc == 3) sps->residual_color_transform_flag = get_bits1(&s->gb); sps->bit_depth_luma = get_ue_golomb(&s->gb) + 8; From 6b7a14e5993848ffa6a388ca3829b3b2652f7afc Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 15 Dec 2011 03:59:29 +0100 Subject: [PATCH 056/331] aacsbr: Fix memory corruption. Fixes Ticket760 and Ticket761 Bug Found by: Diana Elena Muscalu Signed-off-by: Michael Niedermayer (cherry picked from commit 944f5b2779e4aa63f7624df6cd4de832a53db81b) Signed-off-by: Michael Niedermayer --- libavcodec/aacsbr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/aacsbr.c b/libavcodec/aacsbr.c index a213827132..d2f37c5e10 100644 --- a/libavcodec/aacsbr.c +++ b/libavcodec/aacsbr.c @@ -1187,7 +1187,7 @@ static void sbr_qmf_synthesis(DSPContext *dsp, FFTContext *mdct, const float *sbr_qmf_window = div ? sbr_qmf_window_ds : sbr_qmf_window_us; float *v; for (i = 0; i < 32; i++) { - if (*v_off == 0) { + if (*v_off < 128 >> div) { int saved_samples = (1280 - 128) >> div; memcpy(&v0[SBR_SYNTHESIS_BUF_SIZE - saved_samples], v0, saved_samples * sizeof(float)); *v_off = SBR_SYNTHESIS_BUF_SIZE - saved_samples - (128 >> div); From 6a805e5334637c74af7ae45a838ef78fa2acb7d8 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 15 Dec 2011 04:24:38 +0100 Subject: [PATCH 057/331] flicvideo: fix overread. Bug Found by: Diana Elena Muscalu Signed-off-by: Michael Niedermayer (cherry picked from commit afb2bac48d0d044718c2da3d34a97bee244be2e3) Signed-off-by: Michael Niedermayer --- libavcodec/flicvideo.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libavcodec/flicvideo.c b/libavcodec/flicvideo.c index 9111d17d82..28009cddba 100644 --- a/libavcodec/flicvideo.c +++ b/libavcodec/flicvideo.c @@ -319,12 +319,14 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, pixel_ptr = y_ptr; CHECK_PIXEL_PTR(0); pixel_countdown = s->avctx->width; - line_packets = buf[stream_ptr++]; - if (stream_ptr + 2 * line_packets > stream_ptr_after_chunk) + if (stream_ptr + 1 > stream_ptr_after_chunk) break; + line_packets = buf[stream_ptr++]; if (line_packets > 0) { for (i = 0; i < line_packets; i++) { /* account for the skip bytes */ + if (stream_ptr + 2 > stream_ptr_after_chunk) + break; pixel_skip = buf[stream_ptr++]; pixel_ptr += pixel_skip; pixel_countdown -= pixel_skip; From c0ff6b6378bae114ed019f43a40feda10e59e4ba Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 15 Dec 2011 04:42:13 +0100 Subject: [PATCH 058/331] flicvideo: input buffer pointer checks. Signed-off-by: Michael Niedermayer (cherry picked from commit 30b996d443aeb105d0017b06ce590c55a0b2f9f4) Signed-off-by: Michael Niedermayer --- libavcodec/flicvideo.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/libavcodec/flicvideo.c b/libavcodec/flicvideo.c index 28009cddba..dded6f5293 100644 --- a/libavcodec/flicvideo.c +++ b/libavcodec/flicvideo.c @@ -499,16 +499,27 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, stream_ptr += 6; /* skip the magic number */ num_chunks = AV_RL16(&buf[stream_ptr]); stream_ptr += 10; /* skip padding */ + if (frame_size > buf_size) + frame_size = buf_size; frame_size -= 16; /* iterate through the chunks */ while ((frame_size > 0) && (num_chunks > 0)) { + int stream_ptr_after_chunk; chunk_size = AV_RL32(&buf[stream_ptr]); + if (chunk_size > frame_size) { + av_log(avctx, AV_LOG_WARNING, + "Invalid chunk_size = %u > frame_size = %u\n", chunk_size, frame_size); + chunk_size = frame_size; + } + stream_ptr_after_chunk = stream_ptr + chunk_size; + stream_ptr += 4; chunk_type = AV_RL16(&buf[stream_ptr]); stream_ptr += 2; + switch (chunk_type) { case FLI_256_COLOR: case FLI_COLOR: @@ -525,6 +536,8 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, compressed_lines = AV_RL16(&buf[stream_ptr]); stream_ptr += 2; while (compressed_lines > 0) { + if (stream_ptr + 2 > stream_ptr_after_chunk) + break; line_packets = AV_RL16(&buf[stream_ptr]); stream_ptr += 2; if (line_packets < 0) { @@ -537,6 +550,8 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, pixel_countdown = s->avctx->width; for (i = 0; i < line_packets; i++) { /* account for the skip bytes */ + if (stream_ptr + 2 > stream_ptr_after_chunk) + break; pixel_skip = buf[stream_ptr++]; pixel_ptr += (pixel_skip*2); /* Pixel is 2 bytes wide */ pixel_countdown -= pixel_skip; @@ -551,6 +566,8 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, pixel_ptr += 2; } } else { + if (stream_ptr + 2*byte_run > stream_ptr_after_chunk) + break; CHECK_PIXEL_PTR(2 * byte_run); for (j = 0; j < byte_run; j++, pixel_countdown--) { *((signed short*)(&pixels[pixel_ptr])) = AV_RL16(&buf[stream_ptr]); @@ -586,6 +603,8 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, pixel_countdown = (s->avctx->width * 2); while (pixel_countdown > 0) { + if (stream_ptr + 1 > stream_ptr_after_chunk) + break; byte_run = (signed char)(buf[stream_ptr++]); if (byte_run > 0) { palette_idx1 = buf[stream_ptr++]; @@ -599,6 +618,8 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, } } else { /* copy bytes if byte_run < 0 */ byte_run = -byte_run; + if (stream_ptr + byte_run > stream_ptr_after_chunk) + break; CHECK_PIXEL_PTR(byte_run); for (j = 0; j < byte_run; j++) { palette_idx1 = buf[stream_ptr++]; @@ -638,6 +659,8 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, pixel_countdown = s->avctx->width; /* Width is in pixels, not bytes */ while (pixel_countdown > 0) { + if (stream_ptr + 1 > stream_ptr_after_chunk) + break; byte_run = (signed char)(buf[stream_ptr++]); if (byte_run > 0) { pixel = AV_RL16(&buf[stream_ptr]); @@ -653,6 +676,8 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, } } else { /* copy pixels if byte_run < 0 */ byte_run = -byte_run; + if (stream_ptr + 2 * byte_run > stream_ptr_after_chunk) + break; CHECK_PIXEL_PTR(2 * byte_run); for (j = 0; j < byte_run; j++) { *((signed short*)(&pixels[pixel_ptr])) = AV_RL16(&buf[stream_ptr]); From 1d23f5bbefa843a912873d3aa778358f6847e279 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 15 Dec 2011 04:59:21 +0100 Subject: [PATCH 059/331] h263dec: Fix regression / crash with lowres. Fixes Ticket757 Bug Found by: ami_stuff Signed-off-by: Michael Niedermayer (cherry picked from commit 21270cffaeab2f67a613907516b2b0cd6c9eacf4) Signed-off-by: Michael Niedermayer --- libavcodec/mpegvideo.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/mpegvideo.c b/libavcodec/mpegvideo.c index 666cad8151..e00131b8de 100644 --- a/libavcodec/mpegvideo.c +++ b/libavcodec/mpegvideo.c @@ -1228,8 +1228,8 @@ int MPV_frame_start(MpegEncContext *s, AVCodecContext *avctx) return -1; if(s->codec_id == CODEC_ID_FLV1 || s->codec_id == CODEC_ID_H263){ - for(i=0; iheight; i++) - memset(s->last_picture_ptr->f.data[0] + s->last_picture_ptr->f.linesize[0]*i, 16, s->width); + for(i=0; iheight; i++) + memset(s->last_picture_ptr->f.data[0] + s->last_picture_ptr->f.linesize[0]*i, 16, avctx->width); } ff_thread_report_progress((AVFrame*)s->last_picture_ptr, INT_MAX, 0); From a11c9d77781b1bb5f94f5925de9896069d35a0cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Storsj=C3=B6?= Date: Wed, 14 Dec 2011 22:14:28 +0200 Subject: [PATCH 060/331] libgsm: Set options on the right object MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This fixes regressions in decoding using the libgsm_ms decoder, broken since 0eea21294354. Signed-off-by: Martin Storsjö (cherry picked from commit 8637af8d2499e72ad6662627dae9f245e3e961df) Signed-off-by: Michael Niedermayer --- libavcodec/libgsm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/libgsm.c b/libavcodec/libgsm.c index 9ba9da9e3f..65b1911c79 100644 --- a/libavcodec/libgsm.c +++ b/libavcodec/libgsm.c @@ -155,7 +155,7 @@ static av_cold int libgsm_decode_init(AVCodecContext *avctx) { break; case CODEC_ID_GSM_MS: { int one = 1; - gsm_option(avctx->priv_data, GSM_OPT_WAV49, &one); + gsm_option(s->state, GSM_OPT_WAV49, &one); avctx->frame_size = 2 * GSM_FRAME_SIZE; avctx->block_align = GSM_MS_BLOCK_SIZE; } From 1804becb30eca0e95d85925bf9aead586809dee6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Storsj=C3=B6?= Date: Wed, 14 Dec 2011 22:32:29 +0200 Subject: [PATCH 061/331] libgsm: Reset the MS mode of GSM in the flush function MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The mode is set in libgsm_decode_init, but the decoder object is simply destroyed and recreated in the flush function - therefore the mode has to be set again. This fixes playback using the libgsm_ms decoder in avplay. Signed-off-by: Martin Storsjö (cherry picked from commit 1b35af3225392a5328f6534c53e96a56cd5eb305) Signed-off-by: Michael Niedermayer --- libavcodec/libgsm.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/libgsm.c b/libavcodec/libgsm.c index 65b1911c79..ed4962a3b2 100644 --- a/libavcodec/libgsm.c +++ b/libavcodec/libgsm.c @@ -212,9 +212,12 @@ static int libgsm_decode_frame(AVCodecContext *avctx, void *data, static void libgsm_flush(AVCodecContext *avctx) { LibGSMDecodeContext *s = avctx->priv_data; + int one = 1; gsm_destroy(s->state); s->state = gsm_create(); + if (avctx->codec_id == CODEC_ID_GSM_MS) + gsm_option(s->state, GSM_OPT_WAV49, &one); } AVCodec ff_libgsm_decoder = { From 0c62a00e683bfb58c4dd5e33823e9d0d28904afc Mon Sep 17 00:00:00 2001 From: Shitiz Garg Date: Thu, 15 Dec 2011 14:32:59 +0530 Subject: [PATCH 062/331] westwood: Make sure audio header info is present when parsing audio packets MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Audio header information might get scrambled and would not parse, yet wsqva_read_packet would try to parse audio packets causing segfaults such as floating point exception. Fixes bugzilla #141. Signed-off-by: Martin Storsjö (cherry picked from commit 566ee0eaf1543101f7a441cc42e3ddad097363bf) Signed-off-by: Michael Niedermayer --- libavformat/westwood.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavformat/westwood.c b/libavformat/westwood.c index d39c4c695e..fc428fff34 100644 --- a/libavformat/westwood.c +++ b/libavformat/westwood.c @@ -324,6 +324,11 @@ static int wsvqa_read_packet(AVFormatContext *s, chunk_size = AV_RB32(&preamble[4]); skip_byte = chunk_size & 0x01; + if ((chunk_type == SND2_TAG || chunk_type == SND1_TAG) && wsvqa->audio_channels == 0) { + av_log(s, AV_LOG_ERROR, "audio chunk without any audio header information found\n"); + return AVERROR_INVALIDDATA; + } + if ((chunk_type == SND1_TAG) || (chunk_type == SND2_TAG) || (chunk_type == VQFR_TAG)) { if (av_new_packet(pkt, chunk_size)) From 07892e33ef393ca7699eb4442583107d9e292041 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 15 Dec 2011 14:09:23 +0100 Subject: [PATCH 063/331] h264: Fix build with --disable-everything --enable-decoder='h264' --disable-optimizations Signed-off-by: Michael Niedermayer (cherry picked from commit d998a6ddeef987bbd82fad474b02cddc681a7c6a) Signed-off-by: Michael Niedermayer --- libavcodec/h264.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index fbe4e3682b..b1a9baae97 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -1816,7 +1816,7 @@ static av_always_inline void hl_decode_mb_predict_luma(H264Context *h, int mb_ty idct_dc_add(ptr, h->mb + (i*16+p*256 << pixel_shift), linesize); else idct_add (ptr, h->mb + (i*16+p*256 << pixel_shift), linesize); - }else + }else if(CONFIG_SVQ3_DECODER) ff_svq3_add_idct_c(ptr, h->mb + i*16+p*256, linesize, qscale, 0); } } @@ -1836,7 +1836,7 @@ static av_always_inline void hl_decode_mb_predict_luma(H264Context *h, int mb_ty dctcoef_set(h->mb+(p*256 << pixel_shift), pixel_shift, dc_mapping[i], dctcoef_get(h->mb_luma_dc[p], pixel_shift, i)); } } - }else + }else if(CONFIG_SVQ3_DECODER) ff_svq3_luma_dc_dequant_idct_c(h->mb+p*256, h->mb_luma_dc[p], qscale); } } @@ -1880,7 +1880,7 @@ static av_always_inline void hl_decode_mb_idct_luma(H264Context *h, int mb_type, } } } - }else{ + }else if(CONFIG_SVQ3_DECODER) { for(i=0; i<16; i++){ if(h->non_zero_count_cache[ scan8[i+p*16] ] || h->mb[i*16+p*256]){ //FIXME benchmark weird rule, & below uint8_t * const ptr= dest_y + block_offset[i]; From d1f74d838ef95b660cf07ad2c8b3ea0af9e523b7 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 15 Dec 2011 15:23:38 +0100 Subject: [PATCH 064/331] jpegdec: check return value of mjpeg_decode_dc() Fixes Ticket754 Signed-off-by: Michael Niedermayer (cherry picked from commit 484b1cdd5303771447e15d0067a2034b0c17fdc8) Signed-off-by: Michael Niedermayer --- libavcodec/mjpegdec.c | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index b3b02daab6..b8d73ed481 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -673,15 +673,19 @@ static int ljpeg_decode_rgb_scan(MJpegDecodeContext *s, int predictor, int point s->restart_count = s->restart_interval; for(i=0;i<3;i++) { - int pred; + int pred, dc; topleft[i]= top[i]; top[i]= buffer[mb_x][i]; PREDICT(pred, topleft[i], top[i], left[i], modified_predictor); + dc = mjpeg_decode_dc(s, s->dc_index[i]); + if(dc == 0xFFFF) + return -1; + left[i]= - buffer[mb_x][i]= mask & (pred + (mjpeg_decode_dc(s, s->dc_index[i]) << point_transform)); + buffer[mb_x][i]= mask & (pred + (dc << point_transform)); } if (s->restart_interval && !--s->restart_count) { @@ -735,7 +739,7 @@ static int ljpeg_decode_yuv_scan(MJpegDecodeContext *s, int predictor, int point linesize= s->linesize[c]; for(j=0; jpicture.data[c] + (linesize * (v * mb_y + y)) + (h * mb_x + x); //FIXME optimize this crap if(y==0 && mb_y==0){ @@ -754,7 +758,10 @@ static int ljpeg_decode_yuv_scan(MJpegDecodeContext *s, int predictor, int point if (s->interlaced && s->bottom_field) ptr += linesize >> 1; - *ptr= pred + (mjpeg_decode_dc(s, s->dc_index[i]) << point_transform); + dc = mjpeg_decode_dc(s, s->dc_index[i]); + if(dc == 0xFFFF) + return -1; + *ptr= pred + (dc << point_transform); if (++x == h) { x = 0; @@ -765,7 +772,7 @@ static int ljpeg_decode_yuv_scan(MJpegDecodeContext *s, int predictor, int point }else{ for(i=0;inb_blocks[i]; c = s->comp_index[i]; h = s->h_scount[i]; @@ -779,7 +786,11 @@ static int ljpeg_decode_yuv_scan(MJpegDecodeContext *s, int predictor, int point ptr = s->picture.data[c] + (linesize * (v * mb_y + y)) + (h * mb_x + x); //FIXME optimize this crap PREDICT(pred, ptr[-linesize-1], ptr[-linesize], ptr[-1], predictor); - *ptr= pred + (mjpeg_decode_dc(s, s->dc_index[i]) << point_transform); + + dc = mjpeg_decode_dc(s, s->dc_index[i]); + if(dc == 0xFFFF) + return -1; + *ptr= pred + (dc << point_transform); if (++x == h) { x = 0; y++; From 923deca05f85e097e2607f22f195da28a89e97d9 Mon Sep 17 00:00:00 2001 From: Mans Rullgard Date: Thu, 15 Dec 2011 16:31:07 +0000 Subject: [PATCH 065/331] v410enc: fix output buffer size check The encoder clearly needs width * height * 4 bytes. Signed-off-by: Mans Rullgard (cherry picked from commit dabba0c676389b73c7b324fc999da7076fae149e) Signed-off-by: Michael Niedermayer --- libavcodec/v410enc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/v410enc.c b/libavcodec/v410enc.c index ea66653412..52f87ae940 100644 --- a/libavcodec/v410enc.c +++ b/libavcodec/v410enc.c @@ -50,7 +50,7 @@ static int v410_encode_frame(AVCodecContext *avctx, uint8_t *buf, int i, j; int output_size = 0; - if (buf_size < avctx->width * avctx->height * 3) { + if (buf_size < avctx->width * avctx->height * 4) { av_log(avctx, AV_LOG_ERROR, "Out buffer is too small.\n"); return AVERROR(ENOMEM); } From 3f1e77a44c10b4468e7d5ac64fdc371fdeaf923a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Storsj=C3=B6?= Date: Thu, 15 Dec 2011 15:10:57 +0200 Subject: [PATCH 066/331] flvenc: Support muxing 16 kHz nellymoser MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Storsjö (cherry picked from commit bd2ff1a8bc01668b66314c20494c839f774de38e) Signed-off-by: Michael Niedermayer --- libavformat/flvenc.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/flvenc.c b/libavformat/flvenc.c index 2a223eeeb3..2f5aa28e6a 100644 --- a/libavformat/flvenc.c +++ b/libavformat/flvenc.c @@ -93,6 +93,7 @@ static int get_audio_flags(AVCodecContext *enc){ case 11025: flags |= FLV_SAMPLERATE_11025HZ; break; + case 16000: //nellymoser only case 8000: //nellymoser only case 5512: //not mp3 if(enc->codec_id != CODEC_ID_MP3){ @@ -128,6 +129,8 @@ static int get_audio_flags(AVCodecContext *enc){ case CODEC_ID_NELLYMOSER: if (enc->sample_rate == 8000) { flags |= FLV_CODECID_NELLYMOSER_8KHZ_MONO | FLV_SAMPLESSIZE_16BIT; + } else if (enc->sample_rate == 16000) { + flags |= FLV_CODECID_NELLYMOSER_16KHZ_MONO | FLV_SAMPLESSIZE_16BIT; } else { flags |= FLV_CODECID_NELLYMOSER | FLV_SAMPLESSIZE_16BIT; } From c575d63ac2dd3dd925d5e855fe36bf537264f138 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 13 Dec 2011 19:46:29 +0100 Subject: [PATCH 067/331] ffmpeg: reset dts/pts after decoding the first subpacket Signed-off-by: Michael Niedermayer (cherry picked from commit 6c39b3c278e2367056c7b53c8d48d4259a085e61) Signed-off-by: Michael Niedermayer --- ffmpeg.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ffmpeg.c b/ffmpeg.c index 12089413f0..2b1fd07953 100644 --- a/ffmpeg.c +++ b/ffmpeg.c @@ -2047,6 +2047,10 @@ static int output_packet(InputStream *ist, if (ret < 0) return ret; + + avpkt.dts= + avpkt.pts= AV_NOPTS_VALUE; + // touch data and size only if not EOF if (pkt) { if(ist->st->codec->codec_type != AVMEDIA_TYPE_AUDIO) From 54aa78adaa3b3c6863760cf1467c4a450dbdedce Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 15 Dec 2011 17:23:39 +0100 Subject: [PATCH 068/331] h264: fix midstream extardata handling with dump.f4v Signed-off-by: Michael Niedermayer (cherry picked from commit a4755df5236551ab53a5bf4b970748809593adf6) Signed-off-by: Michael Niedermayer --- libavcodec/h264.c | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index b1a9baae97..0e0b164330 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -4076,8 +4076,28 @@ static int decode_frame(AVCodecContext *avctx, return 0; } - if(h->is_avc && buf_size >= 9 && AV_RB32(buf)==0x0164001F && buf[5] && buf[8]==0x67) + if(h->is_avc && buf_size >= 9 && buf[0]==1 && buf[2]==0 && (buf[4]&0xFC)==0xFC && (buf[5]&0x1F) && buf[8]==0x67){ + int cnt= buf[5]&0x1f; + uint8_t *p= buf+6; + while(cnt--){ + int nalsize= AV_RB16(p) + 2; + if(nalsize > buf_size - (p-buf) || p[2]!=0x67) + goto not_extra; + p += nalsize; + } + cnt = *(p++); + if(!cnt) + goto not_extra; + while(cnt--){ + int nalsize= AV_RB16(p) + 2; + if(nalsize > buf_size - (p-buf) || p[2]!=0x68) + goto not_extra; + p += nalsize; + } + return ff_h264_decode_extradata(h, buf, buf_size); + } +not_extra: buf_index=decode_nal_units(h, buf, buf_size); if(buf_index < 0) From 56e2190e1095d0f76a8b2b05f492fae476ef043a Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Thu, 15 Dec 2011 19:23:07 +0100 Subject: [PATCH 069/331] Fix linesize for bmp with bitdepth < 8. Fixes ticket #751. (cherry picked from commit 6f2054c589a467b7eaa0c4383c29fcced1280265) Signed-off-by: Michael Niedermayer --- libavcodec/bmp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/bmp.c b/libavcodec/bmp.c index e97f6ed67c..419c3fa197 100644 --- a/libavcodec/bmp.c +++ b/libavcodec/bmp.c @@ -206,7 +206,7 @@ static int bmp_decode_frame(AVCodecContext *avctx, dsize = buf_size - hsize; /* Line size in file multiple of 4 */ - n = ((avctx->width * depth) / 8 + 3) & ~3; + n = ((avctx->width * depth + 31) / 8) & ~3; if(n * avctx->height > dsize && comp != BMP_RLE4 && comp != BMP_RLE8){ av_log(avctx, AV_LOG_ERROR, "not enough data (%d < %d)\n", From 02798736bf7b91968a67a11fd70bffebb61f0e22 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 15 Dec 2011 20:25:50 +0100 Subject: [PATCH 070/331] westwooddemuxer: Fix 1gb alloc Fixes Ticket765 Bug Found by: Diana Elena Muscalu Signed-off-by: Michael Niedermayer (cherry picked from commit f68b19fc28df0a15fa6134726954365d70dec74f) Signed-off-by: Michael Niedermayer --- libavformat/westwood.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/libavformat/westwood.c b/libavformat/westwood.c index fc428fff34..c94382756a 100644 --- a/libavformat/westwood.c +++ b/libavformat/westwood.c @@ -320,8 +320,15 @@ static int wsvqa_read_packet(AVFormatContext *s, int skip_byte; while (avio_read(pb, preamble, VQA_PREAMBLE_SIZE) == VQA_PREAMBLE_SIZE) { + int64_t filesize= avio_size(s->pb); chunk_type = AV_RB32(&preamble[0]); chunk_size = AV_RB32(&preamble[4]); + + if(chunk_size > filesize){ + av_log(s, AV_LOG_ERROR, "Chunk with size %d truncated\n", chunk_size); + chunk_size= filesize; + } + skip_byte = chunk_size & 0x01; if ((chunk_type == SND2_TAG || chunk_type == SND1_TAG) && wsvqa->audio_channels == 0) { From 19babec06f54a9696e85964a84c01c1602ebcecc Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 15 Dec 2011 20:27:51 +0100 Subject: [PATCH 071/331] westwooddemuxer: use av_get_packet() Signed-off-by: Michael Niedermayer (cherry picked from commit 4255d6d96cb80fd411c858d424626f60b97f52ac) Signed-off-by: Michael Niedermayer --- libavformat/westwood.c | 8 ++------ tests/ref/fate/vqa-cc | 1 + 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/libavformat/westwood.c b/libavformat/westwood.c index c94382756a..c46c3ba10e 100644 --- a/libavformat/westwood.c +++ b/libavformat/westwood.c @@ -338,13 +338,9 @@ static int wsvqa_read_packet(AVFormatContext *s, if ((chunk_type == SND1_TAG) || (chunk_type == SND2_TAG) || (chunk_type == VQFR_TAG)) { - if (av_new_packet(pkt, chunk_size)) + ret= av_get_packet(pb, pkt, chunk_size); + if (ret<0) return AVERROR(EIO); - ret = avio_read(pb, pkt->data, chunk_size); - if (ret != chunk_size) { - av_free_packet(pkt); - return AVERROR(EIO); - } if (chunk_type == SND2_TAG) { pkt->stream_index = wsvqa->audio_stream_index; diff --git a/tests/ref/fate/vqa-cc b/tests/ref/fate/vqa-cc index e15e727fa1..fdc7e72eeb 100644 --- a/tests/ref/fate/vqa-cc +++ b/tests/ref/fate/vqa-cc @@ -68,6 +68,7 @@ 1, 218996, 2940, 0xac8bb6c8 0, 222000, 192000, 0xb58c1566 1, 224996, 2940, 0xa503c73b +0, 228000, 192000, 0xb58c1566 1, 230996, 2940, 0x7cd588a3 1, 236996, 2940, 0xa6974b04 1, 242996, 2940, 0xbf448241 From 17044e1a2bb1926a4937974b58e25061f03739a0 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 15 Dec 2011 20:51:00 +0100 Subject: [PATCH 072/331] mov: Fix near infinite loop in stsd parsing. Fixes Ticket768 Bug found by: Diana Elena Muscalu Signed-off-by: Michael Niedermayer (cherry picked from commit 5f95c130a020ec8f6eb7ade8808f59dac5834410) Signed-off-by: Michael Niedermayer --- libavformat/mov.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/mov.c b/libavformat/mov.c index 12af19ed50..54fd3dfa22 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -1082,6 +1082,9 @@ int ff_mov_read_stsd_entries(MOVContext *c, AVIOContext *pb, int entries) avio_rb32(pb); /* reserved */ avio_rb16(pb); /* reserved */ dref_id = avio_rb16(pb); + }else if (size <= 0){ + av_log(c->fc, AV_LOG_ERROR, "invalid size %d in stsd\n", size); + return -1; } if (st->codec->codec_tag && From 0177ac9637b3fb9599f0afd15f765743b6f1900c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 15 Dec 2011 21:26:50 +0100 Subject: [PATCH 073/331] lavf: Fix fps misdetection when codec_info_duration is 0 and only a few frames are used to estimate fps. Signed-off-by: Michael Niedermayer (cherry picked from commit d19ca77f42080e7b9a360aee65218724c52e08ae) Signed-off-by: Michael Niedermayer --- libavformat/utils.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/utils.c b/libavformat/utils.c index eddca1c78e..201a7c6bf8 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -2575,6 +2575,8 @@ int avformat_find_stream_info(AVFormatContext *ic, AVDictionary **options) if(st->info->codec_info_duration && st->info->codec_info_duration*av_q2d(st->time_base) < (1001*12.0)/get_std_framerate(j)) continue; + if(!st->info->codec_info_duration && 1.0 < (1001*12.0)/get_std_framerate(j)) + continue; for(k=0; k<2; k++){ int n= st->info->duration_count; double a= st->info->duration_error[k][0][j] / n; From 134b7f57dbcd9eed254f5309b6d9bb1b993b8fe3 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 15 Dec 2011 22:45:57 +0100 Subject: [PATCH 074/331] smacker: Check for overread in smka_decode_frame() Fixes a segfault with wetlog_fail.smk Bug found by: Shitiz Garg Signed-off-by: Michael Niedermayer (cherry picked from commit d0f7927177077799abe540f9195b5ce1fc089183) Signed-off-by: Michael Niedermayer --- libavcodec/smacker.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c index a983922fc7..fdc28e1a07 100644 --- a/libavcodec/smacker.c +++ b/libavcodec/smacker.c @@ -663,6 +663,8 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data, for(i = 0; i <= stereo; i++) *samples++ = pred[i]; for(; i < unp_size / 2; i++) { + if(get_bits_left(&gb)<0) + return -1; if(i & stereo) { if(vlc[2].table) res = get_vlc2(&gb, vlc[2].table, SMKTREE_BITS, 3); @@ -697,6 +699,8 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data, for(i = 0; i <= stereo; i++) *samples8++ = pred[i]; for(; i < unp_size; i++) { + if(get_bits_left(&gb)<0) + return -1; if(i & stereo){ if(vlc[1].table) res = get_vlc2(&gb, vlc[1].table, SMKTREE_BITS, 3); From b32554175c5f279f1d25c49f0910494efa29783c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 15 Dec 2011 23:54:29 +0100 Subject: [PATCH 075/331] ffmpeg: check return code from av_vsrc_buffer_add_frame() Fixed Ticket770 Bug found by: Diana Elena Muscalu Signed-off-by: Michael Niedermayer (cherry picked from commit 1f273c2bf22c49e5f668debf52c497dabee636c7) Signed-off-by: Michael Niedermayer --- ffmpeg.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ffmpeg.c b/ffmpeg.c index 2b1fd07953..91c5269f30 100644 --- a/ffmpeg.c +++ b/ffmpeg.c @@ -1902,7 +1902,10 @@ static int transcode_video(InputStream *ist, AVPacket *pkt, int *got_output, int *frame_sample_aspect = ist->st->sample_aspect_ratio; decoded_frame->pts = ist->pts; - av_vsrc_buffer_add_frame(ost->input_video_filter, decoded_frame, AV_VSRC_BUF_FLAG_OVERWRITE); + if((av_vsrc_buffer_add_frame(ost->input_video_filter, decoded_frame, AV_VSRC_BUF_FLAG_OVERWRITE)) < 0){ + av_log(0, AV_LOG_FATAL, "Failed to inject frame into filter network\n"); + exit_program(1); + } } } #endif From 7d96f764d6f2bbdb2e0680441ad63d2513bc42fb Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Fri, 16 Dec 2011 01:04:43 +0100 Subject: [PATCH 076/331] Fix typo in v210 decoder options. (cherry picked from commit 56669837ce18d15d757a144712a082b9cb535c94) Signed-off-by: Michael Niedermayer --- libavcodec/v210dec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/v210dec.c b/libavcodec/v210dec.c index 68dbd3753a..147f1f20be 100644 --- a/libavcodec/v210dec.c +++ b/libavcodec/v210dec.c @@ -158,7 +158,7 @@ static av_cold int decode_close(AVCodecContext *avctx) return 0; } -#define V210DEC_FLAGS AV_OPT_FLAG_ENCODING_PARAM | AV_OPT_FLAG_VIDEO_PARAM +#define V210DEC_FLAGS AV_OPT_FLAG_DECODING_PARAM | AV_OPT_FLAG_VIDEO_PARAM static const AVOption v210dec_options[] = { {"custom_stride", "Custom V210 stride", offsetof(V210DecContext, custom_stride), FF_OPT_TYPE_INT, {.dbl = 0}, INT_MIN, INT_MAX, V210DEC_FLAGS}, From 8af76473b355a6753e9107cea7ae5c8443a88fd9 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 16 Dec 2011 01:32:28 +0100 Subject: [PATCH 077/331] westwooddemux: dont require avio_size() functionality. Found by reimar Signed-off-by: Michael Niedermayer (cherry picked from commit e2a16e82b13d5dbf7567a4acf44619057f19eb9d) Signed-off-by: Michael Niedermayer --- libavformat/westwood.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/westwood.c b/libavformat/westwood.c index c46c3ba10e..b803b68aab 100644 --- a/libavformat/westwood.c +++ b/libavformat/westwood.c @@ -324,7 +324,7 @@ static int wsvqa_read_packet(AVFormatContext *s, chunk_type = AV_RB32(&preamble[0]); chunk_size = AV_RB32(&preamble[4]); - if(chunk_size > filesize){ + if(filesize>=0 && chunk_size > filesize){ av_log(s, AV_LOG_ERROR, "Chunk with size %d truncated\n", chunk_size); chunk_size= filesize; } From 4af03698f30d40700f31fcc5f1fc3286c3dab406 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 16 Dec 2011 02:57:22 +0100 Subject: [PATCH 078/331] smackerdemuxer: check some values before instead of just after malloc() Fixes Ticket777 Bug Found by: Diana Elena Muscalu Signed-off-by: Michael Niedermayer (cherry picked from commit c402c1c976dc5bd63908d1aaff5b60521cbbee92) Signed-off-by: Michael Niedermayer --- libavformat/smacker.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libavformat/smacker.c b/libavformat/smacker.c index b3de8c7690..26319d4d59 100644 --- a/libavformat/smacker.c +++ b/libavformat/smacker.c @@ -255,6 +255,8 @@ static int smacker_read_packet(AVFormatContext *s, AVPacket *pkt) memcpy(oldpal, pal, 768); size = avio_r8(s->pb); size = size * 4 - 1; + if(size + 1 > frame_size) + return AVERROR_INVALIDDATA; frame_size -= size; frame_size--; sz = 0; @@ -289,10 +291,12 @@ static int smacker_read_packet(AVFormatContext *s, AVPacket *pkt) /* if audio chunks are present, put them to stack and retrieve later */ for(i = 0; i < 7; i++) { if(flags & 1) { - int size; + unsigned int size; uint8_t *tmpbuf; size = avio_rl32(s->pb) - 4; + if(size + 4L > frame_size) + return AVERROR_INVALIDDATA; frame_size -= size; frame_size -= 4; smk->curstream++; From e7cb6e1c04f409db512639af1e74af28e3ae145e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 16 Dec 2011 04:16:01 +0100 Subject: [PATCH 079/331] j2kdec: Fix integer overflow leading to a segfault Fixes Ticket776 Bug found by: Diana Elena Muscalu Signed-off-by: Michael Niedermayer (cherry picked from commit 1f99939a6361e2e6d6788494dd7c682b051c6c34) Signed-off-by: Michael Niedermayer --- libavcodec/j2k_dwt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/j2k_dwt.c b/libavcodec/j2k_dwt.c index ab7a1ab757..48aa33735e 100644 --- a/libavcodec/j2k_dwt.c +++ b/libavcodec/j2k_dwt.c @@ -321,7 +321,7 @@ int ff_j2k_dwt_init(DWTContext *s, uint16_t border[2][2], int decomp_levels, int int i, j, lev = decomp_levels, maxlen, b[2][2]; - if (decomp_levels >= FF_DWT_MAX_DECLVLS) + if ((unsigned)decomp_levels >= FF_DWT_MAX_DECLVLS) return AVERROR_INVALIDDATA; s->ndeclevels = decomp_levels; s->type = type; From 44e7ef15ae65a647f912ee680e4c0d6628c25d43 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 16 Dec 2011 05:13:58 +0100 Subject: [PATCH 080/331] avidec: Fix infinite loop caused by rounding of timestamps in non interleaved avis. Fixes Ticket775 Bug found by: Diana Elena Muscalu Signed-off-by: Michael Niedermayer (cherry picked from commit e098fba5d9c9d52aaddd83e63dd910ff20b841d2) Signed-off-by: Michael Niedermayer --- libavformat/avidec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/avidec.c b/libavformat/avidec.c index 116099ad6b..9c4dff63e7 100644 --- a/libavformat/avidec.c +++ b/libavformat/avidec.c @@ -1050,7 +1050,7 @@ static int avi_read_packet(AVFormatContext *s, AVPacket *pkt) return AVERROR_EOF; best_ast = best_st->priv_data; - best_ts = av_rescale_q(best_ts, (AVRational){FFMAX(1, best_ast->sample_size), AV_TIME_BASE}, best_st->time_base); + best_ts = best_ast->frame_offset; if(best_ast->remaining) i= av_index_search_timestamp(best_st, best_ts, AVSEEK_FLAG_ANY | AVSEEK_FLAG_BACKWARD); else{ From 58b65c12413d9277f30b6194b374e8884f3f1a71 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 16 Dec 2011 05:35:04 +0100 Subject: [PATCH 081/331] thpdemux: Check that packed sizes are within the files data size and filesize. Fixes Ticket774 Bug found by: Diana Elena Muscalu Signed-off-by: Michael Niedermayer (cherry picked from commit 482ee63641f4fa50f017538af384aadbceee7a18) Signed-off-by: Michael Niedermayer --- libavformat/thp.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/libavformat/thp.c b/libavformat/thp.c index 96f9ba115c..0b244ef2d8 100644 --- a/libavformat/thp.c +++ b/libavformat/thp.c @@ -26,6 +26,7 @@ typedef struct ThpDemuxContext { int version; + unsigned data_size; int first_frame; int first_framesz; int last_frame; @@ -41,7 +42,7 @@ typedef struct ThpDemuxContext { unsigned char components[16]; AVStream* vst; int has_audio; - int audiosize; + unsigned audiosize; } ThpDemuxContext; @@ -60,6 +61,7 @@ static int thp_read_header(AVFormatContext *s, ThpDemuxContext *thp = s->priv_data; AVStream *st; AVIOContext *pb = s->pb; + int64_t fsize= avio_size(pb); int i; /* Read the file header. */ @@ -72,7 +74,9 @@ static int thp_read_header(AVFormatContext *s, thp->fps = av_d2q(av_int2flt(avio_rb32(pb)), INT_MAX); thp->framecnt = avio_rb32(pb); thp->first_framesz = avio_rb32(pb); - avio_rb32(pb); /* Data size. */ + thp->data_size = avio_rb32(pb); + if(fsize>0 && (!thp->data_size || fsize < thp->data_size)) + thp->data_size= fsize; thp->compoff = avio_rb32(pb); avio_rb32(pb); /* offsetDataOffset. */ @@ -143,7 +147,7 @@ static int thp_read_packet(AVFormatContext *s, { ThpDemuxContext *thp = s->priv_data; AVIOContext *pb = s->pb; - int size; + unsigned int size; int ret; if (thp->audiosize == 0) { @@ -159,6 +163,10 @@ static int thp_read_packet(AVFormatContext *s, avio_rb32(pb); /* Previous total size. */ size = avio_rb32(pb); /* Total size of this frame. */ + if(thp->data_size && avio_tell(pb) + size > thp->data_size) { + av_log(s, AV_LOG_ERROR, "Video packet truncated\n"); + size= thp->data_size - avio_tell(pb); + } /* Store the audiosize so the next time this function is called, the audio can be read. */ @@ -175,6 +183,11 @@ static int thp_read_packet(AVFormatContext *s, pkt->stream_index = thp->video_stream_index; } else { + if(thp->data_size && avio_tell(pb) + thp->audiosize > thp->data_size){ + av_log(s, AV_LOG_ERROR, "Audio packet truncated\n"); + thp->audiosize= thp->data_size - avio_tell(pb); + } + ret = av_get_packet(pb, pkt, thp->audiosize); if (ret != thp->audiosize) { av_free_packet(pkt); From 349cca9f12e2290b27bba99627c8e4a8f8cdce7d Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 16 Dec 2011 05:54:03 +0100 Subject: [PATCH 082/331] lavf: add internal AVIOContext.maxsize This allows simple and generic limiting of allocations used for packets. Signed-off-by: Michael Niedermayer (cherry picked from commit 47572323f2f908913b4d031af733047d481fb1f6) Signed-off-by: Michael Niedermayer --- libavformat/avio.h | 6 ++++++ libavformat/utils.c | 10 +++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/libavformat/avio.h b/libavformat/avio.h index 7cf14f9f8c..920526f028 100644 --- a/libavformat/avio.h +++ b/libavformat/avio.h @@ -120,6 +120,12 @@ typedef struct { * A combination of AVIO_SEEKABLE_ flags or 0 when the stream is not seekable. */ int seekable; + + /** + * max filesize, used to limit allocations + * This field is internal to libavformat and access from outside is not allowed. + */ + int64_t maxsize; } AVIOContext; /* unbuffered I/O */ diff --git a/libavformat/utils.c b/libavformat/utils.c index 201a7c6bf8..f4746b017f 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -267,7 +267,15 @@ AVInputFormat *av_find_input_format(const char *short_name) int av_get_packet(AVIOContext *s, AVPacket *pkt, int size) { - int ret= av_new_packet(pkt, size); + int ret; + + if(s->maxsize>0){ + int64_t remaining= s->maxsize - avio_tell(s); + if(remaining>=0) + size= FFMIN(size, remaining); + } + + ret= av_new_packet(pkt, size); if(ret<0) return ret; From aed8e8f9f3aed29699f845b2a67a5b94f8dd2614 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 16 Dec 2011 06:02:14 +0100 Subject: [PATCH 083/331] thp: simplify overallocate checks. Signed-off-by: Michael Niedermayer (cherry picked from commit a0009754442b339dd6f07f8fe4f803f272866912) Signed-off-by: Michael Niedermayer --- libavformat/thp.c | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) diff --git a/libavformat/thp.c b/libavformat/thp.c index 0b244ef2d8..bd7e60965b 100644 --- a/libavformat/thp.c +++ b/libavformat/thp.c @@ -26,7 +26,6 @@ typedef struct ThpDemuxContext { int version; - unsigned data_size; int first_frame; int first_framesz; int last_frame; @@ -74,9 +73,9 @@ static int thp_read_header(AVFormatContext *s, thp->fps = av_d2q(av_int2flt(avio_rb32(pb)), INT_MAX); thp->framecnt = avio_rb32(pb); thp->first_framesz = avio_rb32(pb); - thp->data_size = avio_rb32(pb); - if(fsize>0 && (!thp->data_size || fsize < thp->data_size)) - thp->data_size= fsize; + pb->maxsize = avio_rb32(pb); + if(fsize>0 && (!pb->maxsize || fsize < pb->maxsize)) + pb->maxsize= fsize; thp->compoff = avio_rb32(pb); avio_rb32(pb); /* offsetDataOffset. */ @@ -163,10 +162,6 @@ static int thp_read_packet(AVFormatContext *s, avio_rb32(pb); /* Previous total size. */ size = avio_rb32(pb); /* Total size of this frame. */ - if(thp->data_size && avio_tell(pb) + size > thp->data_size) { - av_log(s, AV_LOG_ERROR, "Video packet truncated\n"); - size= thp->data_size - avio_tell(pb); - } /* Store the audiosize so the next time this function is called, the audio can be read. */ @@ -183,11 +178,6 @@ static int thp_read_packet(AVFormatContext *s, pkt->stream_index = thp->video_stream_index; } else { - if(thp->data_size && avio_tell(pb) + thp->audiosize > thp->data_size){ - av_log(s, AV_LOG_ERROR, "Audio packet truncated\n"); - thp->audiosize= thp->data_size - avio_tell(pb); - } - ret = av_get_packet(pb, pkt, thp->audiosize); if (ret != thp->audiosize) { av_free_packet(pkt); From cd5d5bf45c42d011efec5455162dfc6fb6e93afd Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 16 Dec 2011 06:02:56 +0100 Subject: [PATCH 084/331] txddemux: Limit allocated packets to filesize. Fixes Ticket772 Bug found by: Diana Elena Muscalu Signed-off-by: Michael Niedermayer (cherry picked from commit f72601d06378494b5026b919fcd3eb5eb22799a1) Signed-off-by: Michael Niedermayer --- libavformat/txd.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/txd.c b/libavformat/txd.c index 5d9f969270..284d53212f 100644 --- a/libavformat/txd.c +++ b/libavformat/txd.c @@ -48,6 +48,9 @@ static int txd_read_header(AVFormatContext *s, AVFormatParameters *ap) { st->codec->time_base.den = 5; st->codec->time_base.num = 1; /* the parameters will be extracted from the compressed bitstream */ + + s->pb->maxsize= avio_size(s->pb); + return 0; } From c40296d1ad328ba9ac05feb95eaebb4c39cc0134 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 16 Dec 2011 06:13:04 +0100 Subject: [PATCH 085/331] avidec: Check that the header chunks fit in the available filesize. Fixes Ticket771 Bug found by: Diana Elena Muscalu Signed-off-by: Michael Niedermayer (cherry picked from commit 62adc60b97d854507d07a21b2f370ab5c69e6b7b) Signed-off-by: Michael Niedermayer --- libavformat/avidec.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavformat/avidec.c b/libavformat/avidec.c index 9c4dff63e7..1a73161add 100644 --- a/libavformat/avidec.c +++ b/libavformat/avidec.c @@ -387,6 +387,11 @@ static int avi_read_header(AVFormatContext *s, AVFormatParameters *ap) tag = avio_rl32(pb); size = avio_rl32(pb); + if(size > avi->fsize){ + av_log(s, AV_LOG_ERROR, "chunk size is too big during header parsing\n"); + goto fail; + } + print_tag("tag", tag, size); switch(tag) { From dd5d2de5ec27e2b927f0f6aacaf18b72b6dd7e2e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 16 Dec 2011 15:40:21 +0100 Subject: [PATCH 086/331] lavf: Update AVIOContext.maxsize when hitting the end. Signed-off-by: Michael Niedermayer (cherry picked from commit 559ae20dda9e84abf878ee10f8dcea78dacfd0cc) Signed-off-by: Michael Niedermayer --- libavformat/utils.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index f4746b017f..a03144fc25 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -269,10 +269,17 @@ int av_get_packet(AVIOContext *s, AVPacket *pkt, int size) { int ret; - if(s->maxsize>0){ + if(s->maxsize>=0){ int64_t remaining= s->maxsize - avio_tell(s); - if(remaining>=0) - size= FFMIN(size, remaining); + if(remaining < size){ + int64_t newsize= avio_size(s); + if(!s->maxsize || s->maxsizemaxsize= newsize; + remaining= s->maxsize - avio_tell(s); + } + + if(s->maxsize>=0 && remaining>=0) + size= FFMIN(size, remaining+1); } ret= av_new_packet(pkt, size); From 813c05fcd2d4c949f6919247c323e4f06e83529a Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 16 Dec 2011 15:44:29 +0100 Subject: [PATCH 087/331] txd/westwood: remove demuxer specific overallocate solutions as the new generic code handles it fine. Signed-off-by: Michael Niedermayer (cherry picked from commit 207d9eab5a47c54173a3a3cbe990aa746fe6e39a) Signed-off-by: Michael Niedermayer --- libavformat/txd.c | 2 -- libavformat/westwood.c | 6 ------ 2 files changed, 8 deletions(-) diff --git a/libavformat/txd.c b/libavformat/txd.c index 284d53212f..06aca8c3f4 100644 --- a/libavformat/txd.c +++ b/libavformat/txd.c @@ -49,8 +49,6 @@ static int txd_read_header(AVFormatContext *s, AVFormatParameters *ap) { st->codec->time_base.num = 1; /* the parameters will be extracted from the compressed bitstream */ - s->pb->maxsize= avio_size(s->pb); - return 0; } diff --git a/libavformat/westwood.c b/libavformat/westwood.c index b803b68aab..4cbd5be396 100644 --- a/libavformat/westwood.c +++ b/libavformat/westwood.c @@ -320,15 +320,9 @@ static int wsvqa_read_packet(AVFormatContext *s, int skip_byte; while (avio_read(pb, preamble, VQA_PREAMBLE_SIZE) == VQA_PREAMBLE_SIZE) { - int64_t filesize= avio_size(s->pb); chunk_type = AV_RB32(&preamble[0]); chunk_size = AV_RB32(&preamble[4]); - if(filesize>=0 && chunk_size > filesize){ - av_log(s, AV_LOG_ERROR, "Chunk with size %d truncated\n", chunk_size); - chunk_size= filesize; - } - skip_byte = chunk_size & 0x01; if ((chunk_type == SND2_TAG || chunk_type == SND1_TAG) && wsvqa->audio_channels == 0) { From 5ca4ec76b7b8358dd6e3fa3da0bbd3dd652bd4af Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 16 Dec 2011 15:46:45 +0100 Subject: [PATCH 088/331] lavf: print an error if a packet has been truncated due to filesize in av_get_packet() Signed-off-by: Michael Niedermayer (cherry picked from commit ee181f84a31d5ba3efd28bd635f249cc5240f5a8) Signed-off-by: Michael Niedermayer --- libavformat/utils.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index a03144fc25..308d0cdf46 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -278,8 +278,10 @@ int av_get_packet(AVIOContext *s, AVPacket *pkt, int size) remaining= s->maxsize - avio_tell(s); } - if(s->maxsize>=0 && remaining>=0) - size= FFMIN(size, remaining+1); + if(s->maxsize>=0 && remaining>=0 && remaining+1 < size){ + av_log(0, AV_LOG_ERROR, "Truncating packet of size %d to %"PRId64"\n", size, remaining+1); + size= remaining+1; + } } ret= av_new_packet(pkt, size); From c55b158b87426fe44b41601601f338f5ce41be6d Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 16 Dec 2011 16:23:47 +0100 Subject: [PATCH 089/331] mtvdemuxer: fix segfault caused by truncated packets. Signed-off-by: Michael Niedermayer (cherry picked from commit f890cb948c932e3b01f9a616ff1600769c539853) Signed-off-by: Michael Niedermayer --- libavformat/mtv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mtv.c b/libavformat/mtv.c index b31e4cb88f..4252309a6e 100644 --- a/libavformat/mtv.c +++ b/libavformat/mtv.c @@ -196,7 +196,7 @@ static int mtv_read_packet(AVFormatContext *s, AVPacket *pkt) * just swap bytes as they come */ - for(i=0;iimg_segment_size/2;i++) + for(i=0;idata+i) = av_bswap16(*((uint16_t *)pkt->data+i)); #endif pkt->stream_index = 0; From 7c98d284ff73b662f8f4c583018fafcdde62c111 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 16 Dec 2011 18:52:56 +0100 Subject: [PATCH 090/331] h264: reset nal_unit_type so that decoding frames without any nal units dont leave its value at something random. Signed-off-by: Michael Niedermayer (cherry picked from commit 902c0904139b532ae25113fb6e34fa4c5cdf7ebc) Signed-off-by: Michael Niedermayer --- libavcodec/h264.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 0e0b164330..5a06a8a0d5 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -3777,6 +3777,8 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size){ int nals_needed=0; ///< number of NALs that need decoding before the next frame thread starts int nal_index; + h->nal_unit_type= 0; + h->max_contexts = (HAVE_THREADS && (s->avctx->active_thread_type&FF_THREAD_SLICE)) ? avctx->thread_count : 1; if(!(s->flags2 & CODEC_FLAG2_CHUNKS)){ h->current_slice = 0; From 3c7ba39d092c3318edc536b31bb3a47a0227ef4e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 16 Dec 2011 18:55:04 +0100 Subject: [PATCH 091/331] h264: retuen the amount read in case of NAL_END_SEQUENCE Signed-off-by: Michael Niedermayer (cherry picked from commit 227960427b726eaa6c83702e3d49679754cbc322) Signed-off-by: Michael Niedermayer --- libavcodec/h264.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 5a06a8a0d5..fa95d7035f 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -4047,15 +4047,15 @@ static int decode_frame(AVCodecContext *avctx, MpegEncContext *s = &h->s; AVFrame *pict = data; int buf_index; + Picture *out; + int i, out_idx; s->flags= avctx->flags; s->flags2= avctx->flags2; /* end of stream, output what is still in the buffers */ - out: if (buf_size == 0) { - Picture *out; - int i, out_idx; + out: s->current_picture_ptr = NULL; @@ -4076,7 +4076,7 @@ static int decode_frame(AVCodecContext *avctx, *pict= *(AVFrame*)out; } - return 0; + return buf_size; } if(h->is_avc && buf_size >= 9 && buf[0]==1 && buf[2]==0 && (buf[4]&0xFC)==0xFC && (buf[5]&0x1F) && buf[8]==0x67){ int cnt= buf[5]&0x1f; @@ -4106,7 +4106,8 @@ not_extra: return -1; if (!s->current_picture_ptr && h->nal_unit_type == NAL_END_SEQUENCE) { - buf_size = 0; + av_assert0(buf_index <= buf_size); + buf_size = buf_index; goto out; } From 5341734b03a178d6eef66ec9d6caabdebe8164ae Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 16 Dec 2011 18:55:52 +0100 Subject: [PATCH 092/331] h264: return the consumed amountg in case of Q264 Signed-off-by: Michael Niedermayer (cherry picked from commit 3d07e0aba0c9c29ed17a1becfae61b8b58f46cd1) Signed-off-by: Michael Niedermayer --- libavcodec/h264.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index fa95d7035f..e86a622328 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -4114,7 +4114,7 @@ not_extra: if(!(s->flags2 & CODEC_FLAG2_CHUNKS) && !s->current_picture_ptr){ if (avctx->skip_frame >= AVDISCARD_NONREF || buf_size >= 4 && !memcmp("Q264", buf, 4)) - return 0; + return buf_size; av_log(avctx, AV_LOG_ERROR, "no frame!\n"); return -1; } From cb7579ae6f241b3048813cd82ed60d9eeb34bca0 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 16 Dec 2011 19:37:32 +0100 Subject: [PATCH 093/331] ffmpeg: exit() on repeated ctrl-c Signed-off-by: Michael Niedermayer (cherry picked from commit cf7076ee9685d1ae35f2838904574e8aba3b067d) Signed-off-by: Michael Niedermayer --- ffmpeg.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ffmpeg.c b/ffmpeg.c index 91c5269f30..e37f75b78e 100644 --- a/ffmpeg.c +++ b/ffmpeg.c @@ -549,6 +549,8 @@ static void sigterm_handler(int sig) received_sigterm = sig; received_nb_signals++; term_exit(); + if(received_nb_signals > 3) + exit(123); } static void term_init(void) From 95234da75eac6e77d5747abecd3f2edf45c3a37c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 16 Dec 2011 19:43:54 +0100 Subject: [PATCH 094/331] ffmpeg: Fix killing [Y/n] prompt with ctrl-c Signed-off-by: Michael Niedermayer (cherry picked from commit 7b92863f30b1a748dc17bf662379261b42751f86) Signed-off-by: Michael Niedermayer --- ffmpeg.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ffmpeg.c b/ffmpeg.c index e37f75b78e..f126a6a719 100644 --- a/ffmpeg.c +++ b/ffmpeg.c @@ -3302,6 +3302,7 @@ static void assert_file_overwrite(const char *filename) fprintf(stderr,"File '%s' already exists. Overwrite ? [y/N] ", filename); fflush(stderr); term_exit(); + signal(SIGINT, SIG_DFL); if (!read_yesno()) { av_log(0, AV_LOG_FATAL, "Not overwriting - exiting\n"); exit_program(1); From 34cee5bd373ec6cc297753957b73e47f31566a1d Mon Sep 17 00:00:00 2001 From: Shitiz Garg Date: Fri, 16 Dec 2011 04:50:21 +0530 Subject: [PATCH 095/331] cljr: Check if width or height are positive integers width and height might get passed as 0 and would cause floating point exceptions in decode_frame. Fixes bugzilla #149 Signed-off-by: Michael Niedermayer (cherry picked from commit 4af0262f7d531c33b00d7f9dbca808d9c62d6a84) Signed-off-by: Michael Niedermayer --- libavcodec/cljr.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/cljr.c b/libavcodec/cljr.c index d36e0a0a12..4027cff4c7 100644 --- a/libavcodec/cljr.c +++ b/libavcodec/cljr.c @@ -61,6 +61,11 @@ static int decode_frame(AVCodecContext *avctx, if (p->data[0]) avctx->release_buffer(avctx, p); + if (avctx->height <= 0 || avctx->width <= 0) { + av_log(avctx, AV_LOG_ERROR, "Invalid width or height\n"); + return AVERROR_INVALIDDATA; + } + if (buf_size / avctx->height < avctx->width) { av_log(avctx, AV_LOG_ERROR, "Resolution larger than buffer size. Invalid header?\n"); From 4f23f24e3053394407521714e40d0b8398efd40b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 16 Dec 2011 20:34:34 +0100 Subject: [PATCH 096/331] CODEC_ID_SOL_DPCM: Fix used write buffer. Bug found by: Oana Stratulat Signed-off-by: Michael Niedermayer (cherry picked from commit 6d8e6fe9dbc365f50521cf0c4a5ffee97c970cb5) Signed-off-by: Michael Niedermayer --- libavcodec/dpcm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/dpcm.c b/libavcodec/dpcm.c index b96461984b..5f186ebd0d 100644 --- a/libavcodec/dpcm.c +++ b/libavcodec/dpcm.c @@ -288,7 +288,7 @@ static int dpcm_decode_frame(AVCodecContext *avctx, void *data, } case CODEC_ID_SOL_DPCM: if (avctx->codec_tag != 3) { - uint8_t *output_samples_u8 = data; + uint8_t *output_samples_u8 = output_samples; while (buf < buf_end) { uint8_t n = *buf++; From 8d055e9079f151f13d34e8e04f4aa7ca0273c448 Mon Sep 17 00:00:00 2001 From: Derek Buitenhuis Date: Fri, 16 Dec 2011 13:31:28 -0500 Subject: [PATCH 097/331] wavpack: Clip samples after shifting It doesn't make much sense to clip pre-shift, nor is it correct for proper decoding. Signed-off-by: Derek Buitenhuis Signed-off-by: Anton Khirnov (cherry picked from commit 365e1ec26d7e89a951ebd7851214f59f4aefdec0) Signed-off-by: Michael Niedermayer --- libavcodec/wavpack.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c index 1a8c25943f..9f1ce34003 100644 --- a/libavcodec/wavpack.c +++ b/libavcodec/wavpack.c @@ -405,12 +405,12 @@ static inline int wv_get_value_integer(WavpackFrameContext *s, uint32_t *crc, in } bit = (S & s->and) | s->or; - bit = (((S + bit) << s->shift) - bit); + bit = (((S + bit) << s->shift) - bit) << s->post_shift; if(s->hybrid) bit = av_clip(bit, -s->hybrid_maxclip, s->hybrid_maxclip - 1); - return bit << s->post_shift; + return bit; } static float wv_get_value_float(WavpackFrameContext *s, uint32_t *crc, int S) From c2aa7b70d426b82a54b77cd235f81a78ab6224ee Mon Sep 17 00:00:00 2001 From: Derek Buitenhuis Date: Fri, 16 Dec 2011 13:31:29 -0500 Subject: [PATCH 098/331] wavpack: Fix 32-bit clipping In the case that (frame_flags & 0x03) == 3, hybrid_maxclip may have had a signed integer overflow. Signed-off-by: Derek Buitenhuis Signed-off-by: Anton Khirnov (cherry picked from commit bb9747c8eee134f2bf6058d368f8cbc799f4b7d3) Signed-off-by: Michael Niedermayer --- libavcodec/wavpack.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c index 9f1ce34003..8d9b804852 100644 --- a/libavcodec/wavpack.c +++ b/libavcodec/wavpack.c @@ -408,7 +408,7 @@ static inline int wv_get_value_integer(WavpackFrameContext *s, uint32_t *crc, in bit = (((S + bit) << s->shift) - bit) << s->post_shift; if(s->hybrid) - bit = av_clip(bit, -s->hybrid_maxclip, s->hybrid_maxclip - 1); + bit = av_clip(bit, -s->hybrid_maxclip - 1, s->hybrid_maxclip); return bit; } @@ -798,7 +798,7 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no, s->joint = s->frame_flags & WV_JOINT_STEREO; s->hybrid = s->frame_flags & WV_HYBRID_MODE; s->hybrid_bitrate = s->frame_flags & WV_HYBRID_BITRATE; - s->hybrid_maxclip = 1 << ((((s->frame_flags & 0x03) + 1) << 3) - 1); + s->hybrid_maxclip = (1LL << ((((s->frame_flags & 0x03) + 1) << 3) - 1)) - 1; s->post_shift = 8 * (bpp-1-(s->frame_flags&0x03)) + ((s->frame_flags >> 13) & 0x1f); s->CRC = AV_RL32(buf); buf += 4; if(wc->mkv_mode) From 8c2fe23b1c74d38048668ae200514a5b95fe4eb0 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 17 Dec 2011 03:18:58 +0100 Subject: [PATCH 099/331] atrac3: Fix crash in tonal component decoding. Fixes Ticket780 Bug Found by: cosminamironesei Signed-off-by: Michael Niedermayer (cherry picked from commit 9af6abdc17deb95c9b1f1d9242ba49b8b5e0b016) Signed-off-by: Michael Niedermayer --- libavcodec/atrac3.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/atrac3.c b/libavcodec/atrac3.c index b9f1f516cc..fcf7c925eb 100644 --- a/libavcodec/atrac3.c +++ b/libavcodec/atrac3.c @@ -402,6 +402,8 @@ static int decodeTonalComponents (GetBitContext *gb, tonal_component *pComponent for (k=0; k=64) + return AVERROR_INVALIDDATA; pComponent[component_count].pos = j * 64 + (get_bits(gb,6)); max_coded_values = SAMPLES_PER_FRAME - pComponent[component_count].pos; coded_values = coded_values_per_component + 1; From cb2d66a47073c36d9fd7ee24daf150e95b1eb8ec Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 17 Dec 2011 03:25:46 +0100 Subject: [PATCH 100/331] avienc: Fix rawvideo 32bit Bug found by: Rik Maes Change based on suggestion by Rik Maes Signed-off-by: Michael Niedermayer (cherry picked from commit 53b6503184a9403e9ac7eb77a35059be64a308b0) Signed-off-by: Michael Niedermayer --- libavformat/riff.c | 2 +- tests/ref/vsynth1/huffyuv | 2 +- tests/ref/vsynth1/yuv | 2 +- tests/ref/vsynth2/huffyuv | 2 +- tests/ref/vsynth2/yuv | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/libavformat/riff.c b/libavformat/riff.c index ea598d272e..4f475ba04d 100644 --- a/libavformat/riff.c +++ b/libavformat/riff.c @@ -519,7 +519,7 @@ void ff_put_bmp_header(AVIOContext *pb, AVCodecContext *enc, const AVCodecTag *t avio_wl16(pb, enc->bits_per_coded_sample ? enc->bits_per_coded_sample : 24); /* depth */ /* compression type */ avio_wl32(pb, enc->codec_tag); - avio_wl32(pb, enc->width * enc->height * 3); + avio_wl32(pb, (enc->width * enc->height * (enc->bits_per_coded_sample ? enc->bits_per_coded_sample : 24)+7) / 8); avio_wl32(pb, 0); avio_wl32(pb, 0); avio_wl32(pb, 0); diff --git a/tests/ref/vsynth1/huffyuv b/tests/ref/vsynth1/huffyuv index fefc84a3b4..9ec091eb36 100644 --- a/tests/ref/vsynth1/huffyuv +++ b/tests/ref/vsynth1/huffyuv @@ -1,4 +1,4 @@ -ace2536fa169d835d0fb332abde28d51 *./tests/data/vsynth1/huffyuv.avi +f5f2e109af0612694ff3cd6464063e82 *./tests/data/vsynth1/huffyuv.avi 7933800 ./tests/data/vsynth1/huffyuv.avi c5ccac874dbf808e9088bc3107860042 *./tests/data/huffyuv.vsynth1.out.yuv stddev: 0.00 PSNR:999.99 MAXDIFF: 0 bytes: 7603200/ 7603200 diff --git a/tests/ref/vsynth1/yuv b/tests/ref/vsynth1/yuv index b98dda503a..6d8b1431db 100644 --- a/tests/ref/vsynth1/yuv +++ b/tests/ref/vsynth1/yuv @@ -1,4 +1,4 @@ -aa6b9e862aebcf8902a6d770e7729d59 *./tests/data/vsynth1/yuv.avi +eaa66c3b27a2602e882befe154a8b119 *./tests/data/vsynth1/yuv.avi 7610060 ./tests/data/vsynth1/yuv.avi c5ccac874dbf808e9088bc3107860042 *./tests/data/yuv.vsynth1.out.yuv stddev: 0.00 PSNR:999.99 MAXDIFF: 0 bytes: 7603200/ 7603200 diff --git a/tests/ref/vsynth2/huffyuv b/tests/ref/vsynth2/huffyuv index 740862aba4..e59b53ca3e 100644 --- a/tests/ref/vsynth2/huffyuv +++ b/tests/ref/vsynth2/huffyuv @@ -1,4 +1,4 @@ -56cd44907a48990e06bd065e189ff461 *./tests/data/vsynth2/huffyuv.avi +ed66182be0d515e8b6cb970ad63162da *./tests/data/vsynth2/huffyuv.avi 6455232 ./tests/data/vsynth2/huffyuv.avi dde5895817ad9d219f79a52d0bdfb001 *./tests/data/huffyuv.vsynth2.out.yuv stddev: 0.00 PSNR:999.99 MAXDIFF: 0 bytes: 7603200/ 7603200 diff --git a/tests/ref/vsynth2/yuv b/tests/ref/vsynth2/yuv index 6593ce9b3d..699ebc9b9f 100644 --- a/tests/ref/vsynth2/yuv +++ b/tests/ref/vsynth2/yuv @@ -1,4 +1,4 @@ -30a400773ab26f2c83e469198b156f1d *./tests/data/vsynth2/yuv.avi +3d5ee6d2023bc15bba898819e4977e46 *./tests/data/vsynth2/yuv.avi 7610060 ./tests/data/vsynth2/yuv.avi dde5895817ad9d219f79a52d0bdfb001 *./tests/data/yuv.vsynth2.out.yuv stddev: 0.00 PSNR:999.99 MAXDIFF: 0 bytes: 7603200/ 7603200 From 513b0f4872d101888997563fe263c76c546a3e25 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 17 Dec 2011 05:02:11 +0100 Subject: [PATCH 101/331] aacdec: Fix null pointer crash Fixes bug170 Bug found by: Gautam Gupta Signed-off-by: Michael Niedermayer (cherry picked from commit f37b2d5a6884c7bea87a6c7454239381449bd637) Signed-off-by: Michael Niedermayer --- libavcodec/mpeg4audio.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/mpeg4audio.c b/libavcodec/mpeg4audio.c index 67445935c4..abd3fa4a9b 100644 --- a/libavcodec/mpeg4audio.c +++ b/libavcodec/mpeg4audio.c @@ -82,6 +82,9 @@ int avpriv_mpeg4audio_get_config(MPEG4AudioConfig *c, const uint8_t *buf, GetBitContext gb; int specific_config_bitindex; + if(bit_size<=0) + return AVERROR_INVALIDDATA; + init_get_bits(&gb, buf, bit_size); c->object_type = get_object_type(&gb); c->sample_rate = get_sample_rate(&gb, &c->sampling_index); From 17d82125c5cddd0d79c0e25361196a847bb0e712 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 17 Dec 2011 05:41:42 +0100 Subject: [PATCH 102/331] pixfmts: Selfcheck against insertions / deletions in the enum. Signed-off-by: Michael Niedermayer (cherry picked from commit 68230eb3753f7496c4ba13e727dd48a5997eb23c) Signed-off-by: Michael Niedermayer --- libavutil/utils.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavutil/utils.c b/libavutil/utils.c index e6c8424ab4..978ab4c743 100644 --- a/libavutil/utils.c +++ b/libavutil/utils.c @@ -18,6 +18,7 @@ #include "config.h" #include "avutil.h" +#include "avassert.h" /** * @file @@ -26,6 +27,8 @@ unsigned avutil_version(void) { + av_assert0(PIX_FMT_VDA_VLD == 81); //check if the pix fmt enum has not had anything inserted or removed by mistake + return LIBAVUTIL_VERSION_INT; } From e3316723b6056cdc3bb1ecfd36c0476ea6807443 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 17 Dec 2011 05:45:34 +0100 Subject: [PATCH 103/331] avutil: check sampleformats enum, pict type enum and media type enum against insert/remove mistakes. Signed-off-by: Michael Niedermayer (cherry picked from commit 75f2cc5134b884dd2088d7b16d6d33a46ecee02a) Signed-off-by: Michael Niedermayer --- libavutil/utils.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavutil/utils.c b/libavutil/utils.c index 978ab4c743..a8d546e352 100644 --- a/libavutil/utils.c +++ b/libavutil/utils.c @@ -19,6 +19,7 @@ #include "config.h" #include "avutil.h" #include "avassert.h" +#include "samplefmt.h" /** * @file @@ -28,6 +29,9 @@ unsigned avutil_version(void) { av_assert0(PIX_FMT_VDA_VLD == 81); //check if the pix fmt enum has not had anything inserted or removed by mistake + av_assert0(AV_SAMPLE_FMT_DBLP == 9); + av_assert0(AVMEDIA_TYPE_ATTACHMENT == 4); + av_assert0(AV_PICTURE_TYPE_BI == 7); return LIBAVUTIL_VERSION_INT; } From 7bf3f79502e1721600021c0ed6b86f48140ac43a Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 17 Dec 2011 06:09:13 +0100 Subject: [PATCH 104/331] lavc: Check codec_ids against insertion/removial typos Signed-off-by: Michael Niedermayer (cherry picked from commit 83b46713f0941f468f20a149be206db1f78eb944) Signed-off-by: Michael Niedermayer --- libavcodec/utils.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index d15f652263..8b4290eb4c 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -33,6 +33,7 @@ #include "libavutil/imgutils.h" #include "libavutil/samplefmt.h" #include "libavutil/dict.h" +#include "libavutil/avassert.h" #include "avcodec.h" #include "dsputil.h" #include "libavutil/opt.h" @@ -1374,6 +1375,12 @@ const char *av_get_profile_name(const AVCodec *codec, int profile) unsigned avcodec_version( void ) { + av_assert0(CODEC_ID_V410==164); + av_assert0(CODEC_ID_PCM_S8_PLANAR==65563); + av_assert0(CODEC_ID_ADPCM_G722==69660); + av_assert0(CODEC_ID_BMV_AUDIO==86071); + av_assert0(CODEC_ID_SRT==94216); + return LIBAVCODEC_VERSION_INT; } From 1acf921d6f30dba14cec7f334feeeddd433e256a Mon Sep 17 00:00:00 2001 From: Shitiz Garg Date: Sat, 17 Dec 2011 19:35:59 +0530 Subject: [PATCH 105/331] adpcm: Check for channels to be a non-zero integer channels would be 0 sometimes and would cause floating point exception Fixes bugzilla #124 Signed-off-by: Justin Ruggles (cherry picked from commit e614fac2e6e185a247d722d4e92368b3c3bc4bdb) Signed-off-by: Michael Niedermayer --- libavcodec/adpcm.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavcodec/adpcm.c b/libavcodec/adpcm.c index cee1eed7bd..bbc7d1cd27 100644 --- a/libavcodec/adpcm.c +++ b/libavcodec/adpcm.c @@ -101,8 +101,9 @@ static av_cold int adpcm_decode_init(AVCodecContext * avctx) max_channels = 6; break; } - if(avctx->channels > max_channels){ - return -1; + if (avctx->channels <= 0 || avctx->channels > max_channels) { + av_log(avctx, AV_LOG_ERROR, "Invalid number of channels\n"); + return AVERROR(EINVAL); } switch(avctx->codec->id) { From 1bb565360cd9cb904bb22d0c367f226b3b417d3e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 17 Dec 2011 23:08:46 +0100 Subject: [PATCH 106/331] msvideo1enc: Check that dimensions are a multiple of 4. Fixes Ticket784 Found by: ami_stuff Signed-off-by: Michael Niedermayer (cherry picked from commit e09ffa45243e8615f3f9874c2d59abf6edde7084) Signed-off-by: Michael Niedermayer --- libavcodec/msvideo1enc.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/msvideo1enc.c b/libavcodec/msvideo1enc.c index 837fca5ea4..09cc7a196d 100644 --- a/libavcodec/msvideo1enc.c +++ b/libavcodec/msvideo1enc.c @@ -261,6 +261,10 @@ static av_cold int encode_init(AVCodecContext *avctx) if (av_image_check_size(avctx->width, avctx->height, 0, avctx) < 0) { return -1; } + if((avctx->width&3) || (avctx->height&3)){ + av_log(avctx, AV_LOG_ERROR, "width and height must be multiplies of 4\n"); + return -1; + } avcodec_get_frame_defaults(&c->pic); avctx->coded_frame = (AVFrame*)&c->pic; From 0c72d6416019b3a4b28837b3ad6d8a24674b6af5 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 18 Dec 2011 00:09:26 +0100 Subject: [PATCH 107/331] lagarith: rgb24 support Signed-off-by: Michael Niedermayer (cherry picked from commit 0db7b30700118d9d4b3ce0de8b1da94de747669e) Signed-off-by: Michael Niedermayer --- libavcodec/lagarith.c | 44 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/libavcodec/lagarith.c b/libavcodec/lagarith.c index bf845f1ffd..43027cff4e 100644 --- a/libavcodec/lagarith.c +++ b/libavcodec/lagarith.c @@ -524,6 +524,50 @@ static int lag_decode_frame(AVCodecContext *avctx, srcs[i] += l->rgb_stride; } break; + case FRAME_ARITH_RGB24: + avctx->pix_fmt = PIX_FMT_RGB24; + + if (avctx->get_buffer(avctx, p) < 0) { + av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n"); + return -1; + } + offs[0] = offset_bv; + offs[1] = offset_gu; + offs[2] = 9; + + if (!l->rgb_planes) { + l->rgb_stride = FFALIGN(avctx->width, 16); + l->rgb_planes = av_malloc(l->rgb_stride * avctx->height * 3); + if (!l->rgb_planes) { + av_log(avctx, AV_LOG_ERROR, "cannot allocate temporary buffer\n"); + return AVERROR(ENOMEM); + } + } + for (i = 0; i < 3; i++) + srcs[i] = l->rgb_planes + (i + 1) * l->rgb_stride * avctx->height - l->rgb_stride; + for (i = 0; i < 3; i++) + lag_decode_arith_plane(l, srcs[i], + avctx->width, avctx->height, + -l->rgb_stride, buf + offs[i], + buf_size); + dst = p->data[0]; + for (i = 0; i < 3; i++) + srcs[i] = l->rgb_planes + i * l->rgb_stride * avctx->height; + for (j = 0; j < avctx->height; j++) { + for (i = 0; i < avctx->width; i++) { + uint8_t r, g, b; + r = srcs[0][i]; + g = srcs[1][i]; + b = srcs[2][i]; + dst[3*i+0] = r+g; + dst[3*i+1] = g; + dst[3*i+2] = b+g; + } + dst += p->linesize[0]; + for (i = 0; i < 3; i++) + srcs[i] += l->rgb_stride; + } + break; case FRAME_ARITH_YV12: avctx->pix_fmt = PIX_FMT_YUV420P; From 88eaab28278894a4885e81da877f9b92e15c2ddd Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 17 Dec 2011 19:55:47 +0100 Subject: [PATCH 108/331] motion_est: avoid generating motion vectors that point between widthxheight and mb_widthxmb_height. No difference in PSNR or bitrate in the printed precission with the matrix lobby scene at 322x242 Signed-off-by: Michael Niedermayer (cherry picked from commit 56bf2c2a192523e1d0f2328bd755e63b4a0a79f8) Signed-off-by: Michael Niedermayer --- libavcodec/motion_est.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/libavcodec/motion_est.c b/libavcodec/motion_est.c index 319aaf97ca..215f5b1b75 100644 --- a/libavcodec/motion_est.c +++ b/libavcodec/motion_est.c @@ -536,8 +536,8 @@ static inline void get_limits(MpegEncContext *s, int x, int y) if (s->unrestricted_mv) { c->xmin = - x - 16; c->ymin = - y - 16; - c->xmax = - x + s->mb_width *16; - c->ymax = - y + s->mb_height*16; + c->xmax = - x + s->width; + c->ymax = - y + s->height; } else if (s->out_format == FMT_H261){ // Search range of H261 is different from other codec standards c->xmin = (x > 15) ? - 15 : 0; @@ -576,10 +576,11 @@ static inline int h263_mv4_search(MpegEncContext *s, int mx, int my, int shift) const int h=8; int block; int P[10][2]; - int dmin_sum=0, mx4_sum=0, my4_sum=0; + int dmin_sum=0, mx4_sum=0, my4_sum=0, i; int same=1; const int stride= c->stride; uint8_t *mv_penalty= c->current_mv_penalty; + int saftey_cliping= s->unrestricted_mv && (s->width&15) && (s->height&15); init_mv4_ref(c); @@ -591,6 +592,11 @@ static inline int h263_mv4_search(MpegEncContext *s, int mx, int my, int shift) const int mot_stride = s->b8_stride; const int mot_xy = s->block_index[block]; + if(saftey_cliping){ + c->xmax = - 16*s->mb_x + s->width - 8*(block &1); + c->ymax = - 16*s->mb_y + s->height - 8*(block>>1); + } + P_LEFT[0] = s->current_picture.f.motion_val[0][mot_xy - 1][0]; P_LEFT[1] = s->current_picture.f.motion_val[0][mot_xy - 1][1]; @@ -618,6 +624,11 @@ static inline int h263_mv4_search(MpegEncContext *s, int mx, int my, int shift) } P_MV1[0]= mx; P_MV1[1]= my; + if(saftey_cliping) + for(i=0; i<10; i++){ + if(P[i][0] > (c->xmax<xmax< (c->ymax<ymax<p_mv_table, (1<<16)>>shift); From bf58e5422de237afba5d7a226a25f2473e585cbf Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Sun, 18 Dec 2011 14:20:14 +0100 Subject: [PATCH 109/331] Fix possible endless loop when decoding amr. Fixes bug 151. Reviewed-by: Vitor Sessak (cherry picked from commit 290e7eb77bee5a54182fb3d5fb122c1e117190da) Signed-off-by: Michael Niedermayer --- libavcodec/acelp_vectors.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/acelp_vectors.c b/libavcodec/acelp_vectors.c index a44ab8cfe6..e6db556410 100644 --- a/libavcodec/acelp_vectors.c +++ b/libavcodec/acelp_vectors.c @@ -237,6 +237,7 @@ void ff_set_fixed_vector(float *out, const AMRFixed *in, float scale, int size) int x = in->x[i], repeats = !((in->no_repeat_mask >> i) & 1); float y = in->y[i] * scale; + if (in->pitch_lag > 0) do { out[x] += y; y *= in->pitch_fac; @@ -252,6 +253,7 @@ void ff_clear_fixed_vector(float *out, const AMRFixed *in, int size) for (i=0; i < in->n; i++) { int x = in->x[i], repeats = !((in->no_repeat_mask >> i) & 1); + if (in->pitch_lag > 0) do { out[x] = 0.0; x += in->pitch_lag; From a1974d1ea0097a09213383027dfdf17703f4e127 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Sun, 18 Dec 2011 13:48:44 +0100 Subject: [PATCH 110/331] Assume architecture arm for machine hardware name iPad*. uname -m returns for example "iPad2,1". (cherry picked from commit b6b00675112b411fbb10e8b01be1d3ddc2574cf9) Signed-off-by: Michael Niedermayer --- configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure b/configure index 62be5867d6..24e469c7e1 100755 --- a/configure +++ b/configure @@ -2294,7 +2294,7 @@ fi # Deal with common $arch aliases case "$arch" in - arm*) + arm*|iPad*) arch="arm" ;; mips|mipsel|IP*) From 9dd420ede168a95bf2896c9eaf17cccb6491487a Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 18 Dec 2011 18:57:56 +0100 Subject: [PATCH 111/331] adx_parser: Fix infinite loop. Signed-off-by: Michael Niedermayer (cherry picked from commit 3bf1d787b58cf268f3c055d6f2509fd75258450b) Signed-off-by: Michael Niedermayer --- libavcodec/adx_parser.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/adx_parser.c b/libavcodec/adx_parser.c index ebcb1370e5..f5d7989ecf 100644 --- a/libavcodec/adx_parser.c +++ b/libavcodec/adx_parser.c @@ -56,7 +56,6 @@ static int adx_parse(AVCodecParserContext *s1, if (ret = avpriv_adx_decode_header(avctx, pc->buffer, pc->index, &s->header_size, NULL)) return AVERROR_INVALIDDATA; - s->block_size = BLOCK_SIZE * avctx->channels; } if (s->header_size && s->header_size <= pc->index) { avctx->extradata = av_mallocz(s->header_size + FF_INPUT_BUFFER_PADDING_SIZE); @@ -71,6 +70,7 @@ static int adx_parse(AVCodecParserContext *s1, *poutbuf_size = 0; return buf_size; } + s->block_size = BLOCK_SIZE * avctx->channels; if (pc->index - s->buf_pos >= s->block_size) { *poutbuf = &pc->buffer[s->buf_pos]; From 2bbda9872fabf4038acbc98ceecfc1218a3370a8 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 18 Dec 2011 20:10:30 +0100 Subject: [PATCH 112/331] adxdec: Do not require extradata. Signed-off-by: Michael Niedermayer (cherry picked from commit bdd62a615a74ba7d29b528263462937da132c62c) Signed-off-by: Michael Niedermayer --- libavcodec/adxdec.c | 32 +++++++++++++++++++++++--------- 1 file changed, 23 insertions(+), 9 deletions(-) diff --git a/libavcodec/adxdec.c b/libavcodec/adxdec.c index f049def626..20f2606a90 100644 --- a/libavcodec/adxdec.c +++ b/libavcodec/adxdec.c @@ -38,16 +38,15 @@ static av_cold int adx_decode_init(AVCodecContext *avctx) ADXContext *c = avctx->priv_data; int ret, header_size; - if (avctx->extradata_size < 24) - return AVERROR_INVALIDDATA; - - if ((ret = avpriv_adx_decode_header(avctx, avctx->extradata, - avctx->extradata_size, &header_size, - c->coeff)) < 0) { - av_log(avctx, AV_LOG_ERROR, "error parsing ADX header\n"); - return AVERROR_INVALIDDATA; + if (avctx->extradata_size >= 24) { + if ((ret = avpriv_adx_decode_header(avctx, avctx->extradata, + avctx->extradata_size, &header_size, + c->coeff)) < 0) { + av_log(avctx, AV_LOG_ERROR, "error parsing ADX header\n"); + return AVERROR_INVALIDDATA; + } + c->channels = avctx->channels; } - c->channels = avctx->channels; avctx->sample_fmt = AV_SAMPLE_FMT_S16; @@ -107,6 +106,21 @@ static int adx_decode_frame(AVCodecContext *avctx, void *data, return buf_size; } + if(AV_RB16(buf) == 0x8000){ + int header_size; + if ((ret = avpriv_adx_decode_header(avctx, buf, + buf_size, &header_size, + c->coeff)) < 0) { + av_log(avctx, AV_LOG_ERROR, "error parsing ADX header\n"); + return AVERROR_INVALIDDATA; + } + c->channels = avctx->channels; + if(buf_size < header_size) + return AVERROR_INVALIDDATA; + buf += header_size; + buf_size -= header_size; + } + /* calculate number of blocks in the packet */ num_blocks = buf_size / (BLOCK_SIZE * c->channels); From cb42ed171d698324e16b2dded0ac7d419581a47f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 18 Dec 2011 20:10:51 +0100 Subject: [PATCH 113/331] adxdec: Fix division by zero Signed-off-by: Michael Niedermayer (cherry picked from commit 6b6b84ae1625ce1e38ff5f1b4c0bf03450066e66) Signed-off-by: Michael Niedermayer --- libavcodec/adxdec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/adxdec.c b/libavcodec/adxdec.c index 20f2606a90..cf494c12d4 100644 --- a/libavcodec/adxdec.c +++ b/libavcodec/adxdec.c @@ -120,6 +120,8 @@ static int adx_decode_frame(AVCodecContext *avctx, void *data, buf += header_size; buf_size -= header_size; } + if(c->channels <= 0) + return AVERROR_INVALIDDATA; /* calculate number of blocks in the packet */ num_blocks = buf_size / (BLOCK_SIZE * c->channels); From d0269db8e3369fddcfe5ce9daface2b95dde48da Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 18 Dec 2011 20:12:16 +0100 Subject: [PATCH 114/331] adx_parser: rewrite. The previous code ended in multiple different infinite loops. See stl_ten_1_big.sfd as example with and without zzuf Signed-off-by: Michael Niedermayer (cherry picked from commit 7859740c6a2f9bc3dd247dc63b8e7cbd6181a5dd) Signed-off-by: Michael Niedermayer --- libavcodec/adx_parser.c | 61 ++++++++++++++++------------------------- 1 file changed, 23 insertions(+), 38 deletions(-) diff --git a/libavcodec/adx_parser.c b/libavcodec/adx_parser.c index f5d7989ecf..bbd865454e 100644 --- a/libavcodec/adx_parser.c +++ b/libavcodec/adx_parser.c @@ -22,7 +22,7 @@ * @file * ADX audio parser * - * Reads header to extradata and splits packets into individual blocks. + * Splits packets into individual blocks. */ #include "libavutil/intreadwrite.h" @@ -33,11 +33,9 @@ typedef struct ADXParseContext { ParseContext pc; int header_size; int block_size; - int buf_pos; + int remaining; } ADXParseContext; -#define MIN_HEADER_SIZE 24 - static int adx_parse(AVCodecParserContext *s1, AVCodecContext *avctx, const uint8_t **poutbuf, int *poutbuf_size, @@ -46,45 +44,32 @@ static int adx_parse(AVCodecParserContext *s1, ADXParseContext *s = s1->priv_data; ParseContext *pc = &s->pc; int next = END_NOT_FOUND; + int i; + uint64_t state= pc->state64; - if (!avctx->extradata_size) { - int ret; - - ff_combine_frame(pc, END_NOT_FOUND, &buf, &buf_size); - - if (!s->header_size && pc->index >= MIN_HEADER_SIZE) { - if (ret = avpriv_adx_decode_header(avctx, pc->buffer, pc->index, - &s->header_size, NULL)) - return AVERROR_INVALIDDATA; + if(!s->header_size){ + for(i=0; i>32)&0xFFFF)>=4){ + s->header_size= ((state>>32)&0xFFFF) + 4; + s->block_size = BLOCK_SIZE * (state&0xFF); + s->remaining = i - 7 + s->header_size + s->block_size; + break; + } } - if (s->header_size && s->header_size <= pc->index) { - avctx->extradata = av_mallocz(s->header_size + FF_INPUT_BUFFER_PADDING_SIZE); - if (!avctx->extradata) - return AVERROR(ENOMEM); - avctx->extradata_size = s->header_size; - memcpy(avctx->extradata, pc->buffer, s->header_size); - memmove(pc->buffer, pc->buffer + s->header_size, s->header_size); - pc->index -= s->header_size; - } - *poutbuf = NULL; - *poutbuf_size = 0; - return buf_size; + pc->state64= state; } - s->block_size = BLOCK_SIZE * avctx->channels; - if (pc->index - s->buf_pos >= s->block_size) { - *poutbuf = &pc->buffer[s->buf_pos]; - *poutbuf_size = s->block_size; - s->buf_pos += s->block_size; - return 0; + if (s->header_size) { + if (!s->remaining) { + s->remaining = s->block_size; + } + if (s->remaining<=buf_size) { + next= s->remaining; + s->remaining = 0; + } else + s->remaining -= buf_size; } - if (pc->index && s->buf_pos) { - memmove(pc->buffer, &pc->buffer[s->buf_pos], pc->index - s->buf_pos); - pc->index -= s->buf_pos; - s->buf_pos = 0; - } - if (buf_size + pc->index >= s->block_size) - next = s->block_size - pc->index; if (ff_combine_frame(pc, next, &buf, &buf_size) < 0 || !buf_size) { *poutbuf = NULL; From 9f1dde03d5a0d5b2dacbe279a2be37610883e6ad Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 18 Dec 2011 21:37:54 +0100 Subject: [PATCH 115/331] mov: detect EOF in mov_read_dref() This fixes a (near) infinite loop and Ticket783 Bug found by: cosminamironesei Signed-off-by: Michael Niedermayer (cherry picked from commit af3f2a87da1d37e5f227c1c289f62e84422879c2) Signed-off-by: Michael Niedermayer --- libavformat/mov.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/mov.c b/libavformat/mov.c index 54fd3dfa22..97c16f6af8 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -431,6 +431,8 @@ static int mov_read_dref(MOVContext *c, AVIOContext *pb, MOVAtom atom) avio_skip(pb, 16); for (type = 0; type != -1 && avio_tell(pb) < next; ) { + if(url_feof(pb)) + return AVERROR(EOF); type = avio_rb16(pb); len = avio_rb16(pb); av_log(c->fc, AV_LOG_DEBUG, "type %d, len %d\n", type, len); From 21ca96049f2936a81d1f1ec432cb85031481bd22 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 18 Dec 2011 22:43:19 +0100 Subject: [PATCH 116/331] siff: Fix excessive memory allocation. Bug found by: Oana Stratulat Signed-off-by: Michael Niedermayer (cherry picked from commit 1c73391d7d5e09977bc2c04b247647f69063cf19) Signed-off-by: Michael Niedermayer --- libavformat/siff.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavformat/siff.c b/libavformat/siff.c index a8d63ee1c0..51dc694e4f 100644 --- a/libavformat/siff.c +++ b/libavformat/siff.c @@ -201,7 +201,12 @@ static int siff_read_packet(AVFormatContext *s, AVPacket *pkt) } if (!c->curstrm){ + int64_t fsize= avio_size(s->pb); size = c->pktsize - c->sndsize; + if(fsize>0) + size= FFMIN(size, fsize - avio_tell(s->pb) + c->gmcsize + 3); + if(size < 2 + c->gmcsize || c->pktsize < c->sndsize) + return AVERROR_INVALIDDATA; if (av_new_packet(pkt, size) < 0) return AVERROR(ENOMEM); AV_WL16(pkt->data, c->flags); From d1e1674f66f584bd839bf6cd512af03329e557bf Mon Sep 17 00:00:00 2001 From: "Paul B. Mahol" Date: Sat, 17 Dec 2011 17:58:06 +0000 Subject: [PATCH 117/331] cljr: fix buf_size sanity check Signed-off-by: Janne Grunau (cherry picked from commit 2e7905eee8d0f8813e703cacdd7b3ffdc4960656) Signed-off-by: Michael Niedermayer --- libavcodec/cljr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/cljr.c b/libavcodec/cljr.c index 4027cff4c7..f86d85028d 100644 --- a/libavcodec/cljr.c +++ b/libavcodec/cljr.c @@ -66,7 +66,7 @@ static int decode_frame(AVCodecContext *avctx, return AVERROR_INVALIDDATA; } - if (buf_size / avctx->height < avctx->width) { + if (buf_size < avctx->height * avctx->width) { av_log(avctx, AV_LOG_ERROR, "Resolution larger than buffer size. Invalid header?\n"); return AVERROR_INVALIDDATA; From 0815a2907a55f20e18679c4d35c8421ec7317718 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 18 Dec 2011 23:54:56 +0100 Subject: [PATCH 118/331] rl2demux: Fix FPE Fixes Ticket788 Bug found by Oana Stratulat Signed-off-by: Michael Niedermayer (cherry picked from commit f371396dfb95c116a05e9b9f690fa916bb2d815e) Signed-off-by: Michael Niedermayer --- libavformat/rl2.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/rl2.c b/libavformat/rl2.c index 530e0dfb9a..78edec5b18 100644 --- a/libavformat/rl2.c +++ b/libavformat/rl2.c @@ -138,6 +138,9 @@ static av_cold int rl2_read_header(AVFormatContext *s, /** setup audio stream if present */ if(sound_rate){ + if(channels <= 0) + return AVERROR_INVALIDDATA; + pts_num = def_sound_size; pts_den = rate; From f57c629b18cb0eebbb1203149390943c465acd9d Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 19 Dec 2011 03:43:53 +0100 Subject: [PATCH 119/331] proresdec: add UPDATE_CACHE, should fix decoding with -Os Signed-off-by: Michael Niedermayer (cherry picked from commit 29179239f5cf11c189a0ef20605ef5f5963fdb18) Signed-off-by: Michael Niedermayer --- libavcodec/proresdec2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/proresdec2.c b/libavcodec/proresdec2.c index a96af4fa9f..10a677d929 100644 --- a/libavcodec/proresdec2.c +++ b/libavcodec/proresdec2.c @@ -325,7 +325,7 @@ static av_always_inline void decode_ac_coeffs(AVCodecContext *avctx, GetBitConte int log2_block_count = av_log2(blocks_per_slice); OPEN_READER(re, gb); - + UPDATE_CACHE(re, gb); \ run = 4; level = 2; From 25cadd366bce02e3d1fc070ee6dd9f208e2b11c9 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 19 Dec 2011 04:09:23 +0100 Subject: [PATCH 120/331] adpcm: Fix crash Fixes half of Ticket794 Bug found by: Oana Stratulat Signed-off-by: Michael Niedermayer (cherry picked from commit 608708009f69ba4cecebf05120c696167494c897) Signed-off-by: Michael Niedermayer --- libavcodec/adpcm.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/adpcm.c b/libavcodec/adpcm.c index bbc7d1cd27..e7657945dd 100644 --- a/libavcodec/adpcm.c +++ b/libavcodec/adpcm.c @@ -818,6 +818,9 @@ static int adpcm_decode_frame(AVCodecContext *avctx, void *data, /* Each EA ADPCM frame has a 12-byte header followed by 30-byte pieces, each coding 28 stereo samples. */ + if(avctx->channels != 2) + return AVERROR_INVALIDDATA; + src += 4; // skip sample count (already read) current_left_sample = (int16_t)bytestream_get_le16(&src); From 9c338b7c4ceef726c6e8064fe5fbcee325c3d3f2 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 19 Dec 2011 04:13:37 +0100 Subject: [PATCH 121/331] tqi: Fix passing errors from the MB decode. This silences some valgrind warnings. Fixes second half of Ticket794 Bug found by: Oana Stratulat Signed-off-by: Michael Niedermayer (cherry picked from commit f85334f58e1286287d0547a49fa9c93b40cbf48f) Signed-off-by: Michael Niedermayer --- libavcodec/eatqi.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/libavcodec/eatqi.c b/libavcodec/eatqi.c index a1ad8147dc..245c143c88 100644 --- a/libavcodec/eatqi.c +++ b/libavcodec/eatqi.c @@ -57,12 +57,15 @@ static av_cold int tqi_decode_init(AVCodecContext *avctx) return 0; } -static void tqi_decode_mb(MpegEncContext *s, DCTELEM (*block)[64]) +static int tqi_decode_mb(MpegEncContext *s, DCTELEM (*block)[64]) { int n; s->dsp.clear_blocks(block[0]); for (n=0; n<6; n++) - ff_mpeg1_decode_block_intra(s, block[n], n); + if(ff_mpeg1_decode_block_intra(s, block[n], n)<0) + return -1; + + return 0; } static inline void tqi_idct_put(TqiContext *t, DCTELEM (*block)[64]) @@ -134,7 +137,8 @@ static int tqi_decode_frame(AVCodecContext *avctx, for (s->mb_y=0; s->mb_y<(avctx->height+15)/16; s->mb_y++) for (s->mb_x=0; s->mb_x<(avctx->width+15)/16; s->mb_x++) { - tqi_decode_mb(s, t->block); + if(tqi_decode_mb(s, t->block) < 0) + break; tqi_idct_put(t, t->block); } From 3461d275063a4fe47e0dfc90cebe4cb54b69cca1 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 19 Dec 2011 11:46:34 +0100 Subject: [PATCH 122/331] lavf: split out ffio_limit() Signed-off-by: Michael Niedermayer (cherry picked from commit e39eeb10d1b36b5681e42a7539d5b168fa292d61) Signed-off-by: Michael Niedermayer --- libavformat/avio_internal.h | 2 ++ libavformat/utils.c | 12 ++++++++---- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/libavformat/avio_internal.h b/libavformat/avio_internal.h index f140897c5d..df614b22d9 100644 --- a/libavformat/avio_internal.h +++ b/libavformat/avio_internal.h @@ -71,6 +71,8 @@ uint64_t ffio_read_varlen(AVIOContext *bc); /** @warning must be called before any I/O */ int ffio_set_buf_size(AVIOContext *s, int buf_size); +int ffio_limit(AVIOContext *s, int size); + void ffio_init_checksum(AVIOContext *s, unsigned long (*update_checksum)(unsigned long c, const uint8_t *p, unsigned int len), unsigned long checksum); diff --git a/libavformat/utils.c b/libavformat/utils.c index 308d0cdf46..5ed85dc857 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -264,11 +264,8 @@ AVInputFormat *av_find_input_format(const char *short_name) return NULL; } - -int av_get_packet(AVIOContext *s, AVPacket *pkt, int size) +int ffio_limit(AVIOContext *s, int size) { - int ret; - if(s->maxsize>=0){ int64_t remaining= s->maxsize - avio_tell(s); if(remaining < size){ @@ -283,6 +280,13 @@ int av_get_packet(AVIOContext *s, AVPacket *pkt, int size) size= remaining+1; } } + return size; +} + +int av_get_packet(AVIOContext *s, AVPacket *pkt, int size) +{ + int ret; + size= ffio_limit(s, size); ret= av_new_packet(pkt, size); From 0ab9072ee032df3c716a98cf3b4fef2000053289 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 19 Dec 2011 11:47:15 +0100 Subject: [PATCH 123/331] dsicin demuxer: Fix excessive malloc() use ffio_limit() Fixes Ticket 790 Bug found by: Oana Stratulat Signed-off-by: Michael Niedermayer (cherry picked from commit 9c5104e84ef8adcb6499eac040a6c5af47324e07) Signed-off-by: Michael Niedermayer --- libavformat/dsicin.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/dsicin.c b/libavformat/dsicin.c index 20b1d02f36..e0db8ba10e 100644 --- a/libavformat/dsicin.c +++ b/libavformat/dsicin.c @@ -27,6 +27,7 @@ #include "libavutil/intreadwrite.h" #include "avformat.h" #include "internal.h" +#include "avio_internal.h" typedef struct CinFileHeader { @@ -179,6 +180,8 @@ static int cin_read_packet(AVFormatContext *s, AVPacket *pkt) /* palette and video packet */ pkt_size = (palette_type + 3) * hdr->pal_colors_count + hdr->video_frame_size; + pkt_size = ffio_limit(pb, pkt_size); + ret = av_new_packet(pkt, 4 + pkt_size); if (ret < 0) return ret; From e9a7ab20be424b2175fdd4a74e98046a1ff6e36c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 19 Dec 2011 15:48:47 +0100 Subject: [PATCH 124/331] swscale: Fix several (real world) integer overflows. Fixes Ticket795 Bug Found by: Oana Stratulat Signed-off-by: Michael Niedermayer (cherry picked from commit 90cad5edf64511721421a8ffa2b0e3024e3e68c0) Signed-off-by: Michael Niedermayer --- libswscale/utils.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/libswscale/utils.c b/libswscale/utils.c index 3240b96030..294dd1a458 100644 --- a/libswscale/utils.c +++ b/libswscale/utils.c @@ -220,7 +220,7 @@ static int initFilter(int16_t **outFilter, int16_t **filterPos, int *outFilterSi } else if (flags&SWS_POINT) { // lame looking point sampling mode int i; - int xDstInSrc; + int64_t xDstInSrc; filterSize= 1; FF_ALLOC_OR_GOTO(NULL, filter, dstW*sizeof(*filter)*filterSize, fail); @@ -234,7 +234,7 @@ static int initFilter(int16_t **outFilter, int16_t **filterPos, int *outFilterSi } } else if ((xInc <= (1<<16) && (flags&SWS_AREA)) || (flags&SWS_FAST_BILINEAR)) { // bilinear upscale int i; - int xDstInSrc; + int64_t xDstInSrc; filterSize= 2; FF_ALLOC_OR_GOTO(NULL, filter, dstW*sizeof(*filter)*filterSize, fail); @@ -246,7 +246,7 @@ static int initFilter(int16_t **outFilter, int16_t **filterPos, int *outFilterSi (*filterPos)[i]= xx; //bilinear upscale / linear interpolate / area averaging for (j=0; j>16); + int64_t coeff= fone - FFABS(((int64_t)xx<<16) - xDstInSrc)*(fone>>16); if (coeff<0) coeff=0; filter[i*filterSize + j]= coeff; xx++; @@ -254,7 +254,7 @@ static int initFilter(int16_t **outFilter, int16_t **filterPos, int *outFilterSi xDstInSrc+= xInc; } } else { - int xDstInSrc; + int64_t xDstInSrc; int sizeFactor; if (flags&SWS_BICUBIC) sizeFactor= 4; @@ -283,7 +283,7 @@ static int initFilter(int16_t **outFilter, int16_t **filterPos, int *outFilterSi int j; (*filterPos)[i]= xx; for (j=0; j Date: Mon, 19 Dec 2011 16:27:52 +0100 Subject: [PATCH 125/331] eamad: fix excessive memory allocation. Fixes Ticket792 Bug found by Oana Stratulat Signed-off-by: Michael Niedermayer (cherry picked from commit 03a9c9932dbceff4d42d82b9c4fccf860093f0e9) Signed-off-by: Michael Niedermayer --- libavcodec/eamad.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/eamad.c b/libavcodec/eamad.c index 1f6282394e..cc6f9d38ef 100644 --- a/libavcodec/eamad.c +++ b/libavcodec/eamad.c @@ -268,6 +268,8 @@ static int decode_frame(AVCodecContext *avctx, buf += 16; if (avctx->width != s->width || avctx->height != s->height) { + if((s->width * s->height)/2048*7 > buf_end-buf) + return -1; if (av_image_check_size(s->width, s->height, 0, avctx) < 0) return -1; avcodec_set_dimensions(avctx, s->width, s->height); From 125894f15f6c739883e2da53b7a9fa333bd406b0 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 19 Dec 2011 16:30:30 +0100 Subject: [PATCH 126/331] eamad: pass & check errors Signed-off-by: Michael Niedermayer (cherry picked from commit 1d0ae92a259b924952856de1a5ca0dc6fd5031e5) Signed-off-by: Michael Niedermayer --- libavcodec/eamad.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/libavcodec/eamad.c b/libavcodec/eamad.c index cc6f9d38ef..40fdb37670 100644 --- a/libavcodec/eamad.c +++ b/libavcodec/eamad.c @@ -119,7 +119,7 @@ static inline void idct_put(MadContext *t, DCTELEM *block, int mb_x, int mb_y, i } } -static inline void decode_block_intra(MadContext * t, DCTELEM * block) +static inline int decode_block_intra(MadContext * t, DCTELEM * block) { MpegEncContext *s = &t->s; int level, i, j, run; @@ -170,13 +170,14 @@ static inline void decode_block_intra(MadContext * t, DCTELEM * block) } if (i > 63) { av_log(s->avctx, AV_LOG_ERROR, "ac-tex damaged at %d %d\n", s->mb_x, s->mb_y); - return; + return -1; } block[j] = level; } CLOSE_READER(re, &s->gb); } + return 0; } static int decode_motion(GetBitContext *gb) @@ -190,7 +191,7 @@ static int decode_motion(GetBitContext *gb) return value; } -static void decode_mb(MadContext *t, int inter) +static int decode_mb(MadContext *t, int inter) { MpegEncContext *s = &t->s; int mv_map = 0; @@ -215,10 +216,12 @@ static void decode_mb(MadContext *t, int inter) comp_block(t, s->mb_x, s->mb_y, j, mv_x, mv_y, add); } else { s->dsp.clear_block(t->block); - decode_block_intra(t, t->block); + if(decode_block_intra(t, t->block) < 0) + return -1; idct_put(t, t->block, s->mb_x, s->mb_y, j); } } + return 0; } static void calc_intra_matrix(MadContext *t, int qscale) @@ -296,7 +299,8 @@ static int decode_frame(AVCodecContext *avctx, for (s->mb_y=0; s->mb_y < (avctx->height+15)/16; s->mb_y++) for (s->mb_x=0; s->mb_x < (avctx->width +15)/16; s->mb_x++) - decode_mb(t, inter); + if(decode_mb(t, inter) < 0) + return -1; *data_size = sizeof(AVFrame); *(AVFrame*)data = t->frame; From c0c5189e66c33bfbd48de1bb9b4bfd94865ba71e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 19 Dec 2011 19:11:49 +0100 Subject: [PATCH 127/331] soxdec: check av_malloc return. Bug found by: durandal_1707 Signed-off-by: Michael Niedermayer (cherry picked from commit 1dcce49e10dcebde9d2cc52565fa299c5fdfd691) Signed-off-by: Michael Niedermayer --- libavformat/soxdec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/soxdec.c b/libavformat/soxdec.c index 45607ec666..62e701626f 100644 --- a/libavformat/soxdec.c +++ b/libavformat/soxdec.c @@ -98,6 +98,8 @@ static int sox_read_header(AVFormatContext *s, if (comment_size && comment_size < UINT_MAX) { char *comment = av_malloc(comment_size+1); + if(!comment) + return AVERROR(ENOMEM); if (avio_read(pb, comment, comment_size) != comment_size) { av_freep(&comment); return AVERROR(EIO); From 2cdd89a5614ea1df731ddaa5ce4ada21a63c65ca Mon Sep 17 00:00:00 2001 From: Aneesh Dogra Date: Tue, 20 Dec 2011 00:00:30 +0530 Subject: [PATCH 128/331] xl: Fix overreads MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Storsjö (cherry picked from commit 00aad121d8a6f365641345a8321bdaac1ff80649) Signed-off-by: Michael Niedermayer --- libavcodec/xl.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libavcodec/xl.c b/libavcodec/xl.c index c29e8b3190..78f34afa4e 100644 --- a/libavcodec/xl.c +++ b/libavcodec/xl.c @@ -68,6 +68,12 @@ static int decode_frame(AVCodecContext *avctx, V = a->pic.data[2]; stride = avctx->width - 4; + + if (buf_size < avctx->width * avctx->height) { + av_log(avctx, AV_LOG_ERROR, "Packet is too small\n"); + return AVERROR_INVALIDDATA; + } + for (i = 0; i < avctx->height; i++) { /* lines are stored in reversed order */ buf += stride; From a1a079dce435d9eb2471f493161c3577d1f5d509 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 19 Dec 2011 19:23:56 +0100 Subject: [PATCH 129/331] siff: simplify code by using ffio_limit() Signed-off-by: Michael Niedermayer (cherry picked from commit b08a742526d05bcf300af820da5c79d2a05f9959) Signed-off-by: Michael Niedermayer --- libavformat/siff.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/libavformat/siff.c b/libavformat/siff.c index 51dc694e4f..1a3f0a4e47 100644 --- a/libavformat/siff.c +++ b/libavformat/siff.c @@ -22,6 +22,7 @@ #include "libavutil/intreadwrite.h" #include "avformat.h" #include "internal.h" +#include "avio_internal.h" enum SIFFTags{ TAG_SIFF = MKTAG('S', 'I', 'F', 'F'), @@ -201,18 +202,16 @@ static int siff_read_packet(AVFormatContext *s, AVPacket *pkt) } if (!c->curstrm){ - int64_t fsize= avio_size(s->pb); - size = c->pktsize - c->sndsize; - if(fsize>0) - size= FFMIN(size, fsize - avio_tell(s->pb) + c->gmcsize + 3); - if(size < 2 + c->gmcsize || c->pktsize < c->sndsize) + size = c->pktsize - c->sndsize - c->gmcsize - 2; + size = ffio_limit(s->pb, size); + if(size < 0 || c->pktsize < c->sndsize) return AVERROR_INVALIDDATA; - if (av_new_packet(pkt, size) < 0) + if (av_new_packet(pkt, size + c->gmcsize + 2) < 0) return AVERROR(ENOMEM); AV_WL16(pkt->data, c->flags); if (c->gmcsize) memcpy(pkt->data + 2, c->gmc, c->gmcsize); - avio_read(s->pb, pkt->data + 2 + c->gmcsize, size - c->gmcsize - 2); + avio_read(s->pb, pkt->data + 2 + c->gmcsize, size); pkt->stream_index = 0; c->curstrm = -1; }else{ From 5750a95f8b1b67ee78e0a9e93c72dd7e07589107 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 20 Dec 2011 11:23:46 +0100 Subject: [PATCH 130/331] swr: fix assert failure Bug found by: Oana Stratulat GCI-id: 7211207 Signed-off-by: Michael Niedermayer (cherry picked from commit aa1c590b29d30b11c2f4830e6bc08e8f936f557f) Signed-off-by: Michael Niedermayer --- libswresample/swresample.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/libswresample/swresample.c b/libswresample/swresample.c index 0575f7dead..f97a2c1b19 100644 --- a/libswresample/swresample.c +++ b/libswresample/swresample.c @@ -202,7 +202,12 @@ int swr_init(struct SwrContext *s){ if(!s->out.ch_count) s->out.ch_count= av_get_channel_layout_nb_channels(s->out_ch_layout); -av_assert0(s-> in.ch_count); + if(!s-> in.ch_count){ + av_assert0(!s->in_ch_layout); + av_log(s, AV_LOG_ERROR, "Input channel count and layout are unset\n"); + return -1; + } + av_assert0(s->used_ch_count); av_assert0(s->out.ch_count); s->resample_first= RSC*s->out.ch_count/s->in.ch_count - RSC < s->out_sample_rate/(float)s-> in_sample_rate - 1.0; From 61fb7e17a25b62c3bbc9f72e3a23baca2a5beed9 Mon Sep 17 00:00:00 2001 From: Stefano Sabatini Date: Tue, 20 Dec 2011 13:17:03 +0100 Subject: [PATCH 131/331] lavd/lavfi: add check in case pix_fmts cannot be allocated in lavfi_read_header() (cherry picked from commit 4d475f7eb3969a378f1c2722118c57b62d2ac461) Signed-off-by: Michael Niedermayer --- libavdevice/lavfi.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavdevice/lavfi.c b/libavdevice/lavfi.c index 04dc3b233c..37c782a69c 100644 --- a/libavdevice/lavfi.c +++ b/libavdevice/lavfi.c @@ -88,6 +88,9 @@ av_cold static int lavfi_read_header(AVFormatContext *avctx, #define FAIL(ERR) { ret = ERR; goto end; } + if (!pix_fmts) + FAIL(AVERROR(ENOMEM)); + avfilter_register_all(); buffersink = avfilter_get_by_name("buffersink"); From d561025e4914bb1542afde08e9edd2db4eb5ae80 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 20 Dec 2011 16:52:42 +0100 Subject: [PATCH 132/331] avidec: move eof check before continue. Fixes a infinite loop Fixes half of Ticket800 Bug found by Oana Stratulat Signed-off-by: Michael Niedermayer (cherry picked from commit 3c7f75bd84b4c30a0f86a491a37f759dfaaab86d) Signed-off-by: Michael Niedermayer --- libavformat/avidec.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavformat/avidec.c b/libavformat/avidec.c index 1a73161add..4bf1fd6916 100644 --- a/libavformat/avidec.c +++ b/libavformat/avidec.c @@ -1232,6 +1232,9 @@ static int avi_read_idx1(AVFormatContext *s, int size) /* Read the entries and sort them in each stream component. */ for(i = 0; i < nb_index_entries; i++) { + if(url_feof(pb)) + return -1; + tag = avio_rl32(pb); flags = avio_rl32(pb); pos = avio_rl32(pb); @@ -1254,8 +1257,6 @@ static int avi_read_idx1(AVFormatContext *s, int size) av_dlog(s, "%d cum_len=%"PRId64"\n", len, ast->cum_len); - if(url_feof(pb)) - return -1; if(last_pos == pos) avi->non_interleaved= 1; From c550d56414b814f2ccb46d18f3cd520a1e46e79f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 20 Dec 2011 16:53:56 +0100 Subject: [PATCH 133/331] tm2: Check remaining size before init_get_bits() Fixes a null pointer dereference. Fixes 2nd half of Ticket800 Bug found by: Oana Stratulat Signed-off-by: Michael Niedermayer (cherry picked from commit 65f0f9183b99881af58e90e3ae2ad8b0181d52f1) Signed-off-by: Michael Niedermayer --- libavcodec/truemotion2.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/truemotion2.c b/libavcodec/truemotion2.c index 1054a7e06b..95487d9436 100644 --- a/libavcodec/truemotion2.c +++ b/libavcodec/truemotion2.c @@ -286,6 +286,8 @@ static int tm2_read_stream(TM2Context *ctx, const uint8_t *buf, int stream_id, i buf += 4; cur += 4; buf += 4; cur += 4; /* unused by decoder */ + if(skip < cur) + return -1; init_get_bits(&ctx->gb, buf, (skip - cur) * 8); if(tm2_build_huff_table(ctx, &codes) == -1) return -1; From d8d25f143fe01caec33fef90c50709db52a35c9e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 20 Dec 2011 17:51:53 +0100 Subject: [PATCH 134/331] alac: Check for bitstream overread Fixes Ticket801 Bug found by: Oana Stratulat Signed-off-by: Michael Niedermayer (cherry picked from commit a8469223f6bb756a44f6579439fcae24ccc739b1) Signed-off-by: Michael Niedermayer --- libavcodec/alac.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/libavcodec/alac.c b/libavcodec/alac.c index 2788238c78..c08d2848ed 100644 --- a/libavcodec/alac.c +++ b/libavcodec/alac.c @@ -112,7 +112,7 @@ static inline int decode_scalar(GetBitContext *gb, int k, int limit, int readsam return x; } -static void bastardized_rice_decompress(ALACContext *alac, +static int bastardized_rice_decompress(ALACContext *alac, int32_t *output_buffer, int output_size, int readsamplesize, /* arg_10 */ @@ -134,6 +134,9 @@ static void bastardized_rice_decompress(ALACContext *alac, /* standard rice encoding */ int k; /* size of extra bits */ + if(get_bits_left(&alac->gb) <= 0) + return -1; + /* read k, that is bits as is */ k = av_log2((history >> 9) + 3); x= decode_scalar(&alac->gb, k, rice_kmodifier, readsamplesize); @@ -179,6 +182,7 @@ static void bastardized_rice_decompress(ALACContext *alac, history = 0; } } + return 0; } static inline int sign_only(int v) @@ -442,12 +446,14 @@ static int alac_decode_frame(AVCodecContext *avctx, void *data, if (alac->extra_bits) { for (i = 0; i < outputsamples; i++) { + if(get_bits_left(&alac->gb) <= 0) + return -1; for (ch = 0; ch < channels; ch++) alac->extra_bits_buffer[ch][i] = get_bits(&alac->gb, alac->extra_bits); } } for (ch = 0; ch < channels; ch++) { - bastardized_rice_decompress(alac, + int ret = bastardized_rice_decompress(alac, alac->predicterror_buffer[ch], outputsamples, readsamplesize, @@ -455,6 +461,8 @@ static int alac_decode_frame(AVCodecContext *avctx, void *data, alac->setinfo_rice_kmodifier, ricemodifier[ch] * alac->setinfo_rice_historymult / 4, (1 << alac->setinfo_rice_kmodifier) - 1); + if(ret<0) + return ret; if (prediction_type[ch] == 0) { /* adaptive fir */ @@ -478,6 +486,8 @@ static int alac_decode_frame(AVCodecContext *avctx, void *data, } else { /* not compressed, easy case */ for (i = 0; i < outputsamples; i++) { + if(get_bits_left(&alac->gb) <= 0) + return -1; for (ch = 0; ch < channels; ch++) { alac->outputsamples_buffer[ch][i] = get_sbits_long(&alac->gb, alac->setinfo_sample_size); From 1db39228c6a4c01af9ede12537817d3027d915df Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 20 Dec 2011 18:00:30 +0100 Subject: [PATCH 135/331] roq: fix excessive memory alloc Fixes Ticket802 Bug found by: Oana Stratulat Signed-off-by: Michael Niedermayer (cherry picked from commit c1acd58198187b9d0ca9386add4c10fca33d2c21) Signed-off-by: Michael Niedermayer --- libavformat/idroqdec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/idroqdec.c b/libavformat/idroqdec.c index eb11c69adb..9ac32eb668 100644 --- a/libavformat/idroqdec.c +++ b/libavformat/idroqdec.c @@ -30,6 +30,7 @@ #include "libavutil/intreadwrite.h" #include "avformat.h" #include "internal.h" +#include "avio_internal.h" #define RoQ_MAGIC_NUMBER 0x1084 #define RoQ_CHUNK_PREAMBLE_SIZE 8 @@ -125,6 +126,8 @@ static int roq_read_packet(AVFormatContext *s, if(chunk_size > INT_MAX) return AVERROR_INVALIDDATA; + chunk_size = ffio_limit(pb, chunk_size); + switch (chunk_type) { case RoQ_INFO: From c2507fb986050cdad6e471ea0984957f78b14436 Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Mon, 19 Dec 2011 10:41:22 -0800 Subject: [PATCH 136/331] mpegts: Fix typo in handling sections in the PMT. This was an error rebasing 4682a1dc3aa2554ad7077f5db32d0f2d598d018e for commit. The "pes" variable guaranteed to be NULL in that block. (cherry picked from commit d9b89b23df4f63d67694507f3d1caee62424a9d8) Signed-off-by: Michael Niedermayer --- libavformat/mpegts.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mpegts.c b/libavformat/mpegts.c index 8d026fd372..c5702dcce2 100644 --- a/libavformat/mpegts.c +++ b/libavformat/mpegts.c @@ -1496,7 +1496,7 @@ static void pmt_cb(MpegTSFilter *filter, const uint8_t *section, int section_len if (idx >= 0) { st = ts->stream->streams[idx]; } else { - st = avformat_new_stream(pes->stream, NULL); + st = avformat_new_stream(ts->stream, NULL); st->id = pid; st->codec->codec_type = AVMEDIA_TYPE_DATA; } From 7a8fc9906fc19993b9379685a1fde89a89e340e9 Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Mon, 19 Dec 2011 10:48:57 -0800 Subject: [PATCH 137/331] mpegts: Suppress invalid timebase warnings on DMB streams. timestamp_len and timestamp_res intialize to zero. (cherry picked from commit 41bdd4adc4ab90a5ef7d63050a4046fcba711365) Signed-off-by: Michael Niedermayer --- libavformat/mpegts.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/mpegts.c b/libavformat/mpegts.c index c5702dcce2..5246634282 100644 --- a/libavformat/mpegts.c +++ b/libavformat/mpegts.c @@ -762,7 +762,8 @@ static int read_sl_header(PESContext *pes, SLConfigDescr *sl, const uint8_t *buf if (cts != AV_NOPTS_VALUE) pes->pts = cts; - avpriv_set_pts_info(pes->st, sl->timestamp_len, 1, sl->timestamp_res); + if (sl->timestamp_len && sl->timestamp_res) + avpriv_set_pts_info(pes->st, sl->timestamp_len, 1, sl->timestamp_res); return (get_bits_count(&gb) + 7) >> 3; } From ae26aab2c313d396806d9c2622458dd8663136c1 Mon Sep 17 00:00:00 2001 From: Aneesh Dogra Date: Tue, 20 Dec 2011 03:54:50 +0530 Subject: [PATCH 138/331] bytestream: add a new set of bytestream functions with overread checking Signed-off-by: Justin Ruggles (cherry picked from commit fd22616c593156a35b4fe6acbd3668b0802f5f84) Signed-off-by: Michael Niedermayer --- libavcodec/bytestream.h | 44 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/libavcodec/bytestream.h b/libavcodec/bytestream.h index b56f6ce743..7ca36f8ad3 100644 --- a/libavcodec/bytestream.h +++ b/libavcodec/bytestream.h @@ -26,6 +26,10 @@ #include "libavutil/common.h" #include "libavutil/intreadwrite.h" +typedef struct { + const uint8_t *buffer, *buffer_end; +} GetByteContext; + #define DEF_T(type, name, bytes, read, write) \ static av_always_inline type bytestream_get_ ## name(const uint8_t **b){\ (*b) += bytes;\ @@ -34,6 +38,18 @@ static av_always_inline type bytestream_get_ ## name(const uint8_t **b){\ static av_always_inline void bytestream_put_ ##name(uint8_t **b, const type value){\ write(*b, value);\ (*b) += bytes;\ +}\ +static av_always_inline type bytestream2_get_ ## name(GetByteContext *g)\ +{\ + if (g->buffer_end - g->buffer < bytes)\ + return 0;\ + return bytestream_get_ ## name(&g->buffer);\ +}\ +static av_always_inline type bytestream2_peek_ ## name(GetByteContext *g)\ +{\ + if (g->buffer_end - g->buffer < bytes)\ + return 0;\ + return read(g->buffer);\ } #define DEF(name, bytes, read, write) \ @@ -55,6 +71,34 @@ DEF (byte, 1, AV_RB8 , AV_WB8 ) #undef DEF64 #undef DEF_T +static av_always_inline void bytestream2_init(GetByteContext *g, + const uint8_t *buf, int buf_size) +{ + g->buffer = buf; + g->buffer_end = buf + buf_size; +} + +static av_always_inline unsigned int bytestream2_get_bytes_left(GetByteContext *g) +{ + return g->buffer_end - g->buffer; +} + +static av_always_inline void bytestream2_skip(GetByteContext *g, + unsigned int size) +{ + g->buffer += FFMIN(g->buffer_end - g->buffer, size); +} + +static av_always_inline unsigned int bytestream2_get_buffer(GetByteContext *g, + uint8_t *dst, + unsigned int size) +{ + int size2 = FFMIN(g->buffer_end - g->buffer, size); + memcpy(dst, g->buffer, size2); + g->buffer += size2; + return size2; +} + static av_always_inline unsigned int bytestream_get_buffer(const uint8_t **b, uint8_t *dst, unsigned int size) { memcpy(dst, *b, size); From f8320fd34408493cd9e6987623dfdc8659192aa1 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 20 Dec 2011 22:03:25 +0100 Subject: [PATCH 139/331] ff*: Fix duplicatedly printed version info with -version Signed-off-by: Michael Niedermayer (cherry picked from commit 452406bd5bbf21a0da7104e6edca9c6e70636511) Signed-off-by: Michael Niedermayer --- avconv.c | 2 +- cmdutils.c | 6 +++++- cmdutils.h | 2 +- ffmpeg.c | 2 +- ffplay.c | 2 +- ffprobe.c | 2 +- ffserver.c | 2 +- 7 files changed, 11 insertions(+), 7 deletions(-) diff --git a/avconv.c b/avconv.c index 4c99a6fdd7..10e99ff67a 100644 --- a/avconv.c +++ b/avconv.c @@ -4361,7 +4361,7 @@ int main(int argc, char **argv) av_register_all(); avformat_network_init(); - show_banner(); + show_banner(argc, argv, options); /* parse options */ parse_options(&o, argc, argv, options, opt_output_file); diff --git a/cmdutils.c b/cmdutils.c index 65628fcc86..4a5421b770 100644 --- a/cmdutils.c +++ b/cmdutils.c @@ -582,8 +582,12 @@ static void print_all_libs_info(int flags, int level) PRINT_LIB_INFO(postproc, POSTPROC, flags, level); } -void show_banner(void) +void show_banner(int argc, char **argv, const OptionDef *options) { + int idx = locate_option(argc, argv, options, "version"); + if (idx) + return; + av_log(NULL, AV_LOG_INFO, "%s version " FFMPEG_VERSION ", Copyright (c) %d-%d the FFmpeg developers\n", program_name, program_birth_year, this_year); av_log(NULL, AV_LOG_INFO, " built on %s %s with %s %s\n", diff --git a/cmdutils.h b/cmdutils.h index 15f983643a..3aad0174d2 100644 --- a/cmdutils.h +++ b/cmdutils.h @@ -245,7 +245,7 @@ void print_error(const char *filename, int err); * current version of the repository and of the libav* libraries used by * the program. */ -void show_banner(void); +void show_banner(int argc, char **argv, const OptionDef *options); /** * Print the version of the program to stdout. The version message diff --git a/ffmpeg.c b/ffmpeg.c index f126a6a719..f80c6c8a8c 100644 --- a/ffmpeg.c +++ b/ffmpeg.c @@ -4837,7 +4837,7 @@ int main(int argc, char **argv) av_register_all(); avformat_network_init(); - show_banner(); + show_banner(argc, argv, options); term_init(); diff --git a/ffplay.c b/ffplay.c index 947a84b06c..f0861a8091 100644 --- a/ffplay.c +++ b/ffplay.c @@ -3177,7 +3177,7 @@ int main(int argc, char **argv) init_opts(); - show_banner(); + show_banner(argc, argv, options); parse_options(NULL, argc, argv, options, opt_input_file); diff --git a/ffprobe.c b/ffprobe.c index 6af76953aa..a2aaeb295f 100644 --- a/ffprobe.c +++ b/ffprobe.c @@ -1252,7 +1252,7 @@ int main(int argc, char **argv) avdevice_register_all(); #endif - show_banner(); + show_banner(argc, argv, options); parse_options(NULL, argc, argv, options, opt_input_file); if (!input_filename) { diff --git a/ffserver.c b/ffserver.c index 1244b45b90..c1593500be 100644 --- a/ffserver.c +++ b/ffserver.c @@ -4674,7 +4674,7 @@ int main(int argc, char **argv) av_register_all(); avformat_network_init(); - show_banner(); + show_banner(argc, argv, options); my_program_name = argv[0]; my_program_dir = getcwd(0, 0); From 41ff9350e92a0be42a13b1481fed8b0a7367fbf3 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 20 Dec 2011 22:06:35 +0100 Subject: [PATCH 140/331] indeo5: Fix null pointer dereference Fixes Ticket803 Bug found by: Oana Stratulat Signed-off-by: Michael Niedermayer (cherry picked from commit f27930cd9a2d4970b182024a42a9f5103c942f21) Signed-off-by: Michael Niedermayer --- libavcodec/ivi_common.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/ivi_common.c b/libavcodec/ivi_common.c index 7f14a89f33..f240845382 100644 --- a/libavcodec/ivi_common.c +++ b/libavcodec/ivi_common.c @@ -611,6 +611,9 @@ void ff_ivi_output_plane(IVIPlaneDesc *plane, uint8_t *dst, int dst_pitch) const int16_t *src = plane->bands[0].buf; uint32_t pitch = plane->bands[0].pitch; + if(!src) + return; + for (y = 0; y < plane->height; y++) { for (x = 0; x < plane->width; x++) dst[x] = av_clip_uint8(src[x] + 128); From cb75ed3014b16ba07899313c170f94a4897a8cae Mon Sep 17 00:00:00 2001 From: Luca Barbato Date: Sun, 4 Dec 2011 15:56:39 +0100 Subject: [PATCH 141/331] nut: support 10bit YUV Signed-off-by: Luca Barbato (cherry picked from commit 432f0e5b7d2329976ef7aee05d990c7462efd0ee) Signed-off-by: Michael Niedermayer --- libavformat/nut.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libavformat/nut.c b/libavformat/nut.c index 2a5e6fe567..0a44811c57 100644 --- a/libavformat/nut.c +++ b/libavformat/nut.c @@ -70,6 +70,12 @@ const AVCodecTag ff_nut_video_tags[] = { { CODEC_ID_RAWVIDEO, MKTAG('R', 'G', 'B', 48 ) }, { CODEC_ID_RAWVIDEO, MKTAG(48 , 'B', 'G', 'R') }, { CODEC_ID_RAWVIDEO, MKTAG(48 , 'R', 'G', 'B') }, + { CODEC_ID_RAWVIDEO, MKTAG('Y', '3', 11 , 10 ) }, + { CODEC_ID_RAWVIDEO, MKTAG(10 , 11 , '3', 'Y') }, + { CODEC_ID_RAWVIDEO, MKTAG('Y', '3', 10 , 10 ) }, + { CODEC_ID_RAWVIDEO, MKTAG(10 , 10 , '3', 'Y') }, + { CODEC_ID_RAWVIDEO, MKTAG('Y', '3', 0 , 10 ) }, + { CODEC_ID_RAWVIDEO, MKTAG(10 , 0 , '3', 'Y') }, { CODEC_ID_RAWVIDEO, MKTAG('Y', '1', 0 , 16 ) }, { CODEC_ID_RAWVIDEO, MKTAG(16 , 0 , '1', 'Y') }, { CODEC_ID_RAWVIDEO, MKTAG('Y', '3', 11 , 16 ) }, From 3d207417fb72f404ca8b01fef4010bdb08fff476 Mon Sep 17 00:00:00 2001 From: Luca Barbato Date: Sun, 4 Dec 2011 15:56:40 +0100 Subject: [PATCH 142/331] raw: add 10bit YUV definitions Signed-off-by: Luca Barbato (cherry picked from commit 91b1e6f0c678e5d096185c2011f4ca56a3290a20) Signed-off-by: Michael Niedermayer --- libavcodec/raw.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libavcodec/raw.c b/libavcodec/raw.c index a26dea8146..42469fdf65 100644 --- a/libavcodec/raw.c +++ b/libavcodec/raw.c @@ -108,6 +108,12 @@ const PixelFormatTag ff_raw_pix_fmt_tags[] = { { PIX_FMT_BGR48BE, MKTAG( 48, 'B', 'G', 'R') }, { PIX_FMT_GRAY16LE, MKTAG('Y', '1', 0 , 16 ) }, { PIX_FMT_GRAY16BE, MKTAG(16 , 0 , '1', 'Y') }, + { PIX_FMT_YUV420P10LE, MKTAG('Y', '3', 11 , 10 ) }, + { PIX_FMT_YUV420P10BE, MKTAG(10 , 11 , '3', 'Y') }, + { PIX_FMT_YUV422P10LE, MKTAG('Y', '3', 10 , 10 ) }, + { PIX_FMT_YUV422P10BE, MKTAG(10 , 10 , '3', 'Y') }, + { PIX_FMT_YUV444P10LE, MKTAG('Y', '3', 0 , 10 ) }, + { PIX_FMT_YUV444P10BE, MKTAG(10 , 0 , '3', 'Y') }, { PIX_FMT_YUV420P16LE, MKTAG('Y', '3', 11 , 16 ) }, { PIX_FMT_YUV420P16BE, MKTAG(16 , 11 , '3', 'Y') }, { PIX_FMT_YUV422P16LE, MKTAG('Y', '3', 10 , 16 ) }, From fa86884dbc8b261e7f2861fe49dbfa2375e82ff3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafa=C3=ABl=20Carr=C3=A9?= Date: Tue, 13 Dec 2011 15:32:34 +0100 Subject: [PATCH 143/331] lavc: always align height by 32 pixel Interlaced content for most codec requires it. This patch is a stop-gap pending a serious rework to support codecs with non 16 pixel macroblocks. Signed-off-by: Luca Barbato (cherry picked from commit 37c0dc626d2f8254ef623d987eb5077f9120755f) Conflicts: libavcodec/utils.c Signed-off-by: Michael Niedermayer --- libavcodec/utils.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index 8b4290eb4c..8cef043cb2 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -167,10 +167,8 @@ void avcodec_align_dimensions2(AVCodecContext *s, int *width, int *height, case PIX_FMT_GBRP9BE: case PIX_FMT_GBRP10LE: case PIX_FMT_GBRP10BE: - w_align= 16; //FIXME check for non mpeg style codecs and use less alignment - h_align= 16; - if(s->codec_id == CODEC_ID_MPEG2VIDEO || s->codec_id == CODEC_ID_MJPEG || s->codec_id == CODEC_ID_AMV || s->codec_id == CODEC_ID_THP || s->codec_id == CODEC_ID_H264 || s->codec_id == CODEC_ID_PRORES) - h_align= 32; // interlaced is rounded up to 2 MBs + w_align = 16; //FIXME assume 16 pixel per macroblock + h_align = 16 * 2; // interlaced needs 2 macroblocks height break; case PIX_FMT_YUV411P: case PIX_FMT_UYYVYY411: From acbdee0a2b902884cf11b9284d1c812b7a4e51a6 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 21 Dec 2011 00:28:39 +0100 Subject: [PATCH 144/331] golomb: fix end of bitstream check Fixes Ticket806 Bug found by Oana Stratulat Signed-off-by: Michael Niedermayer (cherry picked from commit fc739b79ad7d0c360782a3193f4e6f9c30147707) Signed-off-by: Michael Niedermayer --- libavcodec/golomb.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/golomb.h b/libavcodec/golomb.h index d92bc40ee7..14cf05504f 100644 --- a/libavcodec/golomb.h +++ b/libavcodec/golomb.h @@ -302,7 +302,7 @@ static inline int get_ur_golomb_jpegls(GetBitContext *gb, int k, int limit, int }else{ int i; for(i=0; SHOW_UBITS(re, gb, 1) == 0; i++){ - if (get_bits_left(gb)<=0) + if (gb->size_in_bits <= re_index) return -1; LAST_SKIP_BITS(re, gb, 1); UPDATE_CACHE(re, gb); From d20e948f075fb4fb1081c8ac9c3279b0fbc244d2 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 21 Dec 2011 00:35:10 +0100 Subject: [PATCH 145/331] indeo3: Fix null ptr dereference Fixes Ticket804 Bug found by: Oana Stratulat Signed-off-by: Michael Niedermayer (cherry picked from commit 134aaa79f7f1ce1df64afc7d10d2b3de77df7b08) Signed-off-by: Michael Niedermayer --- libavcodec/indeo3.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/indeo3.c b/libavcodec/indeo3.c index 2c966624dd..83c97bb96d 100644 --- a/libavcodec/indeo3.c +++ b/libavcodec/indeo3.c @@ -770,7 +770,8 @@ static int parse_bintree(Indeo3DecodeContext *ctx, AVCodecContext *avctx, /* get motion vector index and setup the pointer to the mv set */ if (!ctx->need_resync) ctx->next_cell_data = &ctx->gb.buffer[(get_bits_count(&ctx->gb) + 7) >> 3]; - curr_cell.mv_ptr = &ctx->mc_vectors[*(ctx->next_cell_data++) << 1]; + if(ctx->mc_vectors) + curr_cell.mv_ptr = &ctx->mc_vectors[*(ctx->next_cell_data++) << 1]; curr_cell.tree = 1; /* enter the VQ tree */ UPDATE_BITPOS(8); } else { /* VQ tree DATA code */ From 8056d020ad4404ea8462aeae9d48e0ec13354c17 Mon Sep 17 00:00:00 2001 From: Luca Barbato Date: Wed, 21 Dec 2011 02:50:57 +0100 Subject: [PATCH 146/331] fate: account for NUT 10bit support Some libavifilter tests use NUT as output even if the produced files were not decodable. The support for 10bit introduced in 432f0e5b7d and 91b1e6f0c changed the hashes. (cherry picked from commit 9f3c77dd2a4fa4accf102c2af1f22567652b8e0f) Conflicts: tests/ref/lavfi/pixdesc tests/ref/lavfi/pixfmts_copy tests/ref/lavfi/pixfmts_null tests/ref/lavfi/pixfmts_scale tests/ref/lavfi/pixfmts_vflip Signed-off-by: Michael Niedermayer --- tests/ref/lavfi/pixdesc | 12 ++++++------ tests/ref/lavfi/pixfmts_copy | 12 ++++++------ tests/ref/lavfi/pixfmts_null | 12 ++++++------ tests/ref/lavfi/pixfmts_scale | 12 ++++++------ tests/ref/lavfi/pixfmts_vflip | 12 ++++++------ 5 files changed, 30 insertions(+), 30 deletions(-) diff --git a/tests/ref/lavfi/pixdesc b/tests/ref/lavfi/pixdesc index 63e2980dcc..07d1d36417 100644 --- a/tests/ref/lavfi/pixdesc +++ b/tests/ref/lavfi/pixdesc @@ -35,23 +35,23 @@ uyvy422 adcf64516a19fce44df77082bdb16291 yuv410p 2d9225153c83ee1132397d619d94d1b3 yuv411p 8b298af3e43348ca1b11eb8a3252ac6c yuv420p eba2f135a08829387e2f698ff72a2939 -yuv420p10be ea2aee509286fa3d07a6c68fec9967a5 -yuv420p10le 645ef73e06de41c83a7bc724179d2ce3 +yuv420p10be 2f88c301feeaccd2a5fb55f54fc30be9 +yuv420p10le 93f175084af4e78f97c7710e505f3057 yuv420p16be ba858ff4246368c28f03152487f57ef3 yuv420p16le de239729a4fe1d4cfa3743e006654e78 yuv420p9be 64e36fd90573f67ac2006d103972a79b yuv420p9le 9ed4b1dfabc53fd9e586ff6c4c43af80 yuv422p c9bba4529821d796a6ab09f6a5fd355a -yuv422p10be bdc13b630fd668b34c6fe1aae28dfc71 -yuv422p10le d0607c260a45c973e6639f4e449730ad +yuv422p10be 11af7dfafe8bc025c7e3bd82b830fe8a +yuv422p10le ec04efb76efa79bf0d02b21572371a56 yuv422p16be 5499502e1c29534a158a1fe60e889f60 yuv422p16le e3d61fde6978591596bc36b914386623 yuv422p9be 29b71579946940a8c00fa844c9dff507 yuv422p9le 062b7f9cbb972bf36b5bdb1a7623701a yuv440p 5a064afe2b453bb52cdb3f176b1aa1cf yuv444p 0a98447b78fd476aa39686da6a74fa2e -yuv444p10be e65cbae7e4f1892c23defbc8e8052cf6 -yuv444p10le 767179dd82846cf00ee4c340c9c1ab74 +yuv444p10be 71be185a2fb7a353eb024df9bc63212d +yuv444p10le c1c6b30a12065c7901c0a267e4861a0f yuv444p16be 1c6ea2c2f5e539006112ceec3d4e7d90 yuv444p16le 20f86bc2f68d2b3f1f2b48b97b2189f4 yuv444p9be 6ab31f4c12b533ce318ecdff83cdd054 diff --git a/tests/ref/lavfi/pixfmts_copy b/tests/ref/lavfi/pixfmts_copy index 3a638c33c2..5ced4785c8 100644 --- a/tests/ref/lavfi/pixfmts_copy +++ b/tests/ref/lavfi/pixfmts_copy @@ -36,23 +36,23 @@ uyvy422 adcf64516a19fce44df77082bdb16291 yuv410p 2d9225153c83ee1132397d619d94d1b3 yuv411p 8b298af3e43348ca1b11eb8a3252ac6c yuv420p eba2f135a08829387e2f698ff72a2939 -yuv420p10be ea2aee509286fa3d07a6c68fec9967a5 -yuv420p10le 645ef73e06de41c83a7bc724179d2ce3 +yuv420p10be 2f88c301feeaccd2a5fb55f54fc30be9 +yuv420p10le 93f175084af4e78f97c7710e505f3057 yuv420p16be ba858ff4246368c28f03152487f57ef3 yuv420p16le de239729a4fe1d4cfa3743e006654e78 yuv420p9be 64e36fd90573f67ac2006d103972a79b yuv420p9le 9ed4b1dfabc53fd9e586ff6c4c43af80 yuv422p c9bba4529821d796a6ab09f6a5fd355a -yuv422p10be bdc13b630fd668b34c6fe1aae28dfc71 -yuv422p10le d0607c260a45c973e6639f4e449730ad +yuv422p10be 11af7dfafe8bc025c7e3bd82b830fe8a +yuv422p10le ec04efb76efa79bf0d02b21572371a56 yuv422p16be 5499502e1c29534a158a1fe60e889f60 yuv422p16le e3d61fde6978591596bc36b914386623 yuv422p9be 29b71579946940a8c00fa844c9dff507 yuv422p9le 062b7f9cbb972bf36b5bdb1a7623701a yuv440p 5a064afe2b453bb52cdb3f176b1aa1cf yuv444p 0a98447b78fd476aa39686da6a74fa2e -yuv444p10be e65cbae7e4f1892c23defbc8e8052cf6 -yuv444p10le 767179dd82846cf00ee4c340c9c1ab74 +yuv444p10be 71be185a2fb7a353eb024df9bc63212d +yuv444p10le c1c6b30a12065c7901c0a267e4861a0f yuv444p16be 1c6ea2c2f5e539006112ceec3d4e7d90 yuv444p16le 20f86bc2f68d2b3f1f2b48b97b2189f4 yuv444p9be 6ab31f4c12b533ce318ecdff83cdd054 diff --git a/tests/ref/lavfi/pixfmts_null b/tests/ref/lavfi/pixfmts_null index 3a638c33c2..5ced4785c8 100644 --- a/tests/ref/lavfi/pixfmts_null +++ b/tests/ref/lavfi/pixfmts_null @@ -36,23 +36,23 @@ uyvy422 adcf64516a19fce44df77082bdb16291 yuv410p 2d9225153c83ee1132397d619d94d1b3 yuv411p 8b298af3e43348ca1b11eb8a3252ac6c yuv420p eba2f135a08829387e2f698ff72a2939 -yuv420p10be ea2aee509286fa3d07a6c68fec9967a5 -yuv420p10le 645ef73e06de41c83a7bc724179d2ce3 +yuv420p10be 2f88c301feeaccd2a5fb55f54fc30be9 +yuv420p10le 93f175084af4e78f97c7710e505f3057 yuv420p16be ba858ff4246368c28f03152487f57ef3 yuv420p16le de239729a4fe1d4cfa3743e006654e78 yuv420p9be 64e36fd90573f67ac2006d103972a79b yuv420p9le 9ed4b1dfabc53fd9e586ff6c4c43af80 yuv422p c9bba4529821d796a6ab09f6a5fd355a -yuv422p10be bdc13b630fd668b34c6fe1aae28dfc71 -yuv422p10le d0607c260a45c973e6639f4e449730ad +yuv422p10be 11af7dfafe8bc025c7e3bd82b830fe8a +yuv422p10le ec04efb76efa79bf0d02b21572371a56 yuv422p16be 5499502e1c29534a158a1fe60e889f60 yuv422p16le e3d61fde6978591596bc36b914386623 yuv422p9be 29b71579946940a8c00fa844c9dff507 yuv422p9le 062b7f9cbb972bf36b5bdb1a7623701a yuv440p 5a064afe2b453bb52cdb3f176b1aa1cf yuv444p 0a98447b78fd476aa39686da6a74fa2e -yuv444p10be e65cbae7e4f1892c23defbc8e8052cf6 -yuv444p10le 767179dd82846cf00ee4c340c9c1ab74 +yuv444p10be 71be185a2fb7a353eb024df9bc63212d +yuv444p10le c1c6b30a12065c7901c0a267e4861a0f yuv444p16be 1c6ea2c2f5e539006112ceec3d4e7d90 yuv444p16le 20f86bc2f68d2b3f1f2b48b97b2189f4 yuv444p9be 6ab31f4c12b533ce318ecdff83cdd054 diff --git a/tests/ref/lavfi/pixfmts_scale b/tests/ref/lavfi/pixfmts_scale index 53ea7db703..597904d02c 100644 --- a/tests/ref/lavfi/pixfmts_scale +++ b/tests/ref/lavfi/pixfmts_scale @@ -36,23 +36,23 @@ uyvy422 314bd486277111a95d9369b944fa0400 yuv410p 7df8f6d69b56a8dcb6c7ee908e5018b5 yuv411p 1143e7c5cc28fe0922b051b17733bc4c yuv420p fdad2d8df8985e3d17e73c71f713cb14 -yuv420p10be 6d335e75b553da590135cf8bb999610c -yuv420p10le d510ddbabefd03ef39ec943fcb51b709 +yuv420p10be 418039dbd82cf612db88417276aa0d1a +yuv420p10le ff7e5321208ab995b4f95634ebdf192b yuv420p16be 31988e9a5d6acacaa710f67bc1172f3a yuv420p16le f5390ce399f88e0e4e2621ed7833b250 yuv420p9be ec4983b7a949c0472110a7a2c58e278a yuv420p9le c136dce5913a722eee44ab72cff664b2 yuv422p 918e37701ee7377d16a8a6c119c56a40 -yuv422p10be cea7ca6b0e66d6f29539885896c88603 -yuv422p10le a10c4a5837547716f13cd61918b145f9 +yuv422p10be 315654908d50718e175aae018c484732 +yuv422p10le 91bbc78a9a56f659b55abc17722dcc09 yuv422p16be e7e34fe9264784763ab6cb406524c0f3 yuv422p16le c435b76b08204dda6908640fb5fd4621 yuv422p9be 82494823944912f73cebc58ad2979bbd yuv422p9le fc69c8a21f473916a4b4225636b97e06 yuv440p 461503fdb9b90451020aa3b25ddf041c yuv444p 81b2eba962d12e8d64f003ac56f6faf2 -yuv444p10be e9d3c8e744b8b0d8187ca092fa203fc9 -yuv444p10le 02f0a336e9da062a64df1ba487e102c5 +yuv444p10be fb304d77c6d2e18df5938662a22176f0 +yuv444p10le b17136913eb066dca6be6af645b9f7e8 yuv444p16be 0da9bed80f5542682ab286f3261cf24c yuv444p16le a0c5d3c7bf3f181db503cf8e450d1335 yuv444p9be 9ac2643ce7f7e5c4e17c8c9fd8494d4a diff --git a/tests/ref/lavfi/pixfmts_vflip b/tests/ref/lavfi/pixfmts_vflip index ce613debe5..333bd46484 100644 --- a/tests/ref/lavfi/pixfmts_vflip +++ b/tests/ref/lavfi/pixfmts_vflip @@ -36,23 +36,23 @@ uyvy422 ffbd36720c77398d9a0d03ce2625928f yuv410p 7bfb39d7afb49d6a6173e6b23ae321eb yuv411p 4a90048cc3a65fac150e53289700efe1 yuv420p 2e6d6062e8cad37fb3ab2c433b55f382 -yuv420p10be fac8e0ae5a81861cddac97ddc4100b66 -yuv420p10le cb83ed3552113e0292e30adee774359c +yuv420p10be 7ce787a888381dd46b0212c099ecaad9 +yuv420p10le bf22a1c543a7b3dbc556a0eb9592e179 yuv420p16be b6d25ba55bc1831d352f379311b42b6d yuv420p16le 1d7ef427b6f79a02b93948738dab5442 yuv420p9be 9865bf5c4392b56b1c4eb4f5a3fd32f9 yuv420p9le 0f1e371a1374d3cba2205b70cc7cac90 yuv422p d7f5cb44d9b0210d66d6a8762640ab34 -yuv422p10be 588fe319b96513c32e21d3e32b45447f -yuv422p10le 11b57f2bd9661024153f3973b9090cdb +yuv422p10be 0be8378c3773e1c0b394315ef4994351 +yuv422p10le 6518094fe8de6bee95af21af1e5dc1e1 yuv422p16be 9bd8f8c961822b586fa4cf992be54acc yuv422p16le 9c4a1239605c7952b736ac3130163f14 yuv422p9be 7c6f1e140b3999ee7d923854e507752a yuv422p9le 51f10d79c07989060dd06e767e6d7d60 yuv440p 876385e96165acf51271b20e5d85a416 yuv444p 9c3c667d1613b72d15bc6d851c5eb8f7 -yuv444p10be 944a4997c4edb3a8dd0f0493cfd5a1fd -yuv444p10le 2d0947ae89ecc6a501eee6832cb27e06 +yuv444p10be ee069cc6db48975eb029d72f889a7fe6 +yuv444p10le 645b3335248113cafe3c29edb1d7f3be yuv444p16be de2dedfc6f12073ffead113f86e07ecf yuv444p16le 8e83323cf102d6c823a03ae8a7b7e033 yuv444p9be 6ac92b7dc9ab2fc59bee99204886899a From fd552756d999bc9531d8ff3db605032082e2cfb7 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 21 Dec 2011 04:52:34 +0100 Subject: [PATCH 147/331] avio: remove ENOTSUP mention in doxy as its not available on all supported platforms and thus cannot be used Signed-off-by: Michael Niedermayer (cherry picked from commit 077b086dea113182468f2b4e5cad8d166b06c084) Signed-off-by: Michael Niedermayer --- libavformat/avio.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavformat/avio.h b/libavformat/avio.h index 920526f028..16216819f4 100644 --- a/libavformat/avio.h +++ b/libavformat/avio.h @@ -678,13 +678,13 @@ int avio_pause(AVIOContext *h, int pause); * If stream_index is (-1) the timestamp should be in AV_TIME_BASE * units from the beginning of the presentation. * If a stream_index >= 0 is used and the protocol does not support - * seeking based on component streams, the call will fail with ENOTSUP. + * seeking based on component streams, the call will fail. * @param timestamp timestamp in AVStream.time_base units * or if there is no stream specified then in AV_TIME_BASE units. * @param flags Optional combination of AVSEEK_FLAG_BACKWARD, AVSEEK_FLAG_BYTE * and AVSEEK_FLAG_ANY. The protocol may silently ignore * AVSEEK_FLAG_BACKWARD and AVSEEK_FLAG_ANY, but AVSEEK_FLAG_BYTE will - * fail with ENOTSUP if used and not supported. + * fail if used and not supported. * @return >= 0 on success * @see AVInputFormat::read_seek */ From 0f38b11939ad3e3d93a165576006c1cdb6c89e95 Mon Sep 17 00:00:00 2001 From: Sergey Radionov Date: Wed, 21 Dec 2011 09:08:56 +0700 Subject: [PATCH 148/331] w32threads: wait for the waked thread in pthread_cond_signal. This fixes a deadlock VLC triggered with multithreaded decoding. The wait forces one of the current waiters to wake and not the thread which calls pthread_cond_signal() itself. Signed-off-by: Ronald S. Bultje (cherry picked from commit 2003a29284660255016b1ec4bd5dfb8d53e6a852) Signed-off-by: Michael Niedermayer --- libavcodec/w32pthreads.h | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/libavcodec/w32pthreads.h b/libavcodec/w32pthreads.h index 2d1470c5ee..3cdbc2c343 100644 --- a/libavcodec/w32pthreads.h +++ b/libavcodec/w32pthreads.h @@ -139,7 +139,7 @@ static void pthread_cond_init(pthread_cond_t *cond, const void *unused_attr) win32_cond->semaphore = CreateSemaphore(NULL, 0, 0x7fffffff, NULL); if (!win32_cond->semaphore) return; - win32_cond->waiters_done = CreateEvent(NULL, FALSE, FALSE, NULL); + win32_cond->waiters_done = CreateEvent(NULL, TRUE, FALSE, NULL); if (!win32_cond->waiters_done) return; @@ -204,11 +204,10 @@ static void pthread_cond_wait(pthread_cond_t *cond, pthread_mutex_t *mutex) /* non native condition variables */ pthread_mutex_lock(&win32_cond->mtx_broadcast); - pthread_mutex_unlock(&win32_cond->mtx_broadcast); - pthread_mutex_lock(&win32_cond->mtx_waiter_count); win32_cond->waiter_count++; pthread_mutex_unlock(&win32_cond->mtx_waiter_count); + pthread_mutex_unlock(&win32_cond->mtx_broadcast); // unlock the external mutex pthread_mutex_unlock(mutex); @@ -216,7 +215,7 @@ static void pthread_cond_wait(pthread_cond_t *cond, pthread_mutex_t *mutex) pthread_mutex_lock(&win32_cond->mtx_waiter_count); win32_cond->waiter_count--; - last_waiter = !win32_cond->waiter_count && win32_cond->is_broadcast; + last_waiter = !win32_cond->waiter_count || !win32_cond->is_broadcast; pthread_mutex_unlock(&win32_cond->mtx_waiter_count); if (last_waiter) @@ -235,13 +234,20 @@ static void pthread_cond_signal(pthread_cond_t *cond) return; } + pthread_mutex_lock(&win32_cond->mtx_broadcast); + /* non-native condition variables */ pthread_mutex_lock(&win32_cond->mtx_waiter_count); have_waiter = win32_cond->waiter_count; pthread_mutex_unlock(&win32_cond->mtx_waiter_count); - if (have_waiter) + if (have_waiter) { ReleaseSemaphore(win32_cond->semaphore, 1, NULL); + WaitForSingleObject(win32_cond->waiters_done, INFINITE); + ResetEvent(win32_cond->waiters_done); + } + + pthread_mutex_unlock(&win32_cond->mtx_broadcast); } static void w32thread_init(void) From 7e35c3e177ad03411ca3a275ecac4bc9891f89b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tomas=20H=C3=A4rdin?= Date: Tue, 20 Dec 2011 17:38:27 +0100 Subject: [PATCH 149/331] mxfdec: Check for NULL component This fixes SIGSEGV with zzuf1.mxf (cherry picked from commit 5e5e69d0787ae4939f3f8e8d6c0342310eda28ee) Signed-off-by: Michael Niedermayer --- libavformat/mxfdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index 4a90827374..d3db5461ac 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -1275,7 +1275,7 @@ static int mxf_parse_structural_metadata(MXFContext *mxf) break; } } - if (!source_track) + if (!source_track || !component) continue; if (!(source_track->sequence = mxf_resolve_strong_ref(mxf, &source_track->sequence_ref, Sequence))) { From 46e4dd66dafda925748c40238904040fe20d5407 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tomas=20H=C3=A4rdin?= Date: Tue, 20 Dec 2011 17:39:59 +0100 Subject: [PATCH 150/331] mxfdec: Check url_feof() in mxf_read_local_tags() This fixes the infinite loop with zzuf2.mxf (cherry picked from commit 2116e4ba917748c0985be2347d400ba0f3fe6c64) Signed-off-by: Michael Niedermayer --- libavformat/mxfdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index d3db5461ac..58bda9a85f 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -1437,7 +1437,7 @@ static int mxf_read_local_tags(MXFContext *mxf, KLVPacket *klv, MXFMetadataReadF if (!ctx) return -1; - while (avio_tell(pb) + 4 < klv_end) { + while (avio_tell(pb) + 4 < klv_end && !url_feof(pb)) { int tag = avio_rb16(pb); int size = avio_rb16(pb); /* KLV specified by 0x53 */ uint64_t next = avio_tell(pb) + size; From 6a8826abf4aa9818b3a6e1d94f661be9fdce9032 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tomas=20H=C3=A4rdin?= Date: Tue, 20 Dec 2011 18:11:10 +0100 Subject: [PATCH 151/331] mxfdec: Move the current_partition check inside mxf_read_header() This fixes SIGSEGV on files where this is actually the case, such as zzuf4.mxf (cherry picked from commit 184f479096dabcb1eafd9c661304f410a76780ed) Signed-off-by: Michael Niedermayer --- libavformat/mxfdec.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index 58bda9a85f..fe3a7ccdfa 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -1500,11 +1500,6 @@ static int mxf_parse_handle_essence(MXFContext *mxf) AVIOContext *pb = mxf->fc->pb; int64_t ret; - if (!mxf->current_partition) { - av_log(mxf->fc, AV_LOG_ERROR, "found essence prior to PartitionPack\n"); - return AVERROR_INVALIDDATA; - } - if (mxf->parsing_backward) { return mxf_seek_to_previous_partition(mxf); } else { @@ -1618,6 +1613,12 @@ static int mxf_read_header(AVFormatContext *s, AVFormatParameters *ap) if (IS_KLV_KEY(klv.key, mxf_encrypted_triplet_key) || IS_KLV_KEY(klv.key, mxf_essence_element_key) || IS_KLV_KEY(klv.key, mxf_system_item_key)) { + + if (!mxf->current_partition) { + av_log(mxf->fc, AV_LOG_ERROR, "found essence prior to first PartitionPack\n"); + return AVERROR_INVALIDDATA; + } + if (!mxf->current_partition->essence_offset) { /* for OP1a we compute essence_offset * for OPAtom we point essence_offset after the KL (usually op1a_essence_offset + 20 or 25) From 5c2097cff79c66cb1a3aa7f49133fa265d9fb633 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tomas=20H=C3=A4rdin?= Date: Wed, 21 Dec 2011 10:56:59 +0100 Subject: [PATCH 152/331] mxfdec: Sanity check PreviousPartition Without this certain files could get the demuxer stuck in a loop (cherry picked from commit 46d65fb8a574465499a470d0c34a30902e45176a) Signed-off-by: Michael Niedermayer --- libavformat/mxfdec.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index fe3a7ccdfa..e97b2a45f4 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -577,6 +577,13 @@ static int mxf_read_partition_pack(void *arg, AVIOContext *pb, int tag, int size partition->previous_partition, footer_partition, partition->index_sid, partition->body_sid); + /* sanity check PreviousPartition if set */ + if (partition->previous_partition && + mxf->run_in + partition->previous_partition >= klv_offset) { + av_log(mxf->fc, AV_LOG_ERROR, "PreviousPartition points to this partition or forward\n"); + return AVERROR_INVALIDDATA; + } + if (op[12] == 1 && op[13] == 1) mxf->op = OP1a; else if (op[12] == 1 && op[13] == 2) mxf->op = OP1b; else if (op[12] == 1 && op[13] == 3) mxf->op = OP1c; From 09ce851c7e8685f0b46d30b471e411fbbf3d636e Mon Sep 17 00:00:00 2001 From: Mans Rullgard Date: Fri, 16 Dec 2011 21:19:50 +0000 Subject: [PATCH 153/331] get_bits: remove A32 variant The A32 bitstream reader variant is only used on ARMv5 and for Prores due to the larger bit cache this decoder requires. In benchmarks on ARMv5 (Marvell Sheeva) with gcc 4.6, the only statistically significant difference between ALT and A32 is a 4% advantage for ALT in FLAC decoding. There is thus no (longer) any reason to keep the A32 reader from this point of view. This patch adds an option to the ALT reader increasing the bit cache to 32 bits as required by the Prores decoder. Benchmarking shows no significant change in speed on Intel i7. Again, the A32 reader fails to justify its existence. Signed-off-by: Mans Rullgard (cherry picked from commit a1e98f198e9db4e5ddfc2f777014179d3d7bc4d2) Conflicts: libavcodec/get_bits.h Signed-off-by: Michael Niedermayer --- libavcodec/dv.c | 2 +- libavcodec/get_bits.h | 119 +++++------------------------------- libavcodec/imc.c | 1 - libavcodec/proresdec_lgpl.c | 2 +- 4 files changed, 16 insertions(+), 108 deletions(-) diff --git a/libavcodec/dv.c b/libavcodec/dv.c index 787bd6511e..a05928801d 100644 --- a/libavcodec/dv.c +++ b/libavcodec/dv.c @@ -37,7 +37,7 @@ * @file * DV codec. */ -#define ALT_BITSTREAM_READER + #include "libavutil/pixdesc.h" #include "avcodec.h" #include "dsputil.h" diff --git a/libavcodec/get_bits.h b/libavcodec/get_bits.h index 3b09dfd285..a685817f36 100644 --- a/libavcodec/get_bits.h +++ b/libavcodec/get_bits.h @@ -35,31 +35,11 @@ #include "libavutil/log.h" #include "mathops.h" -#if defined(ALT_BITSTREAM_READER_LE) && !defined(ALT_BITSTREAM_READER) -# define ALT_BITSTREAM_READER -#endif - -#if !defined(A32_BITSTREAM_READER) && !defined(ALT_BITSTREAM_READER) -# if ARCH_ARM && !HAVE_FAST_UNALIGNED -# define A32_BITSTREAM_READER -# else -# define ALT_BITSTREAM_READER -//#define A32_BITSTREAM_READER -# endif -#endif - /* bit input */ /* buffer, buffer_end and size_in_bits must be present and used by every reader */ typedef struct GetBitContext { const uint8_t *buffer, *buffer_end; -#ifdef ALT_BITSTREAM_READER int index; -#elif defined A32_BITSTREAM_READER - uint32_t *buffer_ptr; - uint32_t cache0; - uint32_t cache1; - int bit_count; -#endif int size_in_bits; } GetBitContext; @@ -122,8 +102,11 @@ LAST_SKIP_BITS(name, gb, num) for examples see get_bits, show_bits, skip_bits, get_vlc */ -#ifdef ALT_BITSTREAM_READER +#ifdef LONG_BITSTREAM_READER +# define MIN_CACHE_BITS 32 +#else # define MIN_CACHE_BITS 25 +#endif # define OPEN_READER(name, gb) \ unsigned int name##_index = (gb)->index; \ @@ -132,13 +115,23 @@ for examples see get_bits, show_bits, skip_bits, get_vlc # define CLOSE_READER(name, gb) (gb)->index = name##_index # ifdef ALT_BITSTREAM_READER_LE +# ifdef LONG_BITSTREAM_READER +# define UPDATE_CACHE(name, gb) \ + name##_cache = AV_RL64((gb)->buffer+(name##_index>>3)) >> (name##_index&0x07) +# else # define UPDATE_CACHE(name, gb) \ name##_cache = AV_RL32(((const uint8_t *)(gb)->buffer)+(name##_index>>3)) >> (name##_index&0x07) +# endif # define SKIP_CACHE(name, gb, num) name##_cache >>= (num) # else +# ifdef LONG_BITSTREAM_READER +# define UPDATE_CACHE(name, gb) \ + name##_cache = AV_RB64((gb)->buffer+(name##_index >> 3)) >> (32 - (name##_index & 0x07)) +# else # define UPDATE_CACHE(name, gb) \ name##_cache = AV_RB32(((const uint8_t *)(gb)->buffer)+(name##_index>>3)) << (name##_index&0x07) +# endif # define SKIP_CACHE(name, gb, num) name##_cache <<= (num) # endif @@ -174,80 +167,6 @@ static inline void skip_bits_long(GetBitContext *s, int n){ s->index += n; } -#elif defined A32_BITSTREAM_READER - -# define MIN_CACHE_BITS 32 - -# define OPEN_READER(name, gb) \ - int name##_bit_count = (gb)->bit_count; \ - uint32_t name##_cache0 = (gb)->cache0; \ - uint32_t name##_cache1 = (gb)->cache1; \ - uint32_t *name##_buffer_ptr = (gb)->buffer_ptr - -# define CLOSE_READER(name, gb) do { \ - (gb)->bit_count = name##_bit_count; \ - (gb)->cache0 = name##_cache0; \ - (gb)->cache1 = name##_cache1; \ - (gb)->buffer_ptr = name##_buffer_ptr; \ - } while (0) - -# define UPDATE_CACHE(name, gb) do { \ - if(name##_bit_count > 0){ \ - const uint32_t next = av_be2ne32(*name##_buffer_ptr); \ - name##_cache0 |= NEG_USR32(next, name##_bit_count); \ - name##_cache1 |= next << name##_bit_count; \ - name##_buffer_ptr++; \ - name##_bit_count -= 32; \ - } \ - } while (0) - -#if ARCH_X86 -# define SKIP_CACHE(name, gb, num) \ - __asm__("shldl %2, %1, %0 \n\t" \ - "shll %2, %1 \n\t" \ - : "+r" (name##_cache0), "+r" (name##_cache1) \ - : "Ic" ((uint8_t)(num))) -#else -# define SKIP_CACHE(name, gb, num) do { \ - name##_cache0 <<= (num); \ - name##_cache0 |= NEG_USR32(name##_cache1,num); \ - name##_cache1 <<= (num); \ - } while (0) -#endif - -# define SKIP_COUNTER(name, gb, num) name##_bit_count += (num) - -# define SKIP_BITS(name, gb, num) do { \ - SKIP_CACHE(name, gb, num); \ - SKIP_COUNTER(name, gb, num); \ - } while (0) - -# define LAST_SKIP_BITS(name, gb, num) SKIP_BITS(name, gb, num) -# define LAST_SKIP_CACHE(name, gb, num) SKIP_CACHE(name, gb, num) - -# define SHOW_UBITS(name, gb, num) NEG_USR32(name##_cache0, num) - -# define SHOW_SBITS(name, gb, num) NEG_SSR32(name##_cache0, num) - -# define GET_CACHE(name, gb) name##_cache0 - -static inline int get_bits_count(const GetBitContext *s) { - return ((uint8_t*)s->buffer_ptr - s->buffer)*8 - 32 + s->bit_count; -} - -static inline void skip_bits_long(GetBitContext *s, int n){ - OPEN_READER(re, s); - re_bit_count += n; - re_buffer_ptr += re_bit_count>>5; - re_bit_count &= 31; - re_cache0 = av_be2ne32(re_buffer_ptr[-1]) << re_bit_count; - re_cache1 = 0; - UPDATE_CACHE(re, s); - CLOSE_READER(re, s); -} - -#endif - /** * read mpeg1 dc style vlc (sign bit + mantisse with no MSB). * if MSB not set it is negative @@ -309,7 +228,6 @@ static inline void skip_bits(GetBitContext *s, int n){ } static inline unsigned int get_bits1(GetBitContext *s){ -#ifdef ALT_BITSTREAM_READER unsigned int index = s->index; uint8_t result = s->buffer[index>>3]; #ifdef ALT_BITSTREAM_READER_LE @@ -323,9 +241,6 @@ static inline unsigned int get_bits1(GetBitContext *s){ s->index = index; return result; -#else - return get_bits(s, 1); -#endif } static inline unsigned int show_bits1(GetBitContext *s){ @@ -400,13 +315,7 @@ static inline void init_get_bits(GetBitContext *s, s->buffer = buffer; s->size_in_bits = bit_size; s->buffer_end = buffer + buffer_size; -#ifdef ALT_BITSTREAM_READER s->index = 0; -#elif defined A32_BITSTREAM_READER - s->buffer_ptr = (uint32_t*)((intptr_t)buffer & ~3); - s->bit_count = 32 + 8*((intptr_t)buffer & 3); - skip_bits_long(s, 0); -#endif } static inline void align_get_bits(GetBitContext *s) diff --git a/libavcodec/imc.c b/libavcodec/imc.c index 3919797038..d3b8bf5a12 100644 --- a/libavcodec/imc.c +++ b/libavcodec/imc.c @@ -35,7 +35,6 @@ #include #include -#define ALT_BITSTREAM_READER #include "avcodec.h" #include "get_bits.h" #include "dsputil.h" diff --git a/libavcodec/proresdec_lgpl.c b/libavcodec/proresdec_lgpl.c index 84d81ee425..3d44cc2194 100644 --- a/libavcodec/proresdec_lgpl.c +++ b/libavcodec/proresdec_lgpl.c @@ -28,7 +28,7 @@ * @see http://wiki.multimedia.cx/index.php?title=Apple_ProRes */ -#define A32_BITSTREAM_READER // some ProRes vlc codes require up to 28 bits to be read at once +#define LONG_BITSTREAM_READER // some ProRes vlc codes require up to 28 bits to be read at once #include From ea199c707c948db4ba82f532c5192053119e5a41 Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Fri, 16 Dec 2011 21:42:04 +0000 Subject: [PATCH 154/331] get_bits: introduce safe bitreading to prevent overreads. When turned on, H264/CAVLC gets ~15% (CVPCMNL1_SVA_C.264) slower for ultra-high-bitrate files, or ~2.5% (CVFI1_SVA_C.264) for lower-bitrate files. Other codecs are affected to a lesser extent because they are less optimized; e.g., VC-1 slows down by less than 1% (all on x86). The patch generated 3 extra instructions (cmp, cmovae and mov) per call to get_bits(). The performance penalty on ARM is within the error margin for most files, up to 4% in extreme cases such as CVPCMNL1_SVA_C.264. Based on work (for GCI) by Aneesh Dogra , and inspired by patch in Chromium by Chris Evans . (cherry picked from commit 8cfbbd928cc94b4de6ad0a937cb818e999c7d75d) Conflicts: configure Signed-off-by: Michael Niedermayer --- configure | 5 +++++ libavcodec/get_bits.h | 37 ++++++++++++++++++++++++++++++++++++- libavcodec/wmavoice.c | 2 ++ 3 files changed, 43 insertions(+), 1 deletion(-) diff --git a/configure b/configure index 24e469c7e1..dc3797e8b4 100755 --- a/configure +++ b/configure @@ -116,6 +116,9 @@ Configuration options: --disable-vda disable VDA code --enable-runtime-cpudetect detect cpu capabilities at runtime (bigger binary) --enable-hardcoded-tables use hardcoded tables instead of runtime generation + --disable-safe-bitstream-reader + disable buffer boundary checking in bitreaders + (faster, but may crash) --enable-memalign-hack emulate memalign, interferes with memory debuggers --disable-everything disable all components listed below --disable-encoder=NAME disable encoder NAME @@ -1055,6 +1058,7 @@ CONFIG_LIST=" rdft rtpdec runtime_cpudetect + safe_bitstream_reader shared sinewin small @@ -1807,6 +1811,7 @@ enable network enable optimizations enable postproc enable protocols +enable safe_bitstream_reader enable static enable stripping enable swresample diff --git a/libavcodec/get_bits.h b/libavcodec/get_bits.h index a685817f36..0a54008460 100644 --- a/libavcodec/get_bits.h +++ b/libavcodec/get_bits.h @@ -35,12 +35,32 @@ #include "libavutil/log.h" #include "mathops.h" +/* + * Safe bitstream reading: + * optionally, the get_bits API can check to ensure that we + * don't read past input buffer boundaries. This is protected + * with CONFIG_SAFE_BITSTREAM_READER at the global level, and + * then below that with UNCHECKED_BITSTREAM_READER at the per- + * decoder level. This means that decoders that check internally + * can "#define UNCHECKED_BITSTREAM_READER 1" to disable + * overread checks. + * Boundary checking causes a minor performance penalty so for + * applications that won't want/need this, it can be disabled + * globally using "#define CONFIG_SAFE_BITSTREAM_READER 0". + */ +#ifndef UNCHECKED_BITSTREAM_READER +#define UNCHECKED_BITSTREAM_READER !CONFIG_SAFE_BITSTREAM_READER +#endif + /* bit input */ /* buffer, buffer_end and size_in_bits must be present and used by every reader */ typedef struct GetBitContext { const uint8_t *buffer, *buffer_end; int index; int size_in_bits; +#if !UNCHECKED_BITSTREAM_READER + int size_in_bits_plus8; +#endif } GetBitContext; #define VLC_TYPE int16_t @@ -137,7 +157,12 @@ for examples see get_bits, show_bits, skip_bits, get_vlc # endif // FIXME name? +#if UNCHECKED_BITSTREAM_READER # define SKIP_COUNTER(name, gb, num) name##_index += (num) +#else +# define SKIP_COUNTER(name, gb, num) \ + name##_index = FFMIN((gb)->size_in_bits_plus8, name##_index + (num)) +#endif # define SKIP_BITS(name, gb, num) do { \ SKIP_CACHE(name, gb, num); \ @@ -164,7 +189,11 @@ static inline int get_bits_count(const GetBitContext *s){ } static inline void skip_bits_long(GetBitContext *s, int n){ +#if UNCHECKED_BITSTREAM_READER s->index += n; +#else + s->index += av_clip(n, -s->index, s->size_in_bits_plus8 - s->index); +#endif } /** @@ -237,7 +266,10 @@ static inline unsigned int get_bits1(GetBitContext *s){ result <<= index & 7; result >>= 8 - 1; #endif - index++; +#if !UNCHECKED_BITSTREAM_READER + if (s->index < s->size_in_bits_plus8) +#endif + index++; s->index = index; return result; @@ -314,6 +346,9 @@ static inline void init_get_bits(GetBitContext *s, s->buffer = buffer; s->size_in_bits = bit_size; +#if !UNCHECKED_BITSTREAM_READER + s->size_in_bits_plus8 = bit_size + 8; +#endif s->buffer_end = buffer + buffer_size; s->index = 0; } diff --git a/libavcodec/wmavoice.c b/libavcodec/wmavoice.c index 45383b033b..caa9307d77 100644 --- a/libavcodec/wmavoice.c +++ b/libavcodec/wmavoice.c @@ -25,6 +25,8 @@ * @author Ronald S. Bultje */ +#define UNCHECKED_BITSTREAM_READER 1 + #include #include "avcodec.h" #include "get_bits.h" From 36e30d7ab9b81415258cc6f8e22b55e02af36568 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 3 Jan 2012 21:01:08 +0100 Subject: [PATCH 155/331] proresdec2: fix for removed a32 reader Signed-off-by: Michael Niedermayer --- libavcodec/proresdec2.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/proresdec2.c b/libavcodec/proresdec2.c index 10a677d929..03bb109f46 100644 --- a/libavcodec/proresdec2.c +++ b/libavcodec/proresdec2.c @@ -26,7 +26,7 @@ //#define DEBUG -#define A32_BITSTREAM_READER +#define LONG_BITSTREAM_READER #include "avcodec.h" #include "get_bits.h" @@ -333,7 +333,7 @@ static av_always_inline void decode_ac_coeffs(AVCodecContext *avctx, GetBitConte block_mask = blocks_per_slice - 1; for (pos = block_mask;;) { - bits_left = gb->size_in_bits - (((uint8_t*)re_buffer_ptr - gb->buffer)*8 - 32 + re_bit_count); + bits_left = gb->size_in_bits - re_index; if (!bits_left || (bits_left < 32 && !SHOW_UBITS(re, gb, bits_left))) break; From b1933a1e1215170857d657d29a910199e5d17361 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 18 Dec 2011 03:17:44 +0100 Subject: [PATCH 156/331] h264: disable checking reader, overreads are not possible in ffmpegs h264 decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit 38331d2036c3bd1b8f070b1fe351bb4fbfac0c34) Signed-off-by: Michael Niedermayer --- libavcodec/get_bits.h | 4 ---- libavcodec/h264.c | 2 ++ libavcodec/h264_cabac.c | 1 + libavcodec/h264_cavlc.c | 1 + libavcodec/h264_parser.c | 2 ++ 5 files changed, 6 insertions(+), 4 deletions(-) diff --git a/libavcodec/get_bits.h b/libavcodec/get_bits.h index 0a54008460..ba5aa0bc57 100644 --- a/libavcodec/get_bits.h +++ b/libavcodec/get_bits.h @@ -58,9 +58,7 @@ typedef struct GetBitContext { const uint8_t *buffer, *buffer_end; int index; int size_in_bits; -#if !UNCHECKED_BITSTREAM_READER int size_in_bits_plus8; -#endif } GetBitContext; #define VLC_TYPE int16_t @@ -346,9 +344,7 @@ static inline void init_get_bits(GetBitContext *s, s->buffer = buffer; s->size_in_bits = bit_size; -#if !UNCHECKED_BITSTREAM_READER s->size_in_bits_plus8 = bit_size + 8; -#endif s->buffer_end = buffer + buffer_size; s->index = 0; } diff --git a/libavcodec/h264.c b/libavcodec/h264.c index e86a622328..b85c01fdee 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -25,6 +25,8 @@ * @author Michael Niedermayer */ +#define UNCHECKED_BITSTREAM_READER 1 + #include "libavutil/imgutils.h" #include "libavutil/opt.h" #include "internal.h" diff --git a/libavcodec/h264_cabac.c b/libavcodec/h264_cabac.c index 31c2658a6b..f5f9be4a43 100644 --- a/libavcodec/h264_cabac.c +++ b/libavcodec/h264_cabac.c @@ -26,6 +26,7 @@ */ #define CABAC 1 +#define UNCHECKED_BITSTREAM_READER 1 #include "internal.h" #include "dsputil.h" diff --git a/libavcodec/h264_cavlc.c b/libavcodec/h264_cavlc.c index b0dc999132..5cc1fabc13 100644 --- a/libavcodec/h264_cavlc.c +++ b/libavcodec/h264_cavlc.c @@ -26,6 +26,7 @@ */ #define CABAC 0 +#define UNCHECKED_BITSTREAM_READER 1 #include "internal.h" #include "avcodec.h" diff --git a/libavcodec/h264_parser.c b/libavcodec/h264_parser.c index ee766a1f27..9d28cc3707 100644 --- a/libavcodec/h264_parser.c +++ b/libavcodec/h264_parser.c @@ -25,6 +25,8 @@ * @author Michael Niedermayer */ +#define UNCHECKED_BITSTREAM_READER 1 + #include "parser.h" #include "h264data.h" #include "golomb.h" From e8928f7e972fc12fb101f51763cec09f178e7ff3 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 18 Dec 2011 03:19:40 +0100 Subject: [PATCH 157/331] h263: disable slow checked reader, overreads are not possible in ffmpegs h263 decoder Signed-off-by: Michael Niedermayer (cherry picked from commit 8e7776036b11bf54bc8668eda3db1852f92a37fa) Signed-off-by: Michael Niedermayer --- libavcodec/h263dec.c | 2 ++ libavcodec/ituh263dec.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/libavcodec/h263dec.c b/libavcodec/h263dec.c index dfb055b930..830eec0e95 100644 --- a/libavcodec/h263dec.c +++ b/libavcodec/h263dec.c @@ -25,6 +25,8 @@ * H.263 decoder. */ +#define UNCHECKED_BITSTREAM_READER 1 + #include "libavutil/cpu.h" #include "internal.h" #include "avcodec.h" diff --git a/libavcodec/ituh263dec.c b/libavcodec/ituh263dec.c index 69e7ab9c99..21365a673e 100644 --- a/libavcodec/ituh263dec.c +++ b/libavcodec/ituh263dec.c @@ -27,6 +27,8 @@ * h263 decoder. */ +#define UNCHECKED_BITSTREAM_READER 1 + //#define DEBUG #include From 42b69286de901e57dfd38267b17f48587d222ae3 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 18 Dec 2011 03:20:41 +0100 Subject: [PATCH 158/331] mpeg4: disable checked bitstream reader, overreads are not possible. Signed-off-by: Michael Niedermayer (cherry picked from commit 06192e42fd925a2b1c1850a112038180479ddac4) Signed-off-by: Michael Niedermayer --- libavcodec/mpeg4video_parser.c | 2 ++ libavcodec/mpeg4videodec.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/libavcodec/mpeg4video_parser.c b/libavcodec/mpeg4video_parser.c index c331435cc1..5f3b19d5aa 100644 --- a/libavcodec/mpeg4video_parser.c +++ b/libavcodec/mpeg4video_parser.c @@ -20,6 +20,8 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ +#define UNCHECKED_BITSTREAM_READER 1 + #include "parser.h" #include "mpegvideo.h" #include "mpeg4video.h" diff --git a/libavcodec/mpeg4videodec.c b/libavcodec/mpeg4videodec.c index 5394887edf..36c89cd831 100644 --- a/libavcodec/mpeg4videodec.c +++ b/libavcodec/mpeg4videodec.c @@ -20,6 +20,8 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ +#define UNCHECKED_BITSTREAM_READER 1 + #include "libavutil/opt.h" #include "mpegvideo.h" #include "mpeg4video.h" From 9bd47bbcc616129b7b853b876dbe16d5109b6bb1 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 18 Dec 2011 03:24:09 +0100 Subject: [PATCH 159/331] mpeg12: disable checked reader. overreads in mpeg12 are not possible Signed-off-by: Michael Niedermayer (cherry picked from commit 549749c68e7216b7a5714b9019ad20652e970d33) Signed-off-by: Michael Niedermayer --- libavcodec/mpeg12.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/mpeg12.c b/libavcodec/mpeg12.c index fde4e0217e..cd3832fc9a 100644 --- a/libavcodec/mpeg12.c +++ b/libavcodec/mpeg12.c @@ -25,6 +25,8 @@ * MPEG-1/2 decoder */ +#define UNCHECKED_BITSTREAM_READER 1 + //#define DEBUG #include "internal.h" #include "avcodec.h" From 22721b2829f3599ae742fb1cbe2ebedaf50a4875 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 3 Jan 2012 21:05:25 +0100 Subject: [PATCH 160/331] mpegaudiodec: disable unneeded and not working checked reader. Signed-off-by: Michael Niedermayer --- libavcodec/mpegaudiodec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/mpegaudiodec.c b/libavcodec/mpegaudiodec.c index 5cc3c74339..eead3064ec 100644 --- a/libavcodec/mpegaudiodec.c +++ b/libavcodec/mpegaudiodec.c @@ -24,6 +24,8 @@ * MPEG Audio decoder */ +#define UNCHECKED_BITSTREAM_READER 1 + #include "libavutil/audioconvert.h" #include "avcodec.h" #include "get_bits.h" From 6ba87ba6f9f93f7d13820350f92b0c70e1de9749 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Storsj=C3=B6?= Date: Wed, 21 Dec 2011 15:32:39 +0200 Subject: [PATCH 161/331] configure: Show whether the safe bitstream reader is enabled MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Storsjö (cherry picked from commit 9c984b1bd726997ea48a1441a3a84ce97648706d) Signed-off-by: Michael Niedermayer --- configure | 1 + 1 file changed, 1 insertion(+) diff --git a/configure b/configure index dc3797e8b4..23ca4df481 100755 --- a/configure +++ b/configure @@ -3400,6 +3400,7 @@ echo "postprocessing support ${postproc-no}" echo "new filter support ${avfilter-no}" echo "network support ${network-no}" echo "threading support ${thread_type-no}" +echo "safe bitstream reader ${safe_bitstream_reader-no}" echo "SDL support ${sdl-no}" echo "Sun medialib support ${mlib-no}" echo "libdxva2 enabled ${dxva2-no}" From f45a5c60b92271a4cc21d58e6315751307fd90e7 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 21 Dec 2011 18:19:06 +0100 Subject: [PATCH 162/331] mpeg12dec: reset first_field with picture_structure changes. Fixes Ticket809 Bug found by: Oana Stratulat Signed-off-by: Michael Niedermayer (cherry picked from commit a40f6a5c698e314ab8c2770c1230ae0d0bd23a33) Signed-off-by: Michael Niedermayer --- libavcodec/mpeg12.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/mpeg12.c b/libavcodec/mpeg12.c index cd3832fc9a..24900d3233 100644 --- a/libavcodec/mpeg12.c +++ b/libavcodec/mpeg12.c @@ -2032,6 +2032,7 @@ static int mpeg1_decode_sequence(AVCodecContext *avctx, s->progressive_sequence = 1; s->progressive_frame = 1; s->picture_structure = PICT_FRAME; + s->first_field = 0; s->frame_pred_frame_dct = 1; s->chroma_format = 1; s->codec_id = s->avctx->codec_id = CODEC_ID_MPEG1VIDEO; @@ -2091,6 +2092,7 @@ static int vcr2_init_sequence(AVCodecContext *avctx) s->progressive_sequence = 1; s->progressive_frame = 1; s->picture_structure = PICT_FRAME; + s->first_field = 0; s->frame_pred_frame_dct = 1; s->chroma_format = 1; s->codec_id = s->avctx->codec_id = CODEC_ID_MPEG2VIDEO; From 0620b6636e56b451cc0b76c0f42caf0401d009c9 Mon Sep 17 00:00:00 2001 From: Nicolas George Date: Wed, 21 Dec 2011 17:10:02 +0100 Subject: [PATCH 163/331] doc: add a list of errno codes on some systems. (cherry picked from commit 1f797a5826fff7e487d91134fa4c58f54813a466) Signed-off-by: Michael Niedermayer --- doc/errno.txt | 174 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 174 insertions(+) create mode 100644 doc/errno.txt diff --git a/doc/errno.txt b/doc/errno.txt new file mode 100644 index 0000000000..31cab26fc2 --- /dev/null +++ b/doc/errno.txt @@ -0,0 +1,174 @@ +The following table lists most error codes found in various operating +systems supported by FFmpeg. + + OS +Code Std F LBMWwb Text (YMMV) + +E2BIG POSIX ++++++ Argument list too long +EACCES POSIX ++++++ Permission denied +EADDRINUSE POSIX +++..+ Address in use +EADDRNOTAVAIL POSIX +++..+ Cannot assign requested address +EADV +..... Advertise error +EAFNOSUPPORT POSIX +++..+ Address family not supported +EAGAIN POSIX + ++++++ Resource temporarily unavailable +EALREADY POSIX +++..+ Operation already in progress +EAUTH .++... Authentication error +EBADARCH ..+... Bad CPU type in executable +EBADE +..... Invalid exchange +EBADEXEC ..+... Bad executable +EBADF POSIX ++++++ Bad file descriptor +EBADFD +..... File descriptor in bad state +EBADMACHO ..+... Malformed Macho file +EBADMSG POSIX ++4... Bad message +EBADR +..... Invalid request descriptor +EBADRPC .++... RPC struct is bad +EBADRQC +..... Invalid request code +EBADSLT +..... Invalid slot +EBFONT +..... Bad font file format +EBUSY POSIX - ++++++ Device or resource busy +ECANCELED POSIX +++... Operation canceled +ECHILD POSIX ++++++ No child processes +ECHRNG +..... Channel number out of range +ECOMM +..... Communication error on send +ECONNABORTED POSIX +++..+ Software caused connection abort +ECONNREFUSED POSIX - +++ss+ Connection refused +ECONNRESET POSIX +++..+ Connection reset +EDEADLK POSIX ++++++ Resource deadlock avoided +EDEADLOCK +..++. File locking deadlock error +EDESTADDRREQ POSIX +++... Destination address required +EDEVERR ..+... Device error +EDOM C89 - ++++++ Numerical argument out of domain +EDOOFUS .F.... Programming error +EDOTDOT +..... RFS specific error +EDQUOT POSIX +++... Disc quota exceeded +EEXIST POSIX ++++++ File exists +EFAULT POSIX - ++++++ Bad address +EFBIG POSIX - ++++++ File too large +EFTYPE .++... Inappropriate file type or format +EHOSTDOWN +++... Host is down +EHOSTUNREACH POSIX +++..+ No route to host +EHWPOISON +..... Memory page has hardware error +EIDRM POSIX +++... Identifier removed +EILSEQ C99 ++++++ Illegal byte sequence +EINPROGRESS POSIX - +++ss+ Operation in progress +EINTR POSIX - ++++++ Interrupted system call +EINVAL POSIX + ++++++ Invalid argument +EIO POSIX + ++++++ I/O error +EISCONN POSIX +++..+ Socket is already connected +EISDIR POSIX ++++++ Is a directory +EISNAM +..... Is a named type file +EKEYEXPIRED +..... Key has expired +EKEYREJECTED +..... Key was rejected by service +EKEYREVOKED +..... Key has been revoked +EL2HLT +..... Level 2 halted +EL2NSYNC +..... Level 2 not synchronized +EL3HLT +..... Level 3 halted +EL3RST +..... Level 3 reset +ELIBACC +..... Can not access a needed shared library +ELIBBAD +..... Accessing a corrupted shared library +ELIBEXEC +..... Cannot exec a shared library directly +ELIBMAX +..... Too many shared libraries +ELIBSCN +..... .lib section in a.out corrupted +ELNRNG +..... Link number out of range +ELOOP POSIX +++..+ Too many levels of symbolic links +EMEDIUMTYPE +..... Wrong medium type +EMFILE POSIX ++++++ Too many open files +EMLINK POSIX ++++++ Too many links +EMSGSIZE POSIX +++..+ Message too long +EMULTIHOP POSIX ++4... Multihop attempted +ENAMETOOLONG POSIX - ++++++ Filen ame too long +ENAVAIL +..... No XENIX semaphores available +ENEEDAUTH .++... Need authenticator +ENETDOWN POSIX +++..+ Network is down +ENETRESET SUSv3 +++..+ Network dropped connection on reset +ENETUNREACH POSIX +++..+ Network unreachable +ENFILE POSIX ++++++ Too many open files in system +ENOANO +..... No anode +ENOATTR .++... Attribute not found +ENOBUFS POSIX - +++..+ No buffer space available +ENOCSI +..... No CSI structure available +ENODATA XSR +N4... No message available +ENODEV POSIX - ++++++ No such device +ENOENT POSIX - ++++++ No such file or directory +ENOEXEC POSIX ++++++ Exec format error +ENOFILE ...++. No such file or directory +ENOKEY +..... Required key not available +ENOLCK POSIX ++++++ No locks available +ENOLINK POSIX ++4... Link has been severed +ENOMEDIUM +..... No medium found +ENOMEM POSIX ++++++ Not enough space +ENOMSG POSIX +++..+ No message of desired type +ENONET +..... Machine is not on the network +ENOPKG +..... Package not installed +ENOPROTOOPT POSIX +++..+ Protocol not available +ENOSPC POSIX ++++++ No space left on device +ENOSR XSR +N4... No STREAM resources +ENOSTR XSR +N4... Not a STREAM +ENOSYS POSIX + ++++++ Function not implemented +ENOTBLK +++... Block device required +ENOTCONN POSIX +++..+ Socket is not connected +ENOTDIR POSIX ++++++ Not a directory +ENOTEMPTY POSIX ++++++ Directory not empty +ENOTNAM +..... Not a XENIX named type file +ENOTRECOVERABLE SUSv4 - +..... State not recoverable +ENOTSOCK POSIX +++..+ Socket operation on non-socket +ENOTSUP POSIX +++... Operation not supported +ENOTTY POSIX ++++++ Inappropriate I/O control operation +ENOTUNIQ +..... Name not unique on network +ENXIO POSIX ++++++ No such device or address +EOPNOTSUPP POSIX +++..+ Operation not supported (on socket) +EOVERFLOW POSIX +++..+ Value too large to be stored in data type +EOWNERDEAD SUSv4 +..... Owner died +EPERM POSIX - ++++++ Operation not permitted +EPFNOSUPPORT +++..+ Protocol family not supported +EPIPE POSIX - ++++++ Broken pipe +EPROCLIM .++... Too many processes +EPROCUNAVAIL .++... Bad procedure for program +EPROGMISMATCH .++... Program version wrong +EPROGUNAVAIL .++... RPC prog. not avail +EPROTO POSIX ++4... Protocol error +EPROTONOSUPPORT POSIX - +++ss+ Protocol not supported +EPROTOTYPE POSIX +++..+ Protocol wrong type for socket +EPWROFF ..+... Device power is off +ERANGE C89 - ++++++ Result too large +EREMCHG +..... Remote address changed +EREMOTE +++... Object is remote +EREMOTEIO +..... Remote I/O error +ERESTART +..... Interrupted system call should be restarted +ERFKILL +..... Operation not possible due to RF-kill +EROFS POSIX ++++++ Read-only file system +ERPCMISMATCH .++... RPC version wrong +ESHLIBVERS ..+... Shared library version mismatch +ESHUTDOWN +++..+ Cannot send after socket shutdown +ESOCKTNOSUPPORT +++... Socket type not supported +ESPIPE POSIX ++++++ Illegal seek +ESRCH POSIX ++++++ No such process +ESRMNT +..... Srmount error +ESTALE POSIX +++..+ Stale NFS file handle +ESTRPIPE +..... Streams pipe error +ETIME XSR +N4... Stream ioctl timeout +ETIMEDOUT POSIX - +++ss+ Connection timed out +ETOOMANYREFS +++... Too many references: cannot splice +ETXTBSY POSIX +++... Text file busy +EUCLEAN +..... Structure needs cleaning +EUNATCH +..... Protocol driver not attached +EUSERS +++... Too many users +EWOULDBLOCK POSIX +++..+ Operation would block +EXDEV POSIX ++++++ Cross-device link +EXFULL +..... Exchange full + +Notations: + +F: used in FFmpeg (-: a few times, +: a lot) + +SUSv3: Single Unix Specification, version 3 +SUSv4: Single Unix Specification, version 4 +XSR: XSI STREAMS (obsolete) + +OS: availability on some supported operating systems +L: GNU/Linux +B: BSD (F: FreeBSD, N: NetBSD) +M: MacOS X +W: Microsoft Windows (s: emulated with winsock, see libavformat/network.h) +w: Mingw32 (3.17) and Mingw64 (2.0.1) +b: BeOS From c21440637e189a3c8f12670927e4a7b8158be7d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Storsj=C3=B6?= Date: Thu, 15 Dec 2011 16:11:49 +0200 Subject: [PATCH 164/331] libavcodec: Define a side data type for new extradata MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Storsjö (cherry picked from commit 195c123cc87bb46efbadb48b2f756ae49bdb6774) Conflicts: libavcodec/version.h Signed-off-by: Michael Niedermayer --- libavcodec/avcodec.h | 1 + libavcodec/version.h | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/avcodec.h b/libavcodec/avcodec.h index 84b5e21fb3..795149ce36 100644 --- a/libavcodec/avcodec.h +++ b/libavcodec/avcodec.h @@ -876,6 +876,7 @@ typedef struct AVPanScan{ enum AVPacketSideDataType { AV_PKT_DATA_PALETTE, + AV_PKT_DATA_NEW_EXTRADATA, }; typedef struct AVPacket { diff --git a/libavcodec/version.h b/libavcodec/version.h index 0e2c58e852..069d844e43 100644 --- a/libavcodec/version.h +++ b/libavcodec/version.h @@ -22,7 +22,7 @@ #define LIBAVCODEC_VERSION_MAJOR 53 #define LIBAVCODEC_VERSION_MINOR 42 -#define LIBAVCODEC_VERSION_MICRO 0 +#define LIBAVCODEC_VERSION_MICRO 1 #define LIBAVCODEC_VERSION_INT AV_VERSION_INT(LIBAVCODEC_VERSION_MAJOR, \ LIBAVCODEC_VERSION_MINOR, \ From dfdb3ca34175482887dc0480a445b880d331c6c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Storsj=C3=B6?= Date: Thu, 15 Dec 2011 18:30:03 +0200 Subject: [PATCH 165/331] libavcodec: Define a side data type for parameter changes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Also define a codec capability for codecs that can handle parameters changed externally between decoded packets. Signed-off-by: Martin Storsjö (cherry picked from commit fe75dc8583b65612f3a94144ee090e741dc926d5) Conflicts: libavcodec/avcodec.h libavcodec/version.h Signed-off-by: Michael Niedermayer --- libavcodec/avcodec.h | 26 ++++++++++++++++++++++++++ libavcodec/version.h | 2 +- 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/libavcodec/avcodec.h b/libavcodec/avcodec.h index 795149ce36..c40a23ec2f 100644 --- a/libavcodec/avcodec.h +++ b/libavcodec/avcodec.h @@ -790,6 +790,10 @@ typedef struct RcOverride{ * Codec supports slice-based (or partition-based) multithreading. */ #define CODEC_CAP_SLICE_THREADS 0x2000 +/** + * Codec supports changed parameters at any point. + */ +#define CODEC_CAP_PARAM_CHANGE 0x4000 /** * Codec is lossless. */ @@ -877,6 +881,7 @@ typedef struct AVPanScan{ enum AVPacketSideDataType { AV_PKT_DATA_PALETTE, AV_PKT_DATA_NEW_EXTRADATA, + AV_PKT_DATA_PARAM_CHANGE, }; typedef struct AVPacket { @@ -945,6 +950,27 @@ typedef struct AVPacket { #define AV_PKT_FLAG_KEY 0x0001 ///< The packet contains a keyframe #define AV_PKT_FLAG_CORRUPT 0x0002 ///< The packet content is corrupted +/** + * An AV_PKT_DATA_PARAM_CHANGE side data packet is laid out as follows: + * u32le param_flags + * if (param_flags & AV_SIDE_DATA_PARAM_CHANGE_CHANNEL_COUNT) + * s32le channel_count + * if (param_flags & AV_SIDE_DATA_PARAM_CHANGE_CHANNEL_LAYOUT) + * u64le channel_layout + * if (param_flags & AV_SIDE_DATA_PARAM_CHANGE_SAMPLE_RATE) + * s32le sample_rate + * if (param_flags & AV_SIDE_DATA_PARAM_CHANGE_DIMENSIONS) + * s32le width + * s32le height + */ + +enum AVSideDataParamChangeFlags { + AV_SIDE_DATA_PARAM_CHANGE_CHANNEL_COUNT = 0x0001, + AV_SIDE_DATA_PARAM_CHANGE_CHANNEL_LAYOUT = 0x0002, + AV_SIDE_DATA_PARAM_CHANGE_SAMPLE_RATE = 0x0004, + AV_SIDE_DATA_PARAM_CHANGE_DIMENSIONS = 0x0008, +}; + /** * Audio Video Frame. * New fields can be added to the end of AVFRAME with minor version diff --git a/libavcodec/version.h b/libavcodec/version.h index 069d844e43..b088456e6f 100644 --- a/libavcodec/version.h +++ b/libavcodec/version.h @@ -22,7 +22,7 @@ #define LIBAVCODEC_VERSION_MAJOR 53 #define LIBAVCODEC_VERSION_MINOR 42 -#define LIBAVCODEC_VERSION_MICRO 1 +#define LIBAVCODEC_VERSION_MICRO 2 #define LIBAVCODEC_VERSION_INT AV_VERSION_INT(LIBAVCODEC_VERSION_MAJOR, \ LIBAVCODEC_VERSION_MINOR, \ From a25c7081abac3a92c0fc348f449a9244d866aacd Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Wed, 21 Dec 2011 18:13:06 -0500 Subject: [PATCH 166/331] truespeech: fix invalid reads in truespeech_apply_twopoint_filter() fixes Bug 171 (cherry picked from commit f264d336fe61c12ce9607c3060aa5d3dca947c61) Signed-off-by: Michael Niedermayer --- libavcodec/truespeech.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/truespeech.c b/libavcodec/truespeech.c index bb4ce6f219..9bbbf5172e 100644 --- a/libavcodec/truespeech.c +++ b/libavcodec/truespeech.c @@ -179,6 +179,7 @@ static void truespeech_apply_twopoint_filter(TSContext *dec, int quart) for(i = 0; i < 146; i++) tmp[i] = dec->filtbuf[i]; off = (t / 25) + dec->offset1[quart >> 1] + 18; + off = av_clip(off, 0, 145); ptr0 = tmp + 145 - off; ptr1 = tmp + 146; filter = (const int16_t*)ts_order2_coeffs + (t % 25) * 2; From 1c930fe91544a4aae009a4c4b8d638c6a1aee9f4 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 21 Dec 2011 21:06:05 +0100 Subject: [PATCH 167/331] proresdec: Check yuv slice data sizes. Fixes overread Fixes Ticket812 Bug found by: Oana Stratulat Signed-off-by: Michael Niedermayer (cherry picked from commit 2b73cddd40bdfd7e3c21b2fe8cbfca0277d1f786) Signed-off-by: Michael Niedermayer --- libavcodec/proresdec2.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/proresdec2.c b/libavcodec/proresdec2.c index 03bb109f46..2d4ff04df9 100644 --- a/libavcodec/proresdec2.c +++ b/libavcodec/proresdec2.c @@ -443,7 +443,8 @@ static int decode_slice_thread(AVCodecContext *avctx, void *arg, int jobnr, int v_data_size = slice->data_size - y_data_size - u_data_size - hdr_size; if (hdr_size > 7) v_data_size = AV_RB16(buf + 6); - if (y_data_size < 0 || u_data_size < 0 || v_data_size < 0) { + if (y_data_size < 0 || u_data_size < 0 || v_data_size < 0 + || hdr_size+y_data_size+u_data_size+v_data_size > slice->data_size){ av_log(avctx, AV_LOG_ERROR, "invalid plane data size\n"); return -1; } From 532731369a0036e6d3016f6c901a8f8a5a8640dd Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 21 Dec 2011 22:02:01 +0100 Subject: [PATCH 168/331] ipmovie: fix FPE Fixed Ticket807 Bug found by: Oana Stratulat Signed-off-by: Michael Niedermayer (cherry picked from commit 8d960fbc70d5d7b6cd62db22712a8d5c2c5e26bf) Signed-off-by: Michael Niedermayer --- libavformat/ipmovie.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/ipmovie.c b/libavformat/ipmovie.c index 9b42ee2948..24dc24bec8 100644 --- a/libavformat/ipmovie.c +++ b/libavformat/ipmovie.c @@ -115,7 +115,7 @@ static int load_ipmovie_packet(IPMVEContext *s, AVIOContext *pb, int chunk_type; - if (s->audio_chunk_offset) { + if (s->audio_chunk_offset && s->audio_channels && s->audio_bits) { /* adjust for PCM audio by skipping chunk header */ if (s->audio_type != CODEC_ID_INTERPLAY_DPCM) { From 8dce2dd9cc06a28ff46a27aeeb2913cb5ae8fa19 Mon Sep 17 00:00:00 2001 From: Paul B Mahol Date: Mon, 19 Dec 2011 00:16:11 +0000 Subject: [PATCH 169/331] lavf: Add SMJPEG demuxer. Signed-off-by: Paul B Mahol Signed-off-by: Michael Niedermayer (cherry picked from commit a4209ad6313b8b40fed2bfc7e3865cf54d4c1022) Conflicts: Changelog doc/general.texi libavformat/version.h Signed-off-by: Michael Niedermayer --- Changelog | 1 + doc/general.texi | 1 + libavformat/Makefile | 1 + libavformat/allformats.c | 1 + libavformat/smjpeg.c | 183 +++++++++++++++++++++++++++++++++++++++ libavformat/version.h | 2 +- 6 files changed, 188 insertions(+), 1 deletion(-) create mode 100644 libavformat/smjpeg.c diff --git a/Changelog b/Changelog index 2699bcea74..8fd519c978 100644 --- a/Changelog +++ b/Changelog @@ -3,6 +3,7 @@ releases are sorted from youngest to oldest. version 0.9: +- SMJPEG demuxer - openal input device added - boxblur filter added - BWF muxer diff --git a/doc/general.texi b/doc/general.texi index d2bcd53f10..a8769d7472 100644 --- a/doc/general.texi +++ b/doc/general.texi @@ -316,6 +316,7 @@ library: @tab Used in Sierra CD-ROM games. @item Smacker @tab @tab X @tab Multimedia format used by many games. +@item SMJPEG @tab @tab X @item Sony OpenMG (OMA) @tab @tab X @tab Audio format used in Sony Sonic Stage and Sony Vegas. @item Sony PlayStation STR @tab @tab X diff --git a/libavformat/Makefile b/libavformat/Makefile index ca66a39677..0500b61258 100644 --- a/libavformat/Makefile +++ b/libavformat/Makefile @@ -287,6 +287,7 @@ OBJS-$(CONFIG_SEGMENT_MUXER) += segment.o OBJS-$(CONFIG_SHORTEN_DEMUXER) += rawdec.o OBJS-$(CONFIG_SIFF_DEMUXER) += siff.o OBJS-$(CONFIG_SMACKER_DEMUXER) += smacker.o +OBJS-$(CONFIG_SMJPEG_DEMUXER) += smjpeg.o OBJS-$(CONFIG_SOL_DEMUXER) += sol.o pcm.o OBJS-$(CONFIG_SOX_DEMUXER) += soxdec.o pcm.o OBJS-$(CONFIG_SOX_MUXER) += soxenc.o diff --git a/libavformat/allformats.c b/libavformat/allformats.c index 9593bd5a08..27de11679a 100644 --- a/libavformat/allformats.c +++ b/libavformat/allformats.c @@ -211,6 +211,7 @@ void av_register_all(void) REGISTER_DEMUXER (SHORTEN, shorten); REGISTER_DEMUXER (SIFF, siff); REGISTER_DEMUXER (SMACKER, smacker); + REGISTER_DEMUXER (SMJPEG, smjpeg); REGISTER_DEMUXER (SOL, sol); REGISTER_MUXDEMUX (SOX, sox); REGISTER_MUXDEMUX (SPDIF, spdif); diff --git a/libavformat/smjpeg.c b/libavformat/smjpeg.c new file mode 100644 index 0000000000..86cdc46570 --- /dev/null +++ b/libavformat/smjpeg.c @@ -0,0 +1,183 @@ +/* + * SMJPEG demuxer + * Copyright (c) 2011 Paul B Mahol + * + * This file is part of FFmpeg. + * + * FFmpeg is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * FFmpeg is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with FFmpeg; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +/** + * @file + * This is a demuxer for Loki SDL MJPEG files + */ + +#include "avformat.h" +#include "internal.h" +#include "riff.h" + +static const AVCodecTag codec_smjpeg_tags[] = { + { CODEC_ID_ADPCM_IMA_SMJPEG, MKTAG('A', 'P', 'C', 'M') }, + { CODEC_ID_PCM_S16LE, MKTAG('N', 'O', 'N', 'E') }, + { CODEC_ID_MJPEG, MKTAG('J', 'F', 'I', 'F') }, + { CODEC_ID_NONE, 0 }, +}; + +typedef struct SMJPEGContext { + int audio_stream_index; + int video_stream_index; +} SMJPEGContext; + +static int smjpeg_probe(AVProbeData *p) +{ + if (!memcmp(p->buf, "\x0\xaSMJPEG", 8)) + return AVPROBE_SCORE_MAX; + return 0; +} + +static int smjpeg_read_header(AVFormatContext *s, AVFormatParameters *ap) +{ + SMJPEGContext *sc = s->priv_data; + AVStream *ast = NULL, *vst = NULL; + AVIOContext *pb = s->pb; + uint32_t version, htype, hlength, duration; + char *comment; + + avio_skip(pb, 8); // magic + version = avio_rb32(pb); + if (version) { + av_log_ask_for_sample(s, "unknown version %d\n", version); + } + duration = avio_rb32(pb); // in msec + + while (!pb->eof_reached) { + htype = avio_rl32(pb); + switch (htype) { + case MKTAG('_', 'T', 'X', 'T'): + hlength = avio_rb32(pb); + if (!hlength || hlength > 512) + return AVERROR_INVALIDDATA; + comment = av_malloc(hlength + 1); + if (!comment) + return AVERROR(ENOMEM); + if (avio_read(pb, comment, hlength) != hlength) { + av_freep(&comment); + av_log(s, AV_LOG_ERROR, "error when reading comment\n"); + return AVERROR_INVALIDDATA; + } + comment[hlength] = 0; + av_dict_set(&s->metadata, "comment", comment, + AV_DICT_DONT_STRDUP_VAL); + break; + case MKTAG('_', 'S', 'N', 'D'): + if (ast) { + av_log_ask_for_sample(s, "multiple audio streams not supported\n"); + return AVERROR_INVALIDDATA; + } + hlength = avio_rb32(pb); + if (hlength < 8) + return AVERROR_INVALIDDATA; + ast = avformat_new_stream(s, 0); + if (!ast) + return AVERROR(ENOMEM); + ast->codec->codec_type = AVMEDIA_TYPE_AUDIO; + ast->codec->sample_rate = avio_rb16(pb); + ast->codec->bits_per_coded_sample = avio_r8(pb); + ast->codec->channels = avio_r8(pb); + ast->codec->codec_tag = avio_rl32(pb); + ast->codec->codec_id = ff_codec_get_id(codec_smjpeg_tags, + ast->codec->codec_tag); + ast->duration = duration; + sc->audio_stream_index = ast->index; + avpriv_set_pts_info(ast, 32, 1, 1000); + avio_skip(pb, hlength - 8); + break; + case MKTAG('_', 'V', 'I', 'D'): + if (vst) { + av_log_ask_for_sample(s, "multiple video streams not supported\n"); + return AVERROR_INVALIDDATA; + } + hlength = avio_rb32(pb); + if (hlength < 12) + return AVERROR_INVALIDDATA; + avio_skip(pb, 4); // number of frames + vst = avformat_new_stream(s, 0); + if (!vst) + return AVERROR(ENOMEM); + vst->codec->codec_type = AVMEDIA_TYPE_VIDEO; + vst->codec->width = avio_rb16(pb); + vst->codec->height = avio_rb16(pb); + vst->codec->codec_tag = avio_rl32(pb); + vst->codec->codec_id = ff_codec_get_id(codec_smjpeg_tags, + vst->codec->codec_tag); + vst->duration = duration; + sc->video_stream_index = vst->index; + avpriv_set_pts_info(vst, 32, 1, 1000); + avio_skip(pb, hlength - 12); + break; + case MKTAG('H', 'E', 'N', 'D'): + return 0; + default: + av_log(s, AV_LOG_ERROR, "unknown header %x\n", htype); + return AVERROR_INVALIDDATA; + } + } + + return AVERROR_EOF; +} + +static int smjpeg_read_packet(AVFormatContext *s, AVPacket *pkt) +{ + SMJPEGContext *sc = s->priv_data; + uint32_t dtype, ret, size, timestamp; + + if (s->pb->eof_reached) + return AVERROR_EOF; + dtype = avio_rl32(s->pb); + switch (dtype) { + case MKTAG('s', 'n', 'd', 'D'): + timestamp = avio_rb32(s->pb); + size = avio_rb32(s->pb); + ret = av_get_packet(s->pb, pkt, size); + pkt->stream_index = sc->audio_stream_index; + pkt->pts = timestamp; + break; + case MKTAG('v', 'i', 'd', 'D'): + timestamp = avio_rb32(s->pb); + size = avio_rb32(s->pb); + ret = av_get_packet(s->pb, pkt, size); + pkt->stream_index = sc->video_stream_index; + pkt->pts = timestamp; + break; + case MKTAG('D', 'O', 'N', 'E'): + ret = AVERROR_EOF; + break; + default: + av_log(s, AV_LOG_ERROR, "unknown chunk %x\n", dtype); + ret = AVERROR_INVALIDDATA; + break; + } + return ret; +} + +AVInputFormat ff_smjpeg_demuxer = { + .name = "smjpeg", + .long_name = NULL_IF_CONFIG_SMALL("Loki SDL MJPEG"), + .priv_data_size = sizeof(SMJPEGContext), + .read_probe = smjpeg_probe, + .read_header = smjpeg_read_header, + .read_packet = smjpeg_read_packet, + .extensions = "mjpg", +}; diff --git a/libavformat/version.h b/libavformat/version.h index c2b5e0156d..e7fc89da22 100644 --- a/libavformat/version.h +++ b/libavformat/version.h @@ -31,7 +31,7 @@ #define LIBAVFORMAT_VERSION_MAJOR 53 #define LIBAVFORMAT_VERSION_MINOR 24 -#define LIBAVFORMAT_VERSION_MICRO 1 +#define LIBAVFORMAT_VERSION_MICRO 2 #define LIBAVFORMAT_VERSION_INT AV_VERSION_INT(LIBAVFORMAT_VERSION_MAJOR, \ LIBAVFORMAT_VERSION_MINOR, \ From 9665ccda10c5292409c9edbab33eba790a4c8170 Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Wed, 21 Dec 2011 16:09:11 -0500 Subject: [PATCH 170/331] ra144enc: zero the reflection coeffs if the filter is unstable fixes use of uninitialized values if the filter is still unstable after using the previous frame lpc coefficients. (cherry picked from commit 9a3f10695a011861dcf5a649e3e72580b1a4eed4) Signed-off-by: Michael Niedermayer --- libavcodec/ra144enc.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavcodec/ra144enc.c b/libavcodec/ra144enc.c index 19fe06c840..2436bac147 100644 --- a/libavcodec/ra144enc.c +++ b/libavcodec/ra144enc.c @@ -477,7 +477,10 @@ static int ra144_encode_frame(AVCodecContext *avctx, uint8_t *frame, * The filter is unstable: use the coefficients of the previous frame. */ ff_int_to_int16(block_coefs[NBLOCKS - 1], ractx->lpc_coef[1]); - ff_eval_refl(lpc_refl, block_coefs[NBLOCKS - 1], avctx); + if (ff_eval_refl(lpc_refl, block_coefs[NBLOCKS - 1], avctx)) { + /* the filter is still unstable. set reflection coeffs to zero. */ + memset(lpc_refl, 0, sizeof(lpc_refl)); + } } init_put_bits(&pb, frame, buf_size); for (i = 0; i < LPC_ORDER; i++) { From 4f94de84e88fecf8797abf830e4fdc9f13ac01dd Mon Sep 17 00:00:00 2001 From: Janne Grunau Date: Wed, 21 Dec 2011 13:07:54 +0100 Subject: [PATCH 171/331] pthreads: reset active_thread_type when slice thread_init returrns early (cherry picked from commit f77f640b3035d357a6c6ffcea243c7ea0d8ebc67) Signed-off-by: Michael Niedermayer --- libavcodec/pthread.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavcodec/pthread.c b/libavcodec/pthread.c index 2154163c10..0399ea7901 100644 --- a/libavcodec/pthread.c +++ b/libavcodec/pthread.c @@ -239,8 +239,10 @@ static int thread_init(AVCodecContext *avctx) ThreadContext *c; int thread_count = avctx->thread_count; - if (thread_count <= 1) + if (thread_count <= 1) { + avctx->active_thread_type = 0; return 0; + } c = av_mallocz(sizeof(ThreadContext)); if (!c) From 89cf156acea89a12eec91c90f296db8b0434b9c0 Mon Sep 17 00:00:00 2001 From: Paul B Mahol Date: Wed, 21 Dec 2011 19:27:53 +0000 Subject: [PATCH 172/331] adpcm: fix IMA SMJPEG decoding Signed-off-by: Janne Grunau (cherry picked from commit 01a01bf8bdafab1c81c3039850aba042b247626f) Signed-off-by: Michael Niedermayer --- libavcodec/adpcm.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/libavcodec/adpcm.c b/libavcodec/adpcm.c index e7657945dd..688fba430c 100644 --- a/libavcodec/adpcm.c +++ b/libavcodec/adpcm.c @@ -1007,11 +1007,15 @@ static int adpcm_decode_frame(AVCodecContext *avctx, void *data, break; case CODEC_ID_ADPCM_IMA_AMV: case CODEC_ID_ADPCM_IMA_SMJPEG: - c->status[0].predictor = (int16_t)bytestream_get_le16(&src); - c->status[0].step_index = bytestream_get_le16(&src); - - if (avctx->codec->id == CODEC_ID_ADPCM_IMA_AMV) - src+=4; + if (avctx->codec->id == CODEC_ID_ADPCM_IMA_AMV) { + c->status[0].predictor = sign_extend(bytestream_get_le16(&src), 16); + c->status[0].step_index = bytestream_get_le16(&src); + src += 4; + } else { + c->status[0].predictor = sign_extend(bytestream_get_be16(&src), 16); + c->status[0].step_index = bytestream_get_byte(&src); + src += 1; + } for (n = nb_samples >> (1 - st); n > 0; n--, src++) { char hi, lo; From a644934b8004000771b970a9d05b996c012e2dad Mon Sep 17 00:00:00 2001 From: Gaurav Narula Date: Mon, 12 Dec 2011 20:24:54 +0530 Subject: [PATCH 173/331] kvmc: fix invalid reads Signed-off-by: Janne Grunau (cherry picked from commit ad3161ec1d70291efcf40121d703ef73c0b08e5b) Signed-off-by: Michael Niedermayer --- libavcodec/kmvc.c | 82 ++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 66 insertions(+), 16 deletions(-) diff --git a/libavcodec/kmvc.c b/libavcodec/kmvc.c index 8663c9524a..19f9677649 100644 --- a/libavcodec/kmvc.c +++ b/libavcodec/kmvc.c @@ -57,17 +57,21 @@ typedef struct BitBuf { #define kmvc_init_getbits(bb, src) bb.bits = 7; bb.bitbuf = *src++; -#define kmvc_getbit(bb, src, res) {\ +#define kmvc_getbit(bb, src, src_end, res) {\ res = 0; \ if (bb.bitbuf & (1 << bb.bits)) res = 1; \ bb.bits--; \ if(bb.bits == -1) { \ + if (src >= src_end) { \ + av_log(ctx->avctx, AV_LOG_ERROR, "Data overrun\n"); \ + return AVERROR_INVALIDDATA; \ + } \ bb.bitbuf = *src++; \ bb.bits = 7; \ } \ } -static void kmvc_decode_intra_8x8(KmvcContext * ctx, const uint8_t * src, int w, int h) +static int kmvc_decode_intra_8x8(KmvcContext * ctx, const uint8_t * src, int src_size, int w, int h) { BitBuf bb; int res, val; @@ -75,13 +79,18 @@ static void kmvc_decode_intra_8x8(KmvcContext * ctx, const uint8_t * src, int w, int bx, by; int l0x, l1x, l0y, l1y; int mx, my; + const uint8_t *src_end = src + src_size; kmvc_init_getbits(bb, src); for (by = 0; by < h; by += 8) for (bx = 0; bx < w; bx += 8) { - kmvc_getbit(bb, src, res); + kmvc_getbit(bb, src, src_end, res); if (!res) { // fill whole 8x8 block + if (src >= src_end) { + av_log(ctx->avctx, AV_LOG_ERROR, "Data overrun\n"); + return AVERROR_INVALIDDATA; + } val = *src++; for (i = 0; i < 64; i++) BLK(ctx->cur, bx + (i & 0x7), by + (i >> 3)) = val; @@ -89,14 +98,22 @@ static void kmvc_decode_intra_8x8(KmvcContext * ctx, const uint8_t * src, int w, for (i = 0; i < 4; i++) { l0x = bx + (i & 1) * 4; l0y = by + (i & 2) * 2; - kmvc_getbit(bb, src, res); + kmvc_getbit(bb, src, src_end, res); if (!res) { - kmvc_getbit(bb, src, res); + kmvc_getbit(bb, src, src_end, res); if (!res) { // fill whole 4x4 block + if (src >= src_end) { + av_log(ctx->avctx, AV_LOG_ERROR, "Data overrun\n"); + return AVERROR_INVALIDDATA; + } val = *src++; for (j = 0; j < 16; j++) BLK(ctx->cur, l0x + (j & 3), l0y + (j >> 2)) = val; } else { // copy block from already decoded place + if (src >= src_end) { + av_log(ctx->avctx, AV_LOG_ERROR, "Data overrun\n"); + return AVERROR_INVALIDDATA; + } val = *src++; mx = val & 0xF; my = val >> 4; @@ -108,16 +125,24 @@ static void kmvc_decode_intra_8x8(KmvcContext * ctx, const uint8_t * src, int w, for (j = 0; j < 4; j++) { l1x = l0x + (j & 1) * 2; l1y = l0y + (j & 2); - kmvc_getbit(bb, src, res); + kmvc_getbit(bb, src, src_end, res); if (!res) { - kmvc_getbit(bb, src, res); + kmvc_getbit(bb, src, src_end, res); if (!res) { // fill whole 2x2 block + if (src >= src_end) { + av_log(ctx->avctx, AV_LOG_ERROR, "Data overrun\n"); + return AVERROR_INVALIDDATA; + } val = *src++; BLK(ctx->cur, l1x, l1y) = val; BLK(ctx->cur, l1x + 1, l1y) = val; BLK(ctx->cur, l1x, l1y + 1) = val; BLK(ctx->cur, l1x + 1, l1y + 1) = val; } else { // copy block from already decoded place + if (src >= src_end) { + av_log(ctx->avctx, AV_LOG_ERROR, "Data overrun\n"); + return AVERROR_INVALIDDATA; + } val = *src++; mx = val & 0xF; my = val >> 4; @@ -140,9 +165,11 @@ static void kmvc_decode_intra_8x8(KmvcContext * ctx, const uint8_t * src, int w, } } } + + return 0; } -static void kmvc_decode_inter_8x8(KmvcContext * ctx, const uint8_t * src, int w, int h) +static int kmvc_decode_inter_8x8(KmvcContext * ctx, const uint8_t * src, int src_size, int w, int h) { BitBuf bb; int res, val; @@ -150,15 +177,20 @@ static void kmvc_decode_inter_8x8(KmvcContext * ctx, const uint8_t * src, int w, int bx, by; int l0x, l1x, l0y, l1y; int mx, my; + const uint8_t *src_end = src + src_size; kmvc_init_getbits(bb, src); for (by = 0; by < h; by += 8) for (bx = 0; bx < w; bx += 8) { - kmvc_getbit(bb, src, res); + kmvc_getbit(bb, src, src_end, res); if (!res) { - kmvc_getbit(bb, src, res); + kmvc_getbit(bb, src, src_end, res); if (!res) { // fill whole 8x8 block + if (src >= src_end) { + av_log(ctx->avctx, AV_LOG_ERROR, "Data overrun\n"); + return AVERROR_INVALIDDATA; + } val = *src++; for (i = 0; i < 64; i++) BLK(ctx->cur, bx + (i & 0x7), by + (i >> 3)) = val; @@ -171,14 +203,22 @@ static void kmvc_decode_inter_8x8(KmvcContext * ctx, const uint8_t * src, int w, for (i = 0; i < 4; i++) { l0x = bx + (i & 1) * 4; l0y = by + (i & 2) * 2; - kmvc_getbit(bb, src, res); + kmvc_getbit(bb, src, src_end, res); if (!res) { - kmvc_getbit(bb, src, res); + kmvc_getbit(bb, src, src_end, res); if (!res) { // fill whole 4x4 block + if (src >= src_end) { + av_log(ctx->avctx, AV_LOG_ERROR, "Data overrun\n"); + return AVERROR_INVALIDDATA; + } val = *src++; for (j = 0; j < 16; j++) BLK(ctx->cur, l0x + (j & 3), l0y + (j >> 2)) = val; } else { // copy block + if (src >= src_end) { + av_log(ctx->avctx, AV_LOG_ERROR, "Data overrun\n"); + return AVERROR_INVALIDDATA; + } val = *src++; mx = (val & 0xF) - 8; my = (val >> 4) - 8; @@ -190,16 +230,24 @@ static void kmvc_decode_inter_8x8(KmvcContext * ctx, const uint8_t * src, int w, for (j = 0; j < 4; j++) { l1x = l0x + (j & 1) * 2; l1y = l0y + (j & 2); - kmvc_getbit(bb, src, res); + kmvc_getbit(bb, src, src_end, res); if (!res) { - kmvc_getbit(bb, src, res); + kmvc_getbit(bb, src, src_end, res); if (!res) { // fill whole 2x2 block + if (src >= src_end) { + av_log(ctx->avctx, AV_LOG_ERROR, "Data overrun\n"); + return AVERROR_INVALIDDATA; + } val = *src++; BLK(ctx->cur, l1x, l1y) = val; BLK(ctx->cur, l1x + 1, l1y) = val; BLK(ctx->cur, l1x, l1y + 1) = val; BLK(ctx->cur, l1x + 1, l1y + 1) = val; } else { // copy block + if (src >= src_end) { + av_log(ctx->avctx, AV_LOG_ERROR, "Data overrun\n"); + return AVERROR_INVALIDDATA; + } val = *src++; mx = (val & 0xF) - 8; my = (val >> 4) - 8; @@ -222,6 +270,8 @@ static void kmvc_decode_inter_8x8(KmvcContext * ctx, const uint8_t * src, int w, } } } + + return 0; } static int decode_frame(AVCodecContext * avctx, void *data, int *data_size, AVPacket *avpkt) @@ -299,10 +349,10 @@ static int decode_frame(AVCodecContext * avctx, void *data, int *data_size, AVPa memcpy(ctx->cur, ctx->prev, 320 * 200); break; case 3: - kmvc_decode_intra_8x8(ctx, buf, avctx->width, avctx->height); + kmvc_decode_intra_8x8(ctx, buf, buf_size, avctx->width, avctx->height); break; case 4: - kmvc_decode_inter_8x8(ctx, buf, avctx->width, avctx->height); + kmvc_decode_inter_8x8(ctx, buf, buf_size, avctx->width, avctx->height); break; default: av_log(avctx, AV_LOG_ERROR, "Unknown compression method %i\n", header & KMVC_METHOD); From 857d64a58cf2998d330d6bfb3d51b62c38d09ab1 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 23 Dec 2011 00:18:36 +0100 Subject: [PATCH 174/331] fifo: Make writes atomic. Prior to this a X bytes write could be seen as less than X bytes being available if the check was done at an unfortunate moment. Signed-off-by: Michael Niedermayer (cherry picked from commit 9eb0d8bab1c475edf73c36146d1c3d31ea47f997) Signed-off-by: Michael Niedermayer --- libavutil/fifo.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/libavutil/fifo.c b/libavutil/fifo.c index 3ebd5f9b20..d1d9ba8003 100644 --- a/libavutil/fifo.c +++ b/libavutil/fifo.c @@ -83,22 +83,27 @@ int av_fifo_realloc2(AVFifoBuffer *f, unsigned int new_size) int av_fifo_generic_write(AVFifoBuffer *f, void *src, int size, int (*func)(void*, void*, int)) { int total = size; + uint32_t wndx= f->wndx; + uint8_t *wptr= f->wptr; + do { - int len = FFMIN(f->end - f->wptr, size); + int len = FFMIN(f->end - wptr, size); if (func) { - if (func(src, f->wptr, len) <= 0) + if (func(src, wptr, len) <= 0) break; } else { - memcpy(f->wptr, src, len); + memcpy(wptr, src, len); src = (uint8_t*)src + len; } // Write memory barrier needed for SMP here in theory - f->wptr += len; - if (f->wptr >= f->end) - f->wptr = f->buffer; - f->wndx += len; + wptr += len; + if (wptr >= f->end) + wptr = f->buffer; + wndx += len; size -= len; } while (size > 0); + f->wndx= wndx; + f->wptr= wptr; return total - size; } From 12d0e44bdbe1421d828db7a84cbedeb6f2eb8f6b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 23 Dec 2011 01:41:15 +0100 Subject: [PATCH 175/331] udp: return circular buffer error if such error happened. Signed-off-by: Michael Niedermayer (cherry picked from commit 3dcbafc777513621e423c2f23b1725559230383d) Signed-off-by: Michael Niedermayer --- libavformat/udp.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/udp.c b/libavformat/udp.c index a0d127c614..5eb6cd1f86 100644 --- a/libavformat/udp.c +++ b/libavformat/udp.c @@ -556,6 +556,8 @@ static int udp_read(URLContext *h, uint8_t *buf, int size) av_fifo_generic_read(s->fifo, buf, avail, NULL); av_fifo_drain(s->fifo, AV_RL32(tmp) - avail); return avail; + } else if(s->circular_buffer_error){ + return s->circular_buffer_error; } else { FD_ZERO(&rfds); From 3710f0b9edd7cf69a83ed00d2e33630b7188187f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 23 Dec 2011 01:17:18 +0100 Subject: [PATCH 176/331] udp: Replace double select() by select+mutex+cond. When no data was available both the buffer thread as well as the main thread would block in select(), when data becomes available both should move forward and as data is read in the buffer thread the main thread would block in select() later the read data was put in the fifo but the main thread still would be blocked in select() until either the timeout or another packet would come in. This is solved in this commit by using a mutex and a condition variable Signed-off-by: Michael Niedermayer (cherry picked from commit bc900501e0e2002e40d2d0c87b5a98b913b2d1a2) Signed-off-by: Michael Niedermayer --- libavformat/udp.c | 41 +++++++++++++++++++++++++++-------------- 1 file changed, 27 insertions(+), 14 deletions(-) diff --git a/libavformat/udp.c b/libavformat/udp.c index 5eb6cd1f86..040cf90fa3 100644 --- a/libavformat/udp.c +++ b/libavformat/udp.c @@ -69,6 +69,8 @@ typedef struct { int circular_buffer_error; #if HAVE_PTHREADS pthread_t circular_buffer_thread; + pthread_mutex_t mutex; + pthread_cond_t cond; #endif uint8_t tmp[UDP_MAX_PKT_SIZE+4]; int remaining_in_dg; @@ -317,6 +319,7 @@ static int udp_get_file_handle(URLContext *h) return s->udp_fd; } +#if HAVE_PTHREADS static void *circular_buffer_task( void *_URLContext) { URLContext *h = _URLContext; @@ -331,7 +334,7 @@ static void *circular_buffer_task( void *_URLContext) if (ff_check_interrupt(&h->interrupt_callback)) { s->circular_buffer_error = EINTR; - return NULL; + goto end; } FD_ZERO(&rfds); @@ -343,7 +346,7 @@ static void *circular_buffer_task( void *_URLContext) if (ff_neterrno() == AVERROR(EINTR)) continue; s->circular_buffer_error = EIO; - return NULL; + goto end; } if (!(ret > 0 && FD_ISSET(s->udp_fd, &rfds))) @@ -357,23 +360,31 @@ static void *circular_buffer_task( void *_URLContext) if(left < UDP_MAX_PKT_SIZE + 4) { av_log(h, AV_LOG_ERROR, "circular_buffer: OVERRUN\n"); s->circular_buffer_error = EIO; - return NULL; + goto end; } left = FFMIN(left, s->fifo->end - s->fifo->wptr); len = recv(s->udp_fd, s->tmp+4, sizeof(s->tmp)-4, 0); if (len < 0) { if (ff_neterrno() != AVERROR(EAGAIN) && ff_neterrno() != AVERROR(EINTR)) { s->circular_buffer_error = EIO; - return NULL; + goto end; } continue; } AV_WL32(s->tmp, len); + pthread_mutex_lock(&s->mutex); av_fifo_generic_write(s->fifo, s->tmp, len+4, NULL); + pthread_cond_signal(&s->cond); + pthread_mutex_unlock(&s->mutex); } +end: + pthread_mutex_lock(&s->mutex); + pthread_cond_signal(&s->cond); + pthread_mutex_unlock(&s->mutex); return NULL; } +#endif /* put it in UDP context */ /* return non zero if error */ @@ -516,6 +527,8 @@ static int udp_open(URLContext *h, const char *uri, int flags) if (!is_output && s->circular_buffer_size) { /* start the task going */ s->fifo = av_fifo_alloc(s->circular_buffer_size); + pthread_mutex_init(&s->mutex, NULL); + pthread_cond_init(&s->cond, NULL); if (pthread_create(&s->circular_buffer_thread, NULL, circular_buffer_task, h)) { av_log(h, AV_LOG_ERROR, "pthread_create failed\n"); goto fail; @@ -536,15 +549,15 @@ static int udp_read(URLContext *h, uint8_t *buf, int size) UDPContext *s = h->priv_data; int ret; int avail; - fd_set rfds; - struct timeval tv; +#if HAVE_PTHREADS if (s->fifo) { - + pthread_mutex_lock(&s->mutex); do { avail = av_fifo_size(s->fifo); if (avail) { // >=size) { uint8_t tmp[4]; + pthread_mutex_unlock(&s->mutex); av_fifo_generic_read(s->fifo, tmp, 4, NULL); avail= AV_RL32(tmp); @@ -557,19 +570,15 @@ static int udp_read(URLContext *h, uint8_t *buf, int size) av_fifo_drain(s->fifo, AV_RL32(tmp) - avail); return avail; } else if(s->circular_buffer_error){ + pthread_mutex_unlock(&s->mutex); return s->circular_buffer_error; } else { - FD_ZERO(&rfds); - FD_SET(s->udp_fd, &rfds); - tv.tv_sec = 1; - tv.tv_usec = 0; - ret = select(s->udp_fd + 1, &rfds, NULL, NULL, &tv); - if (ret<0) - return ret; + pthread_cond_wait(&s->cond, &s->mutex); } } while( 1); } +#endif if (!(h->flags & AVIO_FLAG_NONBLOCK)) { ret = ff_network_wait_fd(s->udp_fd, 0); @@ -610,6 +619,10 @@ static int udp_close(URLContext *h) udp_leave_multicast_group(s->udp_fd, (struct sockaddr *)&s->dest_addr); closesocket(s->udp_fd); av_fifo_free(s->fifo); +#if HAVE_PTHREADS + pthread_mutex_destroy(&s->mutex); + pthread_cond_destroy(&s->cond); +#endif return 0; } From 33636442e2f44c2dcffd4331085ae7de93f0abe0 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 23 Dec 2011 01:51:47 +0100 Subject: [PATCH 177/331] udp: support non blocking reads with fifo Signed-off-by: Michael Niedermayer (cherry picked from commit 9f50dafe9025555f11e66e3b09cf3db2cd53cfb2) Signed-off-by: Michael Niedermayer --- libavformat/udp.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/udp.c b/libavformat/udp.c index 040cf90fa3..b9ebf4153a 100644 --- a/libavformat/udp.c +++ b/libavformat/udp.c @@ -572,6 +572,9 @@ static int udp_read(URLContext *h, uint8_t *buf, int size) } else if(s->circular_buffer_error){ pthread_mutex_unlock(&s->mutex); return s->circular_buffer_error; + } else if(h->flags & AVIO_FLAG_NONBLOCK) { + pthread_mutex_unlock(&s->mutex); + return AVERROR(EAGAIN); } else { pthread_cond_wait(&s->cond, &s->mutex); From 4a4e4b8139acf30bf57a8d5ad2fda2d68f6ad55f Mon Sep 17 00:00:00 2001 From: Sergey Radionov Date: Fri, 23 Dec 2011 10:37:48 +0700 Subject: [PATCH 178/331] w32thread: call ResetEvent() in pthread_cond_broadcast(). Also add "volatile" to broadcast flag (since it is used from multiple threads). Signed-off-by: Ronald S. Bultje (cherry picked from commit 01eb9805f37835e20501134ae26e379140fe3239) Signed-off-by: Michael Niedermayer --- libavcodec/w32pthreads.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/w32pthreads.h b/libavcodec/w32pthreads.h index 3cdbc2c343..70b84cf2e1 100644 --- a/libavcodec/w32pthreads.h +++ b/libavcodec/w32pthreads.h @@ -120,7 +120,7 @@ typedef struct { volatile int waiter_count; HANDLE semaphore; HANDLE waiters_done; - int is_broadcast; + volatile int is_broadcast; } win32_cond_t; static void pthread_cond_init(pthread_cond_t *cond, const void *unused_attr) @@ -187,6 +187,7 @@ static void pthread_cond_broadcast(pthread_cond_t *cond) ReleaseSemaphore(win32_cond->semaphore, win32_cond->waiter_count, NULL); pthread_mutex_unlock(&win32_cond->mtx_waiter_count); WaitForSingleObject(win32_cond->waiters_done, INFINITE); + ResetEvent(win32_cond->waiters_done); win32_cond->is_broadcast = 0; } else pthread_mutex_unlock(&win32_cond->mtx_waiter_count); From ed0dc01a47898e9d8ff0df7ae21d64ab81d6a8f4 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 23 Dec 2011 05:58:32 +0100 Subject: [PATCH 179/331] h264: Decode short VUI without error Fixes 47j9R7PXBep.mov Signed-off-by: Michael Niedermayer (cherry picked from commit ae7a6441df26b5dd921af95677ec5e6dd35dc970) Signed-off-by: Michael Niedermayer --- libavcodec/h264_ps.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/h264_ps.c b/libavcodec/h264_ps.c index f87957673d..5c21d80265 100644 --- a/libavcodec/h264_ps.c +++ b/libavcodec/h264_ps.c @@ -229,7 +229,8 @@ static inline int decode_vui_parameters(H264Context *h, SPS *sps){ if(sps->nal_hrd_parameters_present_flag || sps->vcl_hrd_parameters_present_flag) get_bits1(&s->gb); /* low_delay_hrd_flag */ sps->pic_struct_present_flag = get_bits1(&s->gb); - + if(!get_bits_left(&s->gb)) + return 0; sps->bitstream_restriction_flag = get_bits1(&s->gb); if(sps->bitstream_restriction_flag){ get_bits1(&s->gb); /* motion_vectors_over_pic_boundaries_flag */ From 3aa89662ce8895fd9dd15461e6a74f1efe8699b7 Mon Sep 17 00:00:00 2001 From: Alexander Strange Date: Mon, 12 Dec 2011 18:13:39 -0500 Subject: [PATCH 180/331] h264: Fix a possible overread in decode_nal_units() Signed-off-by: Anton Khirnov (cherry picked from commit bc6a3bd4a544608211f006e2d2868cbed4e1fde6) Signed-off-by: Michael Niedermayer --- libavcodec/h264.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index b85c01fdee..310635f9a8 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -3803,7 +3803,7 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size){ int err; if(buf_index >= next_avc) { - if(buf_index >= buf_size) break; + if (buf_index >= buf_size - h->nal_length_size) break; nalsize = 0; for(i = 0; i < h->nal_length_size; i++) nalsize = (nalsize << 8) | buf[buf_index++]; From a5546736bd8311cb04a9121b9500e2d3252bf487 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Fri, 23 Dec 2011 11:38:37 +0100 Subject: [PATCH 181/331] Fix a possible endless loop when decoding aac. Fixes ticket #789. (cherry picked from commit e5de9289232c5b14572fa13e2435f9adb0b0f1ec) Signed-off-by: Michael Niedermayer --- libavcodec/aacdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/aacdec.c b/libavcodec/aacdec.c index 2b2ae8a80d..806e1b52ea 100644 --- a/libavcodec/aacdec.c +++ b/libavcodec/aacdec.c @@ -819,10 +819,10 @@ static int decode_band_types(AACContext *ac, enum BandType band_type[120], av_log(ac->avctx, AV_LOG_ERROR, "invalid band type\n"); return -1; } - while ((sect_len_incr = get_bits(gb, bits)) == (1 << bits) - 1) + while ((sect_len_incr = get_bits(gb, bits)) == (1 << bits) - 1 && get_bits_left(gb) >= bits) sect_end += sect_len_incr; sect_end += sect_len_incr; - if (get_bits_left(gb) < 0) { + if (get_bits_left(gb) < 0 || sect_len_incr == (1 << bits) - 1) { av_log(ac->avctx, AV_LOG_ERROR, overread_err); return -1; } From 340fee05f0b752e58809f9579e96cd70cb9c0c7f Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Fri, 23 Dec 2011 11:39:41 +0100 Subject: [PATCH 182/331] Release buffers after encoding svq1. Fixes ticket #820. (cherry picked from commit 8e88145d0b43a4572c1c13431c4f7ba644547c80) Signed-off-by: Michael Niedermayer --- libavcodec/svq1enc.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/svq1enc.c b/libavcodec/svq1enc.c index 9e6111a3c9..feceaee6e8 100644 --- a/libavcodec/svq1enc.c +++ b/libavcodec/svq1enc.c @@ -563,6 +563,10 @@ static av_cold int svq1_encode_end(AVCodecContext *avctx) av_freep(&s->motion_val8[i]); av_freep(&s->motion_val16[i]); } + if(s->current_picture.data[0]) + avctx->release_buffer(avctx, &s->current_picture); + if(s->last_picture.data[0]) + avctx->release_buffer(avctx, &s->last_picture); return 0; } From a9de82ac17e8f09155e9c513766d48de65bbb2e8 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 23 Dec 2011 23:59:10 +0100 Subject: [PATCH 183/331] avio: fix handling of , in urls Fixes Ticket805 Signed-off-by: Michael Niedermayer (cherry picked from commit ad9e0ed170234bc6c5660f96752777965081163e) Signed-off-by: Michael Niedermayer --- libavformat/avio.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/avio.c b/libavformat/avio.c index efe1c26683..67005e3eca 100644 --- a/libavformat/avio.c +++ b/libavformat/avio.c @@ -145,10 +145,11 @@ static int url_alloc_for_protocol (URLContext **puc, struct URLProtocol *up, if (up->priv_data_size) { uc->priv_data = av_mallocz(up->priv_data_size); if (up->priv_data_class) { + int proto_len= strlen(up->name); char *start = strchr(uc->filename, ','); *(const AVClass**)uc->priv_data = up->priv_data_class; av_opt_set_defaults(uc->priv_data); - if(start){ + if(!strncmp(up->name, uc->filename, proto_len) && uc->filename + proto_len == start){ int ret= 0; char *p= start; char sep= *++p; From f21771260b852391ae93fcd44778870efac66139 Mon Sep 17 00:00:00 2001 From: Jean First Date: Thu, 22 Dec 2011 22:26:21 +0100 Subject: [PATCH 184/331] libopenjpeg: support decoding with bits per pixel greater than 8 Signed-off-by: Michael Niedermayer Approved-by: Alex Zhukov (cherry picked from commit 0d4a77472ad8a4d194e93379a992f66c33fbf144) Signed-off-by: Michael Niedermayer --- libavcodec/libopenjpegdec.c | 32 +++++++++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/libavcodec/libopenjpegdec.c b/libavcodec/libopenjpegdec.c index ca3ef5f842..6344ad0c74 100644 --- a/libavcodec/libopenjpegdec.c +++ b/libavcodec/libopenjpegdec.c @@ -54,7 +54,7 @@ static enum PixelFormat check_image_attributes(AVCodecContext *avctx, opj_image_ case 0111111: goto libopenjpeg_yuv444_rgb; case 0112121: goto libopenjpeg_yuv422; case 0112222: goto libopenjpeg_yuv420; - default: return PIX_FMT_RGB24; + default: goto libopenjpeg_rgb; } libopenjpeg_yuv420: @@ -80,6 +80,13 @@ libopenjpeg_yuv444_rgb: case 10: return PIX_FMT_YUV444P10; case 16: return PIX_FMT_YUV444P16; } + +libopenjpeg_rgb: + switch (c0.prec) { + case 8: return PIX_FMT_RGB24; + default: return PIX_FMT_RGB48; + } + return PIX_FMT_RGB24; } @@ -107,6 +114,24 @@ static inline void libopenjpeg_copy_to_packed8(AVFrame *picture, opj_image_t *im } } +static inline void libopenjpeg_copy_to_packed16(AVFrame *picture, opj_image_t *image) { + uint16_t *img_ptr; + int index, x, y, c; + int adjust[4]; + for (x = 0; x < image->numcomps; x++) { + adjust[x] = FFMAX(FFMIN(16 - image->comps[x].prec, 8), 0); + } + for (y = 0; y < picture->height; y++) { + index = y*picture->width; + img_ptr = (uint16_t*) (picture->data[0] + y*picture->linesize[0]); + for (x = 0; x < picture->width; x++, index++) { + for (c = 0; c < image->numcomps; c++) { + *img_ptr++ = image->comps[c].data[index] << adjust[c]; + } + } + } +} + static inline void libopenjpeg_copyto8(AVFrame *picture, opj_image_t *image) { int *comp_data; uint8_t *img_ptr; @@ -275,6 +300,11 @@ static int libopenjpeg_decode_frame(AVCodecContext *avctx, libopenjpeg_copy_to_packed8(picture, image); } break; + case 6: + if (ispacked) { + libopenjpeg_copy_to_packed16(picture, image); + } + break; default: av_log(avctx, AV_LOG_ERROR, "unsupported pixel size %d\n", pixel_size); goto done; From 7dbdf02abc20d646a6d77868e4a1af3a278cb471 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 24 Dec 2011 03:55:58 +0100 Subject: [PATCH 185/331] lzo: fix memcpy_backptr() with 0 offset Signed-off-by: Michael Niedermayer (cherry picked from commit 58c41799ab6b52df86b6afe23304f34b62741326) Signed-off-by: Michael Niedermayer --- libavutil/lzo.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavutil/lzo.c b/libavutil/lzo.c index b3c69cf0c5..0b9d2e42ba 100644 --- a/libavutil/lzo.c +++ b/libavutil/lzo.c @@ -137,7 +137,7 @@ static inline void memcpy_backptr(uint8_t *dst, int back, int cnt) { const uint8_t *src = &dst[-back]; if (back == 1) { memset(dst, *src, cnt); - } else { + } else if(back>0) { #ifdef OUTBUF_PADDED COPY2(dst, src); COPY2(dst + 2, src + 2); From 897088d604dac06d5d2e826b92a766da44103a41 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 24 Dec 2011 04:59:25 +0100 Subject: [PATCH 186/331] j2kdec: fix division by zero, check tile dimensions for validity Signed-off-by: Michael Niedermayer (cherry picked from commit 628c9dcca3fb3f46f960f0df8236591653c6e512) Signed-off-by: Michael Niedermayer --- libavcodec/j2kdec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/j2kdec.c b/libavcodec/j2kdec.c index 1f4acc53fd..a8c0c52c25 100644 --- a/libavcodec/j2kdec.c +++ b/libavcodec/j2kdec.c @@ -220,6 +220,9 @@ static int get_siz(J2kDecoderContext *s) s->tile_offset_y = bytestream_get_be32(&s->buf); // YT0Siz s->ncomponents = bytestream_get_be16(&s->buf); // CSiz + if(s->tile_width<=0 || s->tile_height<=0) + return AVERROR(EINVAL); + if (s->buf_end - s->buf < 2 * s->ncomponents) return AVERROR(EINVAL); From f41e935225d457add56fb8adfd0995373366bc78 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 24 Dec 2011 05:03:04 +0100 Subject: [PATCH 187/331] j2kdec: Check for interger overflow in tile array allocation Signed-off-by: Michael Niedermayer (cherry picked from commit 3132999fdb57d8d3ba5e08a4dc1b3661e885c04d) Signed-off-by: Michael Niedermayer --- libavcodec/j2kdec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/j2kdec.c b/libavcodec/j2kdec.c index a8c0c52c25..c8dabc0bde 100644 --- a/libavcodec/j2kdec.c +++ b/libavcodec/j2kdec.c @@ -238,6 +238,9 @@ static int get_siz(J2kDecoderContext *s) s->numXtiles = ff_j2k_ceildiv(s->width - s->tile_offset_x, s->tile_width); s->numYtiles = ff_j2k_ceildiv(s->height - s->tile_offset_y, s->tile_height); + if(s->numXtiles * (uint64_t)s->numYtiles > INT_MAX/sizeof(J2kTile)) + return AVERROR(EINVAL); + s->tile = av_mallocz(s->numXtiles * s->numYtiles * sizeof(J2kTile)); if (!s->tile) return AVERROR(ENOMEM); From 5e3389b7427639597acb970c5cb65d3f8ddb7211 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 24 Dec 2011 05:06:20 +0100 Subject: [PATCH 188/331] j2kdec: Check curtileno for validity Signed-off-by: Michael Niedermayer (cherry picked from commit 3eedf9f716733b3b4c5205726d2c1ca52b3d3d78) Signed-off-by: Michael Niedermayer --- libavcodec/j2kdec.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/j2kdec.c b/libavcodec/j2kdec.c index c8dabc0bde..4e11030cb8 100644 --- a/libavcodec/j2kdec.c +++ b/libavcodec/j2kdec.c @@ -427,6 +427,10 @@ static uint8_t get_sot(J2kDecoderContext *s) return AVERROR(EINVAL); s->curtileno = bytestream_get_be16(&s->buf); ///< Isot + if((unsigned)s->curtileno >= s->numXtiles * s->numYtiles){ + s->curtileno=0; + return AVERROR(EINVAL); + } s->buf += 4; ///< Psot (ignored) From 3073564a974caa90d2594695df946c30a6b1790b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 24 Dec 2011 06:17:12 +0100 Subject: [PATCH 189/331] j2kdec: Fix crash in get_qcx Signed-off-by: Michael Niedermayer (cherry picked from commit 282bb02839b1ce73963c8e3ee46804f1ade8b12a) Signed-off-by: Michael Niedermayer --- libavcodec/j2kdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/j2kdec.c b/libavcodec/j2kdec.c index 4e11030cb8..e35c97d860 100644 --- a/libavcodec/j2kdec.c +++ b/libavcodec/j2kdec.c @@ -365,7 +365,7 @@ static int get_qcx(J2kDecoderContext *s, int n, J2kQuantStyle *q) if (q->quantsty == J2K_QSTY_NONE){ n -= 3; - if (s->buf_end - s->buf < n) + if (s->buf_end - s->buf < n || 32*3 < n) return AVERROR(EINVAL); for (i = 0; i < n; i++) q->expn[i] = bytestream_get_byte(&s->buf) >> 3; @@ -382,7 +382,7 @@ static int get_qcx(J2kDecoderContext *s, int n, J2kQuantStyle *q) } } else{ n = (n - 3) >> 1; - if (s->buf_end - s->buf < n) + if (s->buf_end - s->buf < n || 32*3 < n) return AVERROR(EINVAL); for (i = 0; i < n; i++){ x = bytestream_get_be16(&s->buf); From adf0c1c70c1de311235e2120aaf80f4a23e583ff Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 24 Dec 2011 19:57:18 +0100 Subject: [PATCH 190/331] rpl: Fix near infinite loop in index reading due to missing eof check. Signed-off-by: Michael Niedermayer (cherry picked from commit 43abef9fde0cf87153cc9031cad61f75b02cfa01) Signed-off-by: Michael Niedermayer --- libavformat/rpl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavformat/rpl.c b/libavformat/rpl.c index 9816cb7c30..7100331d5a 100644 --- a/libavformat/rpl.c +++ b/libavformat/rpl.c @@ -58,7 +58,7 @@ static int read_line(AVIOContext * pb, char* line, int bufsize) break; if (b == '\n') { line[i] = '\0'; - return 0; + return url_feof(pb) ? -1 : 0; } line[i] = b; } @@ -252,7 +252,7 @@ static int rpl_read_header(AVFormatContext *s, AVFormatParameters *ap) // Read the index avio_seek(pb, chunk_catalog_offset, SEEK_SET); total_audio_size = 0; - for (i = 0; i < number_of_chunks; i++) { + for (i = 0; !error && i < number_of_chunks; i++) { int64_t offset, video_size, audio_size; error |= read_line(pb, line, sizeof(line)); if (3 != sscanf(line, "%"PRId64" , %"PRId64" ; %"PRId64, From f69045793d93c7b6d793ef1742c0a008fec41e89 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 24 Dec 2011 20:27:54 +0100 Subject: [PATCH 191/331] mpeg4videodec: Fix division by zero in mpeg4_decode_sprite_trajectory() Signed-off-by: Michael Niedermayer (cherry picked from commit fc5c49ab3247533e0a5cb203cf7122143389eb5c) Signed-off-by: Michael Niedermayer --- libavcodec/mpeg4videodec.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/libavcodec/mpeg4videodec.c b/libavcodec/mpeg4videodec.c index 36c89cd831..88874b46b4 100644 --- a/libavcodec/mpeg4videodec.c +++ b/libavcodec/mpeg4videodec.c @@ -160,7 +160,7 @@ static inline int mpeg4_is_resync(MpegEncContext *s){ return 0; } -static void mpeg4_decode_sprite_trajectory(MpegEncContext * s, GetBitContext *gb) +static int mpeg4_decode_sprite_trajectory(MpegEncContext * s, GetBitContext *gb) { int i; int a= 2<sprite_warping_accuracy; @@ -176,6 +176,9 @@ static void mpeg4_decode_sprite_trajectory(MpegEncContext * s, GetBitContext *gb int h= s->height; int min_ab; + if(w<=0 || h<=0) + return -1; + for(i=0; inum_sprite_warping_points; i++){ int length; int x=0, y=0; @@ -348,6 +351,7 @@ static void mpeg4_decode_sprite_trajectory(MpegEncContext * s, GetBitContext *gb } s->real_sprite_warping_points= s->num_sprite_warping_points; } + return 0; } /** @@ -411,7 +415,8 @@ int mpeg4_decode_video_packet_header(MpegEncContext *s) skip_bits(&s->gb, 3); /* intra dc vlc threshold */ //FIXME don't just ignore everything if(s->pict_type == AV_PICTURE_TYPE_S && s->vol_sprite_usage==GMC_SPRITE){ - mpeg4_decode_sprite_trajectory(s, &s->gb); + if(mpeg4_decode_sprite_trajectory(s, &s->gb) < 0) + return -1; av_log(s->avctx, AV_LOG_ERROR, "untested\n"); } @@ -2051,7 +2056,8 @@ static int decode_vop_header(MpegEncContext *s, GetBitContext *gb){ } if(s->pict_type == AV_PICTURE_TYPE_S && (s->vol_sprite_usage==STATIC_SPRITE || s->vol_sprite_usage==GMC_SPRITE)){ - mpeg4_decode_sprite_trajectory(s, gb); + if(mpeg4_decode_sprite_trajectory(s, gb) < 0) + return -1; if(s->sprite_brightness_change) av_log(s->avctx, AV_LOG_ERROR, "sprite_brightness_change not supported\n"); if(s->vol_sprite_usage==STATIC_SPRITE) av_log(s->avctx, AV_LOG_ERROR, "static sprite not supported\n"); } From a1666ae8f053cee554718ee77d030e0415427360 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 24 Dec 2011 21:26:52 +0100 Subject: [PATCH 192/331] rmdec: Avoid allocating huge packets Signed-off-by: Michael Niedermayer (cherry picked from commit 66f71f3b5e2e7b6e5049bd9831c371e16aff8a53) Signed-off-by: Michael Niedermayer --- libavformat/rmdec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c index 5b9bfb869a..75240236e8 100644 --- a/libavformat/rmdec.c +++ b/libavformat/rmdec.c @@ -24,6 +24,7 @@ #include "libavutil/dict.h" #include "avformat.h" #include "internal.h" +#include "avio_internal.h" #include "riff.h" #include "rm.h" @@ -612,6 +613,7 @@ static int rm_assemble_video_frame(AVFormatContext *s, AVIOContext *pb, } if(type != 1){ // not whole frame len2 = get_num(pb, &len); + len2 = ffio_limit(pb, len2); pos = get_num(pb, &len); pic_num = avio_r8(pb); len--; } From 6210d62c5fa17c318432cdc66edaaac730aca734 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 24 Dec 2011 22:03:59 +0100 Subject: [PATCH 193/331] vmdav: check that theres enough space for a chunk remaining. Signed-off-by: Michael Niedermayer (cherry picked from commit 2278ecc434d390bccd32a083a12ab964a6b7b0ce) Signed-off-by: Michael Niedermayer --- libavcodec/vmdav.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/vmdav.c b/libavcodec/vmdav.c index ec7c967f74..7006f61f2b 100644 --- a/libavcodec/vmdav.c +++ b/libavcodec/vmdav.c @@ -618,7 +618,7 @@ static int vmdaudio_decode_frame(AVCodecContext *avctx, void *data, /* decode audio chunks */ if (audio_chunks > 0) { buf_end = buf + buf_size; - while (buf < buf_end) { + while ( buf_end - buf >= s->chunk_size) { if (s->out_bps == 2) { decode_audio_s16(output_samples_s16, buf, s->chunk_size, avctx->channels); From 462ecdb9bbfce62b37101d67d1a8d5e9e3d8fc00 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 24 Dec 2011 22:06:25 +0100 Subject: [PATCH 194/331] sierravmd: limit packetsize to the amount that could be read. Fixes huge allocations. Signed-off-by: Michael Niedermayer (cherry picked from commit 47c4713a23d271eedd2eb2c02daa70cb0ea4e0ac) Signed-off-by: Michael Niedermayer --- libavformat/sierravmd.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/sierravmd.c b/libavformat/sierravmd.c index faf97b2d6a..f614e51b5c 100644 --- a/libavformat/sierravmd.c +++ b/libavformat/sierravmd.c @@ -30,6 +30,7 @@ #include "libavutil/intreadwrite.h" #include "avformat.h" #include "internal.h" +#include "avio_internal.h" #define VMD_HEADER_SIZE 0x0330 #define BYTES_PER_FRAME_RECORD 16 @@ -246,6 +247,8 @@ static int vmd_read_packet(AVFormatContext *s, /* position the stream (will probably be there already) */ avio_seek(pb, frame->frame_offset, SEEK_SET); + if(ffio_limit(pb, frame->frame_size) != frame->frame_size) + return AVERROR(EIO); if (av_new_packet(pkt, frame->frame_size + BYTES_PER_FRAME_RECORD)) return AVERROR(ENOMEM); pkt->pos= avio_tell(pb); From 42476635baea4fa41dfbabee56318aaf92f40f7e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 24 Dec 2011 23:21:40 +0100 Subject: [PATCH 195/331] asfdec: fix endless loop on EOF Signed-off-by: Michael Niedermayer (cherry picked from commit 0d4404ed65e6ebfdf5e3c09f9e3a2a41dde18e4a) Signed-off-by: Michael Niedermayer --- libavformat/asfdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c index 0bb210bcd6..6386e96377 100644 --- a/libavformat/asfdec.c +++ b/libavformat/asfdec.c @@ -765,7 +765,7 @@ static int ff_asf_get_packet(AVFormatContext *s, AVIOContext *pb) c= avio_r8(pb); d= avio_r8(pb); rsize+=3; - }else{ + }else if(!url_feof(pb)){ avio_seek(pb, -1, SEEK_CUR); //FIXME } From 49db3600059010bbe284b8a2ed215eb561f01118 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 25 Dec 2011 00:10:27 +0100 Subject: [PATCH 196/331] ws_snd1: Fix wrong samples count and crash. Signed-off-by: Michael Niedermayer (cherry picked from commit 5257743aee0c3982f0079e6553aabc6aa39401d2) Signed-off-by: Michael Niedermayer --- libavcodec/ws-snd1.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/ws-snd1.c b/libavcodec/ws-snd1.c index b7e28f5e56..2cb8bb44a6 100644 --- a/libavcodec/ws-snd1.c +++ b/libavcodec/ws-snd1.c @@ -112,8 +112,8 @@ static int ws_snd_decode_frame(AVCodecContext *avctx, void *data, /* make sure we don't write past the output buffer */ switch (code) { - case 0: smp = 4; break; - case 1: smp = 2; break; + case 0: smp = 4*(count+1); break; + case 1: smp = 2*(count+1); break; case 2: smp = (count & 0x20) ? 1 : count + 1; break; default: smp = count + 1; break; } From 7c67d9c6fb6d2752c92ad309303e9557cffa0094 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 25 Dec 2011 04:15:56 +0100 Subject: [PATCH 197/331] golomb: Fix infinite loop in svq3_get_ue_golomb() Signed-off-by: Michael Niedermayer (cherry picked from commit 964506bb979e8c972833c7421a39f3275d3cd3c0) Signed-off-by: Michael Niedermayer --- libavcodec/golomb.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/golomb.h b/libavcodec/golomb.h index 14cf05504f..638357b470 100644 --- a/libavcodec/golomb.h +++ b/libavcodec/golomb.h @@ -123,7 +123,7 @@ static inline int svq3_get_ue_golomb(GetBitContext *gb){ }else{ int ret = 1; - while (1) { + do { buf >>= 32 - 8; LAST_SKIP_BITS(re, gb, FFMIN(ff_interleaved_golomb_vlc_len[buf], 8)); @@ -135,7 +135,7 @@ static inline int svq3_get_ue_golomb(GetBitContext *gb){ ret = (ret << 4) | ff_interleaved_dirac_golomb_vlc_code[buf]; UPDATE_CACHE(re, gb); buf = GET_CACHE(re, gb); - } + } while(ret<0x8000000U); CLOSE_READER(re, gb); return ret - 1; From 0231a68ecd06cc894cc3e292a3c4cc015e40504a Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 25 Dec 2011 04:48:26 +0100 Subject: [PATCH 198/331] avio: Fix ffio_limit() when due to seeking past the end less than 0 bytes remain. Signed-off-by: Michael Niedermayer (cherry picked from commit 27d323577c19af218f8a5ac33364f213b623a023) Signed-off-by: Michael Niedermayer --- libavformat/utils.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index 5ed85dc857..b59a69228e 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -273,9 +273,10 @@ int ffio_limit(AVIOContext *s, int size) if(!s->maxsize || s->maxsizemaxsize= newsize; remaining= s->maxsize - avio_tell(s); + remaining= FFMAX(remaining, 0); } - if(s->maxsize>=0 && remaining>=0 && remaining+1 < size){ + if(s->maxsize>=0 && remaining+1 < size){ av_log(0, AV_LOG_ERROR, "Truncating packet of size %d to %"PRId64"\n", size, remaining+1); size= remaining+1; } From a80205ff82c9160e56c3eeffe4359c1fe9bfa32f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 25 Dec 2011 04:49:23 +0100 Subject: [PATCH 199/331] segafilm: fail earlier in case theres not enough bytestream left for a audio packet. This prevents a potentially large memory allocation. Signed-off-by: Michael Niedermayer (cherry picked from commit 1795fed7bc7a8b8109757cb5f27198c5b05698b5) Signed-off-by: Michael Niedermayer --- libavformat/segafilm.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/segafilm.c b/libavformat/segafilm.c index 17b118a91c..c2a163d9fc 100644 --- a/libavformat/segafilm.c +++ b/libavformat/segafilm.c @@ -30,6 +30,7 @@ #include "libavutil/intreadwrite.h" #include "avformat.h" #include "internal.h" +#include "avio_internal.h" #define FILM_TAG MKBETAG('F', 'I', 'L', 'M') #define FDSC_TAG MKBETAG('F', 'D', 'S', 'C') @@ -264,6 +265,8 @@ static int film_read_packet(AVFormatContext *s, (film->audio_type != CODEC_ID_ADPCM_ADX)) { /* stereo PCM needs to be interleaved */ + if (ffio_limit(pb, sample->sample_size) != sample->sample_size) + return AVERROR(EIO); if (av_new_packet(pkt, sample->sample_size)) return AVERROR(ENOMEM); From 446d11f5edcb70af1cf2d4a3c05c5bdea4688085 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 25 Dec 2011 12:28:50 +0100 Subject: [PATCH 200/331] shorten: Fix invalid free() Signed-off-by: Michael Niedermayer (cherry picked from commit 18bcfc912e48bf77a5202a0e24a3b884b9b2ff2c) Signed-off-by: Michael Niedermayer --- libavcodec/shorten.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c index e0d3f6f986..1906c69de1 100644 --- a/libavcodec/shorten.c +++ b/libavcodec/shorten.c @@ -86,6 +86,7 @@ typedef struct ShortenContext { int channels; int32_t *decoded[MAX_CHANNELS]; + int32_t *decoded_base[MAX_CHANNELS]; int32_t *offset[MAX_CHANNELS]; int *coeffs; uint8_t *bitstream; @@ -140,13 +141,13 @@ static int allocate_buffers(ShortenContext *s) return AVERROR(ENOMEM); s->offset[chan] = tmp_ptr; - tmp_ptr = av_realloc(s->decoded[chan], sizeof(int32_t)*(s->blocksize + s->nwrap)); + tmp_ptr = av_realloc(s->decoded_base[chan], sizeof(int32_t)*(s->blocksize + s->nwrap)); if (!tmp_ptr) return AVERROR(ENOMEM); - s->decoded[chan] = tmp_ptr; + s->decoded_base[chan] = tmp_ptr; for (i=0; inwrap; i++) - s->decoded[chan][i] = 0; - s->decoded[chan] += s->nwrap; + s->decoded_base[chan][i] = 0; + s->decoded[chan] = s->decoded_base[chan] + s->nwrap; } coeffs = av_realloc(s->coeffs, s->nwrap * sizeof(*s->coeffs)); @@ -615,8 +616,8 @@ static av_cold int shorten_decode_close(AVCodecContext *avctx) int i; for (i = 0; i < s->channels; i++) { - s->decoded[i] -= s->nwrap; - av_freep(&s->decoded[i]); + s->decoded[i] = NULL; + av_freep(&s->decoded_base[i]); av_freep(&s->offset[i]); } av_freep(&s->bitstream); From 6caca265338e6b7770439a7038b873fec8ad82f7 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 25 Dec 2011 12:31:23 +0100 Subject: [PATCH 201/331] shorten: validate values in fmt chunk search Signed-off-by: Michael Niedermayer (cherry picked from commit 5e9a56a0350c518cd4b38845aff49d41a9c952ae) Signed-off-by: Michael Niedermayer --- libavcodec/shorten.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c index 1906c69de1..ef58aaa6aa 100644 --- a/libavcodec/shorten.c +++ b/libavcodec/shorten.c @@ -205,7 +205,7 @@ static int decode_wave_header(AVCodecContext *avctx, const uint8_t *header, { int len; short wave_format; - + const uint8_t *end= header + header_size; if (bytestream_get_le32(&header) != MKTAG('R','I','F','F')) { av_log(avctx, AV_LOG_ERROR, "missing RIFF tag\n"); @@ -221,6 +221,8 @@ static int decode_wave_header(AVCodecContext *avctx, const uint8_t *header, while (bytestream_get_le32(&header) != MKTAG('f','m','t',' ')) { len = bytestream_get_le32(&header); + if(len<0 || end - header - 8 < len) + return AVERROR_INVALIDDATA; header += len; } len = bytestream_get_le32(&header); From e9378b42b11a405c3e8d924bcf38d4ff121211b2 Mon Sep 17 00:00:00 2001 From: Stefano Sabatini Date: Tue, 27 Dec 2011 15:15:02 +0100 Subject: [PATCH 202/331] lavfi: add missing check in avfilter_filter_samples() Avoid out-of-buffer data access when nb_channels is 8. (cherry picked from commit ae21776207e8a2bbe268e7c9e203f7599dd87ddb) Signed-off-by: Michael Niedermayer --- libavfilter/avfilter.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavfilter/avfilter.c b/libavfilter/avfilter.c index 5327cf9b69..8a40b299ce 100644 --- a/libavfilter/avfilter.c +++ b/libavfilter/avfilter.c @@ -677,7 +677,7 @@ void avfilter_filter_samples(AVFilterLink *link, AVFilterBufferRef *samplesref) link->cur_buf->audio->sample_rate = samplesref->audio->sample_rate; /* Copy actual data into new samples buffer */ - for (i = 0; samplesref->data[i]; i++) + for (i = 0; samplesref->data[i] && i < 8; i++) memcpy(link->cur_buf->data[i], samplesref->data[i], samplesref->linesize[0]); avfilter_unref_buffer(samplesref); From e9ce8a448011a651e7510be4c4851e68c922b3e2 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Wed, 28 Dec 2011 05:59:39 +0100 Subject: [PATCH 203/331] Fix a crash when reading gray pam files. Fixes ticket #837. (cherry picked from commit 190a0998c353879c8f79f47678752dbb8fa62bb2) Signed-off-by: Michael Niedermayer --- libavcodec/pnm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/pnm.c b/libavcodec/pnm.c index dfc18d6013..b52cd27f72 100644 --- a/libavcodec/pnm.c +++ b/libavcodec/pnm.c @@ -107,6 +107,7 @@ int ff_pnm_decode_header(AVCodecContext *avctx, PNMContext * const s) avctx->width = w; avctx->height = h; + s->maxval = maxval; if (depth == 1) { if (maxval == 1) avctx->pix_fmt = PIX_FMT_MONOWHITE; From b0355d3253d89f7e373277b58da7803d3a45ab90 Mon Sep 17 00:00:00 2001 From: Kostya Shishkov Date: Tue, 6 Dec 2011 14:50:32 +0100 Subject: [PATCH 204/331] Indeo 4 decoder Signed-off-by: Kostya Shishkov (cherry picked from commit adfe0c942e71545f003f9c4d148fbf5d220681bc) Conflicts: Changelog libavcodec/version.h Signed-off-by: Michael Niedermayer --- Changelog | 1 + doc/general.texi | 1 + libavcodec/Makefile | 1 + libavcodec/allcodecs.c | 1 + libavcodec/indeo4.c | 823 ++++++++++++++++++++++++++++++++++++++++ libavcodec/indeo4data.h | 350 +++++++++++++++++ libavcodec/ivi_dsp.c | 149 +++++++- libavcodec/ivi_dsp.h | 39 +- libavcodec/version.h | 2 +- 9 files changed, 1364 insertions(+), 3 deletions(-) create mode 100644 libavcodec/indeo4.c create mode 100644 libavcodec/indeo4data.h diff --git a/Changelog b/Changelog index 8fd519c978..6e3e82de2a 100644 --- a/Changelog +++ b/Changelog @@ -3,6 +3,7 @@ releases are sorted from youngest to oldest. version 0.9: +- Indeo 4 decoder - SMJPEG demuxer - openal input device added - boxblur filter added diff --git a/doc/general.texi b/doc/general.texi index a8769d7472..14f05971cf 100644 --- a/doc/general.texi +++ b/doc/general.texi @@ -512,6 +512,7 @@ following image formats are supported: @item Intel H.263 @tab @tab X @item Intel Indeo 2 @tab @tab X @item Intel Indeo 3 @tab @tab X +@item Intel Indeo 4 @tab @tab X @item Intel Indeo 5 @tab @tab X @item Interplay C93 @tab @tab X @tab Used in the game Cyberia from Interplay. diff --git a/libavcodec/Makefile b/libavcodec/Makefile index 1a651c1b1a..b688807997 100644 --- a/libavcodec/Makefile +++ b/libavcodec/Makefile @@ -207,6 +207,7 @@ OBJS-$(CONFIG_IFF_ILBM_DECODER) += iff.o OBJS-$(CONFIG_IMC_DECODER) += imc.o OBJS-$(CONFIG_INDEO2_DECODER) += indeo2.o OBJS-$(CONFIG_INDEO3_DECODER) += indeo3.o +OBJS-$(CONFIG_INDEO4_DECODER) += indeo4.o ivi_common.o ivi_dsp.o OBJS-$(CONFIG_INDEO5_DECODER) += indeo5.o ivi_common.o ivi_dsp.o OBJS-$(CONFIG_INTERPLAY_DPCM_DECODER) += dpcm.o OBJS-$(CONFIG_INTERPLAY_VIDEO_DECODER) += interplayvideo.o diff --git a/libavcodec/allcodecs.c b/libavcodec/allcodecs.c index 4c85056af8..0ef5602ff5 100644 --- a/libavcodec/allcodecs.c +++ b/libavcodec/allcodecs.c @@ -133,6 +133,7 @@ void avcodec_register_all(void) REGISTER_DECODER (IFF_ILBM, iff_ilbm); REGISTER_DECODER (INDEO2, indeo2); REGISTER_DECODER (INDEO3, indeo3); + REGISTER_DECODER (INDEO4, indeo4); REGISTER_DECODER (INDEO5, indeo5); REGISTER_DECODER (INTERPLAY_VIDEO, interplay_video); REGISTER_ENCDEC (JPEG2000, jpeg2000); diff --git a/libavcodec/indeo4.c b/libavcodec/indeo4.c new file mode 100644 index 0000000000..8f6d2eab65 --- /dev/null +++ b/libavcodec/indeo4.c @@ -0,0 +1,823 @@ +/* + * Indeo Video Interactive v4 compatible decoder + * Copyright (c) 2009-2011 Maxim Poliakovski + * + * This file is part of Libav. + * + * Libav is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * Libav is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with Libav; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +/** + * @file + * Indeo Video Interactive version 4 decoder + * + * Indeo 4 data is usually transported within .avi or .mov files. + * Known FOURCCs: 'IV41' + */ + +#define BITSTREAM_READER_LE +#include "avcodec.h" +#include "get_bits.h" +#include "dsputil.h" +#include "ivi_dsp.h" +#include "ivi_common.h" +#include "indeo4data.h" + +#define IVI4_STREAM_ANALYSER 0 +#define IVI4_DEBUG_CHECKSUM 0 + +/** + * Indeo 4 frame types. + */ +enum { + FRAMETYPE_INTRA = 0, + FRAMETYPE_BIDIR1 = 1, ///< bidirectional frame + FRAMETYPE_INTER = 2, ///< non-droppable P-frame + FRAMETYPE_BIDIR = 3, ///< bidirectional frame + FRAMETYPE_INTER_NOREF = 4, ///< droppable P-frame + FRAMETYPE_NULL_FIRST = 5, ///< empty frame with no data + FRAMETYPE_NULL_LAST = 6 ///< empty frame with no data +}; + +#define IVI4_PIC_SIZE_ESC 7 + + +typedef struct { + GetBitContext gb; + AVFrame frame; + RVMapDesc rvmap_tabs[9]; ///< local corrected copy of the static rvmap tables + + uint32_t frame_num; + int frame_type; + int prev_frame_type; ///< frame type of the previous frame + uint32_t data_size; ///< size of the frame data in bytes from picture header + int is_scalable; + int transp_status; ///< transparency mode status: 1 - enabled + + IVIPicConfig pic_conf; + IVIPlaneDesc planes[3]; ///< color planes + + int buf_switch; ///< used to switch between three buffers + int dst_buf; ///< buffer index for the currently decoded frame + int ref_buf; ///< inter frame reference buffer index + + IVIHuffTab mb_vlc; ///< current macroblock table descriptor + IVIHuffTab blk_vlc; ///< current block table descriptor + + uint16_t checksum; ///< frame checksum + + uint8_t rvmap_sel; + uint8_t in_imf; + uint8_t in_q; ///< flag for explicitly stored quantiser delta + uint8_t pic_glob_quant; + uint8_t unknown1; + +#if IVI4_STREAM_ANALYSER + uint8_t has_b_frames; + uint8_t has_transp; + uint8_t uses_tiling; + uint8_t uses_haar; + uint8_t uses_fullpel; +#endif +} IVI4DecContext; + + +struct { + InvTransformPtr *inv_trans; + DCTransformPtr *dc_trans; + int is_2d_trans; +} transforms[18] = { + { ff_ivi_inverse_haar_8x8, ff_ivi_dc_haar_2d, 1 }, + { NULL, NULL, 0 }, /* inverse Haar 8x1 */ + { NULL, NULL, 0 }, /* inverse Haar 1x8 */ + { ff_ivi_put_pixels_8x8, ff_ivi_put_dc_pixel_8x8, 1 }, + { ff_ivi_inverse_slant_8x8, ff_ivi_dc_slant_2d, 1 }, + { ff_ivi_row_slant8, ff_ivi_dc_row_slant, 1 }, + { ff_ivi_col_slant8, ff_ivi_dc_col_slant, 1 }, + { NULL, NULL, 0 }, /* inverse DCT 8x8 */ + { NULL, NULL, 0 }, /* inverse DCT 8x1 */ + { NULL, NULL, 0 }, /* inverse DCT 1x8 */ + { NULL, NULL, 0 }, /* inverse Haar 4x4 */ + { ff_ivi_inverse_slant_4x4, ff_ivi_dc_slant_2d, 1 }, + { NULL, NULL, 0 }, /* no transform 4x4 */ + { NULL, NULL, 0 }, /* inverse Haar 1x4 */ + { NULL, NULL, 0 }, /* inverse Haar 4x1 */ + { NULL, NULL, 0 }, /* inverse slant 1x4 */ + { NULL, NULL, 0 }, /* inverse slant 4x1 */ + { NULL, NULL, 0 }, /* inverse DCT 4x4 */ +}; + +/** + * Decode subdivision of a plane. + * This is a simplified version that checks for two supported subdivisions: + * - 1 wavelet band per plane, size factor 1:1, code pattern: 3 + * - 4 wavelet bands per plane, size factor 1:4, code pattern: 2,3,3,3,3 + * Anything else is either unsupported or corrupt. + * + * @param[in,out] gb the GetBit context + * @return number of wavelet bands or 0 on error + */ +static int decode_plane_subdivision(GetBitContext *gb) +{ + int i; + + switch (get_bits(gb, 2)) { + case 3: + return 1; + case 2: + for (i = 0; i < 4; i++) + if (get_bits(gb, 2) != 3) + return 0; + return 4; + default: + return 0; + } +} + +static inline int scale_tile_size(int def_size, int size_factor) +{ + return (size_factor == 15 ? def_size : (size_factor + 1) << 5); +} + +/** + * Decode Indeo 4 picture header. + * + * @param[in,out] ctx pointer to the decoder context + * @param[in] avctx pointer to the AVCodecContext + * @return result code: 0 = OK, negative number = error + */ +static int decode_pic_hdr(IVI4DecContext *ctx, AVCodecContext *avctx) +{ + int pic_size_indx, val, i, p; + IVIPicConfig pic_conf; + + if (get_bits(&ctx->gb, 18) != 0x3FFF8) { + av_log(avctx, AV_LOG_ERROR, "Invalid picture start code!\n"); + return AVERROR_INVALIDDATA; + } + + ctx->prev_frame_type = ctx->frame_type; + ctx->frame_type = get_bits(&ctx->gb, 3); + if (ctx->frame_type == 7) { + av_log(avctx, AV_LOG_ERROR, "Invalid frame type: %d\n", ctx->frame_type); + return AVERROR_INVALIDDATA; + } + +#if IVI4_STREAM_ANALYSER + if ( ctx->frame_type == FRAMETYPE_BIDIR1 + || ctx->frame_type == FRAMETYPE_BIDIR) + ctx->has_b_frames = 1; +#endif + + ctx->transp_status = get_bits1(&ctx->gb); +#if IVI4_STREAM_ANALYSER + if (ctx->transp_status) { + ctx->has_transp = 1; + } +#endif + + /* unknown bit: Mac decoder ignores this bit, XANIM returns error */ + if (get_bits1(&ctx->gb)) { + av_log(avctx, AV_LOG_ERROR, "Sync bit is set!\n"); + return AVERROR_INVALIDDATA; + } + + ctx->data_size = get_bits1(&ctx->gb) ? get_bits(&ctx->gb, 24) : 0; + + /* null frames don't contain anything else so we just return */ + if (ctx->frame_type >= FRAMETYPE_NULL_FIRST) { + av_dlog(avctx, "Null frame encountered!\n"); + return 0; + } + + /* Check key lock status. If enabled - ignore lock word. */ + /* Usually we have to prompt the user for the password, but */ + /* we don't do that because Indeo 4 videos can be decoded anyway */ + if (get_bits1(&ctx->gb)) { + skip_bits_long(&ctx->gb, 32); + av_dlog(avctx, "Password-protected clip!\n"); + } + + pic_size_indx = get_bits(&ctx->gb, 3); + if (pic_size_indx == IVI4_PIC_SIZE_ESC) { + pic_conf.pic_height = get_bits(&ctx->gb, 16); + pic_conf.pic_width = get_bits(&ctx->gb, 16); + } else { + pic_conf.pic_height = ivi4_common_pic_sizes[pic_size_indx * 2 + 1]; + pic_conf.pic_width = ivi4_common_pic_sizes[pic_size_indx * 2 ]; + } + + /* Decode tile dimensions. */ + if (get_bits1(&ctx->gb)) { + pic_conf.tile_height = scale_tile_size(pic_conf.pic_height, get_bits(&ctx->gb, 4)); + pic_conf.tile_width = scale_tile_size(pic_conf.pic_width, get_bits(&ctx->gb, 4)); +#if IVI4_STREAM_ANALYSER + ctx->uses_tiling = 1; +#endif + } else { + pic_conf.tile_height = pic_conf.pic_height; + pic_conf.tile_width = pic_conf.pic_width; + } + + /* Decode chroma subsampling. We support only 4:4 aka YVU9. */ + if (get_bits(&ctx->gb, 2)) { + av_log(avctx, AV_LOG_ERROR, "Only YVU9 picture format is supported!\n"); + return AVERROR_INVALIDDATA; + } + pic_conf.chroma_height = (pic_conf.pic_height + 3) >> 2; + pic_conf.chroma_width = (pic_conf.pic_width + 3) >> 2; + + /* decode subdivision of the planes */ + pic_conf.luma_bands = decode_plane_subdivision(&ctx->gb); + if (pic_conf.luma_bands) + pic_conf.chroma_bands = decode_plane_subdivision(&ctx->gb); + ctx->is_scalable = pic_conf.luma_bands != 1 || pic_conf.chroma_bands != 1; + if (ctx->is_scalable && (pic_conf.luma_bands != 4 || pic_conf.chroma_bands != 1)) { + av_log(avctx, AV_LOG_ERROR, "Scalability: unsupported subdivision! Luma bands: %d, chroma bands: %d\n", + pic_conf.luma_bands, pic_conf.chroma_bands); + return AVERROR_INVALIDDATA; + } + + /* check if picture layout was changed and reallocate buffers */ + if (ivi_pic_config_cmp(&pic_conf, &ctx->pic_conf)) { + if (ff_ivi_init_planes(ctx->planes, &pic_conf)) { + av_log(avctx, AV_LOG_ERROR, "Couldn't reallocate color planes!\n"); + return AVERROR(ENOMEM); + } + + ctx->pic_conf = pic_conf; + + /* set default macroblock/block dimensions */ + for (p = 0; p <= 2; p++) { + for (i = 0; i < (!p ? pic_conf.luma_bands : pic_conf.chroma_bands); i++) { + ctx->planes[p].bands[i].mb_size = !p ? (!ctx->is_scalable ? 16 : 8) : 4; + ctx->planes[p].bands[i].blk_size = !p ? 8 : 4; + } + } + + if (ff_ivi_init_tiles(ctx->planes, ctx->pic_conf.tile_width, + ctx->pic_conf.tile_height)) { + av_log(avctx, AV_LOG_ERROR, + "Couldn't reallocate internal structures!\n"); + return AVERROR(ENOMEM); + } + } + + ctx->frame_num = get_bits1(&ctx->gb) ? get_bits(&ctx->gb, 20) : 0; + + /* skip decTimeEst field if present */ + if (get_bits1(&ctx->gb)) + skip_bits(&ctx->gb, 8); + + /* decode macroblock and block huffman codebooks */ + if (ff_ivi_dec_huff_desc(&ctx->gb, get_bits1(&ctx->gb), IVI_MB_HUFF, &ctx->mb_vlc, avctx) || + ff_ivi_dec_huff_desc(&ctx->gb, get_bits1(&ctx->gb), IVI_BLK_HUFF, &ctx->blk_vlc, avctx)) + return AVERROR_INVALIDDATA; + + ctx->rvmap_sel = get_bits1(&ctx->gb) ? get_bits(&ctx->gb, 3) : 8; + + ctx->in_imf = get_bits1(&ctx->gb); + ctx->in_q = get_bits1(&ctx->gb); + + ctx->pic_glob_quant = get_bits(&ctx->gb, 5); + + /* TODO: ignore this parameter if unused */ + ctx->unknown1 = get_bits1(&ctx->gb) ? get_bits(&ctx->gb, 3) : 0; + + ctx->checksum = get_bits1(&ctx->gb) ? get_bits(&ctx->gb, 16) : 0; + + /* skip picture header extension if any */ + while (get_bits1(&ctx->gb)) { + av_dlog(avctx, "Pic hdr extension encountered!\n"); + val = get_bits(&ctx->gb, 8); + } + + if (get_bits1(&ctx->gb)) { + av_log(avctx, AV_LOG_ERROR, "Bad blocks bits encountered!\n"); + } + + align_get_bits(&ctx->gb); + + return 0; +} + + +/** + * Decode Indeo 4 band header. + * + * @param[in,out] ctx pointer to the decoder context + * @param[in,out] band pointer to the band descriptor + * @param[in] avctx pointer to the AVCodecContext + * @return result code: 0 = OK, negative number = error + */ +static int decode_band_hdr(IVI4DecContext *ctx, IVIBandDesc *band, + AVCodecContext *avctx) +{ + int plane, band_num, hdr_size, indx, transform_id, scan_indx; + int i; + + plane = get_bits(&ctx->gb, 2); + band_num = get_bits(&ctx->gb, 4); + if (band->plane != plane || band->band_num != band_num) { + av_log(avctx, AV_LOG_ERROR, "Invalid band header sequence!\n"); + return AVERROR_INVALIDDATA; + } + + band->is_empty = get_bits1(&ctx->gb); + if (!band->is_empty) { + hdr_size = get_bits1(&ctx->gb) ? get_bits(&ctx->gb, 16) : 4; + + band->is_halfpel = get_bits(&ctx->gb, 2); + if (band->is_halfpel >= 2) { + av_log(avctx, AV_LOG_ERROR, "Invalid/unsupported mv resolution: %d!\n", + band->is_halfpel); + return AVERROR_INVALIDDATA; + } +#if IVI4_STREAM_ANALYSER + if (!band->is_halfpel) + ctx->uses_fullpel = 1; +#endif + + band->checksum_present = get_bits1(&ctx->gb); + if (band->checksum_present) + band->checksum = get_bits(&ctx->gb, 16); + + indx = get_bits(&ctx->gb, 2); + if (indx == 3) { + av_log(avctx, AV_LOG_ERROR, "Invalid block size!\n"); + return AVERROR_INVALIDDATA; + } + band->mb_size = 16 >> indx; + band->blk_size = 8 >> (indx >> 1); + + band->inherit_mv = get_bits1(&ctx->gb); + band->inherit_qdelta = get_bits1(&ctx->gb); + + band->glob_quant = get_bits(&ctx->gb, 5); + + if (!get_bits1(&ctx->gb) || ctx->frame_type == FRAMETYPE_INTRA) { + transform_id = get_bits(&ctx->gb, 5); + if (!transforms[transform_id].inv_trans) { + av_log_ask_for_sample(avctx, "Unimplemented transform: %d!\n", transform_id); + return AVERROR_PATCHWELCOME; + } + if ((transform_id >= 7 && transform_id <= 9) || + transform_id == 17) { + av_log_ask_for_sample(avctx, "DCT transform not supported yet!\n"); + return AVERROR_PATCHWELCOME; + } + +#if IVI4_STREAM_ANALYSER + if ((transform_id >= 0 && transform_id <= 2) || transform_id == 10) + ctx->uses_haar = 1; +#endif + + band->inv_transform = transforms[transform_id].inv_trans; + band->dc_transform = transforms[transform_id].dc_trans; + band->is_2d_trans = transforms[transform_id].is_2d_trans; + + scan_indx = get_bits(&ctx->gb, 4); + if (scan_indx == 15) { + av_log(avctx, AV_LOG_ERROR, "Custom scan pattern encountered!\n"); + return AVERROR_INVALIDDATA; + } + band->scan = scan_index_to_tab[scan_indx]; + + band->quant_mat = get_bits(&ctx->gb, 5); + if (band->quant_mat == 31) { + av_log(avctx, AV_LOG_ERROR, "Custom quant matrix encountered!\n"); + return AVERROR_INVALIDDATA; + } + } + + /* decode block huffman codebook */ + if (ff_ivi_dec_huff_desc(&ctx->gb, get_bits1(&ctx->gb), IVI_BLK_HUFF, + &band->blk_vlc, avctx)) + return AVERROR_INVALIDDATA; + + /* select appropriate rvmap table for this band */ + band->rvmap_sel = get_bits1(&ctx->gb) ? get_bits(&ctx->gb, 3) : 8; + + /* decode rvmap probability corrections if any */ + band->num_corr = 0; /* there is no corrections */ + if (get_bits1(&ctx->gb)) { + band->num_corr = get_bits(&ctx->gb, 8); /* get number of correction pairs */ + if (band->num_corr > 61) { + av_log(avctx, AV_LOG_ERROR, "Too many corrections: %d\n", + band->num_corr); + return AVERROR_INVALIDDATA; + } + + /* read correction pairs */ + for (i = 0; i < band->num_corr * 2; i++) + band->corr[i] = get_bits(&ctx->gb, 8); + } + } + + if (band->blk_size == 8) { + band->intra_base = &ivi4_quant_8x8_intra[quant_index_to_tab[band->quant_mat]][0]; + band->inter_base = &ivi4_quant_8x8_inter[quant_index_to_tab[band->quant_mat]][0]; + } else { + band->intra_base = &ivi4_quant_4x4_intra[quant_index_to_tab[band->quant_mat]][0]; + band->inter_base = &ivi4_quant_4x4_inter[quant_index_to_tab[band->quant_mat]][0]; + } + + /* Indeo 4 doesn't use scale tables */ + band->intra_scale = NULL; + band->inter_scale = NULL; + + align_get_bits(&ctx->gb); + + return 0; +} + + +/** + * Decode information (block type, cbp, quant delta, motion vector) + * for all macroblocks in the current tile. + * + * @param[in,out] ctx pointer to the decoder context + * @param[in,out] band pointer to the band descriptor + * @param[in,out] tile pointer to the tile descriptor + * @param[in] avctx pointer to the AVCodecContext + * @return result code: 0 = OK, negative number = error + */ +static int decode_mb_info(IVI4DecContext *ctx, IVIBandDesc *band, + IVITile *tile, AVCodecContext *avctx) +{ + int x, y, mv_x, mv_y, mv_delta, offs, mb_offset, blks_per_mb, + mv_scale, mb_type_bits; + IVIMbInfo *mb, *ref_mb; + int row_offset = band->mb_size * band->pitch; + + mb = tile->mbs; + ref_mb = tile->ref_mbs; + offs = tile->ypos * band->pitch + tile->xpos; + + blks_per_mb = band->mb_size != band->blk_size ? 4 : 1; + mb_type_bits = ctx->frame_type == FRAMETYPE_BIDIR ? 2 : 1; + + /* scale factor for motion vectors */ + mv_scale = (ctx->planes[0].bands[0].mb_size >> 3) - (band->mb_size >> 3); + mv_x = mv_y = 0; + + for (y = tile->ypos; y < tile->ypos + tile->height; y += band->mb_size) { + mb_offset = offs; + + for (x = tile->xpos; x < tile->xpos + tile->width; x += band->mb_size) { + mb->xpos = x; + mb->ypos = y; + mb->buf_offs = mb_offset; + + if (get_bits1(&ctx->gb)) { + if (ctx->frame_type == FRAMETYPE_INTRA) { + av_log(avctx, AV_LOG_ERROR, "Empty macroblock in an INTRA picture!\n"); + return AVERROR_INVALIDDATA; + } + mb->type = 1; /* empty macroblocks are always INTER */ + mb->cbp = 0; /* all blocks are empty */ + + mb->q_delta = 0; + if (!band->plane && !band->band_num && ctx->in_q) { + mb->q_delta = get_vlc2(&ctx->gb, ctx->mb_vlc.tab->table, + IVI_VLC_BITS, 1); + mb->q_delta = IVI_TOSIGNED(mb->q_delta); + } + + mb->mv_x = mb->mv_y = 0; /* no motion vector coded */ + if (band->inherit_mv) { + /* motion vector inheritance */ + if (mv_scale) { + mb->mv_x = ivi_scale_mv(ref_mb->mv_x, mv_scale); + mb->mv_y = ivi_scale_mv(ref_mb->mv_y, mv_scale); + } else { + mb->mv_x = ref_mb->mv_x; + mb->mv_y = ref_mb->mv_y; + } + } + } else { + if (band->inherit_mv) { + mb->type = ref_mb->type; /* copy mb_type from corresponding reference mb */ + } else if (ctx->frame_type == FRAMETYPE_INTRA) { + mb->type = 0; /* mb_type is always INTRA for intra-frames */ + } else { + mb->type = get_bits(&ctx->gb, mb_type_bits); + } + + mb->cbp = get_bits(&ctx->gb, blks_per_mb); + + mb->q_delta = 0; + if (band->inherit_qdelta) { + if (ref_mb) mb->q_delta = ref_mb->q_delta; + } else if (mb->cbp || (!band->plane && !band->band_num && + ctx->in_q)) { + mb->q_delta = get_vlc2(&ctx->gb, ctx->mb_vlc.tab->table, + IVI_VLC_BITS, 1); + mb->q_delta = IVI_TOSIGNED(mb->q_delta); + } + + if (!mb->type) { + mb->mv_x = mb->mv_y = 0; /* there is no motion vector in intra-macroblocks */ + } else { + if (band->inherit_mv) { + /* motion vector inheritance */ + if (mv_scale) { + mb->mv_x = ivi_scale_mv(ref_mb->mv_x, mv_scale); + mb->mv_y = ivi_scale_mv(ref_mb->mv_y, mv_scale); + } else { + mb->mv_x = ref_mb->mv_x; + mb->mv_y = ref_mb->mv_y; + } + } else { + /* decode motion vector deltas */ + mv_delta = get_vlc2(&ctx->gb, ctx->mb_vlc.tab->table, + IVI_VLC_BITS, 1); + mv_y += IVI_TOSIGNED(mv_delta); + mv_delta = get_vlc2(&ctx->gb, ctx->mb_vlc.tab->table, + IVI_VLC_BITS, 1); + mv_x += IVI_TOSIGNED(mv_delta); + mb->mv_x = mv_x; + mb->mv_y = mv_y; + } + } + } + + mb++; + if (ref_mb) + ref_mb++; + mb_offset += band->mb_size; + } + + offs += row_offset; + } + + align_get_bits(&ctx->gb); + + return 0; +} + + +/** + * Decode an Indeo 4 band. + * + * @param[in,out] ctx pointer to the decoder context + * @param[in,out] band pointer to the band descriptor + * @param[in] avctx pointer to the AVCodecContext + * @return result code: 0 = OK, negative number = error + */ +static int decode_band(IVI4DecContext *ctx, int plane_num, + IVIBandDesc *band, AVCodecContext *avctx) +{ + int result, i, t, pos, idx1, idx2; + IVITile *tile; + + band->buf = band->bufs[ctx->dst_buf]; + band->ref_buf = band->bufs[ctx->ref_buf]; + + result = decode_band_hdr(ctx, band, avctx); + if (result) { + av_log(avctx, AV_LOG_ERROR, "Error decoding band header\n"); + return result; + } + + if (band->is_empty) { + av_log(avctx, AV_LOG_ERROR, "Empty band encountered!\n"); + return AVERROR_INVALIDDATA; + } + + band->rv_map = &ctx->rvmap_tabs[band->rvmap_sel]; + + /* apply corrections to the selected rvmap table if present */ + for (i = 0; i < band->num_corr; i++) { + idx1 = band->corr[i * 2]; + idx2 = band->corr[i * 2 + 1]; + FFSWAP(uint8_t, band->rv_map->runtab[idx1], band->rv_map->runtab[idx2]); + FFSWAP(int16_t, band->rv_map->valtab[idx1], band->rv_map->valtab[idx2]); + } + + pos = get_bits_count(&ctx->gb); + + for (t = 0; t < band->num_tiles; t++) { + tile = &band->tiles[t]; + + tile->is_empty = get_bits1(&ctx->gb); + if (tile->is_empty) { + ff_ivi_process_empty_tile(avctx, band, tile, + (ctx->planes[0].bands[0].mb_size >> 3) - (band->mb_size >> 3)); + av_dlog(avctx, "Empty tile encountered!\n"); + } else { + tile->data_size = ff_ivi_dec_tile_data_size(&ctx->gb); + if (!tile->data_size) { + av_log(avctx, AV_LOG_ERROR, "Tile data size is zero!\n"); + return AVERROR_INVALIDDATA; + } + + result = decode_mb_info(ctx, band, tile, avctx); + if (result < 0) + break; + + result = ff_ivi_decode_blocks(&ctx->gb, band, tile); + if (result < 0 || ((get_bits_count(&ctx->gb) - pos) >> 3) != tile->data_size) { + av_log(avctx, AV_LOG_ERROR, "Corrupted tile data encountered!\n"); + break; + } + + pos += tile->data_size << 3; // skip to next tile + } + } + + /* restore the selected rvmap table by applying its corrections in reverse order */ + for (i = band->num_corr - 1; i >= 0; i--) { + idx1 = band->corr[i * 2]; + idx2 = band->corr[i * 2 + 1]; + FFSWAP(uint8_t, band->rv_map->runtab[idx1], band->rv_map->runtab[idx2]); + FFSWAP(int16_t, band->rv_map->valtab[idx1], band->rv_map->valtab[idx2]); + } + +#if defined(DEBUG) && IVI4_DEBUG_CHECKSUM + if (band->checksum_present) { + uint16_t chksum = ivi_calc_band_checksum(band); + if (chksum != band->checksum) { + av_log(avctx, AV_LOG_ERROR, + "Band checksum mismatch! Plane %d, band %d, received: %x, calculated: %x\n", + band->plane, band->band_num, band->checksum, chksum); + } + } +#endif + + align_get_bits(&ctx->gb); + + return 0; +} + + +static av_cold int decode_init(AVCodecContext *avctx) +{ + IVI4DecContext *ctx = avctx->priv_data; + + ff_ivi_init_static_vlc(); + + /* copy rvmap tables in our context so we can apply changes to them */ + memcpy(ctx->rvmap_tabs, ff_ivi_rvmap_tabs, sizeof(ff_ivi_rvmap_tabs)); + + /* Force allocation of the internal buffers */ + /* during picture header decoding. */ + ctx->pic_conf.pic_width = 0; + ctx->pic_conf.pic_height = 0; + + avctx->pix_fmt = PIX_FMT_YUV410P; + + return 0; +} + + +/** + * Rearrange decoding and reference buffers. + * + * @param[in,out] ctx pointer to the decoder context + */ +static void switch_buffers(IVI4DecContext *ctx) +{ + switch (ctx->prev_frame_type) { + case FRAMETYPE_INTRA: + case FRAMETYPE_INTER: + ctx->buf_switch ^= 1; + ctx->dst_buf = ctx->buf_switch; + ctx->ref_buf = ctx->buf_switch ^ 1; + break; + case FRAMETYPE_INTER_NOREF: + break; + } + + switch (ctx->frame_type) { + case FRAMETYPE_INTRA: + ctx->buf_switch = 0; + /* FALLTHROUGH */ + case FRAMETYPE_INTER: + ctx->dst_buf = ctx->buf_switch; + ctx->ref_buf = ctx->buf_switch ^ 1; + break; + case FRAMETYPE_INTER_NOREF: + case FRAMETYPE_NULL_FIRST: + case FRAMETYPE_NULL_LAST: + break; + } +} + + +static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, + AVPacket *avpkt) +{ + IVI4DecContext *ctx = avctx->priv_data; + const uint8_t *buf = avpkt->data; + int buf_size = avpkt->size; + int result, p, b; + + init_get_bits(&ctx->gb, buf, buf_size * 8); + + result = decode_pic_hdr(ctx, avctx); + if (result) { + av_log(avctx, AV_LOG_ERROR, "Error decoding picture header\n"); + return result; + } + + switch_buffers(ctx); + + if (ctx->frame_type < FRAMETYPE_NULL_FIRST) { + for (p = 0; p < 3; p++) { + for (b = 0; b < ctx->planes[p].num_bands; b++) { + result = decode_band(ctx, p, &ctx->planes[p].bands[b], avctx); + if (result) { + av_log(avctx, AV_LOG_ERROR, + "Error decoding band: %d, plane: %d\n", b, p); + return result; + } + } + } + } + + /* If the bidirectional mode is enabled, next I and the following P frame will */ + /* be sent together. Unfortunately the approach below seems to be the only way */ + /* to handle the B-frames mode. That's exactly the same Intel decoders do. */ + if (ctx->frame_type == FRAMETYPE_INTRA) { + while (get_bits(&ctx->gb, 8)); // skip version string + skip_bits_long(&ctx->gb, 64); // skip padding, TODO: implement correct 8-bytes alignment + if (get_bits_left(&ctx->gb) > 18 && show_bits(&ctx->gb, 18) == 0x3FFF8) + av_log(avctx, AV_LOG_ERROR, "Buffer contains IP frames!\n"); + } + + if (ctx->frame.data[0]) + avctx->release_buffer(avctx, &ctx->frame); + + ctx->frame.reference = 0; + if ((result = avctx->get_buffer(avctx, &ctx->frame)) < 0) { + av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n"); + return result; + } + + if (ctx->is_scalable) { + ff_ivi_recompose_haar(&ctx->planes[0], ctx->frame.data[0], ctx->frame.linesize[0], 4); + } else { + ff_ivi_output_plane(&ctx->planes[0], ctx->frame.data[0], ctx->frame.linesize[0]); + } + + ff_ivi_output_plane(&ctx->planes[2], ctx->frame.data[1], ctx->frame.linesize[1]); + ff_ivi_output_plane(&ctx->planes[1], ctx->frame.data[2], ctx->frame.linesize[2]); + + *data_size = sizeof(AVFrame); + *(AVFrame*)data = ctx->frame; + + return buf_size; +} + + +static av_cold int decode_close(AVCodecContext *avctx) +{ + IVI4DecContext *ctx = avctx->priv_data; + + ff_ivi_free_buffers(&ctx->planes[0]); + + if (ctx->frame.data[0]) + avctx->release_buffer(avctx, &ctx->frame); + +#if IVI4_STREAM_ANALYSER + if (ctx->is_scalable) + av_log(avctx, AV_LOG_ERROR, "This video uses scalability mode!\n"); + if (ctx->uses_tiling) + av_log(avctx, AV_LOG_ERROR, "This video uses local decoding!\n"); + if (ctx->has_b_frames) + av_log(avctx, AV_LOG_ERROR, "This video contains B-frames!\n"); + if (ctx->has_transp) + av_log(avctx, AV_LOG_ERROR, "Transparency mode is enabled!\n"); + if (ctx->uses_haar) + av_log(avctx, AV_LOG_ERROR, "This video uses Haar transform!\n"); + if (ctx->uses_fullpel) + av_log(avctx, AV_LOG_ERROR, "This video uses fullpel motion vectors!\n"); +#endif + + return 0; +} + + +AVCodec ff_indeo4_decoder = { + .name = "indeo4", + .type = AVMEDIA_TYPE_VIDEO, + .id = CODEC_ID_INDEO4, + .priv_data_size = sizeof(IVI4DecContext), + .init = decode_init, + .close = decode_close, + .decode = decode_frame, + .long_name = NULL_IF_CONFIG_SMALL("Intel Indeo Video Interactive 4"), +}; diff --git a/libavcodec/indeo4data.h b/libavcodec/indeo4data.h new file mode 100644 index 0000000000..affd9c6203 --- /dev/null +++ b/libavcodec/indeo4data.h @@ -0,0 +1,350 @@ +/* + * Indeo Video Interactive 4 compatible decoder + * Copyright (c) 2009-2010 Maxim Poliakovski + * + * This file is part of Libav. + * + * Libav is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * Libav is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with Libav; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +/** + * @file + * This file contains data needed for the Indeo 4 decoder. + */ + +#ifndef AVCODEC_INDEO4DATA_H +#define AVCODEC_INDEO4DATA_H + +#include +#include "dsputil.h" +#include "ivi_common.h" + +/** + * standard picture dimensions + */ +static const uint16_t ivi4_common_pic_sizes[14] = { + 640, 480, 320, 240, 160, 120, 704, 480, 352, 240, 352, 288, 176, 144 +}; + +/** + * Indeo 4 8x8 scan (zigzag) patterns + */ +static const uint8_t ivi4_alternate_scan_8x8[64] = { + 0, 8, 1, 9, 16, 24, 2, 3, 17, 25, 10, 11, 32, 40, 48, 56, + 4, 5, 6, 7, 33, 41, 49, 57, 18, 19, 26, 27, 12, 13, 14, 15, + 34, 35, 43, 42, 50, 51, 59, 58, 20, 21, 22, 23, 31, 30, 29, 28, + 36, 37, 38, 39, 47, 46, 45, 44, 52, 53, 54, 55, 63, 62, 61, 60 +}; + +static const uint8_t ivi4_alternate_scan_4x4[16] = { + 0, 1, 4, 5, 8, 12, 2, 3, 9, 13, 6, 7, 10, 11, 14, 15 +}; + +static const uint8_t ivi4_vertical_scan_4x4[16] = { + 0, 4, 8, 12, 1, 5, 9, 13, 2, 6, 10, 14, 3, 7, 11, 15 +}; + +static const uint8_t ivi4_horizontal_scan_4x4[16] = { + 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 +}; + +static const uint8_t *scan_index_to_tab[15] = { + // for 8x8 transforms + ff_zigzag_direct, + ivi4_alternate_scan_8x8, + ff_ivi_horizontal_scan_8x8, + ff_ivi_vertical_scan_8x8, + ff_zigzag_direct, + + // for 4x4 transforms + ff_ivi_direct_scan_4x4, + ivi4_alternate_scan_4x4, + ivi4_vertical_scan_4x4, + ivi4_horizontal_scan_4x4, + ff_ivi_direct_scan_4x4, + + // TODO: check if those are needed + ff_ivi_horizontal_scan_8x8, + ff_ivi_horizontal_scan_8x8, + ff_ivi_horizontal_scan_8x8, + ff_ivi_horizontal_scan_8x8, + ff_ivi_horizontal_scan_8x8 +}; + +/** + * Indeo 4 dequant tables + */ +static uint16_t ivi4_quant_8x8_intra[9][64] = { + { + 43, 342, 385, 470, 555, 555, 598, 726, + 342, 342, 470, 513, 555, 598, 726, 769, + 385, 470, 555, 555, 598, 726, 726, 811, + 470, 470, 555, 555, 598, 726, 769, 854, + 470, 555, 555, 598, 683, 726, 854, 1025, + 555, 555, 598, 683, 726, 854, 1025, 1153, + 555, 555, 598, 726, 811, 982, 1195, 1451, + 555, 598, 726, 811, 982, 1195, 1451, 1793 + }, + { + 86, 1195, 2390, 2390, 4865, 4865, 4865, 4865, + 1195, 1195, 2390, 2390, 4865, 4865, 4865, 4865, + 2390, 2390, 4865, 4865, 6827, 6827, 6827, 6827, + 2390, 2390, 4865, 4865, 6827, 6827, 6827, 6827, + 4865, 4865, 6827, 6827, 6827, 6827, 6827, 6827, + 4865, 4865, 6827, 6827, 6827, 6827, 6827, 6827, + 4865, 4865, 6827, 6827, 6827, 6827, 6827, 6827, + 4865, 4865, 6827, 6827, 6827, 6827, 6827, 6827 + }, + { + 235, 1067, 1195, 1323, 1451, 1579, 1707, 1835, + 235, 1067, 1195, 1323, 1451, 1579, 1707, 1835, + 235, 1067, 1195, 1323, 1451, 1579, 1707, 1835, + 235, 1067, 1195, 1323, 1451, 1579, 1707, 1835, + 235, 1067, 1195, 1323, 1451, 1579, 1707, 1835, + 235, 1067, 1195, 1323, 1451, 1579, 1707, 1835, + 235, 1067, 1195, 1323, 1451, 1579, 1707, 1835, + 235, 1067, 1195, 1323, 1451, 1579, 1707, 1835 + }, + { + 1707, 1707, 3414, 3414, 3414, 3414, 3414, 3414, + 1707, 1707, 3414, 3414, 3414, 3414, 3414, 3414, + 1707, 1707, 3414, 3414, 3414, 3414, 3414, 3414, + 1707, 1707, 3414, 3414, 3414, 3414, 3414, 3414, + 1707, 1707, 3414, 3414, 3414, 3414, 3414, 3414, + 1707, 1707, 3414, 3414, 3414, 3414, 3414, 3414, + 1707, 1707, 3414, 3414, 3414, 3414, 3414, 3414, + 1707, 1707, 3414, 3414, 3414, 3414, 3414, 3414 + }, + { + 897, 897, 897, 897, 897, 897, 897, 897, + 1067, 1067, 1067, 1067, 1067, 1067, 1067, 1067, + 1238, 1238, 1238, 1238, 1238, 1238, 1238, 1238, + 1409, 1409, 1409, 1409, 1409, 1409, 1409, 1409, + 1579, 1579, 1579, 1579, 1579, 1579, 1579, 1579, + 1750, 1750, 1750, 1750, 1750, 1750, 1750, 1750, + 1921, 1921, 1921, 1921, 1921, 1921, 1921, 1921, + 2091, 2091, 2091, 2091, 2091, 2091, 2091, 2091 + }, + { + 1707, 1707, 1707, 1707, 1707, 1707, 1707, 1707, + 1707, 1707, 1707, 1707, 1707, 1707, 1707, 1707, + 3414, 3414, 3414, 3414, 3414, 3414, 3414, 3414, + 3414, 3414, 3414, 3414, 3414, 3414, 3414, 3414, + 3414, 3414, 3414, 3414, 3414, 3414, 3414, 3414, + 3414, 3414, 3414, 3414, 3414, 3414, 3414, 3414, + 3414, 3414, 3414, 3414, 3414, 3414, 3414, 3414, + 3414, 3414, 3414, 3414, 3414, 3414, 3414, 3414 + }, + { + 2390, 2390, 2390, 2390, 2390, 2390, 2390, 2390, + 2390, 2390, 2390, 2390, 2390, 2390, 2390, 2390, + 2390, 2390, 2390, 2390, 2390, 2390, 2390, 2390, + 2390, 2390, 2390, 2390, 2390, 2390, 2390, 2390, + 2390, 2390, 2390, 2390, 2390, 2390, 2390, 2390, + 2390, 2390, 2390, 2390, 2390, 2390, 2390, 2390, + 2390, 2390, 2390, 2390, 2390, 2390, 2390, 2390, + 2390, 2390, 2390, 2390, 2390, 2390, 2390, 2390 + }, + { + 22, 171, 214, 257, 257, 299, 299, 342, + 171, 171, 257, 257, 299, 299, 342, 385, + 214, 257, 257, 299, 299, 342, 342, 385, + 257, 257, 257, 299, 299, 342, 385, 427, + 257, 257, 299, 299, 342, 385, 427, 513, + 257, 299, 299, 342, 385, 427, 513, 598, + 299, 299, 299, 385, 385, 470, 598, 726, + 299, 299, 385, 385, 470, 598, 726, 897 + }, + { + 86, 598, 1195, 1195, 2390, 2390, 2390, 2390, + 598, 598, 1195, 1195, 2390, 2390, 2390, 2390, + 1195, 1195, 2390, 2390, 3414, 3414, 3414, 3414, + 1195, 1195, 2390, 2390, 3414, 3414, 3414, 3414, + 2390, 2390, 3414, 3414, 3414, 3414, 3414, 3414, + 2390, 2390, 3414, 3414, 3414, 3414, 3414, 3414, + 2390, 2390, 3414, 3414, 3414, 3414, 3414, 3414, + 2390, 2390, 3414, 3414, 3414, 3414, 3414, 3414 + } +}; + +static uint16_t ivi4_quant_8x8_inter[9][64] = { + { + 427, 427, 470, 427, 427, 427, 470, 470, + 427, 427, 470, 427, 427, 427, 470, 470, + 470, 470, 470, 470, 470, 470, 470, 470, + 427, 427, 470, 470, 427, 427, 470, 470, + 427, 427, 470, 427, 427, 427, 470, 470, + 427, 427, 470, 427, 427, 427, 470, 470, + 470, 470, 470, 470, 470, 470, 470, 470, + 470, 470, 470, 470, 470, 470, 470, 470 + }, + { + 1707, 1707, 2433, 2433, 3414, 3414, 3414, 3414, + 1707, 1707, 2433, 2433, 3414, 3414, 3414, 3414, + 2433, 2433, 3414, 3414, 4822, 4822, 4822, 4822, + 2433, 2433, 3414, 3414, 4822, 4822, 4822, 4822, + 3414, 3414, 4822, 4822, 3414, 3414, 3414, 3414, + 3414, 3414, 4822, 4822, 3414, 3414, 3414, 3414, + 3414, 3414, 4822, 4822, 3414, 3414, 3414, 3414, + 3414, 3414, 4822, 4822, 3414, 3414, 3414, 3414 + }, + { + 1195, 1195, 1281, 1238, 1195, 1195, 1281, 1281, + 1195, 1195, 1281, 1238, 1195, 1195, 1281, 1281, + 1195, 1195, 1281, 1238, 1195, 1195, 1281, 1281, + 1195, 1195, 1281, 1238, 1195, 1195, 1281, 1281, + 1195, 1195, 1281, 1238, 1195, 1195, 1281, 1281, + 1195, 1195, 1281, 1238, 1195, 1195, 1281, 1281, + 1195, 1195, 1281, 1238, 1195, 1195, 1281, 1281, + 1195, 1195, 1281, 1238, 1195, 1195, 1281, 1281 + }, + { + 2433, 2433, 3414, 3414, 2433, 2433, 2433, 2433, + 2433, 2433, 3414, 3414, 2433, 2433, 2433, 2433, + 2433, 2433, 3414, 3414, 2433, 2433, 2433, 2433, + 2433, 2433, 3414, 3414, 2433, 2433, 2433, 2433, + 2433, 2433, 3414, 3414, 2433, 2433, 2433, 2433, + 2433, 2433, 3414, 3414, 2433, 2433, 2433, 2433, + 2433, 2433, 3414, 3414, 2433, 2433, 2433, 2433, + 2433, 2433, 3414, 3414, 2433, 2433, 2433, 2433 + }, + { + 1195, 1195, 1195, 1195, 1195, 1195, 1195, 1195, + 1195, 1195, 1195, 1195, 1195, 1195, 1195, 1195, + 1281, 1281, 1281, 1281, 1281, 1281, 1281, 1281, + 1238, 1238, 1238, 1238, 1238, 1238, 1238, 1238, + 1195, 1195, 1195, 1195, 1195, 1195, 1195, 1195, + 1195, 1195, 1195, 1195, 1195, 1195, 1195, 1195, + 1281, 1281, 1281, 1281, 1281, 1281, 1281, 1281, + 1281, 1281, 1281, 1281, 1281, 1281, 1281, 1281 + }, + { + 2433, 2433, 2433, 2433, 2433, 2433, 2433, 2433, + 2433, 2433, 2433, 2433, 2433, 2433, 2433, 2433, + 3414, 3414, 3414, 3414, 3414, 3414, 3414, 3414, + 3414, 3414, 3414, 3414, 3414, 3414, 3414, 3414, + 2433, 2433, 2433, 2433, 2433, 2433, 2433, 2433, + 2433, 2433, 2433, 2433, 2433, 2433, 2433, 2433, + 2433, 2433, 2433, 2433, 2433, 2433, 2433, 2433, + 2433, 2433, 2433, 2433, 2433, 2433, 2433, 2433 + }, + { + 1707, 1707, 1707, 1707, 1707, 1707, 1707, 1707, + 1707, 1707, 1707, 1707, 1707, 1707, 1707, 1707, + 1707, 1707, 1707, 1707, 1707, 1707, 1707, 1707, + 1707, 1707, 1707, 1707, 1707, 1707, 1707, 1707, + 1707, 1707, 1707, 1707, 1707, 1707, 1707, 1707, + 1707, 1707, 1707, 1707, 1707, 1707, 1707, 1707, + 1707, 1707, 1707, 1707, 1707, 1707, 1707, 1707, + 1707, 1707, 1707, 1707, 1707, 1707, 1707, 1707 + }, + { + 86, 171, 171, 214, 214, 214, 214, 257, + 171, 171, 214, 214, 214, 214, 257, 257, + 171, 214, 214, 214, 214, 257, 257, 257, + 214, 214, 214, 214, 257, 257, 257, 299, + 214, 214, 214, 257, 257, 257, 299, 299, + 214, 214, 257, 257, 257, 299, 299, 299, + 214, 257, 257, 257, 299, 299, 299, 342, + 257, 257, 257, 299, 299, 299, 342, 342 + }, + { + 854, 854, 1195, 1195, 1707, 1707, 1707, 1707, + 854, 854, 1195, 1195, 1707, 1707, 1707, 1707, + 1195, 1195, 1707, 1707, 2390, 2390, 2390, 2390, + 1195, 1195, 1707, 1707, 2390, 2390, 2390, 2390, + 1707, 1707, 2390, 2390, 1707, 1707, 1707, 1707, + 1707, 1707, 2390, 2390, 1707, 1707, 1707, 1707, + 1707, 1707, 2390, 2390, 1707, 1707, 1707, 1707, + 1707, 1707, 2390, 2390, 1707, 1707, 1707, 1707 + } +}; + +static uint16_t ivi4_quant_4x4_intra[5][16] = { + { + 22, 214, 257, 299, + 214, 257, 299, 342, + 257, 299, 342, 427, + 299, 342, 427, 513 + }, + { + 129, 1025, 1451, 1451, + 1025, 1025, 1451, 1451, + 1451, 1451, 2049, 2049, + 1451, 1451, 2049, 2049 + }, + { + 43, 171, 171, 171, + 43, 171, 171, 171, + 43, 171, 171, 171, + 43, 171, 171, 171 + }, + { + 43, 43, 43, 43, + 171, 171, 171, 171, + 171, 171, 171, 171, + 171, 171, 171, 171 + }, + { + 43, 43, 43, 43, + 43, 43, 43, 43, + 43, 43, 43, 43, + 43, 43, 43, 43 + } +}; + +static uint16_t ivi4_quant_4x4_inter[5][16] = { + { + 107, 214, 257, 299, + 214, 257, 299, 299, + 257, 299, 299, 342, + 299, 299, 342, 342 + }, + { + 513, 1025, 1238, 1238, + 1025, 1025, 1238, 1238, + 1238, 1238, 1451, 1451, + 1238, 1238, 1451, 1451 + }, + { + 43, 171, 171, 171, + 43, 171, 171, 171, + 43, 171, 171, 171, + 43, 171, 171, 171 + }, + { + 43, 43, 43, 43, + 171, 171, 171, 171, + 171, 171, 171, 171, + 171, 171, 171, 171 + }, + { + 43, 43, 43, 43, + 43, 43, 43, 43, + 43, 43, 43, 43, + 43, 43, 43, 43 + } +}; + +/** + * Table for mapping quant matrix index from the bitstream + * into internal quant table number. + */ +static uint8_t quant_index_to_tab[22] = { + 0, 1, 0, 2, 1, 3, 0, 4, 1, 5, 0, 1, 6, 7, 8, // for 8x8 quant matrixes + 0, 1, 2, 2, 3, 3, 4 // for 4x4 quant matrixes +}; + +#endif /* AVCODEC_INDEO4DATA_H */ diff --git a/libavcodec/ivi_dsp.c b/libavcodec/ivi_dsp.c index 913fdc31b2..0ee7035741 100644 --- a/libavcodec/ivi_dsp.c +++ b/libavcodec/ivi_dsp.c @@ -1,7 +1,7 @@ /* * DSP functions for Indeo Video Interactive codecs (Indeo4 and Indeo5) * - * Copyright (c) 2009 Maxim Poliakovski + * Copyright (c) 2009-2011 Maxim Poliakovski * * This file is part of FFmpeg. * @@ -178,6 +178,153 @@ void ff_ivi_recompose53(const IVIPlaneDesc *plane, uint8_t *dst, } } +void ff_ivi_recompose_haar(const IVIPlaneDesc *plane, uint8_t *dst, + const int dst_pitch, const int num_bands) +{ + int x, y, indx, b0, b1, b2, b3, p0, p1, p2, p3; + const IDWTELEM *b0_ptr, *b1_ptr, *b2_ptr, *b3_ptr; + int32_t pitch; + + /* all bands should have the same pitch */ + pitch = plane->bands[0].pitch; + + /* get pointers to the wavelet bands */ + b0_ptr = plane->bands[0].buf; + b1_ptr = plane->bands[1].buf; + b2_ptr = plane->bands[2].buf; + b3_ptr = plane->bands[3].buf; + + for (y = 0; y < plane->height; y += 2) { + for (x = 0, indx = 0; x < plane->width; x += 2, indx++) { + /* load coefficients */ + b0 = b0_ptr[indx]; //should be: b0 = (num_bands > 0) ? b0_ptr[indx] : 0; + b1 = b1_ptr[indx]; //should be: b1 = (num_bands > 1) ? b1_ptr[indx] : 0; + b2 = b2_ptr[indx]; //should be: b2 = (num_bands > 2) ? b2_ptr[indx] : 0; + b3 = b3_ptr[indx]; //should be: b3 = (num_bands > 3) ? b3_ptr[indx] : 0; + + /* haar wavelet recomposition */ + p0 = (b0 + b1 + b2 + b3 + 2) >> 2; + p1 = (b0 + b1 - b2 - b3 + 2) >> 2; + p2 = (b0 - b1 + b2 - b3 + 2) >> 2; + p3 = (b0 - b1 - b2 + b3 + 2) >> 2; + + /* bias, convert and output four pixels */ + dst[x] = av_clip_uint8(p0 + 128); + dst[x + 1] = av_clip_uint8(p1 + 128); + dst[dst_pitch + x] = av_clip_uint8(p2 + 128); + dst[dst_pitch + x + 1] = av_clip_uint8(p3 + 128); + }// for x + + dst += dst_pitch << 1; + + b0_ptr += pitch; + b1_ptr += pitch; + b2_ptr += pitch; + b3_ptr += pitch; + }// for y +} + +/** butterfly operation for the inverse Haar transform */ +#define IVI_HAAR_BFLY(s1, s2, o1, o2, t) \ + t = (s1 - s2) >> 1;\ + o1 = (s1 + s2) >> 1;\ + o2 = t;\ + +/** inverse 8-point Haar transform */ +#define INV_HAAR8(s1, s5, s3, s7, s2, s4, s6, s8,\ + d1, d2, d3, d4, d5, d6, d7, d8,\ + t0, t1, t2, t3, t4, t5, t6, t7, t8) {\ + t1 = s1 << 1; t5 = s5 << 1;\ + IVI_HAAR_BFLY(t1, t5, t1, t5, t0); IVI_HAAR_BFLY(t1, s3, t1, t3, t0);\ + IVI_HAAR_BFLY(t5, s7, t5, t7, t0); IVI_HAAR_BFLY(t1, s2, t1, t2, t0);\ + IVI_HAAR_BFLY(t3, s4, t3, t4, t0); IVI_HAAR_BFLY(t5, s6, t5, t6, t0);\ + IVI_HAAR_BFLY(t7, s8, t7, t8, t0);\ + d1 = COMPENSATE(t1);\ + d2 = COMPENSATE(t2);\ + d3 = COMPENSATE(t3);\ + d4 = COMPENSATE(t4);\ + d5 = COMPENSATE(t5);\ + d6 = COMPENSATE(t6);\ + d7 = COMPENSATE(t7);\ + d8 = COMPENSATE(t8); } + +/** inverse 4-point Haar transform */ +#define INV_HAAR4(s1, s3, s5, s7) {\ + HAAR_BFLY(s1, s5); HAAR_BFLY(s1, s3); HAAR_BFLY(s5, s7);\ + s1 = COMPENSATE(s1);\ + s3 = COMPENSATE(s3);\ + s5 = COMPENSATE(s5);\ + s7 = COMPENSATE(s7); } + +void ff_ivi_inverse_haar_8x8(const int32_t *in, int16_t *out, uint32_t pitch, + const uint8_t *flags) +{ + int i, shift, sp1, sp2, sp3, sp4; + const int32_t *src; + int32_t *dst; + int tmp[64]; + int t0, t1, t2, t3, t4, t5, t6, t7, t8; + + /* apply the InvHaar8 to all columns */ +#define COMPENSATE(x) (x) + src = in; + dst = tmp; + for (i = 0; i < 8; i++) { + if (flags[i]) { + /* pre-scaling */ + shift = !(i & 4); + sp1 = src[ 0] << shift; + sp2 = src[ 8] << shift; + sp3 = src[16] << shift; + sp4 = src[24] << shift; + INV_HAAR8( sp1, sp2, sp3, sp4, + src[32], src[40], src[48], src[56], + dst[ 0], dst[ 8], dst[16], dst[24], + dst[32], dst[40], dst[48], dst[56], + t0, t1, t2, t3, t4, t5, t6, t7, t8); + } else + dst[ 0] = dst[ 8] = dst[16] = dst[24] = + dst[32] = dst[40] = dst[48] = dst[56] = 0; + + src++; + dst++; + } +#undef COMPENSATE + + /* apply the InvHaar8 to all rows */ +#define COMPENSATE(x) (x) + src = tmp; + for (i = 0; i < 8; i++) { + if ( !src[0] && !src[1] && !src[2] && !src[3] + && !src[4] && !src[5] && !src[6] && !src[7]) { + memset(out, 0, 8 * sizeof(out[0])); + } else { + INV_HAAR8(src[0], src[1], src[2], src[3], + src[4], src[5], src[6], src[7], + out[0], out[1], out[2], out[3], + out[4], out[5], out[6], out[7], + t0, t1, t2, t3, t4, t5, t6, t7, t8); + } + src += 8; + out += pitch; + } +#undef COMPENSATE +} + +void ff_ivi_dc_haar_2d(const int32_t *in, int16_t *out, uint32_t pitch, + int blk_size) +{ + int x, y; + int16_t dc_coeff; + + dc_coeff = (*in + 0) >> 3; + + for (y = 0; y < blk_size; out += pitch, y++) { + for (x = 0; x < blk_size; x++) + out[x] = dc_coeff; + } +} + /** butterfly operation for the inverse slant transform */ #define IVI_SLANT_BFLY(s1, s2, o1, o2, t) \ t = s1 - s2;\ diff --git a/libavcodec/ivi_dsp.h b/libavcodec/ivi_dsp.h index 4fb2f80035..5a3441764c 100644 --- a/libavcodec/ivi_dsp.h +++ b/libavcodec/ivi_dsp.h @@ -1,7 +1,7 @@ /* * DSP functions for Indeo Video Interactive codecs (Indeo4 and Indeo5) * - * Copyright (c) 2009 Maxim Poliakovski + * Copyright (c) 2009-2011 Maxim Poliakovski * * This file is part of FFmpeg. * @@ -43,6 +43,43 @@ void ff_ivi_recompose53(const IVIPlaneDesc *plane, uint8_t *dst, const int dst_pitch, const int num_bands); +/** + * Haar wavelet recomposition filter for Indeo 4 + * + * @param[in] plane pointer to the descriptor of the plane being processed + * @param[out] dst pointer to the destination buffer + * @param[in] dst_pitch pitch of the destination buffer + * @param[in] num_bands number of wavelet bands to be processed + */ +void ff_ivi_recompose_haar(const IVIPlaneDesc *plane, uint8_t *dst, + const int dst_pitch, const int num_bands); + +/** + * two-dimensional inverse Haar 8x8 transform for Indeo 4 + * + * @param[in] in pointer to the vector of transform coefficients + * @param[out] out pointer to the output buffer (frame) + * @param[in] pitch pitch to move to the next y line + * @param[in] flags pointer to the array of column flags: + * != 0 - non_empty column, 0 - empty one + * (this array must be filled by caller) + */ +void ff_ivi_inverse_haar_8x8(const int32_t *in, int16_t *out, uint32_t pitch, + const uint8_t *flags); + +/** + * DC-only two-dimensional inverse Haar transform for Indeo 4. + * Performing the inverse transform in this case is equivalent to + * spreading DC_coeff >> 3 over the whole block. + * + * @param[in] in pointer to the dc coefficient + * @param[out] out pointer to the output buffer (frame) + * @param[in] pitch pitch to move to the next y line + * @param[in] blk_size transform block size + */ +void ff_ivi_dc_haar_2d(const int32_t *in, int16_t *out, uint32_t pitch, + int blk_size); + /** * two-dimensional inverse slant 8x8 transform * diff --git a/libavcodec/version.h b/libavcodec/version.h index b088456e6f..49a09e1750 100644 --- a/libavcodec/version.h +++ b/libavcodec/version.h @@ -22,7 +22,7 @@ #define LIBAVCODEC_VERSION_MAJOR 53 #define LIBAVCODEC_VERSION_MINOR 42 -#define LIBAVCODEC_VERSION_MICRO 2 +#define LIBAVCODEC_VERSION_MICRO 3 #define LIBAVCODEC_VERSION_INT AV_VERSION_INT(LIBAVCODEC_VERSION_MAJOR, \ LIBAVCODEC_VERSION_MINOR, \ From a47c2772055b7d6195a245636aecd67d7e81a104 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 28 Dec 2011 18:33:29 +0100 Subject: [PATCH 205/331] v410dec: Check for sufficient input data. Fixes crash Signed-off-by: Michael Niedermayer (cherry picked from commit 11ca3416f92744f376c08e5f31bcbe5d9b44acb2) Signed-off-by: Michael Niedermayer --- libavcodec/v410dec.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/v410dec.c b/libavcodec/v410dec.c index 6640ba0345..c86009d31a 100644 --- a/libavcodec/v410dec.c +++ b/libavcodec/v410dec.c @@ -55,6 +55,11 @@ static int v410_decode_frame(AVCodecContext *avctx, void *data, if (pic->data[0]) avctx->release_buffer(avctx, pic); + if (avpkt->size < 4*avctx->height*avctx->width) { + av_log(avctx, AV_LOG_ERROR, "Insufficient input data.\n"); + return AVERROR(EINVAL); + } + pic->reference = 0; if (avctx->get_buffer(avctx, pic) < 0) { From 0280cf9aa71447bbb8942ae67338ae7391716e7c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 28 Dec 2011 19:05:16 +0100 Subject: [PATCH 206/331] vcr1dec: Check that there is sufficient input data. Fixes crash. Signed-off-by: Michael Niedermayer (cherry picked from commit 8e09482e4d27d65bbce2ce5c2f4392216011ed09) Signed-off-by: Michael Niedermayer --- libavcodec/vcr1.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/vcr1.c b/libavcodec/vcr1.c index 0c06813cf1..caeb29c487 100644 --- a/libavcodec/vcr1.c +++ b/libavcodec/vcr1.c @@ -56,6 +56,11 @@ static int decode_frame(AVCodecContext *avctx, if(p->data[0]) avctx->release_buffer(avctx, p); + if(buf_size < 16 + avctx->height + avctx->width*avctx->height*5/8){ + av_log(avctx, AV_LOG_ERROR, "Insufficient input data.\n"); + return AVERROR(EINVAL); + } + p->reference= 0; if(avctx->get_buffer(avctx, p) < 0){ av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n"); From 690fda3ae426077fda5cc186cae6d6f3e276b50a Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 28 Dec 2011 19:50:29 +0100 Subject: [PATCH 207/331] indeo5: fix null pointer crash with ref_mb Signed-off-by: Michael Niedermayer (cherry picked from commit 4b35ee0b7c0c4cbac3541a25a5e8c00b657c8f95) Signed-off-by: Michael Niedermayer --- libavcodec/ivi_common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/ivi_common.c b/libavcodec/ivi_common.c index f240845382..f66053b1a3 100644 --- a/libavcodec/ivi_common.c +++ b/libavcodec/ivi_common.c @@ -506,7 +506,7 @@ void ff_ivi_process_empty_tile(AVCodecContext *avctx, IVIBandDesc *band, if (band->inherit_qdelta && ref_mb) mb->q_delta = ref_mb->q_delta; - if (band->inherit_mv) { + if (band->inherit_mv && ref_mb) { /* motion vector inheritance */ if (mv_scale) { mb->mv_x = ivi_scale_mv(ref_mb->mv_x, mv_scale); From f09bbd38b038ad65aee8abc16f0009e7637e7f9f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 28 Dec 2011 20:13:00 +0100 Subject: [PATCH 208/331] indeo5: Fix crash due to partially initialized gop vars. Signed-off-by: Michael Niedermayer (cherry picked from commit d46bc4133c104188dd6719365605e42bd1b5e2ff) Signed-off-by: Michael Niedermayer --- libavcodec/indeo5.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/libavcodec/indeo5.c b/libavcodec/indeo5.c index 4c6bfd66d1..95bae2346a 100644 --- a/libavcodec/indeo5.c +++ b/libavcodec/indeo5.c @@ -90,7 +90,7 @@ typedef struct { */ static int decode_gop_header(IVI5DecContext *ctx, AVCodecContext *avctx) { - int result, i, p, tile_size, pic_size_indx, mb_size, blk_size; + int result, i, p, tile_size, pic_size_indx, mb_size, blk_size, is_scalable; int quant_mat, blk_size_changed = 0; IVIBandDesc *band, *band1, *band2; IVIPicConfig pic_conf; @@ -112,8 +112,8 @@ static int decode_gop_header(IVI5DecContext *ctx, AVCodecContext *avctx) /* num_levels * 3 + 1 */ pic_conf.luma_bands = get_bits(&ctx->gb, 2) * 3 + 1; pic_conf.chroma_bands = get_bits1(&ctx->gb) * 3 + 1; - ctx->is_scalable = pic_conf.luma_bands != 1 || pic_conf.chroma_bands != 1; - if (ctx->is_scalable && (pic_conf.luma_bands != 4 || pic_conf.chroma_bands != 1)) { + is_scalable = pic_conf.luma_bands != 1 || pic_conf.chroma_bands != 1; + if (is_scalable && (pic_conf.luma_bands != 4 || pic_conf.chroma_bands != 1)) { av_log(avctx, AV_LOG_ERROR, "Scalability: unsupported subdivision! Luma bands: %d, chroma bands: %d\n", pic_conf.luma_bands, pic_conf.chroma_bands); return -1; @@ -151,6 +151,7 @@ static int decode_gop_header(IVI5DecContext *ctx, AVCodecContext *avctx) return -1; } ctx->pic_conf = pic_conf; + ctx->is_scalable = is_scalable; blk_size_changed = 1; /* force reallocation of the internal structures */ } From acdc505b2aeeeed72bf9f7373a5991861afb5752 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 28 Dec 2011 21:31:00 +0100 Subject: [PATCH 209/331] indeo5: fix division by 0 in ff_ivi_init_tiles() Signed-off-by: Michael Niedermayer (cherry picked from commit 92e2b59dec8c0124a209ce24f23450df9607d9d8) Signed-off-by: Michael Niedermayer --- libavcodec/ivi_common.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/ivi_common.c b/libavcodec/ivi_common.c index f66053b1a3..e5fdd4a95b 100644 --- a/libavcodec/ivi_common.c +++ b/libavcodec/ivi_common.c @@ -260,6 +260,8 @@ int av_cold ff_ivi_init_tiles(IVIPlaneDesc *planes, int tile_width, int tile_hei t_width >>= 1; t_height >>= 1; } + if(t_width<=0 || t_height<=0) + return AVERROR(EINVAL); for (b = 0; b < planes[p].num_bands; b++) { band = &planes[p].bands[b]; From 7cd9732b334241aa40ecd39a8860ed6fbbf42757 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 29 Dec 2011 05:16:34 +0100 Subject: [PATCH 210/331] qpeg: Check for overread in qpeg_decode_intra. Reviewed-by: Paul B Mahol Signed-off-by: Michael Niedermayer (cherry picked from commit e7c1e38ba632f7315e332dd350b38f782f428884) Signed-off-by: Michael Niedermayer --- libavcodec/qpeg.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/libavcodec/qpeg.c b/libavcodec/qpeg.c index 84e2b41629..bbb9f71aae 100644 --- a/libavcodec/qpeg.c +++ b/libavcodec/qpeg.c @@ -32,7 +32,7 @@ typedef struct QpegContext{ uint32_t pal[256]; } QpegContext; -static void qpeg_decode_intra(const uint8_t *src, uint8_t *dst, int size, +static int qpeg_decode_intra(const uint8_t *src, uint8_t *dst, int size, int stride, int width, int height) { int i; @@ -94,6 +94,8 @@ static void qpeg_decode_intra(const uint8_t *src, uint8_t *dst, int size, } } else { size -= copy; + if (size<0) + return AVERROR_INVALIDDATA; for(i = 0; i < copy; i++) { dst[filled++] = *src++; if (filled >= width) { @@ -106,6 +108,7 @@ static void qpeg_decode_intra(const uint8_t *src, uint8_t *dst, int size, } } } + return 0; } static const int qpeg_table_h[16] = @@ -259,7 +262,7 @@ static int decode_frame(AVCodecContext *avctx, AVFrame * p= (AVFrame*)&a->pic; AVFrame * ref= (AVFrame*)&a->ref; uint8_t* outdata; - int delta; + int delta, ret = 0; const uint8_t *pal = av_packet_get_side_data(avpkt, AV_PKT_DATA_PALETTE, NULL); if(ref->data[0]) @@ -273,12 +276,15 @@ static int decode_frame(AVCodecContext *avctx, } outdata = a->pic.data[0]; if(buf[0x85] == 0x10) { - qpeg_decode_intra(buf+0x86, outdata, buf_size - 0x86, a->pic.linesize[0], avctx->width, avctx->height); + ret = qpeg_decode_intra(buf+0x86, outdata, buf_size - 0x86, a->pic.linesize[0], avctx->width, avctx->height); } else { delta = buf[0x85]; qpeg_decode_inter(buf+0x86, outdata, buf_size - 0x86, a->pic.linesize[0], avctx->width, avctx->height, delta, buf + 4, a->ref.data[0]); } + if (ret<0) + return ret; + /* make the palette available on the way out */ if (pal) { a->pic.palette_has_changed = 1; From e1152971a6d1d1b74aa9793e19c32785a683f985 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 29 Dec 2011 05:05:52 +0100 Subject: [PATCH 211/331] issdemux: Check packet_size for validity Reviewed-by: Paul B Mahol Signed-off-by: Michael Niedermayer (cherry picked from commit bf5cc805190b5811b786a454f01cccf9a7e366b9) Signed-off-by: Michael Niedermayer --- libavformat/iss.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavformat/iss.c b/libavformat/iss.c index 2bae3c1d7b..bbc8465b35 100644 --- a/libavformat/iss.c +++ b/libavformat/iss.c @@ -87,6 +87,11 @@ static av_cold int iss_read_header(AVFormatContext *s, AVFormatParameters *ap) get_token(pb, token, sizeof(token)); //Version ID get_token(pb, token, sizeof(token)); //Size + if (iss->packet_size <= 0) { + av_log(s, AV_LOG_ERROR, "packet_size %d is invalid\n", iss->packet_size); + return AVERROR_INVALIDDATA; + } + iss->sample_start_pos = avio_tell(pb); st = avformat_new_stream(s, NULL); From 94773637baad59c166a033ee2bc13afb661515e3 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 29 Dec 2011 03:42:15 +0100 Subject: [PATCH 212/331] h264_mp4toannexb_filter: pass error code through. Bug-Found-by and Suggested bugfix: Tanami, Ohad Reviewed-by: Derek Buitenhuis Signed-off-by: Michael Niedermayer (cherry picked from commit 7ae251b4d8a18bc63734e58f1baafac634c67e01) Signed-off-by: Michael Niedermayer --- libavcodec/h264_mp4toannexb_bsf.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/libavcodec/h264_mp4toannexb_bsf.c b/libavcodec/h264_mp4toannexb_bsf.c index e85bdb6712..5085ecbdfd 100644 --- a/libavcodec/h264_mp4toannexb_bsf.c +++ b/libavcodec/h264_mp4toannexb_bsf.c @@ -63,6 +63,7 @@ static int h264_mp4toannexb_filter(AVBitStreamFilterContext *bsfc, int32_t nal_size; uint32_t cumul_size = 0; const uint8_t *buf_end = buf + buf_size; + int ret = AVERROR(EINVAL); /* nothing to filter */ if (!avctx->extradata || avctx->extradata_size < 6) { @@ -137,6 +138,7 @@ pps: *poutbuf_size = 0; *poutbuf = NULL; do { + ret= AVERROR(EINVAL); if (buf + ctx->length_size > buf_end) goto fail; @@ -155,15 +157,15 @@ pps: /* prepend only to the first type 5 NAL unit of an IDR picture */ if (ctx->first_idr && unit_type == 5) { - if (alloc_and_copy(poutbuf, poutbuf_size, + if ((ret=alloc_and_copy(poutbuf, poutbuf_size, avctx->extradata, avctx->extradata_size, - buf, nal_size) < 0) + buf, nal_size)) < 0) goto fail; ctx->first_idr = 0; } else { - if (alloc_and_copy(poutbuf, poutbuf_size, + if ((ret=alloc_and_copy(poutbuf, poutbuf_size, NULL, 0, - buf, nal_size) < 0) + buf, nal_size)) < 0) goto fail; if (!ctx->first_idr && unit_type == 1) ctx->first_idr = 1; @@ -178,7 +180,7 @@ pps: fail: av_freep(poutbuf); *poutbuf_size = 0; - return AVERROR(EINVAL); + return ret; } AVBitStreamFilter ff_h264_mp4toannexb_bsf = { From f246d46ee66678bdd23e939aaede28943cfeb8da Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 29 Dec 2011 02:34:43 +0100 Subject: [PATCH 213/331] indeo5: Fix null pointer dereferences of ref_mb Reviewed-by: Derek Buitenhuis Signed-off-by: Michael Niedermayer (cherry picked from commit f41a6c8f3aeb51332bb359038cb504d3fb562a52) Signed-off-by: Michael Niedermayer --- libavcodec/indeo5.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavcodec/indeo5.c b/libavcodec/indeo5.c index 95bae2346a..983518838f 100644 --- a/libavcodec/indeo5.c +++ b/libavcodec/indeo5.c @@ -482,7 +482,7 @@ static int decode_mb_info(IVI5DecContext *ctx, IVIBandDesc *band, } mb->mv_x = mb->mv_y = 0; /* no motion vector coded */ - if (band->inherit_mv){ + if (band->inherit_mv && ref_mb){ /* motion vector inheritance */ if (mv_scale) { mb->mv_x = ivi_scale_mv(ref_mb->mv_x, mv_scale); @@ -493,7 +493,7 @@ static int decode_mb_info(IVI5DecContext *ctx, IVIBandDesc *band, } } } else { - if (band->inherit_mv) { + if (band->inherit_mv && ref_mb) { mb->type = ref_mb->type; /* copy mb_type from corresponding reference mb */ } else if (ctx->frame_type == FRAMETYPE_INTRA) { mb->type = 0; /* mb_type is always INTRA for intra-frames */ @@ -519,7 +519,7 @@ static int decode_mb_info(IVI5DecContext *ctx, IVIBandDesc *band, if (!mb->type) { mb->mv_x = mb->mv_y = 0; /* there is no motion vector in intra-macroblocks */ } else { - if (band->inherit_mv){ + if (band->inherit_mv && ref_mb){ /* motion vector inheritance */ if (mv_scale) { mb->mv_x = ivi_scale_mv(ref_mb->mv_x, mv_scale); From 53c430415a65cb4097bdb59b924aaa09bc5e2bb2 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 29 Dec 2011 21:31:22 +0100 Subject: [PATCH 214/331] nsvdec: Check av_malloc(string_size) This can easily be NULL as string_size can be 2g in a damaged file. Signed-off-by: Michael Niedermayer (cherry picked from commit b9e0e9537a3ec4af1630e9f1b8d0ce68885cac16) Signed-off-by: Michael Niedermayer --- libavformat/nsvdec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/nsvdec.c b/libavformat/nsvdec.c index 72d626af73..76bcd4a5ea 100644 --- a/libavformat/nsvdec.c +++ b/libavformat/nsvdec.c @@ -314,6 +314,8 @@ static int nsv_parse_NSVf_header(AVFormatContext *s, AVFormatParameters *ap) char quote; p = strings = av_mallocz(strings_size + 1); + if (!p) + return AVERROR(ENOMEM); endp = strings + strings_size; avio_read(pb, strings, strings_size); while (p < endp) { From fa97a8030f6d13aa1aafa583c6e40445c574fb8f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 29 Dec 2011 23:22:41 +0100 Subject: [PATCH 215/331] flvdec: Check index for being valid Fixes seeking in Enigma_Principles_of_Lust.flv Signed-off-by: Michael Niedermayer (cherry picked from commit df0bff6643cadbd9c07bbe2b0536a7c9d0dfe0c6) Signed-off-by: Michael Niedermayer --- libavformat/flvdec.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c index 0699f544b5..ce6d535753 100644 --- a/libavformat/flvdec.c +++ b/libavformat/flvdec.c @@ -197,7 +197,16 @@ static int parse_keyframes_index(AVFormatContext *s, AVIOContext *ioc, AVStream } } - if (timeslen == fileposlen && fileposlen && max_pos <= filepositions[0]) { + if (timeslen == fileposlen && fileposlen>1 && max_pos <= filepositions[0]) { + int64_t dts, size0, size1; + avio_seek(ioc, filepositions[1]-4, SEEK_SET); + size0 = avio_rb32(ioc); + avio_r8(ioc); + size1 = avio_rb24(ioc); + dts = avio_rb24(ioc); + dts |= avio_r8(ioc) << 24; + if (size0 > filepositions[1] || FFABS(dts - times[1]*1000)>5000) + goto finish; for(i = 0; i < timeslen; i++) av_add_index_entry(vstream, filepositions[i], times[i]*1000, 0, 0, AVINDEX_KEYFRAME); } else From 3ccbd6b06d316bf67b7b7ca4ee40eda3eef0c4c5 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 30 Dec 2011 05:12:38 +0100 Subject: [PATCH 216/331] ljpegdec: fix point transform injection. Fix Ticket842 Signed-off-by: Michael Niedermayer (cherry picked from commit b0143da80656f286b3e2363f3ddb6f81c4a0fbf5) Signed-off-by: Michael Niedermayer --- libavcodec/mjpegdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index b8d73ed481..5a6133f313 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -656,7 +656,7 @@ static int ljpeg_decode_rgb_scan(MJpegDecodeContext *s, int predictor, int point buffer= s->ljpeg_buffer; for(i=0; i<3; i++){ - buffer[0][i]= 1 << (s->bits + point_transform - 1); + buffer[0][i]= 1 << (s->bits - 1); } for(mb_y = 0; mb_y < s->mb_height; mb_y++) { const int modified_predictor= mb_y ? predictor : 1; From a4269652ab831456c77dad3bc59f116f50e6c6f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Fri, 30 Dec 2011 10:37:33 +0100 Subject: [PATCH 217/331] Avoid av_memcpy_backptr hang without extra branch. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This only happens for a "back" value of 0 which is invalid anyway, but lcldec does not properly validate input. Also extend the documentation to specify valid values. Signed-off-by: Reimar Döffinger (cherry picked from commit 874da652b307fe0d2bec08fc5916a9a82537f40c) Signed-off-by: Michael Niedermayer --- libavutil/lzo.c | 6 +++--- libavutil/lzo.h | 5 ++++- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/libavutil/lzo.c b/libavutil/lzo.c index 0b9d2e42ba..3642308100 100644 --- a/libavutil/lzo.c +++ b/libavutil/lzo.c @@ -112,7 +112,7 @@ static inline void memcpy_backptr(uint8_t *dst, int back, int cnt); /** * @brief Copies previously decoded bytes to current position. - * @param back how many bytes back we start + * @param back how many bytes back we start, must be > 0 * @param cnt number of bytes to copy, must be >= 0 * * cnt > back is valid, this will copy the bytes we just copied, @@ -135,9 +135,9 @@ static inline void copy_backptr(LZOContext *c, int back, int cnt) { static inline void memcpy_backptr(uint8_t *dst, int back, int cnt) { const uint8_t *src = &dst[-back]; - if (back == 1) { + if (back <= 1) { memset(dst, *src, cnt); - } else if(back>0) { + } else { #ifdef OUTBUF_PADDED COPY2(dst, src); COPY2(dst + 2, src + 2); diff --git a/libavutil/lzo.h b/libavutil/lzo.h index d60d8d7487..379c08c8c7 100644 --- a/libavutil/lzo.h +++ b/libavutil/lzo.h @@ -62,11 +62,14 @@ int av_lzo1x_decode(void *out, int *outlen, const void *in, int *inlen); /** * @brief deliberately overlapping memcpy implementation * @param dst destination buffer; must be padded with 12 additional bytes - * @param back how many bytes back we start (the initial size of the overlapping window) + * @param back how many bytes back we start (the initial size of the overlapping window), must be > 0 * @param cnt number of bytes to copy, must be >= 0 * * cnt > back is valid, this will copy the bytes we just copied, * thus creating a repeating pattern with a period length of back. + * Note that lcldec currently can set back == 0 - which is wrong and + * makes no sense, but the code should at least avoid crashing or hanging + * for this case. */ void av_memcpy_backptr(uint8_t *dst, int back, int cnt); From 0064fcb486cc29a9bc60a52245a3802d363df85b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 29 Dec 2011 21:26:30 +0100 Subject: [PATCH 218/331] mlp_parser: Fix infinite loop with 0 bytes_left. Signed-off-by: Michael Niedermayer (cherry picked from commit e146ad95d79b1a6e6b9e566366b832825c79679f) Signed-off-by: Michael Niedermayer --- libavcodec/mlp_parser.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/mlp_parser.c b/libavcodec/mlp_parser.c index 4ceea5e9e1..f31e2d5727 100644 --- a/libavcodec/mlp_parser.c +++ b/libavcodec/mlp_parser.c @@ -263,6 +263,9 @@ static int mlp_parse(AVCodecParserContext *s, mp->bytes_left = ((mp->pc.index > 0 ? mp->pc.buffer[0] : buf[0]) << 8) | (mp->pc.index > 1 ? mp->pc.buffer[1] : buf[1-mp->pc.index]); mp->bytes_left = (mp->bytes_left & 0xfff) * 2; + if (mp->bytes_left <= 0) { // prevent infinite loop + goto lost_sync; + } mp->bytes_left -= mp->pc.index; } From 2dcacbb68e835f74354e5289d841397872d5060b Mon Sep 17 00:00:00 2001 From: Jean First Date: Fri, 30 Dec 2011 21:08:01 +0100 Subject: [PATCH 219/331] cache: use av_freep instead of av_free in cache_open Signed-off-by: Jean First Signed-off-by: Michael Niedermayer (cherry picked from commit 576ada791a5085b7427c9062ba4f65e811914bd0) Signed-off-by: Michael Niedermayer --- libavformat/cache.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/cache.c b/libavformat/cache.c index d94cf5fbac..011ea829c3 100644 --- a/libavformat/cache.c +++ b/libavformat/cache.c @@ -64,7 +64,7 @@ static int cache_open(URLContext *h, const char *arg, int flags) } unlink(buffername); - av_free(buffername); + av_freep(&buffername); return ffurl_open(&c->inner, arg, flags, &h->interrupt_callback, NULL); } From 0bf48d24d7f220b70f5968b8f691abf2f7a398b3 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 31 Dec 2011 03:39:22 +0100 Subject: [PATCH 220/331] flvdec: Check avpriv_mpeg4audio_get_config() return value before using its output. Signed-off-by: Michael Niedermayer (cherry picked from commit 5500e65342a2afc5caa8fe38496aa1a3b1f28cbc) Signed-off-by: Michael Niedermayer --- libavformat/flvdec.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c index ce6d535753..d823628817 100644 --- a/libavformat/flvdec.c +++ b/libavformat/flvdec.c @@ -560,8 +560,8 @@ static int flv_read_packet(AVFormatContext *s, AVPacket *pkt) return ret; if (st->codec->codec_id == CODEC_ID_AAC) { MPEG4AudioConfig cfg; - avpriv_mpeg4audio_get_config(&cfg, st->codec->extradata, - st->codec->extradata_size * 8, 1); + if (avpriv_mpeg4audio_get_config(&cfg, st->codec->extradata, + st->codec->extradata_size * 8, 1) >= 0) { st->codec->channels = cfg.channels; if (cfg.ext_sample_rate) st->codec->sample_rate = cfg.ext_sample_rate; @@ -569,6 +569,7 @@ static int flv_read_packet(AVFormatContext *s, AVPacket *pkt) st->codec->sample_rate = cfg.sample_rate; av_dlog(s, "mp4a config channels %d sample rate %d\n", st->codec->channels, st->codec->sample_rate); + } } ret = AVERROR(EAGAIN); From 4ae111cf71e11a78fd00d421abf19ce5df4ab349 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 31 Dec 2011 15:27:51 +0100 Subject: [PATCH 221/331] lavf: ffio_limit(), treat avio_size()==0 as error. This works around issues arising from inputs that claim to have a filesize of 0. Reported-by: buzz_ Signed-off-by: Michael Niedermayer (cherry picked from commit e6362f3a3cfbabf457fc7ebb2205cbfc043501ee) Signed-off-by: Michael Niedermayer --- libavformat/utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index b59a69228e..304e3642fa 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -271,7 +271,7 @@ int ffio_limit(AVIOContext *s, int size) if(remaining < size){ int64_t newsize= avio_size(s); if(!s->maxsize || s->maxsizemaxsize= newsize; + s->maxsize= newsize - !newsize; remaining= s->maxsize - avio_tell(s); remaining= FFMAX(remaining, 0); } From b8cc9e206b2ff80b7f1c3a7b8a7809f3e54d5e52 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Fri, 30 Dec 2011 10:42:55 +0100 Subject: [PATCH 222/331] Avoid uninitialized data in lcldec when ofs is 0 in MSZH. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Reimar Döffinger (cherry picked from commit 42a1f1d7a8cf67eed68db596d6a1e53c0c36e4ab) Signed-off-by: Michael Niedermayer --- libavcodec/lcldec.c | 8 +++++++- libavutil/lzo.h | 3 --- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/libavcodec/lcldec.c b/libavcodec/lcldec.c index e288fc3f63..57b04f79f1 100644 --- a/libavcodec/lcldec.c +++ b/libavcodec/lcldec.c @@ -96,7 +96,13 @@ static unsigned int mszh_decomp(const unsigned char * srcptr, int srclen, unsign ofs = FFMIN(ofs, destptr - destptr_bak); cnt *= 4; cnt = FFMIN(cnt, destptr_end - destptr); - av_memcpy_backptr(destptr, ofs, cnt); + if (ofs) { + av_memcpy_backptr(destptr, ofs, cnt); + } else { + // Not known what the correct behaviour is, but + // this at least avoids uninitialized data. + memset(destptr, 0, cnt); + } destptr += cnt; } maskbit >>= 1; diff --git a/libavutil/lzo.h b/libavutil/lzo.h index 379c08c8c7..060b5c9d76 100644 --- a/libavutil/lzo.h +++ b/libavutil/lzo.h @@ -67,9 +67,6 @@ int av_lzo1x_decode(void *out, int *outlen, const void *in, int *inlen); * * cnt > back is valid, this will copy the bytes we just copied, * thus creating a repeating pattern with a period length of back. - * Note that lcldec currently can set back == 0 - which is wrong and - * makes no sense, but the code should at least avoid crashing or hanging - * for this case. */ void av_memcpy_backptr(uint8_t *dst, int back, int cnt); From f6e360770da830911e30964ae4c6116ddb43cbd7 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 1 Jan 2012 03:46:06 +0100 Subject: [PATCH 223/331] mpegpsenc: Fix integer overflow of the muxrate calculation. this should fix the failure of h264-bsf-mp4toannexb on freebsd/openbsd Signed-off-by: Michael Niedermayer (cherry picked from commit 490c97bdf5ed1c6f05abe4446e67e598881fc53f) Signed-off-by: Michael Niedermayer --- libavformat/mpegenc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mpegenc.c b/libavformat/mpegenc.c index 01ee004f45..455be5706d 100644 --- a/libavformat/mpegenc.c +++ b/libavformat/mpegenc.c @@ -429,7 +429,7 @@ static int mpeg_mux_init(AVFormatContext *ctx) if (!s->mux_rate) { /* we increase slightly the bitrate to take into account the headers. XXX: compute it exactly */ - bitrate += bitrate*5/100; + bitrate += bitrate*5LL/100; bitrate += 10000; s->mux_rate = (bitrate + (8 * 50) - 1) / (8 * 50); } From 86fbd610ef706bd0e26a246023e6324e9ca8c13a Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Sun, 1 Jan 2012 05:04:25 +0100 Subject: [PATCH 224/331] Update copyright year. (cherry picked from commit 8dc973e6d1442e6427dfcb9817f9d15695555465) Signed-off-by: Michael Niedermayer --- cmdutils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmdutils.c b/cmdutils.c index 4a5421b770..d4fe54ae1b 100644 --- a/cmdutils.c +++ b/cmdutils.c @@ -53,7 +53,7 @@ struct SwsContext *sws_opts; AVDictionary *format_opts, *codec_opts; -static const int this_year = 2011; +static const int this_year = 2012; static FILE *report_file; From 3fe4055c5fe5c111deda7ee72550c1e9c7647183 Mon Sep 17 00:00:00 2001 From: Jean First Date: Sun, 1 Jan 2012 22:08:17 +0100 Subject: [PATCH 225/331] j2kdec: av_log formatting use %tx instead of %x Signed-off-by: Jean First Signed-off-by: Michael Niedermayer (cherry picked from commit b1031562351d81fb56f9338df5876dc2153d9f26) Signed-off-by: Michael Niedermayer --- libavcodec/j2kdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/j2kdec.c b/libavcodec/j2kdec.c index e35c97d860..7f6506bb92 100644 --- a/libavcodec/j2kdec.c +++ b/libavcodec/j2kdec.c @@ -921,7 +921,7 @@ static int decode_codestream(J2kDecoderContext *s) marker = bytestream_get_be16(&s->buf); if(s->avctx->debug & FF_DEBUG_STARTCODE) - av_log(s->avctx, AV_LOG_DEBUG, "marker 0x%.4X at pos 0x%x\n", marker, s->buf - s->buf_start - 4); + av_log(s->avctx, AV_LOG_DEBUG, "marker 0x%.4X at pos 0x%tx\n", marker, s->buf - s->buf_start - 4); oldbuf = s->buf; if (marker == J2K_SOD){ From e5ae872309b8e89900237422153492bb5a178a07 Mon Sep 17 00:00:00 2001 From: Paul B Mahol Date: Sun, 1 Jan 2012 12:16:42 +0000 Subject: [PATCH 226/331] y41p encoder and decoder y41p is a packed 12-bit 4:1:1 YUV format used by Brooktree. Fixes issue 1123 / ticket #102. Signed-off-by: Michael Niedermayer (cherry picked from commit dfa77dead2c97ec84092066102b14a2524d4d88b) Conflicts: Changelog libavcodec/version.h Signed-off-by: Michael Niedermayer --- Changelog | 1 + doc/general.texi | 1 + libavcodec/Makefile | 2 + libavcodec/allcodecs.c | 1 + libavcodec/avcodec.h | 1 + libavcodec/version.h | 2 +- libavcodec/y41pdec.c | 116 +++++++++++++++++++++++++++++++++++++++++ libavcodec/y41penc.c | 101 +++++++++++++++++++++++++++++++++++ libavformat/isom.c | 1 + libavformat/riff.c | 1 + 10 files changed, 226 insertions(+), 1 deletion(-) create mode 100644 libavcodec/y41pdec.c create mode 100644 libavcodec/y41penc.c diff --git a/Changelog b/Changelog index 6e3e82de2a..9d406bf10b 100644 --- a/Changelog +++ b/Changelog @@ -5,6 +5,7 @@ version 0.9: - Indeo 4 decoder - SMJPEG demuxer +- y41p Brooktree Uncompressed 4:1:1 12-bit encoder and decoder - openal input device added - boxblur filter added - BWF muxer diff --git a/doc/general.texi b/doc/general.texi index 14f05971cf..495527aefd 100644 --- a/doc/general.texi +++ b/doc/general.texi @@ -443,6 +443,7 @@ following image formats are supported: @tab Used in some games from Bethesda Softworks. @item Bink Video @tab @tab X @item Bitmap Brothers JV video @tab @tab X +@item y41p Brooktree uncompressed 4:1:1 12-bit @tab X @tab X @item Brute Force & Ignorance @tab @tab X @tab Used in the game Flash Traffic: City of Angels. @item C93 video @tab @tab X diff --git a/libavcodec/Makefile b/libavcodec/Makefile index b688807997..bc7650f331 100644 --- a/libavcodec/Makefile +++ b/libavcodec/Makefile @@ -466,6 +466,8 @@ OBJS-$(CONFIG_XBIN_DECODER) += bintext.o cga_data.o OBJS-$(CONFIG_XL_DECODER) += xl.o OBJS-$(CONFIG_XSUB_DECODER) += xsubdec.o OBJS-$(CONFIG_XSUB_ENCODER) += xsubenc.o +OBJS-$(CONFIG_Y41P_DECODER) += y41pdec.o +OBJS-$(CONFIG_Y41P_ENCODER) += y41penc.o OBJS-$(CONFIG_YOP_DECODER) += yop.o OBJS-$(CONFIG_ZLIB_DECODER) += lcldec.o OBJS-$(CONFIG_ZLIB_ENCODER) += lclenc.o diff --git a/libavcodec/allcodecs.c b/libavcodec/allcodecs.c index 0ef5602ff5..9a608ebf7e 100644 --- a/libavcodec/allcodecs.c +++ b/libavcodec/allcodecs.c @@ -243,6 +243,7 @@ void avcodec_register_all(void) REGISTER_DECODER (XAN_WC3, xan_wc3); REGISTER_DECODER (XAN_WC4, xan_wc4); REGISTER_DECODER (XL, xl); + REGISTER_ENCDEC (Y41P, y41p); REGISTER_DECODER (YOP, yop); REGISTER_ENCDEC (ZLIB, zlib); REGISTER_ENCDEC (ZMBV, zmbv); diff --git a/libavcodec/avcodec.h b/libavcodec/avcodec.h index c40a23ec2f..85e24ba515 100644 --- a/libavcodec/avcodec.h +++ b/libavcodec/avcodec.h @@ -255,6 +255,7 @@ enum CodecID { CODEC_ID_VBLE, CODEC_ID_DXTORY, CODEC_ID_V410, + CODEC_ID_Y41P = MKBETAG('Y','4','1','P'), CODEC_ID_UTVIDEO = 0x800, CODEC_ID_ESCAPE130 = MKBETAG('E','1','3','0'), diff --git a/libavcodec/version.h b/libavcodec/version.h index 49a09e1750..8d7f4a8d38 100644 --- a/libavcodec/version.h +++ b/libavcodec/version.h @@ -22,7 +22,7 @@ #define LIBAVCODEC_VERSION_MAJOR 53 #define LIBAVCODEC_VERSION_MINOR 42 -#define LIBAVCODEC_VERSION_MICRO 3 +#define LIBAVCODEC_VERSION_MICRO 4 #define LIBAVCODEC_VERSION_INT AV_VERSION_INT(LIBAVCODEC_VERSION_MAJOR, \ LIBAVCODEC_VERSION_MINOR, \ diff --git a/libavcodec/y41pdec.c b/libavcodec/y41pdec.c new file mode 100644 index 0000000000..ea9bf9282a --- /dev/null +++ b/libavcodec/y41pdec.c @@ -0,0 +1,116 @@ +/* + * y41p decoder + * + * Copyright (c) 2012 Paul B Mahol + * + * This file is part of FFmpeg. + * + * FFmpeg is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * FFmpeg is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with FFmpeg; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#include "avcodec.h" + +static av_cold int y41p_decode_init(AVCodecContext *avctx) +{ + avctx->pix_fmt = PIX_FMT_YUV411P; + avctx->bits_per_raw_sample = 12; + + if (avctx->width & 7) { + av_log(avctx, AV_LOG_WARNING, "y41p requires width to be divisible by 8.\n"); + } + + avctx->coded_frame = avcodec_alloc_frame(); + if (!avctx->coded_frame) { + av_log(avctx, AV_LOG_ERROR, "Could not allocate frame.\n"); + return AVERROR(ENOMEM); + } + + return 0; +} + +static int y41p_decode_frame(AVCodecContext *avctx, void *data, + int *data_size, AVPacket *avpkt) +{ + AVFrame *pic = avctx->coded_frame; + uint8_t *src = avpkt->data; + uint8_t *y, *u, *v; + int i, j; + + if (pic->data[0]) + avctx->release_buffer(avctx, pic); + + if (avpkt->size < 1.5 * avctx->height * avctx->width) { + av_log(avctx, AV_LOG_ERROR, "Insufficient input data.\n"); + return AVERROR(EINVAL); + } + + pic->reference = 0; + + if (avctx->get_buffer(avctx, pic) < 0) { + av_log(avctx, AV_LOG_ERROR, "Could not allocate buffer.\n"); + return AVERROR(ENOMEM); + } + + pic->key_frame = 1; + pic->pict_type = FF_I_TYPE; + + for (i = avctx->height - 1; i >= 0 ; i--) { + y = &pic->data[0][i * pic->linesize[0]]; + u = &pic->data[1][i * pic->linesize[1]]; + v = &pic->data[2][i * pic->linesize[2]]; + for (j = 0; j < avctx->width; j += 8) { + *(u++) = *src++; + *(y++) = *src++; + *(v++) = *src++; + *(y++) = *src++; + + *(u++) = *src++; + *(y++) = *src++; + *(v++) = *src++; + *(y++) = *src++; + + *(y++) = *src++; + *(y++) = *src++; + *(y++) = *src++; + *(y++) = *src++; + } + } + + *data_size = sizeof(AVFrame); + *(AVFrame *)data = *pic; + + return avpkt->size; +} + +static av_cold int y41p_decode_close(AVCodecContext *avctx) +{ + if (avctx->coded_frame->data[0]) + avctx->release_buffer(avctx, avctx->coded_frame); + + av_freep(&avctx->coded_frame); + + return 0; +} + +AVCodec ff_y41p_decoder = { + .name = "y41p", + .type = AVMEDIA_TYPE_VIDEO, + .id = CODEC_ID_Y41P, + .init = y41p_decode_init, + .decode = y41p_decode_frame, + .close = y41p_decode_close, + .capabilities = CODEC_CAP_DR1, + .long_name = NULL_IF_CONFIG_SMALL("Uncompressed YUV 4:1:1 12-bit"), +}; diff --git a/libavcodec/y41penc.c b/libavcodec/y41penc.c new file mode 100644 index 0000000000..b8b4a2e43b --- /dev/null +++ b/libavcodec/y41penc.c @@ -0,0 +1,101 @@ +/* + * y41p encoder + * + * Copyright (c) 2012 Paul B Mahol + * + * This file is part of FFmpeg. + * + * FFmpeg is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * FFmpeg is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with FFmpeg; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#include "avcodec.h" + +static av_cold int y41p_encode_init(AVCodecContext *avctx) +{ + if (avctx->width & 7) { + av_log(avctx, AV_LOG_ERROR, "y41p requires width to be divisible by 8.\n"); + return AVERROR_INVALIDDATA; + } + + avctx->coded_frame = avcodec_alloc_frame(); + + if (!avctx->coded_frame) { + av_log(avctx, AV_LOG_ERROR, "Could not allocate frame.\n"); + return AVERROR(ENOMEM); + } + + return 0; +} + +static int y41p_encode_frame(AVCodecContext *avctx, uint8_t *buf, + int buf_size, void *data) +{ + AVFrame *pic = data; + uint8_t *dst = buf; + uint8_t *y, *u, *v; + int i, j; + + if (buf_size < avctx->width * avctx->height * 1.5) { + av_log(avctx, AV_LOG_ERROR, "Out buffer is too small.\n"); + return AVERROR(ENOMEM); + } + + avctx->coded_frame->reference = 0; + avctx->coded_frame->key_frame = 1; + avctx->coded_frame->pict_type = FF_I_TYPE; + + for (i = avctx->height - 1; i >= 0; i--) { + y = &pic->data[0][i * pic->linesize[0]]; + u = &pic->data[1][i * pic->linesize[1]]; + v = &pic->data[2][i * pic->linesize[2]]; + for (j = 0; j < avctx->width; j += 8) { + *(dst++) = *(u++); + *(dst++) = *(y++); + *(dst++) = *(v++); + *(dst++) = *(y++); + + *(dst++) = *(u++); + *(dst++) = *(y++); + *(dst++) = *(v++); + *(dst++) = *(y++); + + *(dst++) = *(y++); + *(dst++) = *(y++); + *(dst++) = *(y++); + *(dst++) = *(y++); + } + } + + return avctx->width * avctx->height * 1.5; +} + +static av_cold int y41p_encode_close(AVCodecContext *avctx) +{ + av_freep(&avctx->coded_frame); + + return 0; +} + +AVCodec ff_y41p_encoder = { + .name = "y41p", + .type = AVMEDIA_TYPE_VIDEO, + .id = CODEC_ID_Y41P, + .init = y41p_encode_init, + .encode = y41p_encode_frame, + .close = y41p_encode_close, + .pix_fmts = (const enum PixelFormat[]) { PIX_FMT_YUV411P, + PIX_FMT_NONE }, + .long_name = NULL_IF_CONFIG_SMALL("Uncompressed YUV 4:1:1 12-bit"), +}; diff --git a/libavformat/isom.c b/libavformat/isom.c index 0a01e78ed1..7cadcef79e 100644 --- a/libavformat/isom.c +++ b/libavformat/isom.c @@ -91,6 +91,7 @@ const AVCodecTag codec_movvideo_tags[] = { { CODEC_ID_R210, MKTAG('r', '2', '1', '0') }, /* UNCOMPRESSED 10BIT RGB */ { CODEC_ID_V210, MKTAG('v', '2', '1', '0') }, /* UNCOMPRESSED 10BIT 4:2:2 */ { CODEC_ID_V410, MKTAG('v', '4', '1', '0') }, /* UNCOMPRESSED 10BIT 4:4:4 */ + { CODEC_ID_Y41P, MKTAG('Y', '4', '1', 'P') }, /* UNCOMPRESSED 12BIT 4:1:1 */ { CODEC_ID_MJPEG, MKTAG('j', 'p', 'e', 'g') }, /* PhotoJPEG */ { CODEC_ID_MJPEG, MKTAG('m', 'j', 'p', 'a') }, /* Motion-JPEG (format A) */ diff --git a/libavformat/riff.c b/libavformat/riff.c index 4f475ba04d..74f384d268 100644 --- a/libavformat/riff.c +++ b/libavformat/riff.c @@ -290,6 +290,7 @@ const AVCodecTag ff_codec_bmp_tags[] = { { CODEC_ID_VBLE, MKTAG('V', 'B', 'L', 'E') }, { CODEC_ID_ESCAPE130, MKTAG('E', '1', '3', '0') }, { CODEC_ID_DXTORY, MKTAG('x', 't', 'o', 'r') }, + { CODEC_ID_Y41P, MKTAG('Y', '4', '1', 'P') }, { CODEC_ID_NONE, 0 } }; From 4eff392a4bafb11e1c38907a1f24b154c4bf312a Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Sat, 31 Dec 2011 15:47:30 -0500 Subject: [PATCH 227/331] bmv audio: implement new audio decoding API (cherry picked from commit 8893fbdf7a5b941ce353fd560817ae6a2c34cfff) Signed-off-by: Michael Niedermayer --- libavcodec/bmv.c | 34 +++++++++++++++++++++++++--------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/libavcodec/bmv.c b/libavcodec/bmv.c index e98d5998ca..37c844858f 100644 --- a/libavcodec/bmv.c +++ b/libavcodec/bmv.c @@ -285,12 +285,17 @@ static av_cold int decode_end(AVCodecContext *avctx) return 0; } +typedef struct BMVAudioDecContext { + AVFrame frame; +} BMVAudioDecContext; + static const int bmv_aud_mults[16] = { 16512, 8256, 4128, 2064, 1032, 516, 258, 192, 129, 88, 64, 56, 48, 40, 36, 32 }; static av_cold int bmv_aud_decode_init(AVCodecContext *avctx) { + BMVAudioDecContext *c = avctx->priv_data; if (avctx->channels != 2) { av_log(avctx, AV_LOG_INFO, "invalid number of channels\n"); @@ -299,17 +304,21 @@ static av_cold int bmv_aud_decode_init(AVCodecContext *avctx) avctx->sample_fmt = AV_SAMPLE_FMT_S16; + avcodec_get_frame_defaults(&c->frame); + avctx->coded_frame = &c->frame; + return 0; } -static int bmv_aud_decode_frame(AVCodecContext *avctx, void *data, int *data_size, - AVPacket *avpkt) +static int bmv_aud_decode_frame(AVCodecContext *avctx, void *data, + int *got_frame_ptr, AVPacket *avpkt) { + BMVAudioDecContext *c = avctx->priv_data; const uint8_t *buf = avpkt->data; int buf_size = avpkt->size; int blocks = 0, total_blocks, i; - int out_size; - int16_t *output_samples = data; + int ret; + int16_t *output_samples; int scale[2]; total_blocks = *buf++; @@ -318,11 +327,14 @@ static int bmv_aud_decode_frame(AVCodecContext *avctx, void *data, int *data_siz total_blocks * 65 + 1, buf_size); return AVERROR_INVALIDDATA; } - out_size = total_blocks * 64 * sizeof(*output_samples); - if (*data_size < out_size) { - av_log(avctx, AV_LOG_ERROR, "Output buffer is too small\n"); - return AVERROR(EINVAL); + + /* get output buffer */ + c->frame.nb_samples = total_blocks * 32; + if ((ret = avctx->get_buffer(avctx, &c->frame)) < 0) { + av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n"); + return ret; } + output_samples = (int16_t *)c->frame.data[0]; for (blocks = 0; blocks < total_blocks; blocks++) { uint8_t code = *buf++; @@ -335,7 +347,9 @@ static int bmv_aud_decode_frame(AVCodecContext *avctx, void *data, int *data_siz } } - *data_size = out_size; + *got_frame_ptr = 1; + *(AVFrame *)data = c->frame; + return buf_size; } @@ -354,7 +368,9 @@ AVCodec ff_bmv_audio_decoder = { .name = "bmv_audio", .type = AVMEDIA_TYPE_AUDIO, .id = CODEC_ID_BMV_AUDIO, + .priv_data_size = sizeof(BMVAudioDecContext), .init = bmv_aud_decode_init, .decode = bmv_aud_decode_frame, + .capabilities = CODEC_CAP_DR1, .long_name = NULL_IF_CONFIG_SMALL("Discworld II BMV audio"), }; From e8c8b27f6670761f57e990e94629b540c1e178c2 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 2 Jan 2012 17:02:41 +0100 Subject: [PATCH 228/331] jpegdec: Only enable rgb mode when there are 3 components. Signed-off-by: Michael Niedermayer (cherry picked from commit 24964f21e4976edab156dc934c3b5ec3746b16eb) Signed-off-by: Michael Niedermayer --- libavcodec/mjpegdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index 5a6133f313..b9b8a7dead 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -282,7 +282,7 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s) return -1; } - if(s->v_max==1 && s->h_max==1 && s->lossless==1) s->rgb=1; + if(s->v_max==1 && s->h_max==1 && s->lossless==1 && nb_components==3) s->rgb=1; /* if different size, realloc/alloc picture */ /* XXX: also check h_count and v_count */ From 17c3ec77c2d1c4304054d7ad005aacfb3b78bdef Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 2 Jan 2012 17:03:24 +0100 Subject: [PATCH 229/331] jpegdec: 9-16 bit yuv/gray ljpeg support. Signed-off-by: Michael Niedermayer (cherry picked from commit 465eb0eb48a14f5308d7fa52c388e7be7170cc3e) Signed-off-by: Michael Niedermayer --- libavcodec/mjpegdec.c | 59 ++++++++++++++++++++++++++++++++++++------- 1 file changed, 50 insertions(+), 9 deletions(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index b9b8a7dead..5018edb4ba 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -341,7 +341,10 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s) assert(s->nb_components==3); break; case 0x11000000: - s->avctx->pix_fmt = PIX_FMT_GRAY8; + if(s->bits <= 8) + s->avctx->pix_fmt = PIX_FMT_GRAY8; + else + s->avctx->pix_fmt = PIX_FMT_GRAY16; break; case 0x12111100: s->avctx->pix_fmt = s->cs_itu601 ? PIX_FMT_YUV440P : PIX_FMT_YUVJ440P; @@ -719,7 +722,12 @@ static int ljpeg_decode_rgb_scan(MJpegDecodeContext *s, int predictor, int point static int ljpeg_decode_yuv_scan(MJpegDecodeContext *s, int predictor, int point_transform){ int i, mb_x, mb_y; - const int nb_components=3; + const int nb_components=s->nb_components; + int bits= (s->bits+7)&~7; + + point_transform += bits - s->bits; + + av_assert0(nb_components==1 || nb_components==3); for(mb_y = 0; mb_y < s->mb_height; mb_y++) { for(mb_x = 0; mb_x < s->mb_width; mb_x++) { @@ -729,6 +737,7 @@ static int ljpeg_decode_yuv_scan(MJpegDecodeContext *s, int predictor, int point if(mb_x==0 || mb_y==0 || s->interlaced){ for(i=0;inb_blocks[i]; c = s->comp_index[i]; @@ -738,13 +747,19 @@ static int ljpeg_decode_yuv_scan(MJpegDecodeContext *s, int predictor, int point y = 0; linesize= s->linesize[c]; + if(bits>8) linesize /= 2; + for(j=0; jdc_index[i]); + if(dc == 0xFFFF) + return -1; + if(bits<=8){ ptr = s->picture.data[c] + (linesize * (v * mb_y + y)) + (h * mb_x + x); //FIXME optimize this crap if(y==0 && mb_y==0){ if(x==0 && mb_x==0){ - pred= 128 << point_transform; + pred= 1 << (bits - 1); }else{ pred= ptr[-1]; } @@ -758,11 +773,27 @@ static int ljpeg_decode_yuv_scan(MJpegDecodeContext *s, int predictor, int point if (s->interlaced && s->bottom_field) ptr += linesize >> 1; - dc = mjpeg_decode_dc(s, s->dc_index[i]); - if(dc == 0xFFFF) - return -1; *ptr= pred + (dc << point_transform); + }else{ + ptr16 = s->picture.data[c] + 2*(linesize * (v * mb_y + y)) + 2*(h * mb_x + x); //FIXME optimize this crap + if(y==0 && mb_y==0){ + if(x==0 && mb_x==0){ + pred= 1 << (bits - 1); + }else{ + pred= ptr16[-1]; + } + }else{ + if(x==0 && mb_x==0){ + pred= ptr16[-linesize]; + }else{ + PREDICT(pred, ptr16[-linesize-1], ptr16[-linesize], ptr16[-1], predictor); + } + } + if (s->interlaced && s->bottom_field) + ptr16 += linesize >> 1; + *ptr16= pred + (dc << point_transform); + } if (++x == h) { x = 0; y++; @@ -772,6 +803,7 @@ static int ljpeg_decode_yuv_scan(MJpegDecodeContext *s, int predictor, int point }else{ for(i=0;inb_blocks[i]; c = s->comp_index[i]; @@ -781,16 +813,25 @@ static int ljpeg_decode_yuv_scan(MJpegDecodeContext *s, int predictor, int point y = 0; linesize= s->linesize[c]; + if(bits>8) linesize /= 2; + for(j=0; jpicture.data[c] + (linesize * (v * mb_y + y)) + (h * mb_x + x); //FIXME optimize this crap - PREDICT(pred, ptr[-linesize-1], ptr[-linesize], ptr[-1], predictor); - dc = mjpeg_decode_dc(s, s->dc_index[i]); if(dc == 0xFFFF) return -1; + if(bits<=8){ + ptr = s->picture.data[c] + (linesize * (v * mb_y + y)) + (h * mb_x + x); //FIXME optimize this crap + PREDICT(pred, ptr[-linesize-1], ptr[-linesize], ptr[-1], predictor); + *ptr= pred + (dc << point_transform); + }else{ + ptr16 = s->picture.data[c] + 2*(linesize * (v * mb_y + y)) + 2*(h * mb_x + x); //FIXME optimize this crap + PREDICT(pred, ptr16[-linesize-1], ptr16[-linesize], ptr16[-1], predictor); + + *ptr16= pred + (dc << point_transform); + } if (++x == h) { x = 0; y++; From 80695c9d1f0dcfc96f7c2d4a469d0ecc5939fb2f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 2 Jan 2012 19:06:46 +0100 Subject: [PATCH 230/331] jpegdec: non interleaved rgb ljpeg support. Fixes Ticket856 Signed-off-by: Michael Niedermayer (cherry picked from commit 45552371e3434fb7aa4d0bc566fd4ef954f9af14) Signed-off-by: Michael Niedermayer --- libavcodec/mjpegdec.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index 5018edb4ba..41722c425a 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -648,7 +648,7 @@ static int decode_block_refinement(MJpegDecodeContext *s, DCTELEM *block, uint8_ #undef REFINE_BIT #undef ZERO_RUN -static int ljpeg_decode_rgb_scan(MJpegDecodeContext *s, int predictor, int point_transform){ +static int ljpeg_decode_rgb_scan(MJpegDecodeContext *s, int nb_components, int predictor, int point_transform){ int i, mb_x, mb_y; uint16_t (*buffer)[4]; int left[3], top[3], topleft[3]; @@ -675,7 +675,7 @@ static int ljpeg_decode_rgb_scan(MJpegDecodeContext *s, int predictor, int point if (s->restart_interval && !s->restart_count) s->restart_count = s->restart_interval; - for(i=0;i<3;i++) { + for(i=0;imb_width; mb_x++) { - ptr[3*mb_x+0] = buffer[mb_x][2]; - ptr[3*mb_x+1] = buffer[mb_x][1]; - ptr[3*mb_x+2] = buffer[mb_x][0]; + for(i=0;icomp_index[i]; + for(mb_x = 0; mb_x < s->mb_width; mb_x++) { + ptr[3*mb_x+2-c] = buffer[mb_x][i]; + } } } } @@ -1117,7 +1118,7 @@ int ff_mjpeg_decode_sos(MJpegDecodeContext *s, return -1; }else{ if(s->rgb){ - if(ljpeg_decode_rgb_scan(s, predictor, point_transform) < 0) + if(ljpeg_decode_rgb_scan(s, nb_components, predictor, point_transform) < 0) return -1; }else{ if(ljpeg_decode_yuv_scan(s, predictor, point_transform) < 0) From a598f0a5d7fdfc545f15b5cd4ae45421817474ca Mon Sep 17 00:00:00 2001 From: Michael Bradshaw Date: Sat, 3 Dec 2011 12:14:03 -0700 Subject: [PATCH 231/331] Fixed openjpeg decoding bug with width/linesize issue The original code wasn't taking into account the fact that linesize may not equal the frame's width. This is to correct that. Signed-off-by: Michael Bradshaw Signed-off-by: Michael Niedermayer (cherry picked from commit d1669e5fe3d61dc4181f96138eb4355aaaf231ea) Signed-off-by: Michael Niedermayer --- libavcodec/libopenjpegdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/libopenjpegdec.c b/libavcodec/libopenjpegdec.c index 6344ad0c74..8cab41e124 100644 --- a/libavcodec/libopenjpegdec.c +++ b/libavcodec/libopenjpegdec.c @@ -139,8 +139,8 @@ static inline void libopenjpeg_copyto8(AVFrame *picture, opj_image_t *image) { for(index = 0; index < image->numcomps; index++) { comp_data = image->comps[index].data; - img_ptr = picture->data[index]; for(y = 0; y < image->comps[index].h; y++) { + img_ptr = picture->data[index] + y * picture->linesize[index]; for(x = 0; x < image->comps[index].w; x++) { *img_ptr = (uint8_t) *comp_data; img_ptr++; @@ -156,8 +156,8 @@ static inline void libopenjpeg_copyto16(AVFrame *picture, opj_image_t *image) { int index, x, y; for(index = 0; index < image->numcomps; index++) { comp_data = image->comps[index].data; - img_ptr = (uint16_t*) picture->data[index]; for(y = 0; y < image->comps[index].h; y++) { + img_ptr = (uint16_t*) (picture->data[index] + y * picture->linesize[index]); for(x = 0; x < image->comps[index].w; x++) { *img_ptr = *comp_data; img_ptr++; From 68874c42e70cdd664f8d36de5e18b8d4360b6e71 Mon Sep 17 00:00:00 2001 From: Michael Bradshaw Date: Wed, 30 Nov 2011 21:44:41 -0700 Subject: [PATCH 232/331] Added RGBA and YUV440 decoding support for libopenjpeg decoder Reviewed-by: Jean First Signed-off-by: Michael Niedermayer (cherry picked from commit 3f07ef1dfff036a6b35c1605e6346bad2e17da68) Signed-off-by: Michael Niedermayer --- libavcodec/libopenjpegdec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/libopenjpegdec.c b/libavcodec/libopenjpegdec.c index 8cab41e124..08e7cd540a 100644 --- a/libavcodec/libopenjpegdec.c +++ b/libavcodec/libopenjpegdec.c @@ -52,6 +52,7 @@ static enum PixelFormat check_image_attributes(AVCodecContext *avctx, opj_image_ switch (compRatio) { case 0111111: goto libopenjpeg_yuv444_rgb; + case 0111212: return PIX_FMT_YUV440P; case 0112121: goto libopenjpeg_yuv422; case 0112222: goto libopenjpeg_yuv420; default: goto libopenjpeg_rgb; @@ -296,6 +297,7 @@ static int libopenjpeg_decode_frame(AVCodecContext *avctx, libopenjpeg_copyto16(picture, image); break; case 3: + case 4: if (ispacked) { libopenjpeg_copy_to_packed8(picture, image); } From 632fd58a8f88e7ae4c48133f39ee979cc99ae2ad Mon Sep 17 00:00:00 2001 From: Michael Bradshaw Date: Fri, 2 Dec 2011 14:39:26 -0700 Subject: [PATCH 233/331] Added yuva420p decoding support for libopenjpeg Signed-off-by: Michael Bradshaw Signed-off-by: Michael Niedermayer (cherry picked from commit 2ba3416362345f275c63e70f44f4cfbf9b66fb35) Signed-off-by: Michael Niedermayer --- libavcodec/libopenjpegdec.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/libavcodec/libopenjpegdec.c b/libavcodec/libopenjpegdec.c index 08e7cd540a..07cca2547b 100644 --- a/libavcodec/libopenjpegdec.c +++ b/libavcodec/libopenjpegdec.c @@ -91,6 +91,15 @@ libopenjpeg_rgb: return PIX_FMT_RGB24; } +static int is_yuva420(opj_image_t *image) +{ + return image->numcomps == 4 && + image->comps[0].dx == 1 && image->comps[0].dy == 1 && + image->comps[1].dx == 2 && image->comps[1].dy == 2 && + image->comps[2].dx == 2 && image->comps[2].dy == 2 && + image->comps[3].dx == 1 && image->comps[3].dy == 1; +} + static inline int libopenjpeg_ispacked(enum PixelFormat pix_fmt) { int i, component_plane; component_plane = av_pix_fmt_descriptors[pix_fmt].comp[0].plane; @@ -253,7 +262,7 @@ static int libopenjpeg_decode_frame(AVCodecContext *avctx, break; case 3: avctx->pix_fmt = check_image_attributes(avctx, image); break; - case 4: avctx->pix_fmt = PIX_FMT_RGBA; + case 4: avctx->pix_fmt = is_yuva420(image) ? PIX_FMT_YUVA420P : PIX_FMT_RGBA; break; default: av_log(avctx, AV_LOG_ERROR, "%d components unsupported.\n", image->numcomps); goto done; From 7e97d98033d18146070218bf30c8ee83a80b9748 Mon Sep 17 00:00:00 2001 From: Hendrik Leppkes Date: Fri, 16 Dec 2011 22:41:29 +0100 Subject: [PATCH 234/331] wavpack: determine sample_fmt before requesting a buffer Signed-off-by: Justin Ruggles (cherry picked from commit 14165fe1256e0f11ba3d9cf574492ae528e5c9cf) Signed-off-by: Michael Niedermayer --- libavcodec/wavpack.c | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c index 8d9b804852..f13980b56a 100644 --- a/libavcodec/wavpack.c +++ b/libavcodec/wavpack.c @@ -783,13 +783,6 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no, s->samples = wc->samples; } s->frame_flags = AV_RL32(buf); buf += 4; - if(s->frame_flags&0x80){ - avctx->sample_fmt = AV_SAMPLE_FMT_FLT; - } else if((s->frame_flags&0x03) <= 1){ - avctx->sample_fmt = AV_SAMPLE_FMT_S16; - } else { - avctx->sample_fmt = AV_SAMPLE_FMT_S32; - } bpp = av_get_bytes_per_sample(avctx->sample_fmt); samples = (uint8_t*)samples + bpp * wc->ch_offset; @@ -1147,7 +1140,7 @@ static int wavpack_decode_frame(AVCodecContext *avctx, void *data, WavpackContext *s = avctx->priv_data; const uint8_t *buf = avpkt->data; int buf_size = avpkt->size; - int frame_size, ret; + int frame_size, ret, frame_flags; int samplecount = 0; s->block = 0; @@ -1155,12 +1148,16 @@ static int wavpack_decode_frame(AVCodecContext *avctx, void *data, /* determine number of samples */ if(s->mkv_mode){ - s->samples = AV_RL32(buf); buf += 4; + s->samples = AV_RL32(buf); buf += 4; + frame_flags = AV_RL32(buf); } else { - if (s->multichannel) - s->samples = AV_RL32(buf + 4); - else - s->samples = AV_RL32(buf); + if (s->multichannel) { + s->samples = AV_RL32(buf + 4); + frame_flags = AV_RL32(buf + 8); + } else { + s->samples = AV_RL32(buf); + frame_flags = AV_RL32(buf + 4); + } } if (s->samples <= 0) { av_log(avctx, AV_LOG_ERROR, "Invalid number of samples: %d\n", @@ -1168,6 +1165,14 @@ static int wavpack_decode_frame(AVCodecContext *avctx, void *data, return AVERROR(EINVAL); } + if (frame_flags & 0x80) { + avctx->sample_fmt = AV_SAMPLE_FMT_FLT; + } else if ((frame_flags & 0x03) <= 1) { + avctx->sample_fmt = AV_SAMPLE_FMT_S16; + } else { + avctx->sample_fmt = AV_SAMPLE_FMT_S32; + } + /* get output buffer */ s->frame.nb_samples = s->samples; if ((ret = avctx->get_buffer(avctx, &s->frame)) < 0) { From 103cb461b0fad88dd48a0234e0e0609825e85caa Mon Sep 17 00:00:00 2001 From: Stefano Sabatini Date: Sat, 24 Dec 2011 16:17:18 +0100 Subject: [PATCH 235/331] vf_drawtext: select YUV color for drawbox() in case YUV colorspace is used Fix box alpha rendering when a YUV colorspace is selected, in particular fix trac ticket #763. (cherry picked from commit 1858a5c25ee1ccb8089339d20138116a46cc6c77) --- libavfilter/vf_drawtext.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavfilter/vf_drawtext.c b/libavfilter/vf_drawtext.c index 912a8547bb..bf43ea9ed1 100644 --- a/libavfilter/vf_drawtext.c +++ b/libavfilter/vf_drawtext.c @@ -805,7 +805,7 @@ static int draw_text(AVFilterContext *ctx, AVFilterBufferRef *picref, /* draw box */ if (dtext->draw_box) drawbox(picref, dtext->x, dtext->y, box_w, box_h, - dtext->box_line, dtext->pixel_step, dtext->boxcolor_rgba, + dtext->box_line, dtext->pixel_step, dtext->is_packed_rgb ? dtext->boxcolor_rgba : dtext->boxcolor, dtext->hsub, dtext->vsub, dtext->is_packed_rgb, dtext->rgba_map); if (dtext->shadowx || dtext->shadowy) { From 9f561ec398a3e3f8ef8c00cd1aedf5be2fc686c5 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Wed, 4 Jan 2012 20:34:45 +0100 Subject: [PATCH 236/331] Revert "wavpack: Clip samples after shifting" This reverts commit 8d055e9079f151f13d34e8e04f4aa7ca0273c448. The original commit introduced ticket #871, do not import the problem into the release branch. --- libavcodec/wavpack.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c index f13980b56a..5b05e59ea9 100644 --- a/libavcodec/wavpack.c +++ b/libavcodec/wavpack.c @@ -405,12 +405,12 @@ static inline int wv_get_value_integer(WavpackFrameContext *s, uint32_t *crc, in } bit = (S & s->and) | s->or; - bit = (((S + bit) << s->shift) - bit) << s->post_shift; + bit = (((S + bit) << s->shift) - bit); if(s->hybrid) bit = av_clip(bit, -s->hybrid_maxclip - 1, s->hybrid_maxclip); - return bit; + return bit << s->post_shift; } static float wv_get_value_float(WavpackFrameContext *s, uint32_t *crc, int S) From 32b62c7d6ad69c3a92228c123051557588cdfd5e Mon Sep 17 00:00:00 2001 From: Oana Stratulat Date: Wed, 4 Jan 2012 03:13:27 +0200 Subject: [PATCH 237/331] electronicarts: Fix division by zero. Fixes Ticket #793 Signed-off-by: Oana Stratulat Signed-off-by: Michael Niedermayer (cherry picked from commit 0d3a51e5d279dd2a56c81ba7a81a70128c5a7545) Signed-off-by: Michael Niedermayer --- libavformat/electronicarts.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavformat/electronicarts.c b/libavformat/electronicarts.c index 75f92afc0f..41ed0891b9 100644 --- a/libavformat/electronicarts.c +++ b/libavformat/electronicarts.c @@ -221,6 +221,10 @@ static int process_audio_header_eacs(AVFormatContext *s) ea->sample_rate = ea->big_endian ? avio_rb32(pb) : avio_rl32(pb); ea->bytes = avio_r8(pb); /* 1=8-bit, 2=16-bit */ + if(ea->bytes == 0){ + av_log(s,AV_LOG_ERROR,"the file is corrupted, ea->bytes = 0\n"); + return AVERROR_INVALIDDATA; + } ea->num_channels = avio_r8(pb); compression_type = avio_r8(pb); avio_skip(pb, 13); From 9f9b6388a3a55d2fe5bae045949c98ec911d16e6 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 4 Jan 2012 04:02:22 +0100 Subject: [PATCH 238/331] electronicarts: Pass error through ea_read_header(). Signed-off-by: Michael Niedermayer (cherry picked from commit f37174bc1913d534913e8825f1609a637cc4b364) Signed-off-by: Michael Niedermayer --- libavformat/electronicarts.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/electronicarts.c b/libavformat/electronicarts.c index 41ed0891b9..43d1f26a8e 100644 --- a/libavformat/electronicarts.c +++ b/libavformat/electronicarts.c @@ -408,7 +408,7 @@ static int ea_read_header(AVFormatContext *s, EaDemuxContext *ea = s->priv_data; AVStream *st; - if (!process_ea_header(s)) + if (process_ea_header(s)<=0) return AVERROR(EIO); if (ea->video_codec) { From 66569b375c5c54a9893737a5e3c3b9806b6a56f8 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 3 Jan 2012 06:53:18 +0100 Subject: [PATCH 239/331] jpegdec: Fix vlc table check for progressive jpegs. Fixes Ticket834 Signed-off-by: Michael Niedermayer (cherry picked from commit 15b219fae9da1691dfb264f51637805e1ca63d1a) Signed-off-by: Michael Niedermayer --- libavcodec/mjpegdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index 41722c425a..833e80fcdf 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -1069,7 +1069,7 @@ int ff_mjpeg_decode_sos(MJpegDecodeContext *s, if (s->dc_index[i] < 0 || s->ac_index[i] < 0 || s->dc_index[i] >= 4 || s->ac_index[i] >= 4) goto out_of_range; - if (!s->vlcs[0][s->dc_index[i]].table || !s->vlcs[1][s->ac_index[i]].table) + if (!s->vlcs[0][s->dc_index[i]].table || !(s->progressive ? s->vlcs[2][s->ac_index[0]].table : s->vlcs[1][s->ac_index[i]].table)) goto out_of_range; } From 1bd1103175f4dd080d39075648baa708553004e2 Mon Sep 17 00:00:00 2001 From: Philippe Saint-Pierre Date: Wed, 4 Jan 2012 21:00:06 +0100 Subject: [PATCH 240/331] Fix possible infinite loop decoding als. Reviewed-by: Thilo Borgmann (cherry picked from commit f0f2babca23a3d099bcd5a1e18cf5d0eae2f4ef3) Signed-off-by: Michael Niedermayer --- libavcodec/alsdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c index 0e5509c74a..9d371de0c8 100644 --- a/libavcodec/alsdec.c +++ b/libavcodec/alsdec.c @@ -1012,7 +1012,7 @@ static void zero_remaining(unsigned int b, unsigned int b_max, unsigned int count = 0; while (b < b_max) - count += div_blocks[b]; + count += div_blocks[b++]; if (count) memset(buf, 0, sizeof(*buf) * count); From 49b8709870e4fa4d577ce6909d4bc6e03cedfe4e Mon Sep 17 00:00:00 2001 From: Chris Evans Date: Wed, 4 Jan 2012 16:33:34 +0100 Subject: [PATCH 241/331] mkv: Fix a bug where a pointer was cached to an array that might later move due to a realloc() BUG=100492 Review URL: http://codereview.chromium.org/8366004 Fixes: 1 of 2 for CVE-2011-3893 Signed-off-by: Michael Niedermayer (cherry picked from commit f35e037c93cf7d25e65b4a2ed3674358f05e4bed) Signed-off-by: Michael Niedermayer --- libavformat/matroskadec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index 4a0c2fa76c..c02013e3ca 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -1223,7 +1223,6 @@ static int matroska_parse_seekhead_entry(MatroskaDemuxContext *matroska, int idx static void matroska_execute_seekhead(MatroskaDemuxContext *matroska) { EbmlList *seekhead_list = &matroska->seekhead; - MatroskaSeekhead *seekhead = seekhead_list->elem; int64_t before_pos = avio_tell(matroska->ctx->pb); int i; @@ -1233,6 +1232,7 @@ static void matroska_execute_seekhead(MatroskaDemuxContext *matroska) return; for (i = 0; i < seekhead_list->nb_elem; i++) { + MatroskaSeekhead *seekhead = seekhead_list->elem; if (seekhead[i].pos <= before_pos) continue; From 6a3fed87498b425d19dee4b57d969e10e2dd5f43 Mon Sep 17 00:00:00 2001 From: Chris Evans Date: Wed, 4 Jan 2012 17:24:15 +0100 Subject: [PATCH 242/331] ogg: Avoid the possibility to read out-of-bounds of a static global array in Vorbis decoding. BUG=100543 Review URL: http://codereview.chromium.org/8365014 This fixes 25% of CVE-2011-3893 Signed-off-by: Michael Niedermayer (cherry picked from commit 7149fce2cac0474a5fbc5b47add1158cd8bb283e) Signed-off-by: Michael Niedermayer --- libavcodec/vorbis.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/vorbis.c b/libavcodec/vorbis.c index 1624948626..251442bfc3 100644 --- a/libavcodec/vorbis.c +++ b/libavcodec/vorbis.c @@ -156,7 +156,7 @@ void ff_vorbis_ready_floor1_list(vorbis_floor1_entry * list, int values) } } -static inline void render_line_unrolled(intptr_t x, intptr_t y, int x1, +static inline void render_line_unrolled(intptr_t x, unsigned char y, int x1, intptr_t sy, int ady, int adx, float *buf) { @@ -191,7 +191,7 @@ static void render_line(int x0, int y0, int x1, int y1, float *buf) } else { int base = dy / adx; int x = x0; - int y = y0; + unsigned char y = y0; int err = -adx; ady -= FFABS(base) * adx; while (++x < x1) { From d7e5301e438ffb39697b4834769e3f0e3a4e36bd Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 4 Jan 2012 17:29:34 +0100 Subject: [PATCH 243/331] vorbis: Fix last quarter of CVE-2011-3893 Signed-off-by: Michael Niedermayer (cherry picked from commit 6fcf2bb8af0e7d6bb179e71e67e5fab8ef0d2ec2) Signed-off-by: Michael Niedermayer --- libavcodec/vorbis.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/vorbis.c b/libavcodec/vorbis.c index 251442bfc3..9e5dfd8e7e 100644 --- a/libavcodec/vorbis.c +++ b/libavcodec/vorbis.c @@ -179,7 +179,7 @@ static inline void render_line_unrolled(intptr_t x, unsigned char y, int x1, } } -static void render_line(int x0, int y0, int x1, int y1, float *buf) +static void render_line(int x0, unsigned char y0, int x1, int y1, float *buf) { int dy = y1 - y0; int adx = x1 - x0; From 89bd49b25c4cb34f5d871e5292f86662bc858589 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 4 Jan 2012 19:22:20 +0100 Subject: [PATCH 244/331] vorbisdec: Make sure blocksize is not set to an invalid value. Signed-off-by: Michael Niedermayer (cherry picked from commit 405e99bdfdb363e8dfda275faad9d4fdc9646434) Signed-off-by: Michael Niedermayer --- libavcodec/vorbisdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/vorbisdec.c b/libavcodec/vorbisdec.c index 03ecc38ed4..32ef750ead 100644 --- a/libavcodec/vorbisdec.c +++ b/libavcodec/vorbisdec.c @@ -935,12 +935,12 @@ static int vorbis_parse_id_hdr(vorbis_context *vc) vc->bitrate_minimum = get_bits_long(gb, 32); bl0 = get_bits(gb, 4); bl1 = get_bits(gb, 4); - vc->blocksize[0] = (1 << bl0); - vc->blocksize[1] = (1 << bl1); if (bl0 > 13 || bl0 < 6 || bl1 > 13 || bl1 < 6 || bl1 < bl0) { av_log(vc->avccontext, AV_LOG_ERROR, " Vorbis id header packet corrupt (illegal blocksize). \n"); return AVERROR_INVALIDDATA; } + vc->blocksize[0] = (1 << bl0); + vc->blocksize[1] = (1 << bl1); vc->win[0] = ff_vorbis_vwin[bl0 - 6]; vc->win[1] = ff_vorbis_vwin[bl1 - 6]; From 80440c5b1de1b42d51f5073868da654f81d50a68 Mon Sep 17 00:00:00 2001 From: Chris Evans Date: Wed, 4 Jan 2012 21:51:18 +0100 Subject: [PATCH 245/331] vorbis: Fix decoder bug. BUG=101458 Review URL: http://codereview.chromium.org/8413019 This fixes part of 2011-3895 bigned-off-by: Michael Niedermayer (cherry picked from commit 68226ed9ecef675895dc55a0c58d587014639a0e) Signed-off-by: Michael Niedermayer --- libavcodec/vorbisdec.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libavcodec/vorbisdec.c b/libavcodec/vorbisdec.c index 32ef750ead..a62c968622 100644 --- a/libavcodec/vorbisdec.c +++ b/libavcodec/vorbisdec.c @@ -679,7 +679,7 @@ static int vorbis_parse_setup_hdr_residues(vorbis_context *vc) res_setup->partition_size = get_bits(gb, 24) + 1; /* Validations to prevent a buffer overflow later. */ if (res_setup->begin>res_setup->end || - res_setup->end > vc->avccontext->channels * vc->blocksize[1] / 2 || + res_setup->end > (res_setup->type == 2 ? vc->avccontext->channels : 1) * vc->blocksize[1] / 2 || (res_setup->end-res_setup->begin) / res_setup->partition_size > V_MAX_PARTITIONS) { av_log(vc->avccontext, AV_LOG_ERROR, "partition out of bounds: type, begin, end, size, blocksize: %"PRIu16", %"PRIu32", %"PRIu32", %u, %"PRIu32"\n", @@ -1483,6 +1483,7 @@ static int vorbis_parse_audio_packet(vorbis_context *vc) uint8_t res_chan[255]; unsigned res_num = 0; int retlen = 0; + int ch_left = vc->audio_channels; if (get_bits1(gb)) { av_log(vc->avccontext, AV_LOG_ERROR, "Not a Vorbis I audio packet.\n"); @@ -1557,9 +1558,14 @@ static int vorbis_parse_audio_packet(vorbis_context *vc) } } residue = &vc->residues[mapping->submap_residue[i]]; + if (ch_left < ch) { + av_log(vc->avccontext, AV_LOG_ERROR, "Too many channels in vorbis_floor_decode.\n"); + return -1; + } vorbis_residue_decode(vc, residue, ch, do_not_decode, ch_res_ptr, blocksize/2); ch_res_ptr += ch * blocksize / 2; + ch_left -= ch; } // Inverse coupling From 68ee43468e1b9d36eb2ffe1d3294af0c0a7858e8 Mon Sep 17 00:00:00 2001 From: Chris Evans Date: Wed, 4 Jan 2012 21:53:35 +0100 Subject: [PATCH 246/331] vorbis: An additional defense in the Vorbis codec. BUG=101458 Review URL: http://codereview.chromium.org/8414025 Fixes second part of CVE-2011-3895 Signed-off-by: Michael Niedermayer (cherry picked from commit f74ce3a60d6ef49080df85c44b54280357109f56) Signed-off-by: Michael Niedermayer --- libavcodec/vorbisdec.c | 35 +++++++++++++++++++++++++---------- 1 file changed, 25 insertions(+), 10 deletions(-) diff --git a/libavcodec/vorbisdec.c b/libavcodec/vorbisdec.c index a62c968622..c99401b2c6 100644 --- a/libavcodec/vorbisdec.c +++ b/libavcodec/vorbisdec.c @@ -1286,6 +1286,7 @@ static av_always_inline int vorbis_residue_decode_internal(vorbis_context *vc, uint8_t *do_not_decode, float *vec, unsigned vlen, + unsigned ch_left, int vr_type) { GetBitContext *gb = &vc->gb; @@ -1293,6 +1294,7 @@ static av_always_inline int vorbis_residue_decode_internal(vorbis_context *vc, unsigned ptns_to_read = vr->ptns_to_read; uint8_t *classifs = vr->classifs; unsigned pass, ch_used, i, j, k, l; + unsigned max_output = (ch - 1) * vlen; if (vr_type == 2) { for (j = 1; j < ch; ++j) @@ -1300,8 +1302,15 @@ static av_always_inline int vorbis_residue_decode_internal(vorbis_context *vc, if (do_not_decode[0]) return 0; ch_used = 1; + max_output += vr->end / ch; } else { ch_used = ch; + max_output += vr->end; + } + + if (max_output > ch_left * vlen) { + av_log(vc->avccontext, AV_LOG_ERROR, "Insufficient output buffer\n"); + return -1; } av_dlog(NULL, " residue type 0/1/2 decode begin, ch: %d cpc %d \n", ch, c_p_c); @@ -1428,14 +1437,15 @@ static av_always_inline int vorbis_residue_decode_internal(vorbis_context *vc, static inline int vorbis_residue_decode(vorbis_context *vc, vorbis_residue *vr, unsigned ch, uint8_t *do_not_decode, - float *vec, unsigned vlen) + float *vec, unsigned vlen, + unsigned ch_left) { if (vr->type == 2) - return vorbis_residue_decode_internal(vc, vr, ch, do_not_decode, vec, vlen, 2); + return vorbis_residue_decode_internal(vc, vr, ch, do_not_decode, vec, vlen, ch_left, 2); else if (vr->type == 1) - return vorbis_residue_decode_internal(vc, vr, ch, do_not_decode, vec, vlen, 1); + return vorbis_residue_decode_internal(vc, vr, ch, do_not_decode, vec, vlen, ch_left, 1); else if (vr->type == 0) - return vorbis_residue_decode_internal(vc, vr, ch, do_not_decode, vec, vlen, 0); + return vorbis_residue_decode_internal(vc, vr, ch, do_not_decode, vec, vlen, ch_left, 0); else { av_log(vc->avccontext, AV_LOG_ERROR, " Invalid residue type while residue decode?! \n"); return AVERROR_INVALIDDATA; @@ -1483,7 +1493,8 @@ static int vorbis_parse_audio_packet(vorbis_context *vc) uint8_t res_chan[255]; unsigned res_num = 0; int retlen = 0; - int ch_left = vc->audio_channels; + unsigned ch_left = vc->audio_channels; + unsigned vlen; if (get_bits1(gb)) { av_log(vc->avccontext, AV_LOG_ERROR, "Not a Vorbis I audio packet.\n"); @@ -1503,11 +1514,12 @@ static int vorbis_parse_audio_packet(vorbis_context *vc) blockflag = vc->modes[mode_number].blockflag; blocksize = vc->blocksize[blockflag]; + vlen = blocksize / 2; if (blockflag) skip_bits(gb, 2); // previous_window, next_window - memset(ch_res_ptr, 0, sizeof(float) * vc->audio_channels * blocksize / 2); //FIXME can this be removed ? - memset(ch_floor_ptr, 0, sizeof(float) * vc->audio_channels * blocksize / 2); //FIXME can this be removed ? + memset(ch_res_ptr, 0, sizeof(float) * vc->audio_channels * vlen); //FIXME can this be removed ? + memset(ch_floor_ptr, 0, sizeof(float) * vc->audio_channels * vlen); //FIXME can this be removed ? // Decode floor @@ -1527,7 +1539,7 @@ static int vorbis_parse_audio_packet(vorbis_context *vc) return AVERROR_INVALIDDATA; } no_residue[i] = ret; - ch_floor_ptr += blocksize / 2; + ch_floor_ptr += vlen; } // Nonzero vector propagate @@ -1544,6 +1556,7 @@ static int vorbis_parse_audio_packet(vorbis_context *vc) for (i = 0; i < mapping->submaps; ++i) { vorbis_residue *residue; unsigned ch = 0; + int ret; for (j = 0; j < vc->audio_channels; ++j) { if ((mapping->submaps == 1) || (i == mapping->mux[j])) { @@ -1562,9 +1575,11 @@ static int vorbis_parse_audio_packet(vorbis_context *vc) av_log(vc->avccontext, AV_LOG_ERROR, "Too many channels in vorbis_floor_decode.\n"); return -1; } - vorbis_residue_decode(vc, residue, ch, do_not_decode, ch_res_ptr, blocksize/2); + ret = vorbis_residue_decode(vc, residue, ch, do_not_decode, ch_res_ptr, vlen, ch_left); + if (ret < 0) + return ret; - ch_res_ptr += ch * blocksize / 2; + ch_res_ptr += ch * vlen; ch_left -= ch; } From 58afa73338489c0a89ee427ab02e592513fb1c59 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 4 Jan 2012 21:55:52 +0100 Subject: [PATCH 247/331] vorbis: make sure ch is non zero before calling vorbis_residue_decode This possibly makes part of the CVE-2011-3895 fix unneeded. Signed-off-by: Michael Niedermayer (cherry picked from commit ff7f198d7f9504f71676327be0be47661cfe39d6) Signed-off-by: Michael Niedermayer --- libavcodec/vorbisdec.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/libavcodec/vorbisdec.c b/libavcodec/vorbisdec.c index c99401b2c6..4bd1cf22a3 100644 --- a/libavcodec/vorbisdec.c +++ b/libavcodec/vorbisdec.c @@ -1575,9 +1575,11 @@ static int vorbis_parse_audio_packet(vorbis_context *vc) av_log(vc->avccontext, AV_LOG_ERROR, "Too many channels in vorbis_floor_decode.\n"); return -1; } - ret = vorbis_residue_decode(vc, residue, ch, do_not_decode, ch_res_ptr, vlen, ch_left); - if (ret < 0) - return ret; + if (ch) { + ret = vorbis_residue_decode(vc, residue, ch, do_not_decode, ch_res_ptr, vlen, ch_left); + if (ret < 0) + return ret; + } ch_res_ptr += ch * vlen; ch_left -= ch; From 0f61521f69c13b0fa1d884bf8e850f45469331db Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 5 Jan 2012 00:22:19 +0100 Subject: [PATCH 248/331] lavf: revert commit bb99ae3ae924c942a634bec7711ec7ee11c38eb9 Author: Michael Niedermayer Date: Thu Nov 3 22:38:10 2011 +0100 lavf: fix null pointer dereference in rdt Signed-off-by: Michael Niedermayer This is no longer needed and causes various problems with RTSP Signed-off-by: Michael Niedermayer (cherry picked from commit 1171d938af219aa1217a472391bc392f6e698386) Signed-off-by: Michael Niedermayer --- libavformat/utils.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index 304e3642fa..fe67d005c7 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -631,9 +631,6 @@ static int init_input(AVFormatContext *s, const char *filename, AVDictionary **o int ret; AVProbeData pd = {filename, NULL, 0}; - if(s->iformat && !strlen(filename)) - return 0; - if (s->pb) { s->flags |= AVFMT_FLAG_CUSTOM_IO; if (!s->iformat) From 0a5bca957d0d6ee9e77150dc5a20038c178d5282 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 5 Jan 2012 00:49:02 +0100 Subject: [PATCH 249/331] lavf: use avg_frame_rate and packet number to exit find_stream_info qatar does this too but clobbers the AVPacket.duration by approximate values. Signed-off-by: Michael Niedermayer (cherry picked from commit ad8e3304f701820f927527d8f0d11679738636df) Signed-off-by: Michael Niedermayer --- libavformat/utils.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index fe67d005c7..b0d1ec3c0c 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -2499,8 +2499,13 @@ int avformat_find_stream_info(AVFormatContext *ic, AVDictionary **options) st = ic->streams[pkt->stream_index]; if (st->codec_info_nb_frames>1) { - int64_t t; - if (st->time_base.den > 0 && (t=av_rescale_q(st->info->codec_info_duration, st->time_base, AV_TIME_BASE_Q)) >= ic->max_analyze_duration) { + int64_t t=0; + if (st->time_base.den > 0) + t = av_rescale_q(st->info->codec_info_duration, st->time_base, AV_TIME_BASE_Q); + if (st->avg_frame_rate.num > 0) + t = FFMAX(t, av_rescale_q(st->codec_info_nb_frames, (AVRational){st->avg_frame_rate.den, st->avg_frame_rate.num}, AV_TIME_BASE_Q)); + + if (t >= ic->max_analyze_duration) { av_log(ic, AV_LOG_WARNING, "max_analyze_duration %d reached at %"PRId64"\n", ic->max_analyze_duration, t); break; } From 68f121269694d61c137f046ea8f51ce717e57d7c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 5 Jan 2012 00:51:12 +0100 Subject: [PATCH 250/331] Revert "rmdec: Avoid allocating huge packets" This reverts commit 66f71f3b5e2e7b6e5049bd9831c371e16aff8a53. This causes regressions with RDT. (cherry picked from commit c4eec85a1fa768025f88261995af08f1dba9685d) Signed-off-by: Michael Niedermayer --- libavformat/rmdec.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c index 75240236e8..5b9bfb869a 100644 --- a/libavformat/rmdec.c +++ b/libavformat/rmdec.c @@ -24,7 +24,6 @@ #include "libavutil/dict.h" #include "avformat.h" #include "internal.h" -#include "avio_internal.h" #include "riff.h" #include "rm.h" @@ -613,7 +612,6 @@ static int rm_assemble_video_frame(AVFormatContext *s, AVIOContext *pb, } if(type != 1){ // not whole frame len2 = get_num(pb, &len); - len2 = ffio_limit(pb, len2); pos = get_num(pb, &len); pic_num = avio_r8(pb); len--; } From fc9c5ad9ea70479d09a5d37c800665746ff4710d Mon Sep 17 00:00:00 2001 From: John Brooks Date: Tue, 3 Jan 2012 23:27:35 -0700 Subject: [PATCH 251/331] rv34: fix invalid memory access for small video dimensions For small video dimensions calculations of the upper bound for pixel access may result in negative value. Using an unsigned comparison works only if the greater operand is non-negative. This is fixed by doing edge emulation explicitly for such conditions. Signed-off-by: Kostya Shishkov (cherry picked from commit aacf6b3a2fd8bc8603e3deaa6e612ea03cf08707) Signed-off-by: Michael Niedermayer --- libavcodec/rv34.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavcodec/rv34.c b/libavcodec/rv34.c index 15a5c5430f..1e05906a6f 100644 --- a/libavcodec/rv34.c +++ b/libavcodec/rv34.c @@ -690,8 +690,9 @@ static inline void rv34_mc(RV34DecContext *r, const int block_type, srcY += src_y * s->linesize + src_x; srcU += uvsrc_y * s->uvlinesize + uvsrc_x; srcV += uvsrc_y * s->uvlinesize + uvsrc_x; - if( (unsigned)(src_x - !!lx*2) > s->h_edge_pos - !!lx*2 - (width <<3) - 4 - || (unsigned)(src_y - !!ly*2) > s->v_edge_pos - !!ly*2 - (height<<3) - 4){ + if(s->h_edge_pos - (width << 3) < 6 || s->v_edge_pos - (height << 3) < 6 || + (unsigned)(src_x - !!lx*2) > s->h_edge_pos - !!lx*2 - (width <<3) - 4 || + (unsigned)(src_y - !!ly*2) > s->v_edge_pos - !!ly*2 - (height<<3) - 4) { uint8_t *uvbuf = s->edge_emu_buffer + 22 * s->linesize; srcY -= 2 + 2*s->linesize; From e540446f6c5ca1613eea4f9e8c5db12f1ec3925c Mon Sep 17 00:00:00 2001 From: John Brooks Date: Sun, 11 Dec 2011 02:37:21 -0700 Subject: [PATCH 252/331] vc1dec: fix invalid memory access for small video dimensions For small video dimensions, these calculations of the upper bound for pixel access may have a negative result. Using an unsigned comparison to bound a potentially negative value only works if the greater operand is non-negative. Fixed by doing edge emulation when the upper bound is probably negative, everywhere that this pattern appears. Signed-off-by: Kostya Shishkov (cherry picked from commit d209c27b09234cc40bbdbd680aa502b493edf595) Signed-off-by: Michael Niedermayer --- libavcodec/vc1dec.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libavcodec/vc1dec.c b/libavcodec/vc1dec.c index 20b7f72291..219f8dd468 100644 --- a/libavcodec/vc1dec.c +++ b/libavcodec/vc1dec.c @@ -568,6 +568,7 @@ static void vc1_mc_1mv(VC1Context *v, int dir) } if (v->rangeredfrm || (v->mv_mode == MV_PMODE_INTENSITY_COMP) + || s->h_edge_pos < 22 || v_edge_pos < 22 || (unsigned)(src_x - s->mspel) > s->h_edge_pos - (mx&3) - 16 - s->mspel * 3 || (unsigned)(src_y - s->mspel) > v_edge_pos - (my&3) - 16 - s->mspel * 3) { uint8_t *uvbuf = s->edge_emu_buffer + 19 * s->linesize; @@ -799,6 +800,7 @@ static void vc1_mc_4mv_luma(VC1Context *v, int n, int dir) if (fieldmv && (src_y & 1) && src_y < 4) src_y--; if (v->rangeredfrm || (v->mv_mode == MV_PMODE_INTENSITY_COMP) + || s->h_edge_pos < 13 || v_edge_pos < 23 || (unsigned)(src_x - s->mspel) > s->h_edge_pos - (mx & 3) - 8 - s->mspel * 2 || (unsigned)(src_y - (s->mspel << fieldmv)) > v_edge_pos - (my & 3) - ((8 + s->mspel * 2) << fieldmv)) { srcY -= s->mspel * (1 + (s->linesize << fieldmv)); @@ -998,6 +1000,7 @@ static void vc1_mc_4mv_chroma(VC1Context *v, int dir) } if (v->rangeredfrm || (v->mv_mode == MV_PMODE_INTENSITY_COMP) + || s->h_edge_pos < 18 || v_edge_pos < 18 || (unsigned)uvsrc_x > (s->h_edge_pos >> 1) - 9 || (unsigned)uvsrc_y > (v_edge_pos >> 1) - 9) { s->dsp.emulated_edge_mc(s->edge_emu_buffer , srcU, s->uvlinesize, @@ -1102,6 +1105,7 @@ static void vc1_mc_4mv_chroma4(VC1Context *v) if (fieldmv && (uvsrc_y & 1) && uvsrc_y < 2) uvsrc_y--; if ((v->mv_mode == MV_PMODE_INTENSITY_COMP) + || s->h_edge_pos < 10 || v_edge_pos < (5 << fieldmv) || (unsigned)uvsrc_x > (s->h_edge_pos >> 1) - 5 || (unsigned)uvsrc_y > v_edge_pos - (5 << fieldmv)) { s->dsp.emulated_edge_mc(s->edge_emu_buffer, srcU, s->uvlinesize, @@ -2006,7 +2010,7 @@ static void vc1_interp_mc(VC1Context *v) srcV = s->edge_emu_buffer + 18 * s->linesize; } - if (v->rangeredfrm + if (v->rangeredfrm || s->h_edge_pos < 22 || v_edge_pos < 22 || (unsigned)(src_x - s->mspel) > s->h_edge_pos - (mx & 3) - 16 - s->mspel * 3 || (unsigned)(src_y - s->mspel) > v_edge_pos - (my & 3) - 16 - s->mspel * 3) { uint8_t *uvbuf = s->edge_emu_buffer + 19 * s->linesize; From 601e64845881af79c0d40762d7f08664699c1e25 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 5 Jan 2012 03:00:56 +0100 Subject: [PATCH 253/331] Update for 0.9.1 Signed-off-by: Michael Niedermayer --- Doxyfile | 2 +- RELEASE | 2 +- VERSION | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Doxyfile b/Doxyfile index 98b2a43ee4..ca1aa895ff 100644 --- a/Doxyfile +++ b/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 0.9 +PROJECT_NUMBER = 0.9.1 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. diff --git a/RELEASE b/RELEASE index b63ba696b7..f374f6662e 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -0.9 +0.9.1 diff --git a/VERSION b/VERSION index 9a7d84f2a9..f374f6662e 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.9 \ No newline at end of file +0.9.1 From ad6eefc0d858da5a0000ae60c28acbe38cf5b87a Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Thu, 12 Jan 2012 16:53:42 +0100 Subject: [PATCH 254/331] Fix compilation with yasm-0.6.2. --- libavcodec/x86/imdct36_sse.asm | 2 ++ libavcodec/x86/proresdsp.asm | 2 ++ libavcodec/x86/v210-init.c | 4 ++-- libavcodec/x86/v210.asm | 4 ++++ libswscale/x86/scale.asm | 4 ++++ libswscale/x86/swscale_mmx.c | 2 +- 6 files changed, 15 insertions(+), 3 deletions(-) diff --git a/libavcodec/x86/imdct36_sse.asm b/libavcodec/x86/imdct36_sse.asm index 2b8fe57e0b..95a7c0154c 100644 --- a/libavcodec/x86/imdct36_sse.asm +++ b/libavcodec/x86/imdct36_sse.asm @@ -357,5 +357,7 @@ DEFINE_IMDCT ssse3 %define BUILDINVHIGHLOW BUILDINVHIGHLOW_AVX %define PSHUFD PSHUFD_SSE_AVX +%ifdef HAVE_AVX INIT_AVX DEFINE_IMDCT avx +%endif diff --git a/libavcodec/x86/proresdsp.asm b/libavcodec/x86/proresdsp.asm index d674308c05..f733bdf7cb 100644 --- a/libavcodec/x86/proresdsp.asm +++ b/libavcodec/x86/proresdsp.asm @@ -306,7 +306,9 @@ INIT_XMM idct_put_fn sse2, 16 INIT_XMM idct_put_fn sse4, 16 +%ifdef HAVE_AVX INIT_AVX idct_put_fn avx, 16 +%endif %endif diff --git a/libavcodec/x86/v210-init.c b/libavcodec/x86/v210-init.c index 4dd6d6de8a..425c6284c5 100644 --- a/libavcodec/x86/v210-init.c +++ b/libavcodec/x86/v210-init.c @@ -34,14 +34,14 @@ av_cold void v210_x86_init(V210DecContext *s) if (cpu_flags & AV_CPU_FLAG_SSSE3) s->unpack_frame = ff_v210_planar_unpack_aligned_ssse3; - if (cpu_flags & AV_CPU_FLAG_AVX) + if (HAVE_AVX && cpu_flags & AV_CPU_FLAG_AVX) s->unpack_frame = ff_v210_planar_unpack_aligned_avx; } else { if (cpu_flags & AV_CPU_FLAG_SSSE3) s->unpack_frame = ff_v210_planar_unpack_unaligned_ssse3; - if (cpu_flags & AV_CPU_FLAG_AVX) + if (HAVE_AVX && cpu_flags & AV_CPU_FLAG_AVX) s->unpack_frame = ff_v210_planar_unpack_unaligned_avx; } #endif diff --git a/libavcodec/x86/v210.asm b/libavcodec/x86/v210.asm index 344bed0beb..9ce17c2ed5 100644 --- a/libavcodec/x86/v210.asm +++ b/libavcodec/x86/v210.asm @@ -76,10 +76,14 @@ cglobal v210_planar_unpack_%1_%2, 5, 5 INIT_XMM v210_planar_unpack unaligned, ssse3 +%ifdef HAVE_AVX INIT_AVX v210_planar_unpack unaligned, avx +%endif INIT_XMM v210_planar_unpack aligned, ssse3 +%ifdef HAVE_AVX INIT_AVX v210_planar_unpack aligned, avx +%endif diff --git a/libswscale/x86/scale.asm b/libswscale/x86/scale.asm index e8a5e5cd7c..0df1bb82be 100644 --- a/libswscale/x86/scale.asm +++ b/libswscale/x86/scale.asm @@ -667,10 +667,12 @@ yuv2planeX_fn sse4, 9, 7, 5 yuv2planeX_fn sse4, 10, 7, 5 yuv2planeX_fn sse4, 16, 8, 5 +%ifdef HAVE_AVX INIT_AVX yuv2planeX_fn avx, 8, 10, 7 yuv2planeX_fn avx, 9, 7, 5 yuv2planeX_fn avx, 10, 7, 5 +%endif ; %1=outout-bpc, %2=alignment (u/a) %macro yuv2plane1_mainloop 2 @@ -804,8 +806,10 @@ yuv2plane1_fn 16, 6, 3 INIT_XMM sse4 yuv2plane1_fn 16, 5, 3 +%ifdef HAVE_AVX INIT_XMM avx yuv2plane1_fn 8, 5, 5 yuv2plane1_fn 9, 5, 3 yuv2plane1_fn 10, 5, 3 yuv2plane1_fn 16, 5, 3 +%endif diff --git a/libswscale/x86/swscale_mmx.c b/libswscale/x86/swscale_mmx.c index 55dc08af55..9bec37d91b 100644 --- a/libswscale/x86/swscale_mmx.c +++ b/libswscale/x86/swscale_mmx.c @@ -397,7 +397,7 @@ switch(c->dstBpc){ \ c->yuv2plane1 = ff_yuv2plane1_16_sse4; } - if (cpu_flags & AV_CPU_FLAG_AVX) { + if (HAVE_AVX && cpu_flags & AV_CPU_FLAG_AVX) { ASSIGN_VSCALEX_FUNC(c->yuv2planeX, avx, avx, 1,); ASSIGN_VSCALE_FUNC(c->yuv2plane1, avx, avx, 1); } From 63945e2226238886ccfd245de68647e8222bf026 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 16 Jan 2012 22:26:52 +0100 Subject: [PATCH 255/331] indeo4: fix LE reader define for backport Fixes Ticket920 Signed-off-by: Michael Niedermayer --- libavcodec/indeo4.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/indeo4.c b/libavcodec/indeo4.c index 8f6d2eab65..9ce701b0f2 100644 --- a/libavcodec/indeo4.c +++ b/libavcodec/indeo4.c @@ -27,7 +27,7 @@ * Known FOURCCs: 'IV41' */ -#define BITSTREAM_READER_LE +#define ALT_BITSTREAM_READER_LE #include "avcodec.h" #include "get_bits.h" #include "dsputil.h" From 515b7f08b16c202d245f58a1e378eb1431aa5541 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tomas=20H=C3=A4rdin?= Date: Tue, 20 Mar 2012 11:03:48 +0100 Subject: [PATCH 256/331] mxfdec: Only parse next partition pack if parsing forward This fixes ticket #1099. Signed-off-by: Michael Niedermayer (cherry picked from commit 393b81f0934866bd7fff0a2b113623dd9ee6808f) --- libavformat/mxfdec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index e97b2a45f4..8fdc5caeb3 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -1662,6 +1662,9 @@ static int mxf_read_header(AVFormatContext *s, AVFormatParameters *ap) /* next partition pack - keep going, seek to previous partition or stop */ if(mxf_parse_handle_partition_or_eof(mxf) <= 0) break; + else if (mxf->parsing_backward) + continue; + /* we're still parsing forward. proceed to parsing this partition pack */ } for (metadata = mxf_metadata_read_table; metadata->read; metadata++) { From 32a79b56493d98532512715689b9fe017a2f2fa2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Franz=20Brau=C3=9Fe?= Date: Fri, 30 Mar 2012 14:40:14 -0400 Subject: [PATCH 257/331] smacker audio: sign-extend the initial 16-bit predicted value Fixes Bug #265 Signed-off-by: Justin Ruggles (cherry picked from commit 12cbbbb4abda2de0ea123282ccf7ebee61517f7d) --- libavcodec/smacker.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c index fdc28e1a07..347e94d098 100644 --- a/libavcodec/smacker.c +++ b/libavcodec/smacker.c @@ -659,7 +659,7 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data, } if(bits) { //decode 16-bit data for(i = stereo; i >= 0; i--) - pred[i] = av_bswap16(get_bits(&gb, 16)); + pred[i] = sign_extend(av_bswap16(get_bits(&gb, 16)), 16); for(i = 0; i <= stereo; i++) *samples++ = pred[i]; for(; i < unp_size / 2; i++) { From 89f2d6c349ae9e4417af2eb41402fb69256a63a5 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 4 Apr 2012 03:43:23 +0200 Subject: [PATCH 258/331] h264: fix seeking in low delay streams without IDR Fixes Ticket1165 Signed-off-by: Michael Niedermayer (cherry picked from commit 3360b8517a1f478c4102072e5eadd8ba78be0538) --- libavcodec/h264_refs.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/h264_refs.c b/libavcodec/h264_refs.c index 8432a8a5b6..926a6cc40d 100644 --- a/libavcodec/h264_refs.c +++ b/libavcodec/h264_refs.c @@ -655,6 +655,8 @@ int ff_h264_execute_ref_pic_marking(H264Context *h, MMCO *mmco, int mmco_count){ if(err >= 0 && h->long_ref_count==0 && h->short_ref_count<=2 && h->pps.ref_count[0]<=1 + (s->picture_structure != PICT_FRAME) && s->current_picture_ptr->f.pict_type == AV_PICTURE_TYPE_I){ s->current_picture_ptr->sync |= 1; + if(!h->s.avctx->has_b_frames) + h->sync = 2; } return (h->s.avctx->err_recognition & AV_EF_EXPLODE) ? err : 0; From 5667eaf010461bd973278f61f31a27e8ecf6a05e Mon Sep 17 00:00:00 2001 From: Stefano Sabatini Date: Thu, 29 Mar 2012 00:17:23 +0200 Subject: [PATCH 259/331] lavfi/fade: fix black level for non studio-level pixel formats Fix trac ticket #1139, regression introduced in 8c1fb50d077d5f954. (cherry picked from commit 95ce0ddcfe99182365e0e57f5f41d7f1a01c57eb) --- libavfilter/vf_fade.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavfilter/vf_fade.c b/libavfilter/vf_fade.c index 68cb567571..f20ba71c55 100644 --- a/libavfilter/vf_fade.c +++ b/libavfilter/vf_fade.c @@ -191,9 +191,9 @@ static int config_props(AVFilterLink *inlink) fade->alpha = fade->alpha ? ff_fmt_is_in(inlink->format, alpha_pix_fmts) : 0; fade->is_packed_rgb = ff_fill_rgba_map(fade->rgba_map, inlink->format) >= 0; - /* CCIR601/709 black level unless input is RGB or has alpha */ + /* use CCIR601/709 black level for studio-level pixel non-alpha components */ fade->black_level = - ff_fmt_is_in(inlink->format, studio_level_pix_fmts) || fade->alpha ? 0 : 16; + ff_fmt_is_in(inlink->format, studio_level_pix_fmts) && !fade->alpha ? 16 : 0; /* 32768 = 1 << 15, it is an integer representation * of 0.5 and is for rounding. */ fade->black_level_scaled = (fade->black_level << 16) + 32768; From cf9b04c6f23f4cd544641ebe0fd7371e3653835e Mon Sep 17 00:00:00 2001 From: ami_stuff Date: Thu, 22 Mar 2012 19:28:52 +0100 Subject: [PATCH 260/331] Replace SSE2 instruction in scalarproduct_float_sse() by SSE equivalent. Fixes an AAC decoding issue with the sample from ticket #213 on machines with SSE but without SSE2. Based on 89411a by Reimar. (cherry picked from commit f6b78638086beae9bcab672d4c9de1790be5a928) --- libavcodec/x86/dsputil_yasm.asm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/x86/dsputil_yasm.asm b/libavcodec/x86/dsputil_yasm.asm index dcd6fa4223..0f533241b1 100644 --- a/libavcodec/x86/dsputil_yasm.asm +++ b/libavcodec/x86/dsputil_yasm.asm @@ -475,7 +475,7 @@ cglobal scalarproduct_float_sse, 3,3,2, v1, v2, offset shufps xmm0, xmm0, 1 addss xmm0, xmm1 %ifndef ARCH_X86_64 - movd r0m, xmm0 + movss r0m, xmm0 fld dword r0m %endif RET From 7a877418e30b09a724684e5bc8742d864d35e31d Mon Sep 17 00:00:00 2001 From: Fabian Greffrath Date: Sat, 3 Mar 2012 02:35:27 +0100 Subject: [PATCH 261/331] srtdec: fix a format string vulnerability. Signed-off-by: Michael Niedermayer (cherry picked from commit aaa1173de775b9b865a714abcc270816d2f59dff) --- libavcodec/srtdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/srtdec.c b/libavcodec/srtdec.c index aa73f4c7bf..b6f2dade0c 100644 --- a/libavcodec/srtdec.c +++ b/libavcodec/srtdec.c @@ -110,7 +110,7 @@ static const char *srt_to_ass(AVCodecContext *avctx, char *out, char *out_end, for (j=sptr-2; j>=0; j--) if (stack[j].param[i][0]) { out += snprintf(out, out_end-out, - stack[j].param[i]); + "%s", stack[j].param[i]); break; } } else { @@ -146,7 +146,7 @@ static const char *srt_to_ass(AVCodecContext *avctx, char *out, char *out_end, for (i=0; i Date: Sat, 3 Mar 2012 03:37:52 +0100 Subject: [PATCH 262/331] qpeg: Fix out of array writes. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer --- libavcodec/qpeg.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/qpeg.c b/libavcodec/qpeg.c index bbb9f71aae..adbeff03ae 100644 --- a/libavcodec/qpeg.c +++ b/libavcodec/qpeg.c @@ -203,6 +203,8 @@ static void qpeg_decode_inter(const uint8_t *src, uint8_t *dst, int size, filled = 0; dst -= stride; height--; + if(height < 0) + break; } } } else if(code >= 0xC0) { /* copy code: 0xC0..0xDF */ @@ -214,6 +216,8 @@ static void qpeg_decode_inter(const uint8_t *src, uint8_t *dst, int size, filled = 0; dst -= stride; height--; + if(height < 0) + break; } } size -= code + 1; From 9de0c8c60c37a522cbb7de57dca6c623152e4634 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 16 Mar 2012 15:10:33 +0100 Subject: [PATCH 263/331] sonic: update to new API Fixes Ticket1075 Signed-off-by: Michael Niedermayer (cherry picked from commit 6f9803e5e02c557e1003cface9f3084a7e1e43e4) Conflicts: libavcodec/sonic.c Signed-off-by: Michael Niedermayer --- libavcodec/sonic.c | 36 ++++++++++++++++++++++++------------ 1 file changed, 24 insertions(+), 12 deletions(-) diff --git a/libavcodec/sonic.c b/libavcodec/sonic.c index e7cdb3ba81..d33514f421 100644 --- a/libavcodec/sonic.c +++ b/libavcodec/sonic.c @@ -44,6 +44,7 @@ #define RIGHT_SIDE 2 typedef struct SonicContext { + AVFrame frame; int lossless, decorrelation; int num_taps, downsampling; @@ -757,6 +758,9 @@ static av_cold int sonic_decode_init(AVCodecContext *avctx) s->channels = avctx->channels; s->samplerate = avctx->sample_rate; + avcodec_get_frame_defaults(&s->frame); + avctx->coded_frame = &s->frame; + if (!avctx->extradata) { av_log(avctx, AV_LOG_ERROR, "No mandatory headers present\n"); @@ -848,18 +852,25 @@ static av_cold int sonic_decode_close(AVCodecContext *avctx) } static int sonic_decode_frame(AVCodecContext *avctx, - void *data, int *data_size, + void *data, int *got_frame_ptr, AVPacket *avpkt) { const uint8_t *buf = avpkt->data; int buf_size = avpkt->size; SonicContext *s = avctx->priv_data; GetBitContext gb; - int i, quant, ch, j; - short *samples = data; + int i, quant, ch, j, ret; + short *samples; if (buf_size == 0) return 0; + s->frame.nb_samples = s->frame_size; + if ((ret = avctx->get_buffer(avctx, &s->frame)) < 0) { + av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n"); + return ret; + } + samples = s->frame.data[0]; + // av_log(NULL, AV_LOG_INFO, "buf_size: %d\n", buf_size); init_get_bits(&gb, buf, buf_size*8); @@ -930,20 +941,21 @@ static int sonic_decode_frame(AVCodecContext *avctx, align_get_bits(&gb); - *data_size = s->frame_size * 2; + *got_frame_ptr = 1; + *(AVFrame*)data = s->frame; return (get_bits_count(&gb)+7)/8; } AVCodec ff_sonic_decoder = { - "sonic", - AVMEDIA_TYPE_AUDIO, - CODEC_ID_SONIC, - sizeof(SonicContext), - sonic_decode_init, - NULL, - sonic_decode_close, - sonic_decode_frame, + .name = "sonic", + .type = AVMEDIA_TYPE_AUDIO, + .id = CODEC_ID_SONIC, + .priv_data_size = sizeof(SonicContext), + .init = sonic_decode_init, + .close = sonic_decode_close, + .decode = sonic_decode_frame, + .capabilities = CODEC_CAP_DR1, .long_name = NULL_IF_CONFIG_SMALL("Sonic"), }; #endif /* CONFIG_SONIC_DECODER */ From e70d202275bf93c6f0d480937a8230d45c343561 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 22 Mar 2012 23:43:37 +0100 Subject: [PATCH 264/331] vqavideodev: Check image dimensions Fixes out of heap array read Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 3583c8706df0abbfa3ecdd6730f4f3d72a01fe6d) Independently-Found-by: Fabian Yamaguchi Fixes: CVE-2012-0947 Conflicts: libavcodec/vqavideo.c --- libavcodec/vqavideo.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/vqavideo.c b/libavcodec/vqavideo.c index 917e04be47..727354defa 100644 --- a/libavcodec/vqavideo.c +++ b/libavcodec/vqavideo.c @@ -164,6 +164,11 @@ static av_cold int vqa_decode_init(AVCodecContext *avctx) s->codebook = av_malloc(s->codebook_size); s->next_codebook_buffer = av_malloc(s->codebook_size); + if (s->width % s->vector_width || s->height % s->vector_height) { + av_log(avctx, AV_LOG_ERROR, "Picture dimensions are not a multiple of the vector size\n"); + return AVERROR_INVALIDDATA; + } + /* initialize the solid-color vectors */ if (s->vector_height == 4) { codebook_index = 0xFF00 * 16; From e390a9de6f04eb081b66c8a81a88b17e08c5e605 Mon Sep 17 00:00:00 2001 From: Janne Grunau Date: Thu, 5 Jan 2012 22:12:35 +0100 Subject: [PATCH 265/331] electronicarts: check bytes per sample for validity Prevents division by zero. --- libavformat/electronicarts.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavformat/electronicarts.c b/libavformat/electronicarts.c index 43d1f26a8e..53041eee51 100644 --- a/libavformat/electronicarts.c +++ b/libavformat/electronicarts.c @@ -440,6 +440,11 @@ static int ea_read_header(AVFormatContext *s, ea->audio_codec = 0; return 1; } + if (ea->bytes <= 0) { + av_log(s, AV_LOG_ERROR, "Invalid number of bytes per sample: %d\n", ea->bytes); + ea->audio_codec = CODEC_ID_NONE; + return 1; + } /* initialize the audio decoder stream */ st = avformat_new_stream(s, NULL); From 4702154464d53db0616b348be6332acd8ae4d6be Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 3 May 2012 01:27:16 +0200 Subject: [PATCH 266/331] update for 0.9.2 Signed-off-by: Michael Niedermayer --- Doxyfile | 2 +- RELEASE | 2 +- VERSION | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Doxyfile b/Doxyfile index ca1aa895ff..8554fe80f0 100644 --- a/Doxyfile +++ b/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 0.9.1 +PROJECT_NUMBER = 0.9.2 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. diff --git a/RELEASE b/RELEASE index f374f6662e..2003b639c4 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -0.9.1 +0.9.2 diff --git a/VERSION b/VERSION index f374f6662e..2003b639c4 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.9.1 +0.9.2 From e11fa0879a66d4e9c0258b6232a8f59121308d0c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 17 Mar 2012 20:45:45 +0100 Subject: [PATCH 267/331] dsp: fix diff_bytes_mmx() with small width Fixes Ticket1068 Signed-off-by: Michael Niedermayer (cherry picked from commit 73089eccd3e48539555349b36d8aabbf1cea416e) Signed-off-by: Michael Niedermayer --- libavcodec/x86/dsputilenc_mmx.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/x86/dsputilenc_mmx.c b/libavcodec/x86/dsputilenc_mmx.c index f13c1219da..35d50bec9e 100644 --- a/libavcodec/x86/dsputilenc_mmx.c +++ b/libavcodec/x86/dsputilenc_mmx.c @@ -823,6 +823,7 @@ static int vsad16_mmx2(void *v, uint8_t * pix1, uint8_t * pix2, int line_size, i static void diff_bytes_mmx(uint8_t *dst, uint8_t *src1, uint8_t *src2, int w){ x86_reg i=0; + if(w>=16) __asm__ volatile( "1: \n\t" "movq (%2, %0), %%mm0 \n\t" From 5d6982c13bba56115125de68969f46906038b73e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 31 Mar 2012 21:42:50 +0200 Subject: [PATCH 268/331] indeo4: check that num_mbs matches Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit d3db8988d5befd8702a748cf1957415677bfe75c) Signed-off-by: Michael Niedermayer --- libavcodec/indeo4.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/indeo4.c b/libavcodec/indeo4.c index 9ce701b0f2..6763af4eb8 100644 --- a/libavcodec/indeo4.c +++ b/libavcodec/indeo4.c @@ -473,6 +473,11 @@ static int decode_mb_info(IVI4DecContext *ctx, IVIBandDesc *band, mv_scale = (ctx->planes[0].bands[0].mb_size >> 3) - (band->mb_size >> 3); mv_x = mv_y = 0; + if (((tile->width + band->mb_size-1)/band->mb_size) * ((tile->height + band->mb_size-1)/band->mb_size) != tile->num_MBs) { + av_log(avctx, AV_LOG_ERROR, "num_MBs mismatch %d %d %d %d\n", tile->width, tile->height, band->mb_size, tile->num_MBs); + return -1; + } + for (y = tile->ypos; y < tile->ypos + tile->height; y += band->mb_size) { mb_offset = offs; From f6ebfeb5b4e659d51c24af07a3b2db4221edc56e Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Fri, 31 Aug 2012 14:17:18 +0200 Subject: [PATCH 269/331] Clarify that -passlogfile has a different syntax when used with -vcodec libx264. --- doc/ffmpeg.texi | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/doc/ffmpeg.texi b/doc/ffmpeg.texi index 553d759ba2..e9276c279a 100644 --- a/doc/ffmpeg.texi +++ b/doc/ffmpeg.texi @@ -407,6 +407,10 @@ prefix is ``ffmpeg2pass''. The complete file name will be @file{PREFIX-N.log}, where N is a number specific to the output stream +Note that this option is overwritten by a local option of the same name +when using @code{-vcodec libx264}. That option maps to the x264 option stats +which has a different syntax. + @item -vlang @var{code} Set the ISO 639 language code (3 letters) of the current video stream. From 3c3ee65ebb2c0a49c8dabe56ddb3f42343ba3ac7 Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Sun, 24 Jun 2012 11:17:13 +0100 Subject: [PATCH 270/331] dxva2: include dxva.h if found MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Apparently, some build environments require dxva.h even for dxva2, while others lack this header entirely. Including it conditionally allows building in both cases. Signed-off-by: Martin Storsjö (cherry picked from commit fa84506177f0246b30d4ea6a99ee5d419f3e4550) Conflicts: configure Signed-off-by: Michael Niedermayer --- configure | 2 ++ libavcodec/dxva2_internal.h | 7 +++++++ 2 files changed, 9 insertions(+) diff --git a/configure b/configure index 23ca4df481..b58e277528 100755 --- a/configure +++ b/configure @@ -1157,6 +1157,7 @@ HAVE_LIST=" dlfcn_h dlopen dos_paths + dxva_h ebp_available ebx_available exp2 @@ -2991,6 +2992,7 @@ check_func_headers windows.h MapViewOfFile check_func_headers windows.h VirtualAlloc check_header dlfcn.h +check_header dxva.h check_header dxva2api.h -D_WIN32_WINNT=0x0600 check_header libcrystalhd/libcrystalhd_if.h check_header malloc.h diff --git a/libavcodec/dxva2_internal.h b/libavcodec/dxva2_internal.h index 23d4d87522..fcf45bc664 100644 --- a/libavcodec/dxva2_internal.h +++ b/libavcodec/dxva2_internal.h @@ -25,7 +25,14 @@ #define _WIN32_WINNT 0x0600 #define COBJMACROS + +#include "config.h" + #include "dxva2.h" +#if HAVE_DXVA_H +#include +#endif + #include "avcodec.h" #include "mpegvideo.h" From f7d7b01e81ff17c196b809a60368eb346cf6091b Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Wed, 12 Sep 2012 13:08:27 +0200 Subject: [PATCH 271/331] Fix muxing mjpeg in swf. (cherry picked from commit 7680d99b4302e476076cc1b8f2567f47c2aaef4d) --- libavformat/swfenc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/swfenc.c b/libavformat/swfenc.c index af812d09eb..0ad7b3342c 100644 --- a/libavformat/swfenc.c +++ b/libavformat/swfenc.c @@ -498,8 +498,10 @@ static int swf_write_trailer(AVFormatContext *s) avio_wl32(pb, file_size); avio_seek(pb, swf->duration_pos, SEEK_SET); avio_wl16(pb, swf->video_frame_number); + if (swf->vframes_pos) { avio_seek(pb, swf->vframes_pos, SEEK_SET); avio_wl16(pb, swf->video_frame_number); + } avio_seek(pb, file_size, SEEK_SET); } return 0; From e9aeab39098936f53cc955c8175bb7ade504fb8d Mon Sep 17 00:00:00 2001 From: jamal Date: Fri, 3 Aug 2012 17:13:27 -0300 Subject: [PATCH 272/331] build: Fix some paths in uninstall-libs Folder and file names weren't being separated with a slash. This resulted in .dll.a, .lib and .def files not being removed on uninstall. Signed-off-by: Alexander Strasser (cherry picked from commit 49440853d0c1e740daee0e2df1e65d5e67b1ad6b) Signed-off-by: Michael Niedermayer --- subdir.mak | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/subdir.mak b/subdir.mak index 3589dfb7d6..84d92e7c60 100644 --- a/subdir.mak +++ b/subdir.mak @@ -84,8 +84,8 @@ uninstall-libs:: -$(RM) "$(SHLIBDIR)/$(SLIBNAME_WITH_MAJOR)" \ "$(SHLIBDIR)/$(SLIBNAME)" \ "$(SHLIBDIR)/$(SLIBNAME_WITH_VERSION)" - -$(RM) $(SLIB_INSTALL_EXTRA_SHLIB:%="$(SHLIBDIR)"%) - -$(RM) $(SLIB_INSTALL_EXTRA_LIB:%="$(LIBDIR)"%) + -$(RM) $(SLIB_INSTALL_EXTRA_SHLIB:%="$(SHLIBDIR)/%") + -$(RM) $(SLIB_INSTALL_EXTRA_LIB:%="$(LIBDIR)/%") -$(RM) "$(LIBDIR)/$(LIBNAME)" uninstall-headers:: From 455b98b7775c68fd02adbeec9681e35ad725a838 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 18 Oct 2012 04:58:20 +0200 Subject: [PATCH 273/331] riff: retry reading metadata without padding if it fails with Fixes Ticket1821 Reviewed-by: Paul B Mahol Signed-off-by: Michael Niedermayer (cherry picked from commit d0c27e88d2bb495d61bd32f41769f767a0c2a802) --- libavformat/riff.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/libavformat/riff.c b/libavformat/riff.c index 74f384d268..59dd5df711 100644 --- a/libavformat/riff.c +++ b/libavformat/riff.c @@ -701,8 +701,13 @@ int ff_read_riff_info(AVFormatContext *s, int64_t size) chunk_code = avio_rl32(pb); chunk_size = avio_rl32(pb); if (chunk_size > end || end - chunk_size < cur || chunk_size == UINT_MAX) { - av_log(s, AV_LOG_ERROR, "too big INFO subchunk\n"); - return AVERROR_INVALIDDATA; + avio_seek(pb, -9, SEEK_CUR); + chunk_code = avio_rl32(pb); + chunk_size = avio_rl32(pb); + if (chunk_size > end || end - chunk_size < cur || chunk_size == UINT_MAX) { + av_log(s, AV_LOG_ERROR, "too big INFO subchunk\n"); + return AVERROR_INVALIDDATA; + } } chunk_size += (chunk_size & 1); From ec6271c01995b189ba7f63d394799645bf1de50d Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 23 Nov 2012 23:35:16 +0100 Subject: [PATCH 274/331] riff: ignore ff_read_riff_info() failure. Some files simply contain invalid info tags. Fixes unrelated bug posted into Ticket1821 Signed-off-by: Michael Niedermayer (cherry picked from commit 09456d0df13404f004ab3a341d9ac21b7e5e6d6d) --- libavformat/wav.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libavformat/wav.c b/libavformat/wav.c index 9d4b0708b8..2080d8e664 100644 --- a/libavformat/wav.c +++ b/libavformat/wav.c @@ -513,8 +513,7 @@ static int wav_read_header(AVFormatContext *s, } switch (list_type) { case MKTAG('I', 'N', 'F', 'O'): - if ((ret = ff_read_riff_info(s, size - 4)) < 0) - return ret; + ff_read_riff_info(s, size - 4); } break; } From 436c011a77be8912e0b81f5178e1154b737633d1 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 22 Nov 2012 23:08:01 +0100 Subject: [PATCH 275/331] avidec: try to support oddly muxed MMES stream Fixes ticket1804 Signed-off-by: Michael Niedermayer (cherry picked from commit be89693ddc5a8cdeaf3edf48fb584d6adca54de0) --- libavformat/avidec.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavformat/avidec.c b/libavformat/avidec.c index 4bf1fd6916..de8933c11a 100644 --- a/libavformat/avidec.c +++ b/libavformat/avidec.c @@ -1230,6 +1230,11 @@ static int avi_read_idx1(AVFormatContext *s, int size) avi->stream_index = -1; avio_seek(pb, idx1_pos, SEEK_SET); + if (s->nb_streams == 1 && s->streams[0]->codec->codec_tag == AV_RL32("MMES")){ + first_packet_pos = 0; + data_offset = avi->movi_list; + } + /* Read the entries and sort them in each stream component. */ for(i = 0; i < nb_index_entries; i++) { if(url_feof(pb)) From 42abae1125d778f4f39a049efaa19fe46fdc6672 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20B=C5=93sch?= Date: Sun, 30 Dec 2012 06:53:48 +0100 Subject: [PATCH 276/331] lavc/ass_split: check for NULL pointer in ff_ass_split_override_codes(). This is consistent with the other ff_ass_split_* functions. It also fixes a crash when trying to split a dialog with text=NULL (which seems to happen when the text of the dialog is empty); basically, this commit fixes crashes when trying to encode an empty text subtitle dialog (see subrip and mov_text encoders). Fixes Ticket2048. (cherry picked from commit c83002a4f8042ccfa0688a9a18e8fa0369c1fda8) --- libavcodec/ass_split.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/ass_split.c b/libavcodec/ass_split.c index 2a3b76445e..33c1c2714f 100644 --- a/libavcodec/ass_split.c +++ b/libavcodec/ass_split.c @@ -366,7 +366,7 @@ int ff_ass_split_override_codes(const ASSCodesCallbacks *callbacks, void *priv, char new_line[2]; int text_len = 0; - while (*buf) { + while (buf && *buf) { if (text && callbacks->text && (sscanf(buf, "\\%1[nN]", new_line) == 1 || !strncmp(buf, "{\\", 2))) { From 8b48e2c654cd75ef960d71fedecdce1e1175b8ed Mon Sep 17 00:00:00 2001 From: Piotr Bandurski Date: Sun, 6 Jan 2013 01:56:23 +0100 Subject: [PATCH 277/331] tiffdec: Use the correct height field. Fixes Ticket913 Signed-off-by: Michael Niedermayer (cherry picked from commit 4784a135b2b0fe4d1b4c6256bd37265fc45aed3d) Conflicts: libavcodec/tiff.c --- libavcodec/tiff.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c index 1060a4403e..690d691e92 100644 --- a/libavcodec/tiff.c +++ b/libavcodec/tiff.c @@ -436,7 +436,7 @@ static int tiff_decode_tag(TiffContext *s, const uint8_t *start, const uint8_t * break; case TIFF_ROWSPERSTRIP: if(type == TIFF_LONG && value == -1) - value = s->avctx->height; + value = s->height; if(value < 1){ av_log(s->avctx, AV_LOG_ERROR, "Incorrect value of rows per strip\n"); return -1; From 9103d77ffc0ee9f994555a50fd50eeb1861afb03 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Thu, 24 Jan 2013 02:30:40 +0100 Subject: [PATCH 278/331] matroskaenc: add codec_tag lists back. This reverts 312645e : "Do not set codec_tag property for matroska muxers." Also adds dummy codec_tag lists with codecs supported in mkv but not in wav / avi. Fixes ticket #2169. (cherry picked from commit df39c3ce385c02cbd8046298578ea7454c0a0f81) Conflicts: libavformat/matroskaenc.c --- libavformat/matroska.c | 3 +++ libavformat/matroskaenc.c | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/libavformat/matroska.c b/libavformat/matroska.c index 52481d7556..a5a4363cc0 100644 --- a/libavformat/matroska.c +++ b/libavformat/matroska.c @@ -21,6 +21,9 @@ #include "matroska.h" +/* If you add a tag here that is not in ff_codec_bmp_tags[] + or ff_codec_wav_tags[], add it also to additional_audio_tags[] + or additional_video_tags[] in matroskaenc.c */ const CodecTags ff_mkv_codec_tags[]={ {"A_AAC" , CODEC_ID_AAC}, {"A_AC3" , CODEC_ID_AC3}, diff --git a/libavformat/matroskaenc.c b/libavformat/matroskaenc.c index b8c4667a4e..e556b3c3e9 100644 --- a/libavformat/matroskaenc.c +++ b/libavformat/matroskaenc.c @@ -1295,6 +1295,32 @@ static int mkv_query_codec(enum CodecID codec_id, int std_compliance) return 0; } +const AVCodecTag additional_audio_tags[] = { + { CODEC_ID_ALAC, 0XFFFFFFFF }, + { CODEC_ID_EAC3, 0XFFFFFFFF }, + { CODEC_ID_MLP, 0xFFFFFFFF }, + { CODEC_ID_PCM_S16BE, 0xFFFFFFFF }, + { CODEC_ID_PCM_S24BE, 0xFFFFFFFF }, + { CODEC_ID_PCM_S32BE, 0xFFFFFFFF }, + { CODEC_ID_QDM2, 0xFFFFFFFF }, + { CODEC_ID_RA_144, 0xFFFFFFFF }, + { CODEC_ID_RA_288, 0xFFFFFFFF }, + { CODEC_ID_COOK, 0xFFFFFFFF }, + { CODEC_ID_TRUEHD, 0xFFFFFFFF }, + { CODEC_ID_TTA, 0xFFFFFFFF }, + { CODEC_ID_WAVPACK, 0xFFFFFFFF }, + { CODEC_ID_NONE, 0xFFFFFFFF } +}; + +const AVCodecTag additional_video_tags[] = { + { CODEC_ID_PRORES, 0xFFFFFFFF }, + { CODEC_ID_RV10, 0xFFFFFFFF }, + { CODEC_ID_RV20, 0xFFFFFFFF }, + { CODEC_ID_RV30, 0xFFFFFFFF }, + { CODEC_ID_RV40, 0xFFFFFFFF }, + { CODEC_ID_NONE, 0xFFFFFFFF } +}; + #if CONFIG_MATROSKA_MUXER AVOutputFormat ff_matroska_muxer = { .name = "matroska", @@ -1316,6 +1342,10 @@ AVOutputFormat ff_matroska_muxer = { .write_packet = mkv_write_packet, .write_trailer = mkv_write_trailer, .flags = AVFMT_GLOBALHEADER | AVFMT_VARIABLE_FPS, + .codec_tag = (const AVCodecTag* const []){ + ff_codec_bmp_tags, ff_codec_wav_tags, + additional_audio_tags, additional_video_tags, 0 + }, .subtitle_codec = CODEC_ID_SSA, .query_codec = mkv_query_codec, }; @@ -1354,5 +1384,8 @@ AVOutputFormat ff_matroska_audio_muxer = { .write_packet = mkv_write_packet, .write_trailer = mkv_write_trailer, .flags = AVFMT_GLOBALHEADER, + .codec_tag = (const AVCodecTag* const []){ + ff_codec_wav_tags, additional_audio_tags, 0 + }, }; #endif From 9f0bf48b5ce4476f889f52344fc8ab6bb904f874 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 6 Feb 2013 01:25:52 +0100 Subject: [PATCH 279/331] ffmpeg: dont allow -flags to override -pass Fixes Ticket2154 Signed-off-by: Michael Niedermayer (cherry picked from commit ccf9dd00da055e94117b56cead4af80ff331b00e) Conflicts: ffmpeg_opt.c --- ffmpeg.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ffmpeg.c b/ffmpeg.c index f80c6c8a8c..b120177222 100644 --- a/ffmpeg.c +++ b/ffmpeg.c @@ -3779,9 +3779,11 @@ static OutputStream *new_video_stream(OptionsContext *o, AVFormatContext *oc) if (do_pass) { if (do_pass & 1) { video_enc->flags |= CODEC_FLAG_PASS1; + av_dict_set(&ost->opts, "flags", "+pass1", AV_DICT_APPEND); } if (do_pass & 2) { video_enc->flags |= CODEC_FLAG_PASS2; + av_dict_set(&ost->opts, "flags", "+pass2", AV_DICT_APPEND); } } From cbadebd8ccd05e2f7786869d524c289af914eb14 Mon Sep 17 00:00:00 2001 From: Nicolas George Date: Wed, 27 Feb 2013 19:19:15 +0100 Subject: [PATCH 280/331] lavf/avio: check for : in filenames for protocols. If the first "special" character in a filename is a comma, it can introduce protocol options, but only if there is a colon at the end. Otherwise, it is just a filename with a comma. Fix trac ticket #2303. (cherry picked from commit d9fad53f4b447db1e436dcf3fc4a57e604616e6c) --- libavformat/avio.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavformat/avio.c b/libavformat/avio.c index 67005e3eca..16700d838c 100644 --- a/libavformat/avio.c +++ b/libavformat/avio.c @@ -296,7 +296,9 @@ int ffurl_alloc(URLContext **puc, const char *filename, int flags, "Missing call to av_register_all()?\n"); } - if (filename[proto_len] != ':' && filename[proto_len] != ',' || is_dos_path(filename)) + if (filename[proto_len] != ':' && + (filename[proto_len] != ',' || !strchr(filename + proto_len + 1, ':')) || + is_dos_path(filename)) strcpy(proto_str, "file"); else av_strlcpy(proto_str, filename, FFMIN(proto_len+1, sizeof(proto_str))); From dcdeeea820e4b27b26ca6d6c5101b97605f50a71 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Sat, 2 Feb 2013 22:36:25 +0100 Subject: [PATCH 281/331] Require at least three frames to autodetect loas. (cherry picked from commit a60530e3ee1d9532c026a52b03661f88e163d647) --- libavformat/loasdec.c | 1 - 1 file changed, 1 deletion(-) diff --git a/libavformat/loasdec.c b/libavformat/loasdec.c index e48c21905a..fbe1cb4aa9 100644 --- a/libavformat/loasdec.c +++ b/libavformat/loasdec.c @@ -55,7 +55,6 @@ static int loas_probe(AVProbeData *p) if (first_frames>=3) return AVPROBE_SCORE_MAX/2+1; else if(max_frames>100)return AVPROBE_SCORE_MAX/2; else if(max_frames>=3) return AVPROBE_SCORE_MAX/4; - else if(max_frames>=1) return 1; else return 0; } From 8b597077ae1b59a29350b96683cd406cfc4f801d Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Sat, 16 Mar 2013 20:13:44 +0100 Subject: [PATCH 282/331] Do not (re-)set libx264 parameter b_tff if interlaced encoding was not requested. Reconfiguring can break x264 lossless encoding. Fixes ticket #2165. (cherry picked from commit 75c7e4583f4fd727d236a12763a265502fe00988) --- libavcodec/libx264.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/libx264.c b/libavcodec/libx264.c index 38351e59cf..acc4cac07b 100644 --- a/libavcodec/libx264.c +++ b/libavcodec/libx264.c @@ -174,7 +174,7 @@ static int X264_frame(AVCodecContext *ctx, uint8_t *buf, frame->pict_type == AV_PICTURE_TYPE_P ? X264_TYPE_P : frame->pict_type == AV_PICTURE_TYPE_B ? X264_TYPE_B : X264_TYPE_AUTO; - if (x4->params.b_tff != frame->top_field_first) { + if (x4->params.b_interlaced && x4->params.b_tff != frame->top_field_first) { x4->params.b_tff = frame->top_field_first; x264_encoder_reconfig(x4->enc, &x4->params); } From 402bc31d87871a8a87056c51f58cc21841a29c6f Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Tue, 26 Mar 2013 15:16:07 +0100 Subject: [PATCH 283/331] Only test the first frame for missing aac_adtstoasc bistream filter. Many players ignore broken aac frames, so don't abort mov or flv muxing when encountering one, just print a warning instead. Fixes ticket #2380. (cherry picked from commit 1741fece7073f51efdd837a4f307ea2cdf3d1cfb) Conflicts: libavformat/flvenc.c libavformat/movenc.c --- libavformat/flvenc.c | 9 +++++++-- libavformat/movenc.c | 3 +++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/libavformat/flvenc.c b/libavformat/flvenc.c index 2f5aa28e6a..e874e14778 100644 --- a/libavformat/flvenc.c +++ b/libavformat/flvenc.c @@ -446,8 +446,13 @@ static int flv_write_packet(AVFormatContext *s, AVPacket *pkt) } } else if (enc->codec_id == CODEC_ID_AAC && pkt->size > 2 && (AV_RB16(pkt->data) & 0xfff0) == 0xfff0) { - av_log(s, AV_LOG_ERROR, "malformated aac bitstream, use -absf aac_adtstoasc\n"); - return -1; + if (!s->streams[pkt->stream_index]->nb_frames) { + av_log(s, AV_LOG_ERROR, "Malformed AAC bitstream detected: " + "use audio bitstream filter 'aac_adtstoasc' to fix it " + "('-bsf:a aac_adtstoasc' option with ffmpeg)\n"); + return AVERROR_INVALIDDATA; + } + av_log(s, AV_LOG_WARNING, "aac bitstream error\n"); } if (flv->delay == AV_NOPTS_VALUE) flv->delay = -pkt->dts; diff --git a/libavformat/movenc.c b/libavformat/movenc.c index 420e5f8403..1526944a53 100644 --- a/libavformat/movenc.c +++ b/libavformat/movenc.c @@ -2264,8 +2264,11 @@ int ff_mov_write_packet(AVFormatContext *s, AVPacket *pkt) size = ff_avc_parse_nal_units(pb, pkt->data, pkt->size); } else if (enc->codec_id == CODEC_ID_AAC && pkt->size > 2 && (AV_RB16(pkt->data) & 0xfff0) == 0xfff0) { + if (!s->streams[pkt->stream_index]->nb_frames) { av_log(s, AV_LOG_ERROR, "malformated aac bitstream, use -absf aac_adtstoasc\n"); return -1; + } + av_log(s, AV_LOG_WARNING, "aac bitstream error\n"); } else if (mov->frag_seq_num>0){ trk->cluster[trk->entry].data = av_malloc(size); if (!trk->cluster[trk->entry].data) From 38cd7f66b73a2c0bd91d121f64943ba44e18d93e Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Sat, 30 Mar 2013 08:41:46 +0100 Subject: [PATCH 284/331] Write broken aac frames to mov files instead of skipping them. Fixes decoding with picky media players. Signed-off-by: Michael Niedermayer (cherry picked from commit b448c0a68d0cc7dfef736267dfdaed0e213c020b) Conflicts: libavformat/movenc.c --- libavformat/movenc.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/libavformat/movenc.c b/libavformat/movenc.c index 1526944a53..43bda7f811 100644 --- a/libavformat/movenc.c +++ b/libavformat/movenc.c @@ -2249,6 +2249,14 @@ int ff_mov_write_packet(AVFormatContext *s, AVPacket *pkt) return -1; } + if (enc->codec_id == CODEC_ID_AAC && pkt->size > 2 && + (AV_RB16(pkt->data) & 0xfff0) == 0xfff0) { + if (!s->streams[pkt->stream_index]->nb_frames) { + av_log(s, AV_LOG_ERROR, "malformated aac bitstream, use -absf aac_adtstoasc\n"); + return -1; + } + av_log(s, AV_LOG_WARNING, "aac bitstream error\n"); + } if (enc->codec_id == CODEC_ID_H264 && trk->vosLen > 0 && *(uint8_t *)trk->vosData != 1) { /* from x264 or from bytestream h264 */ /* nal reformating needed */ @@ -2262,13 +2270,6 @@ int ff_mov_write_packet(AVFormatContext *s, AVPacket *pkt) trk->cluster[trk->entry].data= buf; }else size = ff_avc_parse_nal_units(pb, pkt->data, pkt->size); - } else if (enc->codec_id == CODEC_ID_AAC && pkt->size > 2 && - (AV_RB16(pkt->data) & 0xfff0) == 0xfff0) { - if (!s->streams[pkt->stream_index]->nb_frames) { - av_log(s, AV_LOG_ERROR, "malformated aac bitstream, use -absf aac_adtstoasc\n"); - return -1; - } - av_log(s, AV_LOG_WARNING, "aac bitstream error\n"); } else if (mov->frag_seq_num>0){ trk->cluster[trk->entry].data = av_malloc(size); if (!trk->cluster[trk->entry].data) From 6642804c22fde3c945283db2124f5e359992b1a3 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Sun, 5 May 2013 19:29:00 +0200 Subject: [PATCH 285/331] Fix type of shared flac table ff_flac_blocksize_table[]. Fixes ticket #2533. (cherry picked from commit a07ac1f7888fd08e42da2bed0421e74f1cfac177) --- libavcodec/flacdata.c | 2 +- libavcodec/flacdata.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/flacdata.c b/libavcodec/flacdata.c index 6fcbe3955a..1954f32d32 100644 --- a/libavcodec/flacdata.c +++ b/libavcodec/flacdata.c @@ -27,7 +27,7 @@ const int ff_flac_sample_rate_table[16] = 8000, 16000, 22050, 24000, 32000, 44100, 48000, 96000, 0, 0, 0, 0 }; -const int16_t ff_flac_blocksize_table[16] = { +const int32_t ff_flac_blocksize_table[16] = { 0, 192, 576<<0, 576<<1, 576<<2, 576<<3, 0, 0, 256<<0, 256<<1, 256<<2, 256<<3, 256<<4, 256<<5, 256<<6, 256<<7 }; diff --git a/libavcodec/flacdata.h b/libavcodec/flacdata.h index 96a50b9183..e2c1e5d7f2 100644 --- a/libavcodec/flacdata.h +++ b/libavcodec/flacdata.h @@ -26,6 +26,6 @@ extern const int ff_flac_sample_rate_table[16]; -extern const int16_t ff_flac_blocksize_table[16]; +extern const int32_t ff_flac_blocksize_table[16]; #endif /* AVCODEC_FLACDATA_H */ From b22cc0c15de7f4a428ffc226d4500f4f80b1dae9 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 17 May 2013 22:03:14 +0200 Subject: [PATCH 286/331] avidec: dont randomly skip packets for offseting the index Fixes Ticket2490 Signed-off-by: Michael Niedermayer (cherry picked from commit 6c593f1b671b7725b8c36f92f7c0a23ccf8e7628) --- libavformat/avidec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavformat/avidec.c b/libavformat/avidec.c index de8933c11a..6af070a3df 100644 --- a/libavformat/avidec.c +++ b/libavformat/avidec.c @@ -959,9 +959,9 @@ start_sync: || st->discard >= AVDISCARD_ALL){ if (!exit_early) { ast->frame_offset += get_duration(ast, size); + avio_skip(pb, size); + goto start_sync; } - avio_skip(pb, size); - goto start_sync; } if (d[2] == 'p' && d[3] == 'c' && size<=4*256+4) { From 0147e9f7c64b4144d630b4c95bbf13c5a61f5c82 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 20 May 2013 21:42:06 +0200 Subject: [PATCH 287/331] smacker: remove av_clip_int16() Fixes Ticket2425 Signed-off-by: Michael Niedermayer (cherry picked from commit 2211c76287e073a9e176fde7dbb9a63ceb2af8d1) --- libavcodec/smacker.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c index 347e94d098..4451f14b36 100644 --- a/libavcodec/smacker.c +++ b/libavcodec/smacker.c @@ -677,7 +677,7 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data, res = 0; val |= h[3].values[res] << 8; pred[1] += sign_extend(val, 16); - *samples++ = av_clip_int16(pred[1]); + *samples++ = pred[1]; } else { if(vlc[0].table) res = get_vlc2(&gb, vlc[0].table, SMKTREE_BITS, 3); @@ -690,7 +690,7 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data, res = 0; val |= h[1].values[res] << 8; pred[0] += sign_extend(val, 16); - *samples++ = av_clip_int16(pred[0]); + *samples++ = pred[0]; } } } else { //8-bit data From 8e7e12dcbfdaeef6cba833806f094be722f60a9a Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 30 May 2013 18:30:42 +0200 Subject: [PATCH 288/331] h264_cavlc: fix reading skip run Fixes Ticket2606 Signed-off-by: Michael Niedermayer (cherry picked from commit 826b3a75cd295c03720e00d3de83e1abcbedd4b9) Conflicts: libavcodec/h264_cavlc.c --- libavcodec/h264_cavlc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h264_cavlc.c b/libavcodec/h264_cavlc.c index 5cc1fabc13..b2acdc18f3 100644 --- a/libavcodec/h264_cavlc.c +++ b/libavcodec/h264_cavlc.c @@ -708,7 +708,7 @@ int ff_h264_decode_mb_cavlc(H264Context *h){ down the code */ if(h->slice_type_nos != AV_PICTURE_TYPE_I){ if(s->mb_skip_run==-1) - s->mb_skip_run= get_ue_golomb(&s->gb); + s->mb_skip_run= get_ue_golomb_long(&s->gb); if (s->mb_skip_run--) { if(FRAME_MBAFF && (s->mb_y&1) == 0){ From 92abb128635d21e8b7a5dec2f2ddc47f68acadac Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 13 Jun 2013 00:01:13 +0200 Subject: [PATCH 289/331] alacenc: Fix missing sign_extend() Fixes ticket #2497 Signed-off-by: Michael Niedermayer (cherry picked from commit 8aea2f05dc56f7e7d60767dd27ba8e846a05e8ae) --- libavcodec/alacenc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/alacenc.c b/libavcodec/alacenc.c index 305a5b825b..6142a1e42e 100644 --- a/libavcodec/alacenc.c +++ b/libavcodec/alacenc.c @@ -259,7 +259,7 @@ static void alac_linear_predictor(AlacEncodeContext *s, int ch) // generate warm-up samples residual[0] = samples[0]; for (i = 1; i <= lpc.lpc_order; i++) - residual[i] = samples[i] - samples[i-1]; + residual[i] = sign_extend(samples[i] - samples[i-1], s->write_sample_size); // perform lpc on remaining samples for (i = lpc.lpc_order + 1; i < s->avctx->frame_size; i++) { From ffe831fcb63da2bac32cc988c8cecdc668f385ae Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Wed, 19 Jun 2013 16:31:10 +0200 Subject: [PATCH 290/331] Autodetect idcin only if audio properties allow decoding. Fixes ticket #2688. (cherry picked from commit 06bede95fcea47d2e51e8ff248c15311f335b898) --- libavformat/idcin.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/libavformat/idcin.c b/libavformat/idcin.c index 0cca69f088..4289fd763b 100644 --- a/libavformat/idcin.c +++ b/libavformat/idcin.c @@ -91,7 +91,7 @@ typedef struct IdcinDemuxContext { static int idcin_probe(AVProbeData *p) { - unsigned int number; + unsigned int number, sample_rate; /* * This is what you could call a "probabilistic" file check: id CIN @@ -120,18 +120,18 @@ static int idcin_probe(AVProbeData *p) return 0; /* check the audio sample rate */ - number = AV_RL32(&p->buf[8]); - if ((number != 0) && ((number < 8000) | (number > 48000))) + sample_rate = AV_RL32(&p->buf[8]); + if (sample_rate && (sample_rate < 8000 || sample_rate > 48000)) return 0; /* check the audio bytes/sample */ number = AV_RL32(&p->buf[12]); - if (number > 2) + if (number > 2 || sample_rate && !number) return 0; /* check the audio channels */ number = AV_RL32(&p->buf[16]); - if (number > 2) + if (number > 2 || sample_rate && !number) return 0; /* return half certainly since this check is a bit sketchy */ From 340c1843c59c2c802b04beea80c8ef6242907d34 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 21 Jun 2013 01:11:45 +0200 Subject: [PATCH 291/331] avformat/libmodplug: Reduce the probe score for small input This ensures that theres enough data for mpeg_probe() to recognize mpeg-ps Fixes Ticket2583 Based on code by: Paul B Mahol Signed-off-by: Michael Niedermayer (cherry picked from commit c605adbf562fbf535e83ae427bb681bc45e440c8) --- libavformat/libmodplug.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/libavformat/libmodplug.c b/libavformat/libmodplug.c index dfbf67c2d2..f3f0e5ee10 100644 --- a/libavformat/libmodplug.c +++ b/libavformat/libmodplug.c @@ -347,6 +347,19 @@ static int modplug_read_seek(AVFormatContext *s, int stream_idx, int64_t ts, int return 0; } +static const char modplug_extensions[] = "669,abc,amf,ams,dbm,dmf,dsm,far,it,mdl,med,mid,mod,mt2,mtm,okt,psm,ptm,s3m,stm,ult,umx,xm,itgz,itr,itz,mdgz,mdr,mdz,s3gz,s3r,s3z,xmgz,xmr,xmz"; + +static int modplug_probe(AVProbeData *p) +{ + if (av_match_ext(p->filename, modplug_extensions)) { + if (p->buf_size < 16384) + return AVPROBE_SCORE_MAX/4-1; + else + return AVPROBE_SCORE_MAX/2; + } + return 0; +} + static const AVClass modplug_class = { .class_name = "ModPlug demuxer", .item_name = av_default_item_name, @@ -358,11 +371,11 @@ AVInputFormat ff_libmodplug_demuxer = { .name = "libmodplug", .long_name = NULL_IF_CONFIG_SMALL("ModPlug demuxer"), .priv_data_size = sizeof(ModPlugContext), + .read_probe = modplug_probe, .read_header = modplug_read_header, .read_packet = modplug_read_packet, .read_close = modplug_read_close, .read_seek = modplug_read_seek, - .extensions = "669,abc,amf,ams,dbm,dmf,dsm,far,it,mdl,med,mid,mod,mt2,mtm,okt,psm,ptm,s3m,stm,ult,umx,xm" - ",itgz,itr,itz,mdgz,mdr,mdz,s3gz,s3r,s3z,xmgz,xmr,xmz", // compressed mods + .extensions = modplug_extensions, .priv_class = &modplug_class, }; From 0ca658a71659bb18d37af85db69f5bd50b043598 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 1 Jul 2013 23:38:08 +0200 Subject: [PATCH 292/331] rmdec: Pass AVIOContext to rm_read_metadata() Fix null pointer dereference Fixes Ticket2588 Signed-off-by: Michael Niedermayer (cherry picked from commit bf87908cd8da31e8f8fe75c06577170928ea70a8) Conflicts: libavformat/rmdec.c --- libavformat/rmdec.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c index 5b9bfb869a..09c3095480 100644 --- a/libavformat/rmdec.c +++ b/libavformat/rmdec.c @@ -107,13 +107,14 @@ static int rm_read_extradata(AVIOContext *pb, AVCodecContext *avctx, unsigned si return 0; } -static void rm_read_metadata(AVFormatContext *s, int wide) +static void rm_read_metadata(AVFormatContext *s, AVIOContext *pb, int wide) { char buf[1024]; int i; + for (i=0; ipb) : avio_r8(s->pb); - get_strl(s->pb, buf, sizeof(buf), len); + int len = wide ? avio_rb16(pb) : avio_r8(pb); + get_strl(pb, buf, sizeof(buf), len); av_dict_set(&s->metadata, ff_rm_metadata[i], buf, 0); } } @@ -143,7 +144,7 @@ static int rm_read_audio_stream_info(AVFormatContext *s, AVIOContext *pb, int header_size = avio_rb16(pb); int64_t startpos = avio_tell(pb); avio_skip(pb, 14); - rm_read_metadata(s, 0); + rm_read_metadata(s, pb, 0); if ((startpos + header_size) >= avio_tell(pb) + 2) { // fourcc (should always be "lpcJ") avio_r8(pb); @@ -288,7 +289,7 @@ static int rm_read_audio_stream_info(AVFormatContext *s, AVIOContext *pb, avio_r8(pb); avio_r8(pb); avio_r8(pb); - rm_read_metadata(s, 0); + rm_read_metadata(s, pb, 0); } } return 0; @@ -460,7 +461,7 @@ static int rm_read_header(AVFormatContext *s, AVFormatParameters *ap) flags = avio_rb16(pb); /* flags */ break; case MKTAG('C', 'O', 'N', 'T'): - rm_read_metadata(s, 1); + rm_read_metadata(s, pb, 1); break; case MKTAG('M', 'D', 'P', 'R'): st = avformat_new_stream(s, NULL); From d6641c0bab2199cc9aa2ad2411d7400a3cf61345 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 5 Jul 2013 03:27:07 +0200 Subject: [PATCH 293/331] mpegts: only reopen pmt_cb filter if its different from the previous. Fixes Ticket2632 Signed-off-by: Michael Niedermayer (cherry picked from commit b009267910df10c004b5f340a090d45da29089a0) --- libavformat/mpegts.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/libavformat/mpegts.c b/libavformat/mpegts.c index 5246634282..7935048136 100644 --- a/libavformat/mpegts.c +++ b/libavformat/mpegts.c @@ -1571,12 +1571,18 @@ static void pat_cb(MpegTSFilter *filter, const uint8_t *section, int section_len if (sid == 0x0000) { /* NIT info */ } else { + MpegTSFilter *fil = ts->pids[pmt_pid]; program = av_new_program(ts->stream, sid); program->program_num = sid; program->pmt_pid = pmt_pid; - if (ts->pids[pmt_pid]) - mpegts_close_filter(ts, ts->pids[pmt_pid]); - mpegts_open_section_filter(ts, pmt_pid, pmt_cb, ts, 1); + if (fil) + if ( fil->type != MPEGTS_SECTION + || fil->pid != pmt_pid + || fil->u.section_filter.section_cb != pmt_cb) + mpegts_close_filter(ts, ts->pids[pmt_pid]); + + if (!ts->pids[pmt_pid]) + mpegts_open_section_filter(ts, pmt_pid, pmt_cb, ts, 1); add_pat_entry(ts, sid); add_pid_to_pmt(ts, sid, 0); //add pat pid to program add_pid_to_pmt(ts, sid, pmt_pid); From d0a225d6c1a7eb44852e6671d1e699806afdc376 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 8 Jul 2013 21:46:20 +0200 Subject: [PATCH 294/331] mpeg12dec: avoid reinitialization on PS changes when possible. Fixes Ticket2574 Signed-off-by: Michael Niedermayer (cherry picked from commit 970c8df73528659925819dec31c4c8c0887f0321) Conflicts: libavcodec/mpeg12dec.c --- libavcodec/mpeg12.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mpeg12.c b/libavcodec/mpeg12.c index 24900d3233..5306d1d87a 100644 --- a/libavcodec/mpeg12.c +++ b/libavcodec/mpeg12.c @@ -1250,7 +1250,7 @@ static int mpeg_decode_postinit(AVCodecContext *avctx) s1->save_width != s->width || s1->save_height != s->height || s1->save_aspect_info != s->aspect_ratio_info || - s1->save_progressive_seq != s->progressive_sequence || + (s1->save_progressive_seq != s->progressive_sequence && (s->height&31)) || 0) { From cf701b008fd3fa2d905463da68855b9ab8ba2777 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 31 Aug 2013 03:08:25 +0200 Subject: [PATCH 295/331] avformat/avidec: match first index and first packet size=0 handling Fixes Ticket2861 Signed-off-by: Michael Niedermayer (cherry picked from commit 227a0eb5a92409572f2cecde6137529b83e7d495) Conflicts: libavformat/avidec.c --- libavformat/avidec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/avidec.c b/libavformat/avidec.c index 6af070a3df..287fa4e380 100644 --- a/libavformat/avidec.c +++ b/libavformat/avidec.c @@ -1254,7 +1254,7 @@ static int avi_read_idx1(AVFormatContext *s, int size) st = s->streams[index]; ast = st->priv_data; - if(first_packet && first_packet_pos && len) { + if (first_packet && first_packet_pos) { data_offset = first_packet_pos - pos; first_packet = 0; } From 4b7036c1d9d16f015ce2f35773b6c4a30ae6488e Mon Sep 17 00:00:00 2001 From: Xi Wang Date: Tue, 22 Jan 2013 17:49:29 -0500 Subject: [PATCH 296/331] rtmp: fix multiple broken overflow checks Sanity checks like `data + size >= data_end || data + size < data' are broken, because `data + size < data' assumes pointer overflow, which is undefined behavior in C. Many compilers such as gcc/clang optimize such checks away. Use `size < 0 || size >= data_end - data' instead. Signed-off-by: Xi Wang Signed-off-by: Michael Niedermayer (cherry picked from commit 902cfe2f74d777a7dc20ac68f2393b9f84b790c1) Signed-off-by: Michael Niedermayer --- libavformat/rtmppkt.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/libavformat/rtmppkt.c b/libavformat/rtmppkt.c index 7e2ccdc6ac..66bbe5aa52 100644 --- a/libavformat/rtmppkt.c +++ b/libavformat/rtmppkt.c @@ -279,11 +279,11 @@ int ff_amf_tag_size(const uint8_t *data, const uint8_t *data_end) data++; break; } - if (data + size >= data_end || data + size < data) + if (size < 0 || size >= data_end - data) return -1; data += size; t = ff_amf_tag_size(data, data_end); - if (t < 0 || data + t >= data_end) + if (t < 0 || t >= data_end - data) return -1; data += t; } @@ -312,7 +312,7 @@ int ff_amf_get_field_value(const uint8_t *data, const uint8_t *data_end, int size = bytestream_get_be16(&data); if (!size) break; - if (data + size >= data_end || data + size < data) + if (size < 0 || size >= data_end - data) return -1; data += size; if (size == namelen && !memcmp(data-size, name, namelen)) { @@ -333,7 +333,7 @@ int ff_amf_get_field_value(const uint8_t *data, const uint8_t *data_end, return 0; } len = ff_amf_tag_size(data, data_end); - if (len < 0 || data + len >= data_end || data + len < data) + if (len < 0 || len >= data_end - data) return -1; data += len; } @@ -404,13 +404,13 @@ static void ff_amf_tag_contents(void *ctx, const uint8_t *data, const uint8_t *d data++; break; } - if (data + size >= data_end || data + size < data) + if (size < 0 || size >= data_end - data) return; data += size; av_log(ctx, AV_LOG_DEBUG, " %s: ", buf); ff_amf_tag_contents(ctx, data, data_end); t = ff_amf_tag_size(data, data_end); - if (t < 0 || data + t >= data_end) + if (t < 0 || t >= data_end - data) return; data += t; } From 8c0261d6859d06373593a914bbd300e2eaa414c9 Mon Sep 17 00:00:00 2001 From: Xi Wang Date: Tue, 22 Jan 2013 21:40:05 -0500 Subject: [PATCH 297/331] rtmp: fix buffer overflows in ff_amf_tag_contents() A negative `size' will bypass FFMIN(). In the subsequent memcpy() call, `size' will be considered as a large positive value, leading to a buffer overflow. Change the type of `size' to unsigned int to avoid buffer overflow, and simplify overflow checks accordingly. Signed-off-by: Xi Wang Signed-off-by: Michael Niedermayer (cherry picked from commit 4e692374f7962ea358c329de38c380103f8991b6) Signed-off-by: Michael Niedermayer --- libavformat/rtmppkt.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/libavformat/rtmppkt.c b/libavformat/rtmppkt.c index 66bbe5aa52..7489732664 100644 --- a/libavformat/rtmppkt.c +++ b/libavformat/rtmppkt.c @@ -363,7 +363,7 @@ static const char* rtmp_packet_type(int type) static void ff_amf_tag_contents(void *ctx, const uint8_t *data, const uint8_t *data_end) { - int size; + unsigned int size; char buf[1024]; if (data >= data_end) @@ -382,7 +382,7 @@ static void ff_amf_tag_contents(void *ctx, const uint8_t *data, const uint8_t *d } else { size = bytestream_get_be32(&data); } - size = FFMIN(size, 1023); + size = FFMIN(size, sizeof(buf) - 1); memcpy(buf, data, size); buf[size] = 0; av_log(ctx, AV_LOG_DEBUG, " string '%s'\n", buf); @@ -395,16 +395,15 @@ static void ff_amf_tag_contents(void *ctx, const uint8_t *data, const uint8_t *d case AMF_DATA_TYPE_OBJECT: av_log(ctx, AV_LOG_DEBUG, " {\n"); for (;;) { - int size = bytestream_get_be16(&data); int t; - memcpy(buf, data, size); - buf[size] = 0; + size = bytestream_get_be16(&data); + av_strlcpy(buf, data, FFMIN(sizeof(buf), size + 1)); if (!size) { av_log(ctx, AV_LOG_DEBUG, " }\n"); data++; break; } - if (size < 0 || size >= data_end - data) + if (size >= data_end - data) return; data += size; av_log(ctx, AV_LOG_DEBUG, " %s: ", buf); From 03e2e95beb1a6203e5bcd55b38926f71272a3c2b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 29 Jan 2013 18:29:41 +0100 Subject: [PATCH 298/331] huffyuvdec: Check init_vlc() return codes. Prevents out of array writes Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit f67a0d115254461649470452058fa3c28c0df294) Signed-off-by: Michael Niedermayer (cherry picked from commit 95ab8d33e1a680f30a5a9605175112008ab81afc) Conflicts: libavcodec/huffyuv.c (cherry picked from commit 277def59fce10d91e3113e5c0f63e22bc4abfa88) Conflicts: libavcodec/huffyuv.c --- libavcodec/huffyuv.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/libavcodec/huffyuv.c b/libavcodec/huffyuv.c index 574daacc0b..071c4906a3 100644 --- a/libavcodec/huffyuv.c +++ b/libavcodec/huffyuv.c @@ -33,6 +33,7 @@ #include "put_bits.h" #include "dsputil.h" #include "thread.h" +#include "libavutil/avassert.h" #define VLC_BITS 11 @@ -315,6 +316,7 @@ static void generate_joint_tables(HYuvContext *s){ int len1 = s->len[p][u]; if(len1 > limit) continue; + av_assert0(i < (1 << VLC_BITS)); len[i] = len0 + len1; bits[i] = (s->bits[0][y] << len1) + s->bits[p][u]; symbols[i] = (y<<8) + u; @@ -348,6 +350,7 @@ static void generate_joint_tables(HYuvContext *s){ int len2 = s->len[2][r&255]; if(len2 > limit1) continue; + av_assert0(i < (1 << VLC_BITS)); len[i] = len0 + len1 + len2; bits[i] = (code << len2) + s->bits[2][r&255]; if(s->decorrelate){ @@ -371,6 +374,7 @@ static void generate_joint_tables(HYuvContext *s){ static int read_huffman_tables(HYuvContext *s, const uint8_t *src, int length){ GetBitContext gb; int i; + int ret; init_get_bits(&gb, src, length*8); @@ -381,7 +385,8 @@ static int read_huffman_tables(HYuvContext *s, const uint8_t *src, int length){ return -1; } free_vlc(&s->vlc[i]); - init_vlc(&s->vlc[i], VLC_BITS, 256, s->len[i], 1, 1, s->bits[i], 4, 4, 0); + if ((ret = init_vlc(&s->vlc[i], VLC_BITS, 256, s->len[i], 1, 1, s->bits[i], 4, 4, 0)) < 0) + return ret; } generate_joint_tables(s); @@ -393,6 +398,7 @@ static int read_old_huffman_tables(HYuvContext *s){ #if 1 GetBitContext gb; int i; + int ret; init_get_bits(&gb, classic_shift_luma, sizeof(classic_shift_luma)*8); if(read_len_table(s->len[0], &gb)<0) @@ -413,7 +419,8 @@ static int read_old_huffman_tables(HYuvContext *s){ for(i=0; i<3; i++){ free_vlc(&s->vlc[i]); - init_vlc(&s->vlc[i], VLC_BITS, 256, s->len[i], 1, 1, s->bits[i], 4, 4, 0); + if ((ret = init_vlc(&s->vlc[i], VLC_BITS, 256, s->len[i], 1, 1, s->bits[i], 4, 4, 0)) < 0) + return ret; } generate_joint_tables(s); From 21dd8f5baa43d852354e9b6d8174be4095cdec0e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 29 Jan 2013 19:22:33 +0100 Subject: [PATCH 299/331] huffyuvdec: Skip len==0 cases Fixes vlc decoding for hypothetical files that would contain such cases. Signed-off-by: Michael Niedermayer (cherry picked from commit 0dfc01c2bbf4b71bb56201bc4a393321e15d1b31) Signed-off-by: Michael Niedermayer (cherry picked from commit 5ff41ffeb4cb9ea6df49757dc859619dc3d3ab4f) Conflicts: libavcodec/huffyuv.c (cherry picked from commit 9bc70fe1ae50fd2faa0b9429d47cfbda01a92ebc) Signed-off-by: Michael Niedermayer --- libavcodec/huffyuv.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/libavcodec/huffyuv.c b/libavcodec/huffyuv.c index 071c4906a3..c137da0e0f 100644 --- a/libavcodec/huffyuv.c +++ b/libavcodec/huffyuv.c @@ -310,11 +310,11 @@ static void generate_joint_tables(HYuvContext *s){ for(i=y=0; y<256; y++){ int len0 = s->len[0][y]; int limit = VLC_BITS - len0; - if(limit <= 0) + if(limit <= 0 || !len0) continue; for(u=0; u<256; u++){ int len1 = s->len[p][u]; - if(len1 > limit) + if (len1 > limit || !len1) continue; av_assert0(i < (1 << VLC_BITS)); len[i] = len0 + len1; @@ -338,17 +338,17 @@ static void generate_joint_tables(HYuvContext *s){ for(i=0, g=-16; g<16; g++){ int len0 = s->len[p0][g&255]; int limit0 = VLC_BITS - len0; - if(limit0 < 2) + if (limit0 < 2 || !len0) continue; for(b=-16; b<16; b++){ int len1 = s->len[p1][b&255]; int limit1 = limit0 - len1; - if(limit1 < 1) + if (limit1 < 1 || !len1) continue; code = (s->bits[p0][g&255] << len1) + s->bits[p1][b&255]; for(r=-16; r<16; r++){ int len2 = s->len[2][r&255]; - if(len2 > limit1) + if (len2 > limit1 || !len2) continue; av_assert0(i < (1 << VLC_BITS)); len[i] = len0 + len1 + len2; From 32a81629dae363c032d1bf32cbb5a139dcb54971 Mon Sep 17 00:00:00 2001 From: Diego Biurrun Date: Mon, 14 Jan 2013 20:38:33 +0100 Subject: [PATCH 300/331] configure: Make warnings from -Wreturn-type fatal errors These warnings have no false positives and point to serious bugs. (cherry picked from commit 99853cb8d4237b810b2fffb4a34f66fd0064ef72) Conflicts: configure Signed-off-by: Michael Niedermayer --- configure | 2 ++ 1 file changed, 2 insertions(+) diff --git a/configure b/configure index b58e277528..7070245d74 100755 --- a/configure +++ b/configure @@ -3293,11 +3293,13 @@ elif enabled gcc; then check_cflags -fno-tree-vectorize check_cflags -Werror=implicit-function-declaration check_cflags -Werror=missing-prototypes + check_cflags -Werror=return-type elif enabled llvm_gcc; then check_cflags -mllvm -stack-alignment=16 elif enabled clang; then check_cflags -mllvm -stack-alignment=16 check_cflags -Qunused-arguments + check_cflags -Werror=return-type elif enabled armcc; then # 2523: use of inline assembler is deprecated add_cflags -W${armcc_opt},--diag_suppress=2523 From c681cf34c4a61af0a4323691c5fceabad888165d Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 14 Feb 2013 21:13:32 +0100 Subject: [PATCH 301/331] apichanges: fix 2 wrong hashes Signed-off-by: Michael Niedermayer (cherry picked from commit 2f3bc5122822687dc388f7352c92cf6db456cf7c) Signed-off-by: Michael Niedermayer --- doc/APIchanges | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/APIchanges b/doc/APIchanges index 260efb0164..34b8dd5da1 100644 --- a/doc/APIchanges +++ b/doc/APIchanges @@ -470,11 +470,11 @@ API changes, most recent first: 2011-02-10 - 12c14cd - lavf 52.99.0 - AVStream.disposition Add AV_DISPOSITION_HEARING_IMPAIRED and AV_DISPOSITION_VISUAL_IMPAIRED. -2011-02-09 - 5592734 - lavc 52.112.0 - avcodec_thread_init() +2011-02-09 - c0b102c - lavc 52.112.0 - avcodec_thread_init() Deprecate avcodec_thread_init()/avcodec_thread_free() use; instead set thread_count before calling avcodec_open. -2011-02-09 - 778b08a - lavc 52.111.0 - threading API +2011-02-09 - 37b00b4 - lavc 52.111.0 - threading API Add CODEC_CAP_FRAME_THREADS with new restrictions on get_buffer()/ release_buffer()/draw_horiz_band() callbacks for appropriate codecs. Add thread_type and active_thread_type fields to AVCodecContext. From 50b260133823346a2e4957ede89dffa9072c07c3 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 13 Feb 2013 03:32:23 +0100 Subject: [PATCH 302/331] doc/APIchanges: List merge commit hashes and version numbers Signed-off-by: Michael Niedermayer --- doc/APIchanges | 178 ++++++++++++++++++++++++------------------------- 1 file changed, 89 insertions(+), 89 deletions(-) diff --git a/doc/APIchanges b/doc/APIchanges index 34b8dd5da1..a2199bc249 100644 --- a/doc/APIchanges +++ b/doc/APIchanges @@ -48,14 +48,14 @@ API changes, most recent first: Change AVCodecContext.error[4] to [8] at next major bump. Add AV_NUM_DATA_POINTERS to simplify the bump transition. -2011-11-23 - bbb46f3 - lavu 51.18.0 +2011-11-23 - 8e576d5 / bbb46f3 - lavu 51.27.0 / 51.18.0 Add av_samples_get_buffer_size(), av_samples_fill_arrays(), and av_samples_alloc(), to samplefmt.h. -2011-11-23 - 8889cc4 - lavu 51.17.0 +2011-11-23 - 8e576d5 / 8889cc4 - lavu 51.27.0 / 51.17.0 Add planar sample formats and av_sample_fmt_is_planar() to samplefmt.h. -2011-11-19 - f3a29b7 - lavc 53.21.0 +2011-11-19 - dbb38bc / f3a29b7 - lavc 53.36.0 / 53.21.0 Move some AVCodecContext fields to a new private struct, AVCodecInternal, which is accessed from a new field, AVCodecContext.internal. - fields moved: @@ -63,55 +63,55 @@ API changes, most recent first: AVCodecContext.internal_buffer_count --> AVCodecInternal.buffer_count AVCodecContext.is_copy --> AVCodecInternal.is_copy -2011-11-16 - 6270671 - lavu 51.16.0 +2011-11-16 - 8709ba9 / 6270671 - lavu 51.26.0 / 51.16.0 Add av_timegm() -2011-11-13 - lavf 53.15.0 +2011-11-13 - lavf 53.21.0 / 53.15.0 New interrupt callback API, allowing per-AVFormatContext/AVIOContext interrupt callbacks. - 6aa0b98 Add AVIOInterruptCB struct and the interrupt_callback field to + 5f268ca / 6aa0b98 Add AVIOInterruptCB struct and the interrupt_callback field to AVFormatContext. - 1dee0ac Add avio_open2() with additional parameters. Those are + 5f268ca / 1dee0ac Add avio_open2() with additional parameters. Those are an interrupt callback and an options AVDictionary. This will allow passing AVOptions to protocols after lavf 54.0. -2011-11-06 - ba04ecf - lavu 51.14.0 +2011-11-06 - 13b7781 / ba04ecf - lavu 51.24.0 / 51.14.0 Add av_strcasecmp() and av_strncasecmp() to avstring.h. -2011-11-06 - 07b172f - lavu 51.13.0 +2011-11-06 - 13b7781 / 07b172f - lavu 51.24.0 / 51.13.0 Add av_toupper()/av_tolower() -2011-11-05 - b6d08f4 - lavf 53.13.0 +2011-11-05 - d8cab5c / b6d08f4 - lavf 53.19.0 / 53.13.0 Add avformat_network_init()/avformat_network_uninit() -2011-10-27 - 512557b - lavc 53.15.0 +2011-10-27 - 6faf0a2 / 512557b - lavc 53.24.0 / 53.15.0 Remove avcodec_parse_frame. Deprecate AVCodecContext.parse_only and CODEC_CAP_PARSE_ONLY. -2011-10-19 - 569129a - lavf 53.10.0 +2011-10-19 - d049257 / 569129a - lavf 53.17.0 / 53.10.0 Add avformat_new_stream(). Deprecate av_new_stream(). -2011-10-13 - b631fba - lavf 53.9.0 +2011-10-13 - 91eb1b1 / b631fba - lavf 53.16.0 / 53.9.0 Add AVFMT_NO_BYTE_SEEK AVInputFormat flag. -2011-10-12 - lavu 51.12.0 +2011-10-12 - lavu 51.21.0 / 51.12.0 AVOptions API rewrite. - - 145f741 FF_OPT_TYPE* renamed to AV_OPT_TYPE_* + - f884ef0 / 145f741 FF_OPT_TYPE* renamed to AV_OPT_TYPE_* - new setting/getting functions with slightly different semantics: - dac66da av_set_string3 -> av_opt_set + f884ef0 / dac66da av_set_string3 -> av_opt_set av_set_double -> av_opt_set_double av_set_q -> av_opt_set_q av_set_int -> av_opt_set_int - 41d9d51 av_get_string -> av_opt_get + f884ef0 / 41d9d51 av_get_string -> av_opt_get av_get_double -> av_opt_get_double av_get_q -> av_opt_get_q av_get_int -> av_opt_get_int - - 8c5dcaa trivial rename av_next_option -> av_opt_next - - 641c7af new functions - av_opt_child_next, av_opt_child_class_next + - f884ef0 / 8c5dcaa trivial rename av_next_option -> av_opt_next + - f884ef0 / 641c7af new functions - av_opt_child_next, av_opt_child_class_next and av_opt_find2() 2011-09-22 - a70e787 - lavu 51.17.0 @@ -157,27 +157,27 @@ API changes, most recent first: 2011-08-20 - 69e2c1a - lavu 51.13.0 Add av_get_media_type_string(). -2011-09-03 - fb4ca26 - lavc 53.13.0 +2011-09-03 - 1889c67 / fb4ca26 - lavc 53.13.0 lavf 53.11.0 lsws 2.1.0 Add {avcodec,avformat,sws}_get_class(). -2011-08-03 - c11fb82 - lavu 51.15.0 +2011-08-03 - 1889c67 / c11fb82 - lavu 51.15.0 Add AV_OPT_SEARCH_FAKE_OBJ flag for av_opt_find() function. 2011-08-14 - 323b930 - lavu 51.12.0 Add av_fifo_peek2(), deprecate av_fifo_peek(). -2011-08-16 - 48f9e45 - lavf 53.8.0 +2011-08-16 - 27fbe31 / 48f9e45 - lavf 53.11.0 / 53.8.0 Add avformat_query_codec(). -2011-08-16 - bca06e7 - lavc 53.11.0 +2011-08-16 - 27fbe31 / bca06e7 - lavc 53.11.0 Add avcodec_get_type(). -2011-08-06 - 2f63440 - lavf 53.7.0 +2011-08-06 - 0cb233c / 2f63440 - lavf 53.7.0 Add error_recognition to AVFormatContext. -2011-08-02 - 9d39cbf - lavc 53.9.1 +2011-08-02 - 1d186e9 / 9d39cbf - lavc 53.9.1 Add AV_PKT_FLAG_CORRUPT AVPacket flag. 2011-07-16 - b57df29 - lavfi 2.27.0 @@ -188,10 +188,10 @@ API changes, most recent first: avfilter_set_common_packing_formats() avfilter_all_packing_formats() -2011-07-10 - a67c061 - lavf 53.6.0 +2011-07-10 - 3602ad7 / a67c061 - lavf 53.6.0 Add avformat_find_stream_info(), deprecate av_find_stream_info(). -2011-07-10 - 0b950fe - lavc 53.8.0 +2011-07-10 - 3602ad7 / 0b950fe - lavc 53.8.0 Add avcodec_open2(), deprecate avcodec_open(). 2011-07-01 - b442ca6 - lavf 53.5.0 - avformat.h @@ -230,35 +230,35 @@ API changes, most recent first: 2011-06-12 - 6119b23 - lavfi 2.16.0 - avfilter_graph_parse() Change avfilter_graph_parse() signature. -2011-06-23 - 67e9ae1 - lavu 51.8.0 - attributes.h +2011-06-23 - 686959e / 67e9ae1 - lavu 51.10.0 / 51.8.0 - attributes.h Add av_printf_format(). -2011-06-16 - 05e84c9, 25de595 - lavf 53.2.0 - avformat.h +2011-06-16 - 2905e3f / 05e84c9, 2905e3f / 25de595 - lavf 53.4.0 / 53.2.0 - avformat.h Add avformat_open_input and avformat_write_header(). Deprecate av_open_input_stream, av_open_input_file, AVFormatParameters and av_write_header. -2011-06-16 - 7e83e1c, dc59ec5 - lavu 51.7.0 - opt.h +2011-06-16 - 2905e3f / 7e83e1c, 2905e3f / dc59ec5 - lavu 51.9.0 / 51.7.0 - opt.h Add av_opt_set_dict() and av_opt_find(). Deprecate av_find_opt(). Add AV_DICT_APPEND flag. -2011-06-10 - cb7c11c - lavu 51.6.0 - opt.h +2011-06-10 - 45fb647 / cb7c11c - lavu 51.6.0 - opt.h Add av_opt_flag_is_set(). 2011-06-10 - c381960 - lavfi 2.15.0 - avfilter_get_audio_buffer_ref_from_arrays Add avfilter_get_audio_buffer_ref_from_arrays() to avfilter.h. -2011-06-09 - d9f80ea - lavu 51.8.0 - AVMetadata +2011-06-09 - f9ecb84 / d9f80ea - lavu 51.8.0 - AVMetadata Move AVMetadata from lavf to lavu and rename it to AVDictionary -- new installed header dict.h. All av_metadata_* functions renamed to av_dict_*. -2011-06-07 - a6703fa - lavu 51.8.0 - av_get_bytes_per_sample() +2011-06-07 - d552f61 / a6703fa - lavu 51.8.0 - av_get_bytes_per_sample() Add av_get_bytes_per_sample() in libavutil/samplefmt.h. Deprecate av_get_bits_per_sample_fmt(). -2011-06-05 - b39b062 - lavu 51.8.0 - opt.h +2011-06-05 - f956924 / b39b062 - lavu 51.8.0 - opt.h Add av_opt_free convenience function. 2011-06-06 - 95a0242 - lavfi 2.14.0 - AVFilterBufferRefAudioProps @@ -288,7 +288,7 @@ API changes, most recent first: Add av_get_pix_fmt_name() in libavutil/pixdesc.h, and deprecate avcodec_get_pix_fmt_name() in libavcodec/avcodec.h in its favor. -2011-05-25 - 30315a8 - lavf 53.3.0 - avformat.h +2011-05-25 - 39e4206 / 30315a8 - lavf 53.3.0 - avformat.h Add fps_probe_size to AVFormatContext. 2011-05-22 - 5ecdfd0 - lavf 53.2.0 - avformat.h @@ -304,10 +304,10 @@ API changes, most recent first: 2011-05-14 - 9fdf772 - lavfi 2.6.0 - avcodec.h Add avfilter_get_video_buffer_ref_from_frame() to libavfilter/avcodec.h. -2011-05-18 - 64150ff - lavc 53.7.0 - AVCodecContext.request_sample_fmt +2011-05-18 - 75a37b5 / 64150ff - lavc 53.7.0 - AVCodecContext.request_sample_fmt Add request_sample_fmt field to AVCodecContext. -2011-05-10 - 188dea1 - lavc 53.6.0 - avcodec.h +2011-05-10 - 59eb12f / 188dea1 - lavc 53.6.0 - avcodec.h Deprecate AVLPCType and the following fields in AVCodecContext: lpc_coeff_precision, prediction_order_method, min_partition_order, max_partition_order, lpc_type, lpc_passes. @@ -337,81 +337,81 @@ API changes, most recent first: Add av_dynarray_add function for adding an element to a dynamic array. -2011-04-26 - bebe72f - lavu 51.1.0 - avutil.h +2011-04-26 - d7e5aeb / bebe72f - lavu 51.1.0 - avutil.h Add AVPictureType enum and av_get_picture_type_char(), deprecate FF_*_TYPE defines and av_get_pict_type_char() defined in libavcodec/avcodec.h. -2011-04-26 - 10d3940 - lavfi 2.3.0 - avfilter.h +2011-04-26 - d7e5aeb / 10d3940 - lavfi 2.3.0 - avfilter.h Add pict_type and key_frame fields to AVFilterBufferRefVideo. -2011-04-26 - 7a11c82 - lavfi 2.2.0 - vsrc_buffer +2011-04-26 - d7e5aeb / 7a11c82 - lavfi 2.2.0 - vsrc_buffer Add sample_aspect_ratio fields to vsrc_buffer arguments -2011-04-21 - 94f7451 - lavc 53.1.0 - avcodec.h +2011-04-21 - 8772156 / 94f7451 - lavc 53.1.0 - avcodec.h Add CODEC_CAP_SLICE_THREADS for codecs supporting sliced threading. 2011-04-15 - lavc 52.120.0 - avcodec.h AVPacket structure got additional members for passing side information: - 4de339e introduce side information for AVPacket - 2d8591c make containers pass palette change in AVPacket + c407984 / 4de339e introduce side information for AVPacket + c407984 / 2d8591c make containers pass palette change in AVPacket 2011-04-12 - lavf 52.107.0 - avio.h Avio cleanup, part II - deprecate the entire URLContext API: - 175389c add avio_check as a replacement for url_exist - ff1ec0c add avio_pause and avio_seek_time as replacements + c55780d / 175389c add avio_check as a replacement for url_exist + 9891004 / ff1ec0c add avio_pause and avio_seek_time as replacements for _av_url_read_fseek/fpause - cdc6a87 deprecate av_protocol_next(), avio_enum_protocols + d4d0932 / cdc6a87 deprecate av_protocol_next(), avio_enum_protocols should be used instead. - 80c6e23 rename url_set_interrupt_cb->avio_set_interrupt_cb. - f87b1b3 rename open flags: URL_* -> AVIO_* - f8270bb add avio_enum_protocols. - 5593f03 deprecate URLProtocol. - c486dad deprecate URLContext. - 026e175 deprecate the typedef for URLInterruptCB - 8e76a19 deprecate av_register_protocol2. - b840484 deprecate URL_PROTOCOL_FLAG_NESTED_SCHEME - 1305d93 deprecate av_url_read_seek - fa104e1 deprecate av_url_read_pause - 727c7aa deprecate url_get_filename(). - 5958df3 deprecate url_max_packet_size(). - 1869ea0 deprecate url_get_file_handle(). - 32a97d4 deprecate url_filesize(). - e52a914 deprecate url_close(). - 58a48c6 deprecate url_seek(). - 925e908 deprecate url_write(). - dce3756 deprecate url_read_complete(). - bc371ac deprecate url_read(). - 0589da0 deprecate url_open(). - 62eaaea deprecate url_connect. - 5652bb9 deprecate url_alloc. - 333e894 deprecate url_open_protocol - e230705 deprecate url_poll and URLPollEntry + c88caa5 / 80c6e23 rename url_set_interrupt_cb->avio_set_interrupt_cb. + c88caa5 / f87b1b3 rename open flags: URL_* -> AVIO_* + d4d0932 / f8270bb add avio_enum_protocols. + d4d0932 / 5593f03 deprecate URLProtocol. + d4d0932 / c486dad deprecate URLContext. + d4d0932 / 026e175 deprecate the typedef for URLInterruptCB + c88caa5 / 8e76a19 deprecate av_register_protocol2. + 11d7841 / b840484 deprecate URL_PROTOCOL_FLAG_NESTED_SCHEME + 11d7841 / 1305d93 deprecate av_url_read_seek + 11d7841 / fa104e1 deprecate av_url_read_pause + 434f248 / 727c7aa deprecate url_get_filename(). + 434f248 / 5958df3 deprecate url_max_packet_size(). + 434f248 / 1869ea0 deprecate url_get_file_handle(). + 434f248 / 32a97d4 deprecate url_filesize(). + 434f248 / e52a914 deprecate url_close(). + 434f248 / 58a48c6 deprecate url_seek(). + 434f248 / 925e908 deprecate url_write(). + 434f248 / dce3756 deprecate url_read_complete(). + 434f248 / bc371ac deprecate url_read(). + 434f248 / 0589da0 deprecate url_open(). + 434f248 / 62eaaea deprecate url_connect. + 434f248 / 5652bb9 deprecate url_alloc. + 434f248 / 333e894 deprecate url_open_protocol + 434f248 / e230705 deprecate url_poll and URLPollEntry 2011-04-08 - lavf 52.106.0 - avformat.h Minor avformat.h cleanup: - a9bf9d8 deprecate av_guess_image2_codec - c3675df rename avf_sdp_create->av_sdp_create + d4d0932 / a9bf9d8 deprecate av_guess_image2_codec + d4d0932 / c3675df rename avf_sdp_create->av_sdp_create 2011-04-03 - lavf 52.105.0 - avio.h Large-scale renaming/deprecating of AVIOContext-related functions: - 724f6a0 deprecate url_fdopen - 403ee83 deprecate url_open_dyn_packet_buf - 6dc7d80 rename url_close_dyn_buf -> avio_close_dyn_buf - b92c545 rename url_open_dyn_buf -> avio_open_dyn_buf - 8978fed introduce an AVIOContext.seekable field as a replacement for + 2cae980 / 724f6a0 deprecate url_fdopen + 2cae980 / 403ee83 deprecate url_open_dyn_packet_buf + 2cae980 / 6dc7d80 rename url_close_dyn_buf -> avio_close_dyn_buf + 2cae980 / b92c545 rename url_open_dyn_buf -> avio_open_dyn_buf + 2cae980 / 8978fed introduce an AVIOContext.seekable field as a replacement for AVIOContext.is_streamed and url_is_streamed() - b64030f deprecate get_checksum() - 4c4427a deprecate init_checksum() - 4ec153b deprecate udp_set_remote_url/get_local_port - 933e90a deprecate av_url_read_fseek/fpause - 8d9769a deprecate url_fileno - b7f2fdd rename put_flush_packet -> avio_flush - 35f1023 deprecate url_close_buf - 83fddae deprecate url_open_buf - d9d86e0 rename url_fprintf -> avio_printf - 59f65d9 deprecate url_setbufsize - 3e68b3b deprecate url_ferror + 1caa412 / b64030f deprecate get_checksum() + 1caa412 / 4c4427a deprecate init_checksum() + 2fd41c9 / 4ec153b deprecate udp_set_remote_url/get_local_port + 4fa0e24 / 933e90a deprecate av_url_read_fseek/fpause + 4fa0e24 / 8d9769a deprecate url_fileno + 0fecf26 / b7f2fdd rename put_flush_packet -> avio_flush + 0fecf26 / 35f1023 deprecate url_close_buf + 0fecf26 / 83fddae deprecate url_open_buf + 0fecf26 / d9d86e0 rename url_fprintf -> avio_printf + 0fecf26 / 59f65d9 deprecate url_setbufsize + 6947b0c / 3e68b3b deprecate url_ferror e8bb2e2 deprecate url_fget_max_packet_size 76aa876 rename url_fsize -> avio_size e519753 deprecate url_fgetc @@ -432,7 +432,7 @@ API changes, most recent first: b3db9ce deprecate get_partial_buffer 8d9ac96 rename av_alloc_put_byte -> avio_alloc_context -2011-03-25 - 34b47d7 - lavc 52.115.0 - AVCodecContext.audio_service_type +2011-03-25 - 27ef7b1 / 34b47d7 - lavc 52.115.0 - AVCodecContext.audio_service_type Add audio_service_type field to AVCodecContext. 2011-03-17 - e309fdc - lavu 50.40.0 - pixfmt.h From de2eb6dab101c83e3dccaa15e1fa42e77f1428bd Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 18 Mar 2013 00:00:02 +0100 Subject: [PATCH 303/331] rmdec: flush audio packet on seeking Fixes Ticket1605 Signed-off-by: Michael Niedermayer (cherry picked from commit 519ebb5ee5b89b8ecc80b4a4540fcbeb65cda172) Signed-off-by: Michael Niedermayer --- libavformat/rmdec.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c index 09c3095480..143f95ffe5 100644 --- a/libavformat/rmdec.c +++ b/libavformat/rmdec.c @@ -960,6 +960,18 @@ static int64_t rm_read_dts(AVFormatContext *s, int stream_index, return dts; } +static int rm_read_seek(AVFormatContext *s, int stream_index, + int64_t pts, int flags) +{ + RMDemuxContext *rm = s->priv_data; + + if (ff_seek_frame_binary(s, stream_index, pts, flags) < 0) + return -1; + rm->audio_pkt_cnt = 0; + return 0; +} + + AVInputFormat ff_rm_demuxer = { .name = "rm", .long_name = NULL_IF_CONFIG_SMALL("RealMedia format"), @@ -969,6 +981,7 @@ AVInputFormat ff_rm_demuxer = { .read_packet = rm_read_packet, .read_close = rm_read_close, .read_timestamp = rm_read_dts, + .read_seek = rm_read_seek, }; AVInputFormat ff_rdt_demuxer = { From e4ad9e9377b51c5b6647f429915e2f56261710f1 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 29 Jun 2013 19:48:17 +0200 Subject: [PATCH 304/331] update all trac links to use the trac subdomain Signed-off-by: Michael Niedermayer --- doc/issue_tracker.txt | 2 +- libavcodec/qtrle.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/issue_tracker.txt b/doc/issue_tracker.txt index d487f66830..27b0009b58 100644 --- a/doc/issue_tracker.txt +++ b/doc/issue_tracker.txt @@ -24,7 +24,7 @@ a mail for every change to every issue. The subscription URL for the ffmpeg-trac list is: http(s)://ffmpeg.org/mailman/listinfo/ffmpeg-trac The URL of the webinterface of the tracker is: -http(s)://ffmpeg.org/trac/ffmpeg +http(s)://trac.ffmpeg.org Type: ----- diff --git a/libavcodec/qtrle.c b/libavcodec/qtrle.c index 4ef529d5b2..e031c727b2 100644 --- a/libavcodec/qtrle.c +++ b/libavcodec/qtrle.c @@ -77,7 +77,7 @@ static void qtrle_decode_1bpp(QtrleContext *s, int stream_ptr, int row_ptr, int * line' at the beginning. Since we always interpret it as 'go to next line' * in the decoding loop (which makes code simpler/faster), the first line * would not be counted, so we count one more. - * See: https://ffmpeg.org/trac/ffmpeg/ticket/226 + * See: https://trac.ffmpeg.org/ticket/226 * In the following decoding loop, row_ptr will be the position of the * _next_ row. */ lines_to_change++; From edb4aad93dc2a08523ad16b5511cf985360dfd8e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 20 Aug 2013 23:18:48 +0200 Subject: [PATCH 305/331] avcodec/flashsv: check diff_start/height Fixes out of array accesses Fixes Ticket2844 Found-by: ami_stuff Signed-off-by: Michael Niedermayer (cherry picked from commit 880c73cd76109697447fbfbaa8e5ee5683309446) Signed-off-by: Michael Niedermayer --- libavcodec/flashsv.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/flashsv.c b/libavcodec/flashsv.c index 3861344cb7..b1e460785e 100644 --- a/libavcodec/flashsv.c +++ b/libavcodec/flashsv.c @@ -373,6 +373,10 @@ static int flashsv_decode_frame(AVCodecContext *avctx, void *data, if (has_diff) { s->diff_start = get_bits(&gb, 8); s->diff_height = get_bits(&gb, 8); + if (s->diff_start + s->diff_height > cur_blk_height) { + av_log(avctx, AV_LOG_ERROR, "Block parameters invalid\n"); + return AVERROR_INVALIDDATA; + } av_log(avctx, AV_LOG_DEBUG, "%dx%d diff start %d height %d\n", i, j, s->diff_start, s->diff_height); From 4490b3db23bd37ab9db15914f3a94a3caa090530 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 22 Aug 2013 01:07:32 +0200 Subject: [PATCH 306/331] avcodec/rpza: Perform pointer advance and checks before using the pointers Fixes out of array accesses Fixes Ticket2850 Signed-off-by: Michael Niedermayer (cherry picked from commit 3819db745da2ac7fb3faacb116788c32f4753f34) Conflicts: libavcodec/rpza.c --- libavcodec/rpza.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libavcodec/rpza.c b/libavcodec/rpza.c index 4c87b3c1b2..1f01ea0b08 100644 --- a/libavcodec/rpza.c +++ b/libavcodec/rpza.c @@ -83,7 +83,7 @@ static void rpza_decode_stream(RpzaContext *s) unsigned short *pixels = (unsigned short *)s->frame.data[0]; int row_ptr = 0; - int pixel_ptr = 0; + int pixel_ptr = -4; int block_ptr; int pixel_x, pixel_y; int total_blocks; @@ -139,6 +139,7 @@ static void rpza_decode_stream(RpzaContext *s) colorA = AV_RB16 (&s->buf[stream_ptr]); stream_ptr += 2; while (n_blocks--) { + ADVANCE_BLOCK() block_ptr = row_ptr + pixel_ptr; for (pixel_y = 0; pixel_y < 4; pixel_y++) { for (pixel_x = 0; pixel_x < 4; pixel_x++){ @@ -147,7 +148,6 @@ static void rpza_decode_stream(RpzaContext *s) } block_ptr += row_inc; } - ADVANCE_BLOCK(); } break; @@ -184,6 +184,7 @@ static void rpza_decode_stream(RpzaContext *s) color4[2] |= ((21 * ta + 11 * tb) >> 5); while (n_blocks--) { + ADVANCE_BLOCK(); block_ptr = row_ptr + pixel_ptr; for (pixel_y = 0; pixel_y < 4; pixel_y++) { index = s->buf[stream_ptr++]; @@ -194,12 +195,12 @@ static void rpza_decode_stream(RpzaContext *s) } block_ptr += row_inc; } - ADVANCE_BLOCK(); } break; /* Fill block with 16 colors */ case 0x00: + ADVANCE_BLOCK(); block_ptr = row_ptr + pixel_ptr; for (pixel_y = 0; pixel_y < 4; pixel_y++) { for (pixel_x = 0; pixel_x < 4; pixel_x++){ @@ -213,7 +214,6 @@ static void rpza_decode_stream(RpzaContext *s) } block_ptr += row_inc; } - ADVANCE_BLOCK(); break; /* Unknown opcode */ From a4b4be7493bdfd6d50ef6038adcc45e5b07878f1 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 24 Aug 2013 03:19:40 +0200 Subject: [PATCH 307/331] jpeg2000: check log2_cblk dimensions Fixes out of array access Fixes Ticket2895 Found-by: Piotr Bandurski Signed-off-by: Michael Niedermayer (cherry picked from commit 9a271a9368eaabf99e6c2046103acb33957e63b7) Conflicts: libavcodec/jpeg2000dec.c Signed-off-by: Michael Niedermayer Conflicts: libavcodec/j2kdec.c Signed-off-by: Michael Niedermayer --- libavcodec/j2kdec.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/libavcodec/j2kdec.c b/libavcodec/j2kdec.c index 7f6506bb92..d3710e832c 100644 --- a/libavcodec/j2kdec.c +++ b/libavcodec/j2kdec.c @@ -28,6 +28,7 @@ #include "avcodec.h" #include "bytestream.h" #include "j2k.h" +#include "libavutil/avassert.h" #include "libavutil/common.h" #define JP2_SIG_TYPE 0x6A502020 @@ -289,6 +290,10 @@ static int get_cox(J2kDecoderContext *s, J2kCodingStyle *c) c->log2_cblk_width = bytestream_get_byte(&s->buf) + 2; // cblk width c->log2_cblk_height = bytestream_get_byte(&s->buf) + 2; // cblk height + if (c->log2_cblk_width > 6 || c->log2_cblk_height > 6) { + return AVERROR_PATCHWELCOME; + } + c->cblk_style = bytestream_get_byte(&s->buf); if (c->cblk_style != 0){ // cblk style av_log(s->avctx, AV_LOG_WARNING, "extra cblk styles %X\n", c->cblk_style); @@ -705,6 +710,9 @@ static int decode_cblk(J2kDecoderContext *s, J2kCodingStyle *codsty, J2kT1Contex int bpass_csty_symbol = J2K_CBLK_BYPASS & codsty->cblk_style; int vert_causal_ctx_csty_symbol = J2K_CBLK_VSC & codsty->cblk_style; + av_assert0(width <= J2K_MAX_CBLKW); + av_assert0(height <= J2K_MAX_CBLKH); + for (y = 0; y < height+2; y++) memset(t1->flags[y], 0, (width+2)*sizeof(int)); From 14f140f36942b4c79eb41d44bec6429c5919f1fe Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 20 May 2013 04:00:30 +0200 Subject: [PATCH 308/331] matroska_read_seek: Fix used streams for subtitle index compensation Might fix Ticket1907 (I have no testcase so i cant test) Signed-off-by: Michael Niedermayer (cherry picked from commit 4758e32a6c48044f77102a49110c79b4f338f648) Signed-off-by: Michael Niedermayer --- libavformat/matroskadec.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index c02013e3ca..60fbf6ec95 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -2055,10 +2055,11 @@ static int matroska_read_seek(AVFormatContext *s, int stream_index, if (tracks[i].type == MATROSKA_TRACK_TYPE_SUBTITLE && !tracks[i].stream->discard != AVDISCARD_ALL) { index_sub = av_index_search_timestamp(tracks[i].stream, st->index_entries[index].timestamp, AVSEEK_FLAG_BACKWARD); - if (index_sub >= 0 - && st->index_entries[index_sub].pos < st->index_entries[index_min].pos - && st->index_entries[index].timestamp - st->index_entries[index_sub].timestamp < 30000000000/matroska->time_scale) - index_min = index_sub; + while(index_sub >= 0 + && index_min >= 0 + && tracks[i].stream->index_entries[index_sub].pos < st->index_entries[index_min].pos + && st->index_entries[index].timestamp - tracks[i].stream->index_entries[index_sub].timestamp < 30000000000/matroska->time_scale) + index_min--; } } From 40d4e82e2ecd53668d831df51ecc9e05ca41d5f0 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 30 Aug 2013 23:14:32 +0200 Subject: [PATCH 309/331] avcodec/pngdsp: fix (un)signed type in end comparission Fixes out of array accesses Fixes Ticket2919 Found_by: ami_stuff Signed-off-by: Michael Niedermayer (cherry picked from commit 86736f59d6a527d8bc807d09b93f971c0fe0bb07) Conflicts: libavcodec/pngdsp.c Signed-off-by: Michael Niedermayer --- libavcodec/pngdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c index 609b21e2aa..1a0b298c37 100644 --- a/libavcodec/pngdec.c +++ b/libavcodec/pngdec.c @@ -133,7 +133,7 @@ static void png_put_interlaced_row(uint8_t *dst, int width, static void add_bytes_l2_c(uint8_t *dst, uint8_t *src1, uint8_t *src2, int w) { long i; - for(i=0; i<=w-sizeof(long); i+=sizeof(long)){ + for(i=0; i<=w-(int)sizeof(long); i+=sizeof(long)){ long a = *(long*)(src1+i); long b = *(long*)(src2+i); *(long*)(dst+i) = ((a&pb_7f) + (b&pb_7f)) ^ ((a^b)&pb_80); From a62852bae0ee29992a6218687cb74d1f4dcd4b8e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 30 Aug 2013 23:40:47 +0200 Subject: [PATCH 310/331] avcodec/dsputil: fix signedness in sizeof() comparissions Signed-off-by: Michael Niedermayer (cherry picked from commit 454a11a1c9c686c78aa97954306fb63453299760) Signed-off-by: Michael Niedermayer --- libavcodec/dsputil.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/dsputil.c b/libavcodec/dsputil.c index 4c13cb3ca4..593796d33c 100644 --- a/libavcodec/dsputil.c +++ b/libavcodec/dsputil.c @@ -1918,7 +1918,7 @@ void ff_set_cmp(DSPContext* c, me_cmp_func *cmp, int type){ static void add_bytes_c(uint8_t *dst, uint8_t *src, int w){ long i; - for(i=0; i<=w-sizeof(long); i+=sizeof(long)){ + for(i=0; i<=w-(int)sizeof(long); i+=sizeof(long)){ long a = *(long*)(src+i); long b = *(long*)(dst+i); *(long*)(dst+i) = ((a&pb_7f) + (b&pb_7f)) ^ ((a^b)&pb_80); @@ -1943,7 +1943,7 @@ static void diff_bytes_c(uint8_t *dst, uint8_t *src1, uint8_t *src2, int w){ } }else #endif - for(i=0; i<=w-sizeof(long); i+=sizeof(long)){ + for(i=0; i<=w-(int)sizeof(long); i+=sizeof(long)){ long a = *(long*)(src1+i); long b = *(long*)(src2+i); *(long*)(dst+i) = ((a|pb_80) - (b&pb_7f)) ^ ((a^b^pb_80)&pb_80); From a6388942f59049f934d89ccb5b626460e4cb6a63 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 9 Sep 2013 17:58:18 +0200 Subject: [PATCH 311/331] avcodec/ffv1enc: update buffer check for 16bps Signed-off-by: Michael Niedermayer (cherry picked from commit 3728603f1854b5c79d1a64dd3b41b80640ef1e7f) Conflicts: libavcodec/ffv1enc.c (cherry picked from commit c900c6e5c26cd86cf34f9c8d4347cedbd01f3935) --- libavcodec/ffv1.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/ffv1.c b/libavcodec/ffv1.c index c3034d326c..c2b4942ae6 100644 --- a/libavcodec/ffv1.c +++ b/libavcodec/ffv1.c @@ -451,7 +451,7 @@ static av_always_inline int encode_line(FFV1Context *s, int w, int run_mode=0; if(s->ac){ - if(c->bytestream_end - c->bytestream < w*20){ + if(c->bytestream_end - c->bytestream < w*35){ av_log(s->avctx, AV_LOG_ERROR, "encoded frame too large\n"); return -1; } From 5198623b0e970d307901956d834a15a9afc384e8 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 22 Sep 2013 22:35:52 +0200 Subject: [PATCH 312/331] update for 0.9.3 Signed-off-by: Michael Niedermayer --- Doxyfile | 2 +- RELEASE | 2 +- VERSION | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Doxyfile b/Doxyfile index 8554fe80f0..33d2e45e32 100644 --- a/Doxyfile +++ b/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 0.9.2 +PROJECT_NUMBER = 0.9.3 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. diff --git a/RELEASE b/RELEASE index 2003b639c4..965065db5b 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -0.9.2 +0.9.3 diff --git a/VERSION b/VERSION index 2003b639c4..965065db5b 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.9.2 +0.9.3 From dae552fbca8f3c132fb40d0234aa8edef86642d1 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 23 Sep 2013 00:08:48 +0200 Subject: [PATCH 313/331] cmdutils: update year to 2013 Signed-off-by: Michael Niedermayer --- cmdutils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmdutils.c b/cmdutils.c index d4fe54ae1b..79bebd74f8 100644 --- a/cmdutils.c +++ b/cmdutils.c @@ -53,7 +53,7 @@ struct SwsContext *sws_opts; AVDictionary *format_opts, *codec_opts; -static const int this_year = 2012; +static const int this_year = 2013; static FILE *report_file; From 1b3803e8c11fd4b820ab3cd5614344b02afd0fe9 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 9 Oct 2013 23:52:54 +0200 Subject: [PATCH 314/331] avcodec/h264_refs: modify key frame detection heuristic to detect more cases Fixes Ticket2968 Signed-off-by: Michael Niedermayer (cherry picked from commit 5ac6b6028f17b64723884c9fa72cfcbd369a1ba2) Conflicts: libavcodec/h264_refs.c --- libavcodec/h264_refs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h264_refs.c b/libavcodec/h264_refs.c index 926a6cc40d..b872759724 100644 --- a/libavcodec/h264_refs.c +++ b/libavcodec/h264_refs.c @@ -653,7 +653,7 @@ int ff_h264_execute_ref_pic_marking(H264Context *h, MMCO *mmco, int mmco_count){ print_short_term(h); print_long_term(h); - if(err >= 0 && h->long_ref_count==0 && h->short_ref_count<=2 && h->pps.ref_count[0]<=1 + (s->picture_structure != PICT_FRAME) && s->current_picture_ptr->f.pict_type == AV_PICTURE_TYPE_I){ + if(err >= 0 && h->long_ref_count==0 && h->short_ref_count<=2 && h->pps.ref_count[0]<=2 + (s->picture_structure != PICT_FRAME) && s->current_picture_ptr->f.pict_type == AV_PICTURE_TYPE_I){ s->current_picture_ptr->sync |= 1; if(!h->s.avctx->has_b_frames) h->sync = 2; From ff3e385d849e55fd88ed1bac3058588476711e85 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 25 Oct 2013 20:03:29 +0200 Subject: [PATCH 315/331] avcodec/h264: reduce noisiness of "mmco: unref short failure" Do not consider it an error if we have no frames and should discard one. This condition can easily happen when decoding is started from an I frame Fixes Ticket2811 Signed-off-by: Michael Niedermayer (cherry picked from commit 08a89761964bdd0a023eff6d37a1131fb7e1d7a0) Conflicts: libavcodec/h264_refs.c --- libavcodec/h264_refs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h264_refs.c b/libavcodec/h264_refs.c index b872759724..0ccbe62bcb 100644 --- a/libavcodec/h264_refs.c +++ b/libavcodec/h264_refs.c @@ -516,7 +516,7 @@ int ff_h264_execute_ref_pic_marking(H264Context *h, MMCO *mmco, int mmco_count){ if(!pic){ if(mmco[i].opcode != MMCO_SHORT2LONG || !h->long_ref[mmco[i].long_arg] || h->long_ref[mmco[i].long_arg]->frame_num != frame_num) { - av_log(h->s.avctx, AV_LOG_ERROR, "mmco: unref short failure\n"); + av_log(h->s.avctx, h->short_ref_count ? AV_LOG_ERROR : AV_LOG_DEBUG, "mmco: unref short failure\n"); err = AVERROR_INVALIDDATA; } continue; From b6f5a54fddeb968eb9fb51c1d0111ea448a31fe5 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 27 Oct 2013 01:03:19 +0200 Subject: [PATCH 316/331] avformat/utils: do not override pts in h264 when they are provided from the demuxer Fixes Ticket2143 Signed-off-by: Michael Niedermayer (cherry picked from commit 1e5271a9fd6ddcceb083f2185a4bbd8d44c9a813) --- libavformat/utils.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index b0d1ec3c0c..4817507fb3 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -1076,12 +1076,14 @@ static void compute_pkt_fields(AVFormatContext *s, AVStream *st, if (pkt->dts != AV_NOPTS_VALUE) { // got DTS from the stream, update reference timestamp st->reference_dts = pkt->dts - pc->dts_ref_dts_delta * num / den; - pkt->pts = pkt->dts + pc->pts_dts_delta * num / den; } else if (st->reference_dts != AV_NOPTS_VALUE) { // compute DTS based on reference timestamp pkt->dts = st->reference_dts + pc->dts_ref_dts_delta * num / den; - pkt->pts = pkt->dts + pc->pts_dts_delta * num / den; } + + if (st->reference_dts != AV_NOPTS_VALUE && pkt->pts == AV_NOPTS_VALUE) + pkt->pts = pkt->dts + pc->pts_dts_delta * num / den; + if (pc->dts_sync_point > 0) st->reference_dts = pkt->dts; // new reference } From 320df1c7c0fe9e92bec65c7117939e7859801b96 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Storsj=C3=B6?= Date: Fri, 20 Dec 2013 15:02:35 +0200 Subject: [PATCH 317/331] arm: Don't clobber callee saved registers in scalarproduct MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit q4-q7/d8-d15 are supposed to not be clobbered by the callee. CC: libav-stable@libav.org Signed-off-by: Martin Storsjö (cherry picked from commit d307e408d4a9ada22df443cc38be77cc5e492694) --- libavcodec/arm/int_neon.S | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/libavcodec/arm/int_neon.S b/libavcodec/arm/int_neon.S index e1353982d0..bb3c9533f9 100644 --- a/libavcodec/arm/int_neon.S +++ b/libavcodec/arm/int_neon.S @@ -66,10 +66,10 @@ function ff_scalarproduct_int16_neon, export=1 3: vpadd.s32 d16, d0, d1 vpadd.s32 d17, d2, d3 - vpadd.s32 d10, d4, d5 - vpadd.s32 d11, d6, d7 + vpadd.s32 d18, d4, d5 + vpadd.s32 d19, d6, d7 vpadd.s32 d0, d16, d17 - vpadd.s32 d1, d10, d11 + vpadd.s32 d1, d18, d19 vpadd.s32 d2, d0, d1 vpaddl.s32 d3, d2 vmov.32 r0, d3[0] @@ -106,10 +106,10 @@ function ff_scalarproduct_and_madd_int16_neon, export=1 vpadd.s32 d16, d0, d1 vpadd.s32 d17, d2, d3 - vpadd.s32 d10, d4, d5 - vpadd.s32 d11, d6, d7 + vpadd.s32 d18, d4, d5 + vpadd.s32 d19, d6, d7 vpadd.s32 d0, d16, d17 - vpadd.s32 d1, d10, d11 + vpadd.s32 d1, d18, d19 vpadd.s32 d2, d0, d1 vpaddl.s32 d3, d2 vmov.32 r0, d3[0] From 87d335c0075603e9d10463479d42d86016033390 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 26 Sep 2013 21:03:48 +0200 Subject: [PATCH 318/331] avcodec/parser: reset indexes on realloc failure Fixes Ticket2982 Signed-off-by: Michael Niedermayer (cherry picked from commit f31011e9abfb2ae75bb32bc44e2c34194c8dc40a) Signed-off-by: Michael Niedermayer --- libavcodec/parser.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/libavcodec/parser.c b/libavcodec/parser.c index ff71656f78..2ba546dba4 100644 --- a/libavcodec/parser.c +++ b/libavcodec/parser.c @@ -241,8 +241,10 @@ int ff_combine_frame(ParseContext *pc, int next, const uint8_t **buf, int *buf_s if(next == END_NOT_FOUND){ void* new_buffer = av_fast_realloc(pc->buffer, &pc->buffer_size, (*buf_size) + pc->index + FF_INPUT_BUFFER_PADDING_SIZE); - if(!new_buffer) + if(!new_buffer) { + pc->index = 0; return AVERROR(ENOMEM); + } pc->buffer = new_buffer; memcpy(&pc->buffer[pc->index], *buf, *buf_size); pc->index += *buf_size; @@ -255,9 +257,11 @@ int ff_combine_frame(ParseContext *pc, int next, const uint8_t **buf, int *buf_s /* append to buffer */ if(pc->index){ void* new_buffer = av_fast_realloc(pc->buffer, &pc->buffer_size, next + pc->index + FF_INPUT_BUFFER_PADDING_SIZE); - - if(!new_buffer) + if(!new_buffer) { + pc->overread_index = + pc->index = 0; return AVERROR(ENOMEM); + } pc->buffer = new_buffer; memcpy(&pc->buffer[pc->index], *buf, next + FF_INPUT_BUFFER_PADDING_SIZE ); pc->index = 0; From ea23dcc4986e9372d4c506889328d9394e28610a Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 21 Oct 2013 16:21:14 +0200 Subject: [PATCH 319/331] avfilter/ff_insert_pad: fix order of operations Fixes out of bounds access Fixes CID732170 Fixes CID732169 No filter is known to use this function in a way so the issue can be reproduced. Signed-off-by: Michael Niedermayer (cherry picked from commit ab2bfb85d49b2f8aa505816f93e75fd18ad0a361) Conflicts: libavfilter/avfilter.c (cherry picked from commit 86591b244f3a27293153896813f5569b49b2f5c0) Conflicts: libavfilter/avfilter.c (cherry picked from commit 400c4f8fa3fd58951dc3f356b2b00484e3363694) Signed-off-by: Michael Niedermayer --- libavfilter/avfilter.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavfilter/avfilter.c b/libavfilter/avfilter.c index 8a40b299ce..799ce7ba50 100644 --- a/libavfilter/avfilter.c +++ b/libavfilter/avfilter.c @@ -140,9 +140,9 @@ void avfilter_insert_pad(unsigned idx, unsigned *count, size_t padidx_off, (*links)[idx] = NULL; (*count)++; - for (i = idx+1; i < *count; i++) - if (*links[i]) - (*(unsigned *)((uint8_t *) *links[i] + padidx_off))++; + for (i = idx + 1; i < *count; i++) + if ((*links)[i]) + (*(unsigned *)((uint8_t *) (*links)[i] + padidx_off))++; } int avfilter_link(AVFilterContext *src, unsigned srcpad, From 84e1aa7768a218603312a1b1b7184c9ee8d17079 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 30 Oct 2013 23:27:28 +0100 Subject: [PATCH 320/331] avcodec/jpeglsdec: check err value for ls_get_code_runterm() Fixes infinite loop Fixes Ticket3086 Signed-off-by: Michael Niedermayer (cherry picked from commit cc0e47b55096361723b364afa43b79a3f5619cdc) Signed-off-by: Michael Niedermayer --- libavcodec/jpeglsdec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/jpeglsdec.c b/libavcodec/jpeglsdec.c index 5e98b64644..81b350cd87 100644 --- a/libavcodec/jpeglsdec.c +++ b/libavcodec/jpeglsdec.c @@ -143,6 +143,8 @@ static inline int ls_get_code_runterm(GetBitContext *gb, JLSState *state, int RI ret = ret >> 1; } + if(FFABS(ret) > 0xFFFF) + return -0x10000; /* update state */ state->A[Q] += FFABS(ret) - RItype; ret *= state->twonear; From c44ac4d81e864558096b870fd08059bc211cc52b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 17 Jan 2014 20:09:48 +0100 Subject: [PATCH 321/331] dnxhdenc: fix mb_rc size Fixes out of array access with RC_VARIANCE set to 0 Signed-off-by: Michael Niedermayer (cherry picked from commit f1caaa1c61310beba705957e6366f0392a0b005b) Signed-off-by: Michael Niedermayer --- libavcodec/dnxhdenc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/dnxhdenc.c b/libavcodec/dnxhdenc.c index 7021a70650..13795cb0e1 100644 --- a/libavcodec/dnxhdenc.c +++ b/libavcodec/dnxhdenc.c @@ -220,7 +220,7 @@ static int dnxhd_init_qmat(DNXHDEncContext *ctx, int lbias, int cbias) static int dnxhd_init_rc(DNXHDEncContext *ctx) { - FF_ALLOCZ_OR_GOTO(ctx->m.avctx, ctx->mb_rc, 8160*ctx->m.avctx->qmax*sizeof(RCEntry), fail); + FF_ALLOCZ_OR_GOTO(ctx->m.avctx, ctx->mb_rc, 8160*(ctx->m.avctx->qmax + 1)*sizeof(RCEntry), fail); if (ctx->m.avctx->mb_decision != FF_MB_DECISION_RD) FF_ALLOCZ_OR_GOTO(ctx->m.avctx, ctx->mb_cmp, ctx->m.mb_num*sizeof(RCCMPEntry), fail); From e0f351a97955c06772dd3969f25ed1c8999eed35 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 20 Jan 2014 18:08:18 +0100 Subject: [PATCH 322/331] avcodec/vmnc: Check that rectangles are within the picture Prevents out of array accesses with CODEC_FLAG_EMU_EDGE Signed-off-by: Michael Niedermayer (cherry picked from commit 6ba02602aa7fc7d38db582e75b8b093fb3c1608d) Conflicts: libavcodec/vmnc.c Signed-off-by: Michael Niedermayer (cherry picked from commit 7c17207ab9acfaa934e8feb8fba90765c9d0b989) Signed-off-by: Michael Niedermayer --- libavcodec/vmnc.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/vmnc.c b/libavcodec/vmnc.c index 7655103b6a..ecde81c4f2 100644 --- a/libavcodec/vmnc.c +++ b/libavcodec/vmnc.c @@ -275,6 +275,11 @@ static int decode_hextile(VmncContext *c, uint8_t* dst, const uint8_t* src, int } xy = *src++; wh = *src++; + if ( (xy >> 4) + (wh >> 4) + 1 > w - i + || (xy & 0xF) + (wh & 0xF)+1 > h - j) { + av_log(c->avctx, AV_LOG_ERROR, "Rectangle outside picture\n"); + return AVERROR_INVALIDDATA; + } paint_rect(dst2, xy >> 4, xy & 0xF, (wh>>4)+1, (wh & 0xF)+1, fg, bpp, stride); } } From 605c3f051540970c313a65f5a5345f6ba148a75b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 1 Feb 2014 19:04:37 +0100 Subject: [PATCH 323/331] avcodec/vc1: reset fcm/field_mode in non advanced header parsing Fixes NULL pointer dereference Fixes: signal_sigsegv_1ab8bf4_2847_cov_4254117347_SA10091.vc1 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit b51e9354772de446e8196dabf9aad1567b22f74d) Signed-off-by: Michael Niedermayer --- libavcodec/vc1.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/vc1.c b/libavcodec/vc1.c index 775caa69f8..284cbead96 100644 --- a/libavcodec/vc1.c +++ b/libavcodec/vc1.c @@ -578,6 +578,8 @@ int vc1_parse_frame_header(VC1Context *v, GetBitContext* gb) { int pqindex, lowquant, status; + v->field_mode = 0; + v->fcm = 0; if (v->finterpflag) v->interpfrm = get_bits1(gb); skip_bits(gb, 2); //framecnt unused From 356f8634e9919ff88038fda4b6e5271954892c89 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 14 Apr 2012 14:49:22 +0200 Subject: [PATCH 324/331] wmalosslessdec: make mclms arrays big enough for whats written into them. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit a0abefb0af64a311b15141062c77dd577ba590a3) Conflicts: libavcodec/wmalosslessdec.c --- libavcodec/wmalosslessdec.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavcodec/wmalosslessdec.c b/libavcodec/wmalosslessdec.c index 2b32bccba1..41bd067144 100644 --- a/libavcodec/wmalosslessdec.c +++ b/libavcodec/wmalosslessdec.c @@ -237,9 +237,9 @@ typedef struct WmallDecodeCtx { int8_t mclms_scaling; int16_t mclms_coeffs[128]; int16_t mclms_coeffs_cur[4]; - int16_t mclms_prevvalues[64]; // FIXME: should be 32-bit / 16-bit depending on bit-depth - int16_t mclms_updates[64]; - int mclms_recent; + int16_t mclms_prevvalues[WMALL_MAX_CHANNELS * 2 * 32]; + int16_t mclms_updates[WMALL_MAX_CHANNELS * 2 * 32]; + int mclms_recent; int movave_scaling; int quant_stepsize; From 954ce59a0abb8497864603499a1a4321fe4d8982 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 7 Feb 2014 15:07:23 +0100 Subject: [PATCH 325/331] avcodec/wmalosslessdec: fix mclms_coeffs* array size Fixes corruption of context Fixes: 8835659dde6a4f7dcdf341de6a45c6c8-signal_sigsegv_1dce67b_4564_cov_2504444599_classical_22_16_1_14000_v3c_0_extend_0_29.wma Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit ec9578d54d09b64bf112c2bf7a34b1ef3b93dbd3) Conflicts: libavcodec/wmalosslessdec.c (cherry picked from commit 5d683807be71002a6c3facef3e26350762a760e2) Signed-off-by: Michael Niedermayer --- libavcodec/wmalosslessdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/wmalosslessdec.c b/libavcodec/wmalosslessdec.c index 41bd067144..691bfbf00a 100644 --- a/libavcodec/wmalosslessdec.c +++ b/libavcodec/wmalosslessdec.c @@ -235,8 +235,8 @@ typedef struct WmallDecodeCtx { int8_t mclms_order; int8_t mclms_scaling; - int16_t mclms_coeffs[128]; - int16_t mclms_coeffs_cur[4]; + int16_t mclms_coeffs[WMALL_MAX_CHANNELS * WMALL_MAX_CHANNELS * 32]; + int16_t mclms_coeffs_cur[WMALL_MAX_CHANNELS * WMALL_MAX_CHANNELS]; int16_t mclms_prevvalues[WMALL_MAX_CHANNELS * 2 * 32]; int16_t mclms_updates[WMALL_MAX_CHANNELS * 2 * 32]; int mclms_recent; From d234e1d333c95d2f883830e8deeac04cd1c15673 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 13 Feb 2014 13:59:51 +0100 Subject: [PATCH 326/331] avformat/mpegtsenc: Check data array size in mpegts_write_pmt() Prevents out of array writes Signed-off-by: Michael Niedermayer (cherry picked from commit 842b6c14bcfc1c5da1a2d288fd65386eb8c158ad) Conflicts: libavformat/mpegtsenc.c (cherry picked from commit e87de3f50b765134588d0b048c32ed4b8acc16fb) Signed-off-by: Michael Niedermayer --- libavformat/mpegtsenc.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/libavformat/mpegtsenc.c b/libavformat/mpegtsenc.c index b75eff73c0..d6100ce5d5 100644 --- a/libavformat/mpegtsenc.c +++ b/libavformat/mpegtsenc.c @@ -232,7 +232,7 @@ static void mpegts_write_pat(AVFormatContext *s) data, q - data); } -static void mpegts_write_pmt(AVFormatContext *s, MpegTSService *service) +static int mpegts_write_pmt(AVFormatContext *s, MpegTSService *service) { // MpegTSWrite *ts = s->priv_data; uint8_t data[1012], *q, *desc_length_ptr, *program_info_length_ptr; @@ -285,6 +285,10 @@ static void mpegts_write_pmt(AVFormatContext *s, MpegTSService *service) stream_type = STREAM_TYPE_PRIVATE_DATA; break; } + + if (q - data > sizeof(data) - 32) + return AVERROR(EINVAL); + *q++ = stream_type; put16(&q, 0xe000 | ts_st->pid); desc_length_ptr = q; @@ -308,7 +312,7 @@ static void mpegts_write_pmt(AVFormatContext *s, MpegTSService *service) len_ptr = q++; *len_ptr = 0; - for (p = lang->value; next && *len_ptr < 255 / 4 * 4; p = next + 1) { + for (p = lang->value; next && *len_ptr < 255 / 4 * 4 && q - data < sizeof(data) - 4; p = next + 1) { next = strchr(p, ','); if (strlen(p) != 3 && (!next || next != p + 3)) continue; /* not a 3-letter code */ @@ -370,6 +374,7 @@ static void mpegts_write_pmt(AVFormatContext *s, MpegTSService *service) } mpegts_write_section1(&service->pmt, PMT_TID, service->sid, 0, 0, 0, data, q - data); + return 0; } /* NOTE: str == NULL is accepted for an empty string */ From 573d5fdedae72bf59d8c0b0766fdee171063d36f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 16 Feb 2014 23:08:52 +0100 Subject: [PATCH 327/331] avcodec/msrle: use av_image_get_linesize() to calculate the linesize Fixes out of array access Fixes: 14a74a0a2dc67ede543f0e35d834fbbe-asan_heap-oob_49572c_556_cov_215466444_44_001_engine_room.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit c919e1ca2ecfc47d796382973ba0e48b8f6f92a2) Conflicts: libavcodec/msrle.c (cherry picked from commit bc1c8ec5e65098fd2ccd8456f667151dfc9cda42) Signed-off-by: Michael Niedermayer --- libavcodec/msrle.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/msrle.c b/libavcodec/msrle.c index 30159bb006..c39ae7bd44 100644 --- a/libavcodec/msrle.c +++ b/libavcodec/msrle.c @@ -35,6 +35,7 @@ #include "avcodec.h" #include "dsputil.h" #include "msrledec.h" +#include "libavutil/imgutils.h" typedef struct MsrleContext { AVCodecContext *avctx; @@ -107,7 +108,7 @@ static int msrle_decode_frame(AVCodecContext *avctx, /* FIXME how to correctly detect RLE ??? */ if (avctx->height * istride == avpkt->size) { /* assume uncompressed */ - int linesize = (avctx->width * avctx->bits_per_coded_sample + 7) / 8; + int linesize = av_image_get_linesize(avctx->pix_fmt, avctx->width, 0); uint8_t *ptr = s->frame.data[0]; uint8_t *buf = avpkt->data + (avctx->height-1)*istride; int i, j; From 85162a60b8f954ddaf1726691d39945fba0ce8c5 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 18 Feb 2014 02:53:14 +0100 Subject: [PATCH 328/331] avcodec/snow: split block clipping checks Fixes out of array read Fixes: d4476f68ca1c1c57afbc45806f581963-asan_heap-oob_2266b27_8607_cov_4044577381_snow_chroma_bug.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 61d59703c91869f4e5cdacd8d6be52f8b89d4ba4) Signed-off-by: Michael Niedermayer --- libavcodec/snow.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libavcodec/snow.h b/libavcodec/snow.h index 3a5cdc7175..6a04d694bb 100644 --- a/libavcodec/snow.h +++ b/libavcodec/snow.h @@ -311,7 +311,8 @@ static av_always_inline void add_yblock(SnowContext *s, int sliced, slice_buffer if(!sliced && !offset_dst) dst -= src_x; src_x=0; - }else if(src_x + b_w > w){ + } + if(src_x + b_w > w){ b_w = w - src_x; } if(src_y<0){ @@ -320,7 +321,8 @@ static av_always_inline void add_yblock(SnowContext *s, int sliced, slice_buffer if(!sliced && !offset_dst) dst -= src_y*dst_stride; src_y=0; - }else if(src_y + b_h> h){ + } + if(src_y + b_h> h){ b_h = h - src_y; } From 3926ebc7029d97f2aa8c1d834a9a67d821c43db8 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 11 Jan 2013 00:54:12 +0100 Subject: [PATCH 329/331] vorbisdec: Check bark_map_size. This fixes potential divisions by zero and out of array accesses. Reported-by: Dale Curtis Found-by: inferno@chromium.org Signed-off-by: Michael Niedermayer (cherry picked from commit 2c16bf2de07c68513072bf3cc96401d2c6291a3e) Signed-off-by: Michael Niedermayer --- libavcodec/vorbisdec.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/vorbisdec.c b/libavcodec/vorbisdec.c index 4bd1cf22a3..5e23580d92 100644 --- a/libavcodec/vorbisdec.c +++ b/libavcodec/vorbisdec.c @@ -595,6 +595,10 @@ static int vorbis_parse_setup_hdr_floors(vorbis_context *vc) "Floor 0 amplitude bits is 0.\n"); return AVERROR_INVALIDDATA; } + if (floor_setup->data.t0.bark_map_size == 0) { + av_log(vc->avccontext, AV_LOG_ERROR, "Floor 0 bark map size is 0.\n"); + return AVERROR_INVALIDDATA; + } floor_setup->data.t0.amplitude_offset = get_bits(gb, 8); floor_setup->data.t0.num_books = get_bits(gb, 4) + 1; From d55059d048bd6247b7bd1ae7830253f7b9358f13 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 21 Mar 2014 05:53:28 +0100 Subject: [PATCH 330/331] update for 0.9.4 Signed-off-by: Michael Niedermayer --- Doxyfile | 2 +- RELEASE | 2 +- VERSION | 2 +- cmdutils.c | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Doxyfile b/Doxyfile index 33d2e45e32..99fb63093e 100644 --- a/Doxyfile +++ b/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 0.9.3 +PROJECT_NUMBER = 0.9.4 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. diff --git a/RELEASE b/RELEASE index 965065db5b..a602fc9e28 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -0.9.3 +0.9.4 diff --git a/VERSION b/VERSION index 965065db5b..a602fc9e28 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.9.3 +0.9.4 diff --git a/cmdutils.c b/cmdutils.c index 79bebd74f8..507df2cc5a 100644 --- a/cmdutils.c +++ b/cmdutils.c @@ -53,7 +53,7 @@ struct SwsContext *sws_opts; AVDictionary *format_opts, *codec_opts; -static const int this_year = 2013; +static const int this_year = 2014; static FILE *report_file; From 36a3063aae33988493a6826225b6830600beaacc Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 31 Jul 2015 15:54:38 +0200 Subject: [PATCH 331/331] MAINTAINERS: Remove myself as leader Signed-off-by: Michael Niedermayer (cherry picked from commit f2c58931e629343f7d68258cc2b2d62c5f501ba5) Signed-off-by: Michael Niedermayer --- MAINTAINERS | 1 - 1 file changed, 1 deletion(-) diff --git a/MAINTAINERS b/MAINTAINERS index a617fd3c17..f0110cfa32 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -14,7 +14,6 @@ and related discussions. Project Leader ============== -Michael Niedermayer final design decisions