From 9d7244c4c60d9f85f58b3770065a394c71fdce3f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 19 Apr 2011 11:50:32 +0200 Subject: [PATCH 001/652] Typo Signed-off-by: Michael Niedermayer --- libavformat/asfdec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c index ce5d662046..f433141545 100644 --- a/libavformat/asfdec.c +++ b/libavformat/asfdec.c @@ -1114,6 +1114,7 @@ static void asf_reset_header(AVFormatContext *s) static int asf_read_close(AVFormatContext *s) { + int i; asf_reset_header(s); for(i=0;inb_streams;i++) { From ea189b77eb89134a9d3928631c579ca0a28e1a3a Mon Sep 17 00:00:00 2001 From: multiple authors Date: Wed, 27 Apr 2011 00:00:50 +0200 Subject: [PATCH 002/652] Revert removial of 3 files, this sliped through the last merge into oldabi because the files where locally available during testing just not in git. Signed-off-by: Michael Niedermayer --- libavcodec/opt.c | 89 ++++++++++++++++++++ libavformat/metadata_compat.c | 148 ++++++++++++++++++++++++++++++++++ libavutil/sha1.h | 57 +++++++++++++ 3 files changed, 294 insertions(+) create mode 100644 libavcodec/opt.c create mode 100644 libavformat/metadata_compat.c create mode 100644 libavutil/sha1.h diff --git a/libavcodec/opt.c b/libavcodec/opt.c new file mode 100644 index 0000000000..f41fae0ba1 --- /dev/null +++ b/libavcodec/opt.c @@ -0,0 +1,89 @@ +/* + * AVOptions ABI compatibility wrapper + * Copyright (c) 2010 Michael Niedermayer + * + * This file is part of Libav. + * + * Libav is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * Libav is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with Libav; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#include "avcodec.h" +#include "opt.h" + +#if LIBAVCODEC_VERSION_MAJOR < 53 && CONFIG_SHARED && HAVE_SYMVER + +FF_SYMVER(const AVOption *, av_find_opt, (void *obj, const char *name, const char *unit, int mask, int flags), "LIBAVCODEC_52"){ + return av_find_opt(obj, name, unit, mask, flags); +} +FF_SYMVER(int, av_set_string3, (void *obj, const char *name, const char *val, int alloc, const AVOption **o_out), "LIBAVCODEC_52"){ + return av_set_string3(obj, name, val, alloc, o_out); +} +FF_SYMVER(const AVOption *, av_set_double, (void *obj, const char *name, double n), "LIBAVCODEC_52"){ + return av_set_double(obj, name, n); +} +FF_SYMVER(const AVOption *, av_set_q, (void *obj, const char *name, AVRational n), "LIBAVCODEC_52"){ + return av_set_q(obj, name, n); +} +FF_SYMVER(const AVOption *, av_set_int, (void *obj, const char *name, int64_t n), "LIBAVCODEC_52"){ + return av_set_int(obj, name, n); +} +FF_SYMVER(double, av_get_double, (void *obj, const char *name, const AVOption **o_out), "LIBAVCODEC_52"){ + return av_get_double(obj, name, o_out); +} +FF_SYMVER(AVRational, av_get_q, (void *obj, const char *name, const AVOption **o_out), "LIBAVCODEC_52"){ + return av_get_q(obj, name, o_out); +} +FF_SYMVER(int64_t, av_get_int, (void *obj, const char *name, const AVOption **o_out), "LIBAVCODEC_52"){ + return av_get_int(obj, name, o_out); +} +FF_SYMVER(const char *, av_get_string, (void *obj, const char *name, const AVOption **o_out, char *buf, int buf_len), "LIBAVCODEC_52"){ + return av_get_string(obj, name, o_out, buf, buf_len); +} +FF_SYMVER(const AVOption *, av_next_option, (void *obj, const AVOption *last), "LIBAVCODEC_52"){ + return av_next_option(obj, last); +} +FF_SYMVER(int, av_opt_show2, (void *obj, void *av_log_obj, int req_flags, int rej_flags), "LIBAVCODEC_52"){ + return av_opt_show2(obj, av_log_obj, req_flags, rej_flags); +} +FF_SYMVER(void, av_opt_set_defaults, (void *s), "LIBAVCODEC_52"){ + return av_opt_set_defaults(s); +} +FF_SYMVER(void, av_opt_set_defaults2, (void *s, int mask, int flags), "LIBAVCODEC_52"){ + return av_opt_set_defaults2(s, mask, flags); +} +#endif + +#if FF_API_SET_STRING_OLD +const AVOption *av_set_string2(void *obj, const char *name, const char *val, int alloc){ + const AVOption *o; + if (av_set_string3(obj, name, val, alloc, &o) < 0) + return NULL; + return o; +} + +const AVOption *av_set_string(void *obj, const char *name, const char *val){ + const AVOption *o; + if (av_set_string3(obj, name, val, 0, &o) < 0) + return NULL; + return o; +} +#endif + +#if FF_API_OPT_SHOW +int av_opt_show(void *obj, void *av_log_obj){ + return av_opt_show2(obj, av_log_obj, + AV_OPT_FLAG_ENCODING_PARAM|AV_OPT_FLAG_DECODING_PARAM, 0); +} +#endif diff --git a/libavformat/metadata_compat.c b/libavformat/metadata_compat.c new file mode 100644 index 0000000000..19b8f59df1 --- /dev/null +++ b/libavformat/metadata_compat.c @@ -0,0 +1,148 @@ +/* + * Copyright (c) 2009 Aurelien Jacobs + * + * This file is part of FFmpeg. + * + * FFmpeg is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * FFmpeg is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with FFmpeg; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#include +#include "avformat.h" +#include "metadata.h" +#include "libavutil/avstring.h" + +#if FF_API_OLD_METADATA + +#define SIZE_OFFSET(x) sizeof(((AVFormatContext*)0)->x),offsetof(AVFormatContext,x) + +static const struct { + const char name[16]; + int size; + int offset; +} compat_tab[] = { + { "title", SIZE_OFFSET(title) }, + { "author", SIZE_OFFSET(author) }, + { "copyright", SIZE_OFFSET(copyright) }, + { "comment", SIZE_OFFSET(comment) }, + { "album", SIZE_OFFSET(album) }, + { "year", SIZE_OFFSET(year) }, + { "track", SIZE_OFFSET(track) }, + { "genre", SIZE_OFFSET(genre) }, + + { "artist", SIZE_OFFSET(author) }, + { "creator", SIZE_OFFSET(author) }, + { "written_by", SIZE_OFFSET(author) }, + { "lead_performer", SIZE_OFFSET(author) }, + { "composer", SIZE_OFFSET(author) }, + { "performer", SIZE_OFFSET(author) }, + { "description", SIZE_OFFSET(comment) }, + { "albumtitle", SIZE_OFFSET(album) }, + { "date", SIZE_OFFSET(year) }, + { "date_written", SIZE_OFFSET(year) }, + { "date_released", SIZE_OFFSET(year) }, + { "tracknumber", SIZE_OFFSET(track) }, + { "part_number", SIZE_OFFSET(track) }, +}; + +void ff_metadata_demux_compat(AVFormatContext *ctx) +{ + AVMetadata *m; + int i, j; + + if ((m = ctx->metadata)) + for (j=0; jcount; j++) + for (i=0; ielems[j].key, compat_tab[i].name)) { + int *ptr = (int *)((char *)ctx+compat_tab[i].offset); + if (*ptr) continue; + if (compat_tab[i].size > sizeof(int)) + av_strlcpy((char *)ptr, m->elems[j].value, compat_tab[i].size); + else + *ptr = atoi(m->elems[j].value); + } + + for (i=0; inb_chapters; i++) + if ((m = ctx->chapters[i]->metadata)) + for (j=0; jcount; j++) + if (!strcasecmp(m->elems[j].key, "title")) { + av_free(ctx->chapters[i]->title); + ctx->chapters[i]->title = av_strdup(m->elems[j].value); + } + + for (i=0; inb_programs; i++) + if ((m = ctx->programs[i]->metadata)) + for (j=0; jcount; j++) { + if (!strcasecmp(m->elems[j].key, "name")) { + av_free(ctx->programs[i]->name); + ctx->programs[i]->name = av_strdup(m->elems[j].value); + } + if (!strcasecmp(m->elems[j].key, "provider_name")) { + av_free(ctx->programs[i]->provider_name); + ctx->programs[i]->provider_name = av_strdup(m->elems[j].value); + } + } + + for (i=0; inb_streams; i++) + if ((m = ctx->streams[i]->metadata)) + for (j=0; jcount; j++) { + if (!strcasecmp(m->elems[j].key, "language")) + av_strlcpy(ctx->streams[i]->language, m->elems[j].value, 4); + if (!strcasecmp(m->elems[j].key, "filename")) { + av_free(ctx->streams[i]->filename); + ctx->streams[i]->filename= av_strdup(m->elems[j].value); + } + } +} + + +#define FILL_METADATA(s, key, value) { \ + if (!av_metadata_get(s->metadata, #key, NULL, 0)) \ + av_metadata_set2(&s->metadata, #key, value, 0); \ + } +#define FILL_METADATA_STR(s, key) { \ + if (s->key && *s->key) FILL_METADATA(s, key, s->key); } +#define FILL_METADATA_INT(s, key) { \ + char number[10]; \ + snprintf(number, sizeof(number), "%d", s->key); \ + if(s->key) FILL_METADATA(s, key, number) } + +void ff_metadata_mux_compat(AVFormatContext *ctx) +{ + int i; + + if (ctx->metadata && ctx->metadata->count > 0) + return; + + FILL_METADATA_STR(ctx, title); + FILL_METADATA_STR(ctx, author); + FILL_METADATA_STR(ctx, copyright); + FILL_METADATA_STR(ctx, comment); + FILL_METADATA_STR(ctx, album); + FILL_METADATA_INT(ctx, year); + FILL_METADATA_INT(ctx, track); + FILL_METADATA_STR(ctx, genre); + for (i=0; inb_chapters; i++) + FILL_METADATA_STR(ctx->chapters[i], title); + for (i=0; inb_programs; i++) { + FILL_METADATA_STR(ctx->programs[i], name); + FILL_METADATA_STR(ctx->programs[i], provider_name); + } + for (i=0; inb_streams; i++) { + FILL_METADATA_STR(ctx->streams[i], language); + FILL_METADATA_STR(ctx->streams[i], filename); + } +} + +#endif /* FF_API_OLD_METADATA */ diff --git a/libavutil/sha1.h b/libavutil/sha1.h new file mode 100644 index 0000000000..3ff58043ea --- /dev/null +++ b/libavutil/sha1.h @@ -0,0 +1,57 @@ +/* + * Copyright (C) 2007 Michael Niedermayer + * + * This file is part of FFmpeg. + * + * FFmpeg is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * FFmpeg is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with FFmpeg; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#ifndef AVUTIL_SHA1_H +#define AVUTIL_SHA1_H + +#include + +extern const int av_sha1_size; + +struct AVSHA1; + +/** + * Initialize SHA-1 hashing. + * + * @param context pointer to the function context (of size av_sha_size) + * @deprecated use av_sha_init() instead + */ +void av_sha1_init(struct AVSHA1* context); + +/** + * Update hash value. + * + * @param context hash function context + * @param data input data to update hash with + * @param len input data length + * @deprecated use av_sha_update() instead + */ +void av_sha1_update(struct AVSHA1* context, const uint8_t* data, unsigned int len); + +/** + * Finish hashing and output digest value. + * + * @param context hash function context + * @param digest buffer where output digest value is stored + * @deprecated use av_sha_final() instead + */ +void av_sha1_final(struct AVSHA1* context, uint8_t digest[20]); + +#endif /* AVUTIL_SHA1_H */ From 0b3a88fe1585f9d5d64da89417c0f8cc6788526a Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 2 May 2011 04:10:44 +0200 Subject: [PATCH 003/652] Revert "lavc: remove FF_API_MB_Q cruft" This reverts commit 6deae83e555982d86ef8cc68b804495092216fc4. --- libavcodec/avcodec.h | 16 ++++++++++++++++ libavcodec/options.c | 4 ++++ libavcodec/version.h | 3 +++ 3 files changed, 23 insertions(+) diff --git a/libavcodec/avcodec.h b/libavcodec/avcodec.h index bc61007137..86560f5cd7 100644 --- a/libavcodec/avcodec.h +++ b/libavcodec/avcodec.h @@ -1816,6 +1816,22 @@ typedef struct AVCodecContext { */ uint64_t error[4]; +#if FF_API_MB_Q + /** + * minimum MB quantizer + * - encoding: unused + * - decoding: unused + */ + attribute_deprecated int mb_qmin; + + /** + * maximum MB quantizer + * - encoding: unused + * - decoding: unused + */ + attribute_deprecated int mb_qmax; +#endif + /** * motion estimation comparison function * - encoding: Set by user. diff --git a/libavcodec/options.c b/libavcodec/options.c index 1d8b7dc567..c8220e43b3 100644 --- a/libavcodec/options.c +++ b/libavcodec/options.c @@ -253,6 +253,10 @@ static const AVOption options[]={ {"pf", "forward predicted MVs of P-frames", 0, FF_OPT_TYPE_CONST, FF_DEBUG_VIS_MV_P_FOR, INT_MIN, INT_MAX, V|D, "debug_mv"}, {"bf", "forward predicted MVs of B-frames", 0, FF_OPT_TYPE_CONST, FF_DEBUG_VIS_MV_B_FOR, INT_MIN, INT_MAX, V|D, "debug_mv"}, {"bb", "backward predicted MVs of B-frames", 0, FF_OPT_TYPE_CONST, FF_DEBUG_VIS_MV_B_BACK, INT_MIN, INT_MAX, V|D, "debug_mv"}, +#if FF_API_MB_Q +{"mb_qmin", "obsolete, use qmin", OFFSET(mb_qmin), FF_OPT_TYPE_INT, DEFAULT, INT_MIN, INT_MAX, V|E}, +{"mb_qmax", "obsolete, use qmax", OFFSET(mb_qmax), FF_OPT_TYPE_INT, DEFAULT, INT_MIN, INT_MAX, V|E}, +#endif {"cmp", "full pel me compare function", OFFSET(me_cmp), FF_OPT_TYPE_INT, DEFAULT, INT_MIN, INT_MAX, V|E, "cmp_func"}, {"subcmp", "sub pel me compare function", OFFSET(me_sub_cmp), FF_OPT_TYPE_INT, DEFAULT, INT_MIN, INT_MAX, V|E, "cmp_func"}, {"mbcmp", "macroblock compare function", OFFSET(mb_cmp), FF_OPT_TYPE_INT, DEFAULT, INT_MIN, INT_MAX, V|E, "cmp_func"}, diff --git a/libavcodec/version.h b/libavcodec/version.h index 522c6d6886..b13c953028 100644 --- a/libavcodec/version.h +++ b/libavcodec/version.h @@ -71,6 +71,9 @@ #ifndef FF_API_OLD_AUDIOCONVERT #define FF_API_OLD_AUDIOCONVERT (LIBAVCODEC_VERSION_MAJOR < 54) #endif +#ifndef FF_API_MB_Q +#define FF_API_MB_Q (LIBAVCODEC_VERSION_MAJOR < 53) +#endif #ifndef FF_API_ANTIALIAS_ALGO #define FF_API_ANTIALIAS_ALGO (LIBAVCODEC_VERSION_MAJOR < 54) #endif From 329559ae502a8d63bb04c0c3852caa48ac405ccc Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 2 May 2011 04:10:51 +0200 Subject: [PATCH 004/652] Revert "lavc: remove FF_API_RATE_EMU cruft" This reverts commit 694c142434f1b775c93cb2586eebf7ddd5ef6aa8. --- libavcodec/avcodec.h | 10 ++++++++++ libavcodec/options.c | 3 +++ libavcodec/version.h | 3 +++ 3 files changed, 16 insertions(+) diff --git a/libavcodec/avcodec.h b/libavcodec/avcodec.h index 86560f5cd7..35037979b5 100644 --- a/libavcodec/avcodec.h +++ b/libavcodec/avcodec.h @@ -1226,6 +1226,16 @@ typedef struct AVCodecContext { */ enum PixelFormat pix_fmt; +#if FF_API_RATE_EMU + /** + * Frame rate emulation. If not zero, the lower layer (i.e. format handler) + * has to read frames at native frame rate. + * - encoding: Set by user. + * - decoding: unused + */ + attribute_deprecated int rate_emu; +#endif + /** * If non NULL, 'draw_horiz_band' is called by the libavcodec * decoder to draw a horizontal band. It improves cache usage. Not diff --git a/libavcodec/options.c b/libavcodec/options.c index c8220e43b3..3117bbe1b5 100644 --- a/libavcodec/options.c +++ b/libavcodec/options.c @@ -105,6 +105,9 @@ static const AVOption options[]={ {"extradata_size", NULL, OFFSET(extradata_size), FF_OPT_TYPE_INT, DEFAULT, INT_MIN, INT_MAX}, {"time_base", NULL, OFFSET(time_base), FF_OPT_TYPE_RATIONAL, DEFAULT, INT_MIN, INT_MAX}, {"g", "set the group of picture size", OFFSET(gop_size), FF_OPT_TYPE_INT, 12, INT_MIN, INT_MAX, V|E}, +#if FF_API_RATE_EMU +{"rate_emu", "frame rate emulation", OFFSET(rate_emu), FF_OPT_TYPE_INT, DEFAULT, INT_MIN, INT_MAX}, +#endif {"ar", "set audio sampling rate (in Hz)", OFFSET(sample_rate), FF_OPT_TYPE_INT, DEFAULT, INT_MIN, INT_MAX}, {"ac", "set number of audio channels", OFFSET(channels), FF_OPT_TYPE_INT, DEFAULT, INT_MIN, INT_MAX}, {"cutoff", "set cutoff bandwidth", OFFSET(cutoff), FF_OPT_TYPE_INT, DEFAULT, INT_MIN, INT_MAX, A|E}, diff --git a/libavcodec/version.h b/libavcodec/version.h index b13c953028..56c7a95b0c 100644 --- a/libavcodec/version.h +++ b/libavcodec/version.h @@ -71,6 +71,9 @@ #ifndef FF_API_OLD_AUDIOCONVERT #define FF_API_OLD_AUDIOCONVERT (LIBAVCODEC_VERSION_MAJOR < 54) #endif +#ifndef FF_API_RATE_EMU +#define FF_API_RATE_EMU (LIBAVCODEC_VERSION_MAJOR < 53) +#endif #ifndef FF_API_MB_Q #define FF_API_MB_Q (LIBAVCODEC_VERSION_MAJOR < 53) #endif From 8d8962ca3e95b1ce86ab505498e7cd3ec89fa996 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 2 May 2011 04:10:59 +0200 Subject: [PATCH 005/652] Revert "lavc: remove FF_API_HURRY_UP cruft" This reverts commit e7021c0ed5d1265d5b4f0f01a01f840196a70415. --- libavcodec/avcodec.h | 10 ++++++++++ libavcodec/h261dec.c | 4 ++++ libavcodec/h263dec.c | 8 ++++++++ libavcodec/h264.c | 18 ++++++++++++++++-- libavcodec/mpeg12.c | 8 ++++++++ libavcodec/mpegvideo.c | 6 ++++++ libavcodec/mpegvideo.h | 5 +++++ libavcodec/options.c | 3 +++ libavcodec/pthread.c | 3 +++ libavcodec/rv34.c | 9 +++++++++ libavcodec/svq1dec.c | 3 +++ libavcodec/svq3.c | 8 ++++++++ libavcodec/vc1dec.c | 10 ++++++++++ libavcodec/version.h | 3 +++ 14 files changed, 96 insertions(+), 2 deletions(-) diff --git a/libavcodec/avcodec.h b/libavcodec/avcodec.h index 35037979b5..78715e4f0f 100644 --- a/libavcodec/avcodec.h +++ b/libavcodec/avcodec.h @@ -1340,6 +1340,16 @@ typedef struct AVCodecContext { int b_frame_strategy; +#if FF_API_HURRY_UP + /** + * hurry up amount + * - encoding: unused + * - decoding: Set by user. 1-> Skip B-frames, 2-> Skip IDCT/dequant too, 5-> Skip everything except header + * @deprecated Deprecated in favor of skip_idct and skip_frame. + */ + attribute_deprecated int hurry_up; +#endif + struct AVCodec *codec; void *priv_data; diff --git a/libavcodec/h261dec.c b/libavcodec/h261dec.c index d732123d3e..060aef6173 100644 --- a/libavcodec/h261dec.c +++ b/libavcodec/h261dec.c @@ -599,6 +599,10 @@ retry: s->current_picture.pict_type= s->pict_type; s->current_picture.key_frame= s->pict_type == FF_I_TYPE; +#if FF_API_HURRY_UP + /* skip everything if we are in a hurry>=5 */ + if(avctx->hurry_up>=5) return get_consumed_bytes(s, buf_size); +#endif if( (avctx->skip_frame >= AVDISCARD_NONREF && s->pict_type==FF_B_TYPE) ||(avctx->skip_frame >= AVDISCARD_NONKEY && s->pict_type!=FF_I_TYPE) || avctx->skip_frame >= AVDISCARD_ALL) diff --git a/libavcodec/h263dec.c b/libavcodec/h263dec.c index 72622e693f..4151f4b012 100644 --- a/libavcodec/h263dec.c +++ b/libavcodec/h263dec.c @@ -612,10 +612,18 @@ retry: /* skip B-frames if we don't have reference frames */ if(s->last_picture_ptr==NULL && (s->pict_type==FF_B_TYPE || s->dropable)) return get_consumed_bytes(s, buf_size); +#if FF_API_HURRY_UP + /* skip b frames if we are in a hurry */ + if(avctx->hurry_up && s->pict_type==FF_B_TYPE) return get_consumed_bytes(s, buf_size); +#endif if( (avctx->skip_frame >= AVDISCARD_NONREF && s->pict_type==FF_B_TYPE) || (avctx->skip_frame >= AVDISCARD_NONKEY && s->pict_type!=FF_I_TYPE) || avctx->skip_frame >= AVDISCARD_ALL) return get_consumed_bytes(s, buf_size); +#if FF_API_HURRY_UP + /* skip everything if we are in a hurry>=5 */ + if(avctx->hurry_up>=5) return get_consumed_bytes(s, buf_size); +#endif if(s->next_p_frame_damaged){ if(s->pict_type==FF_B_TYPE) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 285dbeadd6..22a57866d4 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -2966,7 +2966,11 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size){ buf_index += consumed; //FIXME do not discard SEI id - if(avctx->skip_frame >= AVDISCARD_NONREF && h->nal_ref_idc == 0) + if( +#if FF_API_HURRY_UP + (s->hurry_up == 1 && h->nal_ref_idc == 0) || +#endif + (avctx->skip_frame >= AVDISCARD_NONREF && h->nal_ref_idc == 0)) continue; again: @@ -3003,6 +3007,9 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size){ } if(hx->redundant_pic_count==0 +#if FF_API_HURRY_UP + && hx->s.hurry_up < 5 +#endif && (avctx->skip_frame < AVDISCARD_NONREF || hx->nal_ref_idc) && (avctx->skip_frame < AVDISCARD_BIDIR || hx->slice_type_nos!=FF_B_TYPE) && (avctx->skip_frame < AVDISCARD_NONKEY || hx->slice_type_nos==FF_I_TYPE) @@ -3040,6 +3047,9 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size){ if(hx->redundant_pic_count==0 && hx->intra_gb_ptr && hx->s.data_partitioning && s->context_initialized +#if FF_API_HURRY_UP + && s->hurry_up < 5 +#endif && (avctx->skip_frame < AVDISCARD_NONREF || hx->nal_ref_idc) && (avctx->skip_frame < AVDISCARD_BIDIR || hx->slice_type_nos!=FF_B_TYPE) && (avctx->skip_frame < AVDISCARD_NONKEY || hx->slice_type_nos==FF_I_TYPE) @@ -3176,7 +3186,11 @@ static int decode_frame(AVCodecContext *avctx, } if(!(s->flags2 & CODEC_FLAG2_CHUNKS) && !s->current_picture_ptr){ - if (avctx->skip_frame >= AVDISCARD_NONREF) + if (avctx->skip_frame >= AVDISCARD_NONREF +#if FF_API_HURRY_UP + || s->hurry_up +#endif + ) return 0; av_log(avctx, AV_LOG_ERROR, "no frame!\n"); return -1; diff --git a/libavcodec/mpeg12.c b/libavcodec/mpeg12.c index 510a2b0809..192ecdd478 100644 --- a/libavcodec/mpeg12.c +++ b/libavcodec/mpeg12.c @@ -2476,10 +2476,18 @@ static int decode_chunks(AVCodecContext *avctx, /* Skip P-frames if we do not have a reference frame or we have an invalid header. */ if(s2->pict_type==FF_P_TYPE && !s->sync) break; } +#if FF_API_HURRY_UP + /* Skip B-frames if we are in a hurry. */ + if(avctx->hurry_up && s2->pict_type==FF_B_TYPE) break; +#endif if( (avctx->skip_frame >= AVDISCARD_NONREF && s2->pict_type==FF_B_TYPE) ||(avctx->skip_frame >= AVDISCARD_NONKEY && s2->pict_type!=FF_I_TYPE) || avctx->skip_frame >= AVDISCARD_ALL) break; +#if FF_API_HURRY_UP + /* Skip everything if we are in a hurry>=5. */ + if(avctx->hurry_up>=5) break; +#endif if (!s->mpeg_enc_ctx_allocated) break; diff --git a/libavcodec/mpegvideo.c b/libavcodec/mpegvideo.c index 73305d1324..819f58dc95 100644 --- a/libavcodec/mpegvideo.c +++ b/libavcodec/mpegvideo.c @@ -1131,6 +1131,9 @@ int MPV_frame_start(MpegEncContext *s, AVCodecContext *avctx) } } +#if FF_API_HURRY_UP + s->hurry_up= s->avctx->hurry_up; +#endif s->error_recognition= avctx->error_recognition; /* set dequantizer, we can't do it during init as it might change for mpeg4 @@ -2122,6 +2125,9 @@ void MPV_decode_mb_internal(MpegEncContext *s, DCTELEM block[12][64], } /* skip dequant / idct if we are really late ;) */ +#if FF_API_HURRY_UP + if(s->hurry_up>1) goto skip_idct; +#endif if(s->avctx->skip_idct){ if( (s->avctx->skip_idct >= AVDISCARD_NONREF && s->pict_type == FF_B_TYPE) ||(s->avctx->skip_idct >= AVDISCARD_NONKEY && s->pict_type != FF_I_TYPE) diff --git a/libavcodec/mpegvideo.h b/libavcodec/mpegvideo.h index c90912f853..3836a6ef38 100644 --- a/libavcodec/mpegvideo.h +++ b/libavcodec/mpegvideo.h @@ -391,6 +391,11 @@ typedef struct MpegEncContext { int no_rounding; /**< apply no rounding to motion compensation (MPEG4, msmpeg4, ...) for b-frames rounding mode is always 0 */ +#if FF_API_HURRY_UP + int hurry_up; /**< when set to 1 during decoding, b frames will be skipped + when set to 2 idct/dequant will be skipped too */ +#endif + /* macroblock layer */ int mb_x, mb_y; int mb_skip_run; diff --git a/libavcodec/options.c b/libavcodec/options.c index 3117bbe1b5..fae1164c9b 100644 --- a/libavcodec/options.c +++ b/libavcodec/options.c @@ -127,6 +127,9 @@ static const AVOption options[]={ {"rc_strategy", "ratecontrol method", OFFSET(rc_strategy), FF_OPT_TYPE_INT, DEFAULT, INT_MIN, INT_MAX, V|E}, {"b_strategy", "strategy to choose between I/P/B-frames", OFFSET(b_frame_strategy), FF_OPT_TYPE_INT, 0, INT_MIN, INT_MAX, V|E}, {"wpredp", "weighted prediction analysis method", OFFSET(weighted_p_pred), FF_OPT_TYPE_INT, 0, INT_MIN, INT_MAX, V|E}, +#if FF_API_HURRY_UP +{"hurry_up", "deprecated, use skip_idct/skip_frame instead", OFFSET(hurry_up), FF_OPT_TYPE_INT, DEFAULT, INT_MIN, INT_MAX, V|D}, +#endif {"ps", "rtp payload size in bytes", OFFSET(rtp_payload_size), FF_OPT_TYPE_INT, DEFAULT, INT_MIN, INT_MAX, V|E}, {"mv_bits", NULL, OFFSET(mv_bits), FF_OPT_TYPE_INT, DEFAULT, INT_MIN, INT_MAX}, {"header_bits", NULL, OFFSET(header_bits), FF_OPT_TYPE_INT, DEFAULT, INT_MIN, INT_MAX}, diff --git a/libavcodec/pthread.c b/libavcodec/pthread.c index 6d4ee549cb..e0eea4b1f1 100644 --- a/libavcodec/pthread.c +++ b/libavcodec/pthread.c @@ -380,6 +380,9 @@ static void update_context_from_user(AVCodecContext *dst, AVCodecContext *src) dst->release_buffer = src->release_buffer; dst->opaque = src->opaque; +#if FF_API_HURRY_UP + dst->hurry_up = src->hurry_up; +#endif dst->dsp_mask = src->dsp_mask; dst->debug = src->debug; dst->debug_mv = src->debug_mv; diff --git a/libavcodec/rv34.c b/libavcodec/rv34.c index b11e84ea0b..32d8198eeb 100644 --- a/libavcodec/rv34.c +++ b/libavcodec/rv34.c @@ -1454,10 +1454,19 @@ int ff_rv34_decode_frame(AVCodecContext *avctx, } if((!s->last_picture_ptr || !s->last_picture_ptr->data[0]) && si.type == FF_B_TYPE) return -1; +#if FF_API_HURRY_UP + /* skip b frames if we are in a hurry */ + if(avctx->hurry_up && si.type==FF_B_TYPE) return buf_size; +#endif if( (avctx->skip_frame >= AVDISCARD_NONREF && si.type==FF_B_TYPE) || (avctx->skip_frame >= AVDISCARD_NONKEY && si.type!=FF_I_TYPE) || avctx->skip_frame >= AVDISCARD_ALL) return buf_size; +#if FF_API_HURRY_UP + /* skip everything if we are in a hurry>=5 */ + if(avctx->hurry_up>=5) + return buf_size; +#endif for(i=0; ipict_type==FF_B_TYPE && s->last_picture_ptr==NULL) return buf_size; +#if FF_API_HURRY_UP + if(avctx->hurry_up && s->pict_type==FF_B_TYPE) return buf_size; +#endif if( (avctx->skip_frame >= AVDISCARD_NONREF && s->pict_type==FF_B_TYPE) ||(avctx->skip_frame >= AVDISCARD_NONKEY && s->pict_type!=FF_I_TYPE) || avctx->skip_frame >= AVDISCARD_ALL) diff --git a/libavcodec/svq3.c b/libavcodec/svq3.c index ece514dc2e..c7119b975b 100644 --- a/libavcodec/svq3.c +++ b/libavcodec/svq3.c @@ -952,6 +952,14 @@ static int svq3_decode_frame(AVCodecContext *avctx, /* Skip B-frames if we do not have reference frames. */ if (s->last_picture_ptr == NULL && s->pict_type == FF_B_TYPE) return 0; +#if FF_API_HURRY_UP + /* Skip B-frames if we are in a hurry. */ + if (avctx->hurry_up && s->pict_type == FF_B_TYPE) + return 0; + /* Skip everything if we are in a hurry >= 5. */ + if (avctx->hurry_up >= 5) + return 0; +#endif if ( (avctx->skip_frame >= AVDISCARD_NONREF && s->pict_type == FF_B_TYPE) ||(avctx->skip_frame >= AVDISCARD_NONKEY && s->pict_type != FF_I_TYPE) || avctx->skip_frame >= AVDISCARD_ALL) diff --git a/libavcodec/vc1dec.c b/libavcodec/vc1dec.c index ddd59700fa..27695f184a 100644 --- a/libavcodec/vc1dec.c +++ b/libavcodec/vc1dec.c @@ -3519,11 +3519,21 @@ static int vc1_decode_frame(AVCodecContext *avctx, if(s->last_picture_ptr==NULL && (s->pict_type==FF_B_TYPE || s->dropable)){ goto err; } +#if FF_API_HURRY_UP + /* skip b frames if we are in a hurry */ + if(avctx->hurry_up && s->pict_type==FF_B_TYPE) return -1;//buf_size; +#endif if( (avctx->skip_frame >= AVDISCARD_NONREF && s->pict_type==FF_B_TYPE) || (avctx->skip_frame >= AVDISCARD_NONKEY && s->pict_type!=FF_I_TYPE) || avctx->skip_frame >= AVDISCARD_ALL) { goto end; } +#if FF_API_HURRY_UP + /* skip everything if we are in a hurry>=5 */ + if(avctx->hurry_up>=5) { + goto err; + } +#endif if(s->next_p_frame_damaged){ if(s->pict_type==FF_B_TYPE) diff --git a/libavcodec/version.h b/libavcodec/version.h index 56c7a95b0c..9046632b94 100644 --- a/libavcodec/version.h +++ b/libavcodec/version.h @@ -71,6 +71,9 @@ #ifndef FF_API_OLD_AUDIOCONVERT #define FF_API_OLD_AUDIOCONVERT (LIBAVCODEC_VERSION_MAJOR < 54) #endif +#ifndef FF_API_HURRY_UP +#define FF_API_HURRY_UP (LIBAVCODEC_VERSION_MAJOR < 53) +#endif #ifndef FF_API_RATE_EMU #define FF_API_RATE_EMU (LIBAVCODEC_VERSION_MAJOR < 53) #endif From 66b1f210c024a08ba00e4a730e64940d248b8717 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 2 May 2011 04:25:42 +0200 Subject: [PATCH 006/652] Revert "avio: Fix the deprecated fallback URL-prefixed open flags" This reverts commit 5b81e295931bad4dac0af29333b4e2a203b3f4d4. --- libavformat/avio.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavformat/avio.h b/libavformat/avio.h index 23e099d3fb..9d805822d4 100644 --- a/libavformat/avio.h +++ b/libavformat/avio.h @@ -152,9 +152,9 @@ attribute_deprecated int url_poll(URLPollEntry *poll_table, int n, int timeout); * constants, optionally ORed with other flags. * @{ */ -#define URL_RDONLY 1 /**< read-only */ -#define URL_WRONLY 2 /**< write-only */ -#define URL_RDWR (URL_RDONLY|URL_WRONLY) /**< read-write */ +#define URL_RDONLY 0 /**< read-only */ +#define URL_WRONLY 1 /**< write-only */ +#define URL_RDWR 2 /**< read-write */ /** * @} */ From 33651e3edffcf404e7dce33395b31b1113e5d4b2 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 15 May 2011 19:38:46 +0200 Subject: [PATCH 007/652] Revert "lavc: remove the FF_API_VIDEO_OLD cruft." This reverts commit e89e5afdd04a0f081ecc38b528c1147f204027d7. Conflicts: libavcodec/utils.c libavcodec/version.h Signed-off-by: Michael Niedermayer --- libavcodec/utils.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index 0c03c5224d..b169c9b9d1 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -736,6 +736,22 @@ static int64_t guess_correct_pts(AVCodecContext *ctx, return pts; } +#if FF_API_VIDEO_OLD +int attribute_align_arg avcodec_decode_video(AVCodecContext *avctx, AVFrame *picture, + int *got_picture_ptr, + const uint8_t *buf, int buf_size) +{ + AVPacket avpkt; + av_init_packet(&avpkt); + avpkt.data = buf; + avpkt.size = buf_size; + // HACK for CorePNG to decode as normal PNG by default + avpkt.flags = AV_PKT_FLAG_KEY; + + return avcodec_decode_video2(avctx, picture, got_picture_ptr, &avpkt); +} +#endif + int attribute_align_arg avcodec_decode_video2(AVCodecContext *avctx, AVFrame *picture, int *got_picture_ptr, AVPacket *avpkt) From 788c313b5091d47aa801fc64f62e971c5b38e140 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 21 Jun 2011 05:47:44 +0200 Subject: [PATCH 008/652] swscale: revert ABI breaking long->int chnage that touch public ABI Signed-off-by: Michael Niedermayer --- libswscale/swscale.h | 4 ++-- libswscale/swscale_unscaled.c | 12 ++++++------ 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/libswscale/swscale.h b/libswscale/swscale.h index 4bb2dfcf28..2252e513b4 100644 --- a/libswscale/swscale.h +++ b/libswscale/swscale.h @@ -354,7 +354,7 @@ struct SwsContext *sws_getCachedContext(struct SwsContext *context, * @param num_pixels number of pixels to convert * @param palette array with [256] entries, which must match color arrangement (RGB or BGR) of src */ -void sws_convertPalette8ToPacked32(const uint8_t *src, uint8_t *dst, int num_pixels, const uint8_t *palette); +void sws_convertPalette8ToPacked32(const uint8_t *src, uint8_t *dst, long num_pixels, const uint8_t *palette); /** * Converts an 8bit paletted frame into a frame with a color depth of 24 bits. @@ -366,7 +366,7 @@ void sws_convertPalette8ToPacked32(const uint8_t *src, uint8_t *dst, int num_pix * @param num_pixels number of pixels to convert * @param palette array with [256] entries, which must match color arrangement (RGB or BGR) of src */ -void sws_convertPalette8ToPacked24(const uint8_t *src, uint8_t *dst, int num_pixels, const uint8_t *palette); +void sws_convertPalette8ToPacked24(const uint8_t *src, uint8_t *dst, long num_pixels, const uint8_t *palette); #endif /* SWSCALE_SWSCALE_H */ diff --git a/libswscale/swscale_unscaled.c b/libswscale/swscale_unscaled.c index e0c4b25846..e17de2b206 100644 --- a/libswscale/swscale_unscaled.c +++ b/libswscale/swscale_unscaled.c @@ -182,14 +182,14 @@ static int uyvyToYuv422Wrapper(SwsContext *c, const uint8_t* src[], int srcStrid return srcSliceH; } -static void gray8aToPacked32(const uint8_t *src, uint8_t *dst, int num_pixels, const uint8_t *palette) +static void gray8aToPacked32(const uint8_t *src, uint8_t *dst, long num_pixels, const uint8_t *palette) { int i; for (i=0; isrcFormat; const enum PixelFormat dstFormat= c->dstFormat; - void (*conv)(const uint8_t *src, uint8_t *dst, int num_pixels, + void (*conv)(const uint8_t *src, uint8_t *dst, long num_pixels, const uint8_t *palette)=NULL; int i; uint8_t *dstPtr= dst[0] + dstStride[0]*srcSliceY; @@ -826,7 +826,7 @@ int sws_scale_ordered(SwsContext *c, const uint8_t* const src[], int srcStride[] #endif /* Convert the palette to the same packed 32-bit format as the palette */ -void sws_convertPalette8ToPacked32(const uint8_t *src, uint8_t *dst, int num_pixels, const uint8_t *palette) +void sws_convertPalette8ToPacked32(const uint8_t *src, uint8_t *dst, long num_pixels, const uint8_t *palette) { int i; @@ -835,7 +835,7 @@ void sws_convertPalette8ToPacked32(const uint8_t *src, uint8_t *dst, int num_pix } /* Palette format: ABCD -> dst format: ABC */ -void sws_convertPalette8ToPacked24(const uint8_t *src, uint8_t *dst, int num_pixels, const uint8_t *palette) +void sws_convertPalette8ToPacked24(const uint8_t *src, uint8_t *dst, long num_pixels, const uint8_t *palette) { int i; From 082b4f8348c6d8fc110969692c2a2ccf81f4e20c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 21 Jun 2011 06:26:38 +0200 Subject: [PATCH 009/652] swscale: undo version upgrade that git merged in and that i missed Signed-off-by: Michael Niedermayer --- libswscale/swscale.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libswscale/swscale.h b/libswscale/swscale.h index 2252e513b4..006118a5a1 100644 --- a/libswscale/swscale.h +++ b/libswscale/swscale.h @@ -29,9 +29,9 @@ #include "libavutil/avutil.h" -#define LIBSWSCALE_VERSION_MAJOR 2 -#define LIBSWSCALE_VERSION_MINOR 0 -#define LIBSWSCALE_VERSION_MICRO 0 +#define LIBSWSCALE_VERSION_MAJOR 0 +#define LIBSWSCALE_VERSION_MINOR 14 +#define LIBSWSCALE_VERSION_MICRO 1 #define LIBSWSCALE_VERSION_INT AV_VERSION_INT(LIBSWSCALE_VERSION_MAJOR, \ LIBSWSCALE_VERSION_MINOR, \ From 44e83d0c976dd098455173877fc22b57ed212bed Mon Sep 17 00:00:00 2001 From: Anton Khirnov Date: Thu, 9 Jun 2011 10:58:23 +0200 Subject: [PATCH 010/652] ffplay: use new avformat_open_* API. --- ffplay.c | 32 +++++++++----------------------- 1 file changed, 9 insertions(+), 23 deletions(-) diff --git a/ffplay.c b/ffplay.c index 96a8517b98..8788771491 100644 --- a/ffplay.c +++ b/ffplay.c @@ -27,6 +27,7 @@ #include "libavutil/colorspace.h" #include "libavutil/pixdesc.h" #include "libavutil/imgutils.h" +#include "libavutil/dict.h" #include "libavutil/parseutils.h" #include "libavutil/samplefmt.h" #include "libavutil/avassert.h" @@ -2295,15 +2296,13 @@ static int decode_interrupt_cb(void) static int read_thread(void *arg) { VideoState *is = arg; - AVFormatContext *ic; + AVFormatContext *ic = NULL; int err, i, ret; int st_index[AVMEDIA_TYPE_NB]; AVPacket pkt1, *pkt = &pkt1; - AVFormatParameters params, *ap = ¶ms; int eof=0; int pkt_in_play_range = 0; - - ic = avformat_alloc_context(); + AVDictionaryEntry *t; memset(st_index, -1, sizeof(st_index)); is->video_stream = -1; @@ -2313,30 +2312,17 @@ static int read_thread(void *arg) global_video_state = is; avio_set_interrupt_cb(decode_interrupt_cb); - memset(ap, 0, sizeof(*ap)); - - ap->prealloced_context = 1; - ap->width = frame_width; - ap->height= frame_height; - ap->time_base= (AVRational){1, 25}; - ap->pix_fmt = frame_pix_fmt; - ic->flags |= AVFMT_FLAG_PRIV_OPT; - - - err = av_open_input_file(&ic, is->filename, is->iformat, 0, ap); - if (err >= 0) { - set_context_opts(ic, avformat_opts, AV_OPT_FLAG_DECODING_PARAM, NULL); - err = av_demuxer_open(ic, ap); - if(err < 0){ - avformat_free_context(ic); - ic= NULL; - } - } + err = avformat_open_input(&ic, is->filename, is->iformat, &format_opts); if (err < 0) { print_error(is->filename, err); ret = -1; goto fail; } + if ((t = av_dict_get(format_opts, "", NULL, AV_DICT_IGNORE_SUFFIX))) { + av_log(NULL, AV_LOG_ERROR, "Option %s not found.\n", t->key); + ret = AVERROR_OPTION_NOT_FOUND; + goto fail; + } is->ic = ic; if(genpts) From 680e47364386038c5039345ef2d9fe6947191a12 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20B=C5=93sch?= Date: Wed, 22 Jun 2011 10:33:01 +0200 Subject: [PATCH 011/652] vf_mp: do not add duplicated pixel formats. This avoid a crash with in avfilter_merge_formats() in case one of the filter formats list has multiple time the same entry. Thanks to Mina Nagy Zaki for helping figuring out the issue. --- libavfilter/vf_mp.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/libavfilter/vf_mp.c b/libavfilter/vf_mp.c index 36616b9c94..9e413b4776 100644 --- a/libavfilter/vf_mp.c +++ b/libavfilter/vf_mp.c @@ -41,6 +41,7 @@ //FIXME maybe link the orig in +//XXX: identical pix_fmt must be following with each others static const struct { int fmt; enum PixelFormat pix_fmt; @@ -785,13 +786,17 @@ static int query_formats(AVFilterContext *ctx) { AVFilterFormats *avfmts=NULL; MPContext *m = ctx->priv; + enum PixelFormat lastpixfmt = PIX_FMT_NONE; int i; for(i=0; conversion_map[i].fmt; i++){ av_log(ctx, AV_LOG_DEBUG, "query: %X\n", conversion_map[i].fmt); if(m->vf.query_format(&m->vf, conversion_map[i].fmt)){ av_log(ctx, AV_LOG_DEBUG, "supported,adding\n"); - avfilter_add_format(&avfmts, conversion_map[i].pix_fmt); + if (conversion_map[i].pix_fmt != lastpixfmt) { + avfilter_add_format(&avfmts, conversion_map[i].pix_fmt); + lastpixfmt = conversion_map[i].pix_fmt; + } } } From 0b5c2612126773c5c8eb0c0defb77d5310cc93c3 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 22 Jun 2011 20:24:02 +0200 Subject: [PATCH 012/652] set for next release of 0.8 Signed-off-by: Michael Niedermayer --- VERSION | 1 + 1 file changed, 1 insertion(+) create mode 100644 VERSION diff --git a/VERSION b/VERSION new file mode 100644 index 0000000000..6f4eebdf6f --- /dev/null +++ b/VERSION @@ -0,0 +1 @@ +0.8.1 From 3fedb3e65c6595c4fd78b03ed9b0d83cf257062c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Wed, 22 Jun 2011 18:25:49 +0200 Subject: [PATCH 013/652] Revert needless API change in 05e84c95. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When providing a custom AVIOContex for a AVFMT_NOFILE format only print a warning instead of erroring out. This allows the code to work with older MPlayer versions that just always set pb out of laziness. Signed-off-by: Reimar Döffinger --- libavformat/utils.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index aebf8f68c0..b610276844 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -661,7 +661,8 @@ static int init_input(AVFormatContext *s, const char *filename) if (!s->iformat) return av_probe_input_buffer(s->pb, &s->iformat, filename, s, 0, 0); else if (s->iformat->flags & AVFMT_NOFILE) - return AVERROR(EINVAL); + av_log(s, AV_LOG_WARNING, "Custom AVIOContext makes no sense and " + "will be ignored with AVFMT_NOFILE format.\n"); return 0; } From e845455225110f679127f6a6aa0cac1862789197 Mon Sep 17 00:00:00 2001 From: Anton Khirnov Date: Thu, 9 Jun 2011 10:58:23 +0200 Subject: [PATCH 014/652] ffplay: use new avformat_open_* API. (cherry picked from commit 44e83d0c976dd098455173877fc22b57ed212bed) --- ffplay.c | 32 +++++++++----------------------- 1 file changed, 9 insertions(+), 23 deletions(-) diff --git a/ffplay.c b/ffplay.c index 164757cfea..c41709674f 100644 --- a/ffplay.c +++ b/ffplay.c @@ -27,6 +27,7 @@ #include "libavutil/colorspace.h" #include "libavutil/pixdesc.h" #include "libavutil/imgutils.h" +#include "libavutil/dict.h" #include "libavutil/parseutils.h" #include "libavutil/samplefmt.h" #include "libavutil/avassert.h" @@ -2295,15 +2296,13 @@ static int decode_interrupt_cb(void) static int read_thread(void *arg) { VideoState *is = arg; - AVFormatContext *ic; + AVFormatContext *ic = NULL; int err, i, ret; int st_index[AVMEDIA_TYPE_NB]; AVPacket pkt1, *pkt = &pkt1; - AVFormatParameters params, *ap = ¶ms; int eof=0; int pkt_in_play_range = 0; - - ic = avformat_alloc_context(); + AVDictionaryEntry *t; memset(st_index, -1, sizeof(st_index)); is->video_stream = -1; @@ -2313,30 +2312,17 @@ static int read_thread(void *arg) global_video_state = is; avio_set_interrupt_cb(decode_interrupt_cb); - memset(ap, 0, sizeof(*ap)); - - ap->prealloced_context = 1; - ap->width = frame_width; - ap->height= frame_height; - ap->time_base= (AVRational){1, 25}; - ap->pix_fmt = frame_pix_fmt; - ic->flags |= AVFMT_FLAG_PRIV_OPT; - - - err = av_open_input_file(&ic, is->filename, is->iformat, 0, ap); - if (err >= 0) { - set_context_opts(ic, avformat_opts, AV_OPT_FLAG_DECODING_PARAM, NULL); - err = av_demuxer_open(ic, ap); - if(err < 0){ - avformat_free_context(ic); - ic= NULL; - } - } + err = avformat_open_input(&ic, is->filename, is->iformat, &format_opts); if (err < 0) { print_error(is->filename, err); ret = -1; goto fail; } + if ((t = av_dict_get(format_opts, "", NULL, AV_DICT_IGNORE_SUFFIX))) { + av_log(NULL, AV_LOG_ERROR, "Option %s not found.\n", t->key); + ret = AVERROR_OPTION_NOT_FOUND; + goto fail; + } is->ic = ic; if(genpts) From 07f5da61289cd1bfb552ea276368b4cc7a2f010a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20B=C5=93sch?= Date: Wed, 22 Jun 2011 10:33:01 +0200 Subject: [PATCH 015/652] vf_mp: do not add duplicated pixel formats. This avoid a crash with in avfilter_merge_formats() in case one of the filter formats list has multiple time the same entry. Thanks to Mina Nagy Zaki for helping figuring out the issue. (cherry picked from commit 680e47364386038c5039345ef2d9fe6947191a12) --- libavfilter/vf_mp.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/libavfilter/vf_mp.c b/libavfilter/vf_mp.c index 36616b9c94..9e413b4776 100644 --- a/libavfilter/vf_mp.c +++ b/libavfilter/vf_mp.c @@ -41,6 +41,7 @@ //FIXME maybe link the orig in +//XXX: identical pix_fmt must be following with each others static const struct { int fmt; enum PixelFormat pix_fmt; @@ -785,13 +786,17 @@ static int query_formats(AVFilterContext *ctx) { AVFilterFormats *avfmts=NULL; MPContext *m = ctx->priv; + enum PixelFormat lastpixfmt = PIX_FMT_NONE; int i; for(i=0; conversion_map[i].fmt; i++){ av_log(ctx, AV_LOG_DEBUG, "query: %X\n", conversion_map[i].fmt); if(m->vf.query_format(&m->vf, conversion_map[i].fmt)){ av_log(ctx, AV_LOG_DEBUG, "supported,adding\n"); - avfilter_add_format(&avfmts, conversion_map[i].pix_fmt); + if (conversion_map[i].pix_fmt != lastpixfmt) { + avfilter_add_format(&avfmts, conversion_map[i].pix_fmt); + lastpixfmt = conversion_map[i].pix_fmt; + } } } From e82ddde05aaab76984fb8795848afc9125a0fc01 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 22 Jun 2011 23:19:34 +0200 Subject: [PATCH 016/652] set VERSION for 0.7.1 Signed-off-by: Michael Niedermayer --- VERSION | 1 + 1 file changed, 1 insertion(+) create mode 100644 VERSION diff --git a/VERSION b/VERSION new file mode 100644 index 0000000000..39e898a4f9 --- /dev/null +++ b/VERSION @@ -0,0 +1 @@ +0.7.1 From 82b2dd5ee483c46c7ab26c0ead33b89594c9f6c0 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 22 Jun 2011 23:21:19 +0200 Subject: [PATCH 017/652] release_notes: update for 0.7.1 Signed-off-by: Michael Niedermayer --- doc/RELEASE_NOTES | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/RELEASE_NOTES b/doc/RELEASE_NOTES index 7861bfd4bc..536ef39f08 100644 --- a/doc/RELEASE_NOTES +++ b/doc/RELEASE_NOTES @@ -2,7 +2,7 @@ Release Notes ============= * 0.8 "Love" June, 2011 -* 0.7 "Peace" June, 2011 (identical to 0.8 but using 0.6 ABI/API) +* 0.7.1 "Peace" June, 2011 (identical to 0.8 but using 0.6 ABI/API) General notes From 26f732e21df7f79dbff040737b6030fd9a5ada11 Mon Sep 17 00:00:00 2001 From: Jason Garrett-Glaser Date: Tue, 21 Jun 2011 01:10:37 -0700 Subject: [PATCH 018/652] H.264: reference the correct SPS in decode_scaling_matrices (cherry picked from commit 85a88f9c0c0fcc2fc48121db1beb5ada68d24bdc) --- libavcodec/h264_ps.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/h264_ps.c b/libavcodec/h264_ps.c index ddfe1d2c64..75a0af7fff 100644 --- a/libavcodec/h264_ps.c +++ b/libavcodec/h264_ps.c @@ -281,12 +281,12 @@ static void decode_scaling_matrices(H264Context *h, SPS *sps, PPS *pps, int is_s decode_scaling_list(h,scaling_matrix4[5],16,default_scaling4[1],scaling_matrix4[4]); // Inter, Cb if(is_sps || pps->transform_8x8_mode){ decode_scaling_list(h,scaling_matrix8[0],64,default_scaling8[0],fallback[2]); // Intra, Y - if(h->sps.chroma_format_idc == 3){ + if(sps->chroma_format_idc == 3){ decode_scaling_list(h,scaling_matrix8[1],64,default_scaling8[0],scaling_matrix8[0]); // Intra, Cr decode_scaling_list(h,scaling_matrix8[2],64,default_scaling8[0],scaling_matrix8[1]); // Intra, Cb } decode_scaling_list(h,scaling_matrix8[3],64,default_scaling8[1],fallback[3]); // Inter, Y - if(h->sps.chroma_format_idc == 3){ + if(sps->chroma_format_idc == 3){ decode_scaling_list(h,scaling_matrix8[4],64,default_scaling8[1],scaling_matrix8[3]); // Inter, Cr decode_scaling_list(h,scaling_matrix8[5],64,default_scaling8[1],scaling_matrix8[4]); // Inter, Cb } From f84c349b3b765f8d5c7a79a69ef9f8bb23cbfd83 Mon Sep 17 00:00:00 2001 From: Jason Garrett-Glaser Date: Tue, 21 Jun 2011 04:16:33 -0700 Subject: [PATCH 019/652] H.264: fix 4:4:4 cropping warning (cherry picked from commit 932db250243812380640112fd27a59bc0642bc8a) --- libavcodec/h264_ps.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/h264_ps.c b/libavcodec/h264_ps.c index 75a0af7fff..61fb12ce0c 100644 --- a/libavcodec/h264_ps.c +++ b/libavcodec/h264_ps.c @@ -396,6 +396,7 @@ int ff_h264_decode_seq_parameter_set(H264Context *h){ #endif sps->crop= get_bits1(&s->gb); if(sps->crop){ + int crop_limit = sps->chroma_format_idc == 3 ? 16 : 8; sps->crop_left = get_ue_golomb(&s->gb); sps->crop_right = get_ue_golomb(&s->gb); sps->crop_top = get_ue_golomb(&s->gb); @@ -403,7 +404,7 @@ int ff_h264_decode_seq_parameter_set(H264Context *h){ if(sps->crop_left || sps->crop_top){ av_log(h->s.avctx, AV_LOG_ERROR, "insane cropping not completely supported, this could look slightly wrong ...\n"); } - if(sps->crop_right >= (8<crop_bottom >= (8<crop_right >= crop_limit || sps->crop_bottom >= crop_limit){ av_log(h->s.avctx, AV_LOG_ERROR, "brainfart cropping not supported, this could look slightly wrong ...\n"); } }else{ From 7a6e47b99dfa669fa108058868ba06263e78f801 Mon Sep 17 00:00:00 2001 From: Jason Garrett-Glaser Date: Wed, 22 Jun 2011 02:05:14 -0700 Subject: [PATCH 020/652] H.264: fix 4:4:4 + deblocking + MBAFF (cherry picked from commit 7c9079ab4cf0bcf34103fc9c5e49ec1fd7dd390c) --- libavcodec/h264.c | 4 ++-- libavcodec/h264_loopfilter.c | 30 ++++++++++++++++++++++-------- 2 files changed, 24 insertions(+), 10 deletions(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 419f7c5b84..3b7ed58933 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -3303,8 +3303,8 @@ static void loop_filter(H264Context *h, int start_x, int end_x){ uvlinesize = h->mb_uvlinesize = s->uvlinesize * 2; if(mb_y&1){ //FIXME move out of this function? dest_y -= s->linesize*15; - dest_cb-= s->uvlinesize*7; - dest_cr-= s->uvlinesize*7; + dest_cb-= s->uvlinesize*((8 << CHROMA444)-1); + dest_cr-= s->uvlinesize*((8 << CHROMA444)-1); } } else { linesize = h->mb_linesize = s->linesize; diff --git a/libavcodec/h264_loopfilter.c b/libavcodec/h264_loopfilter.c index fd1fb5f662..7a4c621c69 100644 --- a/libavcodec/h264_loopfilter.c +++ b/libavcodec/h264_loopfilter.c @@ -663,19 +663,33 @@ void ff_h264_filter_mb( H264Context *h, int mb_x, int mb_y, uint8_t *img_y, uint filter_mb_mbaff_edgev ( h, img_y , linesize, bS , 1, qp [0] ); filter_mb_mbaff_edgev ( h, img_y + 8* linesize, linesize, bS+4, 1, qp [1] ); if (chroma){ - filter_mb_mbaff_edgecv( h, img_cb, uvlinesize, bS , 1, bqp[0] ); - filter_mb_mbaff_edgecv( h, img_cb + 4*uvlinesize, uvlinesize, bS+4, 1, bqp[1] ); - filter_mb_mbaff_edgecv( h, img_cr, uvlinesize, bS , 1, rqp[0] ); - filter_mb_mbaff_edgecv( h, img_cr + 4*uvlinesize, uvlinesize, bS+4, 1, rqp[1] ); + if (CHROMA444) { + filter_mb_mbaff_edgev ( h, img_cb, uvlinesize, bS , 1, bqp[0] ); + filter_mb_mbaff_edgev ( h, img_cb + 8*uvlinesize, uvlinesize, bS+4, 1, bqp[1] ); + filter_mb_mbaff_edgev ( h, img_cr, uvlinesize, bS , 1, rqp[0] ); + filter_mb_mbaff_edgev ( h, img_cr + 8*uvlinesize, uvlinesize, bS+4, 1, rqp[1] ); + }else{ + filter_mb_mbaff_edgecv( h, img_cb, uvlinesize, bS , 1, bqp[0] ); + filter_mb_mbaff_edgecv( h, img_cb + 4*uvlinesize, uvlinesize, bS+4, 1, bqp[1] ); + filter_mb_mbaff_edgecv( h, img_cr, uvlinesize, bS , 1, rqp[0] ); + filter_mb_mbaff_edgecv( h, img_cr + 4*uvlinesize, uvlinesize, bS+4, 1, rqp[1] ); + } } }else{ filter_mb_mbaff_edgev ( h, img_y , 2* linesize, bS , 2, qp [0] ); filter_mb_mbaff_edgev ( h, img_y + linesize, 2* linesize, bS+1, 2, qp [1] ); if (chroma){ - filter_mb_mbaff_edgecv( h, img_cb, 2*uvlinesize, bS , 2, bqp[0] ); - filter_mb_mbaff_edgecv( h, img_cb + uvlinesize, 2*uvlinesize, bS+1, 2, bqp[1] ); - filter_mb_mbaff_edgecv( h, img_cr, 2*uvlinesize, bS , 2, rqp[0] ); - filter_mb_mbaff_edgecv( h, img_cr + uvlinesize, 2*uvlinesize, bS+1, 2, rqp[1] ); + if (CHROMA444) { + filter_mb_mbaff_edgev ( h, img_cb, 2*uvlinesize, bS , 2, bqp[0] ); + filter_mb_mbaff_edgev ( h, img_cb + uvlinesize, 2*uvlinesize, bS+1, 2, bqp[1] ); + filter_mb_mbaff_edgev ( h, img_cr, 2*uvlinesize, bS , 2, rqp[0] ); + filter_mb_mbaff_edgev ( h, img_cr + uvlinesize, 2*uvlinesize, bS+1, 2, rqp[1] ); + }else{ + filter_mb_mbaff_edgecv( h, img_cb, 2*uvlinesize, bS , 2, bqp[0] ); + filter_mb_mbaff_edgecv( h, img_cb + uvlinesize, 2*uvlinesize, bS+1, 2, bqp[1] ); + filter_mb_mbaff_edgecv( h, img_cr, 2*uvlinesize, bS , 2, rqp[0] ); + filter_mb_mbaff_edgecv( h, img_cr + uvlinesize, 2*uvlinesize, bS+1, 2, rqp[1] ); + } } } } From b7b61ff6a31d4ffa1fb9a0ebeb1579d84c01c0b7 Mon Sep 17 00:00:00 2001 From: Jason Garrett-Glaser Date: Wed, 22 Jun 2011 02:34:02 -0700 Subject: [PATCH 021/652] H.264: fix 4:4:4 + deblocking + 8x8dct + cavlc + MBAFF (cherry picked from commit 2702a6f114f996ddfb334f1d8ddfae50e2c7eef7) --- libavcodec/h264_loopfilter.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/libavcodec/h264_loopfilter.c b/libavcodec/h264_loopfilter.c index 7a4c621c69..46abc54c49 100644 --- a/libavcodec/h264_loopfilter.c +++ b/libavcodec/h264_loopfilter.c @@ -393,10 +393,10 @@ static av_always_inline void filter_mb_dir(H264Context *h, int mb_x, int mb_y, u AV_WN64A(bS, 0x0003000300030003ULL); } else { if(!CABAC && IS_8x8DCT(s->current_picture.mb_type[mbn_xy])){ - bS[0]= 1+((h->cbp_table[mbn_xy] & 4)||h->non_zero_count_cache[scan8[0]+0]); - bS[1]= 1+((h->cbp_table[mbn_xy] & 4)||h->non_zero_count_cache[scan8[0]+1]); - bS[2]= 1+((h->cbp_table[mbn_xy] & 8)||h->non_zero_count_cache[scan8[0]+2]); - bS[3]= 1+((h->cbp_table[mbn_xy] & 8)||h->non_zero_count_cache[scan8[0]+3]); + bS[0]= 1+((h->cbp_table[mbn_xy] & 0x4000)||h->non_zero_count_cache[scan8[0]+0]); + bS[1]= 1+((h->cbp_table[mbn_xy] & 0x4000)||h->non_zero_count_cache[scan8[0]+1]); + bS[2]= 1+((h->cbp_table[mbn_xy] & 0x8000)||h->non_zero_count_cache[scan8[0]+2]); + bS[3]= 1+((h->cbp_table[mbn_xy] & 0x8000)||h->non_zero_count_cache[scan8[0]+3]); }else{ const uint8_t *mbn_nnz = h->non_zero_count[mbn_xy] + 3*4; int i; @@ -635,7 +635,7 @@ void ff_h264_filter_mb( H264Context *h, int mb_x, int mb_y, uint8_t *img_y, uint else{ bS[i] = 1 + !!(h->non_zero_count_cache[12+8*(i>>1)] | ((!h->pps.cabac && IS_8x8DCT(mbn_type)) ? - (h->cbp_table[mbn_xy] & ((MB_FIELD ? (i&2) : (mb_y&1)) ? 8 : 2)) + (h->cbp_table[mbn_xy] & (((MB_FIELD ? (i&2) : (mb_y&1)) ? 8 : 2) << 12)) : h->non_zero_count[mbn_xy][ off[i] ])); } From 4db2b966be1274983f1af189cce84cabfdab0f49 Mon Sep 17 00:00:00 2001 From: Jason Garrett-Glaser Date: Tue, 21 Jun 2011 01:10:37 -0700 Subject: [PATCH 022/652] H.264: reference the correct SPS in decode_scaling_matrices (cherry picked from commit 85a88f9c0c0fcc2fc48121db1beb5ada68d24bdc) --- libavcodec/h264_ps.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/h264_ps.c b/libavcodec/h264_ps.c index ddfe1d2c64..75a0af7fff 100644 --- a/libavcodec/h264_ps.c +++ b/libavcodec/h264_ps.c @@ -281,12 +281,12 @@ static void decode_scaling_matrices(H264Context *h, SPS *sps, PPS *pps, int is_s decode_scaling_list(h,scaling_matrix4[5],16,default_scaling4[1],scaling_matrix4[4]); // Inter, Cb if(is_sps || pps->transform_8x8_mode){ decode_scaling_list(h,scaling_matrix8[0],64,default_scaling8[0],fallback[2]); // Intra, Y - if(h->sps.chroma_format_idc == 3){ + if(sps->chroma_format_idc == 3){ decode_scaling_list(h,scaling_matrix8[1],64,default_scaling8[0],scaling_matrix8[0]); // Intra, Cr decode_scaling_list(h,scaling_matrix8[2],64,default_scaling8[0],scaling_matrix8[1]); // Intra, Cb } decode_scaling_list(h,scaling_matrix8[3],64,default_scaling8[1],fallback[3]); // Inter, Y - if(h->sps.chroma_format_idc == 3){ + if(sps->chroma_format_idc == 3){ decode_scaling_list(h,scaling_matrix8[4],64,default_scaling8[1],scaling_matrix8[3]); // Inter, Cr decode_scaling_list(h,scaling_matrix8[5],64,default_scaling8[1],scaling_matrix8[4]); // Inter, Cb } From 0820593e645aa0e4527752c17c9404e44042e809 Mon Sep 17 00:00:00 2001 From: Jason Garrett-Glaser Date: Tue, 21 Jun 2011 04:16:33 -0700 Subject: [PATCH 023/652] H.264: fix 4:4:4 cropping warning (cherry picked from commit 932db250243812380640112fd27a59bc0642bc8a) --- libavcodec/h264_ps.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/h264_ps.c b/libavcodec/h264_ps.c index 75a0af7fff..61fb12ce0c 100644 --- a/libavcodec/h264_ps.c +++ b/libavcodec/h264_ps.c @@ -396,6 +396,7 @@ int ff_h264_decode_seq_parameter_set(H264Context *h){ #endif sps->crop= get_bits1(&s->gb); if(sps->crop){ + int crop_limit = sps->chroma_format_idc == 3 ? 16 : 8; sps->crop_left = get_ue_golomb(&s->gb); sps->crop_right = get_ue_golomb(&s->gb); sps->crop_top = get_ue_golomb(&s->gb); @@ -403,7 +404,7 @@ int ff_h264_decode_seq_parameter_set(H264Context *h){ if(sps->crop_left || sps->crop_top){ av_log(h->s.avctx, AV_LOG_ERROR, "insane cropping not completely supported, this could look slightly wrong ...\n"); } - if(sps->crop_right >= (8<crop_bottom >= (8<crop_right >= crop_limit || sps->crop_bottom >= crop_limit){ av_log(h->s.avctx, AV_LOG_ERROR, "brainfart cropping not supported, this could look slightly wrong ...\n"); } }else{ From a3589cce81340989247c4c3bf5baa5a8388b6fce Mon Sep 17 00:00:00 2001 From: Jason Garrett-Glaser Date: Wed, 22 Jun 2011 02:05:14 -0700 Subject: [PATCH 024/652] H.264: fix 4:4:4 + deblocking + MBAFF (cherry picked from commit 7c9079ab4cf0bcf34103fc9c5e49ec1fd7dd390c) --- libavcodec/h264.c | 4 ++-- libavcodec/h264_loopfilter.c | 30 ++++++++++++++++++++++-------- 2 files changed, 24 insertions(+), 10 deletions(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 5170a559b0..87120693d4 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -3303,8 +3303,8 @@ static void loop_filter(H264Context *h, int start_x, int end_x){ uvlinesize = h->mb_uvlinesize = s->uvlinesize * 2; if(mb_y&1){ //FIXME move out of this function? dest_y -= s->linesize*15; - dest_cb-= s->uvlinesize*7; - dest_cr-= s->uvlinesize*7; + dest_cb-= s->uvlinesize*((8 << CHROMA444)-1); + dest_cr-= s->uvlinesize*((8 << CHROMA444)-1); } } else { linesize = h->mb_linesize = s->linesize; diff --git a/libavcodec/h264_loopfilter.c b/libavcodec/h264_loopfilter.c index fd1fb5f662..7a4c621c69 100644 --- a/libavcodec/h264_loopfilter.c +++ b/libavcodec/h264_loopfilter.c @@ -663,19 +663,33 @@ void ff_h264_filter_mb( H264Context *h, int mb_x, int mb_y, uint8_t *img_y, uint filter_mb_mbaff_edgev ( h, img_y , linesize, bS , 1, qp [0] ); filter_mb_mbaff_edgev ( h, img_y + 8* linesize, linesize, bS+4, 1, qp [1] ); if (chroma){ - filter_mb_mbaff_edgecv( h, img_cb, uvlinesize, bS , 1, bqp[0] ); - filter_mb_mbaff_edgecv( h, img_cb + 4*uvlinesize, uvlinesize, bS+4, 1, bqp[1] ); - filter_mb_mbaff_edgecv( h, img_cr, uvlinesize, bS , 1, rqp[0] ); - filter_mb_mbaff_edgecv( h, img_cr + 4*uvlinesize, uvlinesize, bS+4, 1, rqp[1] ); + if (CHROMA444) { + filter_mb_mbaff_edgev ( h, img_cb, uvlinesize, bS , 1, bqp[0] ); + filter_mb_mbaff_edgev ( h, img_cb + 8*uvlinesize, uvlinesize, bS+4, 1, bqp[1] ); + filter_mb_mbaff_edgev ( h, img_cr, uvlinesize, bS , 1, rqp[0] ); + filter_mb_mbaff_edgev ( h, img_cr + 8*uvlinesize, uvlinesize, bS+4, 1, rqp[1] ); + }else{ + filter_mb_mbaff_edgecv( h, img_cb, uvlinesize, bS , 1, bqp[0] ); + filter_mb_mbaff_edgecv( h, img_cb + 4*uvlinesize, uvlinesize, bS+4, 1, bqp[1] ); + filter_mb_mbaff_edgecv( h, img_cr, uvlinesize, bS , 1, rqp[0] ); + filter_mb_mbaff_edgecv( h, img_cr + 4*uvlinesize, uvlinesize, bS+4, 1, rqp[1] ); + } } }else{ filter_mb_mbaff_edgev ( h, img_y , 2* linesize, bS , 2, qp [0] ); filter_mb_mbaff_edgev ( h, img_y + linesize, 2* linesize, bS+1, 2, qp [1] ); if (chroma){ - filter_mb_mbaff_edgecv( h, img_cb, 2*uvlinesize, bS , 2, bqp[0] ); - filter_mb_mbaff_edgecv( h, img_cb + uvlinesize, 2*uvlinesize, bS+1, 2, bqp[1] ); - filter_mb_mbaff_edgecv( h, img_cr, 2*uvlinesize, bS , 2, rqp[0] ); - filter_mb_mbaff_edgecv( h, img_cr + uvlinesize, 2*uvlinesize, bS+1, 2, rqp[1] ); + if (CHROMA444) { + filter_mb_mbaff_edgev ( h, img_cb, 2*uvlinesize, bS , 2, bqp[0] ); + filter_mb_mbaff_edgev ( h, img_cb + uvlinesize, 2*uvlinesize, bS+1, 2, bqp[1] ); + filter_mb_mbaff_edgev ( h, img_cr, 2*uvlinesize, bS , 2, rqp[0] ); + filter_mb_mbaff_edgev ( h, img_cr + uvlinesize, 2*uvlinesize, bS+1, 2, rqp[1] ); + }else{ + filter_mb_mbaff_edgecv( h, img_cb, 2*uvlinesize, bS , 2, bqp[0] ); + filter_mb_mbaff_edgecv( h, img_cb + uvlinesize, 2*uvlinesize, bS+1, 2, bqp[1] ); + filter_mb_mbaff_edgecv( h, img_cr, 2*uvlinesize, bS , 2, rqp[0] ); + filter_mb_mbaff_edgecv( h, img_cr + uvlinesize, 2*uvlinesize, bS+1, 2, rqp[1] ); + } } } } From 523b57b331432cce81986ee1fd8370e78655c4f2 Mon Sep 17 00:00:00 2001 From: Jason Garrett-Glaser Date: Wed, 22 Jun 2011 02:34:02 -0700 Subject: [PATCH 025/652] H.264: fix 4:4:4 + deblocking + 8x8dct + cavlc + MBAFF (cherry picked from commit 2702a6f114f996ddfb334f1d8ddfae50e2c7eef7) --- libavcodec/h264_loopfilter.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/libavcodec/h264_loopfilter.c b/libavcodec/h264_loopfilter.c index 7a4c621c69..46abc54c49 100644 --- a/libavcodec/h264_loopfilter.c +++ b/libavcodec/h264_loopfilter.c @@ -393,10 +393,10 @@ static av_always_inline void filter_mb_dir(H264Context *h, int mb_x, int mb_y, u AV_WN64A(bS, 0x0003000300030003ULL); } else { if(!CABAC && IS_8x8DCT(s->current_picture.mb_type[mbn_xy])){ - bS[0]= 1+((h->cbp_table[mbn_xy] & 4)||h->non_zero_count_cache[scan8[0]+0]); - bS[1]= 1+((h->cbp_table[mbn_xy] & 4)||h->non_zero_count_cache[scan8[0]+1]); - bS[2]= 1+((h->cbp_table[mbn_xy] & 8)||h->non_zero_count_cache[scan8[0]+2]); - bS[3]= 1+((h->cbp_table[mbn_xy] & 8)||h->non_zero_count_cache[scan8[0]+3]); + bS[0]= 1+((h->cbp_table[mbn_xy] & 0x4000)||h->non_zero_count_cache[scan8[0]+0]); + bS[1]= 1+((h->cbp_table[mbn_xy] & 0x4000)||h->non_zero_count_cache[scan8[0]+1]); + bS[2]= 1+((h->cbp_table[mbn_xy] & 0x8000)||h->non_zero_count_cache[scan8[0]+2]); + bS[3]= 1+((h->cbp_table[mbn_xy] & 0x8000)||h->non_zero_count_cache[scan8[0]+3]); }else{ const uint8_t *mbn_nnz = h->non_zero_count[mbn_xy] + 3*4; int i; @@ -635,7 +635,7 @@ void ff_h264_filter_mb( H264Context *h, int mb_x, int mb_y, uint8_t *img_y, uint else{ bS[i] = 1 + !!(h->non_zero_count_cache[12+8*(i>>1)] | ((!h->pps.cabac && IS_8x8DCT(mbn_type)) ? - (h->cbp_table[mbn_xy] & ((MB_FIELD ? (i&2) : (mb_y&1)) ? 8 : 2)) + (h->cbp_table[mbn_xy] & (((MB_FIELD ? (i&2) : (mb_y&1)) ? 8 : 2) << 12)) : h->non_zero_count[mbn_xy][ off[i] ])); } From 403eee165c7763c56ba8b51ad91b4b6cf0811b40 Mon Sep 17 00:00:00 2001 From: Diego Biurrun Date: Tue, 21 Jun 2011 01:11:28 +0200 Subject: [PATCH 026/652] h264: Fix assert that failed to compile with -DDEBUG. The assert referenced a variable that no longer exists since 4:4:4 support. (cherry picked from commit 6371ce4b0f0535a7f576b8f109d35345e3d11d7d) Signed-off-by: Reinhard Tartler --- libavcodec/h264.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index dc4acb8379..13a63809a0 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -1682,7 +1682,7 @@ static av_always_inline void hl_decode_mb_predict_luma(H264Context *h, int mb_ty uint64_t tr_high; if(dir == DIAG_DOWN_LEFT_PRED || dir == VERT_LEFT_PRED){ const int topright_avail= (h->topright_samples_available<mb_y || linesize <= block_offset[i]); if(!topright_avail){ if (pixel_shift) { tr_high= ((uint16_t*)ptr)[3 - linesize/2]*0x0001000100010001ULL; From 6cef3ddbdc354799bc30711766a98ff9082332c6 Mon Sep 17 00:00:00 2001 From: ami_stuff Date: Mon, 25 Apr 2011 00:20:27 +0200 Subject: [PATCH 027/652] rawvideo: Support auv2 fourcc. (cherry picked from commit d352df093169f39631f1ec0017a3f186ef85f83c) Signed-off-by: Reinhard Tartler --- libavcodec/raw.c | 1 + libavformat/riff.c | 1 + 2 files changed, 2 insertions(+) diff --git a/libavcodec/raw.c b/libavcodec/raw.c index 7d92aba4a7..bc7c1561e7 100644 --- a/libavcodec/raw.c +++ b/libavcodec/raw.c @@ -61,6 +61,7 @@ const PixelFormatTag ff_raw_pix_fmt_tags[] = { { PIX_FMT_UYVY422, MKTAG('A', 'V', '1', 'x') }, /* Avid 1:1x */ { PIX_FMT_UYVY422, MKTAG('A', 'V', 'u', 'p') }, { PIX_FMT_UYVY422, MKTAG('V', 'D', 'T', 'Z') }, /* SoftLab-NSK VideoTizer */ + { PIX_FMT_UYVY422, MKTAG('a', 'u', 'v', '2') }, { PIX_FMT_UYYVYY411, MKTAG('Y', '4', '1', '1') }, { PIX_FMT_GRAY8, MKTAG('G', 'R', 'E', 'Y') }, { PIX_FMT_NV12, MKTAG('N', 'V', '1', '2') }, diff --git a/libavformat/riff.c b/libavformat/riff.c index fe6cc55055..756fc57f01 100644 --- a/libavformat/riff.c +++ b/libavformat/riff.c @@ -180,6 +180,7 @@ const AVCodecTag ff_codec_bmp_tags[] = { { CODEC_ID_RAWVIDEO, MKTAG('Y', '4', '2', 'B') }, { CODEC_ID_RAWVIDEO, MKTAG('Y', 'U', 'V', '9') }, { CODEC_ID_RAWVIDEO, MKTAG('Y', 'V', 'U', '9') }, + { CODEC_ID_RAWVIDEO, MKTAG('a', 'u', 'v', '2') }, { CODEC_ID_FRWU, MKTAG('F', 'R', 'W', 'U') }, { CODEC_ID_R10K, MKTAG('R', '1', '0', 'k') }, { CODEC_ID_R210, MKTAG('r', '2', '1', '0') }, From 137838945fc355207234a0cc846e23d4996bfcc1 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Mon, 25 Apr 2011 00:27:03 +0200 Subject: [PATCH 028/652] riff: Add M263, XVIX, MMJP, CDV5 fourccs. (cherry picked from commit 682a20114e9ee0272be764c68dc1cf251ff083da) Signed-off-by: Reinhard Tartler --- libavformat/riff.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavformat/riff.c b/libavformat/riff.c index 756fc57f01..95e08b28a8 100644 --- a/libavformat/riff.c +++ b/libavformat/riff.c @@ -40,6 +40,7 @@ const AVCodecTag ff_codec_bmp_tags[] = { { CODEC_ID_H263, MKTAG('L', '2', '6', '3') }, { CODEC_ID_H263, MKTAG('V', 'X', '1', 'K') }, { CODEC_ID_H263, MKTAG('Z', 'y', 'G', 'o') }, + { CODEC_ID_H263, MKTAG('M', '2', '6', '3') }, { CODEC_ID_H263P, MKTAG('H', '2', '6', '3') }, { CODEC_ID_H263I, MKTAG('I', '2', '6', '3') }, /* intel h263 */ { CODEC_ID_H261, MKTAG('H', '2', '6', '1') }, @@ -83,6 +84,7 @@ const AVCodecTag ff_codec_bmp_tags[] = { { CODEC_ID_MPEG4, MKTAG('U', 'L', 'D', 'X') }, { CODEC_ID_MPEG4, MKTAG('G', 'E', 'O', 'V') }, { CODEC_ID_MPEG4, MKTAG('S', 'I', 'P', 'P') }, /* Samsung SHR-6040 */ + { CODEC_ID_MPEG4, MKTAG('X', 'V', 'I', 'X') }, { CODEC_ID_MSMPEG4V3, MKTAG('M', 'P', '4', '3') }, { CODEC_ID_MSMPEG4V3, MKTAG('D', 'I', 'V', '3') }, { CODEC_ID_MSMPEG4V3, MKTAG('M', 'P', 'G', '3') }, @@ -107,6 +109,7 @@ const AVCodecTag ff_codec_bmp_tags[] = { { CODEC_ID_DVVIDEO, MKTAG('d', 'v', '5', '0') }, { CODEC_ID_DVVIDEO, MKTAG('c', 'd', 'v', 'c') }, /* Canopus DV */ { CODEC_ID_DVVIDEO, MKTAG('C', 'D', 'V', 'H') }, /* Canopus DV */ + { CODEC_ID_DVVIDEO, MKTAG('C', 'D', 'V', '5') }, /* Canopus DV */ { CODEC_ID_DVVIDEO, MKTAG('d', 'v', 'c', ' ') }, { CODEC_ID_DVVIDEO, MKTAG('d', 'v', 'c', 's') }, { CODEC_ID_DVVIDEO, MKTAG('d', 'v', 'h', '1') }, @@ -148,6 +151,7 @@ const AVCodecTag ff_codec_bmp_tags[] = { { CODEC_ID_MJPEG, MKTAG('A', 'V', 'I', '2') }, { CODEC_ID_MJPEG, MKTAG('M', 'T', 'S', 'J') }, { CODEC_ID_MJPEG, MKTAG('Z', 'J', 'P', 'G') }, /* Paradigm Matrix M-JPEG Codec */ + { CODEC_ID_MJPEG, MKTAG('M', 'M', 'J', 'P') }, { CODEC_ID_HUFFYUV, MKTAG('H', 'F', 'Y', 'U') }, { CODEC_ID_FFVHUFF, MKTAG('F', 'F', 'V', 'H') }, { CODEC_ID_CYUV, MKTAG('C', 'Y', 'U', 'V') }, From 5254285636a2d58805152be0f9700f773624879c Mon Sep 17 00:00:00 2001 From: ami_stuff Date: Wed, 11 May 2011 22:18:15 +0200 Subject: [PATCH 029/652] riff: Add DAVC fourcc. This fourcc is used by the "mpegable AVC" codec and files encoded with this codec decode correctly with our H.264 decoder. (cherry picked from commit 2ea1ca1714f655a463b941b115e45a1a2f031f7b) Signed-off-by: Reinhard Tartler --- libavformat/riff.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavformat/riff.c b/libavformat/riff.c index 95e08b28a8..b2e8414b5d 100644 --- a/libavformat/riff.c +++ b/libavformat/riff.c @@ -33,6 +33,7 @@ const AVCodecTag ff_codec_bmp_tags[] = { { CODEC_ID_H264, MKTAG('X', '2', '6', '4') }, { CODEC_ID_H264, MKTAG('x', '2', '6', '4') }, { CODEC_ID_H264, MKTAG('a', 'v', 'c', '1') }, + { CODEC_ID_H264, MKTAG('D', 'A', 'V', 'C') }, { CODEC_ID_H264, MKTAG('V', 'S', 'S', 'H') }, { CODEC_ID_H263, MKTAG('H', '2', '6', '3') }, { CODEC_ID_H263, MKTAG('X', '2', '6', '3') }, From 9ac3e32b29ae9e4af30ed671e736d1d83b0c7255 Mon Sep 17 00:00:00 2001 From: Kamil Nowosad Date: Mon, 23 May 2011 23:13:34 +0200 Subject: [PATCH 030/652] riff/img2: Add JPEG 2000 codec IDs. (cherry picked from commit a304a833621a793bbf49b796fe1fd11ea1cd54c8) Signed-off-by: Reinhard Tartler --- libavformat/img2.c | 1 + libavformat/riff.c | 1 + 2 files changed, 2 insertions(+) diff --git a/libavformat/img2.c b/libavformat/img2.c index ec37a38845..4eef62371d 100644 --- a/libavformat/img2.c +++ b/libavformat/img2.c @@ -82,6 +82,7 @@ static const IdStrMap img_tags[] = { { CODEC_ID_SUNRAST , "im24"}, { CODEC_ID_SUNRAST , "sunras"}, { CODEC_ID_JPEG2000 , "jp2"}, + { CODEC_ID_JPEG2000 , "jpc"}, { CODEC_ID_DPX , "dpx"}, { CODEC_ID_PICTOR , "pic"}, { CODEC_ID_NONE , NULL} diff --git a/libavformat/riff.c b/libavformat/riff.c index b2e8414b5d..817349cb82 100644 --- a/libavformat/riff.c +++ b/libavformat/riff.c @@ -250,6 +250,7 @@ const AVCodecTag ff_codec_bmp_tags[] = { { CODEC_ID_ZMBV, MKTAG('Z', 'M', 'B', 'V') }, { CODEC_ID_KMVC, MKTAG('K', 'M', 'V', 'C') }, { CODEC_ID_CAVS, MKTAG('C', 'A', 'V', 'S') }, + { CODEC_ID_JPEG2000, MKTAG('m', 'j', 'p', '2') }, { CODEC_ID_JPEG2000, MKTAG('M', 'J', '2', 'C') }, { CODEC_ID_VMNC, MKTAG('V', 'M', 'n', 'c') }, { CODEC_ID_TARGA, MKTAG('t', 'g', 'a', ' ') }, From 1aef8de6d730df7f0a0841939954d12cd604b2d7 Mon Sep 17 00:00:00 2001 From: ami_stuff Date: Fri, 13 May 2011 00:49:29 +0200 Subject: [PATCH 031/652] mov: Support R10g codec identifier. (cherry picked from commit 7ac639654f21aa78e0afa14f6c049ffa2c9078bd) Signed-off-by: Reinhard Tartler --- libavformat/isom.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavformat/isom.c b/libavformat/isom.c index c65f9317e7..dd4008b69b 100644 --- a/libavformat/isom.c +++ b/libavformat/isom.c @@ -83,6 +83,7 @@ const AVCodecTag codec_movvideo_tags[] = { { CODEC_ID_RAWVIDEO, MKTAG('b', '4', '8', 'r') }, { CODEC_ID_R10K, MKTAG('R', '1', '0', 'k') }, /* UNCOMPRESSED 10BIT RGB */ + { CODEC_ID_R10K, MKTAG('R', '1', '0', 'g') }, /* UNCOMPRESSED 10BIT RGB */ { CODEC_ID_R210, MKTAG('r', '2', '1', '0') }, /* UNCOMPRESSED 10BIT RGB */ { CODEC_ID_V210, MKTAG('v', '2', '1', '0') }, /* UNCOMPRESSED 10BIT 4:2:2 */ From 26f48752fbaa49161eb3454eda68dc043d733567 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Fri, 13 May 2011 01:08:01 +0200 Subject: [PATCH 032/652] mov: Support Digital Voodoo SD 8 Bit and DTS codec identifiers. (cherry picked from commit 53d5cd2c8225e251826c77f8f69a30250038fbd0) Signed-off-by: Reinhard Tartler --- libavcodec/raw.c | 1 + libavformat/isom.c | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/libavcodec/raw.c b/libavcodec/raw.c index bc7c1561e7..4bc07b869a 100644 --- a/libavcodec/raw.c +++ b/libavcodec/raw.c @@ -122,6 +122,7 @@ const PixelFormatTag ff_raw_pix_fmt_tags[] = { { PIX_FMT_UYVY422, MKTAG('A', 'V', 'U', 'I') }, /* FIXME merge both fields */ { PIX_FMT_YUYV422, MKTAG('y', 'u', 'v', '2') }, { PIX_FMT_YUYV422, MKTAG('y', 'u', 'v', 's') }, + { PIX_FMT_YUYV422, MKTAG('D', 'V', 'O', 'O') }, /* Digital Voodoo SD 8 Bit */ { PIX_FMT_PAL8, MKTAG('W', 'R', 'A', 'W') }, { PIX_FMT_RGB555LE,MKTAG('L', '5', '5', '5') }, { PIX_FMT_RGB565LE,MKTAG('L', '5', '6', '5') }, diff --git a/libavformat/isom.c b/libavformat/isom.c index dd4008b69b..eb17e25474 100644 --- a/libavformat/isom.c +++ b/libavformat/isom.c @@ -57,6 +57,7 @@ const AVCodecTag ff_mp4_obj_type[] = { { CODEC_ID_VC1 , 0xA3 }, { CODEC_ID_DIRAC , 0xA4 }, { CODEC_ID_AC3 , 0xA5 }, + { CODEC_ID_DTS , 0xA9 }, /* mp4ra.org */ { CODEC_ID_VORBIS , 0xDD }, /* non standard, gpac uses it */ { CODEC_ID_DVD_SUBTITLE, 0xE0 }, /* non standard, see unsupported-embedded-subs-2.mp4 */ { CODEC_ID_QCELP , 0xE1 }, @@ -81,6 +82,7 @@ const AVCodecTag codec_movvideo_tags[] = { { CODEC_ID_RAWVIDEO, MKTAG('A', 'B', 'G', 'R') }, { CODEC_ID_RAWVIDEO, MKTAG('b', '1', '6', 'g') }, { CODEC_ID_RAWVIDEO, MKTAG('b', '4', '8', 'r') }, + { CODEC_ID_RAWVIDEO, MKTAG('D', 'V', 'O', 'O') }, /* Digital Voodoo SD 8 Bit */ { CODEC_ID_R10K, MKTAG('R', '1', '0', 'k') }, /* UNCOMPRESSED 10BIT RGB */ { CODEC_ID_R10K, MKTAG('R', '1', '0', 'g') }, /* UNCOMPRESSED 10BIT RGB */ @@ -243,6 +245,8 @@ const AVCodecTag codec_movaudio_tags[] = { { CODEC_ID_AAC, MKTAG('m', 'p', '4', 'a') }, /* MPEG-4 AAC */ { CODEC_ID_AC3, MKTAG('a', 'c', '-', '3') }, /* ETSI TS 102 366 Annex F */ { CODEC_ID_AC3, MKTAG('s', 'a', 'c', '3') }, /* Nero Recode */ + { CODEC_ID_DTS, MKTAG('d', 't', 's', 'c') }, /* mp4ra.org */ + { CODEC_ID_DTS, MKTAG('D', 'T', 'S', ' ') }, /* non-standard */ { CODEC_ID_AMR_NB, MKTAG('s', 'a', 'm', 'r') }, /* AMR-NB 3gp */ { CODEC_ID_AMR_WB, MKTAG('s', 'a', 'w', 'b') }, /* AMR-WB 3gp */ From 6a34f5d4478bf79b452ab90eb47df75b62202d9c Mon Sep 17 00:00:00 2001 From: Mans Rullgard Date: Sun, 19 Jun 2011 18:41:14 +0100 Subject: [PATCH 033/652] configure: report optimization for size separately This removes an unsightly override of the 'optimizations' setting only to make the configure report print 'small' when --enable-small is used. Signed-off-by: Mans Rullgard (cherry picked from commit f082a0fb420f0367bdd00219fd0fe8fe3caf7bc7) Signed-off-by: Reinhard Tartler --- configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure b/configure index 31e82fc6db..b26394ec29 100755 --- a/configure +++ b/configure @@ -3006,7 +3006,6 @@ fi if enabled small; then add_cflags $size_cflags - optimizations="small" elif enabled optimizations; then add_cflags $speed_cflags else @@ -3140,6 +3139,7 @@ if enabled sparc; then echo "VIS enabled ${vis-no}" fi echo "debug symbols ${debug-no}" +echo "optimize for size ${small-no}" echo "optimizations ${optimizations-no}" echo "static ${static-no}" echo "shared ${shared-no}" From fcd26ebc8f371612e56e9f591b578d519e04c4c2 Mon Sep 17 00:00:00 2001 From: ami_stuff Date: Tue, 24 May 2011 23:38:01 +0200 Subject: [PATCH 034/652] rawdec: Fix decoding of QT WRAW files. From some tests it results that: 1. All of the AVI/MOV WRAW files need to be flipped. 2. MOV WRAW files need to use AVI color modes. 3. Assigning PAL8 mode by default to WRAW codec is not correct. (cherry picked from commit 67e7dc54049d9b51a0c2168c8265145a9aef7780) Signed-off-by: Reinhard Tartler --- libavcodec/raw.c | 1 - libavcodec/rawdec.c | 4 +++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/libavcodec/raw.c b/libavcodec/raw.c index 4bc07b869a..aa1ea308b0 100644 --- a/libavcodec/raw.c +++ b/libavcodec/raw.c @@ -123,7 +123,6 @@ const PixelFormatTag ff_raw_pix_fmt_tags[] = { { PIX_FMT_YUYV422, MKTAG('y', 'u', 'v', '2') }, { PIX_FMT_YUYV422, MKTAG('y', 'u', 'v', 's') }, { PIX_FMT_YUYV422, MKTAG('D', 'V', 'O', 'O') }, /* Digital Voodoo SD 8 Bit */ - { PIX_FMT_PAL8, MKTAG('W', 'R', 'A', 'W') }, { PIX_FMT_RGB555LE,MKTAG('L', '5', '5', '5') }, { PIX_FMT_RGB565LE,MKTAG('L', '5', '6', '5') }, { PIX_FMT_RGB565BE,MKTAG('B', '5', '6', '5') }, diff --git a/libavcodec/rawdec.c b/libavcodec/rawdec.c index 6b3387f636..5e8e6c4c43 100644 --- a/libavcodec/rawdec.c +++ b/libavcodec/rawdec.c @@ -78,6 +78,8 @@ static av_cold int raw_init_decoder(AVCodecContext *avctx) if (avctx->codec_tag == MKTAG('r','a','w',' ')) avctx->pix_fmt = find_pix_fmt(pix_fmt_bps_mov, avctx->bits_per_coded_sample); + else if (avctx->codec_tag == MKTAG('W','R','A','W')) + avctx->pix_fmt = find_pix_fmt(pix_fmt_bps_avi, avctx->bits_per_coded_sample); else if (avctx->codec_tag) avctx->pix_fmt = find_pix_fmt(ff_raw_pix_fmt_tags, avctx->codec_tag); else if (avctx->pix_fmt == PIX_FMT_NONE && avctx->bits_per_coded_sample) @@ -98,7 +100,7 @@ static av_cold int raw_init_decoder(AVCodecContext *avctx) avctx->coded_frame= &context->pic; if((avctx->extradata_size >= 9 && !memcmp(avctx->extradata + avctx->extradata_size - 9, "BottomUp", 9)) || - avctx->codec_tag == MKTAG( 3 , 0 , 0 , 0 )) + avctx->codec_tag == MKTAG(3, 0, 0, 0) || avctx->codec_tag == MKTAG('W','R','A','W')) context->flip=1; return 0; From bf5ed476ba6315daeff83930787cdf02aa3268e0 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Mon, 13 Jun 2011 21:16:30 +0200 Subject: [PATCH 035/652] alsa: add support for more formats. Specifically, f32, f64, s32, s24, a-law and mu-law. Signed-off-by: Anton Khirnov (cherry picked from commit 921715edffbba5db8deb26b7ad3cb583ba963d03) Signed-off-by: Reinhard Tartler --- libavdevice/alsa-audio-common.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/libavdevice/alsa-audio-common.c b/libavdevice/alsa-audio-common.c index ff6c9f875d..4279790ddc 100644 --- a/libavdevice/alsa-audio-common.c +++ b/libavdevice/alsa-audio-common.c @@ -36,9 +36,19 @@ static av_cold snd_pcm_format_t codec_id_to_pcm_format(int codec_id) { switch(codec_id) { + case CODEC_ID_PCM_F64LE: return SND_PCM_FORMAT_FLOAT64_LE; + case CODEC_ID_PCM_F64BE: return SND_PCM_FORMAT_FLOAT64_BE; + case CODEC_ID_PCM_F32LE: return SND_PCM_FORMAT_FLOAT_LE; + case CODEC_ID_PCM_F32BE: return SND_PCM_FORMAT_FLOAT_BE; + case CODEC_ID_PCM_S32LE: return SND_PCM_FORMAT_S32_LE; + case CODEC_ID_PCM_S32BE: return SND_PCM_FORMAT_S32_BE; + case CODEC_ID_PCM_S24LE: return SND_PCM_FORMAT_S24_3LE; + case CODEC_ID_PCM_S24BE: return SND_PCM_FORMAT_S24_3BE; case CODEC_ID_PCM_S16LE: return SND_PCM_FORMAT_S16_LE; case CODEC_ID_PCM_S16BE: return SND_PCM_FORMAT_S16_BE; case CODEC_ID_PCM_S8: return SND_PCM_FORMAT_S8; + case CODEC_ID_PCM_MULAW: return SND_PCM_FORMAT_MU_LAW; + case CODEC_ID_PCM_ALAW: return SND_PCM_FORMAT_A_LAW; default: return SND_PCM_FORMAT_UNKNOWN; } } From e4071fa04c213ab3ddf4f89953daf4e3788a9d0f Mon Sep 17 00:00:00 2001 From: Jason Garrett-Glaser Date: Mon, 20 Jun 2011 15:56:35 -0700 Subject: [PATCH 036/652] H.264: fix bug in lossless 4:4:4 decoding Coefficient test for i16x16 add_pixels4 assumed luma plane. (cherry picked from commit 3b79f2e2e928eb346dbea85cc89393dcdf010ca9) Signed-off-by: Reinhard Tartler --- libavcodec/h264.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 13a63809a0..124f9a88cd 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -1744,7 +1744,7 @@ static av_always_inline void hl_decode_mb_idct_luma(H264Context *h, int mb_type, h->hpc.pred16x16_add[h->intra16x16_pred_mode](dest_y, block_offset, h->mb + (p*256 << pixel_shift), linesize); }else{ for(i=0; i<16; i++){ - if(h->non_zero_count_cache[ scan8[i+p*16] ] || dctcoef_get(h->mb, pixel_shift, i*16)) + if(h->non_zero_count_cache[ scan8[i+p*16] ] || dctcoef_get(h->mb, pixel_shift, i*16+p*256)) s->dsp.add_pixels4(dest_y + block_offset[i], h->mb + (i*16+p*256 << pixel_shift), linesize); } } From 4c8b14c37ff292ca9d4a412984e5132a27a83858 Mon Sep 17 00:00:00 2001 From: Jason Garrett-Glaser Date: Tue, 21 Jun 2011 01:10:37 -0700 Subject: [PATCH 037/652] H.264: reference the correct SPS in decode_scaling_matrices (cherry picked from commit 85a88f9c0c0fcc2fc48121db1beb5ada68d24bdc) Signed-off-by: Reinhard Tartler --- libavcodec/h264_ps.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/h264_ps.c b/libavcodec/h264_ps.c index 9c41e4ca73..5ca2361a6d 100644 --- a/libavcodec/h264_ps.c +++ b/libavcodec/h264_ps.c @@ -281,12 +281,12 @@ static void decode_scaling_matrices(H264Context *h, SPS *sps, PPS *pps, int is_s decode_scaling_list(h,scaling_matrix4[5],16,default_scaling4[1],scaling_matrix4[4]); // Inter, Cb if(is_sps || pps->transform_8x8_mode){ decode_scaling_list(h,scaling_matrix8[0],64,default_scaling8[0],fallback[2]); // Intra, Y - if(h->sps.chroma_format_idc == 3){ + if(sps->chroma_format_idc == 3){ decode_scaling_list(h,scaling_matrix8[1],64,default_scaling8[0],scaling_matrix8[0]); // Intra, Cr decode_scaling_list(h,scaling_matrix8[2],64,default_scaling8[0],scaling_matrix8[1]); // Intra, Cb } decode_scaling_list(h,scaling_matrix8[3],64,default_scaling8[1],fallback[3]); // Inter, Y - if(h->sps.chroma_format_idc == 3){ + if(sps->chroma_format_idc == 3){ decode_scaling_list(h,scaling_matrix8[4],64,default_scaling8[1],scaling_matrix8[3]); // Inter, Cr decode_scaling_list(h,scaling_matrix8[5],64,default_scaling8[1],scaling_matrix8[4]); // Inter, Cb } From 18052f1df9d5a21ff354c4f70ae35993959d9686 Mon Sep 17 00:00:00 2001 From: Jason Garrett-Glaser Date: Tue, 21 Jun 2011 04:16:33 -0700 Subject: [PATCH 038/652] H.264: fix 4:4:4 cropping warning (cherry picked from commit 932db250243812380640112fd27a59bc0642bc8a) Signed-off-by: Reinhard Tartler --- libavcodec/h264_ps.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/h264_ps.c b/libavcodec/h264_ps.c index 5ca2361a6d..7491807460 100644 --- a/libavcodec/h264_ps.c +++ b/libavcodec/h264_ps.c @@ -396,6 +396,7 @@ int ff_h264_decode_seq_parameter_set(H264Context *h){ #endif sps->crop= get_bits1(&s->gb); if(sps->crop){ + int crop_limit = sps->chroma_format_idc == 3 ? 16 : 8; sps->crop_left = get_ue_golomb(&s->gb); sps->crop_right = get_ue_golomb(&s->gb); sps->crop_top = get_ue_golomb(&s->gb); @@ -403,7 +404,7 @@ int ff_h264_decode_seq_parameter_set(H264Context *h){ if(sps->crop_left || sps->crop_top){ av_log(h->s.avctx, AV_LOG_ERROR, "insane cropping not completely supported, this could look slightly wrong ...\n"); } - if(sps->crop_right >= (8<crop_bottom >= (8<crop_right >= crop_limit || sps->crop_bottom >= crop_limit){ av_log(h->s.avctx, AV_LOG_ERROR, "brainfart cropping not supported, this could look slightly wrong ...\n"); } }else{ From 13c943ffb1d0faa6de0de292d196551990e93512 Mon Sep 17 00:00:00 2001 From: Jason Garrett-Glaser Date: Wed, 22 Jun 2011 02:05:14 -0700 Subject: [PATCH 039/652] H.264: fix 4:4:4 + deblocking + MBAFF (cherry picked from commit 7c9079ab4cf0bcf34103fc9c5e49ec1fd7dd390c) Signed-off-by: Reinhard Tartler --- libavcodec/h264.c | 4 ++-- libavcodec/h264_loopfilter.c | 30 ++++++++++++++++++++++-------- 2 files changed, 24 insertions(+), 10 deletions(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 124f9a88cd..6bee7c39b0 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -3300,8 +3300,8 @@ static void loop_filter(H264Context *h, int start_x, int end_x){ uvlinesize = h->mb_uvlinesize = s->uvlinesize * 2; if(mb_y&1){ //FIXME move out of this function? dest_y -= s->linesize*15; - dest_cb-= s->uvlinesize*7; - dest_cr-= s->uvlinesize*7; + dest_cb-= s->uvlinesize*((8 << CHROMA444)-1); + dest_cr-= s->uvlinesize*((8 << CHROMA444)-1); } } else { linesize = h->mb_linesize = s->linesize; diff --git a/libavcodec/h264_loopfilter.c b/libavcodec/h264_loopfilter.c index 1ae534ec96..b88c338804 100644 --- a/libavcodec/h264_loopfilter.c +++ b/libavcodec/h264_loopfilter.c @@ -663,19 +663,33 @@ void ff_h264_filter_mb( H264Context *h, int mb_x, int mb_y, uint8_t *img_y, uint filter_mb_mbaff_edgev ( h, img_y , linesize, bS , 1, qp [0] ); filter_mb_mbaff_edgev ( h, img_y + 8* linesize, linesize, bS+4, 1, qp [1] ); if (chroma){ - filter_mb_mbaff_edgecv( h, img_cb, uvlinesize, bS , 1, bqp[0] ); - filter_mb_mbaff_edgecv( h, img_cb + 4*uvlinesize, uvlinesize, bS+4, 1, bqp[1] ); - filter_mb_mbaff_edgecv( h, img_cr, uvlinesize, bS , 1, rqp[0] ); - filter_mb_mbaff_edgecv( h, img_cr + 4*uvlinesize, uvlinesize, bS+4, 1, rqp[1] ); + if (CHROMA444) { + filter_mb_mbaff_edgev ( h, img_cb, uvlinesize, bS , 1, bqp[0] ); + filter_mb_mbaff_edgev ( h, img_cb + 8*uvlinesize, uvlinesize, bS+4, 1, bqp[1] ); + filter_mb_mbaff_edgev ( h, img_cr, uvlinesize, bS , 1, rqp[0] ); + filter_mb_mbaff_edgev ( h, img_cr + 8*uvlinesize, uvlinesize, bS+4, 1, rqp[1] ); + }else{ + filter_mb_mbaff_edgecv( h, img_cb, uvlinesize, bS , 1, bqp[0] ); + filter_mb_mbaff_edgecv( h, img_cb + 4*uvlinesize, uvlinesize, bS+4, 1, bqp[1] ); + filter_mb_mbaff_edgecv( h, img_cr, uvlinesize, bS , 1, rqp[0] ); + filter_mb_mbaff_edgecv( h, img_cr + 4*uvlinesize, uvlinesize, bS+4, 1, rqp[1] ); + } } }else{ filter_mb_mbaff_edgev ( h, img_y , 2* linesize, bS , 2, qp [0] ); filter_mb_mbaff_edgev ( h, img_y + linesize, 2* linesize, bS+1, 2, qp [1] ); if (chroma){ - filter_mb_mbaff_edgecv( h, img_cb, 2*uvlinesize, bS , 2, bqp[0] ); - filter_mb_mbaff_edgecv( h, img_cb + uvlinesize, 2*uvlinesize, bS+1, 2, bqp[1] ); - filter_mb_mbaff_edgecv( h, img_cr, 2*uvlinesize, bS , 2, rqp[0] ); - filter_mb_mbaff_edgecv( h, img_cr + uvlinesize, 2*uvlinesize, bS+1, 2, rqp[1] ); + if (CHROMA444) { + filter_mb_mbaff_edgev ( h, img_cb, 2*uvlinesize, bS , 2, bqp[0] ); + filter_mb_mbaff_edgev ( h, img_cb + uvlinesize, 2*uvlinesize, bS+1, 2, bqp[1] ); + filter_mb_mbaff_edgev ( h, img_cr, 2*uvlinesize, bS , 2, rqp[0] ); + filter_mb_mbaff_edgev ( h, img_cr + uvlinesize, 2*uvlinesize, bS+1, 2, rqp[1] ); + }else{ + filter_mb_mbaff_edgecv( h, img_cb, 2*uvlinesize, bS , 2, bqp[0] ); + filter_mb_mbaff_edgecv( h, img_cb + uvlinesize, 2*uvlinesize, bS+1, 2, bqp[1] ); + filter_mb_mbaff_edgecv( h, img_cr, 2*uvlinesize, bS , 2, rqp[0] ); + filter_mb_mbaff_edgecv( h, img_cr + uvlinesize, 2*uvlinesize, bS+1, 2, rqp[1] ); + } } } } From 180faac637c9b8cd63fc8007a126e55175d415aa Mon Sep 17 00:00:00 2001 From: Jason Garrett-Glaser Date: Wed, 22 Jun 2011 02:34:02 -0700 Subject: [PATCH 040/652] H.264: fix 4:4:4 + deblocking + 8x8dct + cavlc + MBAFF (cherry picked from commit 2702a6f114f996ddfb334f1d8ddfae50e2c7eef7) Signed-off-by: Reinhard Tartler --- libavcodec/h264_loopfilter.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/libavcodec/h264_loopfilter.c b/libavcodec/h264_loopfilter.c index b88c338804..86ecb2737f 100644 --- a/libavcodec/h264_loopfilter.c +++ b/libavcodec/h264_loopfilter.c @@ -393,10 +393,10 @@ static av_always_inline void filter_mb_dir(H264Context *h, int mb_x, int mb_y, u AV_WN64A(bS, 0x0003000300030003ULL); } else { if(!CABAC && IS_8x8DCT(s->current_picture.mb_type[mbn_xy])){ - bS[0]= 1+((h->cbp_table[mbn_xy] & 4)||h->non_zero_count_cache[scan8[0]+0]); - bS[1]= 1+((h->cbp_table[mbn_xy] & 4)||h->non_zero_count_cache[scan8[0]+1]); - bS[2]= 1+((h->cbp_table[mbn_xy] & 8)||h->non_zero_count_cache[scan8[0]+2]); - bS[3]= 1+((h->cbp_table[mbn_xy] & 8)||h->non_zero_count_cache[scan8[0]+3]); + bS[0]= 1+((h->cbp_table[mbn_xy] & 0x4000)||h->non_zero_count_cache[scan8[0]+0]); + bS[1]= 1+((h->cbp_table[mbn_xy] & 0x4000)||h->non_zero_count_cache[scan8[0]+1]); + bS[2]= 1+((h->cbp_table[mbn_xy] & 0x8000)||h->non_zero_count_cache[scan8[0]+2]); + bS[3]= 1+((h->cbp_table[mbn_xy] & 0x8000)||h->non_zero_count_cache[scan8[0]+3]); }else{ const uint8_t *mbn_nnz = h->non_zero_count[mbn_xy] + 3*4; int i; @@ -635,7 +635,7 @@ void ff_h264_filter_mb( H264Context *h, int mb_x, int mb_y, uint8_t *img_y, uint else{ bS[i] = 1 + !!(h->non_zero_count_cache[12+8*(i>>1)] | ((!h->pps.cabac && IS_8x8DCT(mbn_type)) ? - (h->cbp_table[mbn_xy] & ((MB_FIELD ? (i&2) : (mb_y&1)) ? 8 : 2)) + (h->cbp_table[mbn_xy] & (((MB_FIELD ? (i&2) : (mb_y&1)) ? 8 : 2) << 12)) : h->non_zero_count[mbn_xy][ off[i] ])); } From acb62e998f4d72bd53cd6837cdcb2ba6f59ab3f1 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Thu, 14 Apr 2011 01:04:18 +0200 Subject: [PATCH 041/652] alsa: support unsigned variants of already supported signed formats. (cherry picked from commit 2359aeb52d2325ed6c28d4f7579e0999963bcec1) Signed-off-by: Reinhard Tartler --- libavdevice/alsa-audio-common.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/libavdevice/alsa-audio-common.c b/libavdevice/alsa-audio-common.c index 4279790ddc..baa6ac79ca 100644 --- a/libavdevice/alsa-audio-common.c +++ b/libavdevice/alsa-audio-common.c @@ -42,11 +42,18 @@ static av_cold snd_pcm_format_t codec_id_to_pcm_format(int codec_id) case CODEC_ID_PCM_F32BE: return SND_PCM_FORMAT_FLOAT_BE; case CODEC_ID_PCM_S32LE: return SND_PCM_FORMAT_S32_LE; case CODEC_ID_PCM_S32BE: return SND_PCM_FORMAT_S32_BE; + case CODEC_ID_PCM_U32LE: return SND_PCM_FORMAT_U32_LE; + case CODEC_ID_PCM_U32BE: return SND_PCM_FORMAT_U32_BE; case CODEC_ID_PCM_S24LE: return SND_PCM_FORMAT_S24_3LE; case CODEC_ID_PCM_S24BE: return SND_PCM_FORMAT_S24_3BE; + case CODEC_ID_PCM_U24LE: return SND_PCM_FORMAT_U24_3LE; + case CODEC_ID_PCM_U24BE: return SND_PCM_FORMAT_U24_3BE; case CODEC_ID_PCM_S16LE: return SND_PCM_FORMAT_S16_LE; case CODEC_ID_PCM_S16BE: return SND_PCM_FORMAT_S16_BE; + case CODEC_ID_PCM_U16LE: return SND_PCM_FORMAT_U16_LE; + case CODEC_ID_PCM_U16BE: return SND_PCM_FORMAT_U16_BE; case CODEC_ID_PCM_S8: return SND_PCM_FORMAT_S8; + case CODEC_ID_PCM_U8: return SND_PCM_FORMAT_U8; case CODEC_ID_PCM_MULAW: return SND_PCM_FORMAT_MU_LAW; case CODEC_ID_PCM_ALAW: return SND_PCM_FORMAT_A_LAW; default: return SND_PCM_FORMAT_UNKNOWN; From 4ad56612f94f5e4312ba24155b5c446e151e6ca1 Mon Sep 17 00:00:00 2001 From: Diego Biurrun Date: Thu, 23 Jun 2011 12:38:03 +0200 Subject: [PATCH 042/652] build: Remove dependency and editor backup files also in the doc/ subdirectory. --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 084e175b90..d6bae7680b 100644 --- a/Makefile +++ b/Makefile @@ -172,7 +172,7 @@ testclean: clean:: testclean $(RM) $(ALLPROGS) $(RM) $(CLEANSUFFIXES) - $(RM) doc/*.html doc/*.pod doc/*.1 + $(RM) doc/*.html doc/*.pod doc/*.1 doc/*.d doc/*~ $(RM) $(TOOLS) $(RM) $(CLEANSUFFIXES:%=tools/%) From 9c709f053474dd74890f32662b7d7010e5cc0b0d Mon Sep 17 00:00:00 2001 From: Reinhard Tartler Date: Thu, 23 Jun 2011 09:50:43 +0200 Subject: [PATCH 043/652] add changelog entries for added fourcc codecs and H.264 fixes --- Changelog | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/Changelog b/Changelog index b785197083..276812bd66 100644 --- a/Changelog +++ b/Changelog @@ -2,6 +2,13 @@ Entries are sorted chronologically from oldest to youngest within each release, releases are sorted from youngest to oldest. +version 0.7.1: + +- added various additional FOURCC codec identifiers +- H.264 4:4:4 fixes +- build system fixes + + version 0.7: - E-AC-3 audio encoder From c0b90d40888147b314ca788bba406882c3d25d1a Mon Sep 17 00:00:00 2001 From: Stefano Sabatini Date: Fri, 24 Jun 2011 23:45:15 +0200 Subject: [PATCH 044/652] configure: select buffersink_filter when ffmpeg is enabled buffersink_filter is a strong requirement for compiling ffmpeg. Fixes ffmpeg compilation with --disable-everything. (cherry picked from commit e65d6e22e300e286bcc27443df8449aaf9d062dd) --- configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure b/configure index c9eedaf974..62b5002342 100755 --- a/configure +++ b/configure @@ -1512,7 +1512,7 @@ postproc_deps="gpl" # programs ffmpeg_deps="avcodec avformat swscale" -ffmpeg_select="buffer_filter" +ffmpeg_select="buffer_filter buffersink_filter" ffplay_deps="avcodec avformat swscale sdl" ffplay_select="rdft" ffprobe_deps="avcodec avformat" From 1bf80a9a144852460d3c10c9461df214292ff82f Mon Sep 17 00:00:00 2001 From: Stefano Sabatini Date: Fri, 24 Jun 2011 23:45:15 +0200 Subject: [PATCH 045/652] configure: select buffersink_filter when ffmpeg is enabled buffersink_filter is a strong requirement for compiling ffmpeg. Fixes ffmpeg compilation with --disable-everything. (cherry picked from commit e65d6e22e300e286bcc27443df8449aaf9d062dd) --- configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure b/configure index c9eedaf974..62b5002342 100755 --- a/configure +++ b/configure @@ -1512,7 +1512,7 @@ postproc_deps="gpl" # programs ffmpeg_deps="avcodec avformat swscale" -ffmpeg_select="buffer_filter" +ffmpeg_select="buffer_filter buffersink_filter" ffplay_deps="avcodec avformat swscale sdl" ffplay_select="rdft" ffprobe_deps="avcodec avformat" From 9b69efc02b6f34fbe50512d4d108ec5559ebb9ec Mon Sep 17 00:00:00 2001 From: Mans Rullgard Date: Sat, 25 Jun 2011 18:51:00 +0100 Subject: [PATCH 046/652] ARM: silence some annoying armcc warnings This silences warnings about pointer target sign mismatches as already done for gcc with -Wno-pointer-sign. Signed-off-by: Mans Rullgard (cherry picked from commit d0ce090ec553c88eb8e9c303156017417d4599cc) Signed-off-by: Reinhard Tartler --- configure | 2 ++ 1 file changed, 2 insertions(+) diff --git a/configure b/configure index b26394ec29..b3c20350df 100755 --- a/configure +++ b/configure @@ -3059,6 +3059,8 @@ elif enabled armcc; then add_cflags -W${armcc_opt},--diag_suppress=1207 add_cflags -W${armcc_opt},--diag_suppress=1293 # assignment in condition add_cflags -W${armcc_opt},--diag_suppress=3343 # hardfp compat + add_cflags -W${armcc_opt},--diag_suppress=167 # pointer sign + add_cflags -W${armcc_opt},--diag_suppress=513 # pointer sign elif enabled tms470; then add_cflags -pds=824 -pds=837 elif enabled pathscale; then From e54fd33848355202c03edb3ebfcdb53b1d71c2ce Mon Sep 17 00:00:00 2001 From: Jason Garrett-Glaser Date: Sun, 26 Jun 2011 00:21:54 -0700 Subject: [PATCH 047/652] H.264: disable 2tap qpel with CODEC_FLAG2_FAST and >8-bit 2tap qpel isn't implemented yet for high bit depth, so it just breaks decoding. (cherry picked from commit 9a0dda8b3ab07fa7be60335715a6c350c907a7b8) Signed-off-by: Reinhard Tartler --- libavcodec/h264.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 6bee7c39b0..2c000a3420 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -2485,7 +2485,8 @@ static int decode_slice_header(H264Context *h, H264Context *h0){ s->dropable= h->nal_ref_idc == 0; - if((s->avctx->flags2 & CODEC_FLAG2_FAST) && !h->nal_ref_idc){ + /* FIXME: 2tap qpel isn't implemented for high bit depth. */ + if((s->avctx->flags2 & CODEC_FLAG2_FAST) && !h->nal_ref_idc && !h->pixel_shift){ s->me.qpel_put= s->dsp.put_2tap_qpel_pixels_tab; s->me.qpel_avg= s->dsp.avg_2tap_qpel_pixels_tab; }else{ From ce993ce791cd01916d79e315d1558b016d2770df Mon Sep 17 00:00:00 2001 From: Martin Matuska Date: Tue, 28 Jun 2011 13:26:56 +0200 Subject: [PATCH 048/652] pict_type: add a value for unknown/none. In commit bebe72f4a05d338e04ae9ca1e9c6b72749b488aa, the enum AV_PICTURE_TYPE_* was introduced. There are still places in the code where pict_type is used as an integer and there is a case where "pict_type = 0" with the explanation "let ffmpeg decide what to do". The new enum does not know a value of 0 and C++ will fail if compiling such programs anyway as it is refered as an int (and you cannot patch them properly). (cherry picked from commit 512933671409f9f88cc9fdfc8f29525d32240bab) --- libavutil/avutil.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavutil/avutil.h b/libavutil/avutil.h index 05b45ce8bf..59b59db29e 100644 --- a/libavutil/avutil.h +++ b/libavutil/avutil.h @@ -112,7 +112,8 @@ enum AVMediaType { #define FF_API_OLD_IMAGE_NAMES (LIBAVUTIL_VERSION_MAJOR < 51) #endif enum AVPictureType { - AV_PICTURE_TYPE_I = 1, ///< Intra + AV_PICTURE_TYPE_NONE = 0, ///< Undefined + AV_PICTURE_TYPE_I, ///< Intra AV_PICTURE_TYPE_P, ///< Predicted AV_PICTURE_TYPE_B, ///< Bi-dir predicted AV_PICTURE_TYPE_S, ///< S(GMC)-VOP MPEG4 From d052370c1eb5c50ad2dd2cac1b967699f42c62b0 Mon Sep 17 00:00:00 2001 From: Martin Matuska Date: Tue, 28 Jun 2011 13:26:56 +0200 Subject: [PATCH 049/652] pict_type: add a value for unknown/none. In commit bebe72f4a05d338e04ae9ca1e9c6b72749b488aa, the enum AV_PICTURE_TYPE_* was introduced. There are still places in the code where pict_type is used as an integer and there is a case where "pict_type = 0" with the explanation "let ffmpeg decide what to do". The new enum does not know a value of 0 and C++ will fail if compiling such programs anyway as it is refered as an int (and you cannot patch them properly). (cherry picked from commit 512933671409f9f88cc9fdfc8f29525d32240bab) --- libavutil/avutil.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavutil/avutil.h b/libavutil/avutil.h index 4d6ef66003..8affad6717 100644 --- a/libavutil/avutil.h +++ b/libavutil/avutil.h @@ -104,7 +104,8 @@ enum AVMediaType { #define AV_TIME_BASE_Q (AVRational){1, AV_TIME_BASE} enum AVPictureType { - AV_PICTURE_TYPE_I = 1, ///< Intra + AV_PICTURE_TYPE_NONE = 0, ///< Undefined + AV_PICTURE_TYPE_I, ///< Intra AV_PICTURE_TYPE_P, ///< Predicted AV_PICTURE_TYPE_B, ///< Bi-dir predicted AV_PICTURE_TYPE_S, ///< S(GMC)-VOP MPEG4 From 06107e9605cbdb8a9a06cd9fd30108c483d7a5dc Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Mon, 27 Jun 2011 09:26:48 +0200 Subject: [PATCH 050/652] Fix VDPAU decoding for some H264 samples. (cherry picked from commit e747b091cbc6b41f3531cfdf9d1bdd34606b1df3) --- libavcodec/vdpau.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/vdpau.c b/libavcodec/vdpau.c index 19bd96bc15..9dc2745922 100644 --- a/libavcodec/vdpau.c +++ b/libavcodec/vdpau.c @@ -183,7 +183,8 @@ void ff_vdpau_h264_picture_complete(MpegEncContext *s) render->info.h264.deblocking_filter_control_present_flag = h->pps.deblocking_filter_parameters_present; render->info.h264.redundant_pic_cnt_present_flag = h->pps.redundant_pic_cnt_present; memcpy(render->info.h264.scaling_lists_4x4, h->pps.scaling_matrix4, sizeof(render->info.h264.scaling_lists_4x4)); - memcpy(render->info.h264.scaling_lists_8x8, h->pps.scaling_matrix8, sizeof(render->info.h264.scaling_lists_8x8)); + memcpy(render->info.h264.scaling_lists_8x8[0], h->pps.scaling_matrix8[0], sizeof(render->info.h264.scaling_lists_8x8[0])); + memcpy(render->info.h264.scaling_lists_8x8[1], h->pps.scaling_matrix8[3], sizeof(render->info.h264.scaling_lists_8x8[0])); ff_draw_horiz_band(s, 0, s->avctx->height); render->bitstream_buffers_used = 0; From f239b91596cc469560227ae2900891d7610f018c Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Mon, 27 Jun 2011 09:26:48 +0200 Subject: [PATCH 051/652] Fix VDPAU decoding for some H264 samples. (cherry picked from commit e747b091cbc6b41f3531cfdf9d1bdd34606b1df3) --- libavcodec/vdpau.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/vdpau.c b/libavcodec/vdpau.c index 19bd96bc15..9dc2745922 100644 --- a/libavcodec/vdpau.c +++ b/libavcodec/vdpau.c @@ -183,7 +183,8 @@ void ff_vdpau_h264_picture_complete(MpegEncContext *s) render->info.h264.deblocking_filter_control_present_flag = h->pps.deblocking_filter_parameters_present; render->info.h264.redundant_pic_cnt_present_flag = h->pps.redundant_pic_cnt_present; memcpy(render->info.h264.scaling_lists_4x4, h->pps.scaling_matrix4, sizeof(render->info.h264.scaling_lists_4x4)); - memcpy(render->info.h264.scaling_lists_8x8, h->pps.scaling_matrix8, sizeof(render->info.h264.scaling_lists_8x8)); + memcpy(render->info.h264.scaling_lists_8x8[0], h->pps.scaling_matrix8[0], sizeof(render->info.h264.scaling_lists_8x8[0])); + memcpy(render->info.h264.scaling_lists_8x8[1], h->pps.scaling_matrix8[3], sizeof(render->info.h264.scaling_lists_8x8[0])); ff_draw_horiz_band(s, 0, s->avctx->height); render->bitstream_buffers_used = 0; From 87eedf69433d95a40830a98bb2d656a04dfd4609 Mon Sep 17 00:00:00 2001 From: Jason Garrett-Glaser Date: Tue, 28 Jun 2011 18:22:23 -0700 Subject: [PATCH 052/652] Add new yuv444 pixfmts to avcodec_align_dimensions2 Fixes draw_edges crashes with high-bit-depth 4:4:4 decoding. (cherry picked from commit da55ee6ccc05efdd9006bb8c31db9012a3326857) Signed-off-by: Reinhard Tartler --- libavcodec/utils.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index 1e5886473d..c32fda26ec 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -142,6 +142,10 @@ void avcodec_align_dimensions2(AVCodecContext *s, int *width, int *height, int l case PIX_FMT_YUV420P10BE: case PIX_FMT_YUV422P10LE: case PIX_FMT_YUV422P10BE: + case PIX_FMT_YUV444P9LE: + case PIX_FMT_YUV444P9BE: + case PIX_FMT_YUV444P10LE: + case PIX_FMT_YUV444P10BE: w_align= 16; //FIXME check for non mpeg style codecs and use less alignment h_align= 16; if(s->codec_id == CODEC_ID_MPEG2VIDEO || s->codec_id == CODEC_ID_MJPEG || s->codec_id == CODEC_ID_AMV || s->codec_id == CODEC_ID_THP || s->codec_id == CODEC_ID_H264) From 9482dd0d17435c9b5b46d44cdf8af21b1f09235c Mon Sep 17 00:00:00 2001 From: Kostya Shishkov Date: Tue, 28 Jun 2011 11:49:32 +0200 Subject: [PATCH 053/652] wavpack: skip blocks with no samples These blocks don't report audio stream parameters and they are not needed for decoding. Signed-off-by: Mans Rullgard (cherry picked from commit cb7b55b0962f5503f601d6b557f8945444b73395) Signed-off-by: Reinhard Tartler --- libavformat/wv.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/libavformat/wv.c b/libavformat/wv.c index 8f9d0fdb1b..d6d7099ba7 100644 --- a/libavformat/wv.c +++ b/libavformat/wv.c @@ -110,6 +110,9 @@ static int wv_read_block_header(AVFormatContext *ctx, AVIOContext *pb, int appen size = wc->blksize; } wc->flags = AV_RL32(wc->extra + 4); + // blocks with zero samples don't contain actual audio information and should be ignored + if (!AV_RN32(wc->extra)) + return 0; //parse flags bpp = ((wc->flags & 3) + 1) << 3; chan = 1 + !(wc->flags & WV_MONO); @@ -207,8 +210,14 @@ static int wv_read_header(AVFormatContext *s, AVStream *st; wc->block_parsed = 0; - if(wv_read_block_header(s, pb, 0) < 0) - return -1; + for(;;){ + if(wv_read_block_header(s, pb, 0) < 0) + return -1; + if(!AV_RN32(wc->extra)) + avio_skip(pb, wc->blksize - 24); + else + break; + } /* now we are ready: build format streams */ st = av_new_stream(s, 0); From cb66b552700c4fe54f3387eb12207049ff63dfe3 Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Tue, 28 Jun 2011 22:24:21 -0700 Subject: [PATCH 054/652] ogg: fix double free when finding length of small chained oggs. ogg_save() copies streams[], but doesn't keep track of free()'ed struct members. Thus, if in between a call to ogg_save() and ogg_restore(), streams[].private was free()'ed, this would result in a double free -> crash, which happened when e.g. playing small chained ogg fragments. (cherry picked from commit 9ed6cbc3ee2ae3e7472fb25192a7e36fd7b15533) Signed-off-by: Reinhard Tartler --- libavformat/oggdec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/oggdec.c b/libavformat/oggdec.c index f1ad630c5e..998a33b43c 100644 --- a/libavformat/oggdec.c +++ b/libavformat/oggdec.c @@ -238,7 +238,8 @@ static int ogg_read_page(AVFormatContext *s, int *str) for (n = 0; n < ogg->nstreams; n++) { av_freep(&ogg->streams[n].buf); - av_freep(&ogg->streams[n].private); + if (!ogg->state || ogg->state->streams[n].private != ogg->streams[n].private) + av_freep(&ogg->streams[n].private); } ogg->curidx = -1; ogg->nstreams = 0; From 00498a7e59727cfe51703d84ac55e055b47c8872 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Fri, 1 Jul 2011 02:38:28 +0200 Subject: [PATCH 055/652] Fix possible double free when encoding using xvid. (cherry picked from commit 315f0e3fd8dcbd1362276b7407dad2e97cccc4b7) --- libavcodec/libxvidff.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/libxvidff.c b/libavcodec/libxvidff.c index 9b5c17c59d..effd2db158 100644 --- a/libavcodec/libxvidff.c +++ b/libavcodec/libxvidff.c @@ -528,6 +528,7 @@ static av_cold int xvid_encode_close(AVCodecContext *avctx) { if( x->twopassbuffer != NULL ) { av_free(x->twopassbuffer); av_free(x->old_twopassbuffer); + avctx->stats_out = NULL; } av_free(x->twopassfile); av_free(x->intra_matrix); From b62c0c0bce5c3a203a6e01a4f07d991718c5fac5 Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Tue, 28 Jun 2011 22:24:21 -0700 Subject: [PATCH 056/652] ogg: fix double free when finding length of small chained oggs. ogg_save() copies streams[], but doesn't keep track of free()'ed struct members. Thus, if in between a call to ogg_save() and ogg_restore(), streams[].private was free()'ed, this would result in a double free -> crash, which happened when e.g. playing small chained ogg fragments. (cherry picked from commit 9ed6cbc3ee2ae3e7472fb25192a7e36fd7b15533) --- libavformat/oggdec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/oggdec.c b/libavformat/oggdec.c index 655da35dd4..dc9f7b62fd 100644 --- a/libavformat/oggdec.c +++ b/libavformat/oggdec.c @@ -240,7 +240,8 @@ static int ogg_read_page(AVFormatContext *s, int *str) for (n = 0; n < ogg->nstreams; n++) { av_freep(&ogg->streams[n].buf); - av_freep(&ogg->streams[n].private); + if (!ogg->state || ogg->state->streams[n].private != ogg->streams[n].private) + av_freep(&ogg->streams[n].private); } ogg->curidx = -1; ogg->nstreams = 0; From 376dfd07abf8a5f493146d818bfb04807dc8bd5a Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Fri, 1 Jul 2011 02:38:28 +0200 Subject: [PATCH 057/652] Fix possible double free when encoding using xvid. (cherry picked from commit 315f0e3fd8dcbd1362276b7407dad2e97cccc4b7) --- libavcodec/libxvidff.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/libxvidff.c b/libavcodec/libxvidff.c index 9b5c17c59d..effd2db158 100644 --- a/libavcodec/libxvidff.c +++ b/libavcodec/libxvidff.c @@ -528,6 +528,7 @@ static av_cold int xvid_encode_close(AVCodecContext *avctx) { if( x->twopassbuffer != NULL ) { av_free(x->twopassbuffer); av_free(x->old_twopassbuffer); + avctx->stats_out = NULL; } av_free(x->twopassfile); av_free(x->intra_matrix); From 8f7f3f0453dfe3a14b70bae28301a2ee661fc3f4 Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Tue, 28 Jun 2011 22:24:21 -0700 Subject: [PATCH 058/652] ogg: fix double free when finding length of small chained oggs. ogg_save() copies streams[], but doesn't keep track of free()'ed struct members. Thus, if in between a call to ogg_save() and ogg_restore(), streams[].private was free()'ed, this would result in a double free -> crash, which happened when e.g. playing small chained ogg fragments. (cherry picked from commit 9ed6cbc3ee2ae3e7472fb25192a7e36fd7b15533) --- libavformat/oggdec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/oggdec.c b/libavformat/oggdec.c index 655da35dd4..dc9f7b62fd 100644 --- a/libavformat/oggdec.c +++ b/libavformat/oggdec.c @@ -240,7 +240,8 @@ static int ogg_read_page(AVFormatContext *s, int *str) for (n = 0; n < ogg->nstreams; n++) { av_freep(&ogg->streams[n].buf); - av_freep(&ogg->streams[n].private); + if (!ogg->state || ogg->state->streams[n].private != ogg->streams[n].private) + av_freep(&ogg->streams[n].private); } ogg->curidx = -1; ogg->nstreams = 0; From 72ac64544f9c0529759c0a1dc16d328dd3342b9b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Sun, 26 Jun 2011 13:29:17 +0200 Subject: [PATCH 059/652] Add operand size to add instructions. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In these cases it can't be guessed from the operands (at least not necessarily), and it seems some clang versions refuse to compile it. Fixes ticket #303. Signed-off-by: Reimar Döffinger (cherry picked from commit 5c13b5bb398c12361732b7b47c71954484f5af1d) --- libavcodec/x86/snowdsp_mmx.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/x86/snowdsp_mmx.c b/libavcodec/x86/snowdsp_mmx.c index 9c1fa429a8..f107d55e87 100644 --- a/libavcodec/x86/snowdsp_mmx.c +++ b/libavcodec/x86/snowdsp_mmx.c @@ -675,14 +675,14 @@ static void ff_snow_vertical_compose97i_mmx(IDWTELEM *b0, IDWTELEM *b1, IDWTELEM #define snow_inner_add_yblock_sse2_end_8\ "sal $1, %%"REG_c" \n\t"\ - "add $"PTR_SIZE"*2, %1 \n\t"\ + "add"OPSIZE" $"PTR_SIZE"*2, %1 \n\t"\ snow_inner_add_yblock_sse2_end_common1\ "sar $1, %%"REG_c" \n\t"\ "sub $2, %2 \n\t"\ snow_inner_add_yblock_sse2_end_common2 #define snow_inner_add_yblock_sse2_end_16\ - "add $"PTR_SIZE"*1, %1 \n\t"\ + "add"OPSIZE" $"PTR_SIZE"*1, %1 \n\t"\ snow_inner_add_yblock_sse2_end_common1\ "dec %2 \n\t"\ snow_inner_add_yblock_sse2_end_common2 From b6fe44b9db4f204ff0794401e495b73688b50c3d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Sun, 26 Jun 2011 13:29:17 +0200 Subject: [PATCH 060/652] Add operand size to add instructions. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In these cases it can't be guessed from the operands (at least not necessarily), and it seems some clang versions refuse to compile it. Fixes ticket #303. Signed-off-by: Reimar Döffinger (cherry picked from commit 5c13b5bb398c12361732b7b47c71954484f5af1d) --- libavcodec/x86/snowdsp_mmx.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/x86/snowdsp_mmx.c b/libavcodec/x86/snowdsp_mmx.c index 9c1fa429a8..f107d55e87 100644 --- a/libavcodec/x86/snowdsp_mmx.c +++ b/libavcodec/x86/snowdsp_mmx.c @@ -675,14 +675,14 @@ static void ff_snow_vertical_compose97i_mmx(IDWTELEM *b0, IDWTELEM *b1, IDWTELEM #define snow_inner_add_yblock_sse2_end_8\ "sal $1, %%"REG_c" \n\t"\ - "add $"PTR_SIZE"*2, %1 \n\t"\ + "add"OPSIZE" $"PTR_SIZE"*2, %1 \n\t"\ snow_inner_add_yblock_sse2_end_common1\ "sar $1, %%"REG_c" \n\t"\ "sub $2, %2 \n\t"\ snow_inner_add_yblock_sse2_end_common2 #define snow_inner_add_yblock_sse2_end_16\ - "add $"PTR_SIZE"*1, %1 \n\t"\ + "add"OPSIZE" $"PTR_SIZE"*1, %1 \n\t"\ snow_inner_add_yblock_sse2_end_common1\ "dec %2 \n\t"\ snow_inner_add_yblock_sse2_end_common2 From 9da3063e1cadf0bb4b910e4d9bcd9f859f2bbec6 Mon Sep 17 00:00:00 2001 From: Anton Khirnov Date: Fri, 1 Jul 2011 21:24:17 +0200 Subject: [PATCH 061/652] lavf: use the correct pointer in av_open_input_stream(). (cherry picked from commit 5001d6ef4a2b70fe903b1d2e3e64c6ad7cc1cfa6) Signed-off-by: Reinhard Tartler --- libavformat/utils.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index 7370c60bdf..29390b818d 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -461,8 +461,9 @@ int av_open_input_stream(AVFormatContext **ic_ptr, } ic->pb = pb; - err = avformat_open_input(ic_ptr, filename, fmt, &opts); + err = avformat_open_input(&ic, filename, fmt, &opts); + *ic_ptr = ic; fail: av_dict_free(&opts); return err; From b263e94f774fa612c8329ddd95b35fdf5dac86d5 Mon Sep 17 00:00:00 2001 From: Anton Khirnov Date: Fri, 24 Jun 2011 07:58:16 +0200 Subject: [PATCH 062/652] lavf: restore old behavior for custom AVIOContex with an AVFMT_NOFILE format. av_open_input_stream used to allow this, even though it makes no sense. Make it just print a warning instead of failing, thus restoring compatibility. Note that avformat_open_input() will still reject this combination. Signed-off-by: Anton Khirnov (cherry picked from commit 4f731c4429e1fe66a5c92ff15feb63253a36d8fb) Signed-off-by: Reinhard Tartler --- libavformat/utils.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index 29390b818d..0e6b00195b 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -459,9 +459,14 @@ int av_open_input_stream(AVFormatContext **ic_ptr, err = AVERROR(ENOMEM); goto fail; } - ic->pb = pb; + if (pb && fmt && fmt->flags & AVFMT_NOFILE) + av_log(ic, AV_LOG_WARNING, "Custom AVIOContext makes no sense and " + "will be ignored with AVFMT_NOFILE format.\n"); + else + ic->pb = pb; err = avformat_open_input(&ic, filename, fmt, &opts); + ic->pb = ic->pb ? ic->pb : pb; // don't leak custom pb if it wasn't set above *ic_ptr = ic; fail: From f1d1ef810ab4b1d5449b229c4be81321de5dff9c Mon Sep 17 00:00:00 2001 From: Reinhard Tartler Date: Fri, 1 Jul 2011 20:49:14 +0200 Subject: [PATCH 063/652] avformat: doxify the Metadata API convert the comment that documents the metadata API to use the doxygen markup (cherry picked from commit 1a53a438dc04e74628b39f29d3ff81ae4aa086a0) Signed-off-by: Reinhard Tartler --- libavformat/avformat.h | 73 ++++++++++++++++++++++-------------------- 1 file changed, 39 insertions(+), 34 deletions(-) diff --git a/libavformat/avformat.h b/libavformat/avformat.h index 9abc9c51a4..05e80f1922 100644 --- a/libavformat/avformat.h +++ b/libavformat/avformat.h @@ -48,63 +48,68 @@ const char *avformat_license(void); struct AVFormatContext; -/* - * Public Metadata API. +/** + * @defgroup metadata_api Public Metadata API + * @{ * The metadata API allows libavformat to export metadata tags to a client * application using a sequence of key/value pairs. Like all strings in Libav, * metadata must be stored as UTF-8 encoded Unicode. Note that metadata * exported by demuxers isn't checked to be valid UTF-8 in most cases. * Important concepts to keep in mind: - * 1. Keys are unique; there can never be 2 tags with the same key. This is + * - Keys are unique; there can never be 2 tags with the same key. This is * also meant semantically, i.e., a demuxer should not knowingly produce * several keys that are literally different but semantically identical. * E.g., key=Author5, key=Author6. In this example, all authors must be * placed in the same tag. - * 2. Metadata is flat, not hierarchical; there are no subtags. If you + * - Metadata is flat, not hierarchical; there are no subtags. If you * want to store, e.g., the email address of the child of producer Alice * and actor Bob, that could have key=alice_and_bobs_childs_email_address. - * 3. Several modifiers can be applied to the tag name. This is done by + * - Several modifiers can be applied to the tag name. This is done by * appending a dash character ('-') and the modifier name in the order * they appear in the list below -- e.g. foo-eng-sort, not foo-sort-eng. - * a) language -- a tag whose value is localized for a particular language + * - language -- a tag whose value is localized for a particular language * is appended with the ISO 639-2/B 3-letter language code. * For example: Author-ger=Michael, Author-eng=Mike * The original/default language is in the unqualified "Author" tag. * A demuxer should set a default if it sets any translated tag. - * b) sorting -- a modified version of a tag that should be used for + * - sorting -- a modified version of a tag that should be used for * sorting will have '-sort' appended. E.g. artist="The Beatles", * artist-sort="Beatles, The". * - * 4. Demuxers attempt to export metadata in a generic format, however tags + * - Demuxers attempt to export metadata in a generic format, however tags * with no generic equivalents are left as they are stored in the container. * Follows a list of generic tag names: * - * album -- name of the set this work belongs to - * album_artist -- main creator of the set/album, if different from artist. - * e.g. "Various Artists" for compilation albums. - * artist -- main creator of the work - * comment -- any additional description of the file. - * composer -- who composed the work, if different from artist. - * copyright -- name of copyright holder. - * creation_time-- date when the file was created, preferably in ISO 8601. - * date -- date when the work was created, preferably in ISO 8601. - * disc -- number of a subset, e.g. disc in a multi-disc collection. - * encoder -- name/settings of the software/hardware that produced the file. - * encoded_by -- person/group who created the file. - * filename -- original name of the file. - * genre -- . - * language -- main language in which the work is performed, preferably - * in ISO 639-2 format. Multiple languages can be specified by - * separating them with commas. - * performer -- artist who performed the work, if different from artist. - * E.g for "Also sprach Zarathustra", artist would be "Richard - * Strauss" and performer "London Philharmonic Orchestra". - * publisher -- name of the label/publisher. - * service_name -- name of the service in broadcasting (channel name). - * service_provider -- name of the service provider in broadcasting. - * title -- name of the work. - * track -- number of this work in the set, can be in form current/total. - * variant_bitrate -- the total bitrate of the bitrate variant that the current stream is part of + @verbatim + album -- name of the set this work belongs to + album_artist -- main creator of the set/album, if different from artist. + e.g. "Various Artists" for compilation albums. + artist -- main creator of the work + comment -- any additional description of the file. + composer -- who composed the work, if different from artist. + copyright -- name of copyright holder. + creation_time-- date when the file was created, preferably in ISO 8601. + date -- date when the work was created, preferably in ISO 8601. + disc -- number of a subset, e.g. disc in a multi-disc collection. + encoder -- name/settings of the software/hardware that produced the file. + encoded_by -- person/group who created the file. + filename -- original name of the file. + genre -- . + language -- main language in which the work is performed, preferably + in ISO 639-2 format. Multiple languages can be specified by + separating them with commas. + performer -- artist who performed the work, if different from artist. + E.g for "Also sprach Zarathustra", artist would be "Richard + Strauss" and performer "London Philharmonic Orchestra". + publisher -- name of the label/publisher. + service_name -- name of the service in broadcasting (channel name). + service_provider -- name of the service provider in broadcasting. + title -- name of the work. + track -- number of this work in the set, can be in form current/total. + variant_bitrate -- the total bitrate of the bitrate variant that the current stream is part of + @endverbatim + * + * @} */ #if FF_API_OLD_METADATA2 From b91ebb60d898510bc131d7ff9157fcbb0302d532 Mon Sep 17 00:00:00 2001 From: Reinhard Tartler Date: Fri, 1 Jul 2011 20:53:09 +0200 Subject: [PATCH 064/652] doxygen: be more permissive when searching for API examples (cherry picked from commit 7655cfb1b8d8a70e8cc4b1ca811bfc3f293768d8) --- Doxyfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Doxyfile b/Doxyfile index 5d80a2b6f5..b75d2d6e10 100644 --- a/Doxyfile +++ b/Doxyfile @@ -591,14 +591,14 @@ EXCLUDE_SYMBOLS = # directories that contain example code fragments that are included (see # the \include command). -EXAMPLE_PATH = +EXAMPLE_PATH = libavcodec/ libavformat/ # If the value of the EXAMPLE_PATH tag contains directories, you can use the # EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp # and *.h) to filter out the source-files in the directories. If left # blank all files are included. -EXAMPLE_PATTERNS = +EXAMPLE_PATTERNS = *-example.c # If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be # searched for input files to be used with the \include or \dontinclude From 2fe47b21c825460f01d3cb5546b29b686b909e4d Mon Sep 17 00:00:00 2001 From: Reinhard Tartler Date: Sun, 3 Jul 2011 18:55:01 +0200 Subject: [PATCH 065/652] doxygen: Prefer member groups over grouping into modules Before this, almost all module groups have been used for grouping functions and fields in structures semantically. This causes them to not appear properly in the file documentation and needlessly clutters up the "Modules" index. Additionally, this commit streamlines some spelling and appearances. (cherry picked from commit 21a19b7912fe0622f3d1748ff102fcc7bc7a974a) --- libavcodec/aac.h | 9 +-- libavcodec/ac3.h | 4 +- libavcodec/ac3dec.h | 30 ++++---- libavcodec/amrnbdec.c | 16 ++--- libavcodec/apedec.c | 2 +- libavcodec/ass.h | 3 +- libavcodec/avcodec.h | 4 +- libavcodec/h264.h | 2 +- libavcodec/qcelpdata.h | 4 +- libavcodec/rv34.c | 155 ++++++++++++++++++++-------------------- libavcodec/rv40data.h | 2 +- libavcodec/sbr.h | 8 +-- libavcodec/tableprint.h | 3 +- libavcodec/vc1.c | 2 +- libavcodec/vc1dec.c | 6 +- libavcodec/wmavoice.c | 22 +++--- libavformat/avio.h | 12 ++-- libavformat/rtmppkt.h | 2 +- libavutil/lzo.h | 2 +- 19 files changed, 143 insertions(+), 145 deletions(-) diff --git a/libavcodec/aac.h b/libavcodec/aac.h index 76b6a7821b..4861ec0320 100644 --- a/libavcodec/aac.h +++ b/libavcodec/aac.h @@ -258,7 +258,7 @@ typedef struct { DynamicRangeControl che_drc; /** - * @defgroup elements Channel element related data. + * @name Channel element related data * @{ */ enum ChannelPosition che_pos[4][MAX_ELEM_ID]; /**< channel element channel mapping with the @@ -270,14 +270,15 @@ typedef struct { /** @} */ /** - * @defgroup temporary aligned temporary buffers (We do not want to have these on the stack.) + * @name temporary aligned temporary buffers + * (We do not want to have these on the stack.) * @{ */ DECLARE_ALIGNED(32, float, buf_mdct)[1024]; /** @} */ /** - * @defgroup tables Computed / set up during initialization. + * @name Computed / set up during initialization * @{ */ FFTContext mdct; @@ -289,7 +290,7 @@ typedef struct { /** @} */ /** - * @defgroup output Members used for output interleaving. + * @name Members used for output interleaving * @{ */ float *output_data[MAX_CHANNELS]; ///< Points to each element's 'ret' buffer (PCM output). diff --git a/libavcodec/ac3.h b/libavcodec/ac3.h index c06f3d542d..9adad93db8 100644 --- a/libavcodec/ac3.h +++ b/libavcodec/ac3.h @@ -92,7 +92,7 @@ typedef struct AC3BitAllocParameters { * Coded AC-3 header values up to the lfeon element, plus derived values. */ typedef struct { - /** @defgroup coded Coded elements + /** @name Coded elements * @{ */ uint16_t sync_word; @@ -110,7 +110,7 @@ typedef struct { int num_blocks; ///< number of audio blocks /** @} */ - /** @defgroup derived Derived values + /** @name Derived values * @{ */ uint8_t sr_shift; diff --git a/libavcodec/ac3dec.h b/libavcodec/ac3dec.h index 590bee6b6d..aed87432f5 100644 --- a/libavcodec/ac3dec.h +++ b/libavcodec/ac3dec.h @@ -67,7 +67,7 @@ typedef struct { GetBitContext gbc; ///< bitstream reader uint8_t *input_buffer; ///< temp buffer to prevent overread -///@defgroup bsi bit stream information +///@name Bit stream information ///@{ int frame_type; ///< frame type (strmtyp) int substreamid; ///< substream identification @@ -85,7 +85,7 @@ typedef struct { int eac3; ///< indicates if current frame is E-AC-3 ///@} -///@defgroup audfrm frame syntax parameters +///@name Frame syntax parameters int snr_offset_strategy; ///< SNR offset strategy (snroffststr) int block_switch_syntax; ///< block switch syntax enabled (blkswe) int dither_flag_syntax; ///< dither flag syntax enabled (dithflage) @@ -95,7 +95,7 @@ typedef struct { int skip_syntax; ///< skip field syntax enabled (skipflde) ///@} -///@defgroup cpl standard coupling +///@name Standard coupling int cpl_in_use[AC3_MAX_BLOCKS]; ///< coupling in use (cplinu) int cpl_strategy_exists[AC3_MAX_BLOCKS];///< coupling strategy exists (cplstre) int channel_in_cpl[AC3_MAX_CHANNELS]; ///< channel in coupling (chincpl) @@ -108,7 +108,7 @@ typedef struct { int cpl_coords[AC3_MAX_CHANNELS][AC3_MAX_CPL_BANDS]; ///< coupling coordinates (cplco) ///@} -///@defgroup spx spectral extension +///@name Spectral extension ///@{ int spx_in_use; ///< spectral extension in use (spxinu) uint8_t channel_uses_spx[AC3_MAX_CHANNELS]; ///< channel uses spectral extension (chinspx) @@ -124,12 +124,12 @@ typedef struct { float spx_signal_blend[AC3_MAX_CHANNELS][SPX_MAX_BANDS];///< spx signal blending factor (sblendfact) ///@} -///@defgroup aht adaptive hybrid transform +///@name Adaptive hybrid transform int channel_uses_aht[AC3_MAX_CHANNELS]; ///< channel AHT in use (chahtinu) int pre_mantissa[AC3_MAX_CHANNELS][AC3_MAX_COEFS][AC3_MAX_BLOCKS]; ///< pre-IDCT mantissas ///@} -///@defgroup channel channel +///@name Channel int fbw_channels; ///< number of full-bandwidth channels int channels; ///< number of total channels int lfe_ch; ///< index of LFE channel @@ -139,27 +139,27 @@ typedef struct { int out_channels; ///< number of output channels ///@} -///@defgroup dynrng dynamic range +///@name Dynamic range float dynamic_range[2]; ///< dynamic range ///@} -///@defgroup bandwidth bandwidth +///@name Bandwidth int start_freq[AC3_MAX_CHANNELS]; ///< start frequency bin (strtmant) int end_freq[AC3_MAX_CHANNELS]; ///< end frequency bin (endmant) ///@} -///@defgroup rematrixing rematrixing +///@name Rematrixing int num_rematrixing_bands; ///< number of rematrixing bands (nrematbnd) int rematrixing_flags[4]; ///< rematrixing flags (rematflg) ///@} -///@defgroup exponents exponents +///@name Exponents int num_exp_groups[AC3_MAX_CHANNELS]; ///< Number of exponent groups (nexpgrp) int8_t dexps[AC3_MAX_CHANNELS][AC3_MAX_COEFS]; ///< decoded exponents int exp_strategy[AC3_MAX_BLOCKS][AC3_MAX_CHANNELS]; ///< exponent strategies (expstr) ///@} -///@defgroup bitalloc bit allocation +///@name Bit allocation AC3BitAllocParameters bit_alloc_params; ///< bit allocation parameters int first_cpl_leak; ///< first coupling leak state (firstcplleak) int snr_offset[AC3_MAX_CHANNELS]; ///< signal-to-noise ratio offsets (snroffst) @@ -175,25 +175,25 @@ typedef struct { uint8_t dba_values[AC3_MAX_CHANNELS][8]; ///< delta values for each segment ///@} -///@defgroup dithering zero-mantissa dithering +///@name Zero-mantissa dithering int dither_flag[AC3_MAX_CHANNELS]; ///< dither flags (dithflg) AVLFG dith_state; ///< for dither generation ///@} -///@defgroup imdct IMDCT +///@name IMDCT int block_switch[AC3_MAX_CHANNELS]; ///< block switch flags (blksw) FFTContext imdct_512; ///< for 512 sample IMDCT FFTContext imdct_256; ///< for 256 sample IMDCT ///@} -///@defgroup opt optimization +///@name Optimization DSPContext dsp; ///< for optimization AC3DSPContext ac3dsp; FmtConvertContext fmt_conv; ///< optimized conversion functions float mul_bias; ///< scaling for float_to_int16 conversion ///@} -///@defgroup arrays aligned arrays +///@name Aligned arrays DECLARE_ALIGNED(16, int, fixed_coeffs)[AC3_MAX_CHANNELS][AC3_MAX_COEFS]; ///< fixed-point transform coefficients DECLARE_ALIGNED(32, float, transform_coeffs)[AC3_MAX_CHANNELS][AC3_MAX_COEFS]; ///< transform coefficients DECLARE_ALIGNED(32, float, delay)[AC3_MAX_CHANNELS][AC3_BLOCK_SIZE]; ///< delay - added to the next block diff --git a/libavcodec/amrnbdec.c b/libavcodec/amrnbdec.c index 4e24e26d68..1c90aadb12 100644 --- a/libavcodec/amrnbdec.c +++ b/libavcodec/amrnbdec.c @@ -204,7 +204,7 @@ static enum Mode unpack_bitstream(AMRContext *p, const uint8_t *buf, } -/// @defgroup amr_lpc_decoding AMR pitch LPC coefficient decoding functions +/// @name AMR pitch LPC coefficient decoding functions /// @{ /** @@ -341,7 +341,7 @@ static void lsf2lsp_3(AMRContext *p) /// @} -/// @defgroup amr_pitch_vector_decoding AMR pitch vector decoding functions +/// @name AMR pitch vector decoding functions /// @{ /** @@ -403,7 +403,7 @@ static void decode_pitch_vector(AMRContext *p, /// @} -/// @defgroup amr_algebraic_code_book AMR algebraic code book (fixed) vector decoding functions +/// @name AMR algebraic code book (fixed) vector decoding functions /// @{ /** @@ -547,7 +547,7 @@ static void pitch_sharpening(AMRContext *p, int subframe, enum Mode mode, /// @} -/// @defgroup amr_gain_decoding AMR gain decoding functions +/// @name AMR gain decoding functions /// @{ /** @@ -633,7 +633,7 @@ static void decode_gains(AMRContext *p, const AMRNBSubframe *amr_subframe, /// @} -/// @defgroup amr_pre_processing AMR pre-processing functions +/// @name AMR preprocessing functions /// @{ /** @@ -751,7 +751,7 @@ static const float *anti_sparseness(AMRContext *p, AMRFixed *fixed_sparse, /// @} -/// @defgroup amr_synthesis AMR synthesis functions +/// @name AMR synthesis functions /// @{ /** @@ -812,7 +812,7 @@ static int synthesis(AMRContext *p, float *lpc, /// @} -/// @defgroup amr_update AMR update functions +/// @name AMR update functions /// @{ /** @@ -837,7 +837,7 @@ static void update_state(AMRContext *p) /// @} -/// @defgroup amr_postproc AMR Post processing functions +/// @name AMR Postprocessing functions /// @{ /** diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c index d5a7efd94d..f92b37527e 100644 --- a/libavcodec/apedec.c +++ b/libavcodec/apedec.c @@ -217,7 +217,7 @@ static av_cold int ape_decode_close(AVCodecContext * avctx) } /** - * @defgroup rangecoder APE range decoder + * @name APE range decoding functions * @{ */ diff --git a/libavcodec/ass.h b/libavcodec/ass.h index d350cf3fc2..594b5f3ac6 100644 --- a/libavcodec/ass.h +++ b/libavcodec/ass.h @@ -25,8 +25,7 @@ #include "avcodec.h" /** - * Default values for ASS style. - * @defgroup ass_default + * @name Default values for ASS style * @{ */ #define ASS_DEFAULT_FONT "Arial" diff --git a/libavcodec/avcodec.h b/libavcodec/avcodec.h index a70d8adb90..835279eb21 100644 --- a/libavcodec/avcodec.h +++ b/libavcodec/avcodec.h @@ -2488,7 +2488,7 @@ typedef struct AVCodecContext { #if FF_API_FLAC_GLOBAL_OPTS /** - * @defgroup flac_opts FLAC options + * @name FLAC options * @deprecated Use FLAC encoder private options instead. * @{ */ @@ -2897,7 +2897,7 @@ typedef struct AVCodec { const AVProfile *profiles; ///< array of recognized profiles, or NULL if unknown, array is terminated by {FF_PROFILE_UNKNOWN} /** - * @defgroup framethreading Frame-level threading support functions. + * @name Frame-level threading support functions * @{ */ /** diff --git a/libavcodec/h264.h b/libavcodec/h264.h index 3abf895010..e3cc815565 100644 --- a/libavcodec/h264.h +++ b/libavcodec/h264.h @@ -507,7 +507,7 @@ typedef struct H264Context{ int cabac_init_idc; /** - * @defgroup multithreading Members for slice based multithreading + * @name Members for slice based multithreading * @{ */ struct H264Context *thread_context[MAX_THREADS]; diff --git a/libavcodec/qcelpdata.h b/libavcodec/qcelpdata.h index df33e9158c..672da49523 100644 --- a/libavcodec/qcelpdata.h +++ b/libavcodec/qcelpdata.h @@ -38,14 +38,14 @@ * QCELP unpacked data frame */ typedef struct { -/// @defgroup qcelp_codebook_parameters QCELP excitation codebook parameters +/// @name QCELP excitation codebook parameters /// @{ uint8_t cbsign[16]; ///!< sign of the codebook gain for each codebook subframe uint8_t cbgain[16]; ///!< unsigned codebook gain for each codebook subframe uint8_t cindex[16]; ///!< codebook index for each codebook subframe /// @} -/// @defgroup qcelp_pitch_parameters QCELP pitch prediction parameters +/// @name QCELP pitch prediction parameters /// @{ uint8_t plag[4]; ///!< pitch lag for each pitch subframe uint8_t pfrac[4]; ///!< fractional pitch lag for each pitch subframe diff --git a/libavcodec/rv34.c b/libavcodec/rv34.c index b5d314cf0f..c5dcfdcba4 100644 --- a/libavcodec/rv34.c +++ b/libavcodec/rv34.c @@ -62,8 +62,10 @@ static const int rv34_mb_type_to_lavc[12] = { static RV34VLC intra_vlcs[NUM_INTRA_TABLES], inter_vlcs[NUM_INTER_TABLES]; +static int rv34_decode_mv(RV34DecContext *r, int block_type); + /** - * @defgroup vlc RV30/40 VLC generating functions + * @name RV30/40 VLC generating functions * @{ */ @@ -171,7 +173,7 @@ static av_cold void rv34_init_tables(void) /** - * @defgroup transform RV30/40 inverse transform functions + * @name RV30/40 inverse transform functions * @{ */ @@ -246,7 +248,7 @@ static void rv34_inv_transform_noround(DCTELEM *block){ /** - * @defgroup block RV30/40 4x4 block decoding functions + * @name RV30/40 4x4 block decoding functions * @{ */ @@ -393,7 +395,7 @@ static inline void rv34_dequant4x4_16x16(DCTELEM *block, int Qdc, int Q) /** - * @defgroup rv3040_bitstream RV30/40 bitstream parsing + * @name RV30/40 bitstream parsing * @{ */ @@ -432,10 +434,76 @@ static inline int rv34_decode_dquant(GetBitContext *gb, int quant) return get_bits(gb, 5); } +/** + * Decode macroblock header and return CBP in case of success, -1 otherwise. + */ +static int rv34_decode_mb_header(RV34DecContext *r, int8_t *intra_types) +{ + MpegEncContext *s = &r->s; + GetBitContext *gb = &s->gb; + int mb_pos = s->mb_x + s->mb_y * s->mb_stride; + int i, t; + + if(!r->si.type){ + r->is16 = get_bits1(gb); + if(!r->is16 && !r->rv30){ + if(!get_bits1(gb)) + av_log(s->avctx, AV_LOG_ERROR, "Need DQUANT\n"); + } + s->current_picture_ptr->mb_type[mb_pos] = r->is16 ? MB_TYPE_INTRA16x16 : MB_TYPE_INTRA; + r->block_type = r->is16 ? RV34_MB_TYPE_INTRA16x16 : RV34_MB_TYPE_INTRA; + }else{ + r->block_type = r->decode_mb_info(r); + if(r->block_type == -1) + return -1; + s->current_picture_ptr->mb_type[mb_pos] = rv34_mb_type_to_lavc[r->block_type]; + r->mb_type[mb_pos] = r->block_type; + if(r->block_type == RV34_MB_SKIP){ + if(s->pict_type == AV_PICTURE_TYPE_P) + r->mb_type[mb_pos] = RV34_MB_P_16x16; + if(s->pict_type == AV_PICTURE_TYPE_B) + r->mb_type[mb_pos] = RV34_MB_B_DIRECT; + } + r->is16 = !!IS_INTRA16x16(s->current_picture_ptr->mb_type[mb_pos]); + rv34_decode_mv(r, r->block_type); + if(r->block_type == RV34_MB_SKIP){ + fill_rectangle(intra_types, 4, 4, r->intra_types_stride, 0, sizeof(intra_types[0])); + return 0; + } + r->chroma_vlc = 1; + r->luma_vlc = 0; + } + if(IS_INTRA(s->current_picture_ptr->mb_type[mb_pos])){ + if(r->is16){ + t = get_bits(gb, 2); + fill_rectangle(intra_types, 4, 4, r->intra_types_stride, t, sizeof(intra_types[0])); + r->luma_vlc = 2; + }else{ + if(r->decode_intra_types(r, gb, intra_types) < 0) + return -1; + r->luma_vlc = 1; + } + r->chroma_vlc = 0; + r->cur_vlcs = choose_vlc_set(r->si.quant, r->si.vlc_set, 0); + }else{ + for(i = 0; i < 16; i++) + intra_types[(i & 3) + (i>>2) * r->intra_types_stride] = 0; + r->cur_vlcs = choose_vlc_set(r->si.quant, r->si.vlc_set, 1); + if(r->mb_type[mb_pos] == RV34_MB_P_MIX16x16){ + r->is16 = 1; + r->chroma_vlc = 1; + r->luma_vlc = 2; + r->cur_vlcs = choose_vlc_set(r->si.quant, r->si.vlc_set, 0); + } + } + + return rv34_decode_cbp(gb, r->cur_vlcs, r->is16); +} + /** @} */ //bitstream functions /** - * @defgroup mv motion vector related code (prediction, reconstruction, motion compensation) + * @name motion vector related code (prediction, reconstruction, motion compensation) * @{ */ @@ -885,7 +953,7 @@ static int rv34_decode_mv(RV34DecContext *r, int block_type) /** @} */ // mv group /** - * @defgroup recons Macroblock reconstruction functions + * @name Macroblock reconstruction functions * @{ */ /** mapping of RV30/40 intra prediction types to standard H.264 types */ @@ -1027,79 +1095,6 @@ static void rv34_output_macroblock(RV34DecContext *r, int8_t *intra_types, int c } } -/** @} */ // recons group - -/** - * @addtogroup bitstream - * Decode macroblock header and return CBP in case of success, -1 otherwise. - */ -static int rv34_decode_mb_header(RV34DecContext *r, int8_t *intra_types) -{ - MpegEncContext *s = &r->s; - GetBitContext *gb = &s->gb; - int mb_pos = s->mb_x + s->mb_y * s->mb_stride; - int i, t; - - if(!r->si.type){ - r->is16 = get_bits1(gb); - if(!r->is16 && !r->rv30){ - if(!get_bits1(gb)) - av_log(s->avctx, AV_LOG_ERROR, "Need DQUANT\n"); - } - s->current_picture_ptr->mb_type[mb_pos] = r->is16 ? MB_TYPE_INTRA16x16 : MB_TYPE_INTRA; - r->block_type = r->is16 ? RV34_MB_TYPE_INTRA16x16 : RV34_MB_TYPE_INTRA; - }else{ - r->block_type = r->decode_mb_info(r); - if(r->block_type == -1) - return -1; - s->current_picture_ptr->mb_type[mb_pos] = rv34_mb_type_to_lavc[r->block_type]; - r->mb_type[mb_pos] = r->block_type; - if(r->block_type == RV34_MB_SKIP){ - if(s->pict_type == AV_PICTURE_TYPE_P) - r->mb_type[mb_pos] = RV34_MB_P_16x16; - if(s->pict_type == AV_PICTURE_TYPE_B) - r->mb_type[mb_pos] = RV34_MB_B_DIRECT; - } - r->is16 = !!IS_INTRA16x16(s->current_picture_ptr->mb_type[mb_pos]); - rv34_decode_mv(r, r->block_type); - if(r->block_type == RV34_MB_SKIP){ - fill_rectangle(intra_types, 4, 4, r->intra_types_stride, 0, sizeof(intra_types[0])); - return 0; - } - r->chroma_vlc = 1; - r->luma_vlc = 0; - } - if(IS_INTRA(s->current_picture_ptr->mb_type[mb_pos])){ - if(r->is16){ - t = get_bits(gb, 2); - fill_rectangle(intra_types, 4, 4, r->intra_types_stride, t, sizeof(intra_types[0])); - r->luma_vlc = 2; - }else{ - if(r->decode_intra_types(r, gb, intra_types) < 0) - return -1; - r->luma_vlc = 1; - } - r->chroma_vlc = 0; - r->cur_vlcs = choose_vlc_set(r->si.quant, r->si.vlc_set, 0); - }else{ - for(i = 0; i < 16; i++) - intra_types[(i & 3) + (i>>2) * r->intra_types_stride] = 0; - r->cur_vlcs = choose_vlc_set(r->si.quant, r->si.vlc_set, 1); - if(r->mb_type[mb_pos] == RV34_MB_P_MIX16x16){ - r->is16 = 1; - r->chroma_vlc = 1; - r->luma_vlc = 2; - r->cur_vlcs = choose_vlc_set(r->si.quant, r->si.vlc_set, 0); - } - } - - return rv34_decode_cbp(gb, r->cur_vlcs, r->is16); -} - -/** - * @addtogroup recons - * @{ - */ /** * mask for retrieving all bits in coded block pattern * corresponding to one 8x8 block @@ -1109,6 +1104,8 @@ static int rv34_decode_mb_header(RV34DecContext *r, int8_t *intra_types) #define U_CBP_MASK 0x0F0000 #define V_CBP_MASK 0xF00000 +/** @} */ // recons group + static void rv34_apply_differences(RV34DecContext *r, int cbp) { diff --git a/libavcodec/rv40data.h b/libavcodec/rv40data.h index 4787075742..1b6e8c31b1 100644 --- a/libavcodec/rv40data.h +++ b/libavcodec/rv40data.h @@ -65,7 +65,7 @@ static const uint8_t rv40_luma_dc_quant[2][32] = { }; /** - * @defgroup loopfilter coefficients used by the RV40 loop filter + * @name Coefficients used by the RV40 loop filter * @{ */ /** diff --git a/libavcodec/sbr.h b/libavcodec/sbr.h index cbf3e23e6b..5b0f334219 100644 --- a/libavcodec/sbr.h +++ b/libavcodec/sbr.h @@ -42,7 +42,7 @@ typedef struct { uint8_t bs_xover_band; /** - * @defgroup bs_header_extra_1 Variables associated with bs_header_extra_1 + * @name Variables associated with bs_header_extra_1 * @{ */ uint8_t bs_freq_scale; @@ -58,7 +58,7 @@ typedef struct { */ typedef struct { /** - * @defgroup aac_bitstream Main bitstream data variables + * @name Main bitstream data variables * @{ */ unsigned bs_frame_class; @@ -74,7 +74,7 @@ typedef struct { /** @} */ /** - * @defgroup state State variables + * @name State variables * @{ */ DECLARE_ALIGNED(16, float, synthesis_filterbank_samples)[SBR_SYNTHESIS_BUF_SIZE]; @@ -116,7 +116,7 @@ typedef struct { SpectrumParameters spectrum_params; int bs_amp_res_header; /** - * @defgroup bs_header_extra_2 variables associated with bs_header_extra_2 + * @name Variables associated with bs_header_extra_2 * @{ */ unsigned bs_limiter_bands; diff --git a/libavcodec/tableprint.h b/libavcodec/tableprint.h index ddf2635da0..c89f3107f8 100644 --- a/libavcodec/tableprint.h +++ b/libavcodec/tableprint.h @@ -56,8 +56,7 @@ void write_##type##_2d_array(const void *arg, int len, int len2)\ } /** - * \defgroup printfuncs Predefined functions for printing tables - * + * @name Predefined functions for printing tables * \{ */ void write_int8_t_array (const int8_t *, int); diff --git a/libavcodec/vc1.c b/libavcodec/vc1.c index 7b878c18d7..32869b97d1 100644 --- a/libavcodec/vc1.c +++ b/libavcodec/vc1.c @@ -40,7 +40,7 @@ /***********************************************************************/ /** - * @defgroup vc1bitplane VC-1 Bitplane decoding + * @name VC-1 Bitplane decoding * @see 8.7, p56 * @{ */ diff --git a/libavcodec/vc1dec.c b/libavcodec/vc1dec.c index 186610ea95..8fca2da738 100644 --- a/libavcodec/vc1dec.c +++ b/libavcodec/vc1dec.c @@ -137,7 +137,7 @@ static int vc1_init_common(VC1Context *v) /***********************************************************************/ /** - * @defgroup vc1bitplane VC-1 Bitplane decoding + * @name VC-1 Bitplane decoding * @see 8.7, p56 * @{ */ @@ -774,7 +774,7 @@ static void vc1_mc_4mv_chroma(VC1Context *v) /***********************************************************************/ /** - * @defgroup vc1block VC-1 Block-level functions + * @name VC-1 Block-level functions * @see 7.1.4, p91 and 8.1.1.7, p(1)04 * @{ */ @@ -1512,7 +1512,7 @@ static inline int vc1_pred_dc(MpegEncContext *s, int overlap, int pq, int n, /** @} */ // Block group /** - * @defgroup vc1_std_mb VC1 Macroblock-level functions in Simple/Main Profiles + * @name VC1 Macroblock-level functions in Simple/Main Profiles * @see 7.1.4, p91 and 8.1.1.7, p(1)04 * @{ */ diff --git a/libavcodec/wmavoice.c b/libavcodec/wmavoice.c index 4e69b83b32..eb3bcb0629 100644 --- a/libavcodec/wmavoice.c +++ b/libavcodec/wmavoice.c @@ -128,9 +128,7 @@ static const struct frame_type_desc { */ typedef struct { /** - * @defgroup struct_global Global values - * Global values, specified in the stream header / extradata or used - * all over. + * @name Global values specified in the stream header / extradata or used all over. * @{ */ GetBitContext gb; ///< packet bitreader. During decoder init, @@ -182,8 +180,9 @@ typedef struct { /** * @} - * @defgroup struct_packet Packet values - * Packet values, specified in the packet header or related to a packet. + * + * @name Packet values specified in the packet header or related to a packet. + * * A packet is considered to be a single unit of data provided to this * decoder by the demuxer. * @{ @@ -213,7 +212,8 @@ typedef struct { /** * @} - * @defgroup struct_frame Frame and superframe values + * + * @name Frame and superframe values * Superframe and frame data - these can change from frame to frame, * although some of them do in that case serve as a cache / history for * the next frame or superframe. @@ -256,7 +256,9 @@ typedef struct { float synth_history[MAX_LSPS]; ///< see #excitation_history /** * @} - * @defgroup post_filter Postfilter values + * + * @name Postfilter values + * * Variables used for postfilter implementation, mostly history for * smoothing and so on, and context variables for FFT/iFFT. * @{ @@ -432,7 +434,7 @@ static av_cold int wmavoice_decode_init(AVCodecContext *ctx) } /** - * @defgroup postfilter Postfilter functions + * @name Postfilter functions * Postfilter functions (gain control, wiener denoise filter, DC filter, * kalman smoothening, plus surrounding code to wrap it) * @{ @@ -825,7 +827,7 @@ static void dequant_lsps(double *lsps, int num, } /** - * @defgroup lsp_dequant LSP dequantization routines + * @name LSP dequantization routines * LSP dequantization routines, for 10/16LSPs and independent/residual coding. * @note we assume enough bits are available, caller should check. * lsp10i() consumes 24 bits; lsp10r() consumes an additional 24 bits; @@ -969,7 +971,7 @@ static void dequant_lsp16r(GetBitContext *gb, /** * @} - * @defgroup aw Pitch-adaptive window coding functions + * @name Pitch-adaptive window coding functions * The next few functions are for pitch-adaptive window coding. * @{ */ diff --git a/libavformat/avio.h b/libavformat/avio.h index e07e3c3c92..211fe9349e 100644 --- a/libavformat/avio.h +++ b/libavformat/avio.h @@ -145,7 +145,7 @@ typedef struct URLPollEntry { attribute_deprecated int url_poll(URLPollEntry *poll_table, int n, int timeout); /** - * @defgroup open_modes URL open modes + * @name URL open modes * The flags argument to url_open and cosins must be one of the following * constants, optionally ORed with other flags. * @{ @@ -176,7 +176,7 @@ extern URLInterruptCB *url_interrupt_cb; /** * @defgroup old_url_funcs Old url_* functions - * @deprecated use the buffered API based on AVIOContext instead + * The following functions are deprecated. Use the buffered API based on #AVIOContext instead. * @{ */ attribute_deprecated int url_open_protocol (URLContext **puc, struct URLProtocol *up, @@ -235,7 +235,7 @@ attribute_deprecated AVIOContext *av_alloc_put_byte( /** * @defgroup old_avio_funcs Old put_/get_*() functions - * @deprecated use the avio_ -prefixed functions instead. + * The following functions are deprecated. Use the "avio_"-prefixed functions instead. * @{ */ attribute_deprecated int get_buffer(AVIOContext *s, unsigned char *buf, int size); @@ -272,7 +272,7 @@ attribute_deprecated int64_t av_url_read_fseek (AVIOContext *h, int stream_in /** * @defgroup old_url_f_funcs Old url_f* functions - * @deprecated use the avio_ -prefixed functions instead. + * The following functions are deprecated, use the "avio_"-prefixed functions instead. * @{ */ attribute_deprecated int url_fopen( AVIOContext **s, const char *url, int flags); @@ -479,7 +479,7 @@ void avio_flush(AVIOContext *s); int avio_read(AVIOContext *s, unsigned char *buf, int size); /** - * @defgroup avio_read Functions for reading from AVIOContext. + * @name Functions for reading from AVIOContext * @{ * * @note return 0 if EOF, so you cannot use it if EOF handling is @@ -523,7 +523,7 @@ int avio_get_str16be(AVIOContext *pb, int maxlen, char *buf, int buflen); /** - * @defgroup open_modes URL open modes + * @name URL open modes * The flags argument to avio_open must be one of the following * constants, optionally ORed with other flags. * @{ diff --git a/libavformat/rtmppkt.h b/libavformat/rtmppkt.h index bb3475811e..8372484fbd 100644 --- a/libavformat/rtmppkt.h +++ b/libavformat/rtmppkt.h @@ -138,7 +138,7 @@ int ff_rtmp_packet_write(URLContext *h, RTMPPacket *p, void ff_rtmp_packet_dump(void *ctx, RTMPPacket *p); /** - * @defgroup amffuncs functions used to work with AMF format (which is also used in .flv) + * @name Functions used to work with the AMF format (which is also used in .flv) * @see amf_* funcs in libavformat/flvdec.c * @{ */ diff --git a/libavutil/lzo.h b/libavutil/lzo.h index 01c9280a43..a3924de908 100644 --- a/libavutil/lzo.h +++ b/libavutil/lzo.h @@ -24,7 +24,7 @@ #include -/** \defgroup errflags Error flags returned by av_lzo1x_decode +/** @name Error flags returned by av_lzo1x_decode * \{ */ //! end of the input buffer reached before decoding finished #define AV_LZO_INPUT_DEPLETED 1 From c5c265435114ccbfd489a04d8e2f8f3d05d4d858 Mon Sep 17 00:00:00 2001 From: Reinhard Tartler Date: Fri, 1 Jul 2011 20:50:33 +0200 Subject: [PATCH 066/652] libavformat: Add an example how to use the metadata API Also include it into the doxygen documentation (cherry picked from commit 12489443dec228d60fa3dc56695f6ddae08beb37) --- libavformat/Makefile | 2 +- libavformat/avformat.h | 2 ++ libavformat/metadata-example.c | 56 ++++++++++++++++++++++++++++++++++ 3 files changed, 59 insertions(+), 1 deletion(-) create mode 100644 libavformat/metadata-example.c diff --git a/libavformat/Makefile b/libavformat/Makefile index c2fa8af466..7a8aba6e21 100644 --- a/libavformat/Makefile +++ b/libavformat/Makefile @@ -335,7 +335,7 @@ OBJS-$(CONFIG_UDP_PROTOCOL) += udp.o # libavdevice dependencies OBJS-$(CONFIG_JACK_INDEV) += timefilter.o -EXAMPLES = output +EXAMPLES = metadata output TESTPROGS = timefilter include $(SUBDIR)../subdir.mak diff --git a/libavformat/avformat.h b/libavformat/avformat.h index 05e80f1922..8561a50c01 100644 --- a/libavformat/avformat.h +++ b/libavformat/avformat.h @@ -109,6 +109,8 @@ struct AVFormatContext; variant_bitrate -- the total bitrate of the bitrate variant that the current stream is part of @endverbatim * + * Look in the examples section for an application example how to use the Metadata API. + * * @} */ diff --git a/libavformat/metadata-example.c b/libavformat/metadata-example.c new file mode 100644 index 0000000000..7bf77e7378 --- /dev/null +++ b/libavformat/metadata-example.c @@ -0,0 +1,56 @@ +/* + * Copyright (c) 2011 Reinhard Tartler + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * @file + * @example libavformat/metadata-example.c + * Shows how the metadata API can be used in application programs. + */ + +#include + +#include +#include + +int main (int argc, char **argv) +{ + AVFormatContext *fmt_ctx = NULL; + AVDictionaryEntry *tag = NULL; + int ret; + + if (argc != 2) { + printf("usage: %s \n" + "example program to demonstrate the use of the libavformat metadata API.\n" + "\n", argv[0]); + return 1; + } + + av_register_all(); + if ((ret = avformat_open_input(&fmt_ctx, argv[1], NULL, NULL))) + return ret; + + while ((tag = av_dict_get(fmt_ctx->metadata, "", tag, AV_DICT_IGNORE_SUFFIX))) + printf("%s=%s\n", tag->key, tag->value); + + avformat_free_context(fmt_ctx); + return 0; +} From c445e9dc6284c24a4d527480a8f78fc89d1b56a3 Mon Sep 17 00:00:00 2001 From: Stefano Sabatini Date: Sat, 2 Jul 2011 13:22:18 +0200 Subject: [PATCH 067/652] ffmpeg: use av_get_bytes_per_sample() in place of av_get_bits_per_sample_fmt() av_get_bits_per_sample_fmt() was deprecated. Signed-off-by: Ronald S. Bultje (cherry picked from commit f6d6783a4df127d2ad1cf755ac4f363decbd7fbb) --- ffmpeg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ffmpeg.c b/ffmpeg.c index b28408741c..2ed2802333 100644 --- a/ffmpeg.c +++ b/ffmpeg.c @@ -1801,7 +1801,7 @@ static int output_packet(AVInputStream *ist, int ist_index, ret = 0; /* encode any samples remaining in fifo */ if (fifo_bytes > 0) { - int osize = av_get_bits_per_sample_fmt(enc->sample_fmt) >> 3; + int osize = av_get_bytes_per_sample(enc->sample_fmt); int fs_tmp = enc->frame_size; av_fifo_generic_read(ost->fifo, audio_buf, fifo_bytes, NULL); From d734d4ce6ae6e798b17c26ed1cc228891897b34f Mon Sep 17 00:00:00 2001 From: Stefano Sabatini Date: Sat, 2 Jul 2011 13:22:35 +0200 Subject: [PATCH 068/652] suggest to use av_get_bytes_per_sample() in av_get_bits_per_sample_format() doxy The previously suggested replacement - av_get_bits_per_sample_fmt() - was also deprecated. Signed-off-by: Ronald S. Bultje (cherry picked from commit ccfa626db863b6019fd4c316d19d8f7018543bed) --- libavcodec/avcodec.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/avcodec.h b/libavcodec/avcodec.h index 835279eb21..9a3076ae27 100644 --- a/libavcodec/avcodec.h +++ b/libavcodec/avcodec.h @@ -3847,7 +3847,7 @@ int av_get_bits_per_sample(enum CodecID codec_id); #if FF_API_OLD_SAMPLE_FMT /** - * @deprecated Use av_get_bits_per_sample_fmt() instead. + * @deprecated Use av_get_bytes_per_sample() instead. */ attribute_deprecated int av_get_bits_per_sample_format(enum AVSampleFormat sample_fmt); From 154ea553f672ace5890fd93f8e70d6173aa1ac4a Mon Sep 17 00:00:00 2001 From: Reinhard Tartler Date: Sun, 3 Jul 2011 18:58:09 +0200 Subject: [PATCH 069/652] Update Doxyfile to the format preferred by Doxygen 1.7.1 (via 'doxygen -u'). This is the version available in Debian stable, so it should be a reasonable baseline that can be expected to be present on all developer machines. Moreover, this is the version that is used by the nightly cronjob that generates the online html version. (cherry picked from commit 10dde477c77e0ac0fecda49fdb1dc71329aa7513) --- Doxyfile | 345 +++++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 283 insertions(+), 62 deletions(-) diff --git a/Doxyfile b/Doxyfile index b75d2d6e10..a4beaba323 100644 --- a/Doxyfile +++ b/Doxyfile @@ -1,4 +1,4 @@ -# Doxyfile 1.5.6 +# Doxyfile 1.7.1 # This file describes the settings to be used by the documentation system # doxygen (www.doxygen.org) for a project @@ -54,11 +54,11 @@ CREATE_SUBDIRS = NO # information to generate all constant output in the proper language. # The default language is English, other supported languages are: # Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional, -# Croatian, Czech, Danish, Dutch, Farsi, Finnish, French, German, Greek, -# Hungarian, Italian, Japanese, Japanese-en (Japanese with English messages), -# Korean, Korean-en, Lithuanian, Norwegian, Macedonian, Persian, Polish, -# Portuguese, Romanian, Russian, Serbian, Slovak, Slovene, Spanish, Swedish, -# and Ukrainian. +# Croatian, Czech, Danish, Dutch, Esperanto, Farsi, Finnish, French, German, +# Greek, Hungarian, Italian, Japanese, Japanese-en (Japanese with English +# messages), Korean, Korean-en, Lithuanian, Norwegian, Macedonian, Persian, +# Polish, Portuguese, Romanian, Russian, Serbian, Serbian-Cyrilic, Slovak, +# Slovene, Spanish, Swedish, Ukrainian, and Vietnamese. OUTPUT_LANGUAGE = English @@ -155,13 +155,6 @@ QT_AUTOBRIEF = NO MULTILINE_CPP_IS_BRIEF = NO -# If the DETAILS_AT_TOP tag is set to YES then Doxygen -# will output the detailed description near the top, like JavaDoc. -# If set to NO, the detailed description appears after the member -# documentation. - -DETAILS_AT_TOP = NO - # If the INHERIT_DOCS tag is set to YES (the default) then an undocumented # member inherits the documentation from any documented member that it # re-implements. @@ -214,6 +207,18 @@ OPTIMIZE_FOR_FORTRAN = NO OPTIMIZE_OUTPUT_VHDL = NO +# Doxygen selects the parser to use depending on the extension of the files it +# parses. With this tag you can assign which parser to use for a given extension. +# Doxygen has a built-in mapping, but you can override or extend it using this +# tag. The format is ext=language, where ext is a file extension, and language +# is one of the parsers supported by doxygen: IDL, Java, Javascript, CSharp, C, +# C++, D, PHP, Objective-C, Python, Fortran, VHDL, C, C++. For instance to make +# doxygen treat .inc files as Fortran files (default is PHP), and .f files as C +# (default is Fortran), use: inc=Fortran f=C. Note that for custom extensions +# you also need to set FILE_PATTERNS otherwise the files are not read by doxygen. + +EXTENSION_MAPPING = + # If you use STL classes (i.e. std::string, std::vector, etc.) but do not want # to include (a tag file for) the STL sources as input, then you should # set this tag to YES in order to let doxygen match functions declarations and @@ -268,6 +273,22 @@ SUBGROUPING = YES TYPEDEF_HIDES_STRUCT = NO +# The SYMBOL_CACHE_SIZE determines the size of the internal cache use to +# determine which symbols to keep in memory and which to flush to disk. +# When the cache is full, less often used symbols will be written to disk. +# For small to medium size projects (<1000 input files) the default value is +# probably good enough. For larger projects a too small cache size can cause +# doxygen to be busy swapping symbols to and from disk most of the time +# causing a significant performance penality. +# If the system has enough physical memory increasing the cache will improve the +# performance by keeping more symbols in memory. Note that the value works on +# a logarithmic scale so increasing the size by one will rougly double the +# memory usage. The cache size is given by this formula: +# 2^(16+SYMBOL_CACHE_SIZE). The valid range is 0..9, the default is 0, +# corresponding to a cache size of 2^16 = 65536 symbols + +SYMBOL_CACHE_SIZE = 0 + #--------------------------------------------------------------------------- # Build related configuration options #--------------------------------------------------------------------------- @@ -366,6 +387,12 @@ HIDE_SCOPE_NAMES = NO SHOW_INCLUDE_FILES = YES +# If the FORCE_LOCAL_INCLUDES tag is set to YES then Doxygen +# will list include files with double quotes in the documentation +# rather than with sharp brackets. + +FORCE_LOCAL_INCLUDES = NO + # If the INLINE_INFO tag is set to YES (the default) then a tag [inline] # is inserted in the documentation for inline members. @@ -385,6 +412,16 @@ SORT_MEMBER_DOCS = YES SORT_BRIEF_DOCS = NO +# If the SORT_MEMBERS_CTORS_1ST tag is set to YES then doxygen +# will sort the (brief and detailed) documentation of class members so that +# constructors and destructors are listed first. If set to NO (the default) +# the constructors will appear in the respective orders defined by +# SORT_MEMBER_DOCS and SORT_BRIEF_DOCS. +# This tag will be ignored for brief docs if SORT_BRIEF_DOCS is set to NO +# and ignored for detailed docs if SORT_MEMBER_DOCS is set to NO. + +SORT_MEMBERS_CTORS_1ST = NO + # If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the # hierarchy of group names into alphabetical order. If set to NO (the default) # the group names will appear in their defined order. @@ -459,7 +496,8 @@ SHOW_DIRECTORIES = NO SHOW_FILES = YES # Set the SHOW_NAMESPACES tag to NO to disable the generation of the -# Namespaces page. This will remove the Namespaces entry from the Quick Index +# Namespaces page. +# This will remove the Namespaces entry from the Quick Index # and from the Folder Tree View (if specified). The default is YES. SHOW_NAMESPACES = YES @@ -474,6 +512,15 @@ SHOW_NAMESPACES = YES FILE_VERSION_FILTER = +# The LAYOUT_FILE tag can be used to specify a layout file which will be parsed +# by doxygen. The layout file controls the global structure of the generated +# output files in an output format independent way. The create the layout file +# that represents doxygen's defaults, run doxygen with the -l option. +# You can optionally specify a file name after the option, if omitted +# DoxygenLayout.xml will be used as the name of the layout file. + +LAYOUT_FILE = + #--------------------------------------------------------------------------- # configuration options related to warning and progress messages #--------------------------------------------------------------------------- @@ -577,7 +624,8 @@ EXCLUDE_SYMLINKS = NO # against the file with absolute path, so to exclude all test directories # for example use the pattern */test/* -EXCLUDE_PATTERNS = *.git *.d +EXCLUDE_PATTERNS = *.git \ + *.d # The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names # (namespaces, classes, functions, etc.) that should be excluded from the @@ -591,7 +639,8 @@ EXCLUDE_SYMBOLS = # directories that contain example code fragments that are included (see # the \include command). -EXAMPLE_PATH = libavcodec/ libavformat/ +EXAMPLE_PATH = libavcodec/ \ + libavformat/ # If the value of the EXAMPLE_PATH tag contains directories, you can use the # EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp @@ -618,14 +667,17 @@ IMAGE_PATH = # by executing (via popen()) the command , where # is the value of the INPUT_FILTER tag, and is the name of an # input file. Doxygen will then use the output that the filter program writes -# to standard output. If FILTER_PATTERNS is specified, this tag will be +# to standard output. +# If FILTER_PATTERNS is specified, this tag will be # ignored. INPUT_FILTER = # The FILTER_PATTERNS tag can be used to specify filters on a per file pattern -# basis. Doxygen will compare the file name with each pattern and apply the -# filter if there is a match. The filters are a list of the form: +# basis. +# Doxygen will compare the file name with each pattern and apply the +# filter if there is a match. +# The filters are a list of the form: # pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further # info on how filters are used. If FILTER_PATTERNS is empty, INPUT_FILTER # is applied to all files. @@ -675,7 +727,8 @@ REFERENCES_RELATION = NO # If the REFERENCES_LINK_SOURCE tag is set to YES (the default) # and SOURCE_BROWSER tag is set to YES, then the hyperlinks from # functions in REFERENCES_RELATION and REFERENCED_BY_RELATION lists will -# link to the source code. Otherwise they will link to the documentstion. +# link to the source code. +# Otherwise they will link to the documentation. REFERENCES_LINK_SOURCE = YES @@ -758,18 +811,50 @@ HTML_FOOTER = HTML_STYLESHEET = +# The HTML_COLORSTYLE_HUE tag controls the color of the HTML output. +# Doxygen will adjust the colors in the stylesheet and background images +# according to this color. Hue is specified as an angle on a colorwheel, +# see http://en.wikipedia.org/wiki/Hue for more information. +# For instance the value 0 represents red, 60 is yellow, 120 is green, +# 180 is cyan, 240 is blue, 300 purple, and 360 is red again. +# The allowed range is 0 to 359. + +HTML_COLORSTYLE_HUE = 220 + +# The HTML_COLORSTYLE_SAT tag controls the purity (or saturation) of +# the colors in the HTML output. For a value of 0 the output will use +# grayscales only. A value of 255 will produce the most vivid colors. + +HTML_COLORSTYLE_SAT = 100 + +# The HTML_COLORSTYLE_GAMMA tag controls the gamma correction applied to +# the luminance component of the colors in the HTML output. Values below +# 100 gradually make the output lighter, whereas values above 100 make +# the output darker. The value divided by 100 is the actual gamma applied, +# so 80 represents a gamma of 0.8, The value 220 represents a gamma of 2.2, +# and 100 does not change the gamma. + +HTML_COLORSTYLE_GAMMA = 80 + +# If the HTML_TIMESTAMP tag is set to YES then the footer of each generated HTML +# page will contain the date and time when the page was generated. Setting +# this to NO can help when comparing the output of multiple runs. + +HTML_TIMESTAMP = YES + # If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes, # files or namespaces will be aligned in HTML using tables. If set to # NO a bullet list will be used. HTML_ALIGN_MEMBERS = YES -# If the GENERATE_HTMLHELP tag is set to YES, additional index files -# will be generated that can be used as input for tools like the -# Microsoft HTML help workshop to generate a compiled HTML help file (.chm) -# of the generated HTML documentation. +# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML +# documentation will contain sections that can be hidden and shown after the +# page has loaded. For this to work a browser that supports +# JavaScript and DHTML is required (for instance Mozilla 1.0+, Firefox +# Netscape 6.0+, Internet explorer 5.0+, Konqueror, or Safari). -GENERATE_HTMLHELP = NO +HTML_DYNAMIC_SECTIONS = NO # If the GENERATE_DOCSET tag is set to YES, additional index files # will be generated that can be used as input for Apple's Xcode 3 @@ -779,6 +864,8 @@ GENERATE_HTMLHELP = NO # directory and running "make install" will install the docset in # ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find # it at startup. +# See http://developer.apple.com/tools/creatingdocsetswithdoxygen.html +# for more information. GENERATE_DOCSET = NO @@ -796,13 +883,22 @@ DOCSET_FEEDNAME = "Doxygen generated docs" DOCSET_BUNDLE_ID = org.doxygen.Project -# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML -# documentation will contain sections that can be hidden and shown after the -# page has loaded. For this to work a browser that supports -# JavaScript and DHTML is required (for instance Mozilla 1.0+, Firefox -# Netscape 6.0+, Internet explorer 5.0+, Konqueror, or Safari). +# When GENERATE_PUBLISHER_ID tag specifies a string that should uniquely identify +# the documentation publisher. This should be a reverse domain-name style +# string, e.g. com.mycompany.MyDocSet.documentation. -HTML_DYNAMIC_SECTIONS = NO +DOCSET_PUBLISHER_ID = org.doxygen.Publisher + +# The GENERATE_PUBLISHER_NAME tag identifies the documentation publisher. + +DOCSET_PUBLISHER_NAME = Publisher + +# If the GENERATE_HTMLHELP tag is set to YES, additional index files +# will be generated that can be used as input for tools like the +# Microsoft HTML help workshop to generate a compiled HTML help file (.chm) +# of the generated HTML documentation. + +GENERATE_HTMLHELP = NO # If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can # be used to specify the file name of the resulting .chm file. You @@ -841,6 +937,76 @@ BINARY_TOC = NO TOC_EXPAND = NO +# If the GENERATE_QHP tag is set to YES and both QHP_NAMESPACE and +# QHP_VIRTUAL_FOLDER are set, an additional index file will be generated +# that can be used as input for Qt's qhelpgenerator to generate a +# Qt Compressed Help (.qch) of the generated HTML documentation. + +GENERATE_QHP = NO + +# If the QHG_LOCATION tag is specified, the QCH_FILE tag can +# be used to specify the file name of the resulting .qch file. +# The path specified is relative to the HTML output folder. + +QCH_FILE = + +# The QHP_NAMESPACE tag specifies the namespace to use when generating +# Qt Help Project output. For more information please see +# http://doc.trolltech.com/qthelpproject.html#namespace + +QHP_NAMESPACE = org.doxygen.Project + +# The QHP_VIRTUAL_FOLDER tag specifies the namespace to use when generating +# Qt Help Project output. For more information please see +# http://doc.trolltech.com/qthelpproject.html#virtual-folders + +QHP_VIRTUAL_FOLDER = doc + +# If QHP_CUST_FILTER_NAME is set, it specifies the name of a custom filter to +# add. For more information please see +# http://doc.trolltech.com/qthelpproject.html#custom-filters + +QHP_CUST_FILTER_NAME = + +# The QHP_CUST_FILT_ATTRS tag specifies the list of the attributes of the +# custom filter to add. For more information please see +# +# Qt Help Project / Custom Filters. + +QHP_CUST_FILTER_ATTRS = + +# The QHP_SECT_FILTER_ATTRS tag specifies the list of the attributes this +# project's +# filter section matches. +# +# Qt Help Project / Filter Attributes. + +QHP_SECT_FILTER_ATTRS = + +# If the GENERATE_QHP tag is set to YES, the QHG_LOCATION tag can +# be used to specify the location of Qt's qhelpgenerator. +# If non-empty doxygen will try to run qhelpgenerator on the generated +# .qhp file. + +QHG_LOCATION = + +# If the GENERATE_ECLIPSEHELP tag is set to YES, additional index files +# will be generated, which together with the HTML files, form an Eclipse help +# plugin. To install this plugin and make it available under the help contents +# menu in Eclipse, the contents of the directory containing the HTML and XML +# files needs to be copied into the plugins directory of eclipse. The name of +# the directory within the plugins directory should be the same as +# the ECLIPSE_DOC_ID value. After copying Eclipse needs to be restarted before +# the help appears. + +GENERATE_ECLIPSEHELP = NO + +# A unique identifier for the eclipse help plugin. When installing the plugin +# the directory name containing the HTML and XML files should also have +# this name. + +ECLIPSE_DOC_ID = org.doxygen.Project + # The DISABLE_INDEX tag can be used to turn on/off the condensed index at # top of each HTML page. The value NO (the default) enables the index and # the value YES disables it. @@ -854,27 +1020,30 @@ ENUM_VALUES_PER_LINE = 4 # The GENERATE_TREEVIEW tag is used to specify whether a tree-like index # structure should be generated to display hierarchical information. -# If the tag value is set to FRAME, a side panel will be generated +# If the tag value is set to YES, a side panel will be generated # containing a tree-like index structure (just like the one that # is generated for HTML Help). For this to work a browser that supports -# JavaScript, DHTML, CSS and frames is required (for instance Mozilla 1.0+, -# Netscape 6.0+, Internet explorer 5.0+, or Konqueror). Windows users are -# probably better off using the HTML help feature. Other possible values -# for this tag are: HIERARCHIES, which will generate the Groups, Directories, -# and Class Hiererachy pages using a tree view instead of an ordered list; -# ALL, which combines the behavior of FRAME and HIERARCHIES; and NONE, which -# disables this behavior completely. For backwards compatibility with previous -# releases of Doxygen, the values YES and NO are equivalent to FRAME and NONE -# respectively. +# JavaScript, DHTML, CSS and frames is required (i.e. any modern browser). +# Windows users are probably better off using the HTML help feature. GENERATE_TREEVIEW = NO +# By enabling USE_INLINE_TREES, doxygen will generate the Groups, Directories, +# and Class Hierarchy pages using a tree view instead of an ordered list. + +USE_INLINE_TREES = NO + # If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be # used to set the initial width (in pixels) of the frame in which the tree # is shown. TREEVIEW_WIDTH = 250 +# When the EXT_LINKS_IN_WINDOW option is set to YES doxygen will open +# links to external symbols imported via tag files in a separate window. + +EXT_LINKS_IN_WINDOW = NO + # Use this tag to change the font size of Latex formulas included # as images in the HTML documentation. The default is 10. Note that # when you change the font size after a successful doxygen run you need @@ -883,6 +1052,34 @@ TREEVIEW_WIDTH = 250 FORMULA_FONTSIZE = 10 +# Use the FORMULA_TRANPARENT tag to determine whether or not the images +# generated for formulas are transparent PNGs. Transparent PNGs are +# not supported properly for IE 6.0, but are supported on all modern browsers. +# Note that when changing this option you need to delete any form_*.png files +# in the HTML output before the changes have effect. + +FORMULA_TRANSPARENT = YES + +# When the SEARCHENGINE tag is enabled doxygen will generate a search box +# for the HTML output. The underlying search engine uses javascript +# and DHTML and should work on any modern browser. Note that when using +# HTML help (GENERATE_HTMLHELP), Qt help (GENERATE_QHP), or docsets +# (GENERATE_DOCSET) there is already a search function so this one should +# typically be disabled. For large projects the javascript based search engine +# can be slow, then enabling SERVER_BASED_SEARCH may provide a better solution. + +SEARCHENGINE = NO + +# When the SERVER_BASED_SEARCH tag is enabled the search engine will be +# implemented using a PHP enabled web server instead of at the web client +# using Javascript. Doxygen will generate the search PHP script and index +# file to put on the web server. The advantage of the server +# based approach is that it scales better to large projects and allows +# full text search. The disadvances is that it is more difficult to setup +# and does not have live searching capabilities. + +SERVER_BASED_SEARCH = NO + #--------------------------------------------------------------------------- # configuration options related to the LaTeX output #--------------------------------------------------------------------------- @@ -900,6 +1097,9 @@ LATEX_OUTPUT = latex # The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be # invoked. If left blank `latex' will be used as the default command name. +# Note that when enabling USE_PDFLATEX this option is only used for +# generating bitmaps for formulas in the HTML output, but not in the +# Makefile that is written to the output directory. LATEX_CMD_NAME = latex @@ -959,6 +1159,13 @@ LATEX_BATCHMODE = NO LATEX_HIDE_INDICES = NO +# If LATEX_SOURCE_CODE is set to YES then doxygen will include +# source code with syntax highlighting in the LaTeX output. +# Note that which sources are shown also depends on other settings +# such as SOURCE_BROWSER. + +LATEX_SOURCE_CODE = NO + #--------------------------------------------------------------------------- # configuration options related to the RTF output #--------------------------------------------------------------------------- @@ -1095,8 +1302,10 @@ GENERATE_PERLMOD = NO PERLMOD_LATEX = NO # If the PERLMOD_PRETTY tag is set to YES the Perl module output will be -# nicely formatted so it can be parsed by a human reader. This is useful -# if you want to understand what is going on. On the other hand, if this +# nicely formatted so it can be parsed by a human reader. +# This is useful +# if you want to understand what is going on. +# On the other hand, if this # tag is set to NO the size of the Perl module output will be much smaller # and Perl will parse it just the same. @@ -1158,16 +1367,22 @@ INCLUDE_FILE_PATTERNS = # undefined via #undef or recursively expanded use the := operator # instead of the = operator. -PREDEFINED = __attribute__(x)="" "RENAME(x)=x ## _TMPL" "DEF(x)=x ## _TMPL" \ - HAVE_AV_CONFIG_H HAVE_MMX HAVE_MMX2 HAVE_AMD3DNOW \ +PREDEFINED = "__attribute__(x)=" \ + "RENAME(x)=x ## _TMPL" \ + "DEF(x)=x ## _TMPL" \ + HAVE_AV_CONFIG_H \ + HAVE_MMX \ + HAVE_MMX2 \ + HAVE_AMD3DNOW \ + "DECLARE_ALIGNED(a,t,n)=t n" \ + "offsetof(x,y)=0x42" # If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then # this tag can be used to specify a list of macro names that should be expanded. # The macro definition that is found in the sources will be used. # Use the PREDEFINED tag if you want to use a different macro definition. -#EXPAND_AS_DEFINED = FF_COMMON_FRAME -EXPAND_AS_DEFINED = declare_idct(idct, table, idct_row_head, idct_row, idct_row_tail, idct_row_mid) +EXPAND_AS_DEFINED = declare_idct # If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then # doxygen's preprocessor will remove all function-like macros that are alone @@ -1185,9 +1400,11 @@ SKIP_FUNCTION_MACROS = YES # Optionally an initial location of the external documentation # can be added for each tagfile. The format of a tag file without # this location is as follows: -# TAGFILES = file1 file2 ... +# +# TAGFILES = file1 file2 ... # Adding location for the tag files is done as follows: -# TAGFILES = file1=loc1 "file2 = loc2" ... +# +# TAGFILES = file1=loc1 "file2 = loc2" ... # where "loc1" and "loc2" can be relative or absolute paths or # URLs. If a location is present for each tag, the installdox tool # does not have to be run to correct the links. @@ -1255,6 +1472,14 @@ HIDE_UNDOC_RELATIONS = YES HAVE_DOT = NO +# The DOT_NUM_THREADS specifies the number of dot invocations doxygen is +# allowed to run in parallel. When set to 0 (the default) doxygen will +# base this on the number of processors available in the system. You can set it +# explicitly to a value larger than 0 to get control over the balance +# between CPU load and processing speed. + +DOT_NUM_THREADS = 0 + # By default doxygen will write a font called FreeSans.ttf to the output # directory and reference it in all dot files that doxygen generates. This # font does not include all possible unicode characters however, so when you need @@ -1266,6 +1491,11 @@ HAVE_DOT = NO DOT_FONTNAME = FreeSans +# The DOT_FONTSIZE tag can be used to set the size of the font of dot graphs. +# The default size is 10pt. + +DOT_FONTSIZE = 10 + # By default doxygen will tell dot to use the output directory to look for the # FreeSans.ttf font (which doxygen will put there itself). If you specify a # different font using DOT_FONTNAME you can set the path where dot @@ -1383,10 +1613,10 @@ DOT_GRAPH_MAX_NODES = 50 MAX_DOT_GRAPH_DEPTH = 0 # Set the DOT_TRANSPARENT tag to YES to generate images with a transparent -# background. This is enabled by default, which results in a transparent -# background. Warning: Depending on the platform used, enabling this option -# may lead to badly anti-aliased labels on the edges of a graph (i.e. they -# become hard to read). +# background. This is disabled by default, because dot on Windows does not +# seem to support this out of the box. Warning: Depending on the platform used, +# enabling this option may lead to badly anti-aliased labels on the edges of +# a graph (i.e. they become hard to read). DOT_TRANSPARENT = YES @@ -1408,12 +1638,3 @@ GENERATE_LEGEND = YES # the various graphs. DOT_CLEANUP = YES - -#--------------------------------------------------------------------------- -# Configuration::additions related to the search engine -#--------------------------------------------------------------------------- - -# The SEARCHENGINE tag specifies whether or not a search engine should be -# used. If set to NO the values of all tags below this one will be ignored. - -SEARCHENGINE = NO From c172eb7925dad8db6ad8fde9cd81a90a5cb06bb6 Mon Sep 17 00:00:00 2001 From: Gavin Kinsey Date: Tue, 21 Jun 2011 13:13:37 +0100 Subject: [PATCH 070/652] Fix segmentation fault in ffprobe (cherry picked from commit c558122e4ee53dc4cb82f87749a9c28c38ca9401) --- ffprobe.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ffprobe.c b/ffprobe.c index 711a17246d..edda454cde 100644 --- a/ffprobe.c +++ b/ffprobe.c @@ -393,6 +393,7 @@ int main(int argc, char **argv) int ret; av_register_all(); + init_opts(); #if CONFIG_AVDEVICE avdevice_register_all(); #endif From 093f0f13e611c7fd7a8ee6130c4211427033329d Mon Sep 17 00:00:00 2001 From: Reinhard Tartler Date: Thu, 30 Jun 2011 23:00:46 +0200 Subject: [PATCH 071/652] doxygen: fix usage of @file directive in libavutil/{dict,file}.h (cherry picked from commit 134557f3a47697a7b5e5da2bd7e5a4b8f8d56b1c) --- libavutil/dict.h | 3 ++- libavutil/file.h | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/libavutil/dict.h b/libavutil/dict.h index ff24b36f81..397ce3852f 100644 --- a/libavutil/dict.h +++ b/libavutil/dict.h @@ -18,7 +18,8 @@ */ /** - * @file Public dictionary API. + * @file + * Public dictionary API. */ #ifndef AVUTIL_DICT_H diff --git a/libavutil/file.h b/libavutil/file.h index 8b65bfb01d..c481c37f93 100644 --- a/libavutil/file.h +++ b/libavutil/file.h @@ -22,7 +22,8 @@ #include "avutil.h" /** - * @file misc file utilities + * @file + * Misc file utilities. */ /** From 8f536408d1a8b6899442fd46a2e70ffb2897f4c2 Mon Sep 17 00:00:00 2001 From: Diego Biurrun Date: Sun, 3 Jul 2011 16:11:16 +0200 Subject: [PATCH 072/652] doxygen: Remove spurious documentation for non-existing function parameters. (cherry picked from commit 01c17c88ede76f8321cf2c59a535dbbc5b5ff989) --- libavcodec/h264idct_template.c | 1 - libswscale/swscale.h | 1 - 2 files changed, 2 deletions(-) diff --git a/libavcodec/h264idct_template.c b/libavcodec/h264idct_template.c index e7f9af7fb0..e288f9bf1b 100644 --- a/libavcodec/h264idct_template.c +++ b/libavcodec/h264idct_template.c @@ -237,7 +237,6 @@ void FUNCC(ff_h264_idct_add8)(uint8_t **dest, const int *block_offset, DCTELEM * } /** * IDCT transforms the 16 dc values and dequantizes them. - * @param qp quantization parameter */ void FUNCC(ff_h264_luma_dc_dequant_idct)(DCTELEM *_output, DCTELEM *_input, int qmul){ #define stride 16 diff --git a/libswscale/swscale.h b/libswscale/swscale.h index 2aa5e50ab2..3899596983 100644 --- a/libswscale/swscale.h +++ b/libswscale/swscale.h @@ -235,7 +235,6 @@ int sws_scale(struct SwsContext *context, const uint8_t* const srcSlice[], const /** * @param inv_table the yuv2rgb coefficients, normally ff_yuv2rgb_coeffs[x] - * @param fullRange if 1 then the luma range is 0..255 if 0 it is 16..235 * @return -1 if not supported */ int sws_setColorspaceDetails(struct SwsContext *c, const int inv_table[4], From f95e5225fe1b94c5c2ee683fa75aafed22c5b3e1 Mon Sep 17 00:00:00 2001 From: Reinhard Tartler Date: Sun, 3 Jul 2011 19:00:59 +0200 Subject: [PATCH 073/652] doxygen: Drop array size declarations from Doxygen parameter names. Adding [] to a Doxygen parameter name clashes with Doxygen syntax. (cherry picked from commit ff993cd7fcdfeffcac10337c0c6b69c599060c2b) --- libavcodec/cook.c | 2 +- libavcodec/motion_est_template.c | 4 ++-- libavutil/imgutils.h | 2 +- libavutil/lfg.h | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/libavcodec/cook.c b/libavcodec/cook.c index 84211a6d08..05d8d7a3cf 100644 --- a/libavcodec/cook.c +++ b/libavcodec/cook.c @@ -335,7 +335,7 @@ static av_cold int cook_decode_close(AVCodecContext *avctx) * Fill the gain array for the timedomain quantization. * * @param gb pointer to the GetBitContext - * @param gaininfo[9] array of gain indexes + * @param gaininfo array[9] of gain indexes */ static void decode_gain_info(GetBitContext *gb, int *gaininfo) diff --git a/libavcodec/motion_est_template.c b/libavcodec/motion_est_template.c index 6b807dc6f6..d65edd933a 100644 --- a/libavcodec/motion_est_template.c +++ b/libavcodec/motion_est_template.c @@ -990,8 +990,8 @@ static av_always_inline int diamond_search(MpegEncContext * s, int *best, int dm return var_diamond_search(s, best, dmin, src_index, ref_index, penalty_factor, size, h, flags); } -/*! - \param P[10][2] a list of candidate mvs to check before starting the +/** + @param P a list of candidate mvs to check before starting the iterative search. If one of the candidates is close to the optimal mv, then it takes fewer iterations. And it increases the chance that we find the optimal mv. diff --git a/libavutil/imgutils.h b/libavutil/imgutils.h index b569eb1ca4..fad4435b94 100644 --- a/libavutil/imgutils.h +++ b/libavutil/imgutils.h @@ -69,7 +69,7 @@ int av_image_fill_linesizes(int linesizes[4], enum PixelFormat pix_fmt, int widt * * @param data pointers array to be filled with the pointer for each image plane * @param ptr the pointer to a buffer which will contain the image - * @param linesizes[4] the array containing the linesize for each + * @param linesizes the array containing the linesize for each * plane, should be filled by av_image_fill_linesizes() * @return the size in bytes required for the image buffer, a negative * error code in case of failure diff --git a/libavutil/lfg.h b/libavutil/lfg.h index 89a635a1b0..904d00a669 100644 --- a/libavutil/lfg.h +++ b/libavutil/lfg.h @@ -55,7 +55,7 @@ static inline unsigned int av_mlfg_get(AVLFG *c){ * Get the next two numbers generated by a Box-Muller Gaussian * generator using the random numbers issued by lfg. * - * @param out[2] array where the two generated numbers are placed + * @param out array where the two generated numbers are placed */ void av_bmg_get(AVLFG *lfg, double out[2]); From 924b2ee8f29823877b6b544b48fe153f307d7be7 Mon Sep 17 00:00:00 2001 From: Reinhard Tartler Date: Sun, 3 Jul 2011 20:00:31 +0200 Subject: [PATCH 074/652] Add version number to doxygen config --- Doxyfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Doxyfile b/Doxyfile index a4beaba323..485b93d87f 100644 --- a/Doxyfile +++ b/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = Libav # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = +PROJECT_NUMBER = 0.7.1 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. From d32b2d4de164d6e2bd4b441c5f2aa0e442fef1f6 Mon Sep 17 00:00:00 2001 From: Reinhard Tartler Date: Sun, 3 Jul 2011 19:54:05 +0200 Subject: [PATCH 075/652] update Changelog --- Changelog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Changelog b/Changelog index 276812bd66..1c6952c394 100644 --- a/Changelog +++ b/Changelog @@ -7,6 +7,9 @@ version 0.7.1: - added various additional FOURCC codec identifiers - H.264 4:4:4 fixes - build system fixes +- Doxygen corrections and improvements +- fixed segfault in ffprobe +- behavioral fix in av_open_input_stream() version 0.7: From e8baa8eb7f45bb5fdbfcc70ae028cd11238faa88 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Tue, 5 Jul 2011 23:10:44 +0200 Subject: [PATCH 076/652] Fix av_open_input_stream with uninitialized context pointer. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Code would allocate a new context but forget to assign it to the pointer actually passed to avformat_open_input, potentially causing a crash. Even if it was initialized it would cause a memleak. This caused crashes with e.g. mpd, see also http://bugs.gentoo.org/show_bug.cgi?id=373423 Signed-off-by: Reimar Döffinger --- libavformat/utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index cd90480be6..c99065759b 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -457,7 +457,7 @@ int av_open_input_stream(AVFormatContext **ic_ptr, opts = convert_format_parameters(ap); if(!ap->prealloced_context) - ic = avformat_alloc_context(); + *ic_ptr = ic = avformat_alloc_context(); else ic = *ic_ptr; if (!ic) { From 3097309cba69a891c06aec3ccf4095a83eb38da2 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Fri, 1 Jul 2011 02:38:28 +0200 Subject: [PATCH 077/652] Fix possible double free when encoding using xvid. (cherry picked from commit 315f0e3fd8dcbd1362276b7407dad2e97cccc4b7) --- libavcodec/libxvidff.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/libxvidff.c b/libavcodec/libxvidff.c index 9b5c17c59d..effd2db158 100644 --- a/libavcodec/libxvidff.c +++ b/libavcodec/libxvidff.c @@ -528,6 +528,7 @@ static av_cold int xvid_encode_close(AVCodecContext *avctx) { if( x->twopassbuffer != NULL ) { av_free(x->twopassbuffer); av_free(x->old_twopassbuffer); + avctx->stats_out = NULL; } av_free(x->twopassfile); av_free(x->intra_matrix); From 7fbcf1df03db848618f64658f7027d87739d8b3b Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Tue, 28 Jun 2011 22:24:21 -0700 Subject: [PATCH 078/652] ogg: fix double free when finding length of small chained oggs. ogg_save() copies streams[], but doesn't keep track of free()'ed struct members. Thus, if in between a call to ogg_save() and ogg_restore(), streams[].private was free()'ed, this would result in a double free -> crash, which happened when e.g. playing small chained ogg fragments. (cherry picked from commit 9ed6cbc3ee2ae3e7472fb25192a7e36fd7b15533) --- libavformat/oggdec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/oggdec.c b/libavformat/oggdec.c index 655da35dd4..dc9f7b62fd 100644 --- a/libavformat/oggdec.c +++ b/libavformat/oggdec.c @@ -240,7 +240,8 @@ static int ogg_read_page(AVFormatContext *s, int *str) for (n = 0; n < ogg->nstreams; n++) { av_freep(&ogg->streams[n].buf); - av_freep(&ogg->streams[n].private); + if (!ogg->state || ogg->state->streams[n].private != ogg->streams[n].private) + av_freep(&ogg->streams[n].private); } ogg->curidx = -1; ogg->nstreams = 0; From 25c2f13d00fcfdb81c33a459795c33d29f8690e8 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Mon, 27 Jun 2011 07:25:58 +0000 Subject: [PATCH 079/652] ffmpeg: Fix VDPAU decoding for some H264 samples. (cherry picked from commit a4ab70f92e4d8705434a2fee42a2b69a8bfa6bb1) --- libavcodec/vdpau.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/vdpau.c b/libavcodec/vdpau.c index 19bd96bc15..9dc2745922 100644 --- a/libavcodec/vdpau.c +++ b/libavcodec/vdpau.c @@ -183,7 +183,8 @@ void ff_vdpau_h264_picture_complete(MpegEncContext *s) render->info.h264.deblocking_filter_control_present_flag = h->pps.deblocking_filter_parameters_present; render->info.h264.redundant_pic_cnt_present_flag = h->pps.redundant_pic_cnt_present; memcpy(render->info.h264.scaling_lists_4x4, h->pps.scaling_matrix4, sizeof(render->info.h264.scaling_lists_4x4)); - memcpy(render->info.h264.scaling_lists_8x8, h->pps.scaling_matrix8, sizeof(render->info.h264.scaling_lists_8x8)); + memcpy(render->info.h264.scaling_lists_8x8[0], h->pps.scaling_matrix8[0], sizeof(render->info.h264.scaling_lists_8x8[0])); + memcpy(render->info.h264.scaling_lists_8x8[1], h->pps.scaling_matrix8[3], sizeof(render->info.h264.scaling_lists_8x8[0])); ff_draw_horiz_band(s, 0, s->avctx->height); render->bitstream_buffers_used = 0; From 0a48a67e57873b938c49ca57b0629e3e33fe37db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Tue, 5 Jul 2011 23:10:44 +0200 Subject: [PATCH 080/652] Fix av_open_input_stream with uninitialized context pointer. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Code would allocate a new context but forget to assign it to the pointer actually passed to avformat_open_input, potentially causing a crash. Even if it was initialized it would cause a memleak. This caused crashes with e.g. mpd, see also http://bugs.gentoo.org/show_bug.cgi?id=373423 Signed-off-by: Reimar Döffinger (cherry picked from commit 4e59c8ecf1433b85b539c5e89bb68cfe8b839866) --- libavformat/utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index b610276844..b8a284a52b 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -524,7 +524,7 @@ int av_open_input_stream(AVFormatContext **ic_ptr, opts = convert_format_parameters(ap); if(!ap->prealloced_context) - ic = avformat_alloc_context(); + *ic_ptr = ic = avformat_alloc_context(); else ic = *ic_ptr; if (!ic) { From 2f0a10174efd47f210e4863cb66da54cfb5a898e Mon Sep 17 00:00:00 2001 From: Loren Merritt Date: Sun, 3 Jul 2011 22:47:10 +0000 Subject: [PATCH 081/652] vf_gradfun: relicense x86 asm to LGPL Actually I gave permission for LGPL long ago, but the original import failed to update the license header. (cherry picked from commit 082768f0b189b1706fdcd15b42dcca5fd0822315) --- libavfilter/x86/gradfun.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/libavfilter/x86/gradfun.c b/libavfilter/x86/gradfun.c index c9ade8294a..ff3b19d38d 100644 --- a/libavfilter/x86/gradfun.c +++ b/libavfilter/x86/gradfun.c @@ -1,19 +1,21 @@ /* + * Copyright (C) 2009 Loren Merritt + * * This file is part of Libav. * - * Libav is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. + * Libav is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. * * Libav is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. * - * You should have received a copy of the GNU General Public License along - * with Libav; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * You should have received a copy of the GNU Lesser General Public + * License along with Libav; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "libavutil/cpu.h" From 43de5c034fe8d9bf1687faec8865b5967291004b Mon Sep 17 00:00:00 2001 From: Diego Biurrun Date: Sun, 3 Jul 2011 16:33:25 +0200 Subject: [PATCH 082/652] doxygen: Escape '\' in Doxygen documentation. (cherry picked from commit c81a2b9b4f5488c831dc27635152394ab632c46a) --- libavformat/internal.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavformat/internal.h b/libavformat/internal.h index 7413b0906a..c1a4b4f51b 100644 --- a/libavformat/internal.h +++ b/libavformat/internal.h @@ -157,14 +157,14 @@ void ff_put_v(AVIOContext *bc, uint64_t val); /** * Read a whole line of text from AVIOContext. Stop reading after reaching - * either a \n, a \0 or EOF. The returned string is always \0 terminated, + * either a \\n, a \\0 or EOF. The returned string is always \\0-terminated, * and may be truncated if the buffer is too small. * * @param s the read-only AVIOContext * @param buf buffer to store the read line * @param maxlen size of the buffer * @return the length of the string written in the buffer, not including the - * final \0 + * final \\0 */ int ff_get_line(AVIOContext *s, char *buf, int maxlen); From 07dc4a79c701a4fd41d0973df1ab56333895faed Mon Sep 17 00:00:00 2001 From: Diego Biurrun Date: Sun, 3 Jul 2011 16:35:10 +0200 Subject: [PATCH 083/652] RTSP: Doxygen comment cleanup Do not use Doxygen for comments that apply to specific implementation details; merge some duplicated Doxygen comment blocks. (cherry picked from commit f75e3da535f297ddbe501ce866e57ccca7645455) --- libavformat/rtsp.c | 18 +++++------------- libavformat/rtsp.h | 6 ++++-- 2 files changed, 9 insertions(+), 15 deletions(-) diff --git a/libavformat/rtsp.c b/libavformat/rtsp.c index eeea9be4a0..80cd587144 100644 --- a/libavformat/rtsp.c +++ b/libavformat/rtsp.c @@ -428,11 +428,6 @@ static void sdp_parse_line(AVFormatContext *s, SDPParseState *s1, } } -/** - * Parse the sdp description and allocate the rtp streams and the - * pollfd array used for udp ones. - */ - int ff_sdp_parse(AVFormatContext *s, const char *content) { RTSPState *rt = s->priv_data; @@ -1050,9 +1045,6 @@ retry: return 0; } -/** - * @return 0 on success, <0 on error, 1 if protocol is unavailable. - */ int ff_rtsp_make_setup_request(AVFormatContext *s, const char *host, int port, int lower_transport, const char *real_challenge) { @@ -1078,7 +1070,7 @@ int ff_rtsp_make_setup_request(AVFormatContext *s, const char *host, int port, for (j = RTSP_RTP_PORT_MIN, i = 0; i < rt->nb_rtsp_streams; ++i) { char transport[2048]; - /** + /* * WMS serves all UDP data over a single connection, the RTX, which * isn't necessarily the first in the SDP but has to be the first * to be set up, else the second/third SETUP will fail with a 461. @@ -1151,7 +1143,7 @@ int ff_rtsp_make_setup_request(AVFormatContext *s, const char *host, int port, /* RTP/TCP */ else if (lower_transport == RTSP_LOWER_TRANSPORT_TCP) { - /** For WMS streams, the application streams are only used for + /* For WMS streams, the application streams are only used for * UDP. When trying to set it up for TCP streams, the server * will return an error. Therefore, we skip those streams. */ if (rt->server_type == RTSP_SERVER_WMS && @@ -1482,14 +1474,14 @@ redirect: cmd[0] = 0; if (rt->server_type == RTSP_SERVER_REAL) av_strlcat(cmd, - /** + /* * The following entries are required for proper * streaming from a Realmedia server. They are * interdependent in some way although we currently * don't quite understand how. Values were copied * from mplayer SVN r23589. - * @param CompanyID is a 16-byte ID in base64 - * @param ClientChallenge is a 16-byte ID in hex + * ClientChallenge is a 16-byte ID in hex + * CompanyID is a 16-byte ID in base64 */ "ClientChallenge: 9e26d33f2984236010ef6253fb1887f7\r\n" "PlayerStarttime: [28/03/2003:22:50:23 00:00]\r\n" diff --git a/libavformat/rtsp.h b/libavformat/rtsp.h index 5eae6bf4f3..7d2460fe2f 100644 --- a/libavformat/rtsp.h +++ b/libavformat/rtsp.h @@ -505,8 +505,9 @@ int ff_rtsp_setup_input_streams(AVFormatContext *s, RTSPMessageHeader *reply); int ff_rtsp_setup_output_streams(AVFormatContext *s, const char *addr); /** - * Parse a SDP description of streams by populating an RTSPState struct - * within the AVFormatContext. + * Parse an SDP description of streams by populating an RTSPState struct + * within the AVFormatContext; also allocate the RTP streams and the + * pollfd array used for UDP streams. */ int ff_sdp_parse(AVFormatContext *s, const char *content); @@ -525,6 +526,7 @@ int ff_rtsp_fetch_packet(AVFormatContext *s, AVPacket *pkt); /** * Do the SETUP requests for each stream for the chosen * lower transport mode. + * @return 0 on success, <0 on error, 1 if protocol is unavailable */ int ff_rtsp_make_setup_request(AVFormatContext *s, const char *host, int port, int lower_transport, const char *real_challenge); From b9e126fbe2510523dece2fe5433cdd00ab52f2f5 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Mon, 27 Jun 2011 07:25:58 +0000 Subject: [PATCH 084/652] ffmpeg: Fix VDPAU decoding for some H264 samples. (cherry picked from commit a4ab70f92e4d8705434a2fee42a2b69a8bfa6bb1) --- libavcodec/vdpau.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/vdpau.c b/libavcodec/vdpau.c index 5f8f09186e..5312b4b852 100644 --- a/libavcodec/vdpau.c +++ b/libavcodec/vdpau.c @@ -183,7 +183,8 @@ void ff_vdpau_h264_picture_complete(MpegEncContext *s) render->info.h264.deblocking_filter_control_present_flag = h->pps.deblocking_filter_parameters_present; render->info.h264.redundant_pic_cnt_present_flag = h->pps.redundant_pic_cnt_present; memcpy(render->info.h264.scaling_lists_4x4, h->pps.scaling_matrix4, sizeof(render->info.h264.scaling_lists_4x4)); - memcpy(render->info.h264.scaling_lists_8x8, h->pps.scaling_matrix8, sizeof(render->info.h264.scaling_lists_8x8)); + memcpy(render->info.h264.scaling_lists_8x8[0], h->pps.scaling_matrix8[0], sizeof(render->info.h264.scaling_lists_8x8[0])); + memcpy(render->info.h264.scaling_lists_8x8[1], h->pps.scaling_matrix8[3], sizeof(render->info.h264.scaling_lists_8x8[0])); ff_draw_horiz_band(s, 0, s->avctx->height); render->bitstream_buffers_used = 0; From 46a2dc91753535ec36e5d743508a7b1b4602243e Mon Sep 17 00:00:00 2001 From: Robert Swain Date: Mon, 4 Jul 2011 08:44:49 +0200 Subject: [PATCH 085/652] vorbis: vpxenc: Add missing include for av_rescale* Signed-off-by: Mans Rullgard (cherry picked from commit 954a6532160b9eac7773613be105fd706d639ade) --- libavcodec/libvorbis.c | 1 + libavcodec/libvpxenc.c | 1 + 2 files changed, 2 insertions(+) diff --git a/libavcodec/libvorbis.c b/libavcodec/libvorbis.c index 88da705a32..85cb9c5989 100644 --- a/libavcodec/libvorbis.c +++ b/libavcodec/libvorbis.c @@ -30,6 +30,7 @@ #include "avcodec.h" #include "bytestream.h" #include "vorbis.h" +#include "libavutil/mathematics.h" #undef NDEBUG #include diff --git a/libavcodec/libvpxenc.c b/libavcodec/libvpxenc.c index 02f8135381..ca2e6157d5 100644 --- a/libavcodec/libvpxenc.c +++ b/libavcodec/libvpxenc.c @@ -30,6 +30,7 @@ #include "avcodec.h" #include "libavutil/base64.h" +#include "libavutil/mathematics.h" /** * Portion of struct vpx_codec_cx_pkt from vpx_encoder.h. From 8e3d264fb234db081436ab5b76525a355dc497db Mon Sep 17 00:00:00 2001 From: Christian Schmidt Date: Mon, 4 Jul 2011 10:41:04 +0100 Subject: [PATCH 086/652] libxvid: add missing include of libavutil/mathematics.h Signed-off-by: Mans Rullgard (cherry picked from commit 6c374bc0b40306c84e35a4002ab7fa96ace11c6c) --- libavcodec/libxvidff.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/libxvidff.c b/libavcodec/libxvidff.c index 1e887a2a8c..fd0aea58fa 100644 --- a/libavcodec/libxvidff.c +++ b/libavcodec/libxvidff.c @@ -30,6 +30,7 @@ #include "avcodec.h" #include "libavutil/cpu.h" #include "libavutil/intreadwrite.h" +#include "libavutil/mathematics.h" #include "libxvid_internal.h" #if !HAVE_MKSTEMP #include From 64e2656f7c6d03c11b8e65202fc803cf58c03e1a Mon Sep 17 00:00:00 2001 From: Diego Biurrun Date: Sun, 3 Jul 2011 16:09:37 +0200 Subject: [PATCH 087/652] doxygen: Fix documentation for some VP8 functions. (cherry picked from commit 3c432e1186443fae474fa4e8613fbc21fd8a6c63) --- libavcodec/vp8.c | 33 +++++++++++++++++++++++++++++---- 1 file changed, 29 insertions(+), 4 deletions(-) diff --git a/libavcodec/vp8.c b/libavcodec/vp8.c index 282d2fdb4e..5e331c9856 100644 --- a/libavcodec/vp8.c +++ b/libavcodec/vp8.c @@ -641,8 +641,6 @@ void decode_mb_mode(VP8Context *s, VP8Macroblock *mb, int mb_x, int mb_y, uint8_ * @param block destination for block coefficients * @param probs probabilities to use when reading trees from the bitstream * @param i initial coeff index, 0 unless a separate DC block is coded - * @param zero_nhood the initial prediction context for number of surrounding - * all-zero blocks (only left/top, so 0-2) * @param qmul array holding the dc/ac dequant factor at position 0/1 * @return 0 if no coeffs were decoded * otherwise, the index of the last coeff decoded plus one @@ -701,6 +699,17 @@ skip_eob: } #endif +/** + * @param c arithmetic bitstream reader context + * @param block destination for block coefficients + * @param probs probabilities to use when reading trees from the bitstream + * @param i initial coeff index, 0 unless a separate DC block is coded + * @param zero_nhood the initial prediction context for number of surrounding + * all-zero blocks (only left/top, so 0-2) + * @param qmul array holding the dc/ac dequant factor at position 0/1 + * @return 0 if no coeffs were decoded + * otherwise, the index of the last coeff decoded plus one + */ static av_always_inline int decode_block_coeffs(VP56RangeCoder *c, DCTELEM block[16], uint8_t probs[16][3][NUM_DCT_TOKENS-1], @@ -1034,10 +1043,9 @@ static const uint8_t subpel_idx[3][8] = { }; /** - * Generic MC function. + * luma MC function * * @param s VP8 decoding context - * @param luma 1 for luma (Y) planes, 0 for chroma (Cb/Cr) planes * @param dst target buffer for block data at block position * @param src reference picture buffer at origin (0, 0) * @param mv motion vector (relative to block position) to get pixel data from @@ -1083,6 +1091,23 @@ void vp8_mc_luma(VP8Context *s, uint8_t *dst, AVFrame *ref, const VP56mv *mv, } } +/** + * chroma MC function + * + * @param s VP8 decoding context + * @param dst1 target buffer for block data at block position (U plane) + * @param dst2 target buffer for block data at block position (V plane) + * @param ref reference picture buffer at origin (0, 0) + * @param mv motion vector (relative to block position) to get pixel data from + * @param x_off horizontal position of block from origin (0, 0) + * @param y_off vertical position of block from origin (0, 0) + * @param block_w width of block (16, 8 or 4) + * @param block_h height of block (always same as block_w) + * @param width width of src/dst plane data + * @param height height of src/dst plane data + * @param linesize size of a single line of plane data, including padding + * @param mc_func motion compensation function pointers (bilinear or sixtap MC) + */ static av_always_inline void vp8_mc_chroma(VP8Context *s, uint8_t *dst1, uint8_t *dst2, AVFrame *ref, const VP56mv *mv, int x_off, int y_off, From 683df9bf548da58e97365d61cf0338c5262ea6cc Mon Sep 17 00:00:00 2001 From: Diego Biurrun Date: Sun, 3 Jul 2011 19:40:34 +0200 Subject: [PATCH 088/652] Add LGPL license boilerplate to files lacking it. (cherry picked from commit e3759c567db42c8dff255ef9f7258326da470755) --- libavcodec/high_bit_depth.h | 18 ++++++++++++++++++ libavcodec/opt.h | 18 ++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/libavcodec/high_bit_depth.h b/libavcodec/high_bit_depth.h index 511cd00f3a..c0a6eafe89 100644 --- a/libavcodec/high_bit_depth.h +++ b/libavcodec/high_bit_depth.h @@ -1,3 +1,21 @@ +/* + * This file is part of Libav. + * + * Libav is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * Libav is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with Libav; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + #include "dsputil.h" #ifndef BIT_DEPTH diff --git a/libavcodec/opt.h b/libavcodec/opt.h index 70de27d192..2380e74332 100644 --- a/libavcodec/opt.h +++ b/libavcodec/opt.h @@ -1,3 +1,21 @@ +/* + * This file is part of Libav. + * + * Libav is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * Libav is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with Libav; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + /** * @file * This header is provided for compatibility only and will be removed From 5a33a29a91fe0c3fc30eb89a0675258f538c6af8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Mon, 4 Jul 2011 02:57:47 +0200 Subject: [PATCH 089/652] oggdec: Abort Ogg header parsing when encountering a data packet. Fixes Bugzilla #11. Signed-off-by: Diego Biurrun (cherry picked from commit 0a94020b5b073d1abf442e28b6db3be785aa680a) --- libavformat/oggdec.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/libavformat/oggdec.c b/libavformat/oggdec.c index 998a33b43c..49f24e9b9b 100644 --- a/libavformat/oggdec.c +++ b/libavformat/oggdec.c @@ -373,8 +373,7 @@ static int ogg_packet(AVFormatContext *s, int *str, int *dstart, int *dsize, // We have reached the first non-header packet in this stream. // Unfortunately more header packets may still follow for others, - // so we reset this later unless we are done with the headers - // for all streams. + // but if we continue with header parsing we may lose data packets. ogg->headers = 1; // Update the header state for all streams and @@ -383,8 +382,6 @@ static int ogg_packet(AVFormatContext *s, int *str, int *dstart, int *dsize, s->data_offset = os->sync_pos; for (i = 0; i < ogg->nstreams; i++) { struct ogg_stream *cur_os = ogg->streams + i; - if (cur_os->header > 0) - ogg->headers = 0; // if we have a partial non-header packet, its start is // obviously at or after the data start From cd63c32ff6f6a24dc971a0bb2ca8f8a4f57e79da Mon Sep 17 00:00:00 2001 From: Chris Evans Date: Wed, 29 Jun 2011 15:44:40 -0700 Subject: [PATCH 090/652] oggdec: prevent heap corruption. Specifically crafted samples can reinit ogg->streams[] while reading samples, and thus we should not cache old pointers since these may no longer be valid. Signed-off-by: Ronald S. Bultje (cherry picked from commit 4cc3467e7abfea7e8d03b6af511f7719038a5a98) --- libavformat/oggdec.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavformat/oggdec.c b/libavformat/oggdec.c index 49f24e9b9b..25f5cd8b2d 100644 --- a/libavformat/oggdec.c +++ b/libavformat/oggdec.c @@ -583,15 +583,15 @@ static int64_t ogg_read_timestamp(AVFormatContext *s, int stream_index, int64_t *pos_arg, int64_t pos_limit) { struct ogg *ogg = s->priv_data; - struct ogg_stream *os = ogg->streams + stream_index; AVIOContext *bc = s->pb; int64_t pts = AV_NOPTS_VALUE; - int i; + int i = -1; avio_seek(bc, *pos_arg, SEEK_SET); ogg_reset(ogg); while (avio_tell(bc) < pos_limit && !ogg_packet(s, &i, NULL, NULL, pos_arg)) { if (i == stream_index) { + struct ogg_stream *os = ogg->streams + stream_index; pts = ogg_calc_pts(s, i, NULL); if (os->keyframe_seek && !(os->pflags & AV_PKT_FLAG_KEY)) pts = AV_NOPTS_VALUE; @@ -617,6 +617,7 @@ static int ogg_read_seek(AVFormatContext *s, int stream_index, os->keyframe_seek = 1; ret = av_seek_frame_binary(s, stream_index, timestamp, flags); + os = ogg->streams + stream_index; if (ret < 0) os->keyframe_seek = 0; return ret; From 004194f465385c743adc2e52cdb726d8f70f6c0e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Storsj=C3=B6?= Date: Thu, 7 Jul 2011 09:51:57 +0300 Subject: [PATCH 091/652] docs: Remove needless configure options MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Specifying --enable-static --disable-shared isn't necessary, these are the defaults. Signed-off-by: Martin Storsjö --- doc/general.texi | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/general.texi b/doc/general.texi index 775bf5d03f..dbc7faf7a8 100644 --- a/doc/general.texi +++ b/doc/general.texi @@ -1024,7 +1024,7 @@ diffutils Then run @example -./configure --enable-static --disable-shared +./configure @end example to make a static build. @@ -1071,7 +1071,7 @@ and add some special flags to your configure invocation. For a static build run @example -./configure --target-os=mingw32 --enable-memalign-hack --enable-static --disable-shared --extra-cflags=-mno-cygwin --extra-libs=-mno-cygwin +./configure --target-os=mingw32 --extra-cflags=-mno-cygwin --extra-libs=-mno-cygwin @end example and for a build with shared libraries From 5c2d7c4dc8b8618f6586e220f4af6e4baae6dac2 Mon Sep 17 00:00:00 2001 From: Reinhard Tartler Date: Tue, 12 Jul 2011 18:09:55 +0200 Subject: [PATCH 092/652] docs: Don't recommend adding --enable-memalign-hack MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It is enabled automatically when required nowadays. Signed-off-by: Martin Storsjö (cherry picked from commit 9d36139231bfcf155a1b94f61a420768f1771174) --- doc/general.texi | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/general.texi b/doc/general.texi index dbc7faf7a8..93f563e1bf 100644 --- a/doc/general.texi +++ b/doc/general.texi @@ -949,7 +949,7 @@ MSVC++-compatible import libraries. @item Build Libav with @example -./configure --enable-shared --enable-memalign-hack +./configure --enable-shared make make install @end example @@ -1076,7 +1076,7 @@ For a static build run and for a build with shared libraries @example -./configure --target-os=mingw32 --enable-memalign-hack --enable-shared --disable-static --extra-cflags=-mno-cygwin --extra-libs=-mno-cygwin +./configure --target-os=mingw32 --enable-shared --disable-static --extra-cflags=-mno-cygwin --extra-libs=-mno-cygwin @end example @bye From a52c615a421d497614020df4e04d91e18fc8c0a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Storsj=C3=B6?= Date: Fri, 8 Jul 2011 13:37:54 +0300 Subject: [PATCH 093/652] docs: Use proper markup for a literal command line option MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Storsjö (cherry picked from commit a3a94e1498685480800c22fc3ffa20d42ccfd527) --- doc/general.texi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/general.texi b/doc/general.texi index 93f563e1bf..a35c809000 100644 --- a/doc/general.texi +++ b/doc/general.texi @@ -986,7 +986,7 @@ extern __declspec(dllimport) const AVPixFmtDescriptor av_pix_fmt_descriptors[]; Note that using import libraries created by dlltool requires the linker optimization option to be set to -"References: Keep Unreferenced Data (/OPT:NOREF)", otherwise +"References: Keep Unreferenced Data (@code{/OPT:NOREF})", otherwise the resulting binaries will fail during runtime. This isn't required when using import libraries generated by lib.exe. From 0156f4f9da2577b32ebbb191047d7ff0ca613c44 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Storsj=C3=B6?= Date: Fri, 8 Jul 2011 11:00:01 +0300 Subject: [PATCH 094/652] docs: Mention the upstream bugzilla url about the dlltool vs MSVC issue MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Storsjö (cherry picked from commit b369f327d5e6b01a4cae9e2726df7c73b2893eba) --- doc/general.texi | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/general.texi b/doc/general.texi index a35c809000..da6b62110e 100644 --- a/doc/general.texi +++ b/doc/general.texi @@ -989,6 +989,8 @@ the linker optimization option to be set to "References: Keep Unreferenced Data (@code{/OPT:NOREF})", otherwise the resulting binaries will fail during runtime. This isn't required when using import libraries generated by lib.exe. +This issue is reported upstream at +@url{http://sourceware.org/bugzilla/show_bug.cgi?id=12633}. @subsection Cross compilation for Windows with Linux From dc1b670a2c34a0e1c5c0ba9531dfc8f5a6746a0b Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Sun, 10 Jul 2011 21:23:09 -0700 Subject: [PATCH 095/652] vp8/mt: flush worker thread, not application thread context, on seek. This prevents a crash when seeking. (cherry picked from commit d1cf45911935cc4fed9afd3a37d99616d31eb9da) --- libavcodec/pthread.c | 9 ++++++--- libavcodec/utils.c | 2 +- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/libavcodec/pthread.c b/libavcodec/pthread.c index 08ef4ba0c2..9fea9a0afc 100644 --- a/libavcodec/pthread.c +++ b/libavcodec/pthread.c @@ -746,9 +746,12 @@ void ff_thread_flush(AVCodecContext *avctx) if (!avctx->thread_opaque) return; park_frame_worker_threads(fctx, avctx->thread_count); - - if (fctx->prev_thread) - update_context_from_thread(fctx->threads->avctx, fctx->prev_thread->avctx, 0); + if (fctx->prev_thread) { + if (fctx->prev_thread != &fctx->threads[0]) + update_context_from_thread(fctx->threads[0].avctx, fctx->prev_thread->avctx, 0); + if (avctx->codec->flush) + avctx->codec->flush(fctx->threads[0].avctx); + } fctx->next_decoding = fctx->next_finished = 0; fctx->delaying = 1; diff --git a/libavcodec/utils.c b/libavcodec/utils.c index c32fda26ec..bbed7263ab 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -1058,7 +1058,7 @@ void avcodec_flush_buffers(AVCodecContext *avctx) { if(HAVE_PTHREADS && avctx->active_thread_type&FF_THREAD_FRAME) ff_thread_flush(avctx); - if(avctx->codec->flush) + else if(avctx->codec->flush) avctx->codec->flush(avctx); } From 5e3578893a06644e226bcfefc726b60e2d75a890 Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Sun, 10 Jul 2011 17:28:28 -0700 Subject: [PATCH 096/652] mt: proper locking around release_buffer calls. This fixes a crash when seeking in some webm files with many threads (e.g. 8). (cherry picked from commit 5eafc8b46644764f8aef1b7b2ecae53ee8034822) --- libavcodec/pthread.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/libavcodec/pthread.c b/libavcodec/pthread.c index 9fea9a0afc..e546c21ddd 100644 --- a/libavcodec/pthread.c +++ b/libavcodec/pthread.c @@ -408,9 +408,10 @@ static void release_delayed_buffers(PerThreadContext *p) FrameThreadContext *fctx = p->parent; while (p->num_released_buffers > 0) { - AVFrame *f = &p->released_buffers[--p->num_released_buffers]; + AVFrame *f; pthread_mutex_lock(&fctx->buffer_mutex); + f = &p->released_buffers[--p->num_released_buffers]; free_progress(f); f->thread_opaque = NULL; @@ -839,6 +840,7 @@ int ff_thread_get_buffer(AVCodecContext *avctx, AVFrame *f) void ff_thread_release_buffer(AVCodecContext *avctx, AVFrame *f) { PerThreadContext *p = avctx->thread_opaque; + FrameThreadContext *fctx; if (!(avctx->active_thread_type&FF_THREAD_FRAME)) { avctx->release_buffer(avctx, f); @@ -854,7 +856,10 @@ void ff_thread_release_buffer(AVCodecContext *avctx, AVFrame *f) av_log(avctx, AV_LOG_DEBUG, "thread_release_buffer called on pic %p, %d buffers used\n", f, f->owner->internal_buffer_count); + fctx = p->parent; + pthread_mutex_lock(&fctx->buffer_mutex); p->released_buffers[p->num_released_buffers++] = *f; + pthread_mutex_unlock(&fctx->buffer_mutex); memset(f->data, 0, sizeof(f->data)); } From 2bbd81fba310aa34f2973f5dcff0f13bac1fd9b1 Mon Sep 17 00:00:00 2001 From: Reinhard Tartler Date: Mon, 4 Jul 2011 12:11:40 +0200 Subject: [PATCH 097/652] update Changelog --- Changelog | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Changelog b/Changelog index 1c6952c394..d3a1fb4026 100644 --- a/Changelog +++ b/Changelog @@ -6,10 +6,12 @@ version 0.7.1: - added various additional FOURCC codec identifiers - H.264 4:4:4 fixes -- build system fixes -- Doxygen corrections and improvements +- build system and compilation fixes +- Doxygen and general documentation corrections and improvements - fixed segfault in ffprobe - behavioral fix in av_open_input_stream() +- Licensing clarification for LGPL'ed vf_gradfun +- bugfixes while seeking in multithreaded decoding version 0.7: From 9459390f29ec6df63ff1878f13b7b4343811948a Mon Sep 17 00:00:00 2001 From: Reinhard Tartler Date: Tue, 12 Jul 2011 18:31:28 +0200 Subject: [PATCH 098/652] Update RELEASE file --- RELEASE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/RELEASE b/RELEASE index eb49d7c7fd..39e898a4f9 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -0.7 +0.7.1 From c29c609e0f4bf3fea29104c689c11f7dda499135 Mon Sep 17 00:00:00 2001 From: John Stebbins Date: Fri, 1 Jul 2011 08:57:42 -0700 Subject: [PATCH 099/652] matroskadec: matroska_read_seek after after EBML_STOP leads to failure. EBML_STOP leaves matroska->current_id set. Then matroska_read_seek changes the stream position without resetting current_id. The next matroska_parse_cluster fails due to calculation of incorrect pos. So clear current_id when avio_seek happens in matroska_read_seek. Signed-off-by: Ronald S. Bultje (cherry picked from commit cdc2c1c57616956d975c57b4b69eb73865f513f5) --- libavformat/matroskadec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index 57a8f624b8..60f6c6985b 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -1903,6 +1903,7 @@ static int matroska_read_seek(AVFormatContext *s, int stream_index, if ((index = av_index_search_timestamp(st, timestamp, flags)) < 0) { avio_seek(s->pb, st->index_entries[st->nb_index_entries-1].pos, SEEK_SET); + matroska->current_id = 0; while ((index = av_index_search_timestamp(st, timestamp, flags)) < 0) { matroska_clear_queue(matroska); if (matroska_parse_cluster(matroska) < 0) @@ -1931,6 +1932,7 @@ static int matroska_read_seek(AVFormatContext *s, int stream_index, } avio_seek(s->pb, st->index_entries[index_min].pos, SEEK_SET); + matroska->current_id = 0; matroska->skip_to_keyframe = !(flags & AVSEEK_FLAG_ANY); matroska->skip_to_timecode = st->index_entries[index].timestamp; matroska->done = 0; From 3749066dd83abb3aaca748c0ef949e9c3494ba44 Mon Sep 17 00:00:00 2001 From: Diego Biurrun Date: Sat, 9 Jul 2011 20:15:29 +0200 Subject: [PATCH 100/652] doc: Remove outdated comments about gcc 2.95 and gcc 3.3 support. (cherry picked from commit 5ccbf80963c1cc54aed97b1c81b1657ab91baf6a) --- doc/developer.texi | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/doc/developer.texi b/doc/developer.texi index 37b9f3e889..244ded71ec 100644 --- a/doc/developer.texi +++ b/doc/developer.texi @@ -60,10 +60,8 @@ These features are supported by all compilers we care about, so we will not accept patches to remove their use unless they absolutely do not impair clarity and performance. -All code must compile with GCC 2.95 and GCC 3.3. Currently, Libav also -compiles with several other compilers, such as the Compaq ccc compiler -or Sun Studio 9, and we would like to keep it that way unless it would -be exceedingly involved. To ensure compatibility, please do not use any +All code must compile with recent versions of GCC and a number of other +currently supported compilers. To ensure compatibility, please do not use additional C99 features or GCC extensions. Especially watch out for: @itemize @bullet @item From b57c6d1a4cc019f2ec899f780b30e7fd1a0dd019 Mon Sep 17 00:00:00 2001 From: Diego Biurrun Date: Sat, 9 Jul 2011 17:43:53 +0200 Subject: [PATCH 101/652] changelog: misc typo and wording fixes (cherry picked from commit b047941d7da470ba0dcedb1fd0aa828075265ffc) --- Changelog | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/Changelog b/Changelog index d3a1fb4026..9f3cb09543 100644 --- a/Changelog +++ b/Changelog @@ -18,23 +18,23 @@ version 0.7: - E-AC-3 audio encoder - ac3enc: add channel coupling support -- floating-point sample format support to the ac3, eac3, dca, aac, and vorbis decoders. -- H264/MPEG frame-level multi-threading -- All av_metadata_* functions renamed to av_dict_* and moved to libavutil +- floating-point sample format support for (E-)AC-3, DCA, AAC, Vorbis decoders +- H.264/MPEG frame-level multithreading +- av_metadata_* functions renamed to av_dict_* and moved to libavutil - 4:4:4 H.264 decoding support - 10-bit H.264 optimizations for x86 -- Bump libswscale for recently reported ABI break +- bump libswscale for recently reported ABI break version 0.7_beta2: -- VP8 frame-multithreading +- VP8 frame-level multithreading - NEON optimizations for VP8 -- Lots of deprecated API cruft removed -- fft and imdct optimizations for AVX (Sandy Bridge) processors +- removed a lot of deprecated API cruft +- FFT and IMDCT optimizations for AVX (Sandy Bridge) processors - DPX image encoder - SMPTE 302M AES3 audio decoder -- Remove support for quitting ffmpeg with 'q', ctrl+c should be used. +- ffmpeg no longer quits after the 'q' key is pressed; use 'ctrl+c' instead - 9bit and 10bit per sample support in the H.264 decoder @@ -87,10 +87,10 @@ version 0.7_beta1: - demuxer for receiving raw rtp:// URLs without an SDP description - single stream LATM/LOAS decoder - setpts filter added -- Win64 support for optimized asm functions +- Win64 support for optimized x86 assembly functions - MJPEG/AVI1 to JPEG/JFIF bitstream filter - ASS subtitle encoder and decoder -- IEC 61937 encapsulation for E-AC3, TrueHD, DTS-HD (for HDMI passthrough) +- IEC 61937 encapsulation for E-AC-3, TrueHD, DTS-HD (for HDMI passthrough) - overlay filter added - rename aspect filter to setdar, and pixelaspect to setsar - IEC 61937 demuxer From 896f80f82ced236f35c286ae0b3c700044b6bfb8 Mon Sep 17 00:00:00 2001 From: Diego Biurrun Date: Mon, 20 Jun 2011 18:41:11 +0200 Subject: [PATCH 102/652] build: Create mlib optimization directories during out-of-tree builds. --- configure | 2 ++ 1 file changed, 2 insertions(+) diff --git a/configure b/configure index b3c20350df..5e40e083a0 100755 --- a/configure +++ b/configure @@ -3207,6 +3207,7 @@ if enabled source_path_used; then doc libavcodec libavcodec/$arch + libavcodec/mlib libavdevice libavfilter libavfilter/$arch @@ -3216,6 +3217,7 @@ if enabled source_path_used; then libpostproc libswscale libswscale/$arch + libswscale/mlib tests tools " From 0b4840af0c42f96e6057ec56919f16f7fbcae3d9 Mon Sep 17 00:00:00 2001 From: Stefano Sabatini Date: Fri, 15 Jul 2011 15:40:31 +0200 Subject: [PATCH 103/652] vf_libopencv: replace opencv/cxtypes.h #include by opencv/cxcore.h cxtypes.h works with version 2.1 and older, cxcore.h works with 2.2 and older. Signed-off-by: Diego Biurrun (cherry picked from commit 9bc8bcddbd4fc394e2268e9849dcbf3bad6de980) --- Changelog | 1 + libavfilter/vf_libopencv.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/Changelog b/Changelog index 9f3cb09543..35804f899b 100644 --- a/Changelog +++ b/Changelog @@ -12,6 +12,7 @@ version 0.7.1: - behavioral fix in av_open_input_stream() - Licensing clarification for LGPL'ed vf_gradfun - bugfixes while seeking in multithreaded decoding +- support newer versions of OpenCV version 0.7: diff --git a/libavfilter/vf_libopencv.c b/libavfilter/vf_libopencv.c index 5a52f246ba..6e343af7ef 100644 --- a/libavfilter/vf_libopencv.c +++ b/libavfilter/vf_libopencv.c @@ -26,7 +26,7 @@ /* #define DEBUG */ #include -#include +#include #include "libavutil/avstring.h" #include "libavutil/file.h" #include "avfilter.h" From 20829cf8a26a00c840c70f12224843e079c10ee6 Mon Sep 17 00:00:00 2001 From: Mans Rullgard Date: Sun, 17 Jul 2011 15:27:14 +0100 Subject: [PATCH 104/652] ffmpeg: fix operation with --disable-avfilter The width and height must be copied from the input before being used. Signed-off-by: Mans Rullgard (cherry picked from commit e9f98c90229999c0e654bd77af55d7020347440a) --- ffmpeg.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/ffmpeg.c b/ffmpeg.c index 2ed2802333..c1db3d5679 100644 --- a/ffmpeg.c +++ b/ffmpeg.c @@ -2206,6 +2206,12 @@ static int transcode(AVFormatContext **output_files, fprintf(stderr, "Video pixel format is unknown, stream cannot be encoded\n"); ffmpeg_exit(1); } + + if (!codec->width || !codec->height) { + codec->width = icodec->width; + codec->height = icodec->height; + } + ost->video_resample = codec->width != icodec->width || codec->height != icodec->height || codec->pix_fmt != icodec->pix_fmt; @@ -2232,10 +2238,7 @@ static int transcode(AVFormatContext **output_files, #endif codec->bits_per_raw_sample= 0; } - if (!codec->width || !codec->height) { - codec->width = icodec->width; - codec->height = icodec->height; - } + ost->resample_height = icodec->height; ost->resample_width = icodec->width; ost->resample_pix_fmt= icodec->pix_fmt; From 5fab0ccd81df0bc3fd6d16756006c260fdbca6e7 Mon Sep 17 00:00:00 2001 From: Chris Evans Date: Tue, 19 Jul 2011 17:51:48 -0700 Subject: [PATCH 105/652] matroskadec: fix integer underflow if header length < probe length. This fixes a crash with specifically crafted files. Signed-off-by: Ronald S. Bultje (cherry picked from commit 69619a13c3fef940cba545cf0a283ff22771dd71) --- libavformat/matroskadec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index 60f6c6985b..f74f76cb8a 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -900,6 +900,8 @@ static int matroska_probe(AVProbeData *p) * Not fully fool-proof, but good enough. */ for (i = 0; i < FF_ARRAY_ELEMS(matroska_doctypes); i++) { int probelen = strlen(matroska_doctypes[i]); + if (total < probelen) + continue; for (n = 4+size; n <= 4+size+total-probelen; n++) if (!memcmp(p->buf+n, matroska_doctypes[i], probelen)) return AVPROBE_SCORE_MAX; From c02b02d725153e4f5b612d2af256024cf1bb9bd9 Mon Sep 17 00:00:00 2001 From: Reinhard Tartler Date: Thu, 21 Jul 2011 09:27:23 +0200 Subject: [PATCH 106/652] Update Changelog --- Changelog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Changelog b/Changelog index 35804f899b..1598336e55 100644 --- a/Changelog +++ b/Changelog @@ -13,7 +13,8 @@ version 0.7.1: - Licensing clarification for LGPL'ed vf_gradfun - bugfixes while seeking in multithreaded decoding - support newer versions of OpenCV - +- ffmpeg: fix operation with --disable-avfilter +- fixed integer underflow in matroska decoder version 0.7: From a05219d801cdf0fd83301e893301e9f6ba0ab6ed Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Fri, 22 Jul 2011 10:13:22 -0700 Subject: [PATCH 107/652] riff: Add mpgv MPEG-2 fourcc Supported by mplayer and seen in the wild. (cherry picked from commit 505345ed5d180093a44da8d70ac541898c31c22f) --- libavformat/riff.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavformat/riff.c b/libavformat/riff.c index 817349cb82..0df569e2e3 100644 --- a/libavformat/riff.c +++ b/libavformat/riff.c @@ -130,6 +130,7 @@ const AVCodecTag ff_codec_bmp_tags[] = { { CODEC_ID_MPEG2VIDEO, MKTAG('s', 'l', 'i', 'f') }, { CODEC_ID_MPEG2VIDEO, MKTAG('E', 'M', '2', 'V') }, { CODEC_ID_MPEG2VIDEO, MKTAG('M', '7', '0', '1') }, /* Matrox MPEG2 intra-only */ + { CODEC_ID_MPEG2VIDEO, MKTAG('m', 'p', 'g', 'v') }, { CODEC_ID_MJPEG, MKTAG('M', 'J', 'P', 'G') }, { CODEC_ID_MJPEG, MKTAG('L', 'J', 'P', 'G') }, { CODEC_ID_MJPEG, MKTAG('d', 'm', 'b', '1') }, From f54b8f848287e5f3a41e629bc035ff60a31abbbc Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 25 Jul 2011 15:50:13 +0200 Subject: [PATCH 108/652] udp: allow fifo size to be tuned seperately Signed-off-by: Michael Niedermayer (cherry picked from commit bd652ff66e2062df5a05030f211c23e7d4e0be36) --- libavformat/udp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/udp.c b/libavformat/udp.c index 7c18fb7bf0..c2ff76ae2d 100644 --- a/libavformat/udp.c +++ b/libavformat/udp.c @@ -426,7 +426,7 @@ static int udp_open(URLContext *h, const char *uri, int flags) if (av_find_info_tag(buf, sizeof(buf), "connect", p)) { s->is_connected = strtol(buf, NULL, 10); } - if (av_find_info_tag(buf, sizeof(buf), "buf_size", p)) { + if (av_find_info_tag(buf, sizeof(buf), "fifo_size", p)) { s->circular_buffer_size = strtol(buf, NULL, 10)*188; } } From 6d75dbebc0b7af64cbac62cf32ee5ac0911cbfaa Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 25 Jul 2011 15:50:56 +0200 Subject: [PATCH 109/652] rtp: disable udp fifos, the rtp code cannot work with the fifos in its current form as rtp bypasses the public API. Signed-off-by: Michael Niedermayer (cherry picked from commit 158eb8599a2811ad8eed9939878982f172b79a89) --- libavformat/rtpproto.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavformat/rtpproto.c b/libavformat/rtpproto.c index 8b23f25c46..89c59cb877 100644 --- a/libavformat/rtpproto.c +++ b/libavformat/rtpproto.c @@ -115,6 +115,7 @@ static void build_udp_url(char *buf, int buf_size, url_add_option(buf, buf_size, "pkt_size=%d", max_packet_size); if (connect) url_add_option(buf, buf_size, "connect=1"); + url_add_option(buf, buf_size, "fifo_size=0"); } /** From a8d89df367859e5addd8bdbbebb4d787493397da Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 26 Jul 2011 01:01:06 +0200 Subject: [PATCH 110/652] Fix version numbers Signed-off-by: Michael Niedermayer --- Doxyfile | 2 +- RELEASE | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Doxyfile b/Doxyfile index 3aca291a15..dbadd98d15 100644 --- a/Doxyfile +++ b/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 0.7.1 +PROJECT_NUMBER = 0.8.1 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. diff --git a/RELEASE b/RELEASE index 39e898a4f9..6f4eebdf6f 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -0.7.1 +0.8.1 From dcf1830a15a1e9ad1e16086369d55d8cb3a14e83 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Tue, 26 Jul 2011 21:58:10 +0200 Subject: [PATCH 111/652] For FFmpeg 0.7 branch: Treat AV_SAMPLE_FMT_NONE as S16 for encoders. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This fixes compatibility with e.g. pcm_a52 ALSA plugin which in previous versions never set sample_fmt. Signed-off-by: Reimar Döffinger --- libavcodec/utils.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index 028a3a1532..b61fb75274 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -585,6 +585,8 @@ int attribute_align_arg avcodec_open(AVCodecContext *avctx, AVCodec *codec) if (avctx->codec->encode) { int i; if (avctx->codec->sample_fmts) { + if (avctx->sample_fmt == AV_SAMPLE_FMT_NONE) + avctx->sample_fmt = AV_SAMPLE_FMT_S16; for (i = 0; avctx->codec->sample_fmts[i] != AV_SAMPLE_FMT_NONE; i++) if (avctx->sample_fmt == avctx->codec->sample_fmts[i]) break; From 609d299ed06c2b00cc289129e0de7b2d57b2ab3d Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 27 Jul 2011 12:51:28 +0200 Subject: [PATCH 112/652] update version for 0.7.2 Signed-off-by: Michael Niedermayer --- RELEASE | 2 +- VERSION | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/RELEASE b/RELEASE index 6f4eebdf6f..7486fdbc50 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -0.8.1 +0.7.2 diff --git a/VERSION b/VERSION index 39e898a4f9..7486fdbc50 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.7.1 +0.7.2 From 893cf1b1ae2bc9c7987d5015a421cd2e09d06443 Mon Sep 17 00:00:00 2001 From: Baptiste Coudurier Date: Sun, 26 Jun 2011 14:01:00 -0700 Subject: [PATCH 113/652] ffmpeg: fix prototypes of functions after the removal of OPT_FUNC2. (cherry picked from commit 90a40b226a5c90e48da8041294c3782de6ee61fc) --- ffmpeg.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ffmpeg.c b/ffmpeg.c index c6885d886b..a00d94ec70 100644 --- a/ffmpeg.c +++ b/ffmpeg.c @@ -4074,13 +4074,13 @@ static void parse_matrix_coeffs(uint16_t *dest, const char *str) } } -static void opt_inter_matrix(const char *arg) +static void opt_inter_matrix(const char *opt, const char *arg) { inter_matrix = av_mallocz(sizeof(uint16_t) * 64); parse_matrix_coeffs(inter_matrix, arg); } -static void opt_intra_matrix(const char *arg) +static void opt_intra_matrix(const char *opt, const char *arg) { intra_matrix = av_mallocz(sizeof(uint16_t) * 64); parse_matrix_coeffs(intra_matrix, arg); @@ -4378,7 +4378,7 @@ static void log_callback_null(void* ptr, int level, const char* fmt, va_list vl) { } -static void opt_passlogfile(const char *arg) +static void opt_passlogfile(const char *opt, const char *arg) { pass_logfilename_prefix = arg; opt_default("passlogfile", arg); From b55b34f86218fcd46629b85f27cba3265f2dd62f Mon Sep 17 00:00:00 2001 From: Baptiste Coudurier Date: Sun, 26 Jun 2011 14:01:00 -0700 Subject: [PATCH 114/652] ffmpeg: fix prototypes of functions after the removal of OPT_FUNC2. (cherry picked from commit 90a40b226a5c90e48da8041294c3782de6ee61fc) --- ffmpeg.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ffmpeg.c b/ffmpeg.c index acd4b36a2c..3a1a150b6c 100644 --- a/ffmpeg.c +++ b/ffmpeg.c @@ -4075,13 +4075,13 @@ static void parse_matrix_coeffs(uint16_t *dest, const char *str) } } -static void opt_inter_matrix(const char *arg) +static void opt_inter_matrix(const char *opt, const char *arg) { inter_matrix = av_mallocz(sizeof(uint16_t) * 64); parse_matrix_coeffs(inter_matrix, arg); } -static void opt_intra_matrix(const char *arg) +static void opt_intra_matrix(const char *opt, const char *arg) { intra_matrix = av_mallocz(sizeof(uint16_t) * 64); parse_matrix_coeffs(intra_matrix, arg); @@ -4379,7 +4379,7 @@ static void log_callback_null(void* ptr, int level, const char* fmt, va_list vl) { } -static void opt_passlogfile(const char *arg) +static void opt_passlogfile(const char *opt, const char *arg) { pass_logfilename_prefix = arg; opt_default("passlogfile", arg); From 7e33a66c0e178c3576c1ba1648be4295809adca8 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 28 Jul 2011 14:59:54 +0200 Subject: [PATCH 115/652] Fix several security issues in matroskadec.c (MSVR-11-0080). Whitespace of the patch cleaned up by Aurel Some of the issues have been reported by Steve Manzuik / Microsoft Vulnerability Research (MSVR) Signed-off-by: Michael Niedermayer (cherry picked from commit 956c901c68eff78288f40e3c8f41ee2fa081d4a8) --- libavformat/matroskadec.c | 32 ++++++++++++++++++++++++-------- 1 file changed, 24 insertions(+), 8 deletions(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index f0fa4dab4d..0451071a57 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -826,11 +826,15 @@ static int ebml_parse_elem(MatroskaDemuxContext *matroska, uint32_t id = syntax->id; uint64_t length; int res; + void *newelem; data = (char *)data + syntax->data_offset; if (syntax->list_elem_size) { EbmlList *list = data; - list->elem = av_realloc(list->elem, (list->nb_elem+1)*syntax->list_elem_size); + newelem = av_realloc(list->elem, (list->nb_elem+1)*syntax->list_elem_size); + if (!newelem) + return AVERROR(ENOMEM); + list->elem = newelem; data = (char*)list->elem + list->nb_elem*syntax->list_elem_size; memset(data, 0, syntax->list_elem_size); list->nb_elem++; @@ -992,7 +996,10 @@ static int matroska_decode_buffer(uint8_t** buf, int* buf_size, pkt_data = av_realloc(pkt_data, pkt_size); zstream.avail_out = pkt_size - zstream.total_out; zstream.next_out = pkt_data + zstream.total_out; - result = inflate(&zstream, Z_NO_FLUSH); + if (pkt_data) { + result = inflate(&zstream, Z_NO_FLUSH); + } else + result = Z_MEM_ERROR; } while (result==Z_OK && pkt_size<10000000); pkt_size = zstream.total_out; inflateEnd(&zstream); @@ -1013,7 +1020,10 @@ static int matroska_decode_buffer(uint8_t** buf, int* buf_size, pkt_data = av_realloc(pkt_data, pkt_size); bzstream.avail_out = pkt_size - bzstream.total_out_lo32; bzstream.next_out = pkt_data + bzstream.total_out_lo32; - result = BZ2_bzDecompress(&bzstream); + if (pkt_data) { + result = BZ2_bzDecompress(&bzstream); + } else + result = BZ_MEM_ERROR; } while (result==BZ_OK && pkt_size<10000000); pkt_size = bzstream.total_out_lo32; BZ2_bzDecompressEnd(&bzstream); @@ -1066,13 +1076,17 @@ static void matroska_fix_ass_packet(MatroskaDemuxContext *matroska, } } -static void matroska_merge_packets(AVPacket *out, AVPacket *in) +static int matroska_merge_packets(AVPacket *out, AVPacket *in) { - out->data = av_realloc(out->data, out->size+in->size); + void *newdata = av_realloc(out->data, out->size+in->size); + if (!newdata) + return AVERROR(ENOMEM); + out->data = newdata; memcpy(out->data+out->size, in->data, in->size); out->size += in->size; av_destruct_packet(in); av_free(in); + return 0; } static void matroska_convert_tag(AVFormatContext *s, EbmlList *list, @@ -1626,11 +1640,13 @@ static int matroska_deliver_packet(MatroskaDemuxContext *matroska, memcpy(pkt, matroska->packets[0], sizeof(AVPacket)); av_free(matroska->packets[0]); if (matroska->num_packets > 1) { + void *newpackets; memmove(&matroska->packets[0], &matroska->packets[1], (matroska->num_packets - 1) * sizeof(AVPacket *)); - matroska->packets = - av_realloc(matroska->packets, (matroska->num_packets - 1) * - sizeof(AVPacket *)); + newpackets = av_realloc(matroska->packets, + (matroska->num_packets - 1) * sizeof(AVPacket *)); + if (newpackets) + matroska->packets = newpackets; } else { av_freep(&matroska->packets); } From cb8577a4dac816f264da294ee354311899b10032 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 28 Jul 2011 14:59:54 +0200 Subject: [PATCH 116/652] Fix several security issues in matroskadec.c (MSVR-11-0080). Whitespace of the patch cleaned up by Aurel Some of the issues have been reported by Steve Manzuik / Microsoft Vulnerability Research (MSVR) Signed-off-by: Michael Niedermayer (cherry picked from commit 956c901c68eff78288f40e3c8f41ee2fa081d4a8) --- libavformat/matroskadec.c | 32 ++++++++++++++++++++++++-------- 1 file changed, 24 insertions(+), 8 deletions(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index a88811f2cd..7e9b750959 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -826,11 +826,15 @@ static int ebml_parse_elem(MatroskaDemuxContext *matroska, uint32_t id = syntax->id; uint64_t length; int res; + void *newelem; data = (char *)data + syntax->data_offset; if (syntax->list_elem_size) { EbmlList *list = data; - list->elem = av_realloc(list->elem, (list->nb_elem+1)*syntax->list_elem_size); + newelem = av_realloc(list->elem, (list->nb_elem+1)*syntax->list_elem_size); + if (!newelem) + return AVERROR(ENOMEM); + list->elem = newelem; data = (char*)list->elem + list->nb_elem*syntax->list_elem_size; memset(data, 0, syntax->list_elem_size); list->nb_elem++; @@ -992,7 +996,10 @@ static int matroska_decode_buffer(uint8_t** buf, int* buf_size, pkt_data = av_realloc(pkt_data, pkt_size); zstream.avail_out = pkt_size - zstream.total_out; zstream.next_out = pkt_data + zstream.total_out; - result = inflate(&zstream, Z_NO_FLUSH); + if (pkt_data) { + result = inflate(&zstream, Z_NO_FLUSH); + } else + result = Z_MEM_ERROR; } while (result==Z_OK && pkt_size<10000000); pkt_size = zstream.total_out; inflateEnd(&zstream); @@ -1013,7 +1020,10 @@ static int matroska_decode_buffer(uint8_t** buf, int* buf_size, pkt_data = av_realloc(pkt_data, pkt_size); bzstream.avail_out = pkt_size - bzstream.total_out_lo32; bzstream.next_out = pkt_data + bzstream.total_out_lo32; - result = BZ2_bzDecompress(&bzstream); + if (pkt_data) { + result = BZ2_bzDecompress(&bzstream); + } else + result = BZ_MEM_ERROR; } while (result==BZ_OK && pkt_size<10000000); pkt_size = bzstream.total_out_lo32; BZ2_bzDecompressEnd(&bzstream); @@ -1066,13 +1076,17 @@ static void matroska_fix_ass_packet(MatroskaDemuxContext *matroska, } } -static void matroska_merge_packets(AVPacket *out, AVPacket *in) +static int matroska_merge_packets(AVPacket *out, AVPacket *in) { - out->data = av_realloc(out->data, out->size+in->size); + void *newdata = av_realloc(out->data, out->size+in->size); + if (!newdata) + return AVERROR(ENOMEM); + out->data = newdata; memcpy(out->data+out->size, in->data, in->size); out->size += in->size; av_destruct_packet(in); av_free(in); + return 0; } static void matroska_convert_tag(AVFormatContext *s, EbmlList *list, @@ -1626,11 +1640,13 @@ static int matroska_deliver_packet(MatroskaDemuxContext *matroska, memcpy(pkt, matroska->packets[0], sizeof(AVPacket)); av_free(matroska->packets[0]); if (matroska->num_packets > 1) { + void *newpackets; memmove(&matroska->packets[0], &matroska->packets[1], (matroska->num_packets - 1) * sizeof(AVPacket *)); - matroska->packets = - av_realloc(matroska->packets, (matroska->num_packets - 1) * - sizeof(AVPacket *)); + newpackets = av_realloc(matroska->packets, + (matroska->num_packets - 1) * sizeof(AVPacket *)); + if (newpackets) + matroska->packets = newpackets; } else { av_freep(&matroska->packets); } From 2ff36ef521a551b99ea69dda0aa82dc9fa49a131 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 28 Jul 2011 18:32:26 +0200 Subject: [PATCH 117/652] ffmpeg: fix passlogfile regression Signed-off-by: Michael Niedermayer --- ffmpeg.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ffmpeg.c b/ffmpeg.c index a00d94ec70..18ee782344 100644 --- a/ffmpeg.c +++ b/ffmpeg.c @@ -4381,7 +4381,9 @@ static void log_callback_null(void* ptr, int level, const char* fmt, va_list vl) static void opt_passlogfile(const char *opt, const char *arg) { pass_logfilename_prefix = arg; +#if CONFIG_LIBX264_ENCODER opt_default("passlogfile", arg); +#endif } static const OptionDef options[] = { From cf82c5cd5b584ae9ee2b2d10fb1c9f0748446071 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 28 Jul 2011 18:32:26 +0200 Subject: [PATCH 118/652] ffmpeg: fix passlogfile regression Signed-off-by: Michael Niedermayer (cherry picked from commit 2ff36ef521a551b99ea69dda0aa82dc9fa49a131) --- ffmpeg.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ffmpeg.c b/ffmpeg.c index 3a1a150b6c..857e02292e 100644 --- a/ffmpeg.c +++ b/ffmpeg.c @@ -4382,7 +4382,9 @@ static void log_callback_null(void* ptr, int level, const char* fmt, va_list vl) static void opt_passlogfile(const char *opt, const char *arg) { pass_logfilename_prefix = arg; +#if CONFIG_LIBX264_ENCODER opt_default("passlogfile", arg); +#endif } static const OptionDef options[] = { From 7c772ccd276021fed1f6ea40d150d73337fc3c1b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Sun, 17 Jul 2011 13:03:57 +0200 Subject: [PATCH 119/652] Bink: clip AC coefficients during dequantization. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes artefacts with Neverwinter Nights WOTCLogo.bik (http://drmccoy.de/zeugs/WOTCLogo.bik). Fixes trac ticket #352. Signed-off-by: Reimar Döffinger (cherry picked from commit 47b71eea099b3fe2c7e16644878ad9b7067974e3) --- libavcodec/bink.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/libavcodec/bink.c b/libavcodec/bink.c index ef07747dbc..4328a43525 100644 --- a/libavcodec/bink.c +++ b/libavcodec/bink.c @@ -571,6 +571,22 @@ static inline int binkb_get_value(BinkContext *c, int bundle_num) return ret; } +static inline DCTELEM dequant(DCTELEM in, uint32_t quant, int dc) +{ + /* Note: multiplication is unsigned but we want signed shift + * otherwise clipping breaks. + * TODO: The official decoder does not use clipping at all + * but instead uses the full 32-bit result. + * However clipping at least gets rid of the case that a + * half-black half-white intra block gets black and white swapped + * and should cause at most minor differences (except for DC). */ + int32_t res = in * quant; + res >>= 11; + if (!dc) + res = av_clip_int16(res); + return res; +} + /** * Read 8x8 block of DCT coefficients. * @@ -669,10 +685,10 @@ static int read_dct_coeffs(GetBitContext *gb, DCTELEM block[64], const uint8_t * quant = quant_matrices[quant_idx]; - block[0] = (block[0] * quant[0]) >> 11; + block[0] = dequant(block[0], quant[0], 1); for (i = 0; i < coef_count; i++) { int idx = coef_idx[i]; - block[scan[idx]] = (block[scan[idx]] * quant[idx]) >> 11; + block[scan[idx]] = dequant(block[scan[idx]], quant[idx], 0); } return 0; From 8893f7d815db4efed797101d7a94718554990706 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Thu, 4 Aug 2011 11:06:43 +0200 Subject: [PATCH 120/652] Fix possible crash when decoding mpeg streams. This reverts 2cf8355f98681bdd726b739008acd5483f82f8d7, fixes ticket 329. --- ffmpeg.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ffmpeg.c b/ffmpeg.c index 857e02292e..ab628b2cbc 100644 --- a/ffmpeg.c +++ b/ffmpeg.c @@ -345,6 +345,7 @@ typedef struct AVInputFile { int eof_reached; /* true if eof reached */ int ist_index; /* index of first stream in ist_table */ int buffer_size; /* current total buffer size */ + int nb_streams; } AVInputFile; #if HAVE_TERMIOS_H @@ -2046,7 +2047,7 @@ static int transcode(AVFormatContext **output_files, int si = stream_maps[i].stream_index; if (fi < 0 || fi > nb_input_files - 1 || - si < 0 || si > input_files[fi].ctx->nb_streams - 1) { + si < 0 || si > input_files[fi].nb_streams - 1) { fprintf(stderr,"Could not find input stream #%d.%d\n", fi, si); ret = AVERROR(EINVAL); goto fail; @@ -2732,7 +2733,7 @@ static int transcode(AVFormatContext **output_files, } /* the following test is needed in case new streams appear dynamically in stream : we ignore them */ - if (pkt.stream_index >= input_files[file_index].ctx->nb_streams) + if (pkt.stream_index >= input_files[file_index].nb_streams) goto discard_packet; ist_index = input_files[file_index].ist_index + pkt.stream_index; ist = &input_streams[ist_index]; @@ -3469,6 +3470,7 @@ static int opt_input_file(const char *opt, const char *filename) input_files = grow_array(input_files, sizeof(*input_files), &nb_input_files, nb_input_files + 1); input_files[nb_input_files - 1].ctx = ic; input_files[nb_input_files - 1].ist_index = nb_input_streams - ic->nb_streams; + input_files[nb_input_files - 1].nb_streams = ic->nb_streams; top_field_first = -1; video_channel = 0; From a0352d01e95ed084e777d0c259bad1f4cee4f402 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Sun, 17 Jul 2011 13:03:57 +0200 Subject: [PATCH 121/652] Bink: clip AC coefficients during dequantization. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes artefacts with Neverwinter Nights WOTCLogo.bik (http://drmccoy.de/zeugs/WOTCLogo.bik). Fixes trac ticket #352. Signed-off-by: Reimar Döffinger (cherry picked from commit 47b71eea099b3fe2c7e16644878ad9b7067974e3) --- libavcodec/bink.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/libavcodec/bink.c b/libavcodec/bink.c index ef07747dbc..4328a43525 100644 --- a/libavcodec/bink.c +++ b/libavcodec/bink.c @@ -571,6 +571,22 @@ static inline int binkb_get_value(BinkContext *c, int bundle_num) return ret; } +static inline DCTELEM dequant(DCTELEM in, uint32_t quant, int dc) +{ + /* Note: multiplication is unsigned but we want signed shift + * otherwise clipping breaks. + * TODO: The official decoder does not use clipping at all + * but instead uses the full 32-bit result. + * However clipping at least gets rid of the case that a + * half-black half-white intra block gets black and white swapped + * and should cause at most minor differences (except for DC). */ + int32_t res = in * quant; + res >>= 11; + if (!dc) + res = av_clip_int16(res); + return res; +} + /** * Read 8x8 block of DCT coefficients. * @@ -669,10 +685,10 @@ static int read_dct_coeffs(GetBitContext *gb, DCTELEM block[64], const uint8_t * quant = quant_matrices[quant_idx]; - block[0] = (block[0] * quant[0]) >> 11; + block[0] = dequant(block[0], quant[0], 1); for (i = 0; i < coef_count; i++) { int idx = coef_idx[i]; - block[scan[idx]] = (block[scan[idx]] * quant[idx]) >> 11; + block[scan[idx]] = dequant(block[scan[idx]], quant[idx], 0); } return 0; From 08ddfb77a1aff378345026ba49fea9fb93ff1e70 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Thu, 4 Aug 2011 11:06:43 +0200 Subject: [PATCH 122/652] Fix possible crash when decoding mpeg streams. This reverts 2cf8355f98681bdd726b739008acd5483f82f8d7, fixes ticket 329. --- ffmpeg.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ffmpeg.c b/ffmpeg.c index 18ee782344..c6374df949 100644 --- a/ffmpeg.c +++ b/ffmpeg.c @@ -343,6 +343,7 @@ typedef struct AVInputFile { int eof_reached; /* true if eof reached */ int ist_index; /* index of first stream in ist_table */ int buffer_size; /* current total buffer size */ + int nb_streams; } AVInputFile; #if HAVE_TERMIOS_H @@ -2045,7 +2046,7 @@ static int transcode(AVFormatContext **output_files, int si = stream_maps[i].stream_index; if (fi < 0 || fi > nb_input_files - 1 || - si < 0 || si > input_files[fi].ctx->nb_streams - 1) { + si < 0 || si > input_files[fi].nb_streams - 1) { fprintf(stderr,"Could not find input stream #%d.%d\n", fi, si); ret = AVERROR(EINVAL); goto fail; @@ -2731,7 +2732,7 @@ static int transcode(AVFormatContext **output_files, } /* the following test is needed in case new streams appear dynamically in stream : we ignore them */ - if (pkt.stream_index >= input_files[file_index].ctx->nb_streams) + if (pkt.stream_index >= input_files[file_index].nb_streams) goto discard_packet; ist_index = input_files[file_index].ist_index + pkt.stream_index; ist = &input_streams[ist_index]; @@ -3468,6 +3469,7 @@ static int opt_input_file(const char *opt, const char *filename) input_files = grow_array(input_files, sizeof(*input_files), &nb_input_files, nb_input_files + 1); input_files[nb_input_files - 1].ctx = ic; input_files[nb_input_files - 1].ist_index = nb_input_streams - ic->nb_streams; + input_files[nb_input_files - 1].nb_streams = ic->nb_streams; top_field_first = -1; video_channel = 0; From 5c99acb7dafee2c2d80a4250327086227310c375 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 5 Aug 2011 13:08:42 +0200 Subject: [PATCH 123/652] Revert "lavfi: add audio channel packing negotiation fields" This reverts commit b57df29f95d1107a66315a6744c1c3e73293b2ee. Conflicts: doc/APIchanges libavfilter/avfilter.h Signed-off-by: Michael Niedermayer --- doc/APIchanges | 8 -------- libavfilter/avfilter.c | 3 --- libavfilter/avfilter.h | 16 +--------------- libavfilter/avfiltergraph.c | 6 +----- libavfilter/defaults.c | 8 -------- libavfilter/formats.c | 11 ----------- 6 files changed, 2 insertions(+), 50 deletions(-) diff --git a/doc/APIchanges b/doc/APIchanges index eba7f8416b..5c5a8fd430 100644 --- a/doc/APIchanges +++ b/doc/APIchanges @@ -16,14 +16,6 @@ API changes, most recent first: 2011-08-02 - 9d39cbf - lavc 53.7.1 Add AV_PKT_FLAG_CORRUPT AVPacket flag. -2011-07-16 - xxxxxx - lavfi 2.27.0 - Add audio packing negotiation fields and helper functions. - - In particular, add AVFilterPacking enum, planar, in_packings and - out_packings fields to AVFilterLink, and the functions: - avfilter_set_common_packing_formats() - avfilter_all_packing_formats() - 2011-07-10 - a67c061 - lavf 53.3.0 Add avformat_find_stream_info(), deprecate av_find_stream_info(). diff --git a/libavfilter/avfilter.c b/libavfilter/avfilter.c index 7003cdda5c..a57677c0e4 100644 --- a/libavfilter/avfilter.c +++ b/libavfilter/avfilter.c @@ -221,9 +221,6 @@ int avfilter_insert_filter(AVFilterLink *link, AVFilterContext *filt, if (link->out_chlayouts) avfilter_formats_changeref(&link->out_chlayouts, &filt->outputs[filt_dstpad_idx]->out_chlayouts); - if (link->out_packing) - avfilter_formats_changeref(&link->out_packing, - &filt->outputs[filt_dstpad_idx]->out_packing); return 0; } diff --git a/libavfilter/avfilter.h b/libavfilter/avfilter.h index 0cbc3f7415..434bc60289 100644 --- a/libavfilter/avfilter.h +++ b/libavfilter/avfilter.h @@ -264,11 +264,6 @@ AVFilterFormats *avfilter_all_formats(enum AVMediaType type); */ AVFilterFormats *avfilter_all_channel_layouts(void); -/** - * Return a list of all audio packing formats. - */ -AVFilterFormats *avfilter_all_packing_formats(void); - /** * Return a format list which contains the intersection of the formats of * a and b. Also, all the references of a, all the references of b, and @@ -487,7 +482,6 @@ AVFilterBufferRef *avfilter_default_get_audio_buffer(AVFilterLink *link, int per void avfilter_set_common_pixel_formats(AVFilterContext *ctx, AVFilterFormats *formats); void avfilter_set_common_sample_formats(AVFilterContext *ctx, AVFilterFormats *formats); void avfilter_set_common_channel_layouts(AVFilterContext *ctx, AVFilterFormats *formats); -void avfilter_set_common_packing_formats(AVFilterContext *ctx, AVFilterFormats *formats); /** Default handler for query_formats() */ int avfilter_default_query_formats(AVFilterContext *ctx); @@ -576,11 +570,6 @@ struct AVFilterContext { void *priv; ///< private data for use by the filter }; -enum AVFilterPacking { - AVFILTER_PACKED = 0, - AVFILTER_PLANAR, -}; - /** * A link between two filters. This contains pointers to the source and * destination filters between which this link exists, and the indexes of @@ -608,10 +597,9 @@ struct AVFilterLink { int w; ///< agreed upon image width int h; ///< agreed upon image height AVRational sample_aspect_ratio; ///< agreed upon sample aspect ratio - /* These parameters apply only to audio */ + /* These two parameters apply only to audio */ int64_t channel_layout; ///< channel layout of current buffer (see libavutil/audioconvert.h) int64_t sample_rate; ///< samples per second - int planar; ///< agreed upon packing mode of audio buffers. true if planar. int format; ///< agreed upon media format @@ -627,8 +615,6 @@ struct AVFilterLink { AVFilterFormats *in_chlayouts; AVFilterFormats *out_chlayouts; - AVFilterFormats *in_packing; - AVFilterFormats *out_packing; /** * The buffer reference currently being sent across the link by the source diff --git a/libavfilter/avfiltergraph.c b/libavfilter/avfiltergraph.c index 8756e42bd4..04768617de 100644 --- a/libavfilter/avfiltergraph.c +++ b/libavfilter/avfiltergraph.c @@ -203,12 +203,8 @@ static void pick_format(AVFilterLink *link) link->channel_layout = link->in_chlayouts->formats[0]; avfilter_formats_unref(&link->in_chlayouts); avfilter_formats_unref(&link->out_chlayouts); - - link->in_packing->format_count = 1; - link->planar = link->in_packing->formats[0] == AVFILTER_PLANAR; - avfilter_formats_unref(&link->in_packing); - avfilter_formats_unref(&link->out_packing); } + } static void pick_formats(AVFilterGraph *graph) diff --git a/libavfilter/defaults.c b/libavfilter/defaults.c index eef9fd1278..b03816dd24 100644 --- a/libavfilter/defaults.c +++ b/libavfilter/defaults.c @@ -239,19 +239,11 @@ void avfilter_set_common_channel_layouts(AVFilterContext *ctx, AVFilterFormats * offsetof(AVFilterLink, out_chlayouts)); } -void avfilter_set_common_packing_formats(AVFilterContext *ctx, AVFilterFormats *formats) -{ - set_common_formats(ctx, formats, AVMEDIA_TYPE_AUDIO, - offsetof(AVFilterLink, in_packing), - offsetof(AVFilterLink, out_packing)); -} - int avfilter_default_query_formats(AVFilterContext *ctx) { avfilter_set_common_pixel_formats(ctx, avfilter_all_formats(AVMEDIA_TYPE_VIDEO)); avfilter_set_common_sample_formats(ctx, avfilter_all_formats(AVMEDIA_TYPE_AUDIO)); avfilter_set_common_channel_layouts(ctx, avfilter_all_channel_layouts()); - avfilter_set_common_packing_formats(ctx, avfilter_all_packing_formats()); return 0; } diff --git a/libavfilter/formats.c b/libavfilter/formats.c index 214718b779..b6e30e7ab4 100644 --- a/libavfilter/formats.c +++ b/libavfilter/formats.c @@ -173,17 +173,6 @@ AVFilterFormats *avfilter_all_channel_layouts(void) return avfilter_make_format64_list(chlayouts); } -AVFilterFormats *avfilter_all_packing_formats(void) -{ - static int packing[] = { - AVFILTER_PACKED, - AVFILTER_PLANAR, - -1, - }; - - return avfilter_make_format_list(packing); -} - void avfilter_formats_ref(AVFilterFormats *f, AVFilterFormats **ref) { *ref = f; From e1e3d79ef3b1cfa0b5052dcba9eac7a84ca55551 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 5 Aug 2011 13:10:24 +0200 Subject: [PATCH 124/652] Revert "lavfi-showfiltfmts: extend output format for specifying audio data" This reverts commit 9c484d294483241b4d066530b1eee06d94cfefdc. --- tests/lavfi-regression.sh | 4 +-- tools/lavfi-showfiltfmts.c | 66 +++++++++++--------------------------- 2 files changed, 20 insertions(+), 50 deletions(-) diff --git a/tests/lavfi-regression.sh b/tests/lavfi-regression.sh index e1666c263c..5def09c2c9 100755 --- a/tests/lavfi-regression.sh +++ b/tests/lavfi-regression.sh @@ -50,9 +50,9 @@ do_lavfi_pixfmts(){ # exclude pixel formats which are not supported as input $ffmpeg -pix_fmts list 2>/dev/null | sed -ne '9,$p' | grep '^\..\.' | cut -d' ' -f2 | sort >$exclude_fmts - $showfiltfmts scale | awk -F '[ \r]' '/^OUTPUT/{ fmt=substr($3, 5); print fmt }' | sort | comm -23 - $exclude_fmts >$out_fmts + $showfiltfmts scale | awk -F '[ \r]' '/^OUTPUT/{ print $3 }' | sort | comm -23 - $exclude_fmts >$out_fmts - pix_fmts=$($showfiltfmts $filter $filter_args | awk -F '[ \r]' '/^INPUT/{ fmt=substr($3, 5); print fmt }' | sort | comm -12 - $out_fmts) + pix_fmts=$($showfiltfmts $filter $filter_args | awk -F '[ \r]' '/^INPUT/{ print $3 }' | sort | comm -12 - $out_fmts) for pix_fmt in $pix_fmts; do do_video_filter $pix_fmt "slicify=random,format=$pix_fmt,$filter=$filter_args" -pix_fmt $pix_fmt done diff --git a/tools/lavfi-showfiltfmts.c b/tools/lavfi-showfiltfmts.c index a4541bac82..cc19e00a8c 100644 --- a/tools/lavfi-showfiltfmts.c +++ b/tools/lavfi-showfiltfmts.c @@ -20,61 +20,15 @@ #include "libavformat/avformat.h" #include "libavutil/pixdesc.h" -#include "libavutil/samplefmt.h" #include "libavfilter/avfilter.h" -static void print_formats(AVFilterContext *filter_ctx) -{ - int i, j; - -#define PRINT_FMTS(inout, outin, INOUT) \ - for (i = 0; i < filter_ctx->input_count; i++) { \ - if (filter_ctx->inout##puts[i]->type == AVMEDIA_TYPE_VIDEO) { \ - AVFilterFormats *fmts = \ - filter_ctx->inout##puts[i]->outin##_formats; \ - for (j = 0; j < fmts->format_count; j++) \ - printf(#INOUT "PUT[%d] %s: fmt:%s\n", \ - i, filter_ctx->filter->inout##puts[i].name, \ - av_get_pix_fmt_name(fmts->formats[j])); \ - } else if (filter_ctx->inout##puts[i]->type == AVMEDIA_TYPE_AUDIO) { \ - AVFilterFormats *fmts; \ - \ - fmts = filter_ctx->inout##puts[i]->outin##_formats; \ - for (j = 0; j < fmts->format_count; j++) \ - printf(#INOUT "PUT[%d] %s: fmt:%s\n", \ - i, filter_ctx->filter->inout##puts[i].name, \ - av_get_sample_fmt_name(fmts->formats[j])); \ - \ - fmts = filter_ctx->inout##puts[i]->outin##_chlayouts; \ - for (j = 0; j < fmts->format_count; j++) { \ - char buf[256]; \ - av_get_channel_layout_string(buf, sizeof(buf), -1, \ - fmts->formats[j]); \ - printf(#INOUT "PUT[%d] %s: chlayout:%s\n", \ - i, filter_ctx->filter->inout##puts[i].name, buf); \ - } \ - \ - fmts = filter_ctx->inout##puts[i]->outin##_packing; \ - for (j = 0; j < fmts->format_count; j++) { \ - printf(#INOUT "PUT[%d] %s: packing:%s\n", \ - i, filter_ctx->filter->inout##puts[i].name, \ - fmts->formats[j] == AVFILTER_PACKED ? \ - "packed" : "planar"); \ - } \ - } \ - } \ - - PRINT_FMTS(in, out, IN); - PRINT_FMTS(out, in, OUT); -} - int main(int argc, char **argv) { AVFilter *filter; AVFilterContext *filter_ctx; const char *filter_name; const char *filter_args = NULL; - int i; + int i, j; av_log_set_level(AV_LOG_DEBUG); @@ -121,7 +75,23 @@ int main(int argc, char **argv) else avfilter_default_query_formats(filter_ctx); - print_formats(filter_ctx); + /* print the supported formats in input */ + for (i = 0; i < filter_ctx->input_count; i++) { + AVFilterFormats *fmts = filter_ctx->inputs[i]->out_formats; + for (j = 0; j < fmts->format_count; j++) + printf("INPUT[%d] %s: %s\n", + i, filter_ctx->filter->inputs[i].name, + av_get_pix_fmt_name(fmts->formats[j])); + } + + /* print the supported formats in output */ + for (i = 0; i < filter_ctx->output_count; i++) { + AVFilterFormats *fmts = filter_ctx->outputs[i]->in_formats; + for (j = 0; j < fmts->format_count; j++) + printf("OUTPUT[%d] %s: %s\n", + i, filter_ctx->filter->outputs[i].name, + av_get_pix_fmt_name(fmts->formats[j])); + } avfilter_free(filter_ctx); fflush(stdout); From 6605d4377725641082962381c25befd4c6fb0bde Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Tue, 9 Aug 2011 01:05:28 +0200 Subject: [PATCH 125/652] ffmpeg: fix passlogfile regression (cherry picked from commit 3e26abcd88a04e4a50c471988973591d848d4936) --- ffmpeg.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ffmpeg.c b/ffmpeg.c index 0952cada82..133ac0f0b2 100644 --- a/ffmpeg.c +++ b/ffmpeg.c @@ -4380,7 +4380,11 @@ static void log_callback_null(void* ptr, int level, const char* fmt, va_list vl) static int opt_passlogfile(const char *opt, const char *arg) { pass_logfilename_prefix = arg; +#if CONFIG_LIBX264_ENCODER return opt_default("passlogfile", arg); +#else + return 0; +#endif } static const OptionDef options[] = { From 91d5da9321c52e8197fb14046ebb335f3e6ff4a0 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 10 Aug 2011 13:28:36 +0200 Subject: [PATCH 126/652] cavs: fix oCERT #2011-002 FFmpeg/libavcodec insufficient boundary check Signed-off-by: Michael Niedermayer --- libavcodec/cavsdec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/cavsdec.c b/libavcodec/cavsdec.c index c6ccb06524..6e83a7d381 100644 --- a/libavcodec/cavsdec.c +++ b/libavcodec/cavsdec.c @@ -115,7 +115,8 @@ static inline int get_ue_code(GetBitContext *gb, int order) { static int decode_residual_block(AVSContext *h, GetBitContext *gb, const struct dec_2dvlc *r, int esc_golomb_order, int qp, uint8_t *dst, int stride) { - int i, level_code, esc_code, level, run, mask; + int i, esc_code, level, mask; + unsigned int level_code, run; DCTELEM level_buf[65]; uint8_t run_buf[65]; DCTELEM *block = h->block; From d1bc77d86c5c8b013b371c1bf027f7583aef07b3 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 10 Aug 2011 13:48:30 +0200 Subject: [PATCH 127/652] 0.8.2 Signed-off-by: Michael Niedermayer --- Doxyfile | 2 +- RELEASE | 2 +- VERSION | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Doxyfile b/Doxyfile index dbadd98d15..0f7de822f6 100644 --- a/Doxyfile +++ b/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 0.8.1 +PROJECT_NUMBER = 0.8.2 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. diff --git a/RELEASE b/RELEASE index 6f4eebdf6f..100435be13 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -0.8.1 +0.8.2 diff --git a/VERSION b/VERSION index 6f4eebdf6f..100435be13 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.8.1 +0.8.2 From c5cbda50793e311aa73489d12184ffd6761c9fbf Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 10 Aug 2011 13:28:36 +0200 Subject: [PATCH 128/652] cavs: fix oCERT #2011-002 FFmpeg/libavcodec insufficient boundary check Signed-off-by: Michael Niedermayer --- libavcodec/cavsdec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/cavsdec.c b/libavcodec/cavsdec.c index c6ccb06524..6e83a7d381 100644 --- a/libavcodec/cavsdec.c +++ b/libavcodec/cavsdec.c @@ -115,7 +115,8 @@ static inline int get_ue_code(GetBitContext *gb, int order) { static int decode_residual_block(AVSContext *h, GetBitContext *gb, const struct dec_2dvlc *r, int esc_golomb_order, int qp, uint8_t *dst, int stride) { - int i, level_code, esc_code, level, run, mask; + int i, esc_code, level, mask; + unsigned int level_code, run; DCTELEM level_buf[65]; uint8_t run_buf[65]; DCTELEM *block = h->block; From 7371b0ca6fd396cb8c37e626391561c173431a79 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 10 Aug 2011 13:59:49 +0200 Subject: [PATCH 129/652] 0.7.3 Signed-off-by: Michael Niedermayer --- Doxyfile | 2 +- RELEASE | 2 +- VERSION | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Doxyfile b/Doxyfile index dbadd98d15..b7c634c74e 100644 --- a/Doxyfile +++ b/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 0.8.1 +PROJECT_NUMBER = 0.7.3 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. diff --git a/RELEASE b/RELEASE index 7486fdbc50..f38fc5393f 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -0.7.2 +0.7.3 diff --git a/VERSION b/VERSION index 7486fdbc50..f38fc5393f 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.7.2 +0.7.3 From f20f79307b837407ea2bdfe08515d45ce96898c8 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 21 Jul 2011 11:00:47 +0200 Subject: [PATCH 130/652] libavfilter: fix --enable-small Signed-off-by: Michael Niedermayer (cherry picked from commit 633aa01f728b3f67b420e9e34ef21a995578d613) --- libavfilter/vf_lut.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavfilter/vf_lut.c b/libavfilter/vf_lut.c index c457972474..c72e6374df 100644 --- a/libavfilter/vf_lut.c +++ b/libavfilter/vf_lut.c @@ -345,8 +345,8 @@ static void draw_slice(AVFilterLink *inlink, int y, int h, int slice_dir) #define DEFINE_LUT_FILTER(name_, description_, init_) \ AVFilter avfilter_vf_##name_ = { \ - .name = NULL_IF_CONFIG_SMALL(#name_), \ - .description = description_, \ + .name = #name_, \ + .description = NULL_IF_CONFIG_SMALL(description_), \ .priv_size = sizeof(LutContext), \ \ .init = init_, \ From f66418afba4a7fcff33d6421a190a109f574b07b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 21 Jul 2011 11:00:47 +0200 Subject: [PATCH 131/652] libavfilter: fix --enable-small Signed-off-by: Michael Niedermayer (cherry picked from commit 633aa01f728b3f67b420e9e34ef21a995578d613) --- libavfilter/vf_lut.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavfilter/vf_lut.c b/libavfilter/vf_lut.c index c457972474..c72e6374df 100644 --- a/libavfilter/vf_lut.c +++ b/libavfilter/vf_lut.c @@ -345,8 +345,8 @@ static void draw_slice(AVFilterLink *inlink, int y, int h, int slice_dir) #define DEFINE_LUT_FILTER(name_, description_, init_) \ AVFilter avfilter_vf_##name_ = { \ - .name = NULL_IF_CONFIG_SMALL(#name_), \ - .description = description_, \ + .name = #name_, \ + .description = NULL_IF_CONFIG_SMALL(description_), \ .priv_size = sizeof(LutContext), \ \ .init = init_, \ From 6a57021cf96dc548b6cc2c97dedb8958225d58e3 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Tue, 16 Aug 2011 23:31:09 +0200 Subject: [PATCH 132/652] Fix compilation with --disable-avfilter. (cherry picked from commit 67a8251690a17f05630eb6f45a73db0f0e806c72) --- ffplay.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ffplay.c b/ffplay.c index 8788771491..6eefee6e00 100644 --- a/ffplay.c +++ b/ffplay.c @@ -1779,8 +1779,10 @@ static int video_thread(void *arg) if (ret < 0) goto the_end; +#if CONFIG_AVFILTER if (!picref) continue; +#endif pts = pts_int*av_q2d(is->video_st->time_base); From a5e3fe37690a85ec46621e73048e55d4b8c0e1e7 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Tue, 16 Aug 2011 23:31:09 +0200 Subject: [PATCH 133/652] Fix compilation with --disable-avfilter. (cherry picked from commit 67a8251690a17f05630eb6f45a73db0f0e806c72) --- ffplay.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ffplay.c b/ffplay.c index bcb430781d..a7eb2eabbe 100644 --- a/ffplay.c +++ b/ffplay.c @@ -1776,8 +1776,10 @@ static int video_thread(void *arg) if (ret < 0) goto the_end; +#if CONFIG_AVFILTER if (!picref) continue; +#endif pts = pts_int*av_q2d(is->video_st->time_base); From 87757508abe36dd376093c59f00db41fe15d76a5 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Tue, 16 Aug 2011 23:31:09 +0200 Subject: [PATCH 134/652] Fix compilation with --disable-avfilter. (cherry picked from commit 67a8251690a17f05630eb6f45a73db0f0e806c72) --- ffplay.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ffplay.c b/ffplay.c index c41709674f..b79df9760e 100644 --- a/ffplay.c +++ b/ffplay.c @@ -1779,8 +1779,10 @@ static int video_thread(void *arg) if (ret < 0) goto the_end; +#if CONFIG_AVFILTER if (!picref) continue; +#endif pts = pts_int*av_q2d(is->video_st->time_base); From 00c5cf4beb0e45e936544a5766b56e241ae03234 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 9 Jun 2011 03:35:50 +0200 Subject: [PATCH 135/652] jpegdec: actually search for and parse RSTn Fixes decoding of MJPEG files produced by some UVC Logitec web cameras, such as "Notebook Pro" and "HD C910". References: http://trac.videolan.org/vlc/ticket/4215 http://ffmpeg.org/trac/ffmpeg/ticket/267 Signed-off-by: Michael Niedermayer Reviewed-by: Kostya (cherry picked from commit 8c0fa61a9713a1306fca7997dd04d72ea1f060ea) --- libavcodec/mjpegdec.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index 391d58de6b..3f6b1f111e 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -879,9 +879,12 @@ static int mjpeg_decode_scan(MJpegDecodeContext *s, int nb_components, int Ah, i } } - if (s->restart_interval && !--s->restart_count) { + if (s->restart_interval && show_bits(&s->gb, 8) == 0xFF){ /* skip RSTn */ + --s->restart_count; align_get_bits(&s->gb); - skip_bits(&s->gb, 16); /* skip RSTn */ + while(show_bits(&s->gb, 8) == 0xFF) + skip_bits(&s->gb, 8); + skip_bits(&s->gb, 8); for (i=0; ilast_dc[i] = 1024; } From bd968d260aef322fb32e254a3de0d2036c57bd56 Mon Sep 17 00:00:00 2001 From: Mans Rullgard Date: Wed, 10 Aug 2011 18:52:11 +0100 Subject: [PATCH 136/652] cavs: fix some crashes with invalid bitstreams This removes all valgrind-reported invalid writes with one specific test file. Fixes http://www.ocert.org/advisories/ocert-2011-002.html Signed-off-by: Mans Rullgard (cherry picked from commit 4a71da0f3ab7f5542decd11c81994f849d5b2c78) --- libavcodec/cavsdec.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/libavcodec/cavsdec.c b/libavcodec/cavsdec.c index a9e4d37c2a..35c37d0768 100644 --- a/libavcodec/cavsdec.c +++ b/libavcodec/cavsdec.c @@ -130,12 +130,14 @@ static int decode_residual_block(AVSContext *h, GetBitContext *gb, r++; mask = -(level_code & 1); level = (level^mask) - mask; - } else { + } else if (level_code >= 0) { level = r->rltab[level_code][0]; if(!level) //end of block signal break; run = r->rltab[level_code][1]; r += r->rltab[level_code][2]; + } else { + break; } level_buf[i] = level; run_buf[i] = run; @@ -189,7 +191,8 @@ static inline int decode_residual_inter(AVSContext *h) { static int decode_mb_i(AVSContext *h, int cbp_code) { GetBitContext *gb = &h->s.gb; - int block, pred_mode_uv; + unsigned pred_mode_uv; + int block; uint8_t top[18]; uint8_t *left = NULL; uint8_t *d; @@ -445,6 +448,8 @@ static inline int check_for_slice(AVSContext *h) { if((show_bits_long(gb,24+align) & 0xFFFFFF) == 0x000001) { skip_bits_long(gb,24+align); h->stc = get_bits(gb,8); + if (h->stc >= h->mb_height) + return 0; decode_slice_header(h,gb); return 1; } @@ -659,7 +664,7 @@ static int cavs_decode_frame(AVCodecContext * avctx,void *data, int *data_size, buf_end = buf + buf_size; for(;;) { buf_ptr = ff_find_start_code(buf_ptr,buf_end, &stc); - if(stc & 0xFFFFFE00) + if((stc & 0xFFFFFE00) || buf_ptr == buf_end) return FFMAX(0, buf_ptr - buf - s->parse_context.last_index); input_size = (buf_end - buf_ptr)*8; switch(stc) { From 95345e942cd5b8be6722d48e3f17782e97d09bde Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Tue, 23 Aug 2011 19:39:16 +0200 Subject: [PATCH 137/652] Avoid crash due to ic being NULL if avformat_open_input fails. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This updates the code to match current master. Should fix trac issue #410. Signed-off-by: Reimar Döffinger --- libavformat/utils.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index 3242887f41..662b49ae19 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -537,7 +537,8 @@ int av_open_input_stream(AVFormatContext **ic_ptr, else ic->pb = pb; - err = avformat_open_input(&ic, filename, fmt, &opts); + if ((err = avformat_open_input(&ic, filename, fmt, &opts)) < 0) + goto fail; *ic_ptr = ic; ic->pb = ic->pb ? ic->pb : pb; // don't leak custom pb if it wasn't set above From b37131f798941af1eb88e2d550203bdebb8b4324 Mon Sep 17 00:00:00 2001 From: Pino Toscano Date: Fri, 12 Aug 2011 14:11:21 +0200 Subject: [PATCH 138/652] configure: add missing CFLAGS to fix building on the HURD Signed-off-by: Reinhard Tartler Signed-off-by: Luca Barbato (cherry picked from commit f60d13663742d1c695680ede83c4d646bc57d380) --- configure | 1 + 1 file changed, 1 insertion(+) diff --git a/configure b/configure index 5e40e083a0..b6e2ff964b 100755 --- a/configure +++ b/configure @@ -2504,6 +2504,7 @@ case $target_os in add_cppflags -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_BSD_SOURCE ;; gnu) + add_cppflags -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 ;; qnx) add_cppflags -D_QNX_SOURCE From 20ca827019a72bfacb38e73d0b8590e651818272 Mon Sep 17 00:00:00 2001 From: Piotr Kaczuba Date: Mon, 30 May 2011 13:19:35 +0200 Subject: [PATCH 139/652] postprocess.c: filter name needs to be double 0 terminated Signed-off-by: Reinhard Tartler (cherry picked from commit f4f3300c09bb13eb7922e60888b55e3e0fb325e7) --- libpostproc/postprocess.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libpostproc/postprocess.c b/libpostproc/postprocess.c index dd50daf21e..eacf262ccd 100644 --- a/libpostproc/postprocess.c +++ b/libpostproc/postprocess.c @@ -763,7 +763,8 @@ pp_mode *pp_get_mode_by_name_and_quality(const char *name, int quality) ppMode->maxClippedThreshold= 0.01; ppMode->error=0; - av_strlcpy(temp, name, GET_MODE_BUFFER_SIZE); + memset(temp, 0, GET_MODE_BUFFER_SIZE); + av_strlcpy(temp, name, GET_MODE_BUFFER_SIZE - 1); av_log(NULL, AV_LOG_DEBUG, "pp: %s\n", name); @@ -819,7 +820,7 @@ pp_mode *pp_get_mode_by_name_and_quality(const char *name, int quality) plen= strlen(p); spaceLeft= p - temp + plen; - if(spaceLeft + newlen >= GET_MODE_BUFFER_SIZE){ + if(spaceLeft + newlen >= GET_MODE_BUFFER_SIZE - 1){ ppMode->error++; break; } From 1de90fd3758a71c5ff012e9288de07aa1b2915e0 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 2 Sep 2011 18:00:31 +0200 Subject: [PATCH 140/652] mpeg4: adjust dummy frame threashold for packed divx. Fixes Ticket427 Signed-off-by: Michael Niedermayer (cherry picked from commit 3e7e1f1509e6a84bd7873586a66de1ee43c8ef88) --- libavcodec/h263dec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h263dec.c b/libavcodec/h263dec.c index f079557759..5a15bc4a44 100644 --- a/libavcodec/h263dec.c +++ b/libavcodec/h263dec.c @@ -681,7 +681,7 @@ frame_end: int current_pos= s->gb.buffer == s->bitstream_buffer ? 0 : (get_bits_count(&s->gb)>>3); int startcode_found=0; - if(buf_size - current_pos > 5){ + if(buf_size - current_pos > 7){ int i; for(i=current_pos; i Date: Tue, 6 Sep 2011 04:09:43 +0200 Subject: [PATCH 141/652] mpeg4: fix another packed divx issue. Fixes getting_stuck.avi Signed-off-by: Michael Niedermayer (cherry picked from commit 6dbac85f8d20c77283e3d01f42a7c2154bbf976d) --- libavcodec/h263dec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h263dec.c b/libavcodec/h263dec.c index 5a15bc4a44..e142c339c5 100644 --- a/libavcodec/h263dec.c +++ b/libavcodec/h263dec.c @@ -380,7 +380,7 @@ uint64_t time= rdtsc(); retry: - if(s->divx_packed && s->xvid_build>=0 && s->bitstream_buffer_size){ + if(s->divx_packed && s->bitstream_buffer_size){ int i; for(i=0; i Date: Thu, 1 Sep 2011 23:43:56 +0200 Subject: [PATCH 142/652] jpegdec: better rst skiping Fixes Ticket426 Signed-off-by: Michael Niedermayer (cherry picked from commit 94c2478d90c1b8c007591b8daba13e65d393d2e8) --- libavcodec/mjpegdec.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index 5c6d84a07d..cb5bc2387f 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -881,14 +881,18 @@ static int mjpeg_decode_scan(MJpegDecodeContext *s, int nb_components, int Ah, i } } + if (s->restart_interval) --s->restart_count; if (s->restart_interval && show_bits(&s->gb, 8) == 0xFF){ /* skip RSTn */ - --s->restart_count; + int pos= get_bits_count(&s->gb); align_get_bits(&s->gb); while(show_bits(&s->gb, 8) == 0xFF) skip_bits(&s->gb, 8); - skip_bits(&s->gb, 8); - for (i=0; ilast_dc[i] = 1024; + if((get_bits(&s->gb, 8)&0xF8) == 0xD0){ + for (i=0; ilast_dc[i] = 1024; + }else{ + skip_bits_long(&s->gb, pos - get_bits_count(&s->gb)); + } } } } From eb975b1c8bfc0d881479a5ba5c4ace4122191687 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 6 Sep 2011 18:20:34 +0200 Subject: [PATCH 143/652] mjpegdec; even better RSTn skiping Fixes Ticket426 Signed-off-by: Michael Niedermayer (cherry picked from commit be7eed72c89368de70dbf8749eca1dac7443e51a) --- libavcodec/mjpegdec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index cb5bc2387f..e64ea5cd68 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -882,7 +882,8 @@ static int mjpeg_decode_scan(MJpegDecodeContext *s, int nb_components, int Ah, i } if (s->restart_interval) --s->restart_count; - if (s->restart_interval && show_bits(&s->gb, 8) == 0xFF){ /* skip RSTn */ + i= 8+((-get_bits_count(&s->gb))&7); + if (s->restart_interval && show_bits(&s->gb, i) == (1<gb); align_get_bits(&s->gb); while(show_bits(&s->gb, 8) == 0xFF) From 414a6a9e6b84189199adc502ec464f0c189ca434 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 2 Sep 2011 18:00:31 +0200 Subject: [PATCH 144/652] mpeg4: adjust dummy frame threashold for packed divx. Fixes Ticket427 Signed-off-by: Michael Niedermayer (cherry picked from commit 3e7e1f1509e6a84bd7873586a66de1ee43c8ef88) --- libavcodec/h263dec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h263dec.c b/libavcodec/h263dec.c index 3b8b5804b1..267a2c0cef 100644 --- a/libavcodec/h263dec.c +++ b/libavcodec/h263dec.c @@ -689,7 +689,7 @@ frame_end: int current_pos= s->gb.buffer == s->bitstream_buffer ? 0 : (get_bits_count(&s->gb)>>3); int startcode_found=0; - if(buf_size - current_pos > 5){ + if(buf_size - current_pos > 7){ int i; for(i=current_pos; i Date: Tue, 6 Sep 2011 04:09:43 +0200 Subject: [PATCH 145/652] mpeg4: fix another packed divx issue. Fixes getting_stuck.avi Signed-off-by: Michael Niedermayer (cherry picked from commit 6dbac85f8d20c77283e3d01f42a7c2154bbf976d) --- libavcodec/h263dec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h263dec.c b/libavcodec/h263dec.c index 267a2c0cef..01474129e4 100644 --- a/libavcodec/h263dec.c +++ b/libavcodec/h263dec.c @@ -380,7 +380,7 @@ uint64_t time= rdtsc(); retry: - if(s->divx_packed && s->xvid_build>=0 && s->bitstream_buffer_size){ + if(s->divx_packed && s->bitstream_buffer_size){ int i; for(i=0; i Date: Thu, 1 Sep 2011 23:43:56 +0200 Subject: [PATCH 146/652] jpegdec: better rst skiping Fixes Ticket426 Signed-off-by: Michael Niedermayer (cherry picked from commit 94c2478d90c1b8c007591b8daba13e65d393d2e8) --- libavcodec/mjpegdec.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index 4e38f46f7a..5cec91d21a 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -881,14 +881,18 @@ static int mjpeg_decode_scan(MJpegDecodeContext *s, int nb_components, int Ah, i } } + if (s->restart_interval) --s->restart_count; if (s->restart_interval && show_bits(&s->gb, 8) == 0xFF){ /* skip RSTn */ - --s->restart_count; + int pos= get_bits_count(&s->gb); align_get_bits(&s->gb); while(show_bits(&s->gb, 8) == 0xFF) skip_bits(&s->gb, 8); - skip_bits(&s->gb, 8); - for (i=0; ilast_dc[i] = 1024; + if((get_bits(&s->gb, 8)&0xF8) == 0xD0){ + for (i=0; ilast_dc[i] = 1024; + }else{ + skip_bits_long(&s->gb, pos - get_bits_count(&s->gb)); + } } } } From 78fb7355c84ea5796ecdd0266a436e8111f085ce Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 6 Sep 2011 18:20:34 +0200 Subject: [PATCH 147/652] mjpegdec; even better RSTn skiping Fixes Ticket426 Signed-off-by: Michael Niedermayer (cherry picked from commit be7eed72c89368de70dbf8749eca1dac7443e51a) --- libavcodec/mjpegdec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index 5cec91d21a..b895149cd8 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -882,7 +882,8 @@ static int mjpeg_decode_scan(MJpegDecodeContext *s, int nb_components, int Ah, i } if (s->restart_interval) --s->restart_count; - if (s->restart_interval && show_bits(&s->gb, 8) == 0xFF){ /* skip RSTn */ + i= 8+((-get_bits_count(&s->gb))&7); + if (s->restart_interval && show_bits(&s->gb, i) == (1<gb); align_get_bits(&s->gb); while(show_bits(&s->gb, 8) == 0xFF) From 274a5b7cdb4f7199ee8f04117d20459a60199de6 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 2 Sep 2011 18:00:31 +0200 Subject: [PATCH 148/652] mpeg4: adjust dummy frame threashold for packed divx. Fixes Ticket427 Signed-off-by: Michael Niedermayer (cherry picked from commit 3e7e1f1509e6a84bd7873586a66de1ee43c8ef88) --- libavcodec/h263dec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h263dec.c b/libavcodec/h263dec.c index ff312b0935..5d4f03762d 100644 --- a/libavcodec/h263dec.c +++ b/libavcodec/h263dec.c @@ -689,7 +689,7 @@ frame_end: int current_pos= s->gb.buffer == s->bitstream_buffer ? 0 : (get_bits_count(&s->gb)>>3); int startcode_found=0; - if(buf_size - current_pos > 5){ + if(buf_size - current_pos > 7){ int i; for(i=current_pos; i Date: Tue, 6 Sep 2011 04:09:43 +0200 Subject: [PATCH 149/652] mpeg4: fix another packed divx issue. Fixes getting_stuck.avi Signed-off-by: Michael Niedermayer (cherry picked from commit 6dbac85f8d20c77283e3d01f42a7c2154bbf976d) --- libavcodec/h263dec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h263dec.c b/libavcodec/h263dec.c index 5d4f03762d..95b0164478 100644 --- a/libavcodec/h263dec.c +++ b/libavcodec/h263dec.c @@ -380,7 +380,7 @@ uint64_t time= rdtsc(); retry: - if(s->divx_packed && s->xvid_build>=0 && s->bitstream_buffer_size){ + if(s->divx_packed && s->bitstream_buffer_size){ int i; for(i=0; i Date: Thu, 1 Sep 2011 23:43:56 +0200 Subject: [PATCH 150/652] jpegdec: better rst skiping Fixes Ticket426 Signed-off-by: Michael Niedermayer --- libavcodec/mjpegdec.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index 02c66f504b..cb5bc2387f 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -881,14 +881,18 @@ static int mjpeg_decode_scan(MJpegDecodeContext *s, int nb_components, int Ah, i } } - if (s->restart_interval && show_bits(&s->gb, 8) == 0xFF){/* skip RSTn */ - --s->restart_count; + if (s->restart_interval) --s->restart_count; + if (s->restart_interval && show_bits(&s->gb, 8) == 0xFF){ /* skip RSTn */ + int pos= get_bits_count(&s->gb); align_get_bits(&s->gb); while(show_bits(&s->gb, 8) == 0xFF) skip_bits(&s->gb, 8); - skip_bits(&s->gb, 8); - for (i=0; ilast_dc[i] = 1024; + if((get_bits(&s->gb, 8)&0xF8) == 0xD0){ + for (i=0; ilast_dc[i] = 1024; + }else{ + skip_bits_long(&s->gb, pos - get_bits_count(&s->gb)); + } } } } From 374409eb1a640abde877bb55d2e8a1e65083699a Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 6 Sep 2011 18:20:34 +0200 Subject: [PATCH 151/652] mjpegdec; even better RSTn skiping Fixes Ticket426 Signed-off-by: Michael Niedermayer (cherry picked from commit be7eed72c89368de70dbf8749eca1dac7443e51a) --- libavcodec/mjpegdec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index cb5bc2387f..e64ea5cd68 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -882,7 +882,8 @@ static int mjpeg_decode_scan(MJpegDecodeContext *s, int nb_components, int Ah, i } if (s->restart_interval) --s->restart_count; - if (s->restart_interval && show_bits(&s->gb, 8) == 0xFF){ /* skip RSTn */ + i= 8+((-get_bits_count(&s->gb))&7); + if (s->restart_interval && show_bits(&s->gb, i) == (1<gb); align_get_bits(&s->gb); while(show_bits(&s->gb, 8) == 0xFF) From 7b6b9be8614aa53e79db565c9203b9afaa452d8d Mon Sep 17 00:00:00 2001 From: Jeff Downs Date: Wed, 29 Jun 2011 12:38:46 -0400 Subject: [PATCH 152/652] Make all option parsing functions match the function pointer type through which they are called. All option parsing functions now match the function pointer signature through which they are called (int f(const char *, const char *), thereby working reliably on all platforms. Prefix all option processing functions with opt_ --- cmdutils.c | 24 ++++++++++++++++-------- cmdutils.h | 26 +++++++++++++++++--------- cmdutils_common_opts.h | 24 ++++++++++++------------ ffmpeg.c | 17 +++++++++++------ ffplay.c | 5 +++-- ffprobe.c | 3 ++- ffserver.c | 3 ++- 7 files changed, 63 insertions(+), 39 deletions(-) diff --git a/cmdutils.c b/cmdutils.c index cd6d13346d..62fe6e96ab 100644 --- a/cmdutils.c +++ b/cmdutils.c @@ -574,12 +574,13 @@ void show_banner(void) print_all_libs_info(stderr, INDENT|SHOW_VERSION); } -void show_version(void) { +int opt_version(const char *opt, const char *arg) { printf("%s " FFMPEG_VERSION "\n", program_name); print_all_libs_info(stdout, SHOW_VERSION); + return 0; } -void show_license(void) +int opt_license(const char *opt, const char *arg) { printf( #if CONFIG_NONFREE @@ -646,9 +647,10 @@ void show_license(void) program_name, program_name, program_name #endif ); + return 0; } -void show_formats(void) +int opt_formats(const char *opt, const char *arg) { AVInputFormat *ifmt=NULL; AVOutputFormat *ofmt=NULL; @@ -695,9 +697,10 @@ void show_formats(void) name, long_name ? long_name:" "); } + return 0; } -void show_codecs(void) +int opt_codecs(const char *opt, const char *arg) { AVCodec *p=NULL, *p2; const char *last_name; @@ -771,9 +774,10 @@ void show_codecs(void) "even though both encoding and decoding are supported. For example, the h263\n" "decoder corresponds to the h263 and h263p encoders, for file formats it is even\n" "worse.\n"); + return 0; } -void show_bsfs(void) +int opt_bsfs(const char *opt, const char *arg) { AVBitStreamFilter *bsf=NULL; @@ -781,9 +785,10 @@ void show_bsfs(void) while((bsf = av_bitstream_filter_next(bsf))) printf("%s\n", bsf->name); printf("\n"); + return 0; } -void show_protocols(void) +int opt_protocols(const char *opt, const char *arg) { URLProtocol *up=NULL; @@ -799,9 +804,10 @@ void show_protocols(void) up->url_write ? 'O' : '.', up->url_seek ? 'S' : '.', up->name); + return 0; } -void show_filters(void) +int opt_filters(const char *opt, const char *arg) { AVFilter av_unused(**filter) = NULL; @@ -810,9 +816,10 @@ void show_filters(void) while ((filter = av_filter_next(filter)) && *filter) printf("%-16s %s\n", (*filter)->name, (*filter)->description); #endif + return 0; } -void show_pix_fmts(void) +int opt_pix_fmts(const char *opt, const char *arg) { enum PixelFormat pix_fmt; @@ -843,6 +850,7 @@ void show_pix_fmts(void) pix_desc->nb_components, av_get_bits_per_pixel(pix_desc)); } + return 0; } int read_yesno(void) diff --git a/cmdutils.h b/cmdutils.h index e001ab9201..b05828cd0a 100644 --- a/cmdutils.h +++ b/cmdutils.h @@ -62,7 +62,7 @@ void uninit_opts(void); /** * Trivial log callback. - * Only suitable for show_help and similar since it lacks prefix handling. + * Only suitable for opt_help and similar since it lacks prefix handling. */ void log_callback_help(void* ptr, int level, const char* fmt, va_list vl); @@ -177,50 +177,58 @@ void show_banner(void); * Print the version of the program to stdout. The version message * depends on the current versions of the repository and of the libav* * libraries. + * This option processing function does not utilize the arguments. */ -void show_version(void); +int opt_version(const char *opt, const char *arg); /** * Print the license of the program to stdout. The license depends on * the license of the libraries compiled into the program. + * This option processing function does not utilize the arguments. */ -void show_license(void); +int opt_license(const char *opt, const char *arg); /** * Print a listing containing all the formats supported by the * program. + * This option processing function does not utilize the arguments. */ -void show_formats(void); +int opt_formats(const char *opt, const char *arg); /** * Print a listing containing all the codecs supported by the * program. + * This option processing function does not utilize the arguments. */ -void show_codecs(void); +int opt_codecs(const char *opt, const char *arg); /** * Print a listing containing all the filters supported by the * program. + * This option processing function does not utilize the arguments. */ -void show_filters(void); +int opt_filters(const char *opt, const char *arg); /** * Print a listing containing all the bit stream filters supported by the * program. + * This option processing function does not utilize the arguments. */ -void show_bsfs(void); +int opt_bsfs(const char *opt, const char *arg); /** * Print a listing containing all the protocols supported by the * program. + * This option processing function does not utilize the arguments. */ -void show_protocols(void); +int opt_protocols(const char *opt, const char *arg); /** * Print a listing containing all the pixel formats supported by the * program. + * This option processing function does not utilize the arguments. */ -void show_pix_fmts(void); +int opt_pix_fmts(const char *opt, const char *arg); /** * Return a positive value if a line read from standard input diff --git a/cmdutils_common_opts.h b/cmdutils_common_opts.h index 9b5e5d22cd..8e680490fe 100644 --- a/cmdutils_common_opts.h +++ b/cmdutils_common_opts.h @@ -1,13 +1,13 @@ - { "L", OPT_EXIT, {(void*)show_license}, "show license" }, - { "h", OPT_EXIT, {(void*)show_help}, "show help" }, - { "?", OPT_EXIT, {(void*)show_help}, "show help" }, - { "help", OPT_EXIT, {(void*)show_help}, "show help" }, - { "-help", OPT_EXIT, {(void*)show_help}, "show help" }, - { "version", OPT_EXIT, {(void*)show_version}, "show version" }, - { "formats" , OPT_EXIT, {(void*)show_formats }, "show available formats" }, - { "codecs" , OPT_EXIT, {(void*)show_codecs }, "show available codecs" }, - { "bsfs" , OPT_EXIT, {(void*)show_bsfs }, "show available bit stream filters" }, - { "protocols", OPT_EXIT, {(void*)show_protocols}, "show available protocols" }, - { "filters", OPT_EXIT, {(void*)show_filters }, "show available filters" }, - { "pix_fmts" , OPT_EXIT, {(void*)show_pix_fmts }, "show available pixel formats" }, + { "L", OPT_EXIT, {(void*)opt_license}, "show license" }, + { "h", OPT_EXIT, {(void*)opt_help}, "show help" }, + { "?", OPT_EXIT, {(void*)opt_help}, "show help" }, + { "help", OPT_EXIT, {(void*)opt_help}, "show help" }, + { "-help", OPT_EXIT, {(void*)opt_help}, "show help" }, + { "version", OPT_EXIT, {(void*)opt_version}, "show version" }, + { "formats" , OPT_EXIT, {(void*)opt_formats }, "show available formats" }, + { "codecs" , OPT_EXIT, {(void*)opt_codecs }, "show available codecs" }, + { "bsfs" , OPT_EXIT, {(void*)opt_bsfs }, "show available bit stream filters" }, + { "protocols", OPT_EXIT, {(void*)opt_protocols}, "show available protocols" }, + { "filters", OPT_EXIT, {(void*)opt_filters }, "show available filters" }, + { "pix_fmts" , OPT_EXIT, {(void*)opt_pix_fmts }, "show available pixel formats" }, { "loglevel", HAS_ARG, {(void*)opt_loglevel}, "set libav* logging level", "loglevel" }, diff --git a/ffmpeg.c b/ffmpeg.c index ab628b2cbc..4c067d79ed 100644 --- a/ffmpeg.c +++ b/ffmpeg.c @@ -2946,7 +2946,7 @@ static int opt_frame_pix_fmt(const char *opt, const char *arg) return AVERROR(EINVAL); } } else { - show_pix_fmts(); + opt_pix_fmts(NULL, NULL); ffmpeg_exit(0); } return 0; @@ -4077,16 +4077,18 @@ static void parse_matrix_coeffs(uint16_t *dest, const char *str) } } -static void opt_inter_matrix(const char *opt, const char *arg) +static int opt_inter_matrix(const char *opt, const char *arg) { inter_matrix = av_mallocz(sizeof(uint16_t) * 64); parse_matrix_coeffs(inter_matrix, arg); + return 0; } -static void opt_intra_matrix(const char *opt, const char *arg) +static int opt_intra_matrix(const char *opt, const char *arg) { intra_matrix = av_mallocz(sizeof(uint16_t) * 64); parse_matrix_coeffs(intra_matrix, arg); + return 0; } static void show_usage(void) @@ -4096,7 +4098,7 @@ static void show_usage(void) printf("\n"); } -static void show_help(void) +static int opt_help(const char *opt, const char *arg) { AVCodec *c; AVOutputFormat *oformat = NULL; @@ -4151,6 +4153,7 @@ static void show_help(void) } av_opt_show2(sws_opts, NULL, AV_OPT_FLAG_ENCODING_PARAM|AV_OPT_FLAG_DECODING_PARAM, 0); + return 0; } static int opt_target(const char *opt, const char *arg) @@ -4381,11 +4384,13 @@ static void log_callback_null(void* ptr, int level, const char* fmt, va_list vl) { } -static void opt_passlogfile(const char *opt, const char *arg) +static int opt_passlogfile(const char *opt, const char *arg) { pass_logfilename_prefix = arg; #if CONFIG_LIBX264_ENCODER - opt_default("passlogfile", arg); + return opt_default("passlogfile", arg); +#else + return 0; #endif } diff --git a/ffplay.c b/ffplay.c index b79df9760e..2c4bafcf74 100644 --- a/ffplay.c +++ b/ffplay.c @@ -212,7 +212,7 @@ typedef struct VideoState { int refresh; } VideoState; -static void show_help(void); +static int opt_help(const char *opt, const char *arg); /* options specified by the user */ static AVInputFormat *file_iformat; @@ -2952,7 +2952,7 @@ static void show_usage(void) printf("\n"); } -static void show_help(void) +static int opt_help(const char *opt, const char *arg) { av_log_set_callback(log_callback_help); show_usage(); @@ -2984,6 +2984,7 @@ static void show_help(void) "down/up seek backward/forward 1 minute\n" "mouse click seek to percentage in file corresponding to fraction of width\n" ); + return 0; } /* Called from the main */ diff --git a/ffprobe.c b/ffprobe.c index b2b2c8fd9c..ae97253cb8 100644 --- a/ffprobe.c +++ b/ffprobe.c @@ -353,7 +353,7 @@ static int opt_input_file(const char *opt, const char *arg) return 0; } -static void show_help(void) +static int opt_help(const char *opt, const char *arg) { av_log_set_callback(log_callback_help); show_usage(); @@ -361,6 +361,7 @@ static void show_help(void) printf("\n"); av_opt_show2(avformat_opts, NULL, AV_OPT_FLAG_DECODING_PARAM, 0); + return 0; } static void opt_pretty(void) diff --git a/ffserver.c b/ffserver.c index 0eac639137..2aa778f823 100644 --- a/ffserver.c +++ b/ffserver.c @@ -4662,12 +4662,13 @@ static void opt_debug(void) logfilename[0] = '-'; } -static void show_help(void) +static int opt_help(const char *opt, const char *arg) { printf("usage: ffserver [options]\n" "Hyper fast multi format Audio/Video streaming server\n"); printf("\n"); show_help_options(options, "Main options:\n", 0, 0); + return 0; } static const OptionDef options[] = { From 7d704f5127c8163a04026e3f53d082505c92c851 Mon Sep 17 00:00:00 2001 From: Jeff Downs Date: Wed, 29 Jun 2011 12:38:46 -0400 Subject: [PATCH 153/652] Make all option parsing functions match the function pointer type through which they are called. All option parsing functions now match the function pointer signature through which they are called (int f(const char *, const char *), thereby working reliably on all platforms. Prefix all option processing functions with opt_ --- cmdutils.c | 24 ++++++++++++++++-------- cmdutils.h | 26 +++++++++++++++++--------- cmdutils_common_opts.h | 24 ++++++++++++------------ ffmpeg.c | 17 +++++++++++------ ffplay.c | 5 +++-- ffprobe.c | 3 ++- ffserver.c | 3 ++- 7 files changed, 63 insertions(+), 39 deletions(-) diff --git a/cmdutils.c b/cmdutils.c index cd6d13346d..62fe6e96ab 100644 --- a/cmdutils.c +++ b/cmdutils.c @@ -574,12 +574,13 @@ void show_banner(void) print_all_libs_info(stderr, INDENT|SHOW_VERSION); } -void show_version(void) { +int opt_version(const char *opt, const char *arg) { printf("%s " FFMPEG_VERSION "\n", program_name); print_all_libs_info(stdout, SHOW_VERSION); + return 0; } -void show_license(void) +int opt_license(const char *opt, const char *arg) { printf( #if CONFIG_NONFREE @@ -646,9 +647,10 @@ void show_license(void) program_name, program_name, program_name #endif ); + return 0; } -void show_formats(void) +int opt_formats(const char *opt, const char *arg) { AVInputFormat *ifmt=NULL; AVOutputFormat *ofmt=NULL; @@ -695,9 +697,10 @@ void show_formats(void) name, long_name ? long_name:" "); } + return 0; } -void show_codecs(void) +int opt_codecs(const char *opt, const char *arg) { AVCodec *p=NULL, *p2; const char *last_name; @@ -771,9 +774,10 @@ void show_codecs(void) "even though both encoding and decoding are supported. For example, the h263\n" "decoder corresponds to the h263 and h263p encoders, for file formats it is even\n" "worse.\n"); + return 0; } -void show_bsfs(void) +int opt_bsfs(const char *opt, const char *arg) { AVBitStreamFilter *bsf=NULL; @@ -781,9 +785,10 @@ void show_bsfs(void) while((bsf = av_bitstream_filter_next(bsf))) printf("%s\n", bsf->name); printf("\n"); + return 0; } -void show_protocols(void) +int opt_protocols(const char *opt, const char *arg) { URLProtocol *up=NULL; @@ -799,9 +804,10 @@ void show_protocols(void) up->url_write ? 'O' : '.', up->url_seek ? 'S' : '.', up->name); + return 0; } -void show_filters(void) +int opt_filters(const char *opt, const char *arg) { AVFilter av_unused(**filter) = NULL; @@ -810,9 +816,10 @@ void show_filters(void) while ((filter = av_filter_next(filter)) && *filter) printf("%-16s %s\n", (*filter)->name, (*filter)->description); #endif + return 0; } -void show_pix_fmts(void) +int opt_pix_fmts(const char *opt, const char *arg) { enum PixelFormat pix_fmt; @@ -843,6 +850,7 @@ void show_pix_fmts(void) pix_desc->nb_components, av_get_bits_per_pixel(pix_desc)); } + return 0; } int read_yesno(void) diff --git a/cmdutils.h b/cmdutils.h index e001ab9201..b05828cd0a 100644 --- a/cmdutils.h +++ b/cmdutils.h @@ -62,7 +62,7 @@ void uninit_opts(void); /** * Trivial log callback. - * Only suitable for show_help and similar since it lacks prefix handling. + * Only suitable for opt_help and similar since it lacks prefix handling. */ void log_callback_help(void* ptr, int level, const char* fmt, va_list vl); @@ -177,50 +177,58 @@ void show_banner(void); * Print the version of the program to stdout. The version message * depends on the current versions of the repository and of the libav* * libraries. + * This option processing function does not utilize the arguments. */ -void show_version(void); +int opt_version(const char *opt, const char *arg); /** * Print the license of the program to stdout. The license depends on * the license of the libraries compiled into the program. + * This option processing function does not utilize the arguments. */ -void show_license(void); +int opt_license(const char *opt, const char *arg); /** * Print a listing containing all the formats supported by the * program. + * This option processing function does not utilize the arguments. */ -void show_formats(void); +int opt_formats(const char *opt, const char *arg); /** * Print a listing containing all the codecs supported by the * program. + * This option processing function does not utilize the arguments. */ -void show_codecs(void); +int opt_codecs(const char *opt, const char *arg); /** * Print a listing containing all the filters supported by the * program. + * This option processing function does not utilize the arguments. */ -void show_filters(void); +int opt_filters(const char *opt, const char *arg); /** * Print a listing containing all the bit stream filters supported by the * program. + * This option processing function does not utilize the arguments. */ -void show_bsfs(void); +int opt_bsfs(const char *opt, const char *arg); /** * Print a listing containing all the protocols supported by the * program. + * This option processing function does not utilize the arguments. */ -void show_protocols(void); +int opt_protocols(const char *opt, const char *arg); /** * Print a listing containing all the pixel formats supported by the * program. + * This option processing function does not utilize the arguments. */ -void show_pix_fmts(void); +int opt_pix_fmts(const char *opt, const char *arg); /** * Return a positive value if a line read from standard input diff --git a/cmdutils_common_opts.h b/cmdutils_common_opts.h index 9b5e5d22cd..8e680490fe 100644 --- a/cmdutils_common_opts.h +++ b/cmdutils_common_opts.h @@ -1,13 +1,13 @@ - { "L", OPT_EXIT, {(void*)show_license}, "show license" }, - { "h", OPT_EXIT, {(void*)show_help}, "show help" }, - { "?", OPT_EXIT, {(void*)show_help}, "show help" }, - { "help", OPT_EXIT, {(void*)show_help}, "show help" }, - { "-help", OPT_EXIT, {(void*)show_help}, "show help" }, - { "version", OPT_EXIT, {(void*)show_version}, "show version" }, - { "formats" , OPT_EXIT, {(void*)show_formats }, "show available formats" }, - { "codecs" , OPT_EXIT, {(void*)show_codecs }, "show available codecs" }, - { "bsfs" , OPT_EXIT, {(void*)show_bsfs }, "show available bit stream filters" }, - { "protocols", OPT_EXIT, {(void*)show_protocols}, "show available protocols" }, - { "filters", OPT_EXIT, {(void*)show_filters }, "show available filters" }, - { "pix_fmts" , OPT_EXIT, {(void*)show_pix_fmts }, "show available pixel formats" }, + { "L", OPT_EXIT, {(void*)opt_license}, "show license" }, + { "h", OPT_EXIT, {(void*)opt_help}, "show help" }, + { "?", OPT_EXIT, {(void*)opt_help}, "show help" }, + { "help", OPT_EXIT, {(void*)opt_help}, "show help" }, + { "-help", OPT_EXIT, {(void*)opt_help}, "show help" }, + { "version", OPT_EXIT, {(void*)opt_version}, "show version" }, + { "formats" , OPT_EXIT, {(void*)opt_formats }, "show available formats" }, + { "codecs" , OPT_EXIT, {(void*)opt_codecs }, "show available codecs" }, + { "bsfs" , OPT_EXIT, {(void*)opt_bsfs }, "show available bit stream filters" }, + { "protocols", OPT_EXIT, {(void*)opt_protocols}, "show available protocols" }, + { "filters", OPT_EXIT, {(void*)opt_filters }, "show available filters" }, + { "pix_fmts" , OPT_EXIT, {(void*)opt_pix_fmts }, "show available pixel formats" }, { "loglevel", HAS_ARG, {(void*)opt_loglevel}, "set libav* logging level", "loglevel" }, diff --git a/ffmpeg.c b/ffmpeg.c index c6374df949..ab5eb573a4 100644 --- a/ffmpeg.c +++ b/ffmpeg.c @@ -2945,7 +2945,7 @@ static int opt_frame_pix_fmt(const char *opt, const char *arg) return AVERROR(EINVAL); } } else { - show_pix_fmts(); + opt_pix_fmts(NULL, NULL); ffmpeg_exit(0); } return 0; @@ -4076,16 +4076,18 @@ static void parse_matrix_coeffs(uint16_t *dest, const char *str) } } -static void opt_inter_matrix(const char *opt, const char *arg) +static int opt_inter_matrix(const char *opt, const char *arg) { inter_matrix = av_mallocz(sizeof(uint16_t) * 64); parse_matrix_coeffs(inter_matrix, arg); + return 0; } -static void opt_intra_matrix(const char *opt, const char *arg) +static int opt_intra_matrix(const char *opt, const char *arg) { intra_matrix = av_mallocz(sizeof(uint16_t) * 64); parse_matrix_coeffs(intra_matrix, arg); + return 0; } static void show_usage(void) @@ -4095,7 +4097,7 @@ static void show_usage(void) printf("\n"); } -static void show_help(void) +static int opt_help(const char *opt, const char *arg) { AVCodec *c; AVOutputFormat *oformat = NULL; @@ -4150,6 +4152,7 @@ static void show_help(void) } av_opt_show2(sws_opts, NULL, AV_OPT_FLAG_ENCODING_PARAM|AV_OPT_FLAG_DECODING_PARAM, 0); + return 0; } static int opt_target(const char *opt, const char *arg) @@ -4380,11 +4383,13 @@ static void log_callback_null(void* ptr, int level, const char* fmt, va_list vl) { } -static void opt_passlogfile(const char *opt, const char *arg) +static int opt_passlogfile(const char *opt, const char *arg) { pass_logfilename_prefix = arg; #if CONFIG_LIBX264_ENCODER - opt_default("passlogfile", arg); + return opt_default("passlogfile", arg); +#else + return 0; #endif } diff --git a/ffplay.c b/ffplay.c index 6eefee6e00..6ac8f34fa0 100644 --- a/ffplay.c +++ b/ffplay.c @@ -212,7 +212,7 @@ typedef struct VideoState { int refresh; } VideoState; -static void show_help(void); +static int opt_help(const char *opt, const char *arg); /* options specified by the user */ static AVInputFormat *file_iformat; @@ -2952,7 +2952,7 @@ static void show_usage(void) printf("\n"); } -static void show_help(void) +static int opt_help(const char *opt, const char *arg) { av_log_set_callback(log_callback_help); show_usage(); @@ -2984,6 +2984,7 @@ static void show_help(void) "down/up seek backward/forward 1 minute\n" "mouse click seek to percentage in file corresponding to fraction of width\n" ); + return 0; } /* Called from the main */ diff --git a/ffprobe.c b/ffprobe.c index a2b27c3745..fdcdf70273 100644 --- a/ffprobe.c +++ b/ffprobe.c @@ -353,7 +353,7 @@ static int opt_input_file(const char *opt, const char *arg) return 0; } -static void show_help(void) +static int opt_help(const char *opt, const char *arg) { av_log_set_callback(log_callback_help); show_usage(); @@ -361,6 +361,7 @@ static void show_help(void) printf("\n"); av_opt_show2(avformat_opts, NULL, AV_OPT_FLAG_DECODING_PARAM, 0); + return 0; } static void opt_pretty(void) diff --git a/ffserver.c b/ffserver.c index 15ea00f4f8..83dd986dc2 100644 --- a/ffserver.c +++ b/ffserver.c @@ -4654,12 +4654,13 @@ static void opt_debug(void) logfilename[0] = '-'; } -static void show_help(void) +static int opt_help(const char *opt, const char *arg) { printf("usage: ffserver [options]\n" "Hyper fast multi format Audio/Video streaming server\n"); printf("\n"); show_help_options(options, "Main options:\n", 0, 0); + return 0; } static const OptionDef options[] = { From f5978250524f03364c4c67f14dab86db66f7a908 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 27 Aug 2011 21:24:13 +0200 Subject: [PATCH 154/652] Fix memory corruption in case of memory allocation failure in av_probe_input_buffer() Reported-by: Tanami Ohad Signed-off-by: Michael Niedermayer (cherry picked from commit 941bb552c6e08b40eb7d7842df19285cd650edd0) --- libavformat/utils.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index 955aaa72a2..52b2ae95bf 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -524,13 +524,19 @@ int av_probe_input_buffer(AVIOContext *pb, AVInputFormat **fmt, probe_size = FFMIN(probe_size<<1, FFMAX(max_probe_size, probe_size+1))) { int ret, score = probe_size < max_probe_size ? AVPROBE_SCORE_MAX/4 : 0; int buf_offset = (probe_size == PROBE_BUF_MIN) ? 0 : probe_size>>1; + void *buftmp; if (probe_size < offset) { continue; } /* read probe data */ - buf = av_realloc(buf, probe_size + AVPROBE_PADDING_SIZE); + buftmp = av_realloc(buf, probe_size + AVPROBE_PADDING_SIZE); + if(!buftmp){ + av_free(buf); + return AVERROR(ENOMEM); + } + buf=buftmp; if ((ret = avio_read(pb, buf + buf_offset, probe_size - buf_offset)) < 0) { /* fail if error was not end of file, otherwise, lower score */ if (ret != AVERROR_EOF) { From 8af11e51f22705f37818f0aaded8bbd24dd34aac Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 27 Aug 2011 01:49:55 +0200 Subject: [PATCH 155/652] vf_scale: apply the same transform to the aspect during init that is applied per frame Signed-off-by: Michael Niedermayer (cherry picked from commit c8868f28e357e7e6ffe3254d0056b3e8033fe8e5) --- libavfilter/vf_scale.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavfilter/vf_scale.c b/libavfilter/vf_scale.c index e172a2e586..ba8f9e1e82 100644 --- a/libavfilter/vf_scale.c +++ b/libavfilter/vf_scale.c @@ -232,6 +232,11 @@ static int config_props(AVFilterLink *outlink) if (!scale->sws) return AVERROR(EINVAL); + if (inlink->sample_aspect_ratio.num){ + outlink->sample_aspect_ratio = av_mul_q((AVRational){outlink->h * inlink->w, outlink->w * inlink->h}, inlink->sample_aspect_ratio); + } else + outlink->sample_aspect_ratio = inlink->sample_aspect_ratio; + return 0; fail: From b6187e48db484f9fe8437457bcb382c331baf8c5 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 10 Aug 2011 17:29:51 +0200 Subject: [PATCH 156/652] cavsdec: avoid possible crash with crafted input Signed-off-by: Michael Niedermayer (cherry picked from commit 9f06c1c61e876e930753da200bfe835817e30a53) --- libavcodec/cavsdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/cavsdec.c b/libavcodec/cavsdec.c index 222355ea5e..906afdb668 100644 --- a/libavcodec/cavsdec.c +++ b/libavcodec/cavsdec.c @@ -166,7 +166,7 @@ static inline int decode_residual_inter(AVSContext *h) { /* get coded block pattern */ int cbp= get_ue_golomb(&h->s.gb); - if(cbp > 63){ + if(cbp > 63U){ av_log(h->s.avctx, AV_LOG_ERROR, "illegal inter cbp\n"); return -1; } @@ -226,7 +226,7 @@ static int decode_mb_i(AVSContext *h, int cbp_code) { /* get coded block pattern */ if(h->pic_type == AV_PICTURE_TYPE_I) cbp_code = get_ue_golomb(gb); - if(cbp_code > 63){ + if(cbp_code > 63U){ av_log(h->s.avctx, AV_LOG_ERROR, "illegal intra cbp\n"); return -1; } From c2a2ad133eb9d42361804a568dee336992349a5e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 7 Sep 2011 14:12:42 +0200 Subject: [PATCH 157/652] rtp: Fix integer underflow that could allow remote code execution. Fixes MSVR-11-0088 Credit: Jeong Wook Oh of Microsoft and Microsoft Vulnerability Research (MSVR) Signed-off-by: Michael Niedermayer (cherry picked from commit ba9a7e0d71bd34f8b89ae99322b62a310be163a6) --- libavformat/rtpdec_asf.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/rtpdec_asf.c b/libavformat/rtpdec_asf.c index 4f776453d7..384aeb24f3 100644 --- a/libavformat/rtpdec_asf.c +++ b/libavformat/rtpdec_asf.c @@ -235,6 +235,8 @@ static int asfrtp_parse_packet(AVFormatContext *s, PayloadContext *asf, int prev_len = out_len; out_len += cur_len; asf->buf = av_realloc(asf->buf, out_len); + if(!asf->buf || FFMIN(cur_len, len - off)<0) + return -1; memcpy(asf->buf + prev_len, buf + off, FFMIN(cur_len, len - off)); avio_skip(pb, cur_len); From f601bf4004ae1e13bbd805a98f95822a3def4c38 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 7 Sep 2011 14:12:42 +0200 Subject: [PATCH 158/652] rtp: Fix integer underflow that could allow remote code execution. Fixes MSVR-11-0088 Credit: Jeong Wook Oh of Microsoft and Microsoft Vulnerability Research (MSVR) Signed-off-by: Michael Niedermayer (cherry picked from commit ba9a7e0d71bd34f8b89ae99322b62a310be163a6) --- libavformat/rtpdec_asf.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/rtpdec_asf.c b/libavformat/rtpdec_asf.c index 4f776453d7..384aeb24f3 100644 --- a/libavformat/rtpdec_asf.c +++ b/libavformat/rtpdec_asf.c @@ -235,6 +235,8 @@ static int asfrtp_parse_packet(AVFormatContext *s, PayloadContext *asf, int prev_len = out_len; out_len += cur_len; asf->buf = av_realloc(asf->buf, out_len); + if(!asf->buf || FFMIN(cur_len, len - off)<0) + return -1; memcpy(asf->buf + prev_len, buf + off, FFMIN(cur_len, len - off)); avio_skip(pb, cur_len); From 958f0a0f19c76267e662192707b3bddd67f15770 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 10 Aug 2011 17:29:51 +0200 Subject: [PATCH 159/652] cavsdec: avoid possible crash with crafted input Signed-off-by: Michael Niedermayer (cherry picked from commit 9f06c1c61e876e930753da200bfe835817e30a53) --- libavcodec/cavsdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/cavsdec.c b/libavcodec/cavsdec.c index 6f4c83b850..5671c25444 100644 --- a/libavcodec/cavsdec.c +++ b/libavcodec/cavsdec.c @@ -163,7 +163,7 @@ static inline int decode_residual_inter(AVSContext *h) { /* get coded block pattern */ int cbp= get_ue_golomb(&h->s.gb); - if(cbp > 63){ + if(cbp > 63U){ av_log(h->s.avctx, AV_LOG_ERROR, "illegal inter cbp\n"); return -1; } @@ -222,7 +222,7 @@ static int decode_mb_i(AVSContext *h, int cbp_code) { /* get coded block pattern */ if(h->pic_type == AV_PICTURE_TYPE_I) cbp_code = get_ue_golomb(gb); - if(cbp_code > 63){ + if(cbp_code > 63U){ av_log(h->s.avctx, AV_LOG_ERROR, "illegal intra cbp\n"); return -1; } From aedef891fc81e22685ad0bed97f50095429fc671 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 27 Aug 2011 21:24:13 +0200 Subject: [PATCH 160/652] Fix memory corruption in case of memory allocation failure in av_probe_input_buffer() Reported-by: Tanami Ohad Signed-off-by: Michael Niedermayer (cherry picked from commit 941bb552c6e08b40eb7d7842df19285cd650edd0) --- libavformat/utils.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index 8dd76f3e25..1a50c8cab9 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -596,13 +596,19 @@ int av_probe_input_buffer(AVIOContext *pb, AVInputFormat **fmt, probe_size = FFMIN(probe_size<<1, FFMAX(max_probe_size, probe_size+1))) { int score = probe_size < max_probe_size ? AVPROBE_SCORE_MAX/4 : 0; int buf_offset = (probe_size == PROBE_BUF_MIN) ? 0 : probe_size>>1; + void *buftmp; if (probe_size < offset) { continue; } /* read probe data */ - buf = av_realloc(buf, probe_size + AVPROBE_PADDING_SIZE); + buftmp = av_realloc(buf, probe_size + AVPROBE_PADDING_SIZE); + if(!buftmp){ + av_free(buf); + return AVERROR(ENOMEM); + } + buf=buftmp; if ((ret = avio_read(pb, buf + buf_offset, probe_size - buf_offset)) < 0) { /* fail if error was not end of file, otherwise, lower score */ if (ret != AVERROR_EOF) { From b6b46db9e4fac641d2111c63f02b694250a5e90c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 7 Sep 2011 15:18:29 +0200 Subject: [PATCH 161/652] Update for 0.7.4 Signed-off-by: Michael Niedermayer --- Doxyfile | 2 +- RELEASE | 2 +- VERSION | 3 +-- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/Doxyfile b/Doxyfile index b7c634c74e..afd2e3c289 100644 --- a/Doxyfile +++ b/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 0.7.3 +PROJECT_NUMBER = 0.7.4 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. diff --git a/RELEASE b/RELEASE index f38fc5393f..0a1ffad4b4 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -0.7.3 +0.7.4 diff --git a/VERSION b/VERSION index dc5add7e4d..0a1ffad4b4 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1 @@ -0.7.3 - +0.7.4 From a9a8e5ca99cead74c6c0c8ccf180634cb64301cd Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 7 Sep 2011 15:19:28 +0200 Subject: [PATCH 162/652] Update for 0.8.3 Signed-off-by: Michael Niedermayer --- Doxyfile | 2 +- RELEASE | 2 +- VERSION | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Doxyfile b/Doxyfile index 0f7de822f6..eca888d1d8 100644 --- a/Doxyfile +++ b/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 0.8.2 +PROJECT_NUMBER = 0.8.3 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. diff --git a/RELEASE b/RELEASE index 100435be13..ee94dd834b 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -0.8.2 +0.8.3 diff --git a/VERSION b/VERSION index 100435be13..ee94dd834b 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.8.2 +0.8.3 From 61f55565fb96158a70ddc56c9e44312ffbd3cce5 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 7 Sep 2011 16:48:49 +0200 Subject: [PATCH 163/652] rtpdec_asf: fix memleak Based on a suggestion by Ronald S. Bultje Signed-off-by: Michael Niedermayer (cherry picked from commit a2b66a366d7d9d7dacc217601b5e4406624f91ea) --- libavformat/rtpdec_asf.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/libavformat/rtpdec_asf.c b/libavformat/rtpdec_asf.c index 384aeb24f3..643ea7a5a0 100644 --- a/libavformat/rtpdec_asf.c +++ b/libavformat/rtpdec_asf.c @@ -233,10 +233,14 @@ static int asfrtp_parse_packet(AVFormatContext *s, PayloadContext *asf, int cur_len = start_off + len_off - off; int prev_len = out_len; + void *newbuf; out_len += cur_len; - asf->buf = av_realloc(asf->buf, out_len); - if(!asf->buf || FFMIN(cur_len, len - off)<0) + if(FFMIN(cur_len, len - off)<0) return -1; + newbuf = av_realloc(asf->buf, out_len); + if(!newbuf) + return -1; + asf->buf= newbuf; memcpy(asf->buf + prev_len, buf + off, FFMIN(cur_len, len - off)); avio_skip(pb, cur_len); From 076a8dfd411b77cd0b993581daf7ed7a313f017f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 7 Sep 2011 16:48:49 +0200 Subject: [PATCH 164/652] rtpdec_asf: fix memleak Based on a suggestion by Ronald S. Bultje Signed-off-by: Michael Niedermayer (cherry picked from commit a2b66a366d7d9d7dacc217601b5e4406624f91ea) --- libavformat/rtpdec_asf.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/libavformat/rtpdec_asf.c b/libavformat/rtpdec_asf.c index 384aeb24f3..643ea7a5a0 100644 --- a/libavformat/rtpdec_asf.c +++ b/libavformat/rtpdec_asf.c @@ -233,10 +233,14 @@ static int asfrtp_parse_packet(AVFormatContext *s, PayloadContext *asf, int cur_len = start_off + len_off - off; int prev_len = out_len; + void *newbuf; out_len += cur_len; - asf->buf = av_realloc(asf->buf, out_len); - if(!asf->buf || FFMIN(cur_len, len - off)<0) + if(FFMIN(cur_len, len - off)<0) return -1; + newbuf = av_realloc(asf->buf, out_len); + if(!newbuf) + return -1; + asf->buf= newbuf; memcpy(asf->buf + prev_len, buf + off, FFMIN(cur_len, len - off)); avio_skip(pb, cur_len); From 9e40946edfaad4561dfe697f34573168455259b5 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 7 Sep 2011 16:48:49 +0200 Subject: [PATCH 165/652] rtpdec_asf: fix memleak Based on a suggestion by Ronald S. Bultje Signed-off-by: Michael Niedermayer (cherry picked from commit a2b66a366d7d9d7dacc217601b5e4406624f91ea) --- libavformat/rtpdec_asf.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/libavformat/rtpdec_asf.c b/libavformat/rtpdec_asf.c index 384aeb24f3..643ea7a5a0 100644 --- a/libavformat/rtpdec_asf.c +++ b/libavformat/rtpdec_asf.c @@ -233,10 +233,14 @@ static int asfrtp_parse_packet(AVFormatContext *s, PayloadContext *asf, int cur_len = start_off + len_off - off; int prev_len = out_len; + void *newbuf; out_len += cur_len; - asf->buf = av_realloc(asf->buf, out_len); - if(!asf->buf || FFMIN(cur_len, len - off)<0) + if(FFMIN(cur_len, len - off)<0) return -1; + newbuf = av_realloc(asf->buf, out_len); + if(!newbuf) + return -1; + asf->buf= newbuf; memcpy(asf->buf + prev_len, buf + off, FFMIN(cur_len, len - off)); avio_skip(pb, cur_len); From f4e34d161415d4f81e72115c1567a032540c36bf Mon Sep 17 00:00:00 2001 From: Chris Rankin Date: Thu, 8 Sep 2011 21:04:26 +0200 Subject: [PATCH 166/652] mp3dec: Dont spam the user on multiple mp3 frames. (cherry picked from commit 54e1eaef6787104083cbc9c9834ea4d13612df9f) --- libavcodec/mpegaudiodec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mpegaudiodec.c b/libavcodec/mpegaudiodec.c index 56a48ce71b..9fbae0c316 100644 --- a/libavcodec/mpegaudiodec.c +++ b/libavcodec/mpegaudiodec.c @@ -1809,7 +1809,7 @@ static int decode_frame(AVCodecContext * avctx, av_log(avctx, AV_LOG_ERROR, "incomplete frame\n"); return -1; }else if(s->frame_size < buf_size){ - av_log(avctx, AV_LOG_ERROR, "incorrect frame size\n"); + av_log(avctx, AV_LOG_DEBUG, "incorrect frame size - multiple frames in buffer?\n"); buf_size= s->frame_size; } From b2c9e9be870d2abcd2f85c9c0e3af5d1be3ac9e5 Mon Sep 17 00:00:00 2001 From: Chris Rankin Date: Thu, 8 Sep 2011 21:04:26 +0200 Subject: [PATCH 167/652] mp3dec: Dont spam the user on multiple mp3 frames. (cherry picked from commit 54e1eaef6787104083cbc9c9834ea4d13612df9f) --- libavcodec/mpegaudiodec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mpegaudiodec.c b/libavcodec/mpegaudiodec.c index 56a48ce71b..9fbae0c316 100644 --- a/libavcodec/mpegaudiodec.c +++ b/libavcodec/mpegaudiodec.c @@ -1809,7 +1809,7 @@ static int decode_frame(AVCodecContext * avctx, av_log(avctx, AV_LOG_ERROR, "incomplete frame\n"); return -1; }else if(s->frame_size < buf_size){ - av_log(avctx, AV_LOG_ERROR, "incorrect frame size\n"); + av_log(avctx, AV_LOG_DEBUG, "incorrect frame size - multiple frames in buffer?\n"); buf_size= s->frame_size; } From e6df35b3be5f722f49390b9950dde78975f33350 Mon Sep 17 00:00:00 2001 From: Gavin Kinsey Date: Thu, 8 Sep 2011 13:01:14 +0100 Subject: [PATCH 168/652] Prevent double free of side_data when AVFMT_FLAG_KEEP_SIDE_DATA flag is set (cherry picked from commit d64066f6e88c827e33002b2c7740efd62cd5ba7f) --- libavformat/utils.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index 52b2ae95bf..a582ddcc61 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -1133,7 +1133,10 @@ static int av_read_frame_internal(AVFormatContext *s, AVPacket *pkt) if (!st->need_parsing || !st->parser) { /* no parsing needed: we just output the packet as is */ /* raw data support */ - *pkt = st->cur_pkt; st->cur_pkt.data= NULL; + *pkt = st->cur_pkt; + st->cur_pkt.data= NULL; + st->cur_pkt.side_data_elems = 0; + st->cur_pkt.side_data = NULL; compute_pkt_fields(s, st, NULL, pkt); s->cur_st = NULL; if ((s->iformat->flags & AVFMT_GENERIC_INDEX) && From 90edd5df3d8c7a98372532363a86ffc217b3fa82 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Wed, 7 Sep 2011 23:12:32 +0200 Subject: [PATCH 169/652] Fixed invalid access in wavpack decoder on corrupted extra bits sub-blocks. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Storsjö (cherry picked from commit beefafda639dd53fc59c21d8a7cf8334da9a1062) --- libavcodec/wavpack.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c index d5102320fd..f46f9250de 100644 --- a/libavcodec/wavpack.c +++ b/libavcodec/wavpack.c @@ -385,7 +385,7 @@ static inline int wv_get_value_integer(WavpackFrameContext *s, uint32_t *crc, in if(s->extra_bits){ S <<= s->extra_bits; - if(s->got_extra_bits){ + if(s->got_extra_bits && get_bits_left(&s->gb_extra_bits) >= s->extra_bits){ S |= get_bits(&s->gb_extra_bits, s->extra_bits); *crc = *crc * 9 + (S&0xffff) * 3 + ((unsigned)S>>16); } From 399f7e0e75f902d4645879a1c39c4bd5fcfcee65 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Wed, 7 Sep 2011 22:17:39 +0200 Subject: [PATCH 170/652] Fixed invalid writes in wavpack decoder on corrupted bitstreams. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Storsjö (cherry picked from commit 0aedab03405849962b469277afe047aa2c61a87f) --- libavcodec/wavpack.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c index f46f9250de..a01795aff5 100644 --- a/libavcodec/wavpack.c +++ b/libavcodec/wavpack.c @@ -1113,7 +1113,7 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no, int16_t *dst = (int16_t*)samples + 1; int16_t *src = (int16_t*)samples; int cnt = samplecount; - while(cnt--){ + while(cnt-- > 0){ *dst = *src; src += channel_stride; dst += channel_stride; @@ -1122,7 +1122,7 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no, int32_t *dst = (int32_t*)samples + 1; int32_t *src = (int32_t*)samples; int cnt = samplecount; - while(cnt--){ + while(cnt-- > 0){ *dst = *src; src += channel_stride; dst += channel_stride; @@ -1131,7 +1131,7 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no, float *dst = (float*)samples + 1; float *src = (float*)samples; int cnt = samplecount; - while(cnt--){ + while(cnt-- > 0){ *dst = *src; src += channel_stride; dst += channel_stride; From e1baba3ddb8aa042f1a3a0d7bf74bb89a9c58f36 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Wed, 7 Sep 2011 22:02:55 +0200 Subject: [PATCH 171/652] Fixed invalid access in wavpack decoder on corrupted bitstream. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Storsjö (cherry picked from commit 55354b7de21e7bb4bbeb1c12ff55ea17f807c70c) --- libavcodec/wavpack.c | 49 +++++++++++++++++++++++++++++++------------- 1 file changed, 35 insertions(+), 14 deletions(-) diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c index a01795aff5..0ab05ac841 100644 --- a/libavcodec/wavpack.c +++ b/libavcodec/wavpack.c @@ -292,7 +292,14 @@ static int wv_get_value(WavpackFrameContext *ctx, GetBitContext *gb, int channel } }else{ t = get_unary_0_33(gb); - if(t >= 2) t = get_bits(gb, t - 1) | (1 << (t-1)); + if(t >= 2){ + if(get_bits_left(gb) < t-1) + goto error; + t = get_bits(gb, t - 1) | (1 << (t-1)); + }else{ + if(get_bits_left(gb) < 0) + goto error; + } ctx->zeroes = t; if(ctx->zeroes){ memset(ctx->ch[0].median, 0, sizeof(ctx->ch[0].median)); @@ -303,24 +310,24 @@ static int wv_get_value(WavpackFrameContext *ctx, GetBitContext *gb, int channel } } - if(get_bits_count(gb) >= ctx->data_size){ - *last = 1; - return 0; - } - if(ctx->zero){ t = 0; ctx->zero = 0; }else{ t = get_unary_0_33(gb); - if(get_bits_count(gb) >= ctx->data_size){ - *last = 1; - return 0; - } + if(get_bits_left(gb) < 0) + goto error; if(t == 16) { t2 = get_unary_0_33(gb); - if(t2 < 2) t += t2; - else t += get_bits(gb, t2 - 1) | (1 << (t2 - 1)); + if(t2 < 2){ + if(get_bits_left(gb) < 0) + goto error; + t += t2; + }else{ + if(get_bits_left(gb) < t2 - 1) + goto error; + t += get_bits(gb, t2 - 1) | (1 << (t2 - 1)); + } } if(ctx->one){ @@ -360,9 +367,13 @@ static int wv_get_value(WavpackFrameContext *ctx, GetBitContext *gb, int channel } if(!c->error_limit){ ret = base + get_tail(gb, add); + if (get_bits_left(gb) <= 0) + goto error; }else{ int mid = (base*2 + add + 1) >> 1; while(add > c->error_limit){ + if(get_bits_left(gb) <= 0) + goto error; if(get_bits1(gb)){ add -= (mid - base); base = mid; @@ -376,6 +387,10 @@ static int wv_get_value(WavpackFrameContext *ctx, GetBitContext *gb, int channel if(ctx->hybrid_bitrate) c->slow_level += wp_log2(ret) - LEVEL_DECAY(c->slow_level); return sign ? ~ret : ret; + +error: + *last = 1; + return 0; } static inline int wv_get_value_integer(WavpackFrameContext *s, uint32_t *crc, int S) @@ -580,7 +595,10 @@ static inline int wv_unpack_stereo(WavpackFrameContext *s, GetBitContext *gb, vo count++; }while(!last && count < s->max_samples); - s->samples_left -= count; + if (last) + s->samples_left = 0; + else + s->samples_left -= count; if(!s->samples_left){ if(crc != s->CRC){ av_log(s->avctx, AV_LOG_ERROR, "CRC error\n"); @@ -658,7 +676,10 @@ static inline int wv_unpack_mono(WavpackFrameContext *s, GetBitContext *gb, void count++; }while(!last && count < s->max_samples); - s->samples_left -= count; + if (last) + s->samples_left = 0; + else + s->samples_left -= count; if(!s->samples_left){ if(crc != s->CRC){ av_log(s->avctx, AV_LOG_ERROR, "CRC error\n"); From 48ba48fb132245a3a50cdd91eb90916a44f34c36 Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Thu, 8 Sep 2011 11:02:43 -0700 Subject: [PATCH 172/652] wavpack: Check error codes rather than working around error conditions. (cherry picked from commit dba2b63a98bdcac7bda1a8a2c48950518c075e17) --- libavcodec/wavpack.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c index 0ab05ac841..0d92f1802c 100644 --- a/libavcodec/wavpack.c +++ b/libavcodec/wavpack.c @@ -1119,6 +1119,10 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no, samplecount = wv_unpack_stereo(s, &s->gb, samples, AV_SAMPLE_FMT_S32); else samplecount = wv_unpack_stereo(s, &s->gb, samples, AV_SAMPLE_FMT_FLT); + + if (samplecount < 0) + return -1; + samplecount >>= 1; }else{ const int channel_stride = avctx->channels; @@ -1130,11 +1134,14 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no, else samplecount = wv_unpack_mono(s, &s->gb, samples, AV_SAMPLE_FMT_FLT); + if (samplecount < 0) + return -1; + if(s->stereo && avctx->sample_fmt == AV_SAMPLE_FMT_S16){ int16_t *dst = (int16_t*)samples + 1; int16_t *src = (int16_t*)samples; int cnt = samplecount; - while(cnt-- > 0){ + while(cnt--){ *dst = *src; src += channel_stride; dst += channel_stride; @@ -1143,7 +1150,7 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no, int32_t *dst = (int32_t*)samples + 1; int32_t *src = (int32_t*)samples; int cnt = samplecount; - while(cnt-- > 0){ + while(cnt--){ *dst = *src; src += channel_stride; dst += channel_stride; @@ -1152,7 +1159,7 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no, float *dst = (float*)samples + 1; float *src = (float*)samples; int cnt = samplecount; - while(cnt-- > 0){ + while(cnt--){ *dst = *src; src += channel_stride; dst += channel_stride; From acf2d3293c305c96ac0afda28bd55233af4ce61c Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Sun, 26 Jun 2011 15:52:00 -0700 Subject: [PATCH 173/652] swscale: don't use planar output functions to write to NV12/21. This prevents a crash when converting to NV12/21 without the bitexact flags enabled. (cherry picked from commit 0d994b2f45c08794899057ee7ca54f48218c0a53) Signed-off-by: Anton Khirnov --- libswscale/x86/swscale_template.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libswscale/x86/swscale_template.c b/libswscale/x86/swscale_template.c index 8fad257ddf..dc92cddff5 100644 --- a/libswscale/x86/swscale_template.c +++ b/libswscale/x86/swscale_template.c @@ -2203,7 +2203,8 @@ static av_cold void RENAME(sws_init_swScale)(SwsContext *c) enum PixelFormat srcFormat = c->srcFormat, dstFormat = c->dstFormat; - if (!is16BPS(dstFormat) && !is9_OR_10BPS(dstFormat)) { + if (!is16BPS(dstFormat) && !is9_OR_10BPS(dstFormat) && + dstFormat != PIX_FMT_NV12 && dstFormat != PIX_FMT_NV21) { if (!(c->flags & SWS_BITEXACT)) { if (c->flags & SWS_ACCURATE_RND) { c->yuv2yuv1 = RENAME(yuv2yuv1_ar ); From fa38ed8ac07402d9ab268eee0eb475e7e473a0c3 Mon Sep 17 00:00:00 2001 From: Jason Garrett-Glaser Date: Mon, 4 Jul 2011 06:05:34 -0700 Subject: [PATCH 174/652] H.264: fix overreads of qscale_table filter_mb_fast assumed that qscale_table was padded like many of the other tables. (cherry picked from commit 5029a406334ad0eaf92130e23d596e405a8a5aa0) Signed-off-by: Anton Khirnov --- libavcodec/mpegvideo.c | 5 +++-- libavcodec/mpegvideo.h | 1 + 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/libavcodec/mpegvideo.c b/libavcodec/mpegvideo.c index 4978d28b49..ceed41f230 100644 --- a/libavcodec/mpegvideo.c +++ b/libavcodec/mpegvideo.c @@ -285,9 +285,10 @@ int ff_alloc_picture(MpegEncContext *s, Picture *pic, int shared){ } FF_ALLOCZ_OR_GOTO(s->avctx, pic->mbskip_table , mb_array_size * sizeof(uint8_t)+2, fail) //the +2 is for the slice end check - FF_ALLOCZ_OR_GOTO(s->avctx, pic->qscale_table , mb_array_size * sizeof(uint8_t) , fail) + FF_ALLOCZ_OR_GOTO(s->avctx, pic->qscale_table_base , (big_mb_num + s->mb_stride) * sizeof(uint8_t) , fail) FF_ALLOCZ_OR_GOTO(s->avctx, pic->mb_type_base , (big_mb_num + s->mb_stride) * sizeof(uint32_t), fail) pic->mb_type= pic->mb_type_base + 2*s->mb_stride+1; + pic->qscale_table = pic->qscale_table_base + 2*s->mb_stride + 1; if(s->out_format == FMT_H264){ for(i=0; i<2; i++){ FF_ALLOCZ_OR_GOTO(s->avctx, pic->motion_val_base[i], 2 * (b4_array_size+4) * sizeof(int16_t), fail) @@ -339,7 +340,7 @@ static void free_picture(MpegEncContext *s, Picture *pic){ av_freep(&pic->mc_mb_var); av_freep(&pic->mb_mean); av_freep(&pic->mbskip_table); - av_freep(&pic->qscale_table); + av_freep(&pic->qscale_table_base); av_freep(&pic->mb_type_base); av_freep(&pic->dct_coeff); av_freep(&pic->pan_scan); diff --git a/libavcodec/mpegvideo.h b/libavcodec/mpegvideo.h index 6ce7faa235..f37977c941 100644 --- a/libavcodec/mpegvideo.h +++ b/libavcodec/mpegvideo.h @@ -88,6 +88,7 @@ typedef struct Picture{ * halfpel luma planes. */ uint8_t *interpolated[3]; + int8_t *qscale_table_base; int16_t (*motion_val_base[2])[2]; uint32_t *mb_type_base; #define MB_TYPE_INTRA MB_TYPE_INTRA4x4 //default mb_type if there is just one type From 0ab69793fc76b0653315b055fbfae4738a40d115 Mon Sep 17 00:00:00 2001 From: John Stebbins Date: Mon, 4 Jul 2011 09:55:19 -0700 Subject: [PATCH 175/652] dca: set AVCodecContext frame_size for DTS audio Set the frame size when decoding DTS audio. This has the side effect of fixing the computation of timestamps for DTS-HD in compute_pkt_fields. Since frame_size is not currently set, the duration of a frame is being guessed based on the streams bitrate. But for DTS-HD, the bitrate currently used is the rate of the DTS core which is much different than the whole DTS-HD stream and leads to a wildly inaccurate frame duration estimate. Signed-off-by: Ronald S. Bultje (cherry picked from commit 49c7006c7e815d4330247624a9e6ba30e288cd02) Signed-off-by: Anton Khirnov --- libavcodec/dca.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/dca.c b/libavcodec/dca.c index a9b2c9b0c9..fad6bce7a9 100644 --- a/libavcodec/dca.c +++ b/libavcodec/dca.c @@ -1650,6 +1650,7 @@ static int dca_decode_frame(AVCodecContext * avctx, //set AVCodec values with parsed data avctx->sample_rate = s->sample_rate; avctx->bit_rate = s->bit_rate; + avctx->frame_size = s->sample_blocks * 32; s->profile = FF_PROFILE_DTS; From 694279bfd2452c58a7b7ce6424dfba785a99fedd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20B=C5=93sch?= Date: Mon, 4 Jul 2011 10:19:46 +0200 Subject: [PATCH 176/652] mxfenc: fix ignored drop flag in binary timecode representation. Signed-off-by: Ronald S. Bultje (cherry picked from commit 4d5e7ab5c48451404038706ef3113c9925a83087) Signed-off-by: Anton Khirnov --- libavformat/mxfenc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mxfenc.c b/libavformat/mxfenc.c index c448e14b00..387263e1a1 100644 --- a/libavformat/mxfenc.c +++ b/libavformat/mxfenc.c @@ -1539,7 +1539,7 @@ static const uint8_t system_metadata_package_set_key[] = { 0x06,0x0E,0x2B,0x34,0 static uint32_t ff_framenum_to_12m_time_code(unsigned frame, int drop, int fps) { return (0 << 31) | // color frame flag - (0 << 30) | // drop frame flag + (drop << 30) | // drop frame flag ( ((frame % fps) / 10) << 28) | // tens of frames ( ((frame % fps) % 10) << 24) | // units of frames (0 << 23) | // field phase (NTSC), b0 (PAL) From 266ec41f77da6a44fe18e3774f08c9d4551137ac Mon Sep 17 00:00:00 2001 From: Mans Rullgard Date: Tue, 5 Jul 2011 18:29:35 +0100 Subject: [PATCH 177/652] ARM: workaround for bug in GNU assembler Some versions of the GNU assembler do not handle 64-bit immediate operands containing arithmetic. Writing the value out in full works correctly. Signed-off-by: Mans Rullgard (cherry picked from commit fce1e43410bdc032c4cf2b1c66166a9ed99cc8f1) Signed-off-by: Anton Khirnov --- libavcodec/arm/fft_fixed_neon.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/arm/fft_fixed_neon.S b/libavcodec/arm/fft_fixed_neon.S index 14884d3736..63d8159359 100644 --- a/libavcodec/arm/fft_fixed_neon.S +++ b/libavcodec/arm/fft_fixed_neon.S @@ -56,7 +56,7 @@ vhsub.s16 \r0, \d0, \d1 @ t3, t4, t8, t7 vhsub.s16 \r1, \d1, \d0 vhadd.s16 \d0, \d0, \d1 @ t1, t2, t6, t5 - vmov.i64 \d1, #0xffff<<32 + vmov.i64 \d1, #0xffff00000000 vbit \r0, \r1, \d1 vrev64.16 \r1, \r0 @ t7, t8, t4, t3 vtrn.32 \r0, \r1 @ t3, t4, t7, t8 From 2649439bbdbf32af2bd07160c8a85ba55112af11 Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Tue, 5 Jul 2011 18:10:48 -0700 Subject: [PATCH 178/652] eval: fix memleak. (cherry picked from commit fe277b16f0861a327e1f6c00c0dbb8b00806d60d) Signed-off-by: Anton Khirnov --- libavutil/eval.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavutil/eval.c b/libavutil/eval.c index a3788210e3..8bcba3632d 100644 --- a/libavutil/eval.c +++ b/libavutil/eval.c @@ -488,6 +488,7 @@ int av_expr_parse(AVExpr **expr, const char *s, if ((ret = parse_expr(&e, &p)) < 0) goto end; if (*p.s) { + av_expr_free(e); av_log(&p, AV_LOG_ERROR, "Invalid chars '%s' at the end of expression '%s'\n", p.s, s0); ret = AVERROR(EINVAL); goto end; From baec70e16fd98c72a7ec9eaec70453a9279ad46c Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Wed, 29 Jun 2011 13:41:47 -0700 Subject: [PATCH 179/652] adts: Fix PCE copying. Parse the extension flag bit when reading the MPEG4 AudioSpecificConfig. This has nothing to do with SBR/PS contradictory to what was noted when it was removed. (cherry picked from commit 7f01a4192cdf4565eadee457f76e6b5196e35e0b) Signed-off-by: Anton Khirnov --- libavformat/adtsenc.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavformat/adtsenc.c b/libavformat/adtsenc.c index e858a81d92..75649e24dc 100644 --- a/libavformat/adtsenc.c +++ b/libavformat/adtsenc.c @@ -59,6 +59,10 @@ int ff_adts_decode_extradata(AVFormatContext *s, ADTSContext *adts, uint8_t *buf av_log(s, AV_LOG_ERROR, "Scalable configurations are not allowed in ADTS\n"); return -1; } + if (get_bits(&gb, 1)) { + av_log(s, AV_LOG_ERROR, "Extension flag is not allowed in ADTS\n"); + return -1; + } if (!adts->channel_conf) { init_put_bits(&pb, adts->pce_data, MAX_PCE_SIZE); From fa750933812f742bdc1e208e109b8b72305ca1a2 Mon Sep 17 00:00:00 2001 From: Anton Khirnov Date: Sun, 11 Sep 2011 12:27:51 +0200 Subject: [PATCH 180/652] Revert "ffmpeg: get rid of useless AVInputStream.nb_streams." This reverts commit 2cf8355f98681bdd726b739008acd5483f82f8d7. AVInputStream.nb_streams tracks number of streams found at the beginning, new streams may appear that ffmpeg doesn't know about. Fixes crash in this case. Signed-off-by: Anton Khirnov --- ffmpeg.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/ffmpeg.c b/ffmpeg.c index c1db3d5679..76d1cf363c 100644 --- a/ffmpeg.c +++ b/ffmpeg.c @@ -329,6 +329,7 @@ typedef struct AVInputFile { int eof_reached; /* true if eof reached */ int ist_index; /* index of first stream in ist_table */ int buffer_size; /* current total buffer size */ + int nb_streams; /* nb streams we are aware of */ } AVInputFile; static AVInputStream *input_streams = NULL; @@ -1983,7 +1984,7 @@ static int transcode(AVFormatContext **output_files, int si = stream_maps[i].stream_index; if (fi < 0 || fi > nb_input_files - 1 || - si < 0 || si > input_files[fi].ctx->nb_streams - 1) { + si < 0 || si > input_files[fi].nb_streams - 1) { fprintf(stderr,"Could not find input stream #%d.%d\n", fi, si); ret = AVERROR(EINVAL); goto fail; @@ -1991,7 +1992,7 @@ static int transcode(AVFormatContext **output_files, fi = stream_maps[i].sync_file_index; si = stream_maps[i].sync_stream_index; if (fi < 0 || fi > nb_input_files - 1 || - si < 0 || si > input_files[fi].ctx->nb_streams - 1) { + si < 0 || si > input_files[fi].nb_streams - 1) { fprintf(stderr,"Could not find sync stream #%d.%d\n", fi, si); ret = AVERROR(EINVAL); goto fail; @@ -2607,7 +2608,7 @@ static int transcode(AVFormatContext **output_files, } /* the following test is needed in case new streams appear dynamically in stream : we ignore them */ - if (pkt.stream_index >= input_files[file_index].ctx->nb_streams) + if (pkt.stream_index >= input_files[file_index].nb_streams) goto discard_packet; ist_index = input_files[file_index].ist_index + pkt.stream_index; ist = &input_streams[ist_index]; @@ -3365,6 +3366,7 @@ static int opt_input_file(const char *opt, const char *filename) input_files = grow_array(input_files, sizeof(*input_files), &nb_input_files, nb_input_files + 1); input_files[nb_input_files - 1].ctx = ic; input_files[nb_input_files - 1].ist_index = nb_input_streams - ic->nb_streams; + input_files[nb_input_files - 1].nb_streams = ic->nb_streams; frame_rate = (AVRational){0, 0}; frame_pix_fmt = PIX_FMT_NONE; From 91f9c7917c830982f9122dc16d1d865cf82d8382 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tomas=20H=C3=A4rdin?= Date: Thu, 23 Jun 2011 15:59:33 +0200 Subject: [PATCH 181/652] gxf: Fix 25 fps DV material in GXF being misdetected as 50 fps Set DV packet durations using fields_per_frame. This requires turning gxf_stream_info into the demuxer's context for access to the value in gxf_packet(). Since MPEG-2 seems to work fine this done only for DV. Signed-off-by: Anton Khirnov (cherry picked from commit 99fecc64b064a013559d3d61f7d9790e3c95c80e) Signed-off-by: Anton Khirnov --- libavformat/gxf.c | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/libavformat/gxf.c b/libavformat/gxf.c index 74d925fe60..d77fd18b37 100644 --- a/libavformat/gxf.c +++ b/libavformat/gxf.c @@ -264,7 +264,7 @@ static int gxf_header(AVFormatContext *s, AVFormatParameters *ap) { int map_len; int len; AVRational main_timebase = {0, 0}; - struct gxf_stream_info si; + struct gxf_stream_info *si = s->priv_data; int i; if (!parse_packet_header(pb, &pkt_type, &map_len) || pkt_type != PKT_MAP) { av_log(s, AV_LOG_ERROR, "map packet not found\n"); @@ -282,7 +282,7 @@ static int gxf_header(AVFormatContext *s, AVFormatParameters *ap) { return 0; } map_len -= len; - gxf_material_tags(pb, &len, &si); + gxf_material_tags(pb, &len, si); avio_skip(pb, len); map_len -= 2; len = avio_rb16(pb); // length of track description @@ -300,7 +300,7 @@ static int gxf_header(AVFormatContext *s, AVFormatParameters *ap) { track_id = avio_r8(pb); track_len = avio_rb16(pb); len -= track_len; - gxf_track_tags(pb, &track_len, &si); + gxf_track_tags(pb, &track_len, si); avio_skip(pb, track_len); if (!(track_type & 0x80)) { av_log(s, AV_LOG_ERROR, "invalid track type %x\n", track_type); @@ -316,12 +316,12 @@ static int gxf_header(AVFormatContext *s, AVFormatParameters *ap) { if (idx < 0) continue; st = s->streams[idx]; if (!main_timebase.num || !main_timebase.den) { - main_timebase.num = si.frames_per_second.den; - main_timebase.den = si.frames_per_second.num * 2; + main_timebase.num = si->frames_per_second.den; + main_timebase.den = si->frames_per_second.num * 2; } - st->start_time = si.first_field; - if (si.first_field != AV_NOPTS_VALUE && si.last_field != AV_NOPTS_VALUE) - st->duration = si.last_field - si.first_field; + st->start_time = si->first_field; + if (si->first_field != AV_NOPTS_VALUE && si->last_field != AV_NOPTS_VALUE) + st->duration = si->last_field - si->first_field; } if (len < 0) av_log(s, AV_LOG_ERROR, "invalid track description length specified\n"); @@ -422,6 +422,8 @@ static int gxf_packet(AVFormatContext *s, AVPacket *pkt) { AVIOContext *pb = s->pb; GXFPktType pkt_type; int pkt_len; + struct gxf_stream_info *si = s->priv_data; + while (!pb->eof_reached) { AVStream *st; int track_type, track_id, ret; @@ -473,6 +475,11 @@ static int gxf_packet(AVFormatContext *s, AVPacket *pkt) { avio_skip(pb, skip); pkt->stream_index = stream_index; pkt->dts = field_nr; + + //set duration manually for DV or else lavf misdetects the frame rate + if (st->codec->codec_id == CODEC_ID_DVVIDEO) + pkt->duration = si->fields_per_frame; + return ret; } return AVERROR(EIO); @@ -518,7 +525,7 @@ static int64_t gxf_read_timestamp(AVFormatContext *s, int stream_index, AVInputFormat ff_gxf_demuxer = { "gxf", NULL_IF_CONFIG_SMALL("GXF format"), - 0, + sizeof(struct gxf_stream_info), gxf_probe, gxf_header, gxf_packet, From 9bf76932e5e4dffd5199084cab810b6c8203fce1 Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Wed, 22 Jun 2011 15:33:56 -0400 Subject: [PATCH 182/652] alsa: fallback to buffer_size/4 for period_size. buffer_size/4 is the value used by aplay. This fixes output to null devices, e.g. writing ALSA output to a file. (cherry picked from commit 8bfd7f6a475225a0595bf657f8b99a8fffb461e4) Signed-off-by: Anton Khirnov --- libavdevice/alsa-audio-common.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavdevice/alsa-audio-common.c b/libavdevice/alsa-audio-common.c index baa6ac79ca..4c7c881300 100644 --- a/libavdevice/alsa-audio-common.c +++ b/libavdevice/alsa-audio-common.c @@ -146,6 +146,8 @@ av_cold int ff_alsa_open(AVFormatContext *ctx, snd_pcm_stream_t mode, } snd_pcm_hw_params_get_period_size_min(hw_params, &period_size, NULL); + if (!period_size) + period_size = buffer_size / 4; res = snd_pcm_hw_params_set_period_size_near(h, hw_params, &period_size, NULL); if (res < 0) { av_log(ctx, AV_LOG_ERROR, "cannot set ALSA period size (%s)\n", From 207db36a4fa234f6d5123601cceb96f261588fb7 Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Wed, 22 Jun 2011 16:38:20 -0400 Subject: [PATCH 183/652] alsa: limit buffer_size to 32768 frames. In testing, the file output plugin gave a max buffer size of about 20 million frames, which is way more than what is really needed and causes a memory allocation error on my system. (cherry picked from commit e35c674d13a7f180412cfe058530a2e7f1d49a90) Signed-off-by: Anton Khirnov --- libavdevice/alsa-audio-common.c | 1 + libavdevice/alsa-audio.h | 2 ++ 2 files changed, 3 insertions(+) diff --git a/libavdevice/alsa-audio-common.c b/libavdevice/alsa-audio-common.c index 4c7c881300..825fcb1dbd 100644 --- a/libavdevice/alsa-audio-common.c +++ b/libavdevice/alsa-audio-common.c @@ -137,6 +137,7 @@ av_cold int ff_alsa_open(AVFormatContext *ctx, snd_pcm_stream_t mode, } snd_pcm_hw_params_get_buffer_size_max(hw_params, &buffer_size); + buffer_size = FFMIN(buffer_size, ALSA_BUFFER_SIZE_MAX); /* TODO: maybe use ctx->max_picture_buffer somehow */ res = snd_pcm_hw_params_set_buffer_size_near(h, hw_params, &buffer_size); if (res < 0) { diff --git a/libavdevice/alsa-audio.h b/libavdevice/alsa-audio.h index 32c07426ef..c8c6ea4aff 100644 --- a/libavdevice/alsa-audio.h +++ b/libavdevice/alsa-audio.h @@ -40,6 +40,8 @@ other formats */ #define DEFAULT_CODEC_ID AV_NE(CODEC_ID_PCM_S16BE, CODEC_ID_PCM_S16LE) +#define ALSA_BUFFER_SIZE_MAX 32768 + typedef struct { AVClass *class; snd_pcm_t *h; From e308a91c9cf3d93188cd30fc5ec7ef2ce0fbfc45 Mon Sep 17 00:00:00 2001 From: Jindrich Makovicka Date: Thu, 30 Jun 2011 09:03:15 +0000 Subject: [PATCH 184/652] mpegts: fix Continuity Counter error detection According to MPEG-TS specs, the continuity_counter shall not be incremented when the adaptation_field_control of the packet equals '00' or '10'. Signed-off-by: Jindrich Makovicka Signed-off-by: Anton Khirnov (cherry picked from commit 8923cfa328e8eb565aebcfe8672b276fd1c19bf7) Signed-off-by: Anton Khirnov --- libavformat/mpegts.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavformat/mpegts.c b/libavformat/mpegts.c index e9b8b3513a..608cbe710f 100644 --- a/libavformat/mpegts.c +++ b/libavformat/mpegts.c @@ -1247,7 +1247,7 @@ static int handle_packet(MpegTSContext *ts, const uint8_t *packet) { AVFormatContext *s = ts->stream; MpegTSFilter *tss; - int len, pid, cc, cc_ok, afc, is_start; + int len, pid, cc, expected_cc, cc_ok, afc, is_start; const uint8_t *p, *p_end; int64_t pos; @@ -1265,7 +1265,8 @@ static int handle_packet(MpegTSContext *ts, const uint8_t *packet) /* continuity check (currently not used) */ cc = (packet[3] & 0xf); - cc_ok = (tss->last_cc < 0) || ((((tss->last_cc + 1) & 0x0f) == cc)); + expected_cc = (packet[3] & 0x10) ? (tss->last_cc + 1) & 0x0f : tss->last_cc; + cc_ok = (tss->last_cc < 0) || (expected_cc == cc); tss->last_cc = cc; /* skip adaptation field */ From dc3ab8ca438e7033cd7e049398f78d87d3b6fc55 Mon Sep 17 00:00:00 2001 From: Oskar Arvidsson Date: Tue, 12 Jul 2011 10:52:19 +0200 Subject: [PATCH 185/652] pix_fmt: Fix number of bits per component in yuv444p9be Signed-off-by: Ronald S. Bultje (cherry picked from commit e59d6b4d7255d6d3dc89580f534e18af1433fe25) Signed-off-by: Anton Khirnov --- libavutil/pixdesc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavutil/pixdesc.c b/libavutil/pixdesc.c index efc7c7ea0e..c70a41347b 100644 --- a/libavutil/pixdesc.c +++ b/libavutil/pixdesc.c @@ -918,9 +918,9 @@ const AVPixFmtDescriptor av_pix_fmt_descriptors[PIX_FMT_NB] = { .log2_chroma_w= 0, .log2_chroma_h= 0, .comp = { - {0,1,1,0,9}, /* Y */ - {1,1,1,0,9}, /* U */ - {2,1,1,0,9}, /* V */ + {0,1,1,0,8}, /* Y */ + {1,1,1,0,8}, /* U */ + {2,1,1,0,8}, /* V */ }, .flags = PIX_FMT_BE, }, From 44b3f053090bfb4bae50d3f92d4e70335066f91c Mon Sep 17 00:00:00 2001 From: Anton Khirnov Date: Tue, 12 Jul 2011 22:42:18 +0200 Subject: [PATCH 186/652] lavf: fix segfault in av_open_input_stream() ic is NULL in case of error. (cherry picked from commit 13551ad1e336573e3732fdeaf25607c47244bb80) Signed-off-by: Anton Khirnov --- libavformat/utils.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index 0e6b00195b..2cb096e373 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -465,7 +465,8 @@ int av_open_input_stream(AVFormatContext **ic_ptr, else ic->pb = pb; - err = avformat_open_input(&ic, filename, fmt, &opts); + if ((err = avformat_open_input(&ic, filename, fmt, &opts)) < 0) + goto fail; ic->pb = ic->pb ? ic->pb : pb; // don't leak custom pb if it wasn't set above *ic_ptr = ic; From fe7deb7cc40b4f5a91d5a5b22e5532fd14cdf123 Mon Sep 17 00:00:00 2001 From: Mans Rullgard Date: Fri, 15 Jul 2011 22:38:10 +0100 Subject: [PATCH 187/652] aacps: skip some memcpy() if src and dst would be equal Signed-off-by: Mans Rullgard (cherry picked from commit e5902d60ce8f7cf10b6e87a57eec536b316261a3) Signed-off-by: Anton Khirnov --- libavcodec/aacps.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/libavcodec/aacps.c b/libavcodec/aacps.c index 724c13256a..3f1424bcf2 100644 --- a/libavcodec/aacps.c +++ b/libavcodec/aacps.c @@ -813,14 +813,17 @@ static void stereo_processing(PSContext *ps, float (*l)[32][2], float (*r)[32][2 const float (*H_LUT)[8][4] = (PS_BASELINE || ps->icc_mode < 3) ? HA : HB; //Remapping - memcpy(H11[0][0], H11[0][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H11[0][0][0])); - memcpy(H11[1][0], H11[1][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H11[1][0][0])); - memcpy(H12[0][0], H12[0][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H12[0][0][0])); - memcpy(H12[1][0], H12[1][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H12[1][0][0])); - memcpy(H21[0][0], H21[0][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H21[0][0][0])); - memcpy(H21[1][0], H21[1][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H21[1][0][0])); - memcpy(H22[0][0], H22[0][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H22[0][0][0])); - memcpy(H22[1][0], H22[1][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H22[1][0][0])); + if (ps->num_env_old) { + memcpy(H11[0][0], H11[0][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H11[0][0][0])); + memcpy(H11[1][0], H11[1][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H11[1][0][0])); + memcpy(H12[0][0], H12[0][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H12[0][0][0])); + memcpy(H12[1][0], H12[1][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H12[1][0][0])); + memcpy(H21[0][0], H21[0][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H21[0][0][0])); + memcpy(H21[1][0], H21[1][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H21[1][0][0])); + memcpy(H22[0][0], H22[0][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H22[0][0][0])); + memcpy(H22[1][0], H22[1][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H22[1][0][0])); + } + if (is34) { remap34(&iid_mapped, ps->iid_par, ps->nr_iid_par, ps->num_env, 1); remap34(&icc_mapped, ps->icc_par, ps->nr_icc_par, ps->num_env, 1); From 3b80fb50d815fe399ff7b69e7e646b4597a0bf84 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafa=C3=ABl=20Carr=C3=A9?= Date: Sat, 16 Jul 2011 11:41:08 -0400 Subject: [PATCH 188/652] Do not decode RV30 files if the extradata is too small Signed-off-by: Diego Biurrun (cherry picked from commit 289c60001fb0a9a1d7a97c876d8a42b84c6874ac) Signed-off-by: Anton Khirnov --- libavcodec/rv30.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/rv30.c b/libavcodec/rv30.c index 62177dda78..2b423cc0d2 100644 --- a/libavcodec/rv30.c +++ b/libavcodec/rv30.c @@ -256,6 +256,7 @@ static av_cold int rv30_decode_init(AVCodecContext *avctx) if(avctx->extradata_size - 8 < (r->rpr - 1) * 2){ av_log(avctx, AV_LOG_ERROR, "Insufficient extradata - need at least %d bytes, got %d\n", 6 + r->rpr * 2, avctx->extradata_size); + return EINVAL; } r->parse_slice_header = rv30_parse_slice_header; r->decode_intra_types = rv30_decode_intra_types; From ba19cb688596a95d84617bb5e6551ea4ec364648 Mon Sep 17 00:00:00 2001 From: Mans Rullgard Date: Wed, 20 Jul 2011 09:55:48 +0100 Subject: [PATCH 189/652] Fix incorrect max_lowres values Signed-off-by: Mans Rullgard (cherry picked from commit e23a05ab0605693aa715b95120bc0132079ded06) Signed-off-by: Anton Khirnov --- libavcodec/cdgraphics.c | 1 - libavcodec/kgv1dec.c | 1 - libavcodec/pngdec.c | 1 - libavcodec/pnmdec.c | 5 ----- libavcodec/sp5xdec.c | 2 +- 5 files changed, 1 insertion(+), 9 deletions(-) diff --git a/libavcodec/cdgraphics.c b/libavcodec/cdgraphics.c index 2f8e98ca3d..bcfb6e9be5 100644 --- a/libavcodec/cdgraphics.c +++ b/libavcodec/cdgraphics.c @@ -377,6 +377,5 @@ AVCodec ff_cdgraphics_decoder = { cdg_decode_end, cdg_decode_frame, CODEC_CAP_DR1, - .max_lowres = 5, .long_name = NULL_IF_CONFIG_SMALL("CD Graphics video"), }; diff --git a/libavcodec/kgv1dec.c b/libavcodec/kgv1dec.c index 57684340af..88c54bf817 100644 --- a/libavcodec/kgv1dec.c +++ b/libavcodec/kgv1dec.c @@ -173,6 +173,5 @@ AVCodec ff_kgv1_decoder = { NULL, decode_end, decode_frame, - .max_lowres = 1, .long_name = NULL_IF_CONFIG_SMALL("Kega Game Video"), }; diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c index 7477f6746b..1268c9e781 100644 --- a/libavcodec/pngdec.c +++ b/libavcodec/pngdec.c @@ -667,6 +667,5 @@ AVCodec ff_png_decoder = { decode_frame, CODEC_CAP_DR1 /*| CODEC_CAP_DRAW_HORIZ_BAND*/, NULL, - .max_lowres = 5, .long_name = NULL_IF_CONFIG_SMALL("PNG image"), }; diff --git a/libavcodec/pnmdec.c b/libavcodec/pnmdec.c index b9f20c0569..988ea0c267 100644 --- a/libavcodec/pnmdec.c +++ b/libavcodec/pnmdec.c @@ -199,7 +199,6 @@ AVCodec ff_pgm_decoder = { pnm_decode_frame, CODEC_CAP_DR1, .pix_fmts = (const enum PixelFormat[]){PIX_FMT_GRAY8, PIX_FMT_GRAY16BE, PIX_FMT_NONE}, - .max_lowres = 5, .long_name = NULL_IF_CONFIG_SMALL("PGM (Portable GrayMap) image"), }; #endif @@ -216,7 +215,6 @@ AVCodec ff_pgmyuv_decoder = { pnm_decode_frame, CODEC_CAP_DR1, .pix_fmts = (const enum PixelFormat[]){PIX_FMT_YUV420P, PIX_FMT_NONE}, - .max_lowres = 5, .long_name = NULL_IF_CONFIG_SMALL("PGMYUV (Portable GrayMap YUV) image"), }; #endif @@ -233,7 +231,6 @@ AVCodec ff_ppm_decoder = { pnm_decode_frame, CODEC_CAP_DR1, .pix_fmts = (const enum PixelFormat[]){PIX_FMT_RGB24, PIX_FMT_RGB48BE, PIX_FMT_NONE}, - .max_lowres = 5, .long_name = NULL_IF_CONFIG_SMALL("PPM (Portable PixelMap) image"), }; #endif @@ -250,7 +247,6 @@ AVCodec ff_pbm_decoder = { pnm_decode_frame, CODEC_CAP_DR1, .pix_fmts = (const enum PixelFormat[]){PIX_FMT_MONOWHITE, PIX_FMT_NONE}, - .max_lowres = 5, .long_name = NULL_IF_CONFIG_SMALL("PBM (Portable BitMap) image"), }; #endif @@ -267,7 +263,6 @@ AVCodec ff_pam_decoder = { pnm_decode_frame, CODEC_CAP_DR1, .pix_fmts = (const enum PixelFormat[]){PIX_FMT_RGB24, PIX_FMT_RGB32, PIX_FMT_GRAY8, PIX_FMT_MONOWHITE, PIX_FMT_NONE}, - .max_lowres = 5, .long_name = NULL_IF_CONFIG_SMALL("PAM (Portable AnyMap) image"), }; #endif diff --git a/libavcodec/sp5xdec.c b/libavcodec/sp5xdec.c index 6726c18ca9..ae25733530 100644 --- a/libavcodec/sp5xdec.c +++ b/libavcodec/sp5xdec.c @@ -104,7 +104,7 @@ AVCodec ff_sp5x_decoder = { sp5x_decode_frame, CODEC_CAP_DR1, NULL, - .max_lowres = 5, + .max_lowres = 3, .long_name = NULL_IF_CONFIG_SMALL("Sunplus JPEG (SP5X)"), }; From 8e0a53bd34829f594574ff810f410cc47bfac620 Mon Sep 17 00:00:00 2001 From: Diego Biurrun Date: Thu, 21 Jul 2011 14:25:01 +0200 Subject: [PATCH 190/652] rv30: return AVERROR(EINVAL) instead of EINVAL On some platforms EINVAL could be positive, ensure we return negative values. (cherry picked from commit e5985185d2eda942333ebbb72bd7d043ffe40be7) Signed-off-by: Anton Khirnov --- libavcodec/rv30.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/rv30.c b/libavcodec/rv30.c index 2b423cc0d2..b7f43a4bd0 100644 --- a/libavcodec/rv30.c +++ b/libavcodec/rv30.c @@ -256,7 +256,7 @@ static av_cold int rv30_decode_init(AVCodecContext *avctx) if(avctx->extradata_size - 8 < (r->rpr - 1) * 2){ av_log(avctx, AV_LOG_ERROR, "Insufficient extradata - need at least %d bytes, got %d\n", 6 + r->rpr * 2, avctx->extradata_size); - return EINVAL; + return AVERROR(EINVAL); } r->parse_slice_header = rv30_parse_slice_header; r->decode_intra_types = rv30_decode_intra_types; From 8abaa83d2c5ddc1cfe3f5e3eabcaac2b33cd5f12 Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Tue, 26 Jul 2011 10:58:29 -0700 Subject: [PATCH 191/652] vp3/theora: flush after seek. (cherry picked from commit 8dcf5184307f072d55fb29373be05ef8b0fd02df) Signed-off-by: Anton Khirnov --- libavcodec/vp3.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c index c3dff7f89f..c117a64084 100644 --- a/libavcodec/vp3.c +++ b/libavcodec/vp3.c @@ -2321,6 +2321,26 @@ static av_cold int theora_decode_init(AVCodecContext *avctx) return vp3_decode_init(avctx); } +static void vp3_decode_flush(AVCodecContext *avctx) +{ + Vp3DecodeContext *s = avctx->priv_data; + + if (s->golden_frame.data[0]) { + if (s->golden_frame.data[0] == s->last_frame.data[0]) + memset(&s->last_frame, 0, sizeof(AVFrame)); + if (s->current_frame.data[0] == s->golden_frame.data[0]) + memset(&s->current_frame, 0, sizeof(AVFrame)); + ff_thread_release_buffer(avctx, &s->golden_frame); + } + if (s->last_frame.data[0]) { + if (s->current_frame.data[0] == s->last_frame.data[0]) + memset(&s->current_frame, 0, sizeof(AVFrame)); + ff_thread_release_buffer(avctx, &s->last_frame); + } + if (s->current_frame.data[0]) + ff_thread_release_buffer(avctx, &s->current_frame); +} + AVCodec ff_theora_decoder = { "theora", AVMEDIA_TYPE_VIDEO, @@ -2332,6 +2352,7 @@ AVCodec ff_theora_decoder = { vp3_decode_frame, CODEC_CAP_DR1 | CODEC_CAP_DRAW_HORIZ_BAND | CODEC_CAP_FRAME_THREADS, NULL, + .flush = vp3_decode_flush, .long_name = NULL_IF_CONFIG_SMALL("Theora"), .update_thread_context = ONLY_IF_THREADS_ENABLED(vp3_update_thread_context) }; @@ -2348,6 +2369,7 @@ AVCodec ff_vp3_decoder = { vp3_decode_frame, CODEC_CAP_DR1 | CODEC_CAP_DRAW_HORIZ_BAND | CODEC_CAP_FRAME_THREADS, NULL, + .flush = vp3_decode_flush, .long_name = NULL_IF_CONFIG_SMALL("On2 VP3"), .update_thread_context = ONLY_IF_THREADS_ENABLED(vp3_update_thread_context) }; From c5388d680e62db36ab235b5076d3b0c1eb5a04f4 Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Fri, 29 Jul 2011 15:27:36 -0700 Subject: [PATCH 192/652] mxfdec: Include FF_INPUT_BUFFER_PADDING_SIZE when allocating extradata. This prevents out of bounds reads when extradata is being decoded. (cherry picked from commit 1f6f58d5855288492fc2640a9f1035c01c75d356) Signed-off-by: Anton Khirnov --- libavformat/mxfdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index 82daa2a002..fcee7a7b83 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -599,7 +599,7 @@ static int mxf_read_generic_descriptor(void *arg, AVIOContext *pb, int tag, int default: /* Private uid used by SONY C0023S01.mxf */ if (IS_KLV_KEY(uid, mxf_sony_mpeg4_extradata)) { - descriptor->extradata = av_malloc(size); + descriptor->extradata = av_malloc(size + FF_INPUT_BUFFER_PADDING_SIZE); if (!descriptor->extradata) return -1; descriptor->extradata_size = size; From 82d7ad3344e11a33ab639052fcda6b30a378546a Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Fri, 29 Jul 2011 15:49:11 -0700 Subject: [PATCH 193/652] aac: Remove some suspicious illegal memcpy()s from LTP. (cherry picked from commit a6c49f18abacb9bf52d4d808a2a56561a5b5445c) Signed-off-by: Anton Khirnov --- libavcodec/aacdec.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/libavcodec/aacdec.c b/libavcodec/aacdec.c index 69aacb86d6..f94b109de5 100644 --- a/libavcodec/aacdec.c +++ b/libavcodec/aacdec.c @@ -1753,12 +1753,10 @@ static void windowing_and_mdct_ltp(AACContext *ac, float *out, } else { memset(in, 0, 448 * sizeof(float)); ac->dsp.vector_fmul(in + 448, in + 448, swindow_prev, 128); - memcpy(in + 576, in + 576, 448 * sizeof(float)); } if (ics->window_sequence[0] != LONG_START_SEQUENCE) { ac->dsp.vector_fmul_reverse(in + 1024, in + 1024, lwindow, 1024); } else { - memcpy(in + 1024, in + 1024, 448 * sizeof(float)); ac->dsp.vector_fmul_reverse(in + 1024 + 448, in + 1024 + 448, swindow, 128); memset(in + 1024 + 576, 0, 448 * sizeof(float)); } From 4909895afd6d6fcde672067c7f8066ddbd82a5d3 Mon Sep 17 00:00:00 2001 From: Edgar Hucek Date: Sun, 11 Sep 2011 12:53:17 +0200 Subject: [PATCH 194/652] Fix VA-API decoding artefacts. Fixes ticket #457. (cherry picked from commit 3fec40b601827e75aae9f0baa47671af15de181a) --- libavcodec/vaapi_h264.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/vaapi_h264.c b/libavcodec/vaapi_h264.c index 718e180942..01c42f5af1 100644 --- a/libavcodec/vaapi_h264.c +++ b/libavcodec/vaapi_h264.c @@ -282,7 +282,8 @@ static int start_frame(AVCodecContext *avctx, if (!iq_matrix) return -1; memcpy(iq_matrix->ScalingList4x4, h->pps.scaling_matrix4, sizeof(iq_matrix->ScalingList4x4)); - memcpy(iq_matrix->ScalingList8x8, h->pps.scaling_matrix8, sizeof(iq_matrix->ScalingList8x8)); + memcpy(iq_matrix->ScalingList8x8[0], h->pps.scaling_matrix8[0], sizeof(iq_matrix->ScalingList8x8[0])); + memcpy(iq_matrix->ScalingList8x8[1], h->pps.scaling_matrix8[3], sizeof(iq_matrix->ScalingList8x8[0])); return 0; } From 3af3a871afa31f570ce92e6a6647cb55357f62b5 Mon Sep 17 00:00:00 2001 From: Edgar Hucek Date: Sun, 11 Sep 2011 12:53:17 +0200 Subject: [PATCH 195/652] Fix VA-API decoding artefacts. Fixes ticket #457. (cherry picked from commit 3fec40b601827e75aae9f0baa47671af15de181a) --- libavcodec/vaapi_h264.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/vaapi_h264.c b/libavcodec/vaapi_h264.c index 922dc86963..7d8eb606c9 100644 --- a/libavcodec/vaapi_h264.c +++ b/libavcodec/vaapi_h264.c @@ -281,7 +281,8 @@ static int start_frame(AVCodecContext *avctx, if (!iq_matrix) return -1; memcpy(iq_matrix->ScalingList4x4, h->pps.scaling_matrix4, sizeof(iq_matrix->ScalingList4x4)); - memcpy(iq_matrix->ScalingList8x8, h->pps.scaling_matrix8, sizeof(iq_matrix->ScalingList8x8)); + memcpy(iq_matrix->ScalingList8x8[0], h->pps.scaling_matrix8[0], sizeof(iq_matrix->ScalingList8x8[0])); + memcpy(iq_matrix->ScalingList8x8[1], h->pps.scaling_matrix8[3], sizeof(iq_matrix->ScalingList8x8[0])); return 0; } From 01f1201267f3d5c24d835c940545665382dc4ef1 Mon Sep 17 00:00:00 2001 From: Edgar Hucek Date: Sun, 11 Sep 2011 12:53:17 +0200 Subject: [PATCH 196/652] Fix VA-API decoding artefacts. Fixes ticket #457. (cherry picked from commit 3fec40b601827e75aae9f0baa47671af15de181a) --- libavcodec/vaapi_h264.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/vaapi_h264.c b/libavcodec/vaapi_h264.c index 922dc86963..7d8eb606c9 100644 --- a/libavcodec/vaapi_h264.c +++ b/libavcodec/vaapi_h264.c @@ -281,7 +281,8 @@ static int start_frame(AVCodecContext *avctx, if (!iq_matrix) return -1; memcpy(iq_matrix->ScalingList4x4, h->pps.scaling_matrix4, sizeof(iq_matrix->ScalingList4x4)); - memcpy(iq_matrix->ScalingList8x8, h->pps.scaling_matrix8, sizeof(iq_matrix->ScalingList8x8)); + memcpy(iq_matrix->ScalingList8x8[0], h->pps.scaling_matrix8[0], sizeof(iq_matrix->ScalingList8x8[0])); + memcpy(iq_matrix->ScalingList8x8[1], h->pps.scaling_matrix8[3], sizeof(iq_matrix->ScalingList8x8[0])); return 0; } From b8fa424ce2e2f7206bdf37f2da8410764358cab3 Mon Sep 17 00:00:00 2001 From: Baptiste Coudurier Date: Sat, 29 Jan 2011 17:05:42 -0800 Subject: [PATCH 197/652] libx264: do not set pic quality if no frame is output Avoids uninitialized reads. Signed-off-by: Anton Khirnov (cherry picked from commit 5caa2de19ece830e32c95731bc92a423d55cff0c) Signed-off-by: Anton Khirnov --- libavcodec/libx264.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/libx264.c b/libavcodec/libx264.c index e5fac00469..74ee1d45e0 100644 --- a/libavcodec/libx264.c +++ b/libavcodec/libx264.c @@ -138,7 +138,8 @@ static int X264_frame(AVCodecContext *ctx, uint8_t *buf, } x4->out_pic.key_frame = pic_out.b_keyframe; - x4->out_pic.quality = (pic_out.i_qpplus1 - 1) * FF_QP2LAMBDA; + if (bufsize) + x4->out_pic.quality = (pic_out.i_qpplus1 - 1) * FF_QP2LAMBDA; return bufsize; } From f629fcd308059a41f55a6022afee0f737af5fc02 Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Wed, 10 Aug 2011 14:07:35 -0400 Subject: [PATCH 198/652] Remove incorrect info in documentation of AVCodecContext.bits_per_raw_sample. bits_per_raw_sample is used in video as well, where sample_fmt is not used. (cherry picked from commit d271d5b2152cafe540f3ab71d3be6ce8636d2fd6) Signed-off-by: Anton Khirnov --- libavcodec/avcodec.h | 1 - 1 file changed, 1 deletion(-) diff --git a/libavcodec/avcodec.h b/libavcodec/avcodec.h index 9a3076ae27..0269892028 100644 --- a/libavcodec/avcodec.h +++ b/libavcodec/avcodec.h @@ -2559,7 +2559,6 @@ typedef struct AVCodecContext { /** * Bits per sample/pixel of internal libavcodec pixel/sample format. - * This field is applicable only when sample_fmt is AV_SAMPLE_FMT_S32. * - encoding: set by user. * - decoding: set by libavcodec. */ From cc4718196ad6cfe765fa1e8db0adef0e5bb09664 Mon Sep 17 00:00:00 2001 From: Dustin Brody Date: Thu, 11 Aug 2011 08:57:58 -0400 Subject: [PATCH 199/652] h264: notice memory allocation failure Signed-off-by: Ronald S. Bultje (cherry picked from commit bac3ab13ea6a9dd8853e79ef3eacf51d234c8774) Signed-off-by: Anton Khirnov --- libavcodec/h264.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 2c000a3420..99be210d13 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -1165,7 +1165,10 @@ static int decode_update_thread_context(AVCodecContext *dst, const AVCodecContex memcpy(&h->s + 1, &h1->s + 1, sizeof(H264Context) - sizeof(MpegEncContext)); //copy all fields after MpegEnc memset(h->sps_buffers, 0, sizeof(h->sps_buffers)); memset(h->pps_buffers, 0, sizeof(h->pps_buffers)); - ff_h264_alloc_tables(h); + if (ff_h264_alloc_tables(h) < 0) { + av_log(dst, AV_LOG_ERROR, "Could not allocate memory for h264\n"); + return AVERROR(ENOMEM); + } context_init(h); for(i=0; i<2; i++){ @@ -2635,7 +2638,10 @@ static int decode_slice_header(H264Context *h, H264Context *h0){ h->prev_interlaced_frame = 1; init_scan_tables(h); - ff_h264_alloc_tables(h); + if (ff_h264_alloc_tables(h) < 0) { + av_log(h->s.avctx, AV_LOG_ERROR, "Could not allocate memory for h264\n"); + return AVERROR(ENOMEM); + } if (!HAVE_THREADS || !(s->avctx->active_thread_type&FF_THREAD_SLICE)) { if (context_init(h) < 0) { From 210d8f4ca23b97bcb34b18a92c6a66b243e86021 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Sat, 13 Aug 2011 11:58:18 +0200 Subject: [PATCH 200/652] VC-1: fix reading of custom PAR. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Custom PAR num/denum are in 1-256 range. Signed-off-by: Reimar Döffinger Signed-off-by: Diego Biurrun (cherry picked from commit 0e8696551414d4ea0aab2559f9475d1fe49d08f3) Signed-off-by: Anton Khirnov --- libavcodec/vc1.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/vc1.c b/libavcodec/vc1.c index 32869b97d1..5e53680ec6 100644 --- a/libavcodec/vc1.c +++ b/libavcodec/vc1.c @@ -485,8 +485,8 @@ static int decode_sequence_header_adv(VC1Context *v, GetBitContext *gb) if(ar && ar < 14){ v->s.avctx->sample_aspect_ratio = ff_vc1_pixel_aspect[ar]; }else if(ar == 15){ - w = get_bits(gb, 8); - h = get_bits(gb, 8); + w = get_bits(gb, 8) + 1; + h = get_bits(gb, 8) + 1; v->s.avctx->sample_aspect_ratio = (AVRational){w, h}; } av_log(v->s.avctx, AV_LOG_DEBUG, "Aspect: %i:%i\n", v->s.avctx->sample_aspect_ratio.num, v->s.avctx->sample_aspect_ratio.den); From e30e0a16af274f87c028ce4884d5b2e415517902 Mon Sep 17 00:00:00 2001 From: Luca Barbato Date: Wed, 8 Jun 2011 14:32:07 +0000 Subject: [PATCH 201/652] flvenc: use int64_t to store offsets Metadata currently is written only at the start of the file in normal cases, when transcoding from a rtmp source metadata could be written later and the offset recorded can exceed 32bit. Signed-off-by: Anton Khirnov (cherry picked from commit 7f5bf4fbaf1f2142547321a16358f9871fabdcc6) Signed-off-by: Anton Khirnov --- libavformat/flvenc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/flvenc.c b/libavformat/flvenc.c index 487993cd9a..bd1a1f49fe 100644 --- a/libavformat/flvenc.c +++ b/libavformat/flvenc.c @@ -177,7 +177,7 @@ static int flv_write_header(AVFormatContext *s) AVCodecContext *audio_enc = NULL, *video_enc = NULL; int i; double framerate = 0.0; - int metadata_size_pos, data_size; + int64_t metadata_size_pos, data_size; AVDictionaryEntry *tag = NULL; for(i=0; inb_streams; i++){ From 303e48e6a24bbc34148457137cfffc53185fa7d3 Mon Sep 17 00:00:00 2001 From: Kostya Shishkov Date: Wed, 17 Aug 2011 10:36:33 +0200 Subject: [PATCH 202/652] rv10/20: tell decoder to use edge emulation This removes out-of-edge motion compensation artifacts (easily spotted green blocks in avplay, gray blocks in transcoding), for example here: http://samples.libav.org/samples/real/tv_watching_t1.rm Signed-off-by: Diego Biurrun (cherry picked from commit 331971116d7d36743601bd2dc5384c5211d3bb48) Signed-off-by: Anton Khirnov --- libavcodec/rv10.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/rv10.c b/libavcodec/rv10.c index 6227dc6f6c..78f97b16b1 100644 --- a/libavcodec/rv10.c +++ b/libavcodec/rv10.c @@ -438,6 +438,7 @@ static av_cold int rv10_decode_init(AVCodecContext *avctx) s->avctx= avctx; s->out_format = FMT_H263; s->codec_id= avctx->codec_id; + avctx->flags |= CODEC_FLAG_EMU_EDGE; s->orig_width = s->width = avctx->coded_width; s->orig_height= s->height = avctx->coded_height; From 5925e25218cb8f053bc81591995d78728ab096f2 Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Tue, 16 Aug 2011 11:03:26 -0700 Subject: [PATCH 203/652] aac: Only output configure if audio was found. Audio found is not triggered on a CCE because a CCE alone has no output. Signed-off-by: Luca Barbato (cherry picked from commit d8425ed4af6d8fce62ff363cc590f85e57bac06b) Signed-off-by: Anton Khirnov --- libavcodec/aacdec.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/libavcodec/aacdec.c b/libavcodec/aacdec.c index f94b109de5..2958ddbe72 100644 --- a/libavcodec/aacdec.c +++ b/libavcodec/aacdec.c @@ -2074,7 +2074,7 @@ static int aac_decode_frame_int(AVCodecContext *avctx, void *data, ChannelElement *che = NULL, *che_prev = NULL; enum RawDataBlockType elem_type, elem_type_prev = TYPE_END; int err, elem_id, data_size_tmp; - int samples = 0, multiplier; + int samples = 0, multiplier, audio_found = 0; if (show_bits(gb, 12) == 0xfff) { if (parse_adts_frame_header(ac, gb) < 0) { @@ -2105,10 +2105,12 @@ static int aac_decode_frame_int(AVCodecContext *avctx, void *data, case TYPE_SCE: err = decode_ics(ac, &che->ch[0], gb, 0, 0); + audio_found = 1; break; case TYPE_CPE: err = decode_cpe(ac, gb, che); + audio_found = 1; break; case TYPE_CCE: @@ -2117,6 +2119,7 @@ static int aac_decode_frame_int(AVCodecContext *avctx, void *data, case TYPE_LFE: err = decode_ics(ac, &che->ch[0], gb, 0, 0); + audio_found = 1; break; case TYPE_DSE: @@ -2193,7 +2196,7 @@ static int aac_decode_frame_int(AVCodecContext *avctx, void *data, samples, avctx->channels); } - if (ac->output_configured) + if (ac->output_configured && audio_found) ac->output_configured = OC_LOCKED; return 0; From cb9ccc89c5e3d950fdce88e84e29ad8234240c15 Mon Sep 17 00:00:00 2001 From: Jeff Downs Date: Tue, 5 Jul 2011 14:21:54 -0400 Subject: [PATCH 204/652] h264: correct the check for invalid long term frame index in MMCO decode The current check on MMCO parameters prohibits a "max long term frame index plus 1" of 16 (frame idx of 15) for the "set max long term frame index" MMCO. Fix this off-by-one error to allow the full range of legal values. Signed-off-by: Diego Biurrun (cherry picked from commit 29a09eae9a827f4dbc9c4517180d8fe2ecef321a) Signed-off-by: Anton Khirnov --- libavcodec/h264_refs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h264_refs.c b/libavcodec/h264_refs.c index a025f7d352..b1c27ec810 100644 --- a/libavcodec/h264_refs.c +++ b/libavcodec/h264_refs.c @@ -678,7 +678,7 @@ int ff_h264_decode_ref_pic_marking(H264Context *h, GetBitContext *gb){ } if(opcode==MMCO_SHORT2LONG || opcode==MMCO_LONG2UNUSED || opcode==MMCO_LONG || opcode==MMCO_SET_MAX_LONG){ unsigned int long_arg= get_ue_golomb_31(gb); - if(long_arg >= 32 || (long_arg >= 16 && !(opcode == MMCO_LONG2UNUSED && FIELD_PICTURE))){ + if(long_arg >= 32 || (long_arg >= 16 && !(opcode == MMCO_SET_MAX_LONG && long_arg == 16) && !(opcode == MMCO_LONG2UNUSED && FIELD_PICTURE))){ av_log(h->s.avctx, AV_LOG_ERROR, "illegal long ref in memory management control operation %d\n", opcode); return -1; } From 767efcb46e6be63bca6856c4c6028746cc2f4360 Mon Sep 17 00:00:00 2001 From: Jeff Downs Date: Wed, 6 Jul 2011 11:54:36 -0400 Subject: [PATCH 205/652] h264: correct implicit weight table computation for long ref pics Correct computation of implicit weight tables when referencing pictures that are marked for long reference. Signed-off-by: Diego Biurrun (cherry picked from commit 87cf70eb237e7586cc7399627dafa1b980ec0b7d) Signed-off-by: Anton Khirnov --- libavcodec/h264.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 99be210d13..1c60de7023 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -2198,15 +2198,17 @@ static void implicit_weight_table(H264Context *h, int field){ for(ref0=ref_start; ref0 < ref_count0; ref0++){ int poc0 = h->ref_list[0][ref0].poc; for(ref1=ref_start; ref1 < ref_count1; ref1++){ - int poc1 = h->ref_list[1][ref1].poc; - int td = av_clip(poc1 - poc0, -128, 127); - int w= 32; - if(td){ - int tb = av_clip(cur_poc - poc0, -128, 127); - int tx = (16384 + (FFABS(td) >> 1)) / td; - int dist_scale_factor = (tb*tx + 32) >> 8; - if(dist_scale_factor >= -64 && dist_scale_factor <= 128) - w = 64 - dist_scale_factor; + int w = 32; + if (!h->ref_list[0][ref0].long_ref && !h->ref_list[1][ref1].long_ref) { + int poc1 = h->ref_list[1][ref1].poc; + int td = av_clip(poc1 - poc0, -128, 127); + if(td){ + int tb = av_clip(cur_poc - poc0, -128, 127); + int tx = (16384 + (FFABS(td) >> 1)) / td; + int dist_scale_factor = (tb*tx + 32) >> 8; + if(dist_scale_factor >= -64 && dist_scale_factor <= 128) + w = 64 - dist_scale_factor; + } } if(field<0){ h->implicit_weight[ref0][ref1][0]= From 566d26923ec59d9897cd7c73e3689484135a78c6 Mon Sep 17 00:00:00 2001 From: Jeff Downs Date: Tue, 5 Jul 2011 13:20:06 -0400 Subject: [PATCH 206/652] h264: fix PCM intra-coded blocks in monochrome case Signed-off-by: Diego Biurrun (cherry picked from commit 6581e161c5f46733a5619208483de29416eb9a51) Signed-off-by: Anton Khirnov --- libavcodec/h264.c | 46 ++++++++++++++++++++++++++++++++++------------ 1 file changed, 34 insertions(+), 12 deletions(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 1c60de7023..75075f6b3c 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -1851,15 +1851,30 @@ static av_always_inline void hl_decode_mb_internal(H264Context *h, int simple, i tmp_y[j] = get_bits(&gb, bit_depth); } if(simple || !CONFIG_GRAY || !(s->flags&CODEC_FLAG_GRAY)){ - for (i = 0; i < 8; i++) { - uint16_t *tmp_cb = (uint16_t*)(dest_cb + i*uvlinesize); - for (j = 0; j < 8; j++) - tmp_cb[j] = get_bits(&gb, bit_depth); - } - for (i = 0; i < 8; i++) { - uint16_t *tmp_cr = (uint16_t*)(dest_cr + i*uvlinesize); - for (j = 0; j < 8; j++) - tmp_cr[j] = get_bits(&gb, bit_depth); + if (!h->sps.chroma_format_idc) { + for (i = 0; i < 8; i++) { + uint16_t *tmp_cb = (uint16_t*)(dest_cb + i*uvlinesize); + for (j = 0; j < 8; j++) { + tmp_cb[j] = 1 << (bit_depth - 1); + } + } + for (i = 0; i < 8; i++) { + uint16_t *tmp_cr = (uint16_t*)(dest_cr + i*uvlinesize); + for (j = 0; j < 8; j++) { + tmp_cr[j] = 1 << (bit_depth - 1); + } + } + } else { + for (i = 0; i < 8; i++) { + uint16_t *tmp_cb = (uint16_t*)(dest_cb + i*uvlinesize); + for (j = 0; j < 8; j++) + tmp_cb[j] = get_bits(&gb, bit_depth); + } + for (i = 0; i < 8; i++) { + uint16_t *tmp_cr = (uint16_t*)(dest_cr + i*uvlinesize); + for (j = 0; j < 8; j++) + tmp_cr[j] = get_bits(&gb, bit_depth); + } } } } else { @@ -1867,9 +1882,16 @@ static av_always_inline void hl_decode_mb_internal(H264Context *h, int simple, i memcpy(dest_y + i* linesize, h->mb + i*8, 16); } if(simple || !CONFIG_GRAY || !(s->flags&CODEC_FLAG_GRAY)){ - for (i=0; i<8; i++) { - memcpy(dest_cb+ i*uvlinesize, h->mb + 128 + i*4, 8); - memcpy(dest_cr+ i*uvlinesize, h->mb + 160 + i*4, 8); + if (!h->sps.chroma_format_idc) { + for (i = 0; i < 8; i++) { + memset(dest_cb + i*uvlinesize, 128, 8); + memset(dest_cr + i*uvlinesize, 128, 8); + } + } else { + for (i = 0; i < 8; i++) { + memcpy(dest_cb + i*uvlinesize, h->mb + 128 + i*4, 8); + memcpy(dest_cr + i*uvlinesize, h->mb + 160 + i*4, 8); + } } } } From f45cfb4751eb1012bb2c4e5303b7558593a17127 Mon Sep 17 00:00:00 2001 From: Anton Khirnov Date: Tue, 23 Aug 2011 17:28:33 +0200 Subject: [PATCH 207/652] lavc: remove vbv_delay option It's broken and serves no purpose as it's a read-only field. (cherry picked from commit 8ee18b4bee24f99e733cf1425894e82c25d02426) Signed-off-by: Anton Khirnov --- libavcodec/options.c | 1 - 1 file changed, 1 deletion(-) diff --git a/libavcodec/options.c b/libavcodec/options.c index ae9e0c902d..792bb5941c 100644 --- a/libavcodec/options.c +++ b/libavcodec/options.c @@ -449,7 +449,6 @@ static const AVOption options[]={ {"thread_type", "select multithreading type", OFFSET(thread_type), FF_OPT_TYPE_INT, {.dbl = FF_THREAD_SLICE|FF_THREAD_FRAME }, 0, INT_MAX, V|E|D, "thread_type"}, {"slice", NULL, 0, FF_OPT_TYPE_CONST, {.dbl = FF_THREAD_SLICE }, INT_MIN, INT_MAX, V|E|D, "thread_type"}, {"frame", NULL, 0, FF_OPT_TYPE_CONST, {.dbl = FF_THREAD_FRAME }, INT_MIN, INT_MAX, V|E|D, "thread_type"}, -{"vbv_delay", "initial buffer fill time in periods of 27Mhz clock", 0, FF_OPT_TYPE_INT64, {.dbl = 0 }, 0, INT64_MAX}, {"audio_service_type", "audio service type", OFFSET(audio_service_type), FF_OPT_TYPE_INT, {.dbl = AV_AUDIO_SERVICE_TYPE_MAIN }, 0, AV_AUDIO_SERVICE_TYPE_NB-1, A|E, "audio_service_type"}, {"ma", "Main Audio Service", 0, FF_OPT_TYPE_CONST, {.dbl = AV_AUDIO_SERVICE_TYPE_MAIN }, INT_MIN, INT_MAX, A|E, "audio_service_type"}, {"ef", "Effects", 0, FF_OPT_TYPE_CONST, {.dbl = AV_AUDIO_SERVICE_TYPE_EFFECTS }, INT_MIN, INT_MAX, A|E, "audio_service_type"}, From a8edc1cbc76f2c8144796f3f984bc4607fb0d71d Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Wed, 24 Aug 2011 14:36:16 -0700 Subject: [PATCH 208/652] vc1: properly zero coded_block[] edges on new slice entry. Previously, we would leave the left edge uninitialized, which led to CBP prediction errors on slice edges, e.g. in SA10098.vc1. (cherry picked from commit d4b9974465baf893e90527a366e7a7411ded1ef8) Signed-off-by: Anton Khirnov --- libavcodec/vc1dec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/vc1dec.c b/libavcodec/vc1dec.c index 8fca2da738..b17ce30b5c 100644 --- a/libavcodec/vc1dec.c +++ b/libavcodec/vc1dec.c @@ -3020,7 +3020,7 @@ static void vc1_decode_i_blocks_adv(VC1Context *v) s->mb_x = 0; ff_init_block_index(s); memset(&s->coded_block[s->block_index[0]-s->b8_stride], 0, - s->b8_stride * sizeof(*s->coded_block)); + (1 + s->b8_stride) * sizeof(*s->coded_block)); } for(; s->mb_y < s->end_mb_y; s->mb_y++) { s->mb_x = 0; From 526f24e3fd731e11b5c19bccf26b392d7a007327 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alberto=20Delm=C3=A1s?= Date: Thu, 25 Aug 2011 11:00:37 +0200 Subject: [PATCH 209/652] VC1: Fix first/last row checks with slices In some places 0/mb_height were used in place of start_mb_y/end_mb_y. Fixes SA00049, SA00058, SA10091, SA10097, SA10131, SA20021, SA30030 Improves PSNR in SA00054, SA00059, SA00060, SA10096, SA10098, SA20022, SA30031, SA30032, SA40012, SA40013 Signed-off-by: Ronald S. Bultje (cherry picked from commit 1cf82cab0840d669198ea76ab0363aa661950647) Signed-off-by: Anton Khirnov --- libavcodec/vc1dec.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/libavcodec/vc1dec.c b/libavcodec/vc1dec.c index b17ce30b5c..c87558bc50 100644 --- a/libavcodec/vc1dec.c +++ b/libavcodec/vc1dec.c @@ -243,7 +243,7 @@ static void vc1_loop_filter_iblk(VC1Context *v, int pq) } v->vc1dsp.vc1_v_loop_filter16(s->dest[0] + 8*s->linesize, s->linesize, pq); - if (s->mb_y == s->mb_height-1) { + if (s->mb_y == s->end_mb_y-1) { if (s->mb_x) { v->vc1dsp.vc1_h_loop_filter16(s->dest[0], s->linesize, pq); v->vc1dsp.vc1_h_loop_filter8(s->dest[1], s->uvlinesize, pq); @@ -295,7 +295,7 @@ static void vc1_loop_filter_iblk_delayed(VC1Context *v, int pq) v->vc1dsp.vc1_v_loop_filter16(s->dest[0] - 8 * s->linesize, s->linesize, pq); } - if (s->mb_y == s->mb_height) { + if (s->mb_y == s->end_mb_y) { if (s->mb_x) { if (s->mb_x >= 2) v->vc1dsp.vc1_h_loop_filter16(s->dest[0] - 16 * s->linesize - 16, s->linesize, pq); @@ -2330,7 +2330,7 @@ static av_always_inline void vc1_apply_p_v_loop_filter(VC1Context *v, int block_ } else { dst = s->dest[0] + (block_num & 1) * 8 + ((block_num & 2) * 4 - 8) * linesize; } - if (s->mb_y != s->mb_height || block_num < 2) { + if (s->mb_y != s->end_mb_y || block_num < 2) { int16_t (*mv)[2]; int mv_stride; @@ -3096,7 +3096,7 @@ static void vc1_decode_i_blocks_adv(VC1Context *v) if(v->s.loop_filter) vc1_loop_filter_iblk_delayed(v, v->pq); } if (v->s.loop_filter) - ff_draw_horiz_band(s, (s->mb_height-1)*16, 16); + ff_draw_horiz_band(s, (s->end_mb_y-1)*16, 16); ff_er_add_slice(s, 0, s->start_mb_y, s->mb_width - 1, s->end_mb_y - 1, (AC_END|DC_END|MV_END)); } @@ -3219,7 +3219,7 @@ static void vc1_decode_b_blocks(VC1Context *v) s->first_slice_line = 0; } if (v->s.loop_filter) - ff_draw_horiz_band(s, (s->mb_height-1)*16, 16); + ff_draw_horiz_band(s, (s->end_mb_y-1)*16, 16); ff_er_add_slice(s, 0, s->start_mb_y, s->mb_width - 1, s->end_mb_y - 1, (AC_END|DC_END|MV_END)); } @@ -3227,9 +3227,9 @@ static void vc1_decode_skip_blocks(VC1Context *v) { MpegEncContext *s = &v->s; - ff_er_add_slice(s, 0, 0, s->mb_width - 1, s->mb_height - 1, (AC_END|DC_END|MV_END)); + ff_er_add_slice(s, 0, s->start_mb_y, s->mb_width - 1, s->end_mb_y - 1, (AC_END|DC_END|MV_END)); s->first_slice_line = 1; - for(s->mb_y = 0; s->mb_y < s->mb_height; s->mb_y++) { + for(s->mb_y = s->start_mb_y; s->mb_y < s->end_mb_y; s->mb_y++) { s->mb_x = 0; ff_init_block_index(s); ff_update_block_index(s); From a7d35b2f99365b56937c144d05ca36ebe5458154 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 9 Mar 2011 03:30:24 +0100 Subject: [PATCH 210/652] vf_scale: don't leak SWS context. Signed-off-by: Anton Khirnov (cherry picked from commit 52982dbe474663709033e1ad259f8ff7a5a2eefa) Signed-off-by: Anton Khirnov --- libavfilter/vf_scale.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavfilter/vf_scale.c b/libavfilter/vf_scale.c index 65fe01c9ae..5288d32116 100644 --- a/libavfilter/vf_scale.c +++ b/libavfilter/vf_scale.c @@ -205,6 +205,8 @@ static int config_props(AVFilterLink *outlink) scale->input_is_pal = av_pix_fmt_descriptors[inlink->format].flags & PIX_FMT_PAL; + if (scale->sws) + sws_freeContext(scale->sws); scale->sws = sws_getContext(inlink ->w, inlink ->h, inlink ->format, outlink->w, outlink->h, outlink->format, scale->flags, NULL, NULL, NULL); From fe9dae6df8be03ed5e62819ba98f16bfeb510abd Mon Sep 17 00:00:00 2001 From: Sean McGovern Date: Mon, 25 Jul 2011 18:51:02 -0400 Subject: [PATCH 211/652] cpu detection: avoid a signed overflow 1<<31 overflows because 1 is signed, so force it to unsigned. Signed-off-by: Ronald S. Bultje (cherry picked from commit 5938e02185430ca711106aaec9b5622dbf588af3) Signed-off-by: Anton Khirnov --- libavutil/x86/cpu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavutil/x86/cpu.c b/libavutil/x86/cpu.c index 78aeadf0a1..f747e4dba8 100644 --- a/libavutil/x86/cpu.c +++ b/libavutil/x86/cpu.c @@ -113,7 +113,7 @@ int ff_get_cpu_flags_x86(void) if(max_ext_level >= 0x80000001){ cpuid(0x80000001, eax, ebx, ecx, ext_caps); - if (ext_caps & (1<<31)) + if (ext_caps & (1U<<31)) rval |= AV_CPU_FLAG_3DNOW; if (ext_caps & (1<<30)) rval |= AV_CPU_FLAG_3DNOWEXT; From de33e8675c9a67c223ca5e4e14532b217149a9c9 Mon Sep 17 00:00:00 2001 From: Anton Khirnov Date: Tue, 23 Aug 2011 07:46:51 +0200 Subject: [PATCH 212/652] AVOptions: fix av_set_string3() doxy to match reality. Fixes bug 28. (cherry picked from commit e955a682e125d44143415ff2b96a99a4dac78da2) Signed-off-by: Anton Khirnov --- libavutil/opt.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavutil/opt.h b/libavutil/opt.h index 30aa54f5b6..ce65865069 100644 --- a/libavutil/opt.h +++ b/libavutil/opt.h @@ -134,7 +134,7 @@ const AVOption *av_find_opt(void *obj, const char *name, const char *unit, int m * when 0 then no av_free() nor av_strdup() will be used * @return 0 if the value has been set, or an AVERROR code in case of * error: - * AVERROR(ENOENT) if no matching option exists + * AVERROR_OPTION_NOT_FOUND if no matching option exists * AVERROR(ERANGE) if the value is out of range * AVERROR(EINVAL) if the value is not valid */ From 7850a9b384d06d41bdde4a79d087509cad6c46c5 Mon Sep 17 00:00:00 2001 From: Anton Khirnov Date: Sun, 4 Sep 2011 09:56:47 +0200 Subject: [PATCH 213/652] lavc: fix type for thread_type option It should be flags, not int. (cherry picked from commit fb47997edb9d8ff16fc380d005a08c0545624aa6) Signed-off-by: Anton Khirnov --- libavcodec/options.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/options.c b/libavcodec/options.c index 792bb5941c..411094ba11 100644 --- a/libavcodec/options.c +++ b/libavcodec/options.c @@ -446,7 +446,7 @@ static const AVOption options[]={ {"lpc_passes", "deprecated, use flac-specific options", OFFSET(lpc_passes), FF_OPT_TYPE_INT, {.dbl = -1 }, INT_MIN, INT_MAX, A|E}, #endif {"slices", "number of slices, used in parallelized decoding", OFFSET(slices), FF_OPT_TYPE_INT, {.dbl = 0 }, 0, INT_MAX, V|E}, -{"thread_type", "select multithreading type", OFFSET(thread_type), FF_OPT_TYPE_INT, {.dbl = FF_THREAD_SLICE|FF_THREAD_FRAME }, 0, INT_MAX, V|E|D, "thread_type"}, +{"thread_type", "select multithreading type", OFFSET(thread_type), FF_OPT_TYPE_FLAGS, {.dbl = FF_THREAD_SLICE|FF_THREAD_FRAME }, 0, INT_MAX, V|E|D, "thread_type"}, {"slice", NULL, 0, FF_OPT_TYPE_CONST, {.dbl = FF_THREAD_SLICE }, INT_MIN, INT_MAX, V|E|D, "thread_type"}, {"frame", NULL, 0, FF_OPT_TYPE_CONST, {.dbl = FF_THREAD_FRAME }, INT_MIN, INT_MAX, V|E|D, "thread_type"}, {"audio_service_type", "audio service type", OFFSET(audio_service_type), FF_OPT_TYPE_INT, {.dbl = AV_AUDIO_SERVICE_TYPE_MAIN }, 0, AV_AUDIO_SERVICE_TYPE_NB-1, A|E, "audio_service_type"}, From a652bb2857a753a18181fb2e1373f4bf7cf04a46 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Wed, 7 Sep 2011 23:12:32 +0200 Subject: [PATCH 214/652] Fixed invalid access in wavpack decoder on corrupted extra bits sub-blocks. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Storsjö (cherry picked from commit beefafda639dd53fc59c21d8a7cf8334da9a1062) Signed-off-by: Anton Khirnov --- libavcodec/wavpack.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c index e4fe217f59..64725c72c0 100644 --- a/libavcodec/wavpack.c +++ b/libavcodec/wavpack.c @@ -385,7 +385,7 @@ static inline int wv_get_value_integer(WavpackFrameContext *s, uint32_t *crc, in if(s->extra_bits){ S <<= s->extra_bits; - if(s->got_extra_bits){ + if(s->got_extra_bits && get_bits_left(&s->gb_extra_bits) >= s->extra_bits){ S |= get_bits(&s->gb_extra_bits, s->extra_bits); *crc = *crc * 9 + (S&0xffff) * 3 + ((unsigned)S>>16); } From 46d9dd6980bb630a2067ec92e5dd4c46949ed46c Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Wed, 7 Sep 2011 22:17:39 +0200 Subject: [PATCH 215/652] Fixed invalid writes in wavpack decoder on corrupted bitstreams. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Storsjö (cherry picked from commit 0aedab03405849962b469277afe047aa2c61a87f) Signed-off-by: Anton Khirnov --- libavcodec/wavpack.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c index 64725c72c0..5bd677e45e 100644 --- a/libavcodec/wavpack.c +++ b/libavcodec/wavpack.c @@ -1113,7 +1113,7 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no, int16_t *dst = (int16_t*)samples + 1; int16_t *src = (int16_t*)samples; int cnt = samplecount; - while(cnt--){ + while(cnt-- > 0){ *dst = *src; src += channel_stride; dst += channel_stride; @@ -1122,7 +1122,7 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no, int32_t *dst = (int32_t*)samples + 1; int32_t *src = (int32_t*)samples; int cnt = samplecount; - while(cnt--){ + while(cnt-- > 0){ *dst = *src; src += channel_stride; dst += channel_stride; @@ -1131,7 +1131,7 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no, float *dst = (float*)samples + 1; float *src = (float*)samples; int cnt = samplecount; - while(cnt--){ + while(cnt-- > 0){ *dst = *src; src += channel_stride; dst += channel_stride; From 94af9cf46bc14c5b912c35e87c409c321c18ceac Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Wed, 7 Sep 2011 22:02:55 +0200 Subject: [PATCH 216/652] Fixed invalid access in wavpack decoder on corrupted bitstream. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Storsjö (cherry picked from commit 55354b7de21e7bb4bbeb1c12ff55ea17f807c70c) Signed-off-by: Anton Khirnov --- libavcodec/wavpack.c | 49 +++++++++++++++++++++++++++++++------------- 1 file changed, 35 insertions(+), 14 deletions(-) diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c index 5bd677e45e..343120f494 100644 --- a/libavcodec/wavpack.c +++ b/libavcodec/wavpack.c @@ -292,7 +292,14 @@ static int wv_get_value(WavpackFrameContext *ctx, GetBitContext *gb, int channel } }else{ t = get_unary_0_33(gb); - if(t >= 2) t = get_bits(gb, t - 1) | (1 << (t-1)); + if(t >= 2){ + if(get_bits_left(gb) < t-1) + goto error; + t = get_bits(gb, t - 1) | (1 << (t-1)); + }else{ + if(get_bits_left(gb) < 0) + goto error; + } ctx->zeroes = t; if(ctx->zeroes){ memset(ctx->ch[0].median, 0, sizeof(ctx->ch[0].median)); @@ -303,24 +310,24 @@ static int wv_get_value(WavpackFrameContext *ctx, GetBitContext *gb, int channel } } - if(get_bits_count(gb) >= ctx->data_size){ - *last = 1; - return 0; - } - if(ctx->zero){ t = 0; ctx->zero = 0; }else{ t = get_unary_0_33(gb); - if(get_bits_count(gb) >= ctx->data_size){ - *last = 1; - return 0; - } + if(get_bits_left(gb) < 0) + goto error; if(t == 16) { t2 = get_unary_0_33(gb); - if(t2 < 2) t += t2; - else t += get_bits(gb, t2 - 1) | (1 << (t2 - 1)); + if(t2 < 2){ + if(get_bits_left(gb) < 0) + goto error; + t += t2; + }else{ + if(get_bits_left(gb) < t2 - 1) + goto error; + t += get_bits(gb, t2 - 1) | (1 << (t2 - 1)); + } } if(ctx->one){ @@ -360,9 +367,13 @@ static int wv_get_value(WavpackFrameContext *ctx, GetBitContext *gb, int channel } if(!c->error_limit){ ret = base + get_tail(gb, add); + if (get_bits_left(gb) <= 0) + goto error; }else{ int mid = (base*2 + add + 1) >> 1; while(add > c->error_limit){ + if(get_bits_left(gb) <= 0) + goto error; if(get_bits1(gb)){ add -= (mid - base); base = mid; @@ -376,6 +387,10 @@ static int wv_get_value(WavpackFrameContext *ctx, GetBitContext *gb, int channel if(ctx->hybrid_bitrate) c->slow_level += wp_log2(ret) - LEVEL_DECAY(c->slow_level); return sign ? ~ret : ret; + +error: + *last = 1; + return 0; } static inline int wv_get_value_integer(WavpackFrameContext *s, uint32_t *crc, int S) @@ -580,7 +595,10 @@ static inline int wv_unpack_stereo(WavpackFrameContext *s, GetBitContext *gb, vo count++; }while(!last && count < s->max_samples); - s->samples_left -= count; + if (last) + s->samples_left = 0; + else + s->samples_left -= count; if(!s->samples_left){ if(crc != s->CRC){ av_log(s->avctx, AV_LOG_ERROR, "CRC error\n"); @@ -658,7 +676,10 @@ static inline int wv_unpack_mono(WavpackFrameContext *s, GetBitContext *gb, void count++; }while(!last && count < s->max_samples); - s->samples_left -= count; + if (last) + s->samples_left = 0; + else + s->samples_left -= count; if(!s->samples_left){ if(crc != s->CRC){ av_log(s->avctx, AV_LOG_ERROR, "CRC error\n"); From a460d9e1f7e85759f2cf4db136ff00b758549c47 Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Thu, 8 Sep 2011 11:02:43 -0700 Subject: [PATCH 217/652] wavpack: Check error codes rather than working around error conditions. (cherry picked from commit dba2b63a98bdcac7bda1a8a2c48950518c075e17) Signed-off-by: Anton Khirnov --- libavcodec/wavpack.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c index 343120f494..f614c7afec 100644 --- a/libavcodec/wavpack.c +++ b/libavcodec/wavpack.c @@ -1119,6 +1119,10 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no, samplecount = wv_unpack_stereo(s, &s->gb, samples, AV_SAMPLE_FMT_S32); else samplecount = wv_unpack_stereo(s, &s->gb, samples, AV_SAMPLE_FMT_FLT); + + if (samplecount < 0) + return -1; + samplecount >>= 1; }else{ const int channel_stride = avctx->channels; @@ -1130,11 +1134,14 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no, else samplecount = wv_unpack_mono(s, &s->gb, samples, AV_SAMPLE_FMT_FLT); + if (samplecount < 0) + return -1; + if(s->stereo && avctx->sample_fmt == AV_SAMPLE_FMT_S16){ int16_t *dst = (int16_t*)samples + 1; int16_t *src = (int16_t*)samples; int cnt = samplecount; - while(cnt-- > 0){ + while(cnt--){ *dst = *src; src += channel_stride; dst += channel_stride; @@ -1143,7 +1150,7 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no, int32_t *dst = (int32_t*)samples + 1; int32_t *src = (int32_t*)samples; int cnt = samplecount; - while(cnt-- > 0){ + while(cnt--){ *dst = *src; src += channel_stride; dst += channel_stride; @@ -1152,7 +1159,7 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no, float *dst = (float*)samples + 1; float *src = (float*)samples; int cnt = samplecount; - while(cnt-- > 0){ + while(cnt--){ *dst = *src; src += channel_stride; dst += channel_stride; From 144c80042b05b7e89abc16efcd52304548958d58 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Fri, 9 Sep 2011 22:04:09 +0200 Subject: [PATCH 218/652] ffv1: Fixed size given to init_get_bits() in decoder. init_get_bits() takes a number of bits and not a number of bytes as its size argument. Signed-off-by: Alex Converse (cherry picked from commit 46b004959bb7870a361a57272cd5fa7eea34250b) Signed-off-by: Anton Khirnov --- libavcodec/ffv1.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/ffv1.c b/libavcodec/ffv1.c index 50f1062ad4..ab2cc6e7cd 100644 --- a/libavcodec/ffv1.c +++ b/libavcodec/ffv1.c @@ -1765,7 +1765,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac bytes_read = c->bytestream - c->bytestream_start - 1; if(bytes_read ==0) av_log(avctx, AV_LOG_ERROR, "error at end of AC stream\n"); //FIXME //printf("pos=%d\n", bytes_read); - init_get_bits(&f->slice_context[0]->gb, buf + bytes_read, buf_size - bytes_read); + init_get_bits(&f->slice_context[0]->gb, buf + bytes_read, (buf_size - bytes_read) * 8); } else { bytes_read = 0; /* avoid warning */ } @@ -1782,7 +1782,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac if(fs->ac){ ff_init_range_decoder(&fs->c, buf_p, v); }else{ - init_get_bits(&fs->gb, buf_p, v); + init_get_bits(&fs->gb, buf_p, v * 8); } } From 1656dd7a4e72fcf3405f08b56d7293d87a329d7b Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Fri, 9 Sep 2011 13:24:19 -0700 Subject: [PATCH 219/652] indeo2: init_get_bits size in bits instead of bytes (cherry picked from commit 68ca330cbd479111db9cb7649d7530ad59f04cc8) Signed-off-by: Anton Khirnov --- libavcodec/indeo2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/indeo2.c b/libavcodec/indeo2.c index 0e588c3966..6cf893b15e 100644 --- a/libavcodec/indeo2.c +++ b/libavcodec/indeo2.c @@ -165,7 +165,7 @@ static int ir2_decode_frame(AVCodecContext *avctx, #endif start = 48; /* hardcoded for now */ - init_get_bits(&s->gb, buf + start, buf_size - start); + init_get_bits(&s->gb, buf + start, (buf_size - start) * 8); if (s->decode_delta) { /* intraframe */ ir2_decode_plane(s, avctx->width, avctx->height, From 6b1af6a3284e7146b619dff96d88492d47645050 Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Fri, 9 Sep 2011 13:26:49 -0700 Subject: [PATCH 220/652] indeo2: fail if input buffer too small (cherry picked from commit b7ce4f1d1c3add86ece7ca595ea6c4a10b471055) Signed-off-by: Anton Khirnov --- libavcodec/indeo2.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libavcodec/indeo2.c b/libavcodec/indeo2.c index 6cf893b15e..544f476774 100644 --- a/libavcodec/indeo2.c +++ b/libavcodec/indeo2.c @@ -156,6 +156,13 @@ static int ir2_decode_frame(AVCodecContext *avctx, return -1; } + start = 48; /* hardcoded for now */ + + if (start >= buf_size) { + av_log(s->avctx, AV_LOG_ERROR, "input buffer size too small (%d)\n", buf_size); + return AVERROR_INVALIDDATA; + } + s->decode_delta = buf[18]; /* decide whether frame uses deltas or not */ @@ -163,7 +170,6 @@ static int ir2_decode_frame(AVCodecContext *avctx, for (i = 0; i < buf_size; i++) buf[i] = av_reverse[buf[i]]; #endif - start = 48; /* hardcoded for now */ init_get_bits(&s->gb, buf + start, (buf_size - start) * 8); From dd6334a1e425953dc1b0163e7e19b3d94e250ef5 Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Fri, 9 Sep 2011 14:50:33 -0700 Subject: [PATCH 221/652] cljr: init_get_bits size in bits instead of bytes (cherry picked from commit 0c1f5b93d9b97c4cc3684ba91a040e90bfc760d2) Signed-off-by: Anton Khirnov --- libavcodec/cljr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/cljr.c b/libavcodec/cljr.c index e2b01e2a6a..b83919e71d 100644 --- a/libavcodec/cljr.c +++ b/libavcodec/cljr.c @@ -67,7 +67,7 @@ static int decode_frame(AVCodecContext *avctx, p->pict_type= AV_PICTURE_TYPE_I; p->key_frame= 1; - init_get_bits(&a->gb, buf, buf_size); + init_get_bits(&a->gb, buf, buf_size * 8); for(y=0; yheight; y++){ uint8_t *luma= &a->picture.data[0][ y*a->picture.linesize[0] ]; From c11d360ebc86e994e223b646b62f471b0fbbe8d3 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Wed, 7 Sep 2011 21:43:03 +0200 Subject: [PATCH 222/652] Fixed segfault with wavpack decoder on corrupted decorrelation terms sub-blocks. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Storsjö (cherry picked from commit 8bfea4ab4e2cb32bc7bf6f697ee30a238c65d296) Signed-off-by: Anton Khirnov --- libavcodec/wavpack.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c index f614c7afec..155633f3ac 100644 --- a/libavcodec/wavpack.c +++ b/libavcodec/wavpack.c @@ -862,12 +862,13 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no, } switch(id & WP_IDF_MASK){ case WP_ID_DECTERMS: - s->terms = size; - if(s->terms > MAX_TERMS){ + if(size > MAX_TERMS){ av_log(avctx, AV_LOG_ERROR, "Too many decorrelation terms\n"); + s->terms = 0; buf += ssize; continue; } + s->terms = size; for(i = 0; i < s->terms; i++) { s->decorr[s->terms - i - 1].value = (*buf & 0x1F) - 5; s->decorr[s->terms - i - 1].delta = *buf >> 5; From 1125f26f83da490c9740cd84f52060a5ffb34e5b Mon Sep 17 00:00:00 2001 From: Kostya Shishkov Date: Mon, 12 Sep 2011 09:40:42 +0200 Subject: [PATCH 223/652] smacker demuxer: handle possible av_realloc() failure. Signed-off-by: Anton Khirnov (cherry picked from commit 47a8589f7bc69d1a29da1dfdfbd0dfa78a9e31fd) Signed-off-by: Anton Khirnov --- libavformat/smacker.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/libavformat/smacker.c b/libavformat/smacker.c index db9a02bb6c..135b4ae708 100644 --- a/libavformat/smacker.c +++ b/libavformat/smacker.c @@ -286,11 +286,16 @@ static int smacker_read_packet(AVFormatContext *s, AVPacket *pkt) for(i = 0; i < 7; i++) { if(flags & 1) { int size; + uint8_t *tmpbuf; + size = avio_rl32(s->pb) - 4; frame_size -= size; frame_size -= 4; smk->curstream++; - smk->bufs[smk->curstream] = av_realloc(smk->bufs[smk->curstream], size); + tmpbuf = av_realloc(smk->bufs[smk->curstream], size); + if (!tmpbuf) + return AVERROR(ENOMEM); + smk->bufs[smk->curstream] = tmpbuf; smk->buf_sizes[smk->curstream] = size; ret = avio_read(s->pb, smk->bufs[smk->curstream], size); if(ret != size) From bb0c352ec550f19b8ced2675ebd266305ca25a99 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 10 Sep 2011 00:32:12 +0200 Subject: [PATCH 224/652] Fixed size given to init_get_bits() in xan decoder. (cherry picked from commit 393d5031c6aaaf8c2dda4eb5d676974c349fae85) Signed-off-by: Anton Khirnov --- libavcodec/xan.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/libavcodec/xan.c b/libavcodec/xan.c index 876a9a5558..521764fd1c 100644 --- a/libavcodec/xan.c +++ b/libavcodec/xan.c @@ -95,17 +95,18 @@ static av_cold int xan_decode_init(AVCodecContext *avctx) return 0; } -static int xan_huffman_decode(unsigned char *dest, const unsigned char *src, - int dest_len) +static int xan_huffman_decode(unsigned char *dest, int dest_len, + const unsigned char *src, int src_len) { unsigned char byte = *src++; unsigned char ival = byte + 0x16; const unsigned char * ptr = src + byte*2; + int ptr_len = src_len - 1 - byte*2; unsigned char val = ival; unsigned char *dest_end = dest + dest_len; GetBitContext gb; - init_get_bits(&gb, ptr, 0); // FIXME: no src size available + init_get_bits(&gb, ptr, ptr_len * 8); while ( val != 0x16 ) { val = src[val - 0x17 + get_bits1(&gb) * byte]; @@ -270,7 +271,8 @@ static void xan_wc3_decode_frame(XanContext *s) { vector_segment = s->buf + AV_RL16(&s->buf[4]); imagedata_segment = s->buf + AV_RL16(&s->buf[6]); - xan_huffman_decode(opcode_buffer, huffman_segment, opcode_buffer_size); + xan_huffman_decode(opcode_buffer, opcode_buffer_size, + huffman_segment, s->size - (huffman_segment - s->buf) ); if (imagedata_segment[0] == 2) xan_unpack(s->buffer2, &imagedata_segment[1], s->buffer2_size); From dc6ee1836392b6046cc3314a7fa8c58473318890 Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Fri, 9 Sep 2011 16:10:03 -0700 Subject: [PATCH 225/652] xan: Add some buffer checks (cherry picked from commit 0872bb23b4bd2d94a8ba91070f706d1bc1c3ced8) Signed-off-by: Anton Khirnov --- libavcodec/xan.c | 37 +++++++++++++++++++++++++++++-------- 1 file changed, 29 insertions(+), 8 deletions(-) diff --git a/libavcodec/xan.c b/libavcodec/xan.c index 521764fd1c..88a9adbc30 100644 --- a/libavcodec/xan.c +++ b/libavcodec/xan.c @@ -106,6 +106,9 @@ static int xan_huffman_decode(unsigned char *dest, int dest_len, unsigned char *dest_end = dest + dest_len; GetBitContext gb; + if (ptr_len < 0) + return AVERROR_INVALIDDATA; + init_get_bits(&gb, ptr, ptr_len * 8); while ( val != 0x16 ) { @@ -245,7 +248,7 @@ static inline void xan_wc3_copy_pixel_run(XanContext *s, } } -static void xan_wc3_decode_frame(XanContext *s) { +static int xan_wc3_decode_frame(XanContext *s) { int width = s->avctx->width; int height = s->avctx->height; @@ -265,14 +268,30 @@ static void xan_wc3_decode_frame(XanContext *s) { const unsigned char *size_segment; const unsigned char *vector_segment; const unsigned char *imagedata_segment; + int huffman_offset, size_offset, vector_offset, imagedata_offset; - huffman_segment = s->buf + AV_RL16(&s->buf[0]); - size_segment = s->buf + AV_RL16(&s->buf[2]); - vector_segment = s->buf + AV_RL16(&s->buf[4]); - imagedata_segment = s->buf + AV_RL16(&s->buf[6]); + if (s->size < 8) + return AVERROR_INVALIDDATA; - xan_huffman_decode(opcode_buffer, opcode_buffer_size, - huffman_segment, s->size - (huffman_segment - s->buf) ); + huffman_offset = AV_RL16(&s->buf[0]); + size_offset = AV_RL16(&s->buf[2]); + vector_offset = AV_RL16(&s->buf[4]); + imagedata_offset = AV_RL16(&s->buf[6]); + + if (huffman_offset >= s->size || + size_offset >= s->size || + vector_offset >= s->size || + imagedata_offset >= s->size) + return AVERROR_INVALIDDATA; + + huffman_segment = s->buf + huffman_offset; + size_segment = s->buf + size_offset; + vector_segment = s->buf + vector_offset; + imagedata_segment = s->buf + imagedata_offset; + + if (xan_huffman_decode(opcode_buffer, opcode_buffer_size, + huffman_segment, s->size - huffman_offset) < 0) + return AVERROR_INVALIDDATA; if (imagedata_segment[0] == 2) xan_unpack(s->buffer2, &imagedata_segment[1], s->buffer2_size); @@ -358,6 +377,7 @@ static void xan_wc3_decode_frame(XanContext *s) { y += (x + size) / width; x = (x + size) % width; } + return 0; } #if RUNTIME_GAMMA @@ -519,7 +539,8 @@ static int xan_decode_frame(AVCodecContext *avctx, s->buf = buf; s->size = buf_size; - xan_wc3_decode_frame(s); + if (xan_wc3_decode_frame(s) < 0) + return AVERROR_INVALIDDATA; /* release the last frame if it is allocated */ if (s->last_frame.data[0]) From 1486e99b9039f380619f7eb516a5503ad3ad04c8 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sun, 11 Sep 2011 19:17:40 +0200 Subject: [PATCH 226/652] ape demuxer: fix segfault on memory allocation failure. Signed-off-by: Anton Khirnov (cherry picked from commit 273aab99bf7be2bcda95dd64101c2317ee0fcb99) Signed-off-by: Anton Khirnov --- libavformat/ape.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/ape.c b/libavformat/ape.c index 90b02619e0..b0841002a2 100644 --- a/libavformat/ape.c +++ b/libavformat/ape.c @@ -270,6 +270,8 @@ static int ape_read_header(AVFormatContext * s, AVFormatParameters * ap) if (ape->seektablelength > 0) { ape->seektable = av_malloc(ape->seektablelength); + if (!ape->seektable) + return AVERROR(ENOMEM); for (i = 0; i < ape->seektablelength / sizeof(uint32_t); i++) ape->seektable[i] = avio_rl32(pb); } From 2ac3aa129e7dbee5d6e19e27794706c8f2ee8345 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Mon, 12 Sep 2011 20:50:13 +0200 Subject: [PATCH 227/652] Check for invalid packet size in the smacker demuxer. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Storsjö (cherry picked from commit e055932f5636a82275837968eea9c8fcb5bca474) Signed-off-by: Anton Khirnov --- libavformat/smacker.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/smacker.c b/libavformat/smacker.c index 135b4ae708..87c59a3049 100644 --- a/libavformat/smacker.c +++ b/libavformat/smacker.c @@ -304,6 +304,8 @@ static int smacker_read_packet(AVFormatContext *s, AVPacket *pkt) } flags >>= 1; } + if (frame_size < 0) + return AVERROR_INVALIDDATA; if (av_new_packet(pkt, frame_size + 768)) return AVERROR(ENOMEM); if(smk->frm_size[smk->cur_frame] & 1) From 4482ee9d9c5b6e8e12b06a208f2b7b52d0bcee81 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Mon, 12 Sep 2011 20:50:34 +0200 Subject: [PATCH 228/652] Fixed off by one packet size allocation in the smacker demuxer. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Storsjö (cherry picked from commit a92d0fa5d234582583d41b67dddecffc2c819573) Signed-off-by: Anton Khirnov --- libavformat/smacker.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/smacker.c b/libavformat/smacker.c index 87c59a3049..a817c31355 100644 --- a/libavformat/smacker.c +++ b/libavformat/smacker.c @@ -306,7 +306,7 @@ static int smacker_read_packet(AVFormatContext *s, AVPacket *pkt) } if (frame_size < 0) return AVERROR_INVALIDDATA; - if (av_new_packet(pkt, frame_size + 768)) + if (av_new_packet(pkt, frame_size + 769)) return AVERROR(ENOMEM); if(smk->frm_size[smk->cur_frame] & 1) palchange |= 2; From bc2dd37e4f6fb549c1b16e9a9791e7b8f31ed112 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Mon, 12 Sep 2011 23:46:49 +0200 Subject: [PATCH 229/652] Check and propagate errors when VLC trees cannot be built in smacker decoder. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Storsjö (cherry picked from commit 9676ffba8346791f494451e68d2a3b37a2918a9b) Signed-off-by: Anton Khirnov --- libavcodec/smacker.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c index 8060e1cee7..e8de0d89c5 100644 --- a/libavcodec/smacker.c +++ b/libavcodec/smacker.c @@ -134,10 +134,10 @@ static int smacker_decode_bigtree(GetBitContext *gb, HuffContext *hc, DBCtx *ctx return -1; } b1 = get_bits_count(gb); - i1 = get_vlc2(gb, ctx->v1->table, SMKTREE_BITS, 3); + i1 = ctx->v1->table ? get_vlc2(gb, ctx->v1->table, SMKTREE_BITS, 3) : 0; b1 = get_bits_count(gb) - b1; b2 = get_bits_count(gb); - i2 = get_vlc2(gb, ctx->v2->table, SMKTREE_BITS, 3); + i2 = ctx->v2->table ? get_vlc2(gb, ctx->v2->table, SMKTREE_BITS, 3) : 0; b2 = get_bits_count(gb) - b2; val = ctx->recode1[i1] | (ctx->recode2[i2] << 8); if(val == ctx->escapes[0]) { @@ -290,7 +290,8 @@ static int decode_header_trees(SmackVContext *smk) { smk->mmap_tbl[0] = 0; smk->mmap_last[0] = smk->mmap_last[1] = smk->mmap_last[2] = 1; } else { - smacker_decode_header_tree(smk, &gb, &smk->mmap_tbl, smk->mmap_last, mmap_size); + if (smacker_decode_header_tree(smk, &gb, &smk->mmap_tbl, smk->mmap_last, mmap_size)) + return -1; } if(!get_bits1(&gb)) { av_log(smk->avctx, AV_LOG_INFO, "Skipping MCLR tree\n"); @@ -298,7 +299,8 @@ static int decode_header_trees(SmackVContext *smk) { smk->mclr_tbl[0] = 0; smk->mclr_last[0] = smk->mclr_last[1] = smk->mclr_last[2] = 1; } else { - smacker_decode_header_tree(smk, &gb, &smk->mclr_tbl, smk->mclr_last, mclr_size); + if (smacker_decode_header_tree(smk, &gb, &smk->mclr_tbl, smk->mclr_last, mclr_size)) + return -1; } if(!get_bits1(&gb)) { av_log(smk->avctx, AV_LOG_INFO, "Skipping FULL tree\n"); @@ -306,7 +308,8 @@ static int decode_header_trees(SmackVContext *smk) { smk->full_tbl[0] = 0; smk->full_last[0] = smk->full_last[1] = smk->full_last[2] = 1; } else { - smacker_decode_header_tree(smk, &gb, &smk->full_tbl, smk->full_last, full_size); + if (smacker_decode_header_tree(smk, &gb, &smk->full_tbl, smk->full_last, full_size)) + return -1; } if(!get_bits1(&gb)) { av_log(smk->avctx, AV_LOG_INFO, "Skipping TYPE tree\n"); @@ -314,7 +317,8 @@ static int decode_header_trees(SmackVContext *smk) { smk->type_tbl[0] = 0; smk->type_last[0] = smk->type_last[1] = smk->type_last[2] = 1; } else { - smacker_decode_header_tree(smk, &gb, &smk->type_tbl, smk->type_last, type_size); + if (smacker_decode_header_tree(smk, &gb, &smk->type_tbl, smk->type_last, type_size)) + return -1; } return 0; @@ -522,8 +526,8 @@ static av_cold int decode_init(AVCodecContext *avctx) return -1; } - decode_header_trees(c); - + if (decode_header_trees(c)) + return -1; return 0; } From a5107aab98bf67ba32eb8b6a3a7478e620b7d3b3 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Mon, 12 Sep 2011 23:49:36 +0200 Subject: [PATCH 230/652] Check for invalid VLC value in smacker decoder. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Storsjö (cherry picked from commit 6489455495fc5bfbebcfe3f57e5d4fdd6a781091) Signed-off-by: Anton Khirnov --- libavcodec/smacker.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c index e8de0d89c5..9628b07492 100644 --- a/libavcodec/smacker.c +++ b/libavcodec/smacker.c @@ -139,6 +139,8 @@ static int smacker_decode_bigtree(GetBitContext *gb, HuffContext *hc, DBCtx *ctx b2 = get_bits_count(gb); i2 = ctx->v2->table ? get_vlc2(gb, ctx->v2->table, SMKTREE_BITS, 3) : 0; b2 = get_bits_count(gb) - b2; + if (i1 < 0 || i2 < 0) + return -1; val = ctx->recode1[i1] | (ctx->recode2[i2] << 8); if(val == ctx->escapes[0]) { ctx->last[0] = hc->current; From c34968c6d49496d318591f1b4492fdd9c143aaeb Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 13 Sep 2011 23:24:56 +0200 Subject: [PATCH 231/652] smacker: fix a few off by 1 errors MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit stereo & 16bit is untested due to lack of samples Signed-off-by: Martin Storsjö (cherry picked from commit 5166376f24545207607f61ed8ff4e1b0572ff320) Signed-off-by: Anton Khirnov --- libavcodec/smacker.c | 8 +-- tests/ref/fate/smacker | 160 ++++++++++++++++++++--------------------- 2 files changed, 84 insertions(+), 84 deletions(-) diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c index 9628b07492..1fa40def62 100644 --- a/libavcodec/smacker.c +++ b/libavcodec/smacker.c @@ -624,9 +624,9 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data, int *data_size, if(bits) { //decode 16-bit data for(i = stereo; i >= 0; i--) pred[i] = av_bswap16(get_bits(&gb, 16)); - for(i = 0; i < stereo; i++) + for(i = 0; i <= stereo; i++) *samples++ = pred[i]; - for(i = 0; i < unp_size / 2; i++) { + for(; i < unp_size / 2; i++) { if(i & stereo) { if(vlc[2].table) res = get_vlc2(&gb, vlc[2].table, SMKTREE_BITS, 3); @@ -658,9 +658,9 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data, int *data_size, } else { //8-bit data for(i = stereo; i >= 0; i--) pred[i] = get_bits(&gb, 8); - for(i = 0; i < stereo; i++) + for(i = 0; i <= stereo; i++) *samples8++ = pred[i]; - for(i = 0; i < unp_size; i++) { + for(; i < unp_size; i++) { if(i & stereo){ if(vlc[1].table) res = get_vlc2(&gb, vlc[1].table, SMKTREE_BITS, 3); diff --git a/tests/ref/fate/smacker b/tests/ref/fate/smacker index 85c4a9817c..df88a4ae8a 100644 --- a/tests/ref/fate/smacker +++ b/tests/ref/fate/smacker @@ -1,5 +1,5 @@ 0, 0, 192000, 0x8926d7fc -1, 0, 47240, 0xad778a78 +1, 0, 47240, 0x9974897c 0, 6390, 192000, 0x2506d384 0, 12780, 192000, 0x9a8dc93a 0, 19170, 192000, 0x4badb7f2 @@ -15,163 +15,163 @@ 0, 83070, 192000, 0x1a3d7971 0, 89460, 192000, 0xa1a65bd5 0, 95850, 192000, 0x344957b9 -1, 96408, 3128, 0x4c1564ae +1, 96408, 3128, 0x7e4064b4 0, 102240, 192000, 0xe23b5f4e -1, 102792, 3128, 0x34553309 +1, 102792, 3128, 0x80883301 0, 108630, 192000, 0xb5c2710b -1, 109176, 3136, 0xb474d246 +1, 109176, 3136, 0x2ad2d341 0, 115020, 192000, 0x7a25938f -1, 115576, 3128, 0x87b868ea +1, 115576, 3128, 0xda8468e3 0, 121410, 192000, 0x0a84e4c9 -1, 121959, 3136, 0xf1516dc3 +1, 121959, 3136, 0x9d6f6cdf 0, 127800, 192000, 0x94209b0d -1, 128359, 3128, 0x867563cb +1, 128359, 3128, 0x1aaa64b5 0, 134190, 192000, 0xf940e51f -1, 134743, 3128, 0x5200728c +1, 134743, 3128, 0x9182728b 0, 140580, 192000, 0xb9fdec42 -1, 141127, 3136, 0xeda118a0 +1, 141127, 3136, 0xfa8e17b3 0, 146970, 192000, 0x7b04a376 -1, 147527, 3128, 0x03e2c1d6 +1, 147527, 3128, 0x0dc3c1cf 0, 153360, 192000, 0x5fe0026b -1, 153910, 3136, 0xc3e862b6 +1, 153910, 3136, 0x0109639d 0, 159750, 192000, 0x775aca39 -1, 160310, 3128, 0x937a13be +1, 160310, 3128, 0x6d8a12d9 0, 166140, 192000, 0xae14fb32 -1, 166694, 3128, 0x7b1b9577 +1, 166694, 3128, 0x4b9a9597 0, 172530, 192000, 0x661106e5 -1, 173078, 3136, 0x042c7113 +1, 173078, 3136, 0x9112710e 0, 178920, 192000, 0xe8658dbf -1, 179478, 3128, 0xac48f451 +1, 179478, 3128, 0x8cccf522 0, 185310, 192000, 0x5359f0f9 -1, 185861, 3128, 0x018fbbe9 +1, 185861, 3128, 0x6594bbf3 0, 191700, 192000, 0xc1ec80f4 -1, 192245, 3136, 0xc62aa7ce +1, 192245, 3136, 0xd878a7d5 0, 198090, 192000, 0xca53806b -1, 198645, 3128, 0x106e3924 +1, 198645, 3128, 0xaa6e3905 0, 204480, 192000, 0xf0766b2e -1, 205029, 3136, 0xfeb82ecc +1, 205029, 3136, 0x2a062e04 0, 210870, 192000, 0x39962da8 -1, 211429, 3128, 0x7e7c005b +1, 211429, 3128, 0x84e4006a 0, 217260, 192000, 0x4171c37f -1, 217812, 3128, 0x949d3560 +1, 217812, 3128, 0x85183633 0, 223650, 192000, 0x3abf3b46 -1, 224196, 3136, 0x02bd4aff +1, 224196, 3136, 0xb62d4b02 0, 230040, 192000, 0xecc68313 -1, 230596, 3128, 0x4aaf4715 +1, 230596, 3128, 0xe209462a 0, 236430, 192000, 0xea339baf -1, 236980, 3136, 0x2958825f +1, 236980, 3136, 0x57c4824b 0, 242820, 192000, 0x616b8f16 -1, 243380, 3128, 0x99a5914d +1, 243380, 3128, 0x664a9163 0, 249210, 192000, 0xf77a8581 -1, 249763, 3128, 0xe67277a4 +1, 249763, 3128, 0xb4287874 0, 255600, 192000, 0xb315678b -1, 256147, 3136, 0x11296973 +1, 256147, 3136, 0xde626885 0, 261990, 192000, 0x0a4a5218 -1, 262547, 3128, 0x5cc362f7 +1, 262547, 3128, 0x919763c2 0, 268380, 192000, 0x98802be4 -1, 268931, 3128, 0x0c5e6586 +1, 268931, 3128, 0xa4f664e1 0, 274770, 192000, 0xa2f0fd94 -1, 275314, 3136, 0xe940b0f9 +1, 275314, 3136, 0xa0bab0d4 0, 281160, 192000, 0x6671c84f -1, 281714, 3128, 0x2c9292cc +1, 281714, 3128, 0xe938939c 0, 287550, 192000, 0x38327e31 -1, 288098, 3136, 0xa807c096 +1, 288098, 3136, 0x3679bfc7 0, 293940, 192000, 0xb85d3e08 -1, 294498, 3128, 0x9d2254d8 +1, 294498, 3128, 0xc96c55c3 0, 300330, 192000, 0xdc69eba9 -1, 300882, 3128, 0xe68015b0 +1, 300882, 3128, 0x119114d6 0, 306720, 192000, 0x8955a0b3 -1, 307265, 3136, 0x65d58029 +1, 307265, 3136, 0x42f3800f 0, 313110, 192000, 0x714a548b -1, 313665, 3128, 0xcffcc48c +1, 313665, 3128, 0x4250c4ad 0, 319500, 192000, 0xc0471de9 -1, 320049, 3136, 0x8c704944 +1, 320049, 3136, 0x5cdd4925 0, 325890, 192000, 0x2e16e039 -1, 326449, 3128, 0x1459231d +1, 326449, 3128, 0xa4c12360 0, 332280, 192000, 0x9fa4b033 -1, 332833, 3128, 0x7dde4839 +1, 332833, 3128, 0x849f48de 0, 338670, 192000, 0x4a0f9402 -1, 339216, 3136, 0xbb6890e2 +1, 339216, 3136, 0x6acd8ff9 0, 345060, 192000, 0x1f3e6843 -1, 345616, 3128, 0xcd9a8524 +1, 345616, 3128, 0xb2758556 0, 351450, 192000, 0x31774850 -1, 352000, 3128, 0xa244fc31 +1, 352000, 3128, 0x10f2fcb1 0, 357840, 192000, 0x9d5336a2 -1, 358384, 3136, 0x504e2bd9 +1, 358384, 3136, 0xf0f02b23 0, 364230, 192000, 0xf7de27a2 -1, 364784, 3128, 0x655858d8 +1, 364784, 3128, 0x64f759c6 0, 370620, 192000, 0x98c717ce -1, 371167, 3136, 0x46027610 +1, 371167, 3136, 0x7ec075e3 0, 377010, 192000, 0x615b10b8 -1, 377567, 3128, 0x4192d5e3 +1, 377567, 3128, 0xf981d51e 0, 383400, 192000, 0xd5bc0e7e -1, 383951, 3128, 0x21d2e7fe +1, 383951, 3128, 0xc622e8b9 0, 389790, 192000, 0xd5bc0e7e -1, 390335, 3136, 0x7c93e329 +1, 390335, 3136, 0xf632e2f8 0, 396180, 192000, 0xd5bc0e7e -1, 396735, 3128, 0xa67718c0 +1, 396735, 3128, 0xda561864 0, 402570, 192000, 0xd5bc0e7e -1, 403118, 3136, 0x9bb6e8a3 +1, 403118, 3136, 0x14d2e888 0, 408960, 192000, 0xd5bc0e7e -1, 409518, 3128, 0x0933b7a6 +1, 409518, 3128, 0x015bb869 0, 415350, 192000, 0xd5bc0e7e -1, 415902, 3128, 0x07f1fb57 +1, 415902, 3128, 0xedb1fb62 0, 421740, 192000, 0xd5bc0e7e -1, 422286, 3136, 0x8a050cfd +1, 422286, 3136, 0xe0560c41 0, 428130, 192000, 0xd5bc0e7e -1, 428686, 3128, 0xdb773c0b +1, 428686, 3128, 0x14773c9a 0, 434520, 192000, 0xd5bc0e7e -1, 435069, 3136, 0xd1281c53 +1, 435069, 3136, 0x850f1c82 0, 440910, 192000, 0xd5bc0e7e -1, 441469, 3128, 0x9f395324 +1, 441469, 3128, 0xb0bd5347 0, 447300, 192000, 0xd5bc0e7e -1, 447853, 3128, 0x5f13edec +1, 447853, 3128, 0x8f82edbf 0, 453690, 192000, 0xd5bc0e7e -1, 454237, 3136, 0x871cbecf +1, 454237, 3136, 0x493abee2 0, 460080, 192000, 0xd5bc0e7e -1, 460637, 3128, 0x799eff3e +1, 460637, 3128, 0xf5daff3f 0, 466470, 192000, 0xd5bc0e7e -1, 467020, 3128, 0x3f902762 +1, 467020, 3128, 0x78ad2690 0, 472860, 192000, 0xd5bc0e7e -1, 473404, 3136, 0x29f8bb04 +1, 473404, 3136, 0x490ebafc 0, 479250, 192000, 0xd5bc0e7e -1, 479804, 3128, 0xf3523ee9 +1, 479804, 3128, 0x70333fd2 0, 485640, 192000, 0xd5bc0e7e -1, 486188, 3136, 0x4405c435 +1, 486188, 3136, 0x8cb1c350 0, 492030, 192000, 0xd5bc0e7e -1, 492588, 3128, 0x892957cb +1, 492588, 3128, 0x8bd057cb 0, 498420, 192000, 0xd5bc0e7e -1, 498971, 3128, 0xdf483dbd +1, 498971, 3128, 0x161b3dbc 0, 504810, 192000, 0xd5bc0e7e -1, 505355, 3136, 0x5e8ab797 +1, 505355, 3136, 0xb47fb88a 0, 511200, 192000, 0xd5bc0e7e -1, 511755, 3128, 0x92e13820 +1, 511755, 3128, 0x474b381e 0, 517590, 192000, 0xd5bc0e7e -1, 518139, 3136, 0xfde719b6 +1, 518139, 3136, 0x07c519bb 0, 523980, 192000, 0xd5bc0e7e -1, 524539, 3128, 0x442f17ae +1, 524539, 3128, 0x15b916c8 0, 530370, 192000, 0xd5bc0e7e -1, 530922, 3128, 0x011af61f +1, 530922, 3128, 0x0ed7f6fb 0, 536760, 192000, 0xd5bc0e7e -1, 537306, 3136, 0x4e3e3a6d +1, 537306, 3136, 0x54d6397b 0, 543150, 192000, 0xd5bc0e7e -1, 543706, 3128, 0xc11242b9 +1, 543706, 3128, 0x437242bb 0, 549540, 192000, 0xd5bc0e7e -1, 550090, 3128, 0x01415b59 +1, 550090, 3128, 0x38f05c4d 0, 555930, 192000, 0xd5bc0e7e -1, 556473, 3136, 0x302e0e55 +1, 556473, 3136, 0x5d000e59 0, 562320, 192000, 0xd5bc0e7e -1, 562873, 3128, 0x20522d04 +1, 562873, 3128, 0xdeab2d04 0, 568710, 192000, 0xd5bc0e7e -1, 569257, 3136, 0x316a697d +1, 569257, 3136, 0x77de6880 0, 575100, 192000, 0xd5bc0e7e -1, 575657, 3128, 0x6d75ee27 +1, 575657, 3128, 0xbc87ef25 0, 581490, 192000, 0xd5bc0e7e -1, 582041, 3128, 0xcb008ae8 +1, 582041, 3128, 0xc1638ade 0, 587880, 192000, 0xd5bc0e7e -1, 588424, 3136, 0xd2664b51 +1, 588424, 3136, 0xcfb64a5f 0, 594270, 192000, 0xd5bc0e7e -1, 594824, 3128, 0xdfcab728 +1, 594824, 3128, 0x90b1b826 0, 600660, 192000, 0xd5bc0e7e 1, 601208, 3136, 0x00000000 0, 607050, 192000, 0xd5bc0e7e From 6ddb12b6889dd13c3bb514838c71d2f70114b3c1 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Fri, 9 Sep 2011 23:46:00 +0200 Subject: [PATCH 232/652] Fixed size given to init_get_bits(). init_get_bits() takes a number of bits and not a number of bytes as its size argument. Signed-off-by: Alex Converse (cherry picked from commit b59efc94347ccf0cbc2ff14a5a9e99819c5bdc4d) Signed-off-by: Anton Khirnov --- libavcodec/aac_adtstoasc_bsf.c | 2 +- libavcodec/avs.c | 2 +- libavcodec/jvdec.c | 2 +- libavcodec/rv34.c | 2 +- libavcodec/tta.c | 2 +- libavformat/movenc.c | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/libavcodec/aac_adtstoasc_bsf.c b/libavcodec/aac_adtstoasc_bsf.c index fbb86f8af7..d1310c4149 100644 --- a/libavcodec/aac_adtstoasc_bsf.c +++ b/libavcodec/aac_adtstoasc_bsf.c @@ -72,7 +72,7 @@ static int aac_adtstoasc_filter(AVBitStreamFilterContext *bsfc, int pce_size = 0; uint8_t pce_data[MAX_PCE_SIZE]; if (!hdr.chan_config) { - init_get_bits(&gb, buf, buf_size); + init_get_bits(&gb, buf, buf_size * 8); if (get_bits(&gb, 3) != 5) { av_log_missing_feature(avctx, "PCE based channel configuration, where the PCE is not the first syntax element is", 0); return -1; diff --git a/libavcodec/avs.c b/libavcodec/avs.c index 1c2682b338..1a5e44401c 100644 --- a/libavcodec/avs.c +++ b/libavcodec/avs.c @@ -117,7 +117,7 @@ avs_decode_frame(AVCodecContext * avctx, table = buf + (256 * vect_w * vect_h); if (sub_type != AVS_I_FRAME) { int map_size = ((318 / vect_w + 7) / 8) * (198 / vect_h); - init_get_bits(&change_map, table, map_size); + init_get_bits(&change_map, table, map_size * 8); table += map_size; } diff --git a/libavcodec/jvdec.c b/libavcodec/jvdec.c index 0c346486f5..5249764347 100644 --- a/libavcodec/jvdec.c +++ b/libavcodec/jvdec.c @@ -150,7 +150,7 @@ static int decode_frame(AVCodecContext *avctx, if (video_type == 0 || video_type == 1) { GetBitContext gb; - init_get_bits(&gb, buf, FFMIN(video_size, buf_end - buf)); + init_get_bits(&gb, buf, FFMIN(video_size, (buf_end - buf) * 8)); for (j = 0; j < avctx->height; j += 8) for (i = 0; i < avctx->width; i += 8) diff --git a/libavcodec/rv34.c b/libavcodec/rv34.c index c5dcfdcba4..910b933dd9 100644 --- a/libavcodec/rv34.c +++ b/libavcodec/rv34.c @@ -1444,7 +1444,7 @@ int ff_rv34_decode_frame(AVCodecContext *avctx, av_log(avctx, AV_LOG_ERROR, "Slice offset is greater than frame size\n"); return -1; } - init_get_bits(&s->gb, buf+get_slice_offset(avctx, slices_hdr, 0), buf_size-get_slice_offset(avctx, slices_hdr, 0)); + init_get_bits(&s->gb, buf+get_slice_offset(avctx, slices_hdr, 0), (buf_size-get_slice_offset(avctx, slices_hdr, 0))*8); if(r->parse_slice_header(r, &r->s.gb, &si) < 0 || si.start){ av_log(avctx, AV_LOG_ERROR, "First slice header is incorrect\n"); return -1; diff --git a/libavcodec/tta.c b/libavcodec/tta.c index 57f5818d7b..fd5aa46670 100644 --- a/libavcodec/tta.c +++ b/libavcodec/tta.c @@ -216,7 +216,7 @@ static av_cold int tta_decode_init(AVCodecContext * avctx) if (avctx->extradata_size < 30) return -1; - init_get_bits(&s->gb, avctx->extradata, avctx->extradata_size); + init_get_bits(&s->gb, avctx->extradata, avctx->extradata_size * 8); if (show_bits_long(&s->gb, 32) == AV_RL32("TTA1")) { /* signature */ diff --git a/libavformat/movenc.c b/libavformat/movenc.c index dcc5581443..0cf837c9b1 100644 --- a/libavformat/movenc.c +++ b/libavformat/movenc.c @@ -206,7 +206,7 @@ static int mov_write_ac3_tag(AVIOContext *pb, MOVTrack *track) avio_wb32(pb, 11); ffio_wfourcc(pb, "dac3"); - init_get_bits(&gbc, track->vosData+4, track->vosLen-4); + init_get_bits(&gbc, track->vosData+4, (track->vosLen-4) * 8); fscod = get_bits(&gbc, 2); frmsizecod = get_bits(&gbc, 6); bsid = get_bits(&gbc, 5); From 8c987d8291587959bd67728121ced38a0c7691d0 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sun, 11 Sep 2011 23:26:12 +0200 Subject: [PATCH 233/652] oggdec: fix out of bound write in the ogg demuxer Between ogg_save() and ogg_restore() calls, the number of streams could have been reduced. Signed-off-by: Luca Barbato (cherry picked from commit 0e7efb9d23c3641d50caa288818e8c27647ce74d) Signed-off-by: Anton Khirnov --- libavformat/oggdec.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/libavformat/oggdec.c b/libavformat/oggdec.c index 25f5cd8b2d..18201677b8 100644 --- a/libavformat/oggdec.c +++ b/libavformat/oggdec.c @@ -92,14 +92,24 @@ static int ogg_restore(AVFormatContext *s, int discard) ogg->state = ost->next; if (!discard){ + struct ogg_stream *old_streams = ogg->streams; + for (i = 0; i < ogg->nstreams; i++) av_free (ogg->streams[i].buf); avio_seek (bc, ost->pos, SEEK_SET); ogg->curidx = ost->curidx; ogg->nstreams = ost->nstreams; - memcpy(ogg->streams, ost->streams, - ost->nstreams * sizeof(*ogg->streams)); + ogg->streams = av_realloc (ogg->streams, + ogg->nstreams * sizeof (*ogg->streams)); + + if (ogg->streams) { + memcpy(ogg->streams, ost->streams, + ost->nstreams * sizeof(*ogg->streams)); + } else { + av_free(old_streams); + ogg->nstreams = 0; + } } av_free (ost); From dd606be909437c6fac8a91ffb9dacfd6e81a1ac0 Mon Sep 17 00:00:00 2001 From: David Goldwich Date: Sat, 17 Sep 2011 13:50:35 +0200 Subject: [PATCH 234/652] lavf: Fix context pointer in av_open_input_stream when avformat_open_input fails Signed-off-by: David Goldwich Signed-off-by: Anton Khirnov (cherry picked from commit 63d64228a7f31d534e3bcae87cbd37f4a0ae2dd6) Signed-off-by: Anton Khirnov --- libavformat/utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index 2cb096e373..d9d154e3ab 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -469,8 +469,8 @@ int av_open_input_stream(AVFormatContext **ic_ptr, goto fail; ic->pb = ic->pb ? ic->pb : pb; // don't leak custom pb if it wasn't set above - *ic_ptr = ic; fail: + *ic_ptr = ic; av_dict_free(&opts); return err; } From bb6702f20675868fba91f6be5e5120b5d8ef031f Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sun, 18 Sep 2011 00:03:08 +0200 Subject: [PATCH 235/652] rv10: Reject slices that does not have the same type as the first one MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This prevents crashes with some corrupted bitstreams. Signed-off-by: Martin Storsjö (cherry picked from commit 4a29b471869353c3077fb4b25b6518eb1047afb7) Signed-off-by: Anton Khirnov --- libavcodec/rv10.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/rv10.c b/libavcodec/rv10.c index 78f97b16b1..223500c356 100644 --- a/libavcodec/rv10.c +++ b/libavcodec/rv10.c @@ -543,6 +543,11 @@ static int rv10_decode_packet(AVCodecContext *avctx, if(MPV_frame_start(s, avctx) < 0) return -1; ff_er_frame_start(s); + } else { + if (s->current_picture_ptr->pict_type != s->pict_type) { + av_log(s->avctx, AV_LOG_ERROR, "Slice type mismatch\n"); + return -1; + } } av_dlog(avctx, "qscale=%d\n", s->qscale); From 11b72c073c7f59ee19067ddaa7ea7755b972d793 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 17 Sep 2011 23:43:58 +0200 Subject: [PATCH 236/652] rv34: Avoid NULL dereference on corrupted bitstream MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit rv34_decode_slice() can return without allocating any pictures. Signed-off-by: Martin Storsjö (cherry picked from commit d0f6ab0298f2309c6104626787ed73416298b019) Signed-off-by: Anton Khirnov --- libavcodec/rv34.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/rv34.c b/libavcodec/rv34.c index 910b933dd9..2383903625 100644 --- a/libavcodec/rv34.c +++ b/libavcodec/rv34.c @@ -1486,7 +1486,7 @@ int ff_rv34_decode_frame(AVCodecContext *avctx, break; } - if(last){ + if(last && s->current_picture_ptr){ if(r->loop_filter) r->loop_filter(r, s->mb_height - 1); ff_er_frame_end(s); From a01387bb3524846d925a8862f077be91deb5f42d Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 17 Sep 2011 16:56:30 +0200 Subject: [PATCH 237/652] rv34: Fix potential overreads MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Storsjö (cherry picked from commit b4ed3d78cb6c41c9d3ee5918c326ab925edd6a89) Signed-off-by: Anton Khirnov --- libavcodec/rv34.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavcodec/rv34.c b/libavcodec/rv34.c index 2383903625..87fca5c23e 100644 --- a/libavcodec/rv34.c +++ b/libavcodec/rv34.c @@ -1436,6 +1436,7 @@ int ff_rv34_decode_frame(AVCodecContext *avctx, slice_count = (*buf++) + 1; slices_hdr = buf + 4; buf += 8 * slice_count; + buf_size -= 1 + 8 * slice_count; }else slice_count = avctx->slice_count; @@ -1454,7 +1455,7 @@ int ff_rv34_decode_frame(AVCodecContext *avctx, if( (avctx->skip_frame >= AVDISCARD_NONREF && si.type==AV_PICTURE_TYPE_B) || (avctx->skip_frame >= AVDISCARD_NONKEY && si.type!=AV_PICTURE_TYPE_I) || avctx->skip_frame >= AVDISCARD_ALL) - return buf_size; + return avpkt->size; for(i=0; icurrent_picture_ptr= NULL; //so we can detect if frame_end wasnt called (find some nicer solution...) } - return buf_size; + return avpkt->size; } av_cold int ff_rv34_decode_end(AVCodecContext *avctx) From d805b8f454f57451277a052cc1bda49e6caf6cd7 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Mon, 19 Sep 2011 22:48:53 +0200 Subject: [PATCH 238/652] rv34: Check for invalid slice offsets MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Storsjö (cherry picked from commit 4cc7732386eb36661ed22d1200339b38a5fa60bc) Signed-off-by: Anton Khirnov --- libavcodec/rv34.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/libavcodec/rv34.c b/libavcodec/rv34.c index 87fca5c23e..70c35ef4ff 100644 --- a/libavcodec/rv34.c +++ b/libavcodec/rv34.c @@ -1441,8 +1441,9 @@ int ff_rv34_decode_frame(AVCodecContext *avctx, slice_count = avctx->slice_count; //parse first slice header to check whether this frame can be decoded - if(get_slice_offset(avctx, slices_hdr, 0) > buf_size){ - av_log(avctx, AV_LOG_ERROR, "Slice offset is greater than frame size\n"); + if(get_slice_offset(avctx, slices_hdr, 0) < 0 || + get_slice_offset(avctx, slices_hdr, 0) > buf_size){ + av_log(avctx, AV_LOG_ERROR, "Slice offset is invalid\n"); return -1; } init_get_bits(&s->gb, buf+get_slice_offset(avctx, slices_hdr, 0), (buf_size-get_slice_offset(avctx, slices_hdr, 0))*8); @@ -1465,8 +1466,8 @@ int ff_rv34_decode_frame(AVCodecContext *avctx, else size= get_slice_offset(avctx, slices_hdr, i+1) - offset; - if(offset > buf_size){ - av_log(avctx, AV_LOG_ERROR, "Slice offset is greater than frame size\n"); + if(offset < 0 || offset > buf_size || size < 0){ + av_log(avctx, AV_LOG_ERROR, "Slice offset is invalid\n"); break; } From 1979a9b4f205d9446c3e11353b57b5d9bd3dad4e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 31 Aug 2011 05:00:39 +0200 Subject: [PATCH 239/652] h264: change MAX_DELAYED_PIC_COUNT check to av_assert0 Signed-off-by: Michael Niedermayer (cherry picked from commit b955ab2f492e3b8c4cbf614f68f8d5bf79e1d1e1) --- libavcodec/h264.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 8ecf9b4dbd..3a1fa02998 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -1403,7 +1403,7 @@ static void decode_postinit(H264Context *h, int setup_finished){ pics = 0; while(h->delayed_pic[pics]) pics++; - assert(pics <= MAX_DELAYED_PIC_COUNT); + av_assert0(pics <= MAX_DELAYED_PIC_COUNT); h->delayed_pic[pics++] = cur; if(cur->reference == 0) From ca5dfd1550a1b118e1c4f357c1d4409f11c3d2cc Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 31 Aug 2011 05:04:14 +0200 Subject: [PATCH 240/652] h264: clean all non null elements of delayed_pic[] Signed-off-by: Michael Niedermayer (cherry picked from commit 66ce282df54edb33515d9ef3015b737428b6e0c3) --- libavcodec/h264.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 3a1fa02998..3701bc9b73 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -2233,7 +2233,7 @@ static void idr(H264Context *h){ static void flush_dpb(AVCodecContext *avctx){ H264Context *h= avctx->priv_data; int i; - for(i=0; idelayed_pic[i]) h->delayed_pic[i]->reference= 0; h->delayed_pic[i]= NULL; From e7d10f5a90f4f4dd94a2d859be32002ae37394e4 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 1 Sep 2011 02:12:15 +0200 Subject: [PATCH 241/652] mpeg4: fix typo in mpeg4_encode_gop_header() Found-by: ubitux Signed-off-by: Michael Niedermayer (cherry picked from commit f5bda9fcbb54c9c27503ab1bdb86838eb6f602f1) --- libavcodec/mpeg4videoenc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/mpeg4videoenc.c b/libavcodec/mpeg4videoenc.c index bdff535a99..f4ec50c9af 100644 --- a/libavcodec/mpeg4videoenc.c +++ b/libavcodec/mpeg4videoenc.c @@ -898,8 +898,8 @@ static void mpeg4_encode_gop_header(MpegEncContext * s){ s->last_time_base= FFUDIV(time, s->avctx->time_base.den); seconds= FFUDIV(time, s->avctx->time_base.den); - minutes= FFUDIV(seconds, 60); FFUMOD(seconds, 60); - hours = FFUDIV(minutes, 60); FFUMOD(minutes, 60); + minutes= FFUDIV(seconds, 60); seconds = FFUMOD(seconds, 60); + hours = FFUDIV(minutes, 60); minutes = FFUMOD(minutes, 60); hours = FFUMOD(hours , 24); put_bits(&s->pb, 5, hours); From 30442fa21732c3c3d44e202820e785635ae65cec Mon Sep 17 00:00:00 2001 From: Gavin Kinsey Date: Thu, 1 Sep 2011 16:18:22 +0200 Subject: [PATCH 242/652] jpegdec: set color_range (cherry picked from commit 2f870e262e953815060de0ebea9b6653133b203e) --- libavcodec/mjpegdec.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index e64ea5cd68..817636fa47 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -318,8 +318,10 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s) case 0x11111100: if(s->rgb){ s->avctx->pix_fmt = PIX_FMT_BGRA; - }else + }else{ s->avctx->pix_fmt = s->cs_itu601 ? PIX_FMT_YUV444P : PIX_FMT_YUVJ444P; + s->avctx->color_range = s->cs_itu601 ? AVCOL_RANGE_MPEG : AVCOL_RANGE_JPEG; + } assert(s->nb_components==3); break; case 0x11000000: @@ -327,12 +329,15 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s) break; case 0x12111100: s->avctx->pix_fmt = s->cs_itu601 ? PIX_FMT_YUV440P : PIX_FMT_YUVJ440P; + s->avctx->color_range = s->cs_itu601 ? AVCOL_RANGE_MPEG : AVCOL_RANGE_JPEG; break; case 0x21111100: s->avctx->pix_fmt = s->cs_itu601 ? PIX_FMT_YUV422P : PIX_FMT_YUVJ422P; + s->avctx->color_range = s->cs_itu601 ? AVCOL_RANGE_MPEG : AVCOL_RANGE_JPEG; break; case 0x22111100: s->avctx->pix_fmt = s->cs_itu601 ? PIX_FMT_YUV420P : PIX_FMT_YUVJ420P; + s->avctx->color_range = s->cs_itu601 ? AVCOL_RANGE_MPEG : AVCOL_RANGE_JPEG; break; default: av_log(s->avctx, AV_LOG_ERROR, "Unhandled pixel format 0x%x\n", pix_fmt_id); From 9c96b1efb1bb5094edda383b32106bf1bdf9297d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Sat, 27 Aug 2011 15:06:37 +0200 Subject: [PATCH 243/652] Do not free BITMAPINFOHEADER before we are done using it. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes trac ticket #396. Completely untested. Signed-off-by: Reimar Döffinger (cherry picked from commit 177aec1257d4dcde2190b6632d9c6e44e3e5c8e9) --- libavdevice/vfwcap.c | 32 +++++++++++++++----------------- 1 file changed, 15 insertions(+), 17 deletions(-) diff --git a/libavdevice/vfwcap.c b/libavdevice/vfwcap.c index a8e67e7dda..ea86c9a755 100644 --- a/libavdevice/vfwcap.c +++ b/libavdevice/vfwcap.c @@ -242,7 +242,7 @@ static int vfw_read_header(AVFormatContext *s, AVFormatParameters *ap) AVStream *st; int devnum; int bisize; - BITMAPINFO *bi; + BITMAPINFO *bi = NULL; CAPTUREPARMS cparms; DWORD biCompression; WORD biBitCount; @@ -293,7 +293,7 @@ static int vfw_read_header(AVFormatContext *s, AVFormatParameters *ap) (LPARAM) videostream_cb); if(!ret) { av_log(s, AV_LOG_ERROR, "Could not set video stream callback.\n"); - goto fail_io; + goto fail; } SetWindowLongPtr(ctx->hwnd, GWLP_USERDATA, (LONG_PTR) s); @@ -307,7 +307,7 @@ static int vfw_read_header(AVFormatContext *s, AVFormatParameters *ap) /* Set video format */ bisize = SendMessage(ctx->hwnd, WM_CAP_GET_VIDEOFORMAT, 0, 0); if(!bisize) - goto fail_io; + goto fail; bi = av_malloc(bisize); if(!bi) { vfw_read_close(s); @@ -315,7 +315,7 @@ static int vfw_read_header(AVFormatContext *s, AVFormatParameters *ap) } ret = SendMessage(ctx->hwnd, WM_CAP_GET_VIDEOFORMAT, bisize, (LPARAM) bi); if(!ret) - goto fail_bi; + goto fail; dump_bih(s, &bi->bmiHeader); @@ -324,7 +324,7 @@ static int vfw_read_header(AVFormatContext *s, AVFormatParameters *ap) ret = av_parse_video_size(&bi->bmiHeader.biWidth, &bi->bmiHeader.biHeight, ctx->video_size); if (ret < 0) { av_log(s, AV_LOG_ERROR, "Couldn't parse video size.\n"); - goto fail_bi; + goto fail; } } #if FF_API_FORMAT_PARAMETERS @@ -349,19 +349,17 @@ static int vfw_read_header(AVFormatContext *s, AVFormatParameters *ap) ret = SendMessage(ctx->hwnd, WM_CAP_SET_VIDEOFORMAT, bisize, (LPARAM) bi); if(!ret) { av_log(s, AV_LOG_ERROR, "Could not set Video Format.\n"); - goto fail_bi; + goto fail; } biCompression = bi->bmiHeader.biCompression; biBitCount = bi->bmiHeader.biBitCount; - av_free(bi); - /* Set sequence setup */ ret = SendMessage(ctx->hwnd, WM_CAP_GET_SEQUENCE_SETUP, sizeof(cparms), (LPARAM) &cparms); if(!ret) - goto fail_io; + goto fail; dump_captureparms(s, &cparms); @@ -376,7 +374,7 @@ static int vfw_read_header(AVFormatContext *s, AVFormatParameters *ap) ret = SendMessage(ctx->hwnd, WM_CAP_SET_SEQUENCE_SETUP, sizeof(cparms), (LPARAM) &cparms); if(!ret) - goto fail_io; + goto fail; codec = st->codec; codec->time_base = (AVRational){fps.den, fps.num}; @@ -405,31 +403,31 @@ static int vfw_read_header(AVFormatContext *s, AVFormatParameters *ap) } } + av_freep(&bi); + av_set_pts_info(st, 32, 1, 1000); ctx->mutex = CreateMutex(NULL, 0, NULL); if(!ctx->mutex) { av_log(s, AV_LOG_ERROR, "Could not create Mutex.\n" ); - goto fail_io; + goto fail; } ctx->event = CreateEvent(NULL, 1, 0, NULL); if(!ctx->event) { av_log(s, AV_LOG_ERROR, "Could not create Event.\n" ); - goto fail_io; + goto fail; } ret = SendMessage(ctx->hwnd, WM_CAP_SEQUENCE_NOFILE, 0, 0); if(!ret) { av_log(s, AV_LOG_ERROR, "Could not start capture sequence.\n" ); - goto fail_io; + goto fail; } return 0; -fail_bi: - av_free(bi); - -fail_io: +fail: + av_freep(&bi); vfw_read_close(s); return AVERROR(EIO); } From 77dafced713f47dc7c356689871b2ba9d8e64f45 Mon Sep 17 00:00:00 2001 From: Stefan Fritsch Date: Sat, 3 Sep 2011 22:29:07 +0200 Subject: [PATCH 244/652] http: Fix decetion of range support in HTTP servers currently libavformat only allows seeking if a request with "Range: 0-" results in a 206 reply from the HTTP server which includes a Content-Range header. But according to RFC 2616, the server may also reply with a normal 200 reply (which is more efficient for a request for the whole file). In fact Apache HTTPD 2.2.20 has changed the behaviour in this way and it looks like this change will be kept in future versions. The fix for libavformat is easy: Also look at the Accept-Ranges header. (cherry picked from commit 31dfc4959816aa4637e50c7f79660c75205ef84c) --- libavformat/http.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/http.c b/libavformat/http.c index 95ba456cea..518c47d9c9 100644 --- a/libavformat/http.c +++ b/libavformat/http.c @@ -265,6 +265,8 @@ static int process_line(URLContext *h, char *line, int line_count, s->filesize = atoll(slash+1); } h->is_streamed = 0; /* we _can_ in fact seek */ + } else if (!strcasecmp (tag, "Accept-Ranges") && !strncmp (p, "bytes", 5)) { + h->is_streamed = 0; } else if (!strcasecmp (tag, "Transfer-Encoding") && !strncasecmp(p, "chunked", 7)) { s->filesize = -1; s->chunksize = 0; From 5c2d6849862f975254a82d8cdb82d64f8f148ec2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Sun, 17 Jul 2011 15:22:36 +0200 Subject: [PATCH 245/652] Check extradata size on resolution change. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Ignore resolution change if resolution not defined in extradata. Signed-off-by: Reimar Döffinger (cherry picked from commit 09c5f990bc7629dfbee8c760fd485936c60a7b40) --- libavcodec/rv30.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/rv30.c b/libavcodec/rv30.c index b43859b9cb..53d824a109 100644 --- a/libavcodec/rv30.c +++ b/libavcodec/rv30.c @@ -51,6 +51,11 @@ static int rv30_parse_slice_header(RV34DecContext *r, GetBitContext *gb, SliceIn skip_bits1(gb); si->pts = get_bits(gb, 13); rpr = get_bits(gb, r->rpr); + if (r->s.avctx->extradata_size < 8 + rpr*2) { + av_log(r->s.avctx, AV_LOG_WARNING, + "Extradata does not contain selected resolution\n"); + rpr = 0; + } if(rpr){ w = r->s.avctx->extradata[6 + rpr*2] << 2; h = r->s.avctx->extradata[7 + rpr*2] << 2; From c026f336b9ff78ba450ff53a67ec2e5cd19dd454 Mon Sep 17 00:00:00 2001 From: Kostya Shishkov Date: Mon, 5 Sep 2011 12:37:50 +0200 Subject: [PATCH 246/652] wavpack: fix wrong return value in wavpack_decode_block() This function should return number of samples decoded, not number of bytes decoded. Spotted by Uoti Urpala. Signed-off-by: Luca Barbato (cherry picked from commit bcd4aa8bec19a17bd633e3db13357784c05b6ca5) --- libavcodec/wavpack.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c index 0d92f1802c..61a75fd765 100644 --- a/libavcodec/wavpack.c +++ b/libavcodec/wavpack.c @@ -800,7 +800,7 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no, s->samples = AV_RL32(buf); buf += 4; if(!s->samples){ *data_size = 0; - return buf_size; + return 0; } }else{ s->samples = wc->samples; From 64556c200ee372130bcebb79f0fb37a9aa46f9c5 Mon Sep 17 00:00:00 2001 From: Asad Mehmood Date: Wed, 7 Sep 2011 23:18:07 +0100 Subject: [PATCH 247/652] flvdec: Remove AVFMTCTX_NOHEADER if both flags and metadata claim 1 stream If there is only 1 stream in an flv avformat_find_stream_info will continually read until probesize is reached. This should stop it reading if the metadata also claims there to be 1 stream. (cherry picked from commit bcc531f04a0590732d42da133c11c138e8d08b59) --- libavformat/flvdec.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c index 4fb562f4e2..a2a3c5c493 100644 --- a/libavformat/flvdec.c +++ b/libavformat/flvdec.c @@ -269,6 +269,10 @@ static int amf_parse_object(AVFormatContext *s, AVStream *astream, AVStream *vst vcodec->bit_rate = num_val * 1024.0; else if(!strcmp(key, "audiodatarate") && acodec && 0 <= (int)(num_val * 1024.0)) acodec->bit_rate = num_val * 1024.0; + } else if(amf_type == AMF_DATA_TYPE_OBJECT){ + if(s->nb_streams==1 && ((!acodec && !strcmp(key, "audiocodecid")) || (!vcodec && !strcmp(key, "videocodecid")))){ + s->ctx_flags &= ~AVFMTCTX_NOHEADER; //If there is either audio/video missing, codecid will be an empty object + } } else if (amf_type == AMF_DATA_TYPE_STRING) av_dict_set(&s->metadata, key, str_val, 0); } From d99613bad60cd2640d15725581ef8fe14d9a6258 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 8 Sep 2011 05:05:11 +0200 Subject: [PATCH 248/652] jpeglsdec: fix infinite loop Fixes Ticket331 Signed-off-by: Michael Niedermayer (cherry picked from commit bd358e128f47c14c7bc9dfceb8dedb3e5697f017) --- libavcodec/jpegls.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/jpegls.h b/libavcodec/jpegls.h index 28c75248be..2c21f774e8 100644 --- a/libavcodec/jpegls.h +++ b/libavcodec/jpegls.h @@ -86,6 +86,8 @@ static inline void ff_jpegls_downscale_state(JLSState *state, int Q){ } static inline int ff_jpegls_update_state_regular(JLSState *state, int Q, int err){ + if(FFABS(err) > 0xFFFF) + return -0x10000; state->A[Q] += FFABS(err); err *= state->twonear; state->B[Q] += err; From b0da6a744a4a3d089d9b5ea547e03336a1fe5f2c Mon Sep 17 00:00:00 2001 From: Chris Rankin Date: Wed, 7 Sep 2011 10:17:30 +0100 Subject: [PATCH 249/652] qcelpdec: fix the return value of qcelp_decode_frame(). (cherry picked from commit 04c13dca8812e8302686887b6e8201d4ad25b7d8) --- libavcodec/qcelpdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/qcelpdec.c b/libavcodec/qcelpdec.c index 3ed821c81e..e83704d801 100644 --- a/libavcodec/qcelpdec.c +++ b/libavcodec/qcelpdec.c @@ -839,7 +839,7 @@ erasure: *data_size = 160 * sizeof(*outbuffer); - return *data_size; + return buf_size; } AVCodec ff_qcelp_decoder = From 558cf502acdb1743921a212804199d650deaeaeb Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Wed, 7 Sep 2011 22:17:39 +0200 Subject: [PATCH 250/652] Fixed invalid writes in wavpack decoder on corrupted bitstreams. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Storsjö (cherry picked from commit 0aedab03405849962b469277afe047aa2c61a87f) --- libavcodec/wavpack.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c index 61a75fd765..1e6d857849 100644 --- a/libavcodec/wavpack.c +++ b/libavcodec/wavpack.c @@ -1141,7 +1141,7 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no, int16_t *dst = (int16_t*)samples + 1; int16_t *src = (int16_t*)samples; int cnt = samplecount; - while(cnt--){ + while(cnt-- > 0){ *dst = *src; src += channel_stride; dst += channel_stride; @@ -1150,7 +1150,7 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no, int32_t *dst = (int32_t*)samples + 1; int32_t *src = (int32_t*)samples; int cnt = samplecount; - while(cnt--){ + while(cnt-- > 0){ *dst = *src; src += channel_stride; dst += channel_stride; @@ -1159,7 +1159,7 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no, float *dst = (float*)samples + 1; float *src = (float*)samples; int cnt = samplecount; - while(cnt--){ + while(cnt-- > 0){ *dst = *src; src += channel_stride; dst += channel_stride; From 5cc5152e80bd041e7ba47d174a83013c335539a9 Mon Sep 17 00:00:00 2001 From: Diego Biurrun Date: Thu, 8 Sep 2011 14:21:38 +0200 Subject: [PATCH 251/652] Employ FF_ARRAY_ELEMS instead of manually calculating array length. (cherry picked from commit 6376362d15ccbc02e15d0b3b7a7a5d862efd6b91) --- libavformat/avlanguage.c | 3 ++- libavformat/mxf.c | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/libavformat/avlanguage.c b/libavformat/avlanguage.c index 525bf07d27..39f2560d94 100644 --- a/libavformat/avlanguage.c +++ b/libavformat/avlanguage.c @@ -20,6 +20,7 @@ #include "avlanguage.h" #include "libavutil/avstring.h" +#include "libavutil/common.h" #include #include #include @@ -736,7 +737,7 @@ const char *av_convert_lang_to(const char *lang, enum AVLangCodespace target_cod { int i; const LangEntry *entry = NULL; - const int NB_CODESPACES = sizeof(lang_table_counts)/sizeof(*lang_table_counts); + const int NB_CODESPACES = FF_ARRAY_ELEMS(lang_table_counts); if (target_codespace >= NB_CODESPACES) return NULL; diff --git a/libavformat/mxf.c b/libavformat/mxf.c index 643a95243a..50ea3b5648 100644 --- a/libavformat/mxf.c +++ b/libavformat/mxf.c @@ -19,6 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ +#include "libavutil/common.h" #include "mxf.h" /** @@ -80,7 +81,7 @@ static const struct { {PIX_FMT_PAL8, {'P', 8 }}, }; -static const int num_pixel_layouts = sizeof(ff_mxf_pixel_layouts) / sizeof(*ff_mxf_pixel_layouts); +static const int num_pixel_layouts = FF_ARRAY_ELEMS(ff_mxf_pixel_layouts); int ff_mxf_decode_pixel_layout(const char pixel_layout[16], enum PixelFormat *pix_fmt) { From 1ec29b2da5ee02076d196ed4d1c8b09e53ebd84e Mon Sep 17 00:00:00 2001 From: "Panagiotis H.M. Issaris" Date: Wed, 17 Aug 2011 12:20:32 +0200 Subject: [PATCH 252/652] Fix documentation for "-debug" commandline argument (cherry picked from commit 180e7829428e26413916f0cbc2ad85eeb1fb877e) Signed-off-by: Michael Niedermayer (cherry picked from commit bcef876f168ce8e0263f018f45b8f88ce4dba623) --- doc/ffmpeg.texi | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/doc/ffmpeg.texi b/doc/ffmpeg.texi index 6f21451219..daf5d36de8 100644 --- a/doc/ffmpeg.texi +++ b/doc/ffmpeg.texi @@ -713,8 +713,39 @@ ffmpeg -i in.ogg -map_metadata 0:0,s0 out.mp3 Copy chapters from @var{infile} to @var{outfile}. If no chapter mapping is specified, then chapters are copied from the first input file with at least one chapter to all output files. Use a negative file index to disable any chapter copying. -@item -debug +@item -debug @var{category} Print specific debug info. +@var{category} is a number or a string containing one of the following values: +@table @samp +@item bitstream +@item buffers +picture buffer allocations +@item bugs +@item dct_coeff +@item er +error recognition +@item mb_type +macroblock (MB) type +@item mmco +memory management control operations (H.264) +@item mv +motion vector +@item pict +picture info +@item pts +@item qp +per-block quantization parameter (QP) +@item rc +rate control +@item skip +@item startcode +@item thread_ops +threading operations +@item vis_mb_type +visualize block types +@item vis_qp +visualize quantization parameter (QP), lower QP are tinted greener +@end table @item -benchmark Show benchmarking information at the end of an encode. Shows CPU time used and maximum memory consumption. From 4fbc35cd537a7629735badd5fe56f09138d6af93 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 9 Sep 2011 18:06:51 +0200 Subject: [PATCH 253/652] rc: fix convergence failure Signed-off-by: Michael Niedermayer (cherry picked from commit ed14517c234299387d401959c6037f25e0937f02) --- libavcodec/ratecontrol.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libavcodec/ratecontrol.c b/libavcodec/ratecontrol.c index 6874fc7034..bd42d72bdf 100644 --- a/libavcodec/ratecontrol.c +++ b/libavcodec/ratecontrol.c @@ -866,6 +866,12 @@ static int init_pass2(MpegEncContext *s) assert(filter_size%2==1); /* fixed I/B QP relative to P mode */ + for(i=0; inum_entries; i++){ + RateControlEntry *rce= &rcc->entry[i]; + + qscale[i]= get_diff_limited_q(s, rce, qscale[i]); + } + for(i=rcc->num_entries-1; i>=0; i--){ RateControlEntry *rce= &rcc->entry[i]; From a13ef6105167032cd0ecaeb86a3727c9bf67ac95 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 9 Sep 2011 18:50:00 +0200 Subject: [PATCH 254/652] rc: finetune convergence failure fix Signed-off-by: Michael Niedermayer (cherry picked from commit 73e0ec2ff453799e361c67395b93df11986609b3) --- libavcodec/ratecontrol.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/ratecontrol.c b/libavcodec/ratecontrol.c index bd42d72bdf..cc742d15a1 100644 --- a/libavcodec/ratecontrol.c +++ b/libavcodec/ratecontrol.c @@ -866,7 +866,7 @@ static int init_pass2(MpegEncContext *s) assert(filter_size%2==1); /* fixed I/B QP relative to P mode */ - for(i=0; inum_entries; i++){ + for(i=FFMAX(0, rcc->num_entries-300); inum_entries; i++){ RateControlEntry *rce= &rcc->entry[i]; qscale[i]= get_diff_limited_q(s, rce, qscale[i]); From 8a8aafd2b901f78a3ce02fad717482ae58ab72b7 Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Thu, 8 Sep 2011 11:02:43 -0700 Subject: [PATCH 255/652] wavpack: Check error codes rather than working around error conditions. (cherry picked from commit dba2b63a98bdcac7bda1a8a2c48950518c075e17) --- libavcodec/wavpack.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c index 1e6d857849..61a75fd765 100644 --- a/libavcodec/wavpack.c +++ b/libavcodec/wavpack.c @@ -1141,7 +1141,7 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no, int16_t *dst = (int16_t*)samples + 1; int16_t *src = (int16_t*)samples; int cnt = samplecount; - while(cnt-- > 0){ + while(cnt--){ *dst = *src; src += channel_stride; dst += channel_stride; @@ -1150,7 +1150,7 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no, int32_t *dst = (int32_t*)samples + 1; int32_t *src = (int32_t*)samples; int cnt = samplecount; - while(cnt-- > 0){ + while(cnt--){ *dst = *src; src += channel_stride; dst += channel_stride; @@ -1159,7 +1159,7 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no, float *dst = (float*)samples + 1; float *src = (float*)samples; int cnt = samplecount; - while(cnt-- > 0){ + while(cnt--){ *dst = *src; src += channel_stride; dst += channel_stride; From bac822025e6d73d0932ac1a18e80658be186ccf9 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Fri, 9 Sep 2011 22:04:09 +0200 Subject: [PATCH 256/652] Fixed size given to init_get_bits() in ffv1 decoder. init_get_bits() takes a number of bits and not a number of bytes as its size argument. Signed-off-by: Michael Niedermayer (cherry picked from commit 8362a0ffed0b15a9977fcde947bcb49dfc06638b) --- libavcodec/ffv1.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/ffv1.c b/libavcodec/ffv1.c index a0a4a1d009..8fe725f78a 100644 --- a/libavcodec/ffv1.c +++ b/libavcodec/ffv1.c @@ -1805,7 +1805,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac bytes_read = c->bytestream - c->bytestream_start - 1; if(bytes_read ==0) av_log(avctx, AV_LOG_ERROR, "error at end of AC stream\n"); //FIXME //printf("pos=%d\n", bytes_read); - init_get_bits(&f->slice_context[0]->gb, buf + bytes_read, buf_size - bytes_read); + init_get_bits(&f->slice_context[0]->gb, buf + bytes_read, (buf_size - bytes_read) * 8); } else { bytes_read = 0; /* avoid warning */ } @@ -1822,7 +1822,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac if(fs->ac){ ff_init_range_decoder(&fs->c, buf_p, v); }else{ - init_get_bits(&fs->gb, buf_p, v); + init_get_bits(&fs->gb, buf_p, v * 8); } } From 7181adab8090e614bb4e37410c60d8f93cbd860d Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Fri, 9 Sep 2011 23:46:00 +0200 Subject: [PATCH 257/652] Fixed size given to init_get_bits(). init_get_bits() takes a number of bits and not a number of bytes as its size argument. Signed-off-by: Michael Niedermayer (cherry picked from commit e5e0580b93a5bda34f62a5df50c1b15e610d4ad1) --- libavcodec/aac_adtstoasc_bsf.c | 2 +- libavcodec/avs.c | 2 +- libavcodec/jvdec.c | 2 +- libavcodec/rv34.c | 2 +- libavcodec/tta.c | 2 +- libavformat/movenc.c | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/libavcodec/aac_adtstoasc_bsf.c b/libavcodec/aac_adtstoasc_bsf.c index 6558c0280f..2e14b1a0b6 100644 --- a/libavcodec/aac_adtstoasc_bsf.c +++ b/libavcodec/aac_adtstoasc_bsf.c @@ -72,7 +72,7 @@ static int aac_adtstoasc_filter(AVBitStreamFilterContext *bsfc, int pce_size = 0; uint8_t pce_data[MAX_PCE_SIZE]; if (!hdr.chan_config) { - init_get_bits(&gb, buf, buf_size); + init_get_bits(&gb, buf, buf_size * 8); if (get_bits(&gb, 3) != 5) { av_log_missing_feature(avctx, "PCE based channel configuration, where the PCE is not the first syntax element is", 0); return -1; diff --git a/libavcodec/avs.c b/libavcodec/avs.c index 06fcd5cd0e..354b53c241 100644 --- a/libavcodec/avs.c +++ b/libavcodec/avs.c @@ -117,7 +117,7 @@ avs_decode_frame(AVCodecContext * avctx, table = buf + (256 * vect_w * vect_h); if (sub_type != AVS_I_FRAME) { int map_size = ((318 / vect_w + 7) / 8) * (198 / vect_h); - init_get_bits(&change_map, table, map_size); + init_get_bits(&change_map, table, map_size * 8); table += map_size; } diff --git a/libavcodec/jvdec.c b/libavcodec/jvdec.c index f4941992f6..f1fdee5d43 100644 --- a/libavcodec/jvdec.c +++ b/libavcodec/jvdec.c @@ -150,7 +150,7 @@ static int decode_frame(AVCodecContext *avctx, if (video_type == 0 || video_type == 1) { GetBitContext gb; - init_get_bits(&gb, buf, FFMIN(video_size, buf_end - buf)); + init_get_bits(&gb, buf, FFMIN(video_size, (buf_end - buf) * 8)); for (j = 0; j < avctx->height; j += 8) for (i = 0; i < avctx->width; i += 8) diff --git a/libavcodec/rv34.c b/libavcodec/rv34.c index 241132e092..8cec3634de 100644 --- a/libavcodec/rv34.c +++ b/libavcodec/rv34.c @@ -1444,7 +1444,7 @@ int ff_rv34_decode_frame(AVCodecContext *avctx, av_log(avctx, AV_LOG_ERROR, "Slice offset is greater than frame size\n"); return -1; } - init_get_bits(&s->gb, buf+get_slice_offset(avctx, slices_hdr, 0), buf_size-get_slice_offset(avctx, slices_hdr, 0)); + init_get_bits(&s->gb, buf+get_slice_offset(avctx, slices_hdr, 0), (buf_size-get_slice_offset(avctx, slices_hdr, 0))*8); if(r->parse_slice_header(r, &r->s.gb, &si) < 0 || si.start){ av_log(avctx, AV_LOG_ERROR, "First slice header is incorrect\n"); return -1; diff --git a/libavcodec/tta.c b/libavcodec/tta.c index dccca46132..ed7665ee29 100644 --- a/libavcodec/tta.c +++ b/libavcodec/tta.c @@ -226,7 +226,7 @@ static av_cold int tta_decode_init(AVCodecContext * avctx) if (avctx->extradata_size < 30) return -1; - init_get_bits(&s->gb, avctx->extradata, avctx->extradata_size); + init_get_bits(&s->gb, avctx->extradata, avctx->extradata_size * 8); if (show_bits_long(&s->gb, 32) == AV_RL32("TTA1")) { /* signature */ diff --git a/libavformat/movenc.c b/libavformat/movenc.c index ebfcacb107..463dd5b601 100644 --- a/libavformat/movenc.c +++ b/libavformat/movenc.c @@ -206,7 +206,7 @@ static int mov_write_ac3_tag(AVIOContext *pb, MOVTrack *track) avio_wb32(pb, 11); ffio_wfourcc(pb, "dac3"); - init_get_bits(&gbc, track->vosData+4, track->vosLen-4); + init_get_bits(&gbc, track->vosData+4, (track->vosLen-4) * 8); fscod = get_bits(&gbc, 2); frmsizecod = get_bits(&gbc, 6); bsid = get_bits(&gbc, 5); From ab2ea6415bdf76002e2bf80ae0785bdb3afa41d9 Mon Sep 17 00:00:00 2001 From: chinshou Date: Sat, 10 Sep 2011 05:21:50 +0200 Subject: [PATCH 258/652] avisynth: Remove wrong pts calculation. Fixes Ticket428 (cherry picked from commit 4f123a7d7c8cbf425958e726689c6bdc84605e91) --- libavformat/avisynth.c | 1 - 1 file changed, 1 deletion(-) diff --git a/libavformat/avisynth.c b/libavformat/avisynth.c index 768459a38d..e0b5a64e04 100644 --- a/libavformat/avisynth.c +++ b/libavformat/avisynth.c @@ -165,7 +165,6 @@ static int avisynth_read_packet(AVFormatContext *s, AVPacket *pkt) res = AVIStreamRead(stream->handle, stream->read, stream->chunck_samples, pkt->data, stream->chunck_size, &read_size, NULL); - pkt->pts = stream->read; pkt->size = read_size; stream->read += stream->chunck_samples; From 57571f348e2c976c5160d0d6137441ea121294a7 Mon Sep 17 00:00:00 2001 From: chinshou Date: Sat, 10 Sep 2011 05:23:17 +0200 Subject: [PATCH 259/652] avisynth: Fix upside down bug (cherry picked from commit b10ba1175d3afa28d88cf3b24b69dc4882be16f5) --- libavformat/avisynth.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/libavformat/avisynth.c b/libavformat/avisynth.c index e0b5a64e04..643f25b661 100644 --- a/libavformat/avisynth.c +++ b/libavformat/avisynth.c @@ -122,6 +122,14 @@ static int avisynth_read_header(AVFormatContext *s, AVFormatParameters *ap) st->codec->bit_rate = (uint64_t)stream->info.dwSampleSize * (uint64_t)stream->info.dwRate * 8 / (uint64_t)stream->info.dwScale; st->codec->codec_tag = imgfmt.bmiHeader.biCompression; st->codec->codec_id = ff_codec_get_id(ff_codec_bmp_tags, imgfmt.bmiHeader.biCompression); + if (st->codec->codec_id == CODEC_ID_RAWVIDEO && imgfmt.bmiHeader.biCompression== BI_RGB) { + st->codec->extradata = av_malloc(9 + FF_INPUT_BUFFER_PADDING_SIZE); + if (st->codec->extradata) { + st->codec->extradata_size = 9; + memcpy(st->codec->extradata, "BottomUp", 9); + } + } + st->duration = stream->info.dwLength; } From b5fe6bee011ecb5d9b1f6649fe4eef177c113ebf Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 10 Sep 2011 13:28:13 +0200 Subject: [PATCH 260/652] Fixed deference of NULL pointer in motionpixels decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit 824f98f442996eaee9204b132752cf5114fc94cf) --- libavcodec/motionpixels.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/motionpixels.c b/libavcodec/motionpixels.c index 01558ab95b..b18efa6b9c 100644 --- a/libavcodec/motionpixels.c +++ b/libavcodec/motionpixels.c @@ -279,7 +279,8 @@ static int mp_decode_frame(AVCodecContext *avctx, if (sz == 0) goto end; - init_vlc(&mp->vlc, mp->max_codes_bits, mp->codes_count, &mp->codes[0].size, sizeof(HuffCode), 1, &mp->codes[0].code, sizeof(HuffCode), 4, 0); + if (init_vlc(&mp->vlc, mp->max_codes_bits, mp->codes_count, &mp->codes[0].size, sizeof(HuffCode), 1, &mp->codes[0].code, sizeof(HuffCode), 4, 0)) + goto end; mp_decode_frame_helper(mp, &gb); free_vlc(&mp->vlc); From db93a5a0c8eb349c4380be61874c477fbcd248a3 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 10 Sep 2011 19:18:41 +0200 Subject: [PATCH 261/652] cabac: fix cabac encoder Signed-off-by: Michael Niedermayer (cherry picked from commit 89653ea728bd59da2b88967ad648cce685950879) --- libavcodec/cabac.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/cabac.c b/libavcodec/cabac.c index 76253afe3e..c94a560695 100644 --- a/libavcodec/cabac.c +++ b/libavcodec/cabac.c @@ -161,10 +161,14 @@ void ff_init_cabac_states(CABACContext *c){ ff_h264_mps_state[2*i+1]= 2*mps_state[i]+1; if( i ){ + ff_h264_lps_state[2*i+0]= ff_h264_mlps_state[128-2*i-1]= 2*lps_state[i]+0; + ff_h264_lps_state[2*i+1]= ff_h264_mlps_state[128-2*i-2]= 2*lps_state[i]+1; }else{ + ff_h264_lps_state[2*i+0]= ff_h264_mlps_state[128-2*i-1]= 1; + ff_h264_lps_state[2*i+1]= ff_h264_mlps_state[128-2*i-2]= 0; } } From f38b2a6be8866b55ccdb2ed4515d132015f02dfc Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 10 Sep 2011 19:20:28 +0200 Subject: [PATCH 262/652] cabac test: match encode and decode side Signed-off-by: Michael Niedermayer (cherry picked from commit 830d7d5c4fbf81265ca5260d59fe8467ac97b2e6) --- libavcodec/cabac.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/cabac.c b/libavcodec/cabac.c index c94a560695..e39ad2ea7f 100644 --- a/libavcodec/cabac.c +++ b/libavcodec/cabac.c @@ -209,6 +209,7 @@ START_TIMER STOP_TIMER("put_cabac") } +#if 0 for(i=0; i Date: Sat, 10 Sep 2011 19:22:39 +0200 Subject: [PATCH 263/652] cabac test: Change input to test, so a wider range of states is tested. Signed-off-by: Michael Niedermayer (cherry picked from commit 1eb805ed70a0aac35523c7a308145b6b8d05441e) --- libavcodec/cabac.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/cabac.c b/libavcodec/cabac.c index e39ad2ea7f..9acc2a079f 100644 --- a/libavcodec/cabac.c +++ b/libavcodec/cabac.c @@ -194,7 +194,8 @@ int main(void){ ff_init_cabac_states(&c); for(i=0; i>8)&1; } for(i=0; i Date: Fri, 9 Sep 2011 13:24:19 -0700 Subject: [PATCH 264/652] indeo2: init_get_bits size in bits instead of bytes (cherry picked from commit 68ca330cbd479111db9cb7649d7530ad59f04cc8) --- libavcodec/indeo2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/indeo2.c b/libavcodec/indeo2.c index f58804bab3..510f4da01e 100644 --- a/libavcodec/indeo2.c +++ b/libavcodec/indeo2.c @@ -162,7 +162,7 @@ static int ir2_decode_frame(AVCodecContext *avctx, #endif start = 48; /* hardcoded for now */ - init_get_bits(&s->gb, buf + start, buf_size - start); + init_get_bits(&s->gb, buf + start, (buf_size - start) * 8); if (s->decode_delta) { /* intraframe */ ir2_decode_plane(s, avctx->width, avctx->height, From 9f05400ea8575e04f4853e184a38c1f1006dee10 Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Fri, 9 Sep 2011 13:26:49 -0700 Subject: [PATCH 265/652] indeo2: fail if input buffer too small (cherry picked from commit b7ce4f1d1c3add86ece7ca595ea6c4a10b471055) --- libavcodec/indeo2.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libavcodec/indeo2.c b/libavcodec/indeo2.c index 510f4da01e..152b7cca6c 100644 --- a/libavcodec/indeo2.c +++ b/libavcodec/indeo2.c @@ -153,6 +153,13 @@ static int ir2_decode_frame(AVCodecContext *avctx, return -1; } + start = 48; /* hardcoded for now */ + + if (start >= buf_size) { + av_log(s->avctx, AV_LOG_ERROR, "input buffer size too small (%d)\n", buf_size); + return AVERROR_INVALIDDATA; + } + s->decode_delta = buf[18]; /* decide whether frame uses deltas or not */ @@ -160,7 +167,6 @@ static int ir2_decode_frame(AVCodecContext *avctx, for (i = 0; i < buf_size; i++) buf[i] = av_reverse[buf[i]]; #endif - start = 48; /* hardcoded for now */ init_get_bits(&s->gb, buf + start, (buf_size - start) * 8); From 3a0649ddebb9e23f8a3df44168d0afe9955c7b0e Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Fri, 9 Sep 2011 14:50:33 -0700 Subject: [PATCH 266/652] cljr: init_get_bits size in bits instead of bytes (cherry picked from commit 0c1f5b93d9b97c4cc3684ba91a040e90bfc760d2) --- libavcodec/cljr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/cljr.c b/libavcodec/cljr.c index c9b0911674..e94ad9b42e 100644 --- a/libavcodec/cljr.c +++ b/libavcodec/cljr.c @@ -67,7 +67,7 @@ static int decode_frame(AVCodecContext *avctx, p->pict_type= AV_PICTURE_TYPE_I; p->key_frame= 1; - init_get_bits(&a->gb, buf, buf_size); + init_get_bits(&a->gb, buf, buf_size * 8); for(y=0; yheight; y++){ uint8_t *luma= &a->picture.data[0][ y*a->picture.linesize[0] ]; From 82e4fd193fe5e9173d081bd244a3b5326bcab01f Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Wed, 7 Sep 2011 21:43:03 +0200 Subject: [PATCH 267/652] Fixed segfault with wavpack decoder on corrupted decorrelation terms sub-blocks. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Storsjö (cherry picked from commit 8bfea4ab4e2cb32bc7bf6f697ee30a238c65d296) --- libavcodec/wavpack.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c index 61a75fd765..a785b90046 100644 --- a/libavcodec/wavpack.c +++ b/libavcodec/wavpack.c @@ -862,12 +862,13 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no, } switch(id & WP_IDF_MASK){ case WP_ID_DECTERMS: - s->terms = size; - if(s->terms > MAX_TERMS){ + if(size > MAX_TERMS){ av_log(avctx, AV_LOG_ERROR, "Too many decorrelation terms\n"); + s->terms = 0; buf += ssize; continue; } + s->terms = size; for(i = 0; i < s->terms; i++) { s->decorr[s->terms - i - 1].value = (*buf & 0x1F) - 5; s->decorr[s->terms - i - 1].delta = *buf >> 5; From 92f1b5df320613b5af3e34a634f506524a7aaa2a Mon Sep 17 00:00:00 2001 From: Joakim Plate Date: Sat, 10 Sep 2011 23:12:29 +0200 Subject: [PATCH 268/652] dvbsubdec: don't hardcode subtitle colors count in dvbsubdec to 16 Signed-off-by: Michael Niedermayer (cherry picked from commit 4a3294ef0069c898a495c783dfdb2f0bf1dc6583) --- libavcodec/dvbsubdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/dvbsubdec.c b/libavcodec/dvbsubdec.c index 5b09eb14d6..e43dd29a14 100644 --- a/libavcodec/dvbsubdec.c +++ b/libavcodec/dvbsubdec.c @@ -1360,7 +1360,7 @@ static int dvbsub_display_end_segment(AVCodecContext *avctx, const uint8_t *buf, rect->y = display->y_pos + offset_y; rect->w = region->width; rect->h = region->height; - rect->nb_colors = 16; + rect->nb_colors = (1 << region->depth); rect->type = SUBTITLE_BITMAP; rect->pict.linesize[0] = region->width; From c8736de331e4da336e8dfb8805a220af2bd67dc2 Mon Sep 17 00:00:00 2001 From: Art Clarke Date: Sun, 11 Sep 2011 03:14:14 +0200 Subject: [PATCH 269/652] libspeex encoder wraper taken from svn head of xuggle (cherry picked from commit a52cdcd296c40882c3b4f88958990c56f0ce3019) --- configure | 3 +- libavcodec/Makefile | 1 + libavcodec/allcodecs.c | 2 +- libavcodec/libspeexenc.c | 178 +++++++++++++++++++++++++++++++++++++++ 4 files changed, 182 insertions(+), 2 deletions(-) create mode 100644 libavcodec/libspeexenc.c diff --git a/configure b/configure index a877c2c6b9..ef3697e3c4 100755 --- a/configure +++ b/configure @@ -177,7 +177,7 @@ External library support: --enable-libopenjpeg enable JPEG 2000 decoding via OpenJPEG [no] --enable-librtmp enable RTMP[E] support via librtmp [no] --enable-libschroedinger enable Dirac support via libschroedinger [no] - --enable-libspeex enable Speex decoding via libspeex [no] + --enable-libspeex enable Speex encoding and decoding via libspeex [no] --enable-libtheora enable Theora encoding via libtheora [no] --enable-libvo-aacenc enable AAC encoding via libvo-aacenc [no] --enable-libvo-amrwbenc enable AMR-WB encoding via libvo-amrwbenc [no] @@ -1417,6 +1417,7 @@ libopenjpeg_decoder_deps="libopenjpeg" libschroedinger_decoder_deps="libschroedinger" libschroedinger_encoder_deps="libschroedinger" libspeex_decoder_deps="libspeex" +libspeex_encoder_deps="libspeex" libtheora_encoder_deps="libtheora" libvo_aacenc_encoder_deps="libvo_aacenc" libvo_amrwbenc_encoder_deps="libvo_amrwbenc" diff --git a/libavcodec/Makefile b/libavcodec/Makefile index b6103af3c0..738fb264c0 100644 --- a/libavcodec/Makefile +++ b/libavcodec/Makefile @@ -587,6 +587,7 @@ OBJS-$(CONFIG_LIBSCHROEDINGER_ENCODER) += libschroedingerenc.o \ libschroedinger.o \ libdirac_libschro.o OBJS-$(CONFIG_LIBSPEEX_DECODER) += libspeexdec.o +OBJS-$(CONFIG_LIBSPEEX_ENCODER) += libspeexenc.o OBJS-$(CONFIG_LIBTHEORA_ENCODER) += libtheoraenc.o OBJS-$(CONFIG_LIBVO_AACENC_ENCODER) += libvo-aacenc.o mpeg4audio.o OBJS-$(CONFIG_LIBVO_AMRWBENC_ENCODER) += libvo-amrwbenc.o diff --git a/libavcodec/allcodecs.c b/libavcodec/allcodecs.c index e6305cf7d2..f1c664f5d1 100644 --- a/libavcodec/allcodecs.c +++ b/libavcodec/allcodecs.c @@ -380,7 +380,7 @@ void avcodec_register_all(void) REGISTER_DECODER (LIBOPENCORE_AMRWB, libopencore_amrwb); REGISTER_DECODER (LIBOPENJPEG, libopenjpeg); REGISTER_ENCDEC (LIBSCHROEDINGER, libschroedinger); - REGISTER_DECODER (LIBSPEEX, libspeex); + REGISTER_ENCDEC (LIBSPEEX, libspeex); REGISTER_ENCODER (LIBTHEORA, libtheora); REGISTER_ENCODER (LIBVO_AACENC, libvo_aacenc); REGISTER_ENCODER (LIBVO_AMRWBENC, libvo_amrwbenc); diff --git a/libavcodec/libspeexenc.c b/libavcodec/libspeexenc.c new file mode 100644 index 0000000000..79a9fb0760 --- /dev/null +++ b/libavcodec/libspeexenc.c @@ -0,0 +1,178 @@ +/* + * Copyright (c) 2009 by Xuggle Incorporated. All rights reserved. + * This file is part of FFmpeg. + * + * FFmpeg is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * FFmpeg is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with FFmpeg; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ +#include +#include +#include +#include + +typedef struct { + SpeexBits bits; + void *enc_state; + SpeexHeader header; +} LibSpeexEncContext; + + +static av_cold int libspeex_encode_init(AVCodecContext *avctx) +{ + LibSpeexEncContext *s = (LibSpeexEncContext*)avctx->priv_data; + const SpeexMode *mode; + + if ((avctx->sample_fmt != SAMPLE_FMT_S16 && avctx->sample_fmt != SAMPLE_FMT_FLT) || + avctx->sample_rate <= 0 || + avctx->channels <= 0 || + avctx->channels > 2) + { + av_log(avctx, AV_LOG_ERROR, "Unsupported sample format, rate, or channels for speex"); + return -1; + } + + if (avctx->sample_rate <= 8000) + mode = &speex_nb_mode; + else if (avctx->sample_rate <= 16000) + mode = &speex_wb_mode; + else + mode = &speex_uwb_mode; + + speex_bits_init(&s->bits); + s->enc_state = speex_encoder_init(mode); + if (!s->enc_state) + { + av_log(avctx, AV_LOG_ERROR, "could not initialize speex encoder"); + return -1; + } + + // initialize the header + speex_init_header(&s->header, avctx->sample_rate, + avctx->channels, mode); + + // TODO: It'd be nice to support VBR here, but + // I'm uncertain what AVCodecContext options to use + // to signal whether to turn it on. + if (avctx->flags & CODEC_FLAG_QSCALE) { + spx_int32_t quality = 0; + // Map global_quality's mpeg 1/2/4 scale into Speex's 0-10 scale + if (avctx->global_quality > FF_LAMBDA_MAX) + quality = 0; // lowest possible quality + else + quality = (spx_int32_t)((FF_LAMBDA_MAX-avctx->global_quality)*10.0/FF_LAMBDA_MAX); + speex_encoder_ctl(s->enc_state, SPEEX_SET_QUALITY, &quality); + } else { + // default to CBR + if (avctx->bit_rate > 0) + speex_encoder_ctl(s->enc_state, SPEEX_SET_BITRATE, &avctx->bit_rate); + // otherwise just take the default quality setting + } + // reset the bit-rate to the actual bit rate speex will use + speex_encoder_ctl(s->enc_state, SPEEX_GET_BITRATE, &s->header.bitrate); + avctx->bit_rate = s->header.bitrate; + + // get the actual sample rate + speex_encoder_ctl(s->enc_state, SPEEX_GET_SAMPLING_RATE, &s->header.rate); + avctx->sample_rate = s->header.rate; + + // get the frame-size. To align with FLV, we're going to put 2 frames + // per packet. If someone can tell me how to make this configurable + // from the avcodec contents, I'll mod this so it's not hard-coded. + // but without this, FLV files with speex data won't play correctly + // in flash player 10. + speex_encoder_ctl(s->enc_state, SPEEX_GET_FRAME_SIZE, &s->header.frame_size); + s->header.frames_per_packet = 2; // Need for FLV container support + avctx->frame_size = s->header.frame_size*s->header.frames_per_packet; + + // and we'll put a speex header packet into extradata so that muxers + // can use it. + avctx->extradata = speex_header_to_packet(&s->header, &avctx->extradata_size); + return 0; +} + +static av_cold int libspeex_encode_frame( + AVCodecContext *avctx, uint8_t *frame, + int buf_size, void *data) +{ + LibSpeexEncContext *s = (LibSpeexEncContext*)avctx->priv_data; + int i = 0; + + if (!data) + // nothing to flush + return 0; + + speex_bits_reset(&s->bits); + for(i = 0; i < s->header.frames_per_packet; i++) + { + if (avctx->sample_fmt == SAMPLE_FMT_FLT) + { + if (avctx->channels == 2) { + speex_encode_stereo( + (float*)data+i*s->header.frame_size, + s->header.frame_size, + &s->bits); + } + speex_encode(s->enc_state, + (float*)data+i*s->header.frame_size, &s->bits); + } else { + if (avctx->channels == 2) { + speex_encode_stereo_int( + (spx_int16_t*)data+i*s->header.frame_size, + s->header.frame_size, + &s->bits); + } + speex_encode_int(s->enc_state, + (spx_int16_t*)data+i*s->header.frame_size, &s->bits); + } + } + // put in a terminator so this will fit in a OGG or FLV packet + speex_bits_insert_terminator(&s->bits); + + if (buf_size >= speex_bits_nbytes(&s->bits)) { + return speex_bits_write(&s->bits, frame, buf_size); + } else { + av_log(avctx, AV_LOG_ERROR, "output buffer too small"); + return -1; + } +} + +static av_cold int libspeex_encode_close(AVCodecContext *avctx) +{ + LibSpeexEncContext *s = (LibSpeexEncContext*)avctx->priv_data; + + speex_bits_destroy(&s->bits); + speex_encoder_destroy(s->enc_state); + s->enc_state = 0; + if (avctx->extradata) + speex_header_free(avctx->extradata); + avctx->extradata = 0; + avctx->extradata_size = 0; + + return 0; +} + +AVCodec ff_libspeex_encoder = { + "libspeex", + AVMEDIA_TYPE_AUDIO, + CODEC_ID_SPEEX, + sizeof(LibSpeexEncContext), + libspeex_encode_init, + libspeex_encode_frame, + libspeex_encode_close, + 0, + .capabilities = CODEC_CAP_DELAY, + .supported_samplerates = (const int[]){8000, 16000, 32000, 0}, + .sample_fmts = (enum SampleFormat[]){SAMPLE_FMT_S16,SAMPLE_FMT_FLT,SAMPLE_FMT_NONE}, + .long_name = NULL_IF_CONFIG_SMALL("libspeex Speex Encoder"), +}; From 97437dada65833d09604c40f01c874a676de3c32 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 10 Sep 2011 16:28:53 +0200 Subject: [PATCH 270/652] h264dec: Prevent CABAC and CAVLC bitsteram overreading Signed-off-by: Michael Niedermayer (cherry picked from commit 23f5cff92cdcfa55a735c458fcb5f95c0e0f3b1f) --- libavcodec/h264.c | 18 +++++++++++------- libavcodec/h264.h | 2 ++ 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 3701bc9b73..ee2c6a31a0 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -183,20 +183,24 @@ const uint8_t *ff_h264_decode_nal(H264Context *h, const uint8_t *src, int *dst_l i-= RS; } - if(i>=length-1){ //no escaped 0 - *dst_length= length; - *consumed= length+1; //+1 for the header - return src; - } - bufidx = h->nal_unit_type == NAL_DPC ? 1 : 0; // use second escape buffer for inter data - av_fast_malloc(&h->rbsp_buffer[bufidx], &h->rbsp_buffer_size[bufidx], length+FF_INPUT_BUFFER_PADDING_SIZE); + si=h->rbsp_buffer_size[bufidx]; + av_fast_malloc(&h->rbsp_buffer[bufidx], &h->rbsp_buffer_size[bufidx], length+FF_INPUT_BUFFER_PADDING_SIZE+MAX_MBPAIR_SIZE); dst= h->rbsp_buffer[bufidx]; + if(si != h->rbsp_buffer_size[bufidx]) + memset(dst + length, 0, FF_INPUT_BUFFER_PADDING_SIZE+MAX_MBPAIR_SIZE); if (dst == NULL){ return NULL; } + if(i>=length-1){ //no escaped 0 + *dst_length= length; + *consumed= length+1; //+1 for the header + memcpy(dst, src, length); + return dst; + } + //printf("decoding esc\n"); memcpy(dst, src, i); si=di=i; diff --git a/libavcodec/h264.h b/libavcodec/h264.h index 4188ad922c..76e9832975 100644 --- a/libavcodec/h264.h +++ b/libavcodec/h264.h @@ -53,6 +53,8 @@ #define MAX_DELAYED_PIC_COUNT 16 +#define MAX_MBPAIR_SIZE (256*1024) // a tighter bound could be calculated if someone cares about a few bytes + /* Compiling in interlaced support reduces the speed * of progressive decoding by about 2%. */ #define ALLOW_INTERLACE From 54544100a3ad24a81275f013f278e7f41f1229f7 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 11 Sep 2011 07:23:00 +0200 Subject: [PATCH 271/652] h264: prevent an out of array read in decode_nal_units() Signed-off-by: Michael Niedermayer (cherry picked from commit ea0ac11e52b9cf5264f3d4eb7543e760c2a5fbb4) --- libavcodec/h264.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index ee2c6a31a0..12bed3a919 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -3672,7 +3672,7 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size){ s->workaround_bugs |= FF_BUG_TRUNCATED; if(!(s->workaround_bugs & FF_BUG_TRUNCATED)){ - while(ptr[dst_length - 1] == 0 && dst_length > 0) + while(dst_length > 0 && ptr[dst_length - 1] == 0) dst_length--; } bit_length= !dst_length ? 0 : (8*dst_length - ff_h264_decode_rbsp_trailing(h, ptr + dst_length - 1)); From 4601765ee8fa4930cc3210307c5689911f3ddeba Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sun, 11 Sep 2011 19:17:40 +0200 Subject: [PATCH 272/652] Fixed segfault on memory allocation failure in ape demuxer. Signed-off-by: Michael Niedermayer (cherry picked from commit 1632a576e68c27229b31f0d1203ff90220e0e024) --- libavformat/ape.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/ape.c b/libavformat/ape.c index bda6b32b1d..b0f2394ad8 100644 --- a/libavformat/ape.c +++ b/libavformat/ape.c @@ -270,6 +270,8 @@ static int ape_read_header(AVFormatContext * s, AVFormatParameters * ap) if (ape->seektablelength > 0) { ape->seektable = av_malloc(ape->seektablelength); + if (!ape->seektable) + return AVERROR(ENOMEM); for (i = 0; i < ape->seektablelength / sizeof(uint32_t); i++) ape->seektable[i] = avio_rl32(pb); } From 2bf9a09a2c10bacca1cc05950aa79030e7b68fa4 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sun, 11 Sep 2011 18:54:01 +0200 Subject: [PATCH 273/652] Fixed segfaults on corruped smacker streams in the decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit d07ac1853da29ea696243160e02154ebf758d1ee) --- libavcodec/smacker.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c index b8eab837ff..d215e3289c 100644 --- a/libavcodec/smacker.c +++ b/libavcodec/smacker.c @@ -134,11 +134,13 @@ static int smacker_decode_bigtree(GetBitContext *gb, HuffContext *hc, DBCtx *ctx return -1; } b1 = get_bits_count(gb); - i1 = get_vlc2(gb, ctx->v1->table, SMKTREE_BITS, 3); + i1 = ctx->v1->table ? get_vlc2(gb, ctx->v1->table, SMKTREE_BITS, 3) : 0; b1 = get_bits_count(gb) - b1; b2 = get_bits_count(gb); - i2 = get_vlc2(gb, ctx->v2->table, SMKTREE_BITS, 3); + i2 = ctx->v2->table ? get_vlc2(gb, ctx->v2->table, SMKTREE_BITS, 3) : 0; b2 = get_bits_count(gb) - b2; + if (i1 < 0 || i2 < 0) + return -1; val = ctx->recode1[i1] | (ctx->recode2[i2] << 8); if(val == ctx->escapes[0]) { ctx->last[0] = hc->current; @@ -290,7 +292,8 @@ static int decode_header_trees(SmackVContext *smk) { smk->mmap_tbl[0] = 0; smk->mmap_last[0] = smk->mmap_last[1] = smk->mmap_last[2] = 1; } else { - smacker_decode_header_tree(smk, &gb, &smk->mmap_tbl, smk->mmap_last, mmap_size); + if (smacker_decode_header_tree(smk, &gb, &smk->mmap_tbl, smk->mmap_last, mmap_size)) + return -1; } if(!get_bits1(&gb)) { av_log(smk->avctx, AV_LOG_INFO, "Skipping MCLR tree\n"); @@ -298,7 +301,8 @@ static int decode_header_trees(SmackVContext *smk) { smk->mclr_tbl[0] = 0; smk->mclr_last[0] = smk->mclr_last[1] = smk->mclr_last[2] = 1; } else { - smacker_decode_header_tree(smk, &gb, &smk->mclr_tbl, smk->mclr_last, mclr_size); + if (smacker_decode_header_tree(smk, &gb, &smk->mclr_tbl, smk->mclr_last, mclr_size)) + return -1; } if(!get_bits1(&gb)) { av_log(smk->avctx, AV_LOG_INFO, "Skipping FULL tree\n"); @@ -306,7 +310,8 @@ static int decode_header_trees(SmackVContext *smk) { smk->full_tbl[0] = 0; smk->full_last[0] = smk->full_last[1] = smk->full_last[2] = 1; } else { - smacker_decode_header_tree(smk, &gb, &smk->full_tbl, smk->full_last, full_size); + if (smacker_decode_header_tree(smk, &gb, &smk->full_tbl, smk->full_last, full_size)) + return -1; } if(!get_bits1(&gb)) { av_log(smk->avctx, AV_LOG_INFO, "Skipping TYPE tree\n"); @@ -314,7 +319,8 @@ static int decode_header_trees(SmackVContext *smk) { smk->type_tbl[0] = 0; smk->type_last[0] = smk->type_last[1] = smk->type_last[2] = 1; } else { - smacker_decode_header_tree(smk, &gb, &smk->type_tbl, smk->type_last, type_size); + if (smacker_decode_header_tree(smk, &gb, &smk->type_tbl, smk->type_last, type_size)) + return -1; } return 0; @@ -523,8 +529,8 @@ static av_cold int decode_init(AVCodecContext *avctx) return -1; } - decode_header_trees(c); - + if (decode_header_trees(c)) + return -1; return 0; } @@ -653,6 +659,8 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data, int *data_size, } else { //8-bit data for(i = stereo; i >= 0; i--) pred[i] = get_bits(&gb, 8); + if (stereo + unp_size > data_size) + return -1; for(i = 0; i < stereo; i++) *samples8++ = pred[i]; for(i = 0; i < unp_size; i++) { From 8511c141e02d5a8c63d9cf1e8aef1d1135a7f7fa Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sun, 11 Sep 2011 18:51:52 +0200 Subject: [PATCH 274/652] Fixed segfault on corrupted smacker streams in the demuxer. Signed-off-by: Michael Niedermayer (cherry picked from commit d0121e8d969cde74fa7dbd96d3602109b051e701) --- libavformat/smacker.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libavformat/smacker.c b/libavformat/smacker.c index 29a66e79fa..c22f6daa73 100644 --- a/libavformat/smacker.c +++ b/libavformat/smacker.c @@ -291,6 +291,10 @@ static int smacker_read_packet(AVFormatContext *s, AVPacket *pkt) frame_size -= 4; smk->curstream++; smk->bufs[smk->curstream] = av_realloc(smk->bufs[smk->curstream], size); + if (!smk->bufs[smk->curstream]) { + smk->buf_sizes[smk->curstream] = 0; + return AVERROR(ENOMEM); + } smk->buf_sizes[smk->curstream] = size; ret = avio_read(s->pb, smk->bufs[smk->curstream], size); if(ret != size) @@ -299,7 +303,9 @@ static int smacker_read_packet(AVFormatContext *s, AVPacket *pkt) } flags >>= 1; } - if (av_new_packet(pkt, frame_size + 768)) + if (frame_size < 0) + return AVERROR_INVALIDDATA; + if (av_new_packet(pkt, frame_size + 769)) return AVERROR(ENOMEM); if(smk->frm_size[smk->cur_frame] & 1) palchange |= 2; From c9316b7c6d30e87f469ca6d9651f26eff5f4c6e9 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sun, 11 Sep 2011 19:17:43 +0200 Subject: [PATCH 275/652] Fixed invalid read access on extra data in cinepak decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit dc255275f6293a060518271a151e1ce75499e874) --- libavcodec/cinepak.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/cinepak.c b/libavcodec/cinepak.c index 57657afaa4..0b822d2b7a 100644 --- a/libavcodec/cinepak.c +++ b/libavcodec/cinepak.c @@ -336,7 +336,8 @@ static int cinepak_decode (CinepakContext *s) * If the frame header is followed by the bytes FE 00 00 06 00 00 then * this is probably one of the two known files that have 6 extra bytes * after the frame header. Else, assume 2 extra bytes. */ - if ((s->data[10] == 0xFE) && + if (s->size >= 16 && + (s->data[10] == 0xFE) && (s->data[11] == 0x00) && (s->data[12] == 0x00) && (s->data[13] == 0x06) && From 812a4a5813c447e4fdb6b6a46462f1f34f539c51 Mon Sep 17 00:00:00 2001 From: Joakim Plate Date: Sun, 11 Sep 2011 21:23:53 +0200 Subject: [PATCH 276/652] gitignore: add files to git ignore generated on a win32 build Signed-off-by: Michael Niedermayer (cherry picked from commit 5a6f4a130226e04e0db3bd7c7c1ff76fe3f06080) --- .gitignore | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitignore b/.gitignore index 3e8ed0046e..c831335517 100644 --- a/.gitignore +++ b/.gitignore @@ -7,6 +7,9 @@ *-example *-test *_g +*.def +*.dll +*.lib config.* doc/*.1 doc/*.html From b70a37f854df8b61be2055df352dfec40defce95 Mon Sep 17 00:00:00 2001 From: Luca Barbato Date: Sat, 10 Sep 2011 10:23:50 -0400 Subject: [PATCH 277/652] doc: explain __STDC_CONSTANT_MACROS in C++ In order to build C++ programs using libav you need -D__STDC_CONSTANT_MACROS appened to the CXXFLAGS. (cherry picked from commit d162994a81a311a8dd212a50a2d2ad2b088df97f) --- doc/faq.texi | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/doc/faq.texi b/doc/faq.texi index 225f139b3c..daa4615a3c 100644 --- a/doc/faq.texi +++ b/doc/faq.texi @@ -447,6 +447,11 @@ encompassing your FFmpeg includes using @code{extern "C"}. See @url{http://www.parashift.com/c++-faq-lite/mixing-c-and-cpp.html#faq-32.3} +@section I'm using libavutil from within my C++ application but the compiler complains about 'UINT64_C' was not declared in this scope + +Libav is a pure C project using C99 math features, in order to enable C++ +to use them you have to append -D__STDC_CONSTANT_MACROS to your CXXFLAGS + @section I have a file in memory / a API different from *open/*read/ libc how do I use it with libavformat? You have to implement a URLProtocol, see @file{libavformat/file.c} in From be82df9e129995321917f47416ac755551915cb0 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sun, 11 Sep 2011 23:37:44 +0200 Subject: [PATCH 278/652] Fix writes out of bounds in the ogg demuxer. Between ogg_save() and ogg_restore() calls, the number of streams could have been reduced. Signed-off-by: Michael Niedermayer (cherry picked from commit bc851a2946c64eefb96145b70e2190ff7d5a4827) --- libavformat/oggdec.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/libavformat/oggdec.c b/libavformat/oggdec.c index bb1df35619..6ae4d804ce 100644 --- a/libavformat/oggdec.c +++ b/libavformat/oggdec.c @@ -29,7 +29,6 @@ DEALINGS IN THE SOFTWARE. **/ - #include #include "oggdec.h" #include "avformat.h" @@ -93,14 +92,24 @@ static int ogg_restore(AVFormatContext *s, int discard) ogg->state = ost->next; if (!discard){ + struct ogg_stream *old_streams = ogg->streams; + for (i = 0; i < ogg->nstreams; i++) av_free (ogg->streams[i].buf); avio_seek (bc, ost->pos, SEEK_SET); ogg->curidx = ost->curidx; ogg->nstreams = ost->nstreams; - memcpy(ogg->streams, ost->streams, - ost->nstreams * sizeof(*ogg->streams)); + ogg->streams = av_realloc (ogg->streams, + ogg->nstreams * sizeof (*ogg->streams)); + + if (ogg->streams) { + memcpy(ogg->streams, ost->streams, + ost->nstreams * sizeof(*ogg->streams)); + } else { + av_free(old_streams); + ogg->nstreams = 0; + } } av_free (ost); From f0869d3721a21c022f564251f93eb095843490f1 Mon Sep 17 00:00:00 2001 From: Joakim Plate Date: Mon, 12 Sep 2011 04:06:55 +0200 Subject: [PATCH 279/652] asf: Check return value of more avio_seek calls This reduces problems when underlying protocol is not seekable even if marked as such or if the file has been cut short. Signed-off-by: Michael Niedermayer (cherry picked from commit ac1d489320f476c18d6a8125f73389aecb73f3d3) --- libavformat/asfdec.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c index db00964c8a..033bdede13 100644 --- a/libavformat/asfdec.c +++ b/libavformat/asfdec.c @@ -1158,7 +1158,8 @@ static int64_t asf_read_pts(AVFormatContext *s, int stream_index, int64_t *ppos, if (s->packet_size > 0) pos= (pos+s->packet_size-1-s->data_offset)/s->packet_size*s->packet_size+ s->data_offset; *ppos= pos; - avio_seek(s->pb, pos, SEEK_SET); + if (avio_seek(s->pb, pos, SEEK_SET) < 0) + return AV_NOPTS_VALUE; //printf("asf_read_pts\n"); asf_reset_header(s); @@ -1200,7 +1201,9 @@ static void asf_build_simple_index(AVFormatContext *s, int stream_index) int64_t current_pos= avio_tell(s->pb); int i; - avio_seek(s->pb, asf->data_object_offset + asf->data_object_size, SEEK_SET); + if(avio_seek(s->pb, asf->data_object_offset + asf->data_object_size, SEEK_SET) < 0) + return; + ff_get_guid(s->pb, &g); /* the data object can be followed by other top-level objects, @@ -1272,7 +1275,8 @@ static int asf_read_seek(AVFormatContext *s, int stream_index, int64_t pts, int /* do the seek */ av_log(s, AV_LOG_DEBUG, "SEEKTO: %"PRId64"\n", pos); - avio_seek(s->pb, pos, SEEK_SET); + if(avio_seek(s->pb, pos, SEEK_SET) < 0) + return -1; asf_reset_header(s); return 0; } From 4a721b18edfdea44643ff9bb6ed80ee176e71f1b Mon Sep 17 00:00:00 2001 From: Joakim Plate Date: Mon, 12 Sep 2011 04:07:36 +0200 Subject: [PATCH 280/652] avidec: Check return value of more avio_seek calls The move of avio_seek in avi_read_seek is to avoiding modifying state if the seek would fail. Signed-off-by: Michael Niedermayer (cherry picked from commit f9e083a156f19094cb6fcd134c1ca4ca899a1a6d) --- libavformat/avidec.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/libavformat/avidec.c b/libavformat/avidec.c index 80620dadba..6fedaf7f8e 100644 --- a/libavformat/avidec.c +++ b/libavformat/avidec.c @@ -220,13 +220,18 @@ static int read_braindead_odml_indx(AVFormatContext *s, int frame_num){ return -1; } - avio_seek(pb, offset+8, SEEK_SET); + if(avio_seek(pb, offset+8, SEEK_SET) < 0) + return -1; avi->odml_depth++; read_braindead_odml_indx(s, frame_num); avi->odml_depth--; frame_num += duration; - avio_seek(pb, pos, SEEK_SET); + if(avio_seek(pb, pos, SEEK_SET) < 0) { + av_log(s, AV_LOG_ERROR, "Failed to restore position after reading index"); + return -1; + } + } } avi->index_loaded=1; @@ -1325,11 +1330,13 @@ static int avi_read_seek(AVFormatContext *s, int stream_index, int64_t timestamp /* the av_index_search_timestamp call above. */ assert(stream_index == 0); + if(avio_seek(s->pb, pos, SEEK_SET) < 0) + return -1; + /* Feed the DV video stream version of the timestamp to the */ /* DV demux so it can synthesize correct timestamps. */ dv_offset_reset(avi->dv_demux, timestamp); - avio_seek(s->pb, pos, SEEK_SET); avi->stream_index= -1; return 0; } @@ -1380,7 +1387,8 @@ static int avi_read_seek(AVFormatContext *s, int stream_index, int64_t timestamp } /* do the seek */ - avio_seek(s->pb, pos_min, SEEK_SET); + if (avio_seek(s->pb, pos_min, SEEK_SET) < 0) + return -1; avi->stream_index= -1; return 0; } From 8449cebc90dcef1fda4c1fc83d8ce2651b029349 Mon Sep 17 00:00:00 2001 From: Joakim Plate Date: Mon, 12 Sep 2011 04:08:06 +0200 Subject: [PATCH 281/652] rmdec: Check return value of more avio_seek calls Signed-off-by: Michael Niedermayer (cherry picked from commit 7e4111cfe2f5d03af8d608757e897145aa252af8) --- libavformat/rmdec.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c index c2eee815c2..b7c57af93a 100644 --- a/libavformat/rmdec.c +++ b/libavformat/rmdec.c @@ -905,7 +905,9 @@ static int64_t rm_read_dts(AVFormatContext *s, int stream_index, if(rm->old_format) return AV_NOPTS_VALUE; - avio_seek(s->pb, pos, SEEK_SET); + if (avio_seek(s->pb, pos, SEEK_SET) < 0) + return AV_NOPTS_VALUE; + rm->remaining_len=0; for(;;){ int seq=1; From 85b1e265c9dafaf60e120db73ce795eea24e1fad Mon Sep 17 00:00:00 2001 From: Hendrik Leppkes Date: Mon, 12 Sep 2011 17:45:25 +0200 Subject: [PATCH 282/652] gitignore: ignore .exp files, as generated by the MS linker on win32 Ignore another filetype, as generated by Microsofts lib.exe when creating the import libraries. (cherry picked from commit 73211630110886d849e3de837ca80280a2df2b46) --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index c831335517..bff585e806 100644 --- a/.gitignore +++ b/.gitignore @@ -10,6 +10,7 @@ *.def *.dll *.lib +*.exp config.* doc/*.1 doc/*.html From b1ceca016a498f2629f5cf1faa3d7981ab825f5a Mon Sep 17 00:00:00 2001 From: Kostya Shishkov Date: Mon, 12 Sep 2011 09:40:42 +0200 Subject: [PATCH 283/652] smacker demuxer: handle possible av_realloc() failure. Signed-off-by: Anton Khirnov --- libavformat/smacker.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/libavformat/smacker.c b/libavformat/smacker.c index c22f6daa73..ad6f265c83 100644 --- a/libavformat/smacker.c +++ b/libavformat/smacker.c @@ -286,15 +286,16 @@ static int smacker_read_packet(AVFormatContext *s, AVPacket *pkt) for(i = 0; i < 7; i++) { if(flags & 1) { int size; + uint8_t *tmpbuf; + size = avio_rl32(s->pb) - 4; frame_size -= size; frame_size -= 4; smk->curstream++; - smk->bufs[smk->curstream] = av_realloc(smk->bufs[smk->curstream], size); - if (!smk->bufs[smk->curstream]) { - smk->buf_sizes[smk->curstream] = 0; + tmpbuf = av_realloc(smk->bufs[smk->curstream], size); + if (!tmpbuf) return AVERROR(ENOMEM); - } + smk->bufs[smk->curstream] = tmpbuf; smk->buf_sizes[smk->curstream] = size; ret = avio_read(s->pb, smk->bufs[smk->curstream], size); if(ret != size) From ad6177e52c86343b1a9043e56525d01d070a2009 Mon Sep 17 00:00:00 2001 From: Kostya Shishkov Date: Mon, 12 Sep 2011 11:39:53 +0200 Subject: [PATCH 284/652] rv34: check that subsequent slices have the same type as first one. This prevents some crashes when corrupted bitstream reports e.g. P-type slice in I-frame. Official RealVideo decoder demands all slices to be of the same type too. Signed-off-by: Anton Khirnov (cherry picked from commit 23a1f0c59241465ba30103388029a7afc0ead909) --- libavcodec/rv34.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/libavcodec/rv34.c b/libavcodec/rv34.c index 8cec3634de..f0f472dcaf 100644 --- a/libavcodec/rv34.c +++ b/libavcodec/rv34.c @@ -1305,6 +1305,13 @@ static int rv34_decode_slice(RV34DecContext *r, int end, const uint8_t* buf, int r->next_pts = r->cur_pts; } s->mb_x = s->mb_y = 0; + } else { + int slice_type = r->si.type ? r->si.type : AV_PICTURE_TYPE_I; + + if (slice_type != s->pict_type) { + av_log(s->avctx, AV_LOG_ERROR, "Slice type mismatch\n"); + return AVERROR_INVALIDDATA; + } } r->si.end = end; From 21587509ec54da2b7dbd4309d971b728ed3d1e17 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Mon, 12 Sep 2011 20:58:35 +0200 Subject: [PATCH 285/652] segafilm: Check for memory allocation failures in segafilm demuxer. Signed-off-by: Michael Niedermayer (cherry picked from commit 7cbe02575868e7d25acf3d319ece664702700f0a) --- libavformat/segafilm.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libavformat/segafilm.c b/libavformat/segafilm.c index ae194d496b..e712ebfbb1 100644 --- a/libavformat/segafilm.c +++ b/libavformat/segafilm.c @@ -167,6 +167,8 @@ static int film_read_header(AVFormatContext *s, if(film->sample_count >= UINT_MAX / sizeof(film_sample)) return -1; film->sample_table = av_malloc(film->sample_count * sizeof(film_sample)); + if (!film->sample_table) + return AVERROR(ENOMEM); for(i=0; inb_streams; i++) av_set_pts_info(s->streams[i], 33, 1, film->base_clock); @@ -238,6 +240,10 @@ static int film_read_packet(AVFormatContext *s, av_free(film->stereo_buffer); film->stereo_buffer_size = sample->sample_size; film->stereo_buffer = av_malloc(film->stereo_buffer_size); + if (!film->stereo_buffer) { + film->stereo_buffer_size = 0; + return AVERROR(ENOMEM); + } } pkt->pos= avio_tell(pb); From 605f89ffc9dfd278d241d0425e9a8d93d535bbdd Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Mon, 12 Sep 2011 21:09:57 +0200 Subject: [PATCH 286/652] segafilm: Fix potential division by 0 on corrupted segafilm streams in the demuxer. Signed-off-by: Michael Niedermayer --- libavformat/segafilm.c | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/libavformat/segafilm.c b/libavformat/segafilm.c index e712ebfbb1..a9b9667d14 100644 --- a/libavformat/segafilm.c +++ b/libavformat/segafilm.c @@ -111,11 +111,16 @@ static int film_read_header(AVFormatContext *s, film->audio_samplerate = AV_RB16(&scratch[24]); film->audio_channels = scratch[21]; film->audio_bits = scratch[22]; - if (film->audio_bits == 8) - film->audio_type = CODEC_ID_PCM_S8; - else if (film->audio_bits == 16) - film->audio_type = CODEC_ID_PCM_S16BE; - else + if (scratch[23] == 2) + film->audio_type = CODEC_ID_ADPCM_ADX; + else if (film->audio_channels > 0) { + if (film->audio_bits == 8) + film->audio_type = CODEC_ID_PCM_S8; + else if (film->audio_bits == 16) + film->audio_type = CODEC_ID_PCM_S16BE; + else + film->audio_type = CODEC_ID_NONE; + } else film->audio_type = CODEC_ID_NONE; } @@ -189,8 +194,12 @@ static int film_read_header(AVFormatContext *s, film->sample_table[i].pts *= film->base_clock; film->sample_table[i].pts /= film->audio_samplerate; - audio_frame_counter += (film->sample_table[i].sample_size / - (film->audio_channels * film->audio_bits / 8)); + if (film->audio_type == CODEC_ID_ADPCM_ADX) + audio_frame_counter += (film->sample_table[i].sample_size * 32 / + (18 * film->audio_channels)); + else if (film->audio_type != CODEC_ID_NONE) + audio_frame_counter += (film->sample_table[i].sample_size / + (film->audio_channels * film->audio_bits / 8)); } else { film->sample_table[i].stream = film->video_stream_index; film->sample_table[i].pts = AV_RB32(&scratch[8]) & 0x7FFFFFFF; From 9cee26dfdebe25f0370172b939bd2e0c9e43c2df Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 12 Sep 2011 23:45:21 +0200 Subject: [PATCH 287/652] smacker: add forgotten * found by fenrir Signed-off-by: Michael Niedermayer (cherry picked from commit f98edc73c599badaa0c075fbffb519a150d03d80) --- libavcodec/smacker.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c index d215e3289c..2a85bda172 100644 --- a/libavcodec/smacker.c +++ b/libavcodec/smacker.c @@ -659,7 +659,7 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data, int *data_size, } else { //8-bit data for(i = stereo; i >= 0; i--) pred[i] = get_bits(&gb, 8); - if (stereo + unp_size > data_size) + if (stereo + unp_size > *data_size) return -1; for(i = 0; i < stereo; i++) *samples8++ = pred[i]; From e952ff69810d370c361ece5dfe33a7bcd7a64e40 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 13 Sep 2011 01:14:44 +0200 Subject: [PATCH 288/652] smacker: fix a few off by 1 errors stereo & 16bit is untested due to lack of samples Signed-off-by: Michael Niedermayer (cherry picked from commit d67e74929c2c0d09383c2f4a9c904bfdd839c67c) --- libavcodec/smacker.c | 10 ++- tests/ref/fate/smacker | 160 ++++++++++++++++++++--------------------- 2 files changed, 84 insertions(+), 86 deletions(-) diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c index 2a85bda172..be4bc2336f 100644 --- a/libavcodec/smacker.c +++ b/libavcodec/smacker.c @@ -625,9 +625,9 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data, int *data_size, if(bits) { //decode 16-bit data for(i = stereo; i >= 0; i--) pred[i] = av_bswap16(get_bits(&gb, 16)); - for(i = 0; i < stereo; i++) + for(i = 0; i <= stereo; i++) *samples++ = pred[i]; - for(i = 0; i < unp_size / 2; i++) { + for(; i < unp_size / 2; i++) { if(i & stereo) { if(vlc[2].table) res = get_vlc2(&gb, vlc[2].table, SMKTREE_BITS, 3); @@ -659,11 +659,9 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data, int *data_size, } else { //8-bit data for(i = stereo; i >= 0; i--) pred[i] = get_bits(&gb, 8); - if (stereo + unp_size > *data_size) - return -1; - for(i = 0; i < stereo; i++) + for(i = 0; i <= stereo; i++) *samples8++ = pred[i]; - for(i = 0; i < unp_size; i++) { + for(; i < unp_size; i++) { if(i & stereo){ if(vlc[1].table) res = get_vlc2(&gb, vlc[1].table, SMKTREE_BITS, 3); diff --git a/tests/ref/fate/smacker b/tests/ref/fate/smacker index 85c4a9817c..df88a4ae8a 100644 --- a/tests/ref/fate/smacker +++ b/tests/ref/fate/smacker @@ -1,5 +1,5 @@ 0, 0, 192000, 0x8926d7fc -1, 0, 47240, 0xad778a78 +1, 0, 47240, 0x9974897c 0, 6390, 192000, 0x2506d384 0, 12780, 192000, 0x9a8dc93a 0, 19170, 192000, 0x4badb7f2 @@ -15,163 +15,163 @@ 0, 83070, 192000, 0x1a3d7971 0, 89460, 192000, 0xa1a65bd5 0, 95850, 192000, 0x344957b9 -1, 96408, 3128, 0x4c1564ae +1, 96408, 3128, 0x7e4064b4 0, 102240, 192000, 0xe23b5f4e -1, 102792, 3128, 0x34553309 +1, 102792, 3128, 0x80883301 0, 108630, 192000, 0xb5c2710b -1, 109176, 3136, 0xb474d246 +1, 109176, 3136, 0x2ad2d341 0, 115020, 192000, 0x7a25938f -1, 115576, 3128, 0x87b868ea +1, 115576, 3128, 0xda8468e3 0, 121410, 192000, 0x0a84e4c9 -1, 121959, 3136, 0xf1516dc3 +1, 121959, 3136, 0x9d6f6cdf 0, 127800, 192000, 0x94209b0d -1, 128359, 3128, 0x867563cb +1, 128359, 3128, 0x1aaa64b5 0, 134190, 192000, 0xf940e51f -1, 134743, 3128, 0x5200728c +1, 134743, 3128, 0x9182728b 0, 140580, 192000, 0xb9fdec42 -1, 141127, 3136, 0xeda118a0 +1, 141127, 3136, 0xfa8e17b3 0, 146970, 192000, 0x7b04a376 -1, 147527, 3128, 0x03e2c1d6 +1, 147527, 3128, 0x0dc3c1cf 0, 153360, 192000, 0x5fe0026b -1, 153910, 3136, 0xc3e862b6 +1, 153910, 3136, 0x0109639d 0, 159750, 192000, 0x775aca39 -1, 160310, 3128, 0x937a13be +1, 160310, 3128, 0x6d8a12d9 0, 166140, 192000, 0xae14fb32 -1, 166694, 3128, 0x7b1b9577 +1, 166694, 3128, 0x4b9a9597 0, 172530, 192000, 0x661106e5 -1, 173078, 3136, 0x042c7113 +1, 173078, 3136, 0x9112710e 0, 178920, 192000, 0xe8658dbf -1, 179478, 3128, 0xac48f451 +1, 179478, 3128, 0x8cccf522 0, 185310, 192000, 0x5359f0f9 -1, 185861, 3128, 0x018fbbe9 +1, 185861, 3128, 0x6594bbf3 0, 191700, 192000, 0xc1ec80f4 -1, 192245, 3136, 0xc62aa7ce +1, 192245, 3136, 0xd878a7d5 0, 198090, 192000, 0xca53806b -1, 198645, 3128, 0x106e3924 +1, 198645, 3128, 0xaa6e3905 0, 204480, 192000, 0xf0766b2e -1, 205029, 3136, 0xfeb82ecc +1, 205029, 3136, 0x2a062e04 0, 210870, 192000, 0x39962da8 -1, 211429, 3128, 0x7e7c005b +1, 211429, 3128, 0x84e4006a 0, 217260, 192000, 0x4171c37f -1, 217812, 3128, 0x949d3560 +1, 217812, 3128, 0x85183633 0, 223650, 192000, 0x3abf3b46 -1, 224196, 3136, 0x02bd4aff +1, 224196, 3136, 0xb62d4b02 0, 230040, 192000, 0xecc68313 -1, 230596, 3128, 0x4aaf4715 +1, 230596, 3128, 0xe209462a 0, 236430, 192000, 0xea339baf -1, 236980, 3136, 0x2958825f +1, 236980, 3136, 0x57c4824b 0, 242820, 192000, 0x616b8f16 -1, 243380, 3128, 0x99a5914d +1, 243380, 3128, 0x664a9163 0, 249210, 192000, 0xf77a8581 -1, 249763, 3128, 0xe67277a4 +1, 249763, 3128, 0xb4287874 0, 255600, 192000, 0xb315678b -1, 256147, 3136, 0x11296973 +1, 256147, 3136, 0xde626885 0, 261990, 192000, 0x0a4a5218 -1, 262547, 3128, 0x5cc362f7 +1, 262547, 3128, 0x919763c2 0, 268380, 192000, 0x98802be4 -1, 268931, 3128, 0x0c5e6586 +1, 268931, 3128, 0xa4f664e1 0, 274770, 192000, 0xa2f0fd94 -1, 275314, 3136, 0xe940b0f9 +1, 275314, 3136, 0xa0bab0d4 0, 281160, 192000, 0x6671c84f -1, 281714, 3128, 0x2c9292cc +1, 281714, 3128, 0xe938939c 0, 287550, 192000, 0x38327e31 -1, 288098, 3136, 0xa807c096 +1, 288098, 3136, 0x3679bfc7 0, 293940, 192000, 0xb85d3e08 -1, 294498, 3128, 0x9d2254d8 +1, 294498, 3128, 0xc96c55c3 0, 300330, 192000, 0xdc69eba9 -1, 300882, 3128, 0xe68015b0 +1, 300882, 3128, 0x119114d6 0, 306720, 192000, 0x8955a0b3 -1, 307265, 3136, 0x65d58029 +1, 307265, 3136, 0x42f3800f 0, 313110, 192000, 0x714a548b -1, 313665, 3128, 0xcffcc48c +1, 313665, 3128, 0x4250c4ad 0, 319500, 192000, 0xc0471de9 -1, 320049, 3136, 0x8c704944 +1, 320049, 3136, 0x5cdd4925 0, 325890, 192000, 0x2e16e039 -1, 326449, 3128, 0x1459231d +1, 326449, 3128, 0xa4c12360 0, 332280, 192000, 0x9fa4b033 -1, 332833, 3128, 0x7dde4839 +1, 332833, 3128, 0x849f48de 0, 338670, 192000, 0x4a0f9402 -1, 339216, 3136, 0xbb6890e2 +1, 339216, 3136, 0x6acd8ff9 0, 345060, 192000, 0x1f3e6843 -1, 345616, 3128, 0xcd9a8524 +1, 345616, 3128, 0xb2758556 0, 351450, 192000, 0x31774850 -1, 352000, 3128, 0xa244fc31 +1, 352000, 3128, 0x10f2fcb1 0, 357840, 192000, 0x9d5336a2 -1, 358384, 3136, 0x504e2bd9 +1, 358384, 3136, 0xf0f02b23 0, 364230, 192000, 0xf7de27a2 -1, 364784, 3128, 0x655858d8 +1, 364784, 3128, 0x64f759c6 0, 370620, 192000, 0x98c717ce -1, 371167, 3136, 0x46027610 +1, 371167, 3136, 0x7ec075e3 0, 377010, 192000, 0x615b10b8 -1, 377567, 3128, 0x4192d5e3 +1, 377567, 3128, 0xf981d51e 0, 383400, 192000, 0xd5bc0e7e -1, 383951, 3128, 0x21d2e7fe +1, 383951, 3128, 0xc622e8b9 0, 389790, 192000, 0xd5bc0e7e -1, 390335, 3136, 0x7c93e329 +1, 390335, 3136, 0xf632e2f8 0, 396180, 192000, 0xd5bc0e7e -1, 396735, 3128, 0xa67718c0 +1, 396735, 3128, 0xda561864 0, 402570, 192000, 0xd5bc0e7e -1, 403118, 3136, 0x9bb6e8a3 +1, 403118, 3136, 0x14d2e888 0, 408960, 192000, 0xd5bc0e7e -1, 409518, 3128, 0x0933b7a6 +1, 409518, 3128, 0x015bb869 0, 415350, 192000, 0xd5bc0e7e -1, 415902, 3128, 0x07f1fb57 +1, 415902, 3128, 0xedb1fb62 0, 421740, 192000, 0xd5bc0e7e -1, 422286, 3136, 0x8a050cfd +1, 422286, 3136, 0xe0560c41 0, 428130, 192000, 0xd5bc0e7e -1, 428686, 3128, 0xdb773c0b +1, 428686, 3128, 0x14773c9a 0, 434520, 192000, 0xd5bc0e7e -1, 435069, 3136, 0xd1281c53 +1, 435069, 3136, 0x850f1c82 0, 440910, 192000, 0xd5bc0e7e -1, 441469, 3128, 0x9f395324 +1, 441469, 3128, 0xb0bd5347 0, 447300, 192000, 0xd5bc0e7e -1, 447853, 3128, 0x5f13edec +1, 447853, 3128, 0x8f82edbf 0, 453690, 192000, 0xd5bc0e7e -1, 454237, 3136, 0x871cbecf +1, 454237, 3136, 0x493abee2 0, 460080, 192000, 0xd5bc0e7e -1, 460637, 3128, 0x799eff3e +1, 460637, 3128, 0xf5daff3f 0, 466470, 192000, 0xd5bc0e7e -1, 467020, 3128, 0x3f902762 +1, 467020, 3128, 0x78ad2690 0, 472860, 192000, 0xd5bc0e7e -1, 473404, 3136, 0x29f8bb04 +1, 473404, 3136, 0x490ebafc 0, 479250, 192000, 0xd5bc0e7e -1, 479804, 3128, 0xf3523ee9 +1, 479804, 3128, 0x70333fd2 0, 485640, 192000, 0xd5bc0e7e -1, 486188, 3136, 0x4405c435 +1, 486188, 3136, 0x8cb1c350 0, 492030, 192000, 0xd5bc0e7e -1, 492588, 3128, 0x892957cb +1, 492588, 3128, 0x8bd057cb 0, 498420, 192000, 0xd5bc0e7e -1, 498971, 3128, 0xdf483dbd +1, 498971, 3128, 0x161b3dbc 0, 504810, 192000, 0xd5bc0e7e -1, 505355, 3136, 0x5e8ab797 +1, 505355, 3136, 0xb47fb88a 0, 511200, 192000, 0xd5bc0e7e -1, 511755, 3128, 0x92e13820 +1, 511755, 3128, 0x474b381e 0, 517590, 192000, 0xd5bc0e7e -1, 518139, 3136, 0xfde719b6 +1, 518139, 3136, 0x07c519bb 0, 523980, 192000, 0xd5bc0e7e -1, 524539, 3128, 0x442f17ae +1, 524539, 3128, 0x15b916c8 0, 530370, 192000, 0xd5bc0e7e -1, 530922, 3128, 0x011af61f +1, 530922, 3128, 0x0ed7f6fb 0, 536760, 192000, 0xd5bc0e7e -1, 537306, 3136, 0x4e3e3a6d +1, 537306, 3136, 0x54d6397b 0, 543150, 192000, 0xd5bc0e7e -1, 543706, 3128, 0xc11242b9 +1, 543706, 3128, 0x437242bb 0, 549540, 192000, 0xd5bc0e7e -1, 550090, 3128, 0x01415b59 +1, 550090, 3128, 0x38f05c4d 0, 555930, 192000, 0xd5bc0e7e -1, 556473, 3136, 0x302e0e55 +1, 556473, 3136, 0x5d000e59 0, 562320, 192000, 0xd5bc0e7e -1, 562873, 3128, 0x20522d04 +1, 562873, 3128, 0xdeab2d04 0, 568710, 192000, 0xd5bc0e7e -1, 569257, 3136, 0x316a697d +1, 569257, 3136, 0x77de6880 0, 575100, 192000, 0xd5bc0e7e -1, 575657, 3128, 0x6d75ee27 +1, 575657, 3128, 0xbc87ef25 0, 581490, 192000, 0xd5bc0e7e -1, 582041, 3128, 0xcb008ae8 +1, 582041, 3128, 0xc1638ade 0, 587880, 192000, 0xd5bc0e7e -1, 588424, 3136, 0xd2664b51 +1, 588424, 3136, 0xcfb64a5f 0, 594270, 192000, 0xd5bc0e7e -1, 594824, 3128, 0xdfcab728 +1, 594824, 3128, 0x90b1b826 0, 600660, 192000, 0xd5bc0e7e 1, 601208, 3136, 0x00000000 0, 607050, 192000, 0xd5bc0e7e From 1072498081a5c8656db6df124386e171d25729fa Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 13 Sep 2011 03:52:30 +0200 Subject: [PATCH 289/652] vf_remove_logo: domt access vf->next->query_format() directly but use the API. This fixes a crash Signed-off-by: Michael Niedermayer (cherry picked from commit 39e0accb7a934bfe3d42324b016dd8790790746d) --- libavfilter/libmpcodecs/vf_remove_logo.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavfilter/libmpcodecs/vf_remove_logo.c b/libavfilter/libmpcodecs/vf_remove_logo.c index 5f1265eab3..5498a1bd03 100644 --- a/libavfilter/libmpcodecs/vf_remove_logo.c +++ b/libavfilter/libmpcodecs/vf_remove_logo.c @@ -671,7 +671,7 @@ static pgm_structure * generate_half_size_image(vf_instance_t * vf, pgm_structur * \brief Checks if YV12 is supported by the next filter. */ static unsigned int find_best(struct vf_instance *vf){ - int is_format_okay = vf->next->query_format(vf->next, IMGFMT_YV12); + int is_format_okay = vf_next_query_format(vf, IMGFMT_YV12); if ((is_format_okay & VFCAP_CSP_SUPPORTED_BY_HW) || (is_format_okay & VFCAP_CSP_SUPPORTED)) return IMGFMT_YV12; else @@ -814,7 +814,7 @@ static int put_image(struct vf_instance *vf, mp_image_t *mpi, double pts){ static int query_format(struct vf_instance *vf, unsigned int fmt) { if (fmt == IMGFMT_YV12) - return vf->next->query_format(vf->next, IMGFMT_YV12); + return vf_next_query_format(vf, IMGFMT_YV12); else return 0; } From 56634b2328ebe7e539278e7f4a6e8fa5973a25ad Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 13 Sep 2011 04:27:41 +0200 Subject: [PATCH 290/652] libavformat/utils: print ts in the "invalid dts/pts combination" case. Signed-off-by: Michael Niedermayer (cherry picked from commit 38670356f990da1efb906232768836d83356855b) --- libavformat/utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index a582ddcc61..d24c7a0b5e 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -995,7 +995,7 @@ static void compute_pkt_fields(AVFormatContext *s, AVStream *st, // we take the conservative approach and discard both // Note, if this is misbehaving for a H.264 file then possibly presentation_delayed is not set correctly. if(delay==1 && pkt->dts == pkt->pts && pkt->dts != AV_NOPTS_VALUE && presentation_delayed){ - av_log(s, AV_LOG_DEBUG, "invalid dts/pts combination\n"); + av_log(s, AV_LOG_DEBUG, "invalid dts/pts combination %Ld\n", pkt->dts); pkt->dts= pkt->pts= AV_NOPTS_VALUE; } From 053bc4ce8b8f3504e4184d02281fb9a6ee4947eb Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 10 Sep 2011 00:32:12 +0200 Subject: [PATCH 291/652] Fixed size given to init_get_bits() in xan decoder. (cherry picked from commit 393d5031c6aaaf8c2dda4eb5d676974c349fae85) --- libavcodec/xan.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/libavcodec/xan.c b/libavcodec/xan.c index f5d1812aec..5b22101e18 100644 --- a/libavcodec/xan.c +++ b/libavcodec/xan.c @@ -97,17 +97,18 @@ static av_cold int xan_decode_init(AVCodecContext *avctx) return 0; } -static int xan_huffman_decode(unsigned char *dest, const unsigned char *src, - int dest_len) +static int xan_huffman_decode(unsigned char *dest, int dest_len, + const unsigned char *src, int src_len) { unsigned char byte = *src++; unsigned char ival = byte + 0x16; const unsigned char * ptr = src + byte*2; + int ptr_len = src_len - 1 - byte*2; unsigned char val = ival; unsigned char *dest_end = dest + dest_len; GetBitContext gb; - init_get_bits(&gb, ptr, 0); // FIXME: no src size available + init_get_bits(&gb, ptr, ptr_len * 8); while ( val != 0x16 ) { val = src[val - 0x17 + get_bits1(&gb) * byte]; @@ -272,7 +273,8 @@ static void xan_wc3_decode_frame(XanContext *s) { vector_segment = s->buf + AV_RL16(&s->buf[4]); imagedata_segment = s->buf + AV_RL16(&s->buf[6]); - xan_huffman_decode(opcode_buffer, huffman_segment, opcode_buffer_size); + xan_huffman_decode(opcode_buffer, opcode_buffer_size, + huffman_segment, s->size - (huffman_segment - s->buf) ); if (imagedata_segment[0] == 2) xan_unpack(s->buffer2, &imagedata_segment[1], s->buffer2_size); From 169e6344573af8b4dc5a6e0da8db9a9d4eaf7532 Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Fri, 9 Sep 2011 16:13:52 -0700 Subject: [PATCH 292/652] xan: Remove extra trailing newline (cherry picked from commit 350f57bd7b77b36c150540ad2aae9de42cc4dfca) --- libavcodec/xan.c | 1 - 1 file changed, 1 deletion(-) diff --git a/libavcodec/xan.c b/libavcodec/xan.c index 5b22101e18..1dace41e0d 100644 --- a/libavcodec/xan.c +++ b/libavcodec/xan.c @@ -566,4 +566,3 @@ AVCodec ff_xan_wc3_decoder = { CODEC_CAP_DR1, .long_name = NULL_IF_CONFIG_SMALL("Wing Commander III / Xan"), }; - From b7000d05175ee87774decb4b236f773c2059707b Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Fri, 9 Sep 2011 16:10:03 -0700 Subject: [PATCH 293/652] xan: Add some buffer checks (cherry picked from commit 0872bb23b4bd2d94a8ba91070f706d1bc1c3ced8) --- libavcodec/xan.c | 37 +++++++++++++++++++++++++++++-------- 1 file changed, 29 insertions(+), 8 deletions(-) diff --git a/libavcodec/xan.c b/libavcodec/xan.c index 1dace41e0d..357593bf2d 100644 --- a/libavcodec/xan.c +++ b/libavcodec/xan.c @@ -108,6 +108,9 @@ static int xan_huffman_decode(unsigned char *dest, int dest_len, unsigned char *dest_end = dest + dest_len; GetBitContext gb; + if (ptr_len < 0) + return AVERROR_INVALIDDATA; + init_get_bits(&gb, ptr, ptr_len * 8); while ( val != 0x16 ) { @@ -247,7 +250,7 @@ static inline void xan_wc3_copy_pixel_run(XanContext *s, } } -static void xan_wc3_decode_frame(XanContext *s) { +static int xan_wc3_decode_frame(XanContext *s) { int width = s->avctx->width; int height = s->avctx->height; @@ -267,14 +270,30 @@ static void xan_wc3_decode_frame(XanContext *s) { const unsigned char *size_segment; const unsigned char *vector_segment; const unsigned char *imagedata_segment; + int huffman_offset, size_offset, vector_offset, imagedata_offset; - huffman_segment = s->buf + AV_RL16(&s->buf[0]); - size_segment = s->buf + AV_RL16(&s->buf[2]); - vector_segment = s->buf + AV_RL16(&s->buf[4]); - imagedata_segment = s->buf + AV_RL16(&s->buf[6]); + if (s->size < 8) + return AVERROR_INVALIDDATA; - xan_huffman_decode(opcode_buffer, opcode_buffer_size, - huffman_segment, s->size - (huffman_segment - s->buf) ); + huffman_offset = AV_RL16(&s->buf[0]); + size_offset = AV_RL16(&s->buf[2]); + vector_offset = AV_RL16(&s->buf[4]); + imagedata_offset = AV_RL16(&s->buf[6]); + + if (huffman_offset >= s->size || + size_offset >= s->size || + vector_offset >= s->size || + imagedata_offset >= s->size) + return AVERROR_INVALIDDATA; + + huffman_segment = s->buf + huffman_offset; + size_segment = s->buf + size_offset; + vector_segment = s->buf + vector_offset; + imagedata_segment = s->buf + imagedata_offset; + + if (xan_huffman_decode(opcode_buffer, opcode_buffer_size, + huffman_segment, s->size - huffman_offset) < 0) + return AVERROR_INVALIDDATA; if (imagedata_segment[0] == 2) xan_unpack(s->buffer2, &imagedata_segment[1], s->buffer2_size); @@ -360,6 +379,7 @@ static void xan_wc3_decode_frame(XanContext *s) { y += (x + size) / width; x = (x + size) % width; } + return 0; } #if RUNTIME_GAMMA @@ -521,7 +541,8 @@ static int xan_decode_frame(AVCodecContext *avctx, s->buf = buf; s->size = buf_size; - xan_wc3_decode_frame(s); + if (xan_wc3_decode_frame(s) < 0) + return AVERROR_INVALIDDATA; /* release the last frame if it is allocated */ if (s->last_frame.data[0]) From fa3f7391be8536ecdf5d8547c0162c68b206043f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 14 Sep 2011 20:48:00 +0200 Subject: [PATCH 294/652] h264: allow disabling bitstream overread protection by using the fast flag. Signed-off-by: Michael Niedermayer (cherry picked from commit 205c13685f36a17f406b7cd07e14b6d2a61f396a) --- libavcodec/h264.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 12bed3a919..5841b1f399 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -197,8 +197,12 @@ const uint8_t *ff_h264_decode_nal(H264Context *h, const uint8_t *src, int *dst_l if(i>=length-1){ //no escaped 0 *dst_length= length; *consumed= length+1; //+1 for the header - memcpy(dst, src, length); - return dst; + if(h->s.avctx->flags2 & CODEC_FLAG2_FAST){ + return src; + }else{ + memcpy(dst, src, length); + return dst; + } } //printf("decoding esc\n"); From 6e21f03547a6fd4cb5d9e2414270b451613a3b50 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ingo=20Br=C3=BCckl?= Date: Thu, 15 Sep 2011 16:19:05 +0200 Subject: [PATCH 295/652] Correct determination of file size and frames in VBRI headers The fields "Number of Bytes" and "Number of Frames" are mixed up. "Bytes" come first, "Frames" behind. Signed-off-by: Michael Niedermayer (cherry picked from commit 5d305c9398c043f9ae3bbc6d64a3e1dc468c1e63) --- libavformat/mp3dec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mp3dec.c b/libavformat/mp3dec.c index 64f6ea8c0e..47772a4998 100644 --- a/libavformat/mp3dec.c +++ b/libavformat/mp3dec.c @@ -109,8 +109,8 @@ static int mp3_parse_vbr_tags(AVFormatContext *s, AVStream *st, int64_t base) if(avio_rb16(s->pb) == 1) { /* skip delay and quality */ avio_skip(s->pb, 4); - frames = avio_rb32(s->pb); size = avio_rb32(s->pb); + frames = avio_rb32(s->pb); } } From 30d7dce94fc74a8ef8369ffe97f0b8b5484ff502 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 17 Sep 2011 16:56:30 +0200 Subject: [PATCH 296/652] Fix potential overreads in rv34 decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit 9a0a64cb26bc6aaa7f29106bded8a27f3db918ee) --- libavcodec/rv34.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavcodec/rv34.c b/libavcodec/rv34.c index f0f472dcaf..ba88916f5d 100644 --- a/libavcodec/rv34.c +++ b/libavcodec/rv34.c @@ -1443,6 +1443,7 @@ int ff_rv34_decode_frame(AVCodecContext *avctx, slice_count = (*buf++) + 1; slices_hdr = buf + 4; buf += 8 * slice_count; + buf_size -= 1 + 8 * slice_count; }else slice_count = avctx->slice_count; @@ -1461,7 +1462,7 @@ int ff_rv34_decode_frame(AVCodecContext *avctx, if( (avctx->skip_frame >= AVDISCARD_NONREF && si.type==AV_PICTURE_TYPE_B) || (avctx->skip_frame >= AVDISCARD_NONKEY && si.type!=AV_PICTURE_TYPE_I) || avctx->skip_frame >= AVDISCARD_ALL) - return buf_size; + return avpkt->size; for(i=0; icurrent_picture_ptr= NULL; //so we can detect if frame_end wasnt called (find some nicer solution...) } - return buf_size; + return avpkt->size; } av_cold int ff_rv34_decode_end(AVCodecContext *avctx) From 4d8330d09565956ac40036e7b4af58d2d775d03e Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 17 Sep 2011 16:56:35 +0200 Subject: [PATCH 297/652] Fix js_vlc_bits value validation when joint stereo is used in cook decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit 352c878de6fca57a3f2a6369e27ca442fa5f9518) --- libavcodec/cook.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavcodec/cook.c b/libavcodec/cook.c index 116be2fe98..192ec5bdf1 100644 --- a/libavcodec/cook.c +++ b/libavcodec/cook.c @@ -1175,8 +1175,9 @@ static av_cold int cook_decode_init(AVCodecContext *avctx) return -1; } - if ((q->subpacket[s].js_vlc_bits > 6) || (q->subpacket[s].js_vlc_bits < 0)) { - av_log(avctx,AV_LOG_ERROR,"js_vlc_bits = %d, only >= 0 and <= 6 allowed!\n",q->subpacket[s].js_vlc_bits); + if ((q->subpacket[s].js_vlc_bits > 6) || (q->subpacket[s].js_vlc_bits < 2*q->subpacket[s].joint_stereo)) { + av_log(avctx,AV_LOG_ERROR,"js_vlc_bits = %d, only >= %d and <= 6 allowed!\n", + q->subpacket[s].js_vlc_bits, 2*q->subpacket[s].joint_stereo); return -1; } From 24e0a9e451e1aae427307a919d78f6790f4e413c Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 17 Sep 2011 16:56:33 +0200 Subject: [PATCH 298/652] Reject audio tracks with invalid interleaver parameters in RM demuxer. Signed-off-by: Michael Niedermayer (cherry picked from commit 4907f813581acd6cf68f1be9eb163464503e8208) --- libavformat/rmdec.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c index b7c57af93a..cacca9bc89 100644 --- a/libavformat/rmdec.c +++ b/libavformat/rmdec.c @@ -192,8 +192,9 @@ static int rm_read_audio_stream_info(AVFormatContext *s, AVIOContext *pb, ast->audio_framesize = st->codec->block_align; st->codec->block_align = coded_framesize; - if(ast->audio_framesize >= UINT_MAX / sub_packet_h){ - av_log(s, AV_LOG_ERROR, "ast->audio_framesize * sub_packet_h too large\n"); + if (ast->audio_framesize <= 0 || sub_packet_h <= 0 || + ast->audio_framesize >= UINT_MAX / sub_packet_h){ + av_log(s, AV_LOG_ERROR, "ast->audio_framesize * sub_packet_h is invalid\n"); return -1; } @@ -229,8 +230,9 @@ static int rm_read_audio_stream_info(AVFormatContext *s, AVIOContext *pb, if ((ret = rm_read_extradata(pb, st->codec, codecdata_length)) < 0) return ret; - if(ast->audio_framesize >= UINT_MAX / sub_packet_h){ - av_log(s, AV_LOG_ERROR, "rm->audio_framesize * sub_packet_h too large\n"); + if (ast->audio_framesize <= 0 || sub_packet_h <= 0 || + ast->audio_framesize >= UINT_MAX / sub_packet_h){ + av_log(s, AV_LOG_ERROR, "rm->audio_framesize * sub_packet_h is invalid\n"); return -1; } From ed9e561490d70e317659f9e406c7920242e509eb Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 17 Sep 2011 19:40:25 +0200 Subject: [PATCH 299/652] rv34: check for size mismatch Signed-off-by: Michael Niedermayer (cherry picked from commit 35f38b3ab9d755aede5bce8abbe1cb9c07027f8a) --- libavcodec/rv34.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/rv34.c b/libavcodec/rv34.c index ba88916f5d..0e5f868390 100644 --- a/libavcodec/rv34.c +++ b/libavcodec/rv34.c @@ -1312,6 +1312,10 @@ static int rv34_decode_slice(RV34DecContext *r, int end, const uint8_t* buf, int av_log(s->avctx, AV_LOG_ERROR, "Slice type mismatch\n"); return AVERROR_INVALIDDATA; } + if (s->width != r->si.width || s->height != r->si.height) { + av_log(s->avctx, AV_LOG_ERROR, "Size mismatch\n"); + return AVERROR_INVALIDDATA; + } } r->si.end = end; From 764ffdd0ec069cd648fd069d6de233519a65d49e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 17 Sep 2011 21:53:21 +0200 Subject: [PATCH 300/652] check all svq3_get_ue_golomb() returns. Signed-off-by: Michael Niedermayer (cherry picked from commit 979bea13003ef489d95d2538ac2fb1c26c6f103b) --- libavcodec/dirac.c | 16 ++++++++-------- libavcodec/rv30.c | 4 ++-- libavcodec/rv40.c | 5 ++++- libavcodec/svq3.c | 12 ++++++------ 4 files changed, 20 insertions(+), 17 deletions(-) diff --git a/libavcodec/dirac.c b/libavcodec/dirac.c index af0d799acc..1582a5f8f2 100644 --- a/libavcodec/dirac.c +++ b/libavcodec/dirac.c @@ -120,7 +120,7 @@ static int parse_source_parameters(AVCodecContext *avctx, GetBitContext *gb, // chroma subsampling if (get_bits1(gb)) source->chroma_format = svq3_get_ue_golomb(gb); - if (source->chroma_format > 2) { + if (source->chroma_format > 2U) { av_log(avctx, AV_LOG_ERROR, "Unknown chroma format %d\n", source->chroma_format); return -1; @@ -128,14 +128,14 @@ static int parse_source_parameters(AVCodecContext *avctx, GetBitContext *gb, if (get_bits1(gb)) source->interlaced = svq3_get_ue_golomb(gb); - if (source->interlaced > 1) + if (source->interlaced > 1U) return -1; // frame rate if (get_bits1(gb)) { source->frame_rate_index = svq3_get_ue_golomb(gb); - if (source->frame_rate_index > 10) + if (source->frame_rate_index > 10U) return -1; if (!source->frame_rate_index) { @@ -156,7 +156,7 @@ static int parse_source_parameters(AVCodecContext *avctx, GetBitContext *gb, if (get_bits1(gb)) { source->aspect_ratio_index = svq3_get_ue_golomb(gb); - if (source->aspect_ratio_index > 6) + if (source->aspect_ratio_index > 6U) return -1; if (!source->aspect_ratio_index) { @@ -179,7 +179,7 @@ static int parse_source_parameters(AVCodecContext *avctx, GetBitContext *gb, if (get_bits1(gb)) { source->pixel_range_index = svq3_get_ue_golomb(gb); - if (source->pixel_range_index > 4) + if (source->pixel_range_index > 4U) return -1; // This assumes either fullrange or MPEG levels only @@ -207,7 +207,7 @@ static int parse_source_parameters(AVCodecContext *avctx, GetBitContext *gb, if (get_bits1(gb)) { idx = source->color_spec_index = svq3_get_ue_golomb(gb); - if (source->color_spec_index > 4) + if (source->color_spec_index > 4U) return -1; avctx->color_primaries = dirac_color_presets[idx].color_primaries; @@ -217,7 +217,7 @@ static int parse_source_parameters(AVCodecContext *avctx, GetBitContext *gb, if (!source->color_spec_index) { if (get_bits1(gb)) { idx = svq3_get_ue_golomb(gb); - if (idx < 3) + if (idx < 3U) avctx->color_primaries = dirac_primaries[idx]; } @@ -259,7 +259,7 @@ int ff_dirac_parse_sequence_header(AVCodecContext *avctx, GetBitContext *gb, else if (version_major > 2) av_log(avctx, AV_LOG_WARNING, "Stream may have unhandled features\n"); - if (video_format > 20) + if (video_format > 20U) return -1; // Fill in defaults for the source parameters. diff --git a/libavcodec/rv30.c b/libavcodec/rv30.c index 53d824a109..935866da9a 100644 --- a/libavcodec/rv30.c +++ b/libavcodec/rv30.c @@ -79,7 +79,7 @@ static int rv30_decode_intra_types(RV34DecContext *r, GetBitContext *gb, int8_t for(i = 0; i < 4; i++, dst += r->intra_types_stride - 4){ for(j = 0; j < 4; j+= 2){ int code = svq3_get_ue_golomb(gb) << 1; - if(code >= 81*2){ + if(code >= 81U*2U){ av_log(r->s.avctx, AV_LOG_ERROR, "Incorrect intra prediction code\n"); return -1; } @@ -108,7 +108,7 @@ static int rv30_decode_mb_info(RV34DecContext *r) GetBitContext *gb = &s->gb; int code = svq3_get_ue_golomb(gb); - if(code > 11){ + if(code > 11U){ av_log(s->avctx, AV_LOG_ERROR, "Incorrect MB type code\n"); return -1; } diff --git a/libavcodec/rv40.c b/libavcodec/rv40.c index 54d786a3a6..842f01af02 100644 --- a/libavcodec/rv40.c +++ b/libavcodec/rv40.c @@ -231,8 +231,11 @@ static int rv40_decode_mb_info(RV34DecContext *r) int blocks[RV34_MB_TYPES] = {0}; int count = 0; - if(!r->s.mb_skip_run) + if(!r->s.mb_skip_run) { r->s.mb_skip_run = svq3_get_ue_golomb(gb) + 1; + if(r->s.mb_skip_run > (unsigned)s->mb_num) + return -1; + } if(--r->s.mb_skip_run) return RV34_MB_SKIP; diff --git a/libavcodec/svq3.c b/libavcodec/svq3.c index 30cd0f102f..e5c18c59c2 100644 --- a/libavcodec/svq3.c +++ b/libavcodec/svq3.c @@ -221,7 +221,7 @@ static inline int svq3_decode_block(GetBitContext *gb, DCTELEM *block, for (limit = (16 >> intra); index < 16; index = limit, limit += 8) { for (; (vlc = svq3_get_ue_golomb(gb)) != 0; index++) { - if (vlc == INVALID_VLC) + if (vlc < 0) return -1; sign = (vlc & 0x1) - 1; @@ -239,7 +239,7 @@ static inline int svq3_decode_block(GetBitContext *gb, DCTELEM *block, level = ((vlc + 9) >> 2) - run; } } else { - if (vlc < 16) { + if (vlc < 16U) { run = svq3_dct_tables[intra][vlc].run; level = svq3_dct_tables[intra][vlc].level; } else if (intra) { @@ -569,7 +569,7 @@ static int svq3_decode_mb(SVQ3Context *svq3, unsigned int mb_type) for (i = 0; i < 16; i+=2) { vlc = svq3_get_ue_golomb(&s->gb); - if (vlc >= 25){ + if (vlc >= 25U){ av_log(h->s.avctx, AV_LOG_ERROR, "luma prediction:%d\n", vlc); return -1; } @@ -641,7 +641,7 @@ static int svq3_decode_mb(SVQ3Context *svq3, unsigned int mb_type) } if (!IS_INTRA16x16(mb_type) && (!IS_SKIP(mb_type) || s->pict_type == AV_PICTURE_TYPE_B)) { - if ((vlc = svq3_get_ue_golomb(&s->gb)) >= 48){ + if ((vlc = svq3_get_ue_golomb(&s->gb)) >= 48U){ av_log(h->s.avctx, AV_LOG_ERROR, "cbp_vlc=%d\n", vlc); return -1; } @@ -651,7 +651,7 @@ static int svq3_decode_mb(SVQ3Context *svq3, unsigned int mb_type) if (IS_INTRA16x16(mb_type) || (s->pict_type != AV_PICTURE_TYPE_I && s->adaptive_quant && cbp)) { s->qscale += svq3_get_se_golomb(&s->gb); - if (s->qscale > 31){ + if (s->qscale > 31U){ av_log(h->s.avctx, AV_LOG_ERROR, "qscale:%d\n", s->qscale); return -1; } @@ -755,7 +755,7 @@ static int svq3_decode_slice_header(AVCodecContext *avctx) skip_bits_long(&s->gb, 0); } - if ((i = svq3_get_ue_golomb(&s->gb)) == INVALID_VLC || i >= 3){ + if ((i = svq3_get_ue_golomb(&s->gb)) >= 3U){ av_log(h->s.avctx, AV_LOG_ERROR, "illegal slice type %d \n", i); return -1; } From b59919afe2b6caad1ddcbbb71bdcf5a8750b8c71 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sun, 18 Sep 2011 00:17:44 +0200 Subject: [PATCH 301/652] Reject slices that does not have the same type than the first one in RV10/RV20 decoder. This prevents crashes with some corrupted bitstreams. Signed-off-by: Michael Niedermayer (cherry picked from commit d788af6cf696d547a442c47e1ce6f93bc9fc97b6) --- libavcodec/rv10.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/rv10.c b/libavcodec/rv10.c index 2f822a8ac2..b8cdf4a312 100644 --- a/libavcodec/rv10.c +++ b/libavcodec/rv10.c @@ -559,8 +559,12 @@ static int rv10_decode_packet(AVCodecContext *avctx, if(MPV_frame_start(s, avctx) < 0) return -1; ff_er_frame_start(s); + } else { + if (s->current_picture_ptr->f.pict_type != s->pict_type) + return -1; } + av_dlog(avctx, "qscale=%d\n", s->qscale); /* default quantization values */ From 60a1384013071e4549e48459d484a7b72aeb6ebc Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 17 Sep 2011 23:43:58 +0200 Subject: [PATCH 302/652] Avoid NULL dereference on corrupted bitstream with real decoder. rv34_decode_slice() can return without allocating any pictures. Signed-off-by: Michael Niedermayer (cherry picked from commit 140dbcff357351570426efd0e0bc00e380f5436e) --- libavcodec/rv34.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/rv34.c b/libavcodec/rv34.c index 0e5f868390..9196c9558d 100644 --- a/libavcodec/rv34.c +++ b/libavcodec/rv34.c @@ -1498,7 +1498,7 @@ int ff_rv34_decode_frame(AVCodecContext *avctx, break; } - if(last){ + if(last && s->current_picture_ptr){ if(r->loop_filter) r->loop_filter(r, s->mb_height - 1); ff_er_frame_end(s); From 89bd2307f52c3eceb50df64cd7a62c35fe9ee189 Mon Sep 17 00:00:00 2001 From: Arne de Bruijn Date: Sat, 17 Sep 2011 14:59:00 +0200 Subject: [PATCH 303/652] mpegpsdec: fix reading first mpegps packet (cherry picked from commit b2f230e23dd61112ac090b0c059d87b5f6bcb307) --- libavformat/mpeg.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavformat/mpeg.c b/libavformat/mpeg.c index 1bc4480cd8..3166b42172 100644 --- a/libavformat/mpeg.c +++ b/libavformat/mpeg.c @@ -106,6 +106,7 @@ static int mpegps_read_header(AVFormatContext *s, MpegDemuxContext *m = s->priv_data; const char *sofdec = "Sofdec"; int v, i = 0; + int64_t last_pos = avio_tell(s->pb); m->header_state = 0xff; s->ctx_flags |= AVFMTCTX_NOHEADER; @@ -119,6 +120,9 @@ static int mpegps_read_header(AVFormatContext *s, m->sofdec = (m->sofdec == 6) ? 1 : 0; + if (!m->sofdec) + avio_seek(s->pb, last_pos, SEEK_SET); + /* no need to do more */ return 0; } From 9442f50c33232baed3a20f8b82c181f36b4ebe64 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Mon, 19 Sep 2011 12:20:42 +0200 Subject: [PATCH 304/652] Support 3IVD in isom, produced by 3ivx DivX Doctor. Fixes ticket #486. (cherry picked from commit 4a9b069b6742f78ed7511d2a87af621ab1d43a59) --- libavformat/isom.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/isom.c b/libavformat/isom.c index 09ee23bdfd..1f75a4a956 100644 --- a/libavformat/isom.c +++ b/libavformat/isom.c @@ -208,6 +208,8 @@ const AVCodecTag codec_movvideo_tags[] = { { CODEC_ID_PRORES, MKTAG('a', 'p', 'c', 'o') }, /* Apple ProRes 422 Proxy */ { CODEC_ID_PRORES, MKTAG('a', 'p', '4', 'h') }, /* Apple ProRes 4444 */ + { CODEC_ID_MSMPEG4V3, MKTAG('3', 'I', 'V', 'D') }, /* 3ivx DivX Doctor */ + { CODEC_ID_NONE, 0 }, }; From ed288c0edd3a77537adbeb34c081363ea73e9c14 Mon Sep 17 00:00:00 2001 From: Gwenole Beauchesne Date: Mon, 19 Sep 2011 16:57:10 +0200 Subject: [PATCH 305/652] MAINTAINERS: add my GPG fingerprint. (cherry picked from commit 7882dc10f871bf25a848fe62a152f63814f9c7d1) --- MAINTAINERS | 1 + 1 file changed, 1 insertion(+) diff --git a/MAINTAINERS b/MAINTAINERS index 8588ba73ad..fb28a4e822 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -373,6 +373,7 @@ Ben Littler 3EE3 3723 E560 3214 A8CD 4DEB 2CDB FCE7 768C 8D2C Benoit Fouet B22A 4F4F 43EF 636B BB66 FCDC 0023 AE1E 2985 49C8 Daniel Verkamp 78A6 07ED 782C 653E C628 B8B9 F0EB 8DD8 2F0E 21C7 Diego Biurrun 8227 1E31 B6D9 4994 7427 E220 9CAE D6CC 4757 FCC5 +Gwenole Beauchesne 2E63 B3A6 3E44 37E2 017D 2704 53C7 6266 B153 99C4 Jaikrishnan Menon 61A1 F09F 01C9 2D45 78E1 C862 25DC 8831 AF70 D368 Justin Ruggles 3136 ECC0 C10D 6C04 5F43 CA29 FCBE CD2A 3787 1EBF Loren Merritt ABD9 08F4 C920 3F65 D8BE 35D7 1540 DAA7 060F 56DE From 27128d82faf17cbf476cf5f750722612639bdcd7 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 17 Sep 2011 21:17:45 +0000 Subject: [PATCH 306/652] rmdec: use the deinterleaving mode and not the codec when creating audio packets. It prevents crashes due to non initialized fields. Signed-off-by: Anton Khirnov (cherry picked from commit 3e033da84782e12ed529e6a88dd53b6a72199e8e) --- libavformat/rmdec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c index cacca9bc89..525e276dde 100644 --- a/libavformat/rmdec.c +++ b/libavformat/rmdec.c @@ -801,7 +801,8 @@ ff_rm_retrieve_cache (AVFormatContext *s, AVIOContext *pb, assert (rm->audio_pkt_cnt > 0); - if (st->codec->codec_id == CODEC_ID_AAC) + if (ast->deint_id == DEINT_ID_VBRF || + ast->deint_id == DEINT_ID_VBRS) av_get_packet(pb, pkt, ast->sub_packet_lengths[ast->sub_packet_cnt - rm->audio_pkt_cnt]); else { av_new_packet(pkt, st->codec->block_align); From 738c17b3a657b2017875c5b3ff9336944e4a8f22 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sun, 18 Sep 2011 00:03:08 +0200 Subject: [PATCH 307/652] rv10: Reject slices that does not have the same type as the first one MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This prevents crashes with some corrupted bitstreams. Signed-off-by: Martin Storsjö --- libavcodec/rv10.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavcodec/rv10.c b/libavcodec/rv10.c index b8cdf4a312..189b79f4d0 100644 --- a/libavcodec/rv10.c +++ b/libavcodec/rv10.c @@ -560,8 +560,10 @@ static int rv10_decode_packet(AVCodecContext *avctx, return -1; ff_er_frame_start(s); } else { - if (s->current_picture_ptr->f.pict_type != s->pict_type) + if (s->current_picture_ptr->pict_type != s->pict_type) { + av_log(s->avctx, AV_LOG_ERROR, "Slice type mismatch\n"); return -1; + } } From 5163de0873faf3c7d39a9896ed188a6967cc1a40 Mon Sep 17 00:00:00 2001 From: Kostya Shishkov Date: Sat, 13 Aug 2011 21:02:54 +0200 Subject: [PATCH 308/652] Use deinterleavers for demangling audio packets in RealMedia. Unlike other containers RealMedia stores its audio packets in scrambled form, with interleaver ID preceeding audio codec ID. Currently deinterleaving decision is tied to the codec while it's possible to have non-default deinterleaver with audio codec (like Int0 deinterleaver instead of specific one for Sipro). Signed-off-by: Anton Khirnov --- libavformat/rmdec.c | 33 +++++++++++++++++++++------------ 1 file changed, 21 insertions(+), 12 deletions(-) diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c index 525e276dde..fab6825bf3 100644 --- a/libavformat/rmdec.c +++ b/libavformat/rmdec.c @@ -26,6 +26,13 @@ #include "riff.h" #include "rm.h" +#define DEINT_ID_GENR MKTAG('g', 'e', 'n', 'r') ///< interleaving for Cooker/Atrac +#define DEINT_ID_INT0 MKTAG('I', 'n', 't', '0') ///< no interleaving needed +#define DEINT_ID_INT4 MKTAG('I', 'n', 't', '4') ///< interleaving for 28.8 +#define DEINT_ID_SIPR MKTAG('s', 'i', 'p', 'r') ///< interleaving for Sipro +#define DEINT_ID_VBRF MKTAG('v', 'b', 'r', 'f') ///< VBR case for AAC +#define DEINT_ID_VBRS MKTAG('v', 'b', 'r', 's') ///< VBR case for AAC + struct RMStream { AVPacket pkt; ///< place to store merged video frame / reordered audio data int videobufsize; ///< current assembled frame size @@ -39,6 +46,7 @@ struct RMStream { int sub_packet_size, sub_packet_h, coded_framesize; ///< Descrambling parameters from container int audio_framesize; /// Audio frame size from container int sub_packet_lengths[16]; /// Length of each subpacket + int32_t deint_id; ///< deinterleaver used in audio stream }; typedef struct { @@ -147,6 +155,7 @@ static int rm_read_audio_stream_info(AVFormatContext *s, AVIOContext *pb, st->codec->channels = 1; st->codec->codec_type = AVMEDIA_TYPE_AUDIO; st->codec->codec_id = CODEC_ID_RA_144; + ast->deint_id = DEINT_ID_INT0; } else { int flavor, sub_packet_h, coded_framesize, sub_packet_size; int codecdata_length; @@ -172,11 +181,12 @@ static int rm_read_audio_stream_info(AVFormatContext *s, AVIOContext *pb, avio_rb32(pb); st->codec->channels = avio_rb16(pb); if (version == 5) { - avio_rb32(pb); + ast->deint_id = avio_rl32(pb); avio_read(pb, buf, 4); buf[4] = 0; } else { get_str8(pb, buf, sizeof(buf)); /* desc */ + ast->deint_id = AV_RL32(buf); get_str8(pb, buf, sizeof(buf)); /* desc */ } st->codec->codec_type = AVMEDIA_TYPE_AUDIO; @@ -714,10 +724,9 @@ ff_rm_parse_packet (AVFormatContext *s, AVIOContext *pb, if(rm_assemble_video_frame(s, pb, rm, ast, pkt, len, seq)) return -1; //got partial frame } else if (st->codec->codec_type == AVMEDIA_TYPE_AUDIO) { - if ((st->codec->codec_id == CODEC_ID_RA_288) || - (st->codec->codec_id == CODEC_ID_COOK) || - (st->codec->codec_id == CODEC_ID_ATRAC3) || - (st->codec->codec_id == CODEC_ID_SIPR)) { + if ((ast->deint_id == DEINT_ID_GENR) || + (ast->deint_id == DEINT_ID_INT4) || + (ast->deint_id == DEINT_ID_SIPR)) { int x; int sps = ast->sub_packet_size; int cfs = ast->coded_framesize; @@ -730,30 +739,30 @@ ff_rm_parse_packet (AVFormatContext *s, AVIOContext *pb, if (!y) ast->audiotimestamp = timestamp; - switch(st->codec->codec_id) { - case CODEC_ID_RA_288: + switch (ast->deint_id) { + case DEINT_ID_INT4: for (x = 0; x < h/2; x++) avio_read(pb, ast->pkt.data+x*2*w+y*cfs, cfs); break; - case CODEC_ID_ATRAC3: - case CODEC_ID_COOK: + case DEINT_ID_GENR: for (x = 0; x < w/sps; x++) avio_read(pb, ast->pkt.data+sps*(h*x+((h+1)/2)*(y&1)+(y>>1)), sps); break; - case CODEC_ID_SIPR: + case DEINT_ID_SIPR: avio_read(pb, ast->pkt.data + y * w, w); break; } if (++(ast->sub_packet_cnt) < h) return -1; - if (st->codec->codec_id == CODEC_ID_SIPR) + if (ast->deint_id == DEINT_ID_SIPR) ff_rm_reorder_sipr_data(ast->pkt.data, h, w); ast->sub_packet_cnt = 0; rm->audio_stream_num = st->index; rm->audio_pkt_cnt = h * w / st->codec->block_align; - } else if (st->codec->codec_id == CODEC_ID_AAC) { + } else if ((ast->deint_id == DEINT_ID_VBRF) || + (ast->deint_id == DEINT_ID_VBRS)) { int x; rm->audio_stream_num = st->index; ast->sub_packet_cnt = (avio_rb16(pb) & 0xf0) >> 4; From 3899b3be0c4db1c280ed98e01388f8cebb888ef9 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 17 Sep 2011 00:05:13 +0200 Subject: [PATCH 309/652] rmdec: Reject invalid deinterleaving parameters MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Storsjö --- libavformat/rmdec.c | 48 ++++++++++++++++++++++++++++++--------------- 1 file changed, 32 insertions(+), 16 deletions(-) diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c index fab6825bf3..708187e16f 100644 --- a/libavformat/rmdec.c +++ b/libavformat/rmdec.c @@ -193,6 +193,7 @@ static int rm_read_audio_stream_info(AVFormatContext *s, AVIOContext *pb, st->codec->codec_tag = AV_RL32(buf); st->codec->codec_id = ff_codec_get_id(ff_rm_codec_tags, st->codec->codec_tag); + switch (st->codec->codec_id) { case CODEC_ID_AC3: st->need_parsing = AVSTREAM_PARSE_FULL; @@ -201,14 +202,6 @@ static int rm_read_audio_stream_info(AVFormatContext *s, AVIOContext *pb, st->codec->extradata_size= 0; ast->audio_framesize = st->codec->block_align; st->codec->block_align = coded_framesize; - - if (ast->audio_framesize <= 0 || sub_packet_h <= 0 || - ast->audio_framesize >= UINT_MAX / sub_packet_h){ - av_log(s, AV_LOG_ERROR, "ast->audio_framesize * sub_packet_h is invalid\n"); - return -1; - } - - av_new_packet(&ast->pkt, ast->audio_framesize * sub_packet_h); break; case CODEC_ID_COOK: case CODEC_ID_ATRAC3: @@ -239,14 +232,6 @@ static int rm_read_audio_stream_info(AVFormatContext *s, AVIOContext *pb, } if ((ret = rm_read_extradata(pb, st->codec, codecdata_length)) < 0) return ret; - - if (ast->audio_framesize <= 0 || sub_packet_h <= 0 || - ast->audio_framesize >= UINT_MAX / sub_packet_h){ - av_log(s, AV_LOG_ERROR, "rm->audio_framesize * sub_packet_h is invalid\n"); - return -1; - } - - av_new_packet(&ast->pkt, ast->audio_framesize * sub_packet_h); break; case CODEC_ID_AAC: avio_rb16(pb); avio_r8(pb); @@ -266,6 +251,37 @@ static int rm_read_audio_stream_info(AVFormatContext *s, AVIOContext *pb, default: av_strlcpy(st->codec->codec_name, buf, sizeof(st->codec->codec_name)); } + if (ast->deint_id == DEINT_ID_INT4 || + ast->deint_id == DEINT_ID_GENR || + ast->deint_id == DEINT_ID_SIPR) { + if (st->codec->block_align <= 0 || + ast->audio_framesize * sub_packet_h > (unsigned)INT_MAX || + ast->audio_framesize * sub_packet_h < st->codec->block_align) + return AVERROR_INVALIDDATA; + if (av_new_packet(&ast->pkt, ast->audio_framesize * sub_packet_h) < 0) + return AVERROR(ENOMEM); + } + switch (ast->deint_id) { + case DEINT_ID_INT4: + if (ast->coded_framesize > ast->audio_framesize || + ast->coded_framesize * sub_packet_h > (2 + (sub_packet_h & 1)) * ast->audio_framesize) + return AVERROR_INVALIDDATA; + break; + case DEINT_ID_GENR: + if (ast->sub_packet_size <= 0 || + ast->sub_packet_size > ast->audio_framesize) + return AVERROR_INVALIDDATA; + break; + case DEINT_ID_SIPR: + case DEINT_ID_INT0: + case DEINT_ID_VBRS: + case DEINT_ID_VBRF: + break; + default: + av_log(NULL,0,"Unknown interleaver %X\n", ast->deint_id); + return AVERROR_INVALIDDATA; + } + if (read_all) { avio_r8(pb); avio_r8(pb); From d2c5904cab95cf064bbe885660eb2af0eaa89714 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Mon, 19 Sep 2011 22:48:53 +0200 Subject: [PATCH 310/652] Check for invalid slice offsets in real decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit 8716c178ddabe28a01a9fe81fff68d117b779333) --- libavcodec/rv34.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/libavcodec/rv34.c b/libavcodec/rv34.c index 9196c9558d..1810263751 100644 --- a/libavcodec/rv34.c +++ b/libavcodec/rv34.c @@ -1452,8 +1452,9 @@ int ff_rv34_decode_frame(AVCodecContext *avctx, slice_count = avctx->slice_count; //parse first slice header to check whether this frame can be decoded - if(get_slice_offset(avctx, slices_hdr, 0) > buf_size){ - av_log(avctx, AV_LOG_ERROR, "Slice offset is greater than frame size\n"); + if(get_slice_offset(avctx, slices_hdr, 0) < 0 || + get_slice_offset(avctx, slices_hdr, 0) > buf_size){ + av_log(avctx, AV_LOG_ERROR, "Slice offset is invalid\n"); return -1; } init_get_bits(&s->gb, buf+get_slice_offset(avctx, slices_hdr, 0), (buf_size-get_slice_offset(avctx, slices_hdr, 0))*8); @@ -1476,8 +1477,8 @@ int ff_rv34_decode_frame(AVCodecContext *avctx, else size= get_slice_offset(avctx, slices_hdr, i+1) - offset; - if(offset > buf_size){ - av_log(avctx, AV_LOG_ERROR, "Slice offset is greater than frame size\n"); + if(offset < 0 || offset > buf_size || size < 0){ + av_log(avctx, AV_LOG_ERROR, "Slice offset is invalid\n"); break; } From 596762f0588bf6db31c98a6a64c68a9538cc4cdd Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 21 Sep 2011 00:51:53 +0200 Subject: [PATCH 311/652] mp3demux: pass on error code on packet read. Reported-by: Tanami, Ohad Signed-off-by: Michael Niedermayer (cherry picked from commit c83442b0571370b946d3f8bb85c46879d62ab10a) --- libavformat/mp3dec.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavformat/mp3dec.c b/libavformat/mp3dec.c index 47772a4998..5e3e3513ad 100644 --- a/libavformat/mp3dec.c +++ b/libavformat/mp3dec.c @@ -173,7 +173,9 @@ static int mp3_read_packet(AVFormatContext *s, AVPacket *pkt) pkt->stream_index = 0; if (ret <= 0) { - return AVERROR(EIO); + if(ret<0) + return ret; + return AVERROR_EOF; } if (ret > ID3v1_TAG_SIZE && From bf7dc6b29d785f149f18c39db021413e08735546 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Wed, 21 Sep 2011 23:47:34 +0200 Subject: [PATCH 312/652] Fix dxva2 decoding for some H264 samples. --- libavcodec/dxva2_h264.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/libavcodec/dxva2_h264.c b/libavcodec/dxva2_h264.c index bc80e982fb..3f728e27b5 100644 --- a/libavcodec/dxva2_h264.c +++ b/libavcodec/dxva2_h264.c @@ -158,9 +158,10 @@ static void fill_scaling_lists(const H264Context *h, DXVA_Qmatrix_H264 *qm) for (j = 0; j < 16; j++) qm->bScalingLists4x4[i][j] = h->pps.scaling_matrix4[i][zigzag_scan[j]]; - for (i = 0; i < 2; i++) - for (j = 0; j < 64; j++) - qm->bScalingLists8x8[i][j] = h->pps.scaling_matrix8[i][ff_zigzag_direct[j]]; + for (j = 0; j < 64; j++) { + qm->bScalingLists8x8[0][j] = h->pps.scaling_matrix8[0][ff_zigzag_direct[j]]; + qm->bScalingLists8x8[1][j] = h->pps.scaling_matrix8[3][ff_zigzag_direct[j]]; + } } static int is_slice_short(struct dxva_context *ctx) From 5d833dd29985b53789304b350ac229abd4de0ff6 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Wed, 21 Sep 2011 23:47:34 +0200 Subject: [PATCH 313/652] Fix dxva2 decoding for some H264 samples. (cherry picked from commit bf7dc6b29d785f149f18c39db021413e08735546) --- libavcodec/dxva2_h264.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/libavcodec/dxva2_h264.c b/libavcodec/dxva2_h264.c index bc80e982fb..3f728e27b5 100644 --- a/libavcodec/dxva2_h264.c +++ b/libavcodec/dxva2_h264.c @@ -158,9 +158,10 @@ static void fill_scaling_lists(const H264Context *h, DXVA_Qmatrix_H264 *qm) for (j = 0; j < 16; j++) qm->bScalingLists4x4[i][j] = h->pps.scaling_matrix4[i][zigzag_scan[j]]; - for (i = 0; i < 2; i++) - for (j = 0; j < 64; j++) - qm->bScalingLists8x8[i][j] = h->pps.scaling_matrix8[i][ff_zigzag_direct[j]]; + for (j = 0; j < 64; j++) { + qm->bScalingLists8x8[0][j] = h->pps.scaling_matrix8[0][ff_zigzag_direct[j]]; + qm->bScalingLists8x8[1][j] = h->pps.scaling_matrix8[3][ff_zigzag_direct[j]]; + } } static int is_slice_short(struct dxva_context *ctx) From 3de5c435707cc815812febb8ac2fc5814216b1d8 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Wed, 21 Sep 2011 23:41:11 +0200 Subject: [PATCH 314/652] Fix dxva2 decoding for some H264 samples. (cherry picked from commit 3039c68626d924118d9061259cb898a5d978f758) --- libavcodec/dxva2_h264.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/libavcodec/dxva2_h264.c b/libavcodec/dxva2_h264.c index b5ffe02f44..3d5af31757 100644 --- a/libavcodec/dxva2_h264.c +++ b/libavcodec/dxva2_h264.c @@ -162,17 +162,19 @@ static void fill_scaling_lists(struct dxva_context *ctx, const H264Context *h, D for (j = 0; j < 16; j++) qm->bScalingLists4x4[i][j] = h->pps.scaling_matrix4[i][j]; - for (i = 0; i < 2; i++) - for (j = 0; j < 64; j++) - qm->bScalingLists8x8[i][j] = h->pps.scaling_matrix8[i][j]; + for (j = 0; j < 64; j++) { + qm->bScalingLists8x8[0][j] = h->pps.scaling_matrix8[0][j]; + qm->bScalingLists8x8[1][j] = h->pps.scaling_matrix8[3][j]; + } } else { for (i = 0; i < 6; i++) for (j = 0; j < 16; j++) qm->bScalingLists4x4[i][j] = h->pps.scaling_matrix4[i][zigzag_scan[j]]; - for (i = 0; i < 2; i++) - for (j = 0; j < 64; j++) - qm->bScalingLists8x8[i][j] = h->pps.scaling_matrix8[i][ff_zigzag_direct[j]]; + for (j = 0; j < 64; j++) { + qm->bScalingLists8x8[0][j] = h->pps.scaling_matrix8[0][ff_zigzag_direct[j]]; + qm->bScalingLists8x8[1][j] = h->pps.scaling_matrix8[3][ff_zigzag_direct[j]]; + } } } From cc0ac0244189cfcda258cad996f468c48eca01ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Sun, 28 Aug 2011 21:14:13 +0200 Subject: [PATCH 315/652] Hack around gcc 4.6 breaking asm using call. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit gcc 4.6 no longer decrements esp to account for local variables. Thus using call will end up overwriting some local variable. So add an extra one it can safely clobber. This is a huge hack because it's basically pure chance it works, no idea how this is supposed to be done. Fixes trac ticket #397. Signed-off-by: Reimar Döffinger (cherry picked from commit c928e9172928f3cddab949b107dd53b6bf79555e) --- libswscale/x86/swscale_template.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/libswscale/x86/swscale_template.c b/libswscale/x86/swscale_template.c index 87248e76fa..533a7416e5 100644 --- a/libswscale/x86/swscale_template.c +++ b/libswscale/x86/swscale_template.c @@ -2285,6 +2285,10 @@ static void RENAME(hyscale_fast)(SwsContext *c, int16_t *dst, #if defined(PIC) DECLARE_ALIGNED(8, uint64_t, ebxsave); #endif + // HACK: gcc 4.6 no longer decrements esp, + // use this to make it reserve space for the call + // return address + void *dummy; __asm__ volatile( #if defined(PIC) @@ -2336,6 +2340,7 @@ static void RENAME(hyscale_fast)(SwsContext *c, int16_t *dst, #if defined(PIC) ,"m" (ebxsave) #endif + ,"m" (dummy) : "%"REG_a, "%"REG_c, "%"REG_d, "%"REG_S, "%"REG_D #if !defined(PIC) ,"%"REG_b @@ -2357,6 +2362,10 @@ static void RENAME(hcscale_fast)(SwsContext *c, int16_t *dst1, int16_t *dst2, #if defined(PIC) DECLARE_ALIGNED(8, uint64_t, ebxsave); #endif + // HACK: gcc 4.6 no longer decrements esp, + // use this to make it reserve space for the call + // return address + void *dummy; __asm__ volatile( #if defined(PIC) @@ -2396,6 +2405,7 @@ static void RENAME(hcscale_fast)(SwsContext *c, int16_t *dst1, int16_t *dst2, #if defined(PIC) ,"m" (ebxsave) #endif + ,"m" (dummy) : "%"REG_a, "%"REG_c, "%"REG_d, "%"REG_S, "%"REG_D #if !defined(PIC) ,"%"REG_b From f36cea267381571488070d3d6b8290359f3f94d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Sun, 28 Aug 2011 21:14:13 +0200 Subject: [PATCH 316/652] Hack around gcc 4.6 breaking asm using call. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit gcc 4.6 no longer decrements esp to account for local variables. Thus using call will end up overwriting some local variable. So add an extra one it can safely clobber. This is a huge hack because it's basically pure chance it works, no idea how this is supposed to be done. Fixes trac ticket #397. Signed-off-by: Reimar Döffinger (cherry picked from commit c928e9172928f3cddab949b107dd53b6bf79555e) --- libswscale/x86/swscale_template.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/libswscale/x86/swscale_template.c b/libswscale/x86/swscale_template.c index 25399fadef..e715270714 100644 --- a/libswscale/x86/swscale_template.c +++ b/libswscale/x86/swscale_template.c @@ -2240,6 +2240,10 @@ static void RENAME(hyscale_fast)(SwsContext *c, int16_t *dst, #if defined(PIC) DECLARE_ALIGNED(8, uint64_t, ebxsave); #endif + // HACK: gcc 4.6 no longer decrements esp, + // use this to make it reserve space for the call + // return address + void *dummy; __asm__ volatile( #if defined(PIC) @@ -2291,6 +2295,7 @@ static void RENAME(hyscale_fast)(SwsContext *c, int16_t *dst, #if defined(PIC) ,"m" (ebxsave) #endif + ,"m" (dummy) : "%"REG_a, "%"REG_c, "%"REG_d, "%"REG_S, "%"REG_D #if !defined(PIC) ,"%"REG_b @@ -2312,6 +2317,10 @@ static void RENAME(hcscale_fast)(SwsContext *c, int16_t *dst1, int16_t *dst2, #if defined(PIC) DECLARE_ALIGNED(8, uint64_t, ebxsave); #endif + // HACK: gcc 4.6 no longer decrements esp, + // use this to make it reserve space for the call + // return address + void *dummy; __asm__ volatile( #if defined(PIC) @@ -2351,6 +2360,7 @@ static void RENAME(hcscale_fast)(SwsContext *c, int16_t *dst1, int16_t *dst2, #if defined(PIC) ,"m" (ebxsave) #endif + ,"m" (dummy) : "%"REG_a, "%"REG_c, "%"REG_d, "%"REG_S, "%"REG_D #if !defined(PIC) ,"%"REG_b From a582b028a416a29e60b4748b2ae4221ada11c2b8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Sun, 28 Aug 2011 21:14:13 +0200 Subject: [PATCH 317/652] Hack around gcc 4.6 breaking asm using call. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit gcc 4.6 no longer decrements esp to account for local variables. Thus using call will end up overwriting some local variable. So add an extra one it can safely clobber. This is a huge hack because it's basically pure chance it works, no idea how this is supposed to be done. Fixes trac ticket #397. Signed-off-by: Reimar Döffinger (cherry picked from commit c928e9172928f3cddab949b107dd53b6bf79555e) --- libswscale/x86/swscale_template.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/libswscale/x86/swscale_template.c b/libswscale/x86/swscale_template.c index 25399fadef..e715270714 100644 --- a/libswscale/x86/swscale_template.c +++ b/libswscale/x86/swscale_template.c @@ -2240,6 +2240,10 @@ static void RENAME(hyscale_fast)(SwsContext *c, int16_t *dst, #if defined(PIC) DECLARE_ALIGNED(8, uint64_t, ebxsave); #endif + // HACK: gcc 4.6 no longer decrements esp, + // use this to make it reserve space for the call + // return address + void *dummy; __asm__ volatile( #if defined(PIC) @@ -2291,6 +2295,7 @@ static void RENAME(hyscale_fast)(SwsContext *c, int16_t *dst, #if defined(PIC) ,"m" (ebxsave) #endif + ,"m" (dummy) : "%"REG_a, "%"REG_c, "%"REG_d, "%"REG_S, "%"REG_D #if !defined(PIC) ,"%"REG_b @@ -2312,6 +2317,10 @@ static void RENAME(hcscale_fast)(SwsContext *c, int16_t *dst1, int16_t *dst2, #if defined(PIC) DECLARE_ALIGNED(8, uint64_t, ebxsave); #endif + // HACK: gcc 4.6 no longer decrements esp, + // use this to make it reserve space for the call + // return address + void *dummy; __asm__ volatile( #if defined(PIC) @@ -2351,6 +2360,7 @@ static void RENAME(hcscale_fast)(SwsContext *c, int16_t *dst1, int16_t *dst2, #if defined(PIC) ,"m" (ebxsave) #endif + ,"m" (dummy) : "%"REG_a, "%"REG_c, "%"REG_d, "%"REG_S, "%"REG_D #if !defined(PIC) ,"%"REG_b From 533dbaa55b7d45d5ca76f9ed46f5690282f86ea9 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Wed, 21 Sep 2011 20:46:29 +0200 Subject: [PATCH 318/652] Check output buffer size in nellymoser decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit 741ec30bd2385f794efa9fafa84d39a917f2574e) --- libavcodec/nellymoserdec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/nellymoserdec.c b/libavcodec/nellymoserdec.c index 59c1b3bdd8..d85483dbf4 100644 --- a/libavcodec/nellymoserdec.c +++ b/libavcodec/nellymoserdec.c @@ -156,6 +156,7 @@ static int decode_tag(AVCodecContext * avctx, const uint8_t *buf = avpkt->data; int buf_size = avpkt->size; NellyMoserDecodeContext *s = avctx->priv_data; + int data_max = *data_size; int blocks, i; int16_t* samples; *data_size = 0; @@ -178,6 +179,8 @@ static int decode_tag(AVCodecContext * avctx, */ for (i=0 ; i data_max) + return i > 0 ? i * NELLY_BLOCK_LEN : -1; nelly_decode_block(s, &buf[i*NELLY_BLOCK_LEN], s->float_buf); s->fmt_conv.float_to_int16(&samples[i*NELLY_SAMPLES], s->float_buf, NELLY_SAMPLES); *data_size += NELLY_SAMPLES*sizeof(int16_t); From 69b6248327a042155396177eaff009b65bc8fcc8 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Wed, 21 Sep 2011 20:46:31 +0200 Subject: [PATCH 319/652] Check for invalid slices offsets in RV30/40 decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit b64269ce5528bdbec8af671042f97af1242cf044) --- libavcodec/rv34.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/libavcodec/rv34.c b/libavcodec/rv34.c index 1810263751..54fc29eca3 100644 --- a/libavcodec/rv34.c +++ b/libavcodec/rv34.c @@ -1477,13 +1477,18 @@ int ff_rv34_decode_frame(AVCodecContext *avctx, else size= get_slice_offset(avctx, slices_hdr, i+1) - offset; - if(offset < 0 || offset > buf_size || size < 0){ + if(offset < 0 || offset > buf_size){ av_log(avctx, AV_LOG_ERROR, "Slice offset is invalid\n"); break; } r->si.end = s->mb_width * s->mb_height; if(i+1 < slice_count){ + if (get_slice_offset(avctx, slices_hdr, i+1) < 0 || + get_slice_offset(avctx, slices_hdr, i+1) > buf_size) { + av_log(avctx, AV_LOG_ERROR, "Slice offset is invalid\n"); + break; + } init_get_bits(&s->gb, buf+get_slice_offset(avctx, slices_hdr, i+1), (buf_size-get_slice_offset(avctx, slices_hdr, i+1))*8); if(r->parse_slice_header(r, &r->s.gb, &si) < 0){ if(i+2 < slice_count) @@ -1493,6 +1498,10 @@ int ff_rv34_decode_frame(AVCodecContext *avctx, }else r->si.end = si.start; } + if (size < 0 || size > buf_size - offset) { + av_log(avctx, AV_LOG_ERROR, "Slice size is invalid\n"); + break; + } last = rv34_decode_slice(r, r->si.end, buf + offset, size); s->mb_num_left = r->s.mb_x + r->s.mb_y*r->s.mb_width - r->si.start; if(last) From a5a02ea3f2bb4e89d9ee0e381c938bd83e5c369d Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Wed, 21 Sep 2011 20:46:30 +0200 Subject: [PATCH 320/652] Check for missing reference in vp5/6 decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit 6a0e78929aa7d6b2c6b598c1589fb0e48fccb132) --- libavcodec/vp56.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/vp56.c b/libavcodec/vp56.c index ad451c251f..cf891763f6 100644 --- a/libavcodec/vp56.c +++ b/libavcodec/vp56.c @@ -399,6 +399,8 @@ static void vp56_decode_mb(VP56Context *s, int row, int col, int is_alpha) frame_current = s->framep[VP56_FRAME_CURRENT]; frame_ref = s->framep[ref_frame]; + if (mb_type != VP56_MB_INTRA && !frame_ref->data[0]) + return; ab = 6*is_alpha; b_max = 6 - 2*is_alpha; From c9c6e5f4e8680b7b7801dd6943590ae9cd6bfd89 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Wed, 21 Sep 2011 20:46:33 +0200 Subject: [PATCH 321/652] Release old pictures after a resolution change in vp5/6 decoder Signed-off-by: Michael Niedermayer (cherry picked from commit dba20b84784a7931b7eac50ced1d43e86801bde9) --- libavcodec/vp56.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/libavcodec/vp56.c b/libavcodec/vp56.c index cf891763f6..25ec7a376d 100644 --- a/libavcodec/vp56.c +++ b/libavcodec/vp56.c @@ -513,6 +513,16 @@ int ff_vp56_decode_frame(AVCodecContext *avctx, void *data, int *data_size, if (!res) return -1; + if (res == 2) { + int i; + for (i = 0; i < 4; i++) { + if (s->frames[i].data[0]) + avctx->release_buffer(avctx, &s->frames[i]); + } + if (is_alpha) + return -1; + } + if (!is_alpha) { p->reference = 1; if (avctx->get_buffer(avctx, p) < 0) { From cf43508eb39bb3749f45d84ded924e1b30794566 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Wed, 21 Sep 2011 20:46:32 +0200 Subject: [PATCH 322/652] Check for huffman tree building error in vp6 decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit 7c249d4fbaf4431b20a90a3c942f3370c0039d9e) --- libavcodec/vp5.c | 3 ++- libavcodec/vp56.c | 4 +++- libavcodec/vp56.h | 2 +- libavcodec/vp6.c | 20 ++++++++++++-------- 4 files changed, 18 insertions(+), 11 deletions(-) diff --git a/libavcodec/vp5.c b/libavcodec/vp5.c index e9de38e6dd..f1b0169ae1 100644 --- a/libavcodec/vp5.c +++ b/libavcodec/vp5.c @@ -116,7 +116,7 @@ static void vp5_parse_vector_models(VP56Context *s) model->vector_pdv[comp][node] = vp56_rac_gets_nn(c, 7); } -static void vp5_parse_coeff_models(VP56Context *s) +static int vp5_parse_coeff_models(VP56Context *s) { VP56RangeCoder *c = &s->c; VP56Model *model = s->modelp; @@ -160,6 +160,7 @@ static void vp5_parse_coeff_models(VP56Context *s) for (ctx=0; ctx<6; ctx++) for (node=0; node<5; node++) model->coeff_acct[pt][ct][cg][ctx][node] = av_clip(((model->coeff_ract[pt][ct][cg][node] * vp5_ract_lc[ct][cg][node][ctx][0] + 128) >> 8) + vp5_ract_lc[ct][cg][node][ctx][1], 1, 254); + return 0; } static void vp5_parse_coeff(VP56Context *s) diff --git a/libavcodec/vp56.c b/libavcodec/vp56.c index 25ec7a376d..30f3efbc46 100644 --- a/libavcodec/vp56.c +++ b/libavcodec/vp56.c @@ -549,7 +549,8 @@ int ff_vp56_decode_frame(AVCodecContext *avctx, void *data, int *data_size, s->mb_type = VP56_MB_INTER_NOVEC_PF; } - s->parse_coeff_models(s); + if (s->parse_coeff_models(s)) + goto next; memset(s->prev_dc, 0, sizeof(s->prev_dc)); s->prev_dc[1][VP56_FRAME_CURRENT] = 128; @@ -613,6 +614,7 @@ int ff_vp56_decode_frame(AVCodecContext *avctx, void *data, int *data_size, } } + next: if (p->key_frame || golden_frame) { if (s->framep[VP56_FRAME_GOLDEN]->data[0] && s->framep[VP56_FRAME_GOLDEN] != s->framep[VP56_FRAME_GOLDEN2]) diff --git a/libavcodec/vp56.h b/libavcodec/vp56.h index d1735e5609..4d560dac6a 100644 --- a/libavcodec/vp56.h +++ b/libavcodec/vp56.h @@ -46,7 +46,7 @@ typedef void (*VP56Filter)(VP56Context *s, uint8_t *dst, uint8_t *src, typedef void (*VP56ParseCoeff)(VP56Context *s); typedef void (*VP56DefaultModelsInit)(VP56Context *s); typedef void (*VP56ParseVectorModels)(VP56Context *s); -typedef void (*VP56ParseCoeffModels)(VP56Context *s); +typedef int (*VP56ParseCoeffModels)(VP56Context *s); typedef int (*VP56ParseHeader)(VP56Context *s, const uint8_t *buf, int buf_size, int *golden_frame); diff --git a/libavcodec/vp6.c b/libavcodec/vp6.c index 0a02ce58d6..0b26c0461a 100644 --- a/libavcodec/vp6.c +++ b/libavcodec/vp6.c @@ -234,7 +234,7 @@ static void vp6_build_huff_tree(VP56Context *s, uint8_t coeff_model[], FF_HUFFMAN_FLAG_HNODE_FIRST); } -static void vp6_parse_coeff_models(VP56Context *s) +static int vp6_parse_coeff_models(VP56Context *s) { VP56RangeCoder *c = &s->c; VP56Model *model = s->modelp; @@ -279,15 +279,18 @@ static void vp6_parse_coeff_models(VP56Context *s) if (s->use_huffman) { for (pt=0; pt<2; pt++) { - vp6_build_huff_tree(s, model->coeff_dccv[pt], - vp6_huff_coeff_map, 12, &s->dccv_vlc[pt]); - vp6_build_huff_tree(s, model->coeff_runv[pt], - vp6_huff_run_map, 9, &s->runv_vlc[pt]); + if (vp6_build_huff_tree(s, model->coeff_dccv[pt], + vp6_huff_coeff_map, 12, &s->dccv_vlc[pt])) + return -1; + if (vp6_build_huff_tree(s, model->coeff_runv[pt], + vp6_huff_run_map, 9, &s->runv_vlc[pt])) + return -1; for (ct=0; ct<3; ct++) for (cg = 0; cg < 6; cg++) - vp6_build_huff_tree(s, model->coeff_ract[pt][ct][cg], - vp6_huff_coeff_map, 12, - &s->ract_vlc[pt][ct][cg]); + if (vp6_build_huff_tree(s, model->coeff_ract[pt][ct][cg], + vp6_huff_coeff_map, 12, + &s->ract_vlc[pt][ct][cg])) + return -1; } memset(s->nb_null, 0, sizeof(s->nb_null)); } else { @@ -297,6 +300,7 @@ static void vp6_parse_coeff_models(VP56Context *s) for (node=0; node<5; node++) model->coeff_dcct[pt][ctx][node] = av_clip(((model->coeff_dccv[pt][node] * vp6_dccv_lc[ctx][node][0] + 128) >> 8) + vp6_dccv_lc[ctx][node][1], 1, 255); } + return 0; } static void vp6_parse_vector_adjustment(VP56Context *s, VP56mv *vect) From 056e9efc8e06faed3516b610d8a74484f24ac07f Mon Sep 17 00:00:00 2001 From: Dustin Brody Date: Tue, 16 Aug 2011 16:46:34 -0400 Subject: [PATCH 323/652] vp6: partially propagate huffman tree building errors during coeff model parsing and fix misspelling Signed-off-by: Ronald S. Bultje (cherry picked from commit f913eeea43078b3b9052efd8d8d29e7b29b39208) Signed-off-by: Michael Niedermayer --- libavcodec/vp6.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/libavcodec/vp6.c b/libavcodec/vp6.c index 0b26c0461a..d05a3618f7 100644 --- a/libavcodec/vp6.c +++ b/libavcodec/vp6.c @@ -213,8 +213,8 @@ static int vp6_huff_cmp(const void *va, const void *vb) return (a->count - b->count)*16 + (b->sym - a->sym); } -static void vp6_build_huff_tree(VP56Context *s, uint8_t coeff_model[], - const uint8_t *map, unsigned size, VLC *vlc) +static int vp6_build_huff_tree(VP56Context *s, uint8_t coeff_model[], + const uint8_t *map, unsigned size, VLC *vlc) { Node nodes[2*VP6_MAX_HUFF_SIZE], *tmp = &nodes[size]; int a, b, i; @@ -229,9 +229,9 @@ static void vp6_build_huff_tree(VP56Context *s, uint8_t coeff_model[], } free_vlc(vlc); - /* then build the huffman tree accodring to probabilities */ - ff_huff_build_tree(s->avctx, vlc, size, nodes, vp6_huff_cmp, - FF_HUFFMAN_FLAG_HNODE_FIRST); + /* then build the huffman tree according to probabilities */ + return ff_huff_build_tree(s->avctx, vlc, size, nodes, vp6_huff_cmp, + FF_HUFFMAN_FLAG_HNODE_FIRST); } static int vp6_parse_coeff_models(VP56Context *s) From b00fc80d406fef0acd54619a7c82e2a31e00c06c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 22 Sep 2011 02:29:11 +0200 Subject: [PATCH 324/652] update version numbers for 0.8.4 Signed-off-by: Michael Niedermayer --- Doxyfile | 2 +- RELEASE | 2 +- VERSION | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Doxyfile b/Doxyfile index eca888d1d8..4f45f3417e 100644 --- a/Doxyfile +++ b/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 0.8.3 +PROJECT_NUMBER = 0.8.4 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. diff --git a/RELEASE b/RELEASE index ee94dd834b..b60d71966a 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -0.8.3 +0.8.4 diff --git a/VERSION b/VERSION index ee94dd834b..b60d71966a 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.8.3 +0.8.4 From 1450d6e6377df00a538ae7542981a0ebff9415da Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 22 Sep 2011 02:30:14 +0200 Subject: [PATCH 325/652] Update version numbers for 0.7.5 Signed-off-by: Michael Niedermayer --- Doxyfile | 2 +- RELEASE | 2 +- VERSION | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Doxyfile b/Doxyfile index afd2e3c289..bcb13563a5 100644 --- a/Doxyfile +++ b/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 0.7.4 +PROJECT_NUMBER = 0.7.5 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. diff --git a/RELEASE b/RELEASE index 0a1ffad4b4..8bd6ba8c5c 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -0.7.4 +0.7.5 diff --git a/VERSION b/VERSION index 0a1ffad4b4..8bd6ba8c5c 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.7.4 +0.7.5 From 47be9f5bd50e9c388adca6f8991cde7b4612db56 Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Sun, 26 Jun 2011 15:52:00 -0700 Subject: [PATCH 326/652] swscale: don't use planar output functions to write to NV12/21. This prevents a crash when converting to NV12/21 without the bitexact flags enabled. (cherry picked from commit 0d994b2f45c08794899057ee7ca54f48218c0a53) Signed-off-by: Anton Khirnov --- libswscale/x86/swscale_template.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libswscale/x86/swscale_template.c b/libswscale/x86/swscale_template.c index 8fad257ddf..dc92cddff5 100644 --- a/libswscale/x86/swscale_template.c +++ b/libswscale/x86/swscale_template.c @@ -2203,7 +2203,8 @@ static av_cold void RENAME(sws_init_swScale)(SwsContext *c) enum PixelFormat srcFormat = c->srcFormat, dstFormat = c->dstFormat; - if (!is16BPS(dstFormat) && !is9_OR_10BPS(dstFormat)) { + if (!is16BPS(dstFormat) && !is9_OR_10BPS(dstFormat) && + dstFormat != PIX_FMT_NV12 && dstFormat != PIX_FMT_NV21) { if (!(c->flags & SWS_BITEXACT)) { if (c->flags & SWS_ACCURATE_RND) { c->yuv2yuv1 = RENAME(yuv2yuv1_ar ); From 8ad1f0852b26468cb681ad49be83e2bc25d07934 Mon Sep 17 00:00:00 2001 From: Jason Garrett-Glaser Date: Mon, 4 Jul 2011 06:05:34 -0700 Subject: [PATCH 327/652] H.264: fix overreads of qscale_table filter_mb_fast assumed that qscale_table was padded like many of the other tables. (cherry picked from commit 5029a406334ad0eaf92130e23d596e405a8a5aa0) Signed-off-by: Anton Khirnov --- libavcodec/mpegvideo.c | 5 +++-- libavcodec/mpegvideo.h | 1 + 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/libavcodec/mpegvideo.c b/libavcodec/mpegvideo.c index 4978d28b49..ceed41f230 100644 --- a/libavcodec/mpegvideo.c +++ b/libavcodec/mpegvideo.c @@ -285,9 +285,10 @@ int ff_alloc_picture(MpegEncContext *s, Picture *pic, int shared){ } FF_ALLOCZ_OR_GOTO(s->avctx, pic->mbskip_table , mb_array_size * sizeof(uint8_t)+2, fail) //the +2 is for the slice end check - FF_ALLOCZ_OR_GOTO(s->avctx, pic->qscale_table , mb_array_size * sizeof(uint8_t) , fail) + FF_ALLOCZ_OR_GOTO(s->avctx, pic->qscale_table_base , (big_mb_num + s->mb_stride) * sizeof(uint8_t) , fail) FF_ALLOCZ_OR_GOTO(s->avctx, pic->mb_type_base , (big_mb_num + s->mb_stride) * sizeof(uint32_t), fail) pic->mb_type= pic->mb_type_base + 2*s->mb_stride+1; + pic->qscale_table = pic->qscale_table_base + 2*s->mb_stride + 1; if(s->out_format == FMT_H264){ for(i=0; i<2; i++){ FF_ALLOCZ_OR_GOTO(s->avctx, pic->motion_val_base[i], 2 * (b4_array_size+4) * sizeof(int16_t), fail) @@ -339,7 +340,7 @@ static void free_picture(MpegEncContext *s, Picture *pic){ av_freep(&pic->mc_mb_var); av_freep(&pic->mb_mean); av_freep(&pic->mbskip_table); - av_freep(&pic->qscale_table); + av_freep(&pic->qscale_table_base); av_freep(&pic->mb_type_base); av_freep(&pic->dct_coeff); av_freep(&pic->pan_scan); diff --git a/libavcodec/mpegvideo.h b/libavcodec/mpegvideo.h index 6ce7faa235..f37977c941 100644 --- a/libavcodec/mpegvideo.h +++ b/libavcodec/mpegvideo.h @@ -88,6 +88,7 @@ typedef struct Picture{ * halfpel luma planes. */ uint8_t *interpolated[3]; + int8_t *qscale_table_base; int16_t (*motion_val_base[2])[2]; uint32_t *mb_type_base; #define MB_TYPE_INTRA MB_TYPE_INTRA4x4 //default mb_type if there is just one type From 06318968853ff8c628bbc75fb126483c08f22fd9 Mon Sep 17 00:00:00 2001 From: John Stebbins Date: Mon, 4 Jul 2011 09:55:19 -0700 Subject: [PATCH 328/652] dca: set AVCodecContext frame_size for DTS audio Set the frame size when decoding DTS audio. This has the side effect of fixing the computation of timestamps for DTS-HD in compute_pkt_fields. Since frame_size is not currently set, the duration of a frame is being guessed based on the streams bitrate. But for DTS-HD, the bitrate currently used is the rate of the DTS core which is much different than the whole DTS-HD stream and leads to a wildly inaccurate frame duration estimate. Signed-off-by: Ronald S. Bultje (cherry picked from commit 49c7006c7e815d4330247624a9e6ba30e288cd02) Signed-off-by: Anton Khirnov --- libavcodec/dca.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/dca.c b/libavcodec/dca.c index a9b2c9b0c9..fad6bce7a9 100644 --- a/libavcodec/dca.c +++ b/libavcodec/dca.c @@ -1650,6 +1650,7 @@ static int dca_decode_frame(AVCodecContext * avctx, //set AVCodec values with parsed data avctx->sample_rate = s->sample_rate; avctx->bit_rate = s->bit_rate; + avctx->frame_size = s->sample_blocks * 32; s->profile = FF_PROFILE_DTS; From 776603b650485f4f2d45f383b772ac5a4f03ebfb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20B=C5=93sch?= Date: Mon, 4 Jul 2011 10:19:46 +0200 Subject: [PATCH 329/652] mxfenc: fix ignored drop flag in binary timecode representation. Signed-off-by: Ronald S. Bultje (cherry picked from commit 4d5e7ab5c48451404038706ef3113c9925a83087) Signed-off-by: Anton Khirnov --- libavformat/mxfenc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mxfenc.c b/libavformat/mxfenc.c index c448e14b00..387263e1a1 100644 --- a/libavformat/mxfenc.c +++ b/libavformat/mxfenc.c @@ -1539,7 +1539,7 @@ static const uint8_t system_metadata_package_set_key[] = { 0x06,0x0E,0x2B,0x34,0 static uint32_t ff_framenum_to_12m_time_code(unsigned frame, int drop, int fps) { return (0 << 31) | // color frame flag - (0 << 30) | // drop frame flag + (drop << 30) | // drop frame flag ( ((frame % fps) / 10) << 28) | // tens of frames ( ((frame % fps) % 10) << 24) | // units of frames (0 << 23) | // field phase (NTSC), b0 (PAL) From 15355f9af2a415bbfbffdace04a4341c8af050e7 Mon Sep 17 00:00:00 2001 From: Mans Rullgard Date: Tue, 5 Jul 2011 18:29:35 +0100 Subject: [PATCH 330/652] ARM: workaround for bug in GNU assembler Some versions of the GNU assembler do not handle 64-bit immediate operands containing arithmetic. Writing the value out in full works correctly. Signed-off-by: Mans Rullgard (cherry picked from commit fce1e43410bdc032c4cf2b1c66166a9ed99cc8f1) Signed-off-by: Anton Khirnov --- libavcodec/arm/fft_fixed_neon.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/arm/fft_fixed_neon.S b/libavcodec/arm/fft_fixed_neon.S index 14884d3736..63d8159359 100644 --- a/libavcodec/arm/fft_fixed_neon.S +++ b/libavcodec/arm/fft_fixed_neon.S @@ -56,7 +56,7 @@ vhsub.s16 \r0, \d0, \d1 @ t3, t4, t8, t7 vhsub.s16 \r1, \d1, \d0 vhadd.s16 \d0, \d0, \d1 @ t1, t2, t6, t5 - vmov.i64 \d1, #0xffff<<32 + vmov.i64 \d1, #0xffff00000000 vbit \r0, \r1, \d1 vrev64.16 \r1, \r0 @ t7, t8, t4, t3 vtrn.32 \r0, \r1 @ t3, t4, t7, t8 From e9520db07e1e4a795523726329d448d168b188d5 Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Tue, 5 Jul 2011 18:10:48 -0700 Subject: [PATCH 331/652] eval: fix memleak. (cherry picked from commit fe277b16f0861a327e1f6c00c0dbb8b00806d60d) Signed-off-by: Anton Khirnov --- libavutil/eval.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavutil/eval.c b/libavutil/eval.c index a3788210e3..8bcba3632d 100644 --- a/libavutil/eval.c +++ b/libavutil/eval.c @@ -488,6 +488,7 @@ int av_expr_parse(AVExpr **expr, const char *s, if ((ret = parse_expr(&e, &p)) < 0) goto end; if (*p.s) { + av_expr_free(e); av_log(&p, AV_LOG_ERROR, "Invalid chars '%s' at the end of expression '%s'\n", p.s, s0); ret = AVERROR(EINVAL); goto end; From 6107543d4e4f6bfa7810e3696ab57553f7257b4b Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Wed, 29 Jun 2011 13:41:47 -0700 Subject: [PATCH 332/652] adts: Fix PCE copying. Parse the extension flag bit when reading the MPEG4 AudioSpecificConfig. This has nothing to do with SBR/PS contradictory to what was noted when it was removed. (cherry picked from commit 7f01a4192cdf4565eadee457f76e6b5196e35e0b) Signed-off-by: Anton Khirnov --- libavformat/adtsenc.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavformat/adtsenc.c b/libavformat/adtsenc.c index e858a81d92..75649e24dc 100644 --- a/libavformat/adtsenc.c +++ b/libavformat/adtsenc.c @@ -59,6 +59,10 @@ int ff_adts_decode_extradata(AVFormatContext *s, ADTSContext *adts, uint8_t *buf av_log(s, AV_LOG_ERROR, "Scalable configurations are not allowed in ADTS\n"); return -1; } + if (get_bits(&gb, 1)) { + av_log(s, AV_LOG_ERROR, "Extension flag is not allowed in ADTS\n"); + return -1; + } if (!adts->channel_conf) { init_put_bits(&pb, adts->pce_data, MAX_PCE_SIZE); From 94177614747ebb8a8e1b7e70cfd5229cbac56c04 Mon Sep 17 00:00:00 2001 From: Anton Khirnov Date: Sun, 11 Sep 2011 12:27:51 +0200 Subject: [PATCH 333/652] Revert "ffmpeg: get rid of useless AVInputStream.nb_streams." This reverts commit 2cf8355f98681bdd726b739008acd5483f82f8d7. AVInputStream.nb_streams tracks number of streams found at the beginning, new streams may appear that ffmpeg doesn't know about. Fixes crash in this case. Signed-off-by: Anton Khirnov --- ffmpeg.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/ffmpeg.c b/ffmpeg.c index c1db3d5679..76d1cf363c 100644 --- a/ffmpeg.c +++ b/ffmpeg.c @@ -329,6 +329,7 @@ typedef struct AVInputFile { int eof_reached; /* true if eof reached */ int ist_index; /* index of first stream in ist_table */ int buffer_size; /* current total buffer size */ + int nb_streams; /* nb streams we are aware of */ } AVInputFile; static AVInputStream *input_streams = NULL; @@ -1983,7 +1984,7 @@ static int transcode(AVFormatContext **output_files, int si = stream_maps[i].stream_index; if (fi < 0 || fi > nb_input_files - 1 || - si < 0 || si > input_files[fi].ctx->nb_streams - 1) { + si < 0 || si > input_files[fi].nb_streams - 1) { fprintf(stderr,"Could not find input stream #%d.%d\n", fi, si); ret = AVERROR(EINVAL); goto fail; @@ -1991,7 +1992,7 @@ static int transcode(AVFormatContext **output_files, fi = stream_maps[i].sync_file_index; si = stream_maps[i].sync_stream_index; if (fi < 0 || fi > nb_input_files - 1 || - si < 0 || si > input_files[fi].ctx->nb_streams - 1) { + si < 0 || si > input_files[fi].nb_streams - 1) { fprintf(stderr,"Could not find sync stream #%d.%d\n", fi, si); ret = AVERROR(EINVAL); goto fail; @@ -2607,7 +2608,7 @@ static int transcode(AVFormatContext **output_files, } /* the following test is needed in case new streams appear dynamically in stream : we ignore them */ - if (pkt.stream_index >= input_files[file_index].ctx->nb_streams) + if (pkt.stream_index >= input_files[file_index].nb_streams) goto discard_packet; ist_index = input_files[file_index].ist_index + pkt.stream_index; ist = &input_streams[ist_index]; @@ -3365,6 +3366,7 @@ static int opt_input_file(const char *opt, const char *filename) input_files = grow_array(input_files, sizeof(*input_files), &nb_input_files, nb_input_files + 1); input_files[nb_input_files - 1].ctx = ic; input_files[nb_input_files - 1].ist_index = nb_input_streams - ic->nb_streams; + input_files[nb_input_files - 1].nb_streams = ic->nb_streams; frame_rate = (AVRational){0, 0}; frame_pix_fmt = PIX_FMT_NONE; From c75ba07f6eb83439bc44e5504152f8ca03097bec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tomas=20H=C3=A4rdin?= Date: Thu, 23 Jun 2011 15:59:33 +0200 Subject: [PATCH 334/652] gxf: Fix 25 fps DV material in GXF being misdetected as 50 fps Set DV packet durations using fields_per_frame. This requires turning gxf_stream_info into the demuxer's context for access to the value in gxf_packet(). Since MPEG-2 seems to work fine this done only for DV. Signed-off-by: Anton Khirnov (cherry picked from commit 99fecc64b064a013559d3d61f7d9790e3c95c80e) Signed-off-by: Anton Khirnov --- libavformat/gxf.c | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/libavformat/gxf.c b/libavformat/gxf.c index 74d925fe60..d77fd18b37 100644 --- a/libavformat/gxf.c +++ b/libavformat/gxf.c @@ -264,7 +264,7 @@ static int gxf_header(AVFormatContext *s, AVFormatParameters *ap) { int map_len; int len; AVRational main_timebase = {0, 0}; - struct gxf_stream_info si; + struct gxf_stream_info *si = s->priv_data; int i; if (!parse_packet_header(pb, &pkt_type, &map_len) || pkt_type != PKT_MAP) { av_log(s, AV_LOG_ERROR, "map packet not found\n"); @@ -282,7 +282,7 @@ static int gxf_header(AVFormatContext *s, AVFormatParameters *ap) { return 0; } map_len -= len; - gxf_material_tags(pb, &len, &si); + gxf_material_tags(pb, &len, si); avio_skip(pb, len); map_len -= 2; len = avio_rb16(pb); // length of track description @@ -300,7 +300,7 @@ static int gxf_header(AVFormatContext *s, AVFormatParameters *ap) { track_id = avio_r8(pb); track_len = avio_rb16(pb); len -= track_len; - gxf_track_tags(pb, &track_len, &si); + gxf_track_tags(pb, &track_len, si); avio_skip(pb, track_len); if (!(track_type & 0x80)) { av_log(s, AV_LOG_ERROR, "invalid track type %x\n", track_type); @@ -316,12 +316,12 @@ static int gxf_header(AVFormatContext *s, AVFormatParameters *ap) { if (idx < 0) continue; st = s->streams[idx]; if (!main_timebase.num || !main_timebase.den) { - main_timebase.num = si.frames_per_second.den; - main_timebase.den = si.frames_per_second.num * 2; + main_timebase.num = si->frames_per_second.den; + main_timebase.den = si->frames_per_second.num * 2; } - st->start_time = si.first_field; - if (si.first_field != AV_NOPTS_VALUE && si.last_field != AV_NOPTS_VALUE) - st->duration = si.last_field - si.first_field; + st->start_time = si->first_field; + if (si->first_field != AV_NOPTS_VALUE && si->last_field != AV_NOPTS_VALUE) + st->duration = si->last_field - si->first_field; } if (len < 0) av_log(s, AV_LOG_ERROR, "invalid track description length specified\n"); @@ -422,6 +422,8 @@ static int gxf_packet(AVFormatContext *s, AVPacket *pkt) { AVIOContext *pb = s->pb; GXFPktType pkt_type; int pkt_len; + struct gxf_stream_info *si = s->priv_data; + while (!pb->eof_reached) { AVStream *st; int track_type, track_id, ret; @@ -473,6 +475,11 @@ static int gxf_packet(AVFormatContext *s, AVPacket *pkt) { avio_skip(pb, skip); pkt->stream_index = stream_index; pkt->dts = field_nr; + + //set duration manually for DV or else lavf misdetects the frame rate + if (st->codec->codec_id == CODEC_ID_DVVIDEO) + pkt->duration = si->fields_per_frame; + return ret; } return AVERROR(EIO); @@ -518,7 +525,7 @@ static int64_t gxf_read_timestamp(AVFormatContext *s, int stream_index, AVInputFormat ff_gxf_demuxer = { "gxf", NULL_IF_CONFIG_SMALL("GXF format"), - 0, + sizeof(struct gxf_stream_info), gxf_probe, gxf_header, gxf_packet, From 6ed533f56137f678ff8507012de14d277aded9cc Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Wed, 22 Jun 2011 15:33:56 -0400 Subject: [PATCH 335/652] alsa: fallback to buffer_size/4 for period_size. buffer_size/4 is the value used by aplay. This fixes output to null devices, e.g. writing ALSA output to a file. (cherry picked from commit 8bfd7f6a475225a0595bf657f8b99a8fffb461e4) Signed-off-by: Anton Khirnov --- libavdevice/alsa-audio-common.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavdevice/alsa-audio-common.c b/libavdevice/alsa-audio-common.c index baa6ac79ca..4c7c881300 100644 --- a/libavdevice/alsa-audio-common.c +++ b/libavdevice/alsa-audio-common.c @@ -146,6 +146,8 @@ av_cold int ff_alsa_open(AVFormatContext *ctx, snd_pcm_stream_t mode, } snd_pcm_hw_params_get_period_size_min(hw_params, &period_size, NULL); + if (!period_size) + period_size = buffer_size / 4; res = snd_pcm_hw_params_set_period_size_near(h, hw_params, &period_size, NULL); if (res < 0) { av_log(ctx, AV_LOG_ERROR, "cannot set ALSA period size (%s)\n", From 0c039db4d8aa0928d9b7466c635247e6439df015 Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Wed, 22 Jun 2011 16:38:20 -0400 Subject: [PATCH 336/652] alsa: limit buffer_size to 32768 frames. In testing, the file output plugin gave a max buffer size of about 20 million frames, which is way more than what is really needed and causes a memory allocation error on my system. (cherry picked from commit e35c674d13a7f180412cfe058530a2e7f1d49a90) Signed-off-by: Anton Khirnov --- libavdevice/alsa-audio-common.c | 1 + libavdevice/alsa-audio.h | 2 ++ 2 files changed, 3 insertions(+) diff --git a/libavdevice/alsa-audio-common.c b/libavdevice/alsa-audio-common.c index 4c7c881300..825fcb1dbd 100644 --- a/libavdevice/alsa-audio-common.c +++ b/libavdevice/alsa-audio-common.c @@ -137,6 +137,7 @@ av_cold int ff_alsa_open(AVFormatContext *ctx, snd_pcm_stream_t mode, } snd_pcm_hw_params_get_buffer_size_max(hw_params, &buffer_size); + buffer_size = FFMIN(buffer_size, ALSA_BUFFER_SIZE_MAX); /* TODO: maybe use ctx->max_picture_buffer somehow */ res = snd_pcm_hw_params_set_buffer_size_near(h, hw_params, &buffer_size); if (res < 0) { diff --git a/libavdevice/alsa-audio.h b/libavdevice/alsa-audio.h index 32c07426ef..c8c6ea4aff 100644 --- a/libavdevice/alsa-audio.h +++ b/libavdevice/alsa-audio.h @@ -40,6 +40,8 @@ other formats */ #define DEFAULT_CODEC_ID AV_NE(CODEC_ID_PCM_S16BE, CODEC_ID_PCM_S16LE) +#define ALSA_BUFFER_SIZE_MAX 32768 + typedef struct { AVClass *class; snd_pcm_t *h; From b772a757dd5e58ce94b56daee0deba78ab2e205e Mon Sep 17 00:00:00 2001 From: Jindrich Makovicka Date: Thu, 30 Jun 2011 09:03:15 +0000 Subject: [PATCH 337/652] mpegts: fix Continuity Counter error detection According to MPEG-TS specs, the continuity_counter shall not be incremented when the adaptation_field_control of the packet equals '00' or '10'. Signed-off-by: Jindrich Makovicka Signed-off-by: Anton Khirnov (cherry picked from commit 8923cfa328e8eb565aebcfe8672b276fd1c19bf7) Signed-off-by: Anton Khirnov --- libavformat/mpegts.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavformat/mpegts.c b/libavformat/mpegts.c index e9b8b3513a..608cbe710f 100644 --- a/libavformat/mpegts.c +++ b/libavformat/mpegts.c @@ -1247,7 +1247,7 @@ static int handle_packet(MpegTSContext *ts, const uint8_t *packet) { AVFormatContext *s = ts->stream; MpegTSFilter *tss; - int len, pid, cc, cc_ok, afc, is_start; + int len, pid, cc, expected_cc, cc_ok, afc, is_start; const uint8_t *p, *p_end; int64_t pos; @@ -1265,7 +1265,8 @@ static int handle_packet(MpegTSContext *ts, const uint8_t *packet) /* continuity check (currently not used) */ cc = (packet[3] & 0xf); - cc_ok = (tss->last_cc < 0) || ((((tss->last_cc + 1) & 0x0f) == cc)); + expected_cc = (packet[3] & 0x10) ? (tss->last_cc + 1) & 0x0f : tss->last_cc; + cc_ok = (tss->last_cc < 0) || (expected_cc == cc); tss->last_cc = cc; /* skip adaptation field */ From f8521560fa95c83bfbd95bb1b5adc8ded62a5104 Mon Sep 17 00:00:00 2001 From: Oskar Arvidsson Date: Tue, 12 Jul 2011 10:52:19 +0200 Subject: [PATCH 338/652] pix_fmt: Fix number of bits per component in yuv444p9be Signed-off-by: Ronald S. Bultje (cherry picked from commit e59d6b4d7255d6d3dc89580f534e18af1433fe25) Signed-off-by: Anton Khirnov --- libavutil/pixdesc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavutil/pixdesc.c b/libavutil/pixdesc.c index efc7c7ea0e..c70a41347b 100644 --- a/libavutil/pixdesc.c +++ b/libavutil/pixdesc.c @@ -918,9 +918,9 @@ const AVPixFmtDescriptor av_pix_fmt_descriptors[PIX_FMT_NB] = { .log2_chroma_w= 0, .log2_chroma_h= 0, .comp = { - {0,1,1,0,9}, /* Y */ - {1,1,1,0,9}, /* U */ - {2,1,1,0,9}, /* V */ + {0,1,1,0,8}, /* Y */ + {1,1,1,0,8}, /* U */ + {2,1,1,0,8}, /* V */ }, .flags = PIX_FMT_BE, }, From 9c2a02466053dd4762d474d89d9be9a957eaaefe Mon Sep 17 00:00:00 2001 From: Anton Khirnov Date: Tue, 12 Jul 2011 22:42:18 +0200 Subject: [PATCH 339/652] lavf: fix segfault in av_open_input_stream() ic is NULL in case of error. (cherry picked from commit 13551ad1e336573e3732fdeaf25607c47244bb80) Signed-off-by: Anton Khirnov --- libavformat/utils.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index 0e6b00195b..2cb096e373 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -465,7 +465,8 @@ int av_open_input_stream(AVFormatContext **ic_ptr, else ic->pb = pb; - err = avformat_open_input(&ic, filename, fmt, &opts); + if ((err = avformat_open_input(&ic, filename, fmt, &opts)) < 0) + goto fail; ic->pb = ic->pb ? ic->pb : pb; // don't leak custom pb if it wasn't set above *ic_ptr = ic; From f7831bb104c48118b38d4ba86a7d594fe4fa0f2c Mon Sep 17 00:00:00 2001 From: Mans Rullgard Date: Fri, 15 Jul 2011 22:38:10 +0100 Subject: [PATCH 340/652] aacps: skip some memcpy() if src and dst would be equal Signed-off-by: Mans Rullgard (cherry picked from commit e5902d60ce8f7cf10b6e87a57eec536b316261a3) Signed-off-by: Anton Khirnov --- libavcodec/aacps.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/libavcodec/aacps.c b/libavcodec/aacps.c index 724c13256a..3f1424bcf2 100644 --- a/libavcodec/aacps.c +++ b/libavcodec/aacps.c @@ -813,14 +813,17 @@ static void stereo_processing(PSContext *ps, float (*l)[32][2], float (*r)[32][2 const float (*H_LUT)[8][4] = (PS_BASELINE || ps->icc_mode < 3) ? HA : HB; //Remapping - memcpy(H11[0][0], H11[0][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H11[0][0][0])); - memcpy(H11[1][0], H11[1][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H11[1][0][0])); - memcpy(H12[0][0], H12[0][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H12[0][0][0])); - memcpy(H12[1][0], H12[1][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H12[1][0][0])); - memcpy(H21[0][0], H21[0][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H21[0][0][0])); - memcpy(H21[1][0], H21[1][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H21[1][0][0])); - memcpy(H22[0][0], H22[0][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H22[0][0][0])); - memcpy(H22[1][0], H22[1][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H22[1][0][0])); + if (ps->num_env_old) { + memcpy(H11[0][0], H11[0][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H11[0][0][0])); + memcpy(H11[1][0], H11[1][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H11[1][0][0])); + memcpy(H12[0][0], H12[0][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H12[0][0][0])); + memcpy(H12[1][0], H12[1][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H12[1][0][0])); + memcpy(H21[0][0], H21[0][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H21[0][0][0])); + memcpy(H21[1][0], H21[1][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H21[1][0][0])); + memcpy(H22[0][0], H22[0][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H22[0][0][0])); + memcpy(H22[1][0], H22[1][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H22[1][0][0])); + } + if (is34) { remap34(&iid_mapped, ps->iid_par, ps->nr_iid_par, ps->num_env, 1); remap34(&icc_mapped, ps->icc_par, ps->nr_icc_par, ps->num_env, 1); From 3ed12b97bed7f0cd430c4304f166e549b4dad634 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafa=C3=ABl=20Carr=C3=A9?= Date: Sat, 16 Jul 2011 11:41:08 -0400 Subject: [PATCH 341/652] Do not decode RV30 files if the extradata is too small Signed-off-by: Diego Biurrun (cherry picked from commit 289c60001fb0a9a1d7a97c876d8a42b84c6874ac) Signed-off-by: Anton Khirnov --- libavcodec/rv30.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/rv30.c b/libavcodec/rv30.c index 62177dda78..2b423cc0d2 100644 --- a/libavcodec/rv30.c +++ b/libavcodec/rv30.c @@ -256,6 +256,7 @@ static av_cold int rv30_decode_init(AVCodecContext *avctx) if(avctx->extradata_size - 8 < (r->rpr - 1) * 2){ av_log(avctx, AV_LOG_ERROR, "Insufficient extradata - need at least %d bytes, got %d\n", 6 + r->rpr * 2, avctx->extradata_size); + return EINVAL; } r->parse_slice_header = rv30_parse_slice_header; r->decode_intra_types = rv30_decode_intra_types; From 99ec59adbdaced97d892da73e5c881ac122bd27b Mon Sep 17 00:00:00 2001 From: Mans Rullgard Date: Wed, 20 Jul 2011 09:55:48 +0100 Subject: [PATCH 342/652] Fix incorrect max_lowres values Signed-off-by: Mans Rullgard (cherry picked from commit e23a05ab0605693aa715b95120bc0132079ded06) Signed-off-by: Anton Khirnov --- libavcodec/cdgraphics.c | 1 - libavcodec/kgv1dec.c | 1 - libavcodec/pngdec.c | 1 - libavcodec/pnmdec.c | 5 ----- libavcodec/sp5xdec.c | 2 +- 5 files changed, 1 insertion(+), 9 deletions(-) diff --git a/libavcodec/cdgraphics.c b/libavcodec/cdgraphics.c index 2f8e98ca3d..bcfb6e9be5 100644 --- a/libavcodec/cdgraphics.c +++ b/libavcodec/cdgraphics.c @@ -377,6 +377,5 @@ AVCodec ff_cdgraphics_decoder = { cdg_decode_end, cdg_decode_frame, CODEC_CAP_DR1, - .max_lowres = 5, .long_name = NULL_IF_CONFIG_SMALL("CD Graphics video"), }; diff --git a/libavcodec/kgv1dec.c b/libavcodec/kgv1dec.c index 57684340af..88c54bf817 100644 --- a/libavcodec/kgv1dec.c +++ b/libavcodec/kgv1dec.c @@ -173,6 +173,5 @@ AVCodec ff_kgv1_decoder = { NULL, decode_end, decode_frame, - .max_lowres = 1, .long_name = NULL_IF_CONFIG_SMALL("Kega Game Video"), }; diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c index 7477f6746b..1268c9e781 100644 --- a/libavcodec/pngdec.c +++ b/libavcodec/pngdec.c @@ -667,6 +667,5 @@ AVCodec ff_png_decoder = { decode_frame, CODEC_CAP_DR1 /*| CODEC_CAP_DRAW_HORIZ_BAND*/, NULL, - .max_lowres = 5, .long_name = NULL_IF_CONFIG_SMALL("PNG image"), }; diff --git a/libavcodec/pnmdec.c b/libavcodec/pnmdec.c index b9f20c0569..988ea0c267 100644 --- a/libavcodec/pnmdec.c +++ b/libavcodec/pnmdec.c @@ -199,7 +199,6 @@ AVCodec ff_pgm_decoder = { pnm_decode_frame, CODEC_CAP_DR1, .pix_fmts = (const enum PixelFormat[]){PIX_FMT_GRAY8, PIX_FMT_GRAY16BE, PIX_FMT_NONE}, - .max_lowres = 5, .long_name = NULL_IF_CONFIG_SMALL("PGM (Portable GrayMap) image"), }; #endif @@ -216,7 +215,6 @@ AVCodec ff_pgmyuv_decoder = { pnm_decode_frame, CODEC_CAP_DR1, .pix_fmts = (const enum PixelFormat[]){PIX_FMT_YUV420P, PIX_FMT_NONE}, - .max_lowres = 5, .long_name = NULL_IF_CONFIG_SMALL("PGMYUV (Portable GrayMap YUV) image"), }; #endif @@ -233,7 +231,6 @@ AVCodec ff_ppm_decoder = { pnm_decode_frame, CODEC_CAP_DR1, .pix_fmts = (const enum PixelFormat[]){PIX_FMT_RGB24, PIX_FMT_RGB48BE, PIX_FMT_NONE}, - .max_lowres = 5, .long_name = NULL_IF_CONFIG_SMALL("PPM (Portable PixelMap) image"), }; #endif @@ -250,7 +247,6 @@ AVCodec ff_pbm_decoder = { pnm_decode_frame, CODEC_CAP_DR1, .pix_fmts = (const enum PixelFormat[]){PIX_FMT_MONOWHITE, PIX_FMT_NONE}, - .max_lowres = 5, .long_name = NULL_IF_CONFIG_SMALL("PBM (Portable BitMap) image"), }; #endif @@ -267,7 +263,6 @@ AVCodec ff_pam_decoder = { pnm_decode_frame, CODEC_CAP_DR1, .pix_fmts = (const enum PixelFormat[]){PIX_FMT_RGB24, PIX_FMT_RGB32, PIX_FMT_GRAY8, PIX_FMT_MONOWHITE, PIX_FMT_NONE}, - .max_lowres = 5, .long_name = NULL_IF_CONFIG_SMALL("PAM (Portable AnyMap) image"), }; #endif diff --git a/libavcodec/sp5xdec.c b/libavcodec/sp5xdec.c index 6726c18ca9..ae25733530 100644 --- a/libavcodec/sp5xdec.c +++ b/libavcodec/sp5xdec.c @@ -104,7 +104,7 @@ AVCodec ff_sp5x_decoder = { sp5x_decode_frame, CODEC_CAP_DR1, NULL, - .max_lowres = 5, + .max_lowres = 3, .long_name = NULL_IF_CONFIG_SMALL("Sunplus JPEG (SP5X)"), }; From 44c718cf7116203e4e86ff2b92d7dcfd9c77e4b3 Mon Sep 17 00:00:00 2001 From: Diego Biurrun Date: Thu, 21 Jul 2011 14:25:01 +0200 Subject: [PATCH 343/652] rv30: return AVERROR(EINVAL) instead of EINVAL On some platforms EINVAL could be positive, ensure we return negative values. (cherry picked from commit e5985185d2eda942333ebbb72bd7d043ffe40be7) Signed-off-by: Anton Khirnov --- libavcodec/rv30.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/rv30.c b/libavcodec/rv30.c index 2b423cc0d2..b7f43a4bd0 100644 --- a/libavcodec/rv30.c +++ b/libavcodec/rv30.c @@ -256,7 +256,7 @@ static av_cold int rv30_decode_init(AVCodecContext *avctx) if(avctx->extradata_size - 8 < (r->rpr - 1) * 2){ av_log(avctx, AV_LOG_ERROR, "Insufficient extradata - need at least %d bytes, got %d\n", 6 + r->rpr * 2, avctx->extradata_size); - return EINVAL; + return AVERROR(EINVAL); } r->parse_slice_header = rv30_parse_slice_header; r->decode_intra_types = rv30_decode_intra_types; From b3b97559bb47fceaaa7fc5aa25a351c9de7f60d6 Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Tue, 26 Jul 2011 10:58:29 -0700 Subject: [PATCH 344/652] vp3/theora: flush after seek. (cherry picked from commit 8dcf5184307f072d55fb29373be05ef8b0fd02df) Signed-off-by: Anton Khirnov --- libavcodec/vp3.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c index c3dff7f89f..c117a64084 100644 --- a/libavcodec/vp3.c +++ b/libavcodec/vp3.c @@ -2321,6 +2321,26 @@ static av_cold int theora_decode_init(AVCodecContext *avctx) return vp3_decode_init(avctx); } +static void vp3_decode_flush(AVCodecContext *avctx) +{ + Vp3DecodeContext *s = avctx->priv_data; + + if (s->golden_frame.data[0]) { + if (s->golden_frame.data[0] == s->last_frame.data[0]) + memset(&s->last_frame, 0, sizeof(AVFrame)); + if (s->current_frame.data[0] == s->golden_frame.data[0]) + memset(&s->current_frame, 0, sizeof(AVFrame)); + ff_thread_release_buffer(avctx, &s->golden_frame); + } + if (s->last_frame.data[0]) { + if (s->current_frame.data[0] == s->last_frame.data[0]) + memset(&s->current_frame, 0, sizeof(AVFrame)); + ff_thread_release_buffer(avctx, &s->last_frame); + } + if (s->current_frame.data[0]) + ff_thread_release_buffer(avctx, &s->current_frame); +} + AVCodec ff_theora_decoder = { "theora", AVMEDIA_TYPE_VIDEO, @@ -2332,6 +2352,7 @@ AVCodec ff_theora_decoder = { vp3_decode_frame, CODEC_CAP_DR1 | CODEC_CAP_DRAW_HORIZ_BAND | CODEC_CAP_FRAME_THREADS, NULL, + .flush = vp3_decode_flush, .long_name = NULL_IF_CONFIG_SMALL("Theora"), .update_thread_context = ONLY_IF_THREADS_ENABLED(vp3_update_thread_context) }; @@ -2348,6 +2369,7 @@ AVCodec ff_vp3_decoder = { vp3_decode_frame, CODEC_CAP_DR1 | CODEC_CAP_DRAW_HORIZ_BAND | CODEC_CAP_FRAME_THREADS, NULL, + .flush = vp3_decode_flush, .long_name = NULL_IF_CONFIG_SMALL("On2 VP3"), .update_thread_context = ONLY_IF_THREADS_ENABLED(vp3_update_thread_context) }; From c613a891433df18f5188efbab504942be8c809c0 Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Fri, 29 Jul 2011 15:27:36 -0700 Subject: [PATCH 345/652] mxfdec: Include FF_INPUT_BUFFER_PADDING_SIZE when allocating extradata. This prevents out of bounds reads when extradata is being decoded. (cherry picked from commit 1f6f58d5855288492fc2640a9f1035c01c75d356) Signed-off-by: Anton Khirnov --- libavformat/mxfdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index 82daa2a002..fcee7a7b83 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -599,7 +599,7 @@ static int mxf_read_generic_descriptor(void *arg, AVIOContext *pb, int tag, int default: /* Private uid used by SONY C0023S01.mxf */ if (IS_KLV_KEY(uid, mxf_sony_mpeg4_extradata)) { - descriptor->extradata = av_malloc(size); + descriptor->extradata = av_malloc(size + FF_INPUT_BUFFER_PADDING_SIZE); if (!descriptor->extradata) return -1; descriptor->extradata_size = size; From 96a453eb85a2d565681842a07ab759a52f1353fd Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Fri, 29 Jul 2011 15:49:11 -0700 Subject: [PATCH 346/652] aac: Remove some suspicious illegal memcpy()s from LTP. (cherry picked from commit a6c49f18abacb9bf52d4d808a2a56561a5b5445c) Signed-off-by: Anton Khirnov --- libavcodec/aacdec.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/libavcodec/aacdec.c b/libavcodec/aacdec.c index 69aacb86d6..f94b109de5 100644 --- a/libavcodec/aacdec.c +++ b/libavcodec/aacdec.c @@ -1753,12 +1753,10 @@ static void windowing_and_mdct_ltp(AACContext *ac, float *out, } else { memset(in, 0, 448 * sizeof(float)); ac->dsp.vector_fmul(in + 448, in + 448, swindow_prev, 128); - memcpy(in + 576, in + 576, 448 * sizeof(float)); } if (ics->window_sequence[0] != LONG_START_SEQUENCE) { ac->dsp.vector_fmul_reverse(in + 1024, in + 1024, lwindow, 1024); } else { - memcpy(in + 1024, in + 1024, 448 * sizeof(float)); ac->dsp.vector_fmul_reverse(in + 1024 + 448, in + 1024 + 448, swindow, 128); memset(in + 1024 + 576, 0, 448 * sizeof(float)); } From 67163d751ba1ffa89e61eff224158828d5f673a4 Mon Sep 17 00:00:00 2001 From: Baptiste Coudurier Date: Sat, 29 Jan 2011 17:05:42 -0800 Subject: [PATCH 347/652] libx264: do not set pic quality if no frame is output Avoids uninitialized reads. Signed-off-by: Anton Khirnov (cherry picked from commit 5caa2de19ece830e32c95731bc92a423d55cff0c) Signed-off-by: Anton Khirnov --- libavcodec/libx264.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/libx264.c b/libavcodec/libx264.c index e5fac00469..74ee1d45e0 100644 --- a/libavcodec/libx264.c +++ b/libavcodec/libx264.c @@ -138,7 +138,8 @@ static int X264_frame(AVCodecContext *ctx, uint8_t *buf, } x4->out_pic.key_frame = pic_out.b_keyframe; - x4->out_pic.quality = (pic_out.i_qpplus1 - 1) * FF_QP2LAMBDA; + if (bufsize) + x4->out_pic.quality = (pic_out.i_qpplus1 - 1) * FF_QP2LAMBDA; return bufsize; } From 042934e78676a7854038be560e8f8a7d05552b84 Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Wed, 10 Aug 2011 14:07:35 -0400 Subject: [PATCH 348/652] Remove incorrect info in documentation of AVCodecContext.bits_per_raw_sample. bits_per_raw_sample is used in video as well, where sample_fmt is not used. (cherry picked from commit d271d5b2152cafe540f3ab71d3be6ce8636d2fd6) Signed-off-by: Anton Khirnov --- libavcodec/avcodec.h | 1 - 1 file changed, 1 deletion(-) diff --git a/libavcodec/avcodec.h b/libavcodec/avcodec.h index 9a3076ae27..0269892028 100644 --- a/libavcodec/avcodec.h +++ b/libavcodec/avcodec.h @@ -2559,7 +2559,6 @@ typedef struct AVCodecContext { /** * Bits per sample/pixel of internal libavcodec pixel/sample format. - * This field is applicable only when sample_fmt is AV_SAMPLE_FMT_S32. * - encoding: set by user. * - decoding: set by libavcodec. */ From 59a22afa0b50b9037133a7bc26bdc5023e7e1df9 Mon Sep 17 00:00:00 2001 From: Dustin Brody Date: Thu, 11 Aug 2011 08:57:58 -0400 Subject: [PATCH 349/652] h264: notice memory allocation failure Signed-off-by: Ronald S. Bultje (cherry picked from commit bac3ab13ea6a9dd8853e79ef3eacf51d234c8774) Signed-off-by: Anton Khirnov --- libavcodec/h264.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 2c000a3420..99be210d13 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -1165,7 +1165,10 @@ static int decode_update_thread_context(AVCodecContext *dst, const AVCodecContex memcpy(&h->s + 1, &h1->s + 1, sizeof(H264Context) - sizeof(MpegEncContext)); //copy all fields after MpegEnc memset(h->sps_buffers, 0, sizeof(h->sps_buffers)); memset(h->pps_buffers, 0, sizeof(h->pps_buffers)); - ff_h264_alloc_tables(h); + if (ff_h264_alloc_tables(h) < 0) { + av_log(dst, AV_LOG_ERROR, "Could not allocate memory for h264\n"); + return AVERROR(ENOMEM); + } context_init(h); for(i=0; i<2; i++){ @@ -2635,7 +2638,10 @@ static int decode_slice_header(H264Context *h, H264Context *h0){ h->prev_interlaced_frame = 1; init_scan_tables(h); - ff_h264_alloc_tables(h); + if (ff_h264_alloc_tables(h) < 0) { + av_log(h->s.avctx, AV_LOG_ERROR, "Could not allocate memory for h264\n"); + return AVERROR(ENOMEM); + } if (!HAVE_THREADS || !(s->avctx->active_thread_type&FF_THREAD_SLICE)) { if (context_init(h) < 0) { From 28321b777f76528b061646a3555d08b94ff667bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Sat, 13 Aug 2011 11:58:18 +0200 Subject: [PATCH 350/652] VC-1: fix reading of custom PAR. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Custom PAR num/denum are in 1-256 range. Signed-off-by: Reimar Döffinger Signed-off-by: Diego Biurrun (cherry picked from commit 0e8696551414d4ea0aab2559f9475d1fe49d08f3) Signed-off-by: Anton Khirnov --- libavcodec/vc1.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/vc1.c b/libavcodec/vc1.c index 32869b97d1..5e53680ec6 100644 --- a/libavcodec/vc1.c +++ b/libavcodec/vc1.c @@ -485,8 +485,8 @@ static int decode_sequence_header_adv(VC1Context *v, GetBitContext *gb) if(ar && ar < 14){ v->s.avctx->sample_aspect_ratio = ff_vc1_pixel_aspect[ar]; }else if(ar == 15){ - w = get_bits(gb, 8); - h = get_bits(gb, 8); + w = get_bits(gb, 8) + 1; + h = get_bits(gb, 8) + 1; v->s.avctx->sample_aspect_ratio = (AVRational){w, h}; } av_log(v->s.avctx, AV_LOG_DEBUG, "Aspect: %i:%i\n", v->s.avctx->sample_aspect_ratio.num, v->s.avctx->sample_aspect_ratio.den); From fe3e7297fe56a383baca484dea2c0d603ae305f8 Mon Sep 17 00:00:00 2001 From: Luca Barbato Date: Wed, 8 Jun 2011 14:32:07 +0000 Subject: [PATCH 351/652] flvenc: use int64_t to store offsets Metadata currently is written only at the start of the file in normal cases, when transcoding from a rtmp source metadata could be written later and the offset recorded can exceed 32bit. Signed-off-by: Anton Khirnov (cherry picked from commit 7f5bf4fbaf1f2142547321a16358f9871fabdcc6) Signed-off-by: Anton Khirnov --- libavformat/flvenc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/flvenc.c b/libavformat/flvenc.c index 487993cd9a..bd1a1f49fe 100644 --- a/libavformat/flvenc.c +++ b/libavformat/flvenc.c @@ -177,7 +177,7 @@ static int flv_write_header(AVFormatContext *s) AVCodecContext *audio_enc = NULL, *video_enc = NULL; int i; double framerate = 0.0; - int metadata_size_pos, data_size; + int64_t metadata_size_pos, data_size; AVDictionaryEntry *tag = NULL; for(i=0; inb_streams; i++){ From dec458b900439316ebdefa0de2bd1249440859cf Mon Sep 17 00:00:00 2001 From: Kostya Shishkov Date: Wed, 17 Aug 2011 10:36:33 +0200 Subject: [PATCH 352/652] rv10/20: tell decoder to use edge emulation This removes out-of-edge motion compensation artifacts (easily spotted green blocks in avplay, gray blocks in transcoding), for example here: http://samples.libav.org/samples/real/tv_watching_t1.rm Signed-off-by: Diego Biurrun (cherry picked from commit 331971116d7d36743601bd2dc5384c5211d3bb48) Signed-off-by: Anton Khirnov --- libavcodec/rv10.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/rv10.c b/libavcodec/rv10.c index 6227dc6f6c..78f97b16b1 100644 --- a/libavcodec/rv10.c +++ b/libavcodec/rv10.c @@ -438,6 +438,7 @@ static av_cold int rv10_decode_init(AVCodecContext *avctx) s->avctx= avctx; s->out_format = FMT_H263; s->codec_id= avctx->codec_id; + avctx->flags |= CODEC_FLAG_EMU_EDGE; s->orig_width = s->width = avctx->coded_width; s->orig_height= s->height = avctx->coded_height; From b4099a6dc539c54156a788c7020356c54bc6485e Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Tue, 16 Aug 2011 11:03:26 -0700 Subject: [PATCH 353/652] aac: Only output configure if audio was found. Audio found is not triggered on a CCE because a CCE alone has no output. Signed-off-by: Luca Barbato (cherry picked from commit d8425ed4af6d8fce62ff363cc590f85e57bac06b) Signed-off-by: Anton Khirnov --- libavcodec/aacdec.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/libavcodec/aacdec.c b/libavcodec/aacdec.c index f94b109de5..2958ddbe72 100644 --- a/libavcodec/aacdec.c +++ b/libavcodec/aacdec.c @@ -2074,7 +2074,7 @@ static int aac_decode_frame_int(AVCodecContext *avctx, void *data, ChannelElement *che = NULL, *che_prev = NULL; enum RawDataBlockType elem_type, elem_type_prev = TYPE_END; int err, elem_id, data_size_tmp; - int samples = 0, multiplier; + int samples = 0, multiplier, audio_found = 0; if (show_bits(gb, 12) == 0xfff) { if (parse_adts_frame_header(ac, gb) < 0) { @@ -2105,10 +2105,12 @@ static int aac_decode_frame_int(AVCodecContext *avctx, void *data, case TYPE_SCE: err = decode_ics(ac, &che->ch[0], gb, 0, 0); + audio_found = 1; break; case TYPE_CPE: err = decode_cpe(ac, gb, che); + audio_found = 1; break; case TYPE_CCE: @@ -2117,6 +2119,7 @@ static int aac_decode_frame_int(AVCodecContext *avctx, void *data, case TYPE_LFE: err = decode_ics(ac, &che->ch[0], gb, 0, 0); + audio_found = 1; break; case TYPE_DSE: @@ -2193,7 +2196,7 @@ static int aac_decode_frame_int(AVCodecContext *avctx, void *data, samples, avctx->channels); } - if (ac->output_configured) + if (ac->output_configured && audio_found) ac->output_configured = OC_LOCKED; return 0; From 8ad6555f820cc8db5debd5f76d8779cd329def20 Mon Sep 17 00:00:00 2001 From: Jeff Downs Date: Tue, 5 Jul 2011 14:21:54 -0400 Subject: [PATCH 354/652] h264: correct the check for invalid long term frame index in MMCO decode The current check on MMCO parameters prohibits a "max long term frame index plus 1" of 16 (frame idx of 15) for the "set max long term frame index" MMCO. Fix this off-by-one error to allow the full range of legal values. Signed-off-by: Diego Biurrun (cherry picked from commit 29a09eae9a827f4dbc9c4517180d8fe2ecef321a) Signed-off-by: Anton Khirnov --- libavcodec/h264_refs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h264_refs.c b/libavcodec/h264_refs.c index a025f7d352..b1c27ec810 100644 --- a/libavcodec/h264_refs.c +++ b/libavcodec/h264_refs.c @@ -678,7 +678,7 @@ int ff_h264_decode_ref_pic_marking(H264Context *h, GetBitContext *gb){ } if(opcode==MMCO_SHORT2LONG || opcode==MMCO_LONG2UNUSED || opcode==MMCO_LONG || opcode==MMCO_SET_MAX_LONG){ unsigned int long_arg= get_ue_golomb_31(gb); - if(long_arg >= 32 || (long_arg >= 16 && !(opcode == MMCO_LONG2UNUSED && FIELD_PICTURE))){ + if(long_arg >= 32 || (long_arg >= 16 && !(opcode == MMCO_SET_MAX_LONG && long_arg == 16) && !(opcode == MMCO_LONG2UNUSED && FIELD_PICTURE))){ av_log(h->s.avctx, AV_LOG_ERROR, "illegal long ref in memory management control operation %d\n", opcode); return -1; } From 45b3f7c71ec213a2f4177e866586660fcbc68ecd Mon Sep 17 00:00:00 2001 From: Jeff Downs Date: Wed, 6 Jul 2011 11:54:36 -0400 Subject: [PATCH 355/652] h264: correct implicit weight table computation for long ref pics Correct computation of implicit weight tables when referencing pictures that are marked for long reference. Signed-off-by: Diego Biurrun (cherry picked from commit 87cf70eb237e7586cc7399627dafa1b980ec0b7d) Signed-off-by: Anton Khirnov --- libavcodec/h264.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 99be210d13..1c60de7023 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -2198,15 +2198,17 @@ static void implicit_weight_table(H264Context *h, int field){ for(ref0=ref_start; ref0 < ref_count0; ref0++){ int poc0 = h->ref_list[0][ref0].poc; for(ref1=ref_start; ref1 < ref_count1; ref1++){ - int poc1 = h->ref_list[1][ref1].poc; - int td = av_clip(poc1 - poc0, -128, 127); - int w= 32; - if(td){ - int tb = av_clip(cur_poc - poc0, -128, 127); - int tx = (16384 + (FFABS(td) >> 1)) / td; - int dist_scale_factor = (tb*tx + 32) >> 8; - if(dist_scale_factor >= -64 && dist_scale_factor <= 128) - w = 64 - dist_scale_factor; + int w = 32; + if (!h->ref_list[0][ref0].long_ref && !h->ref_list[1][ref1].long_ref) { + int poc1 = h->ref_list[1][ref1].poc; + int td = av_clip(poc1 - poc0, -128, 127); + if(td){ + int tb = av_clip(cur_poc - poc0, -128, 127); + int tx = (16384 + (FFABS(td) >> 1)) / td; + int dist_scale_factor = (tb*tx + 32) >> 8; + if(dist_scale_factor >= -64 && dist_scale_factor <= 128) + w = 64 - dist_scale_factor; + } } if(field<0){ h->implicit_weight[ref0][ref1][0]= From ce8f40a7b9e9fd8bc47181dc4a2b4de0042dac72 Mon Sep 17 00:00:00 2001 From: Jeff Downs Date: Tue, 5 Jul 2011 13:20:06 -0400 Subject: [PATCH 356/652] h264: fix PCM intra-coded blocks in monochrome case Signed-off-by: Diego Biurrun (cherry picked from commit 6581e161c5f46733a5619208483de29416eb9a51) Signed-off-by: Anton Khirnov --- libavcodec/h264.c | 46 ++++++++++++++++++++++++++++++++++------------ 1 file changed, 34 insertions(+), 12 deletions(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 1c60de7023..75075f6b3c 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -1851,15 +1851,30 @@ static av_always_inline void hl_decode_mb_internal(H264Context *h, int simple, i tmp_y[j] = get_bits(&gb, bit_depth); } if(simple || !CONFIG_GRAY || !(s->flags&CODEC_FLAG_GRAY)){ - for (i = 0; i < 8; i++) { - uint16_t *tmp_cb = (uint16_t*)(dest_cb + i*uvlinesize); - for (j = 0; j < 8; j++) - tmp_cb[j] = get_bits(&gb, bit_depth); - } - for (i = 0; i < 8; i++) { - uint16_t *tmp_cr = (uint16_t*)(dest_cr + i*uvlinesize); - for (j = 0; j < 8; j++) - tmp_cr[j] = get_bits(&gb, bit_depth); + if (!h->sps.chroma_format_idc) { + for (i = 0; i < 8; i++) { + uint16_t *tmp_cb = (uint16_t*)(dest_cb + i*uvlinesize); + for (j = 0; j < 8; j++) { + tmp_cb[j] = 1 << (bit_depth - 1); + } + } + for (i = 0; i < 8; i++) { + uint16_t *tmp_cr = (uint16_t*)(dest_cr + i*uvlinesize); + for (j = 0; j < 8; j++) { + tmp_cr[j] = 1 << (bit_depth - 1); + } + } + } else { + for (i = 0; i < 8; i++) { + uint16_t *tmp_cb = (uint16_t*)(dest_cb + i*uvlinesize); + for (j = 0; j < 8; j++) + tmp_cb[j] = get_bits(&gb, bit_depth); + } + for (i = 0; i < 8; i++) { + uint16_t *tmp_cr = (uint16_t*)(dest_cr + i*uvlinesize); + for (j = 0; j < 8; j++) + tmp_cr[j] = get_bits(&gb, bit_depth); + } } } } else { @@ -1867,9 +1882,16 @@ static av_always_inline void hl_decode_mb_internal(H264Context *h, int simple, i memcpy(dest_y + i* linesize, h->mb + i*8, 16); } if(simple || !CONFIG_GRAY || !(s->flags&CODEC_FLAG_GRAY)){ - for (i=0; i<8; i++) { - memcpy(dest_cb+ i*uvlinesize, h->mb + 128 + i*4, 8); - memcpy(dest_cr+ i*uvlinesize, h->mb + 160 + i*4, 8); + if (!h->sps.chroma_format_idc) { + for (i = 0; i < 8; i++) { + memset(dest_cb + i*uvlinesize, 128, 8); + memset(dest_cr + i*uvlinesize, 128, 8); + } + } else { + for (i = 0; i < 8; i++) { + memcpy(dest_cb + i*uvlinesize, h->mb + 128 + i*4, 8); + memcpy(dest_cr + i*uvlinesize, h->mb + 160 + i*4, 8); + } } } } From 97ce2a29b623f785f6b542846746f51018230df4 Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Wed, 24 Aug 2011 14:36:16 -0700 Subject: [PATCH 357/652] vc1: properly zero coded_block[] edges on new slice entry. Previously, we would leave the left edge uninitialized, which led to CBP prediction errors on slice edges, e.g. in SA10098.vc1. (cherry picked from commit d4b9974465baf893e90527a366e7a7411ded1ef8) Signed-off-by: Anton Khirnov --- libavcodec/vc1dec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/vc1dec.c b/libavcodec/vc1dec.c index 8fca2da738..b17ce30b5c 100644 --- a/libavcodec/vc1dec.c +++ b/libavcodec/vc1dec.c @@ -3020,7 +3020,7 @@ static void vc1_decode_i_blocks_adv(VC1Context *v) s->mb_x = 0; ff_init_block_index(s); memset(&s->coded_block[s->block_index[0]-s->b8_stride], 0, - s->b8_stride * sizeof(*s->coded_block)); + (1 + s->b8_stride) * sizeof(*s->coded_block)); } for(; s->mb_y < s->end_mb_y; s->mb_y++) { s->mb_x = 0; From db5e27f94ed8e74c2cca45b61085ebad7180e22d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alberto=20Delm=C3=A1s?= Date: Thu, 25 Aug 2011 11:00:37 +0200 Subject: [PATCH 358/652] VC1: Fix first/last row checks with slices In some places 0/mb_height were used in place of start_mb_y/end_mb_y. Fixes SA00049, SA00058, SA10091, SA10097, SA10131, SA20021, SA30030 Improves PSNR in SA00054, SA00059, SA00060, SA10096, SA10098, SA20022, SA30031, SA30032, SA40012, SA40013 Signed-off-by: Ronald S. Bultje (cherry picked from commit 1cf82cab0840d669198ea76ab0363aa661950647) Signed-off-by: Anton Khirnov --- libavcodec/vc1dec.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/libavcodec/vc1dec.c b/libavcodec/vc1dec.c index b17ce30b5c..c87558bc50 100644 --- a/libavcodec/vc1dec.c +++ b/libavcodec/vc1dec.c @@ -243,7 +243,7 @@ static void vc1_loop_filter_iblk(VC1Context *v, int pq) } v->vc1dsp.vc1_v_loop_filter16(s->dest[0] + 8*s->linesize, s->linesize, pq); - if (s->mb_y == s->mb_height-1) { + if (s->mb_y == s->end_mb_y-1) { if (s->mb_x) { v->vc1dsp.vc1_h_loop_filter16(s->dest[0], s->linesize, pq); v->vc1dsp.vc1_h_loop_filter8(s->dest[1], s->uvlinesize, pq); @@ -295,7 +295,7 @@ static void vc1_loop_filter_iblk_delayed(VC1Context *v, int pq) v->vc1dsp.vc1_v_loop_filter16(s->dest[0] - 8 * s->linesize, s->linesize, pq); } - if (s->mb_y == s->mb_height) { + if (s->mb_y == s->end_mb_y) { if (s->mb_x) { if (s->mb_x >= 2) v->vc1dsp.vc1_h_loop_filter16(s->dest[0] - 16 * s->linesize - 16, s->linesize, pq); @@ -2330,7 +2330,7 @@ static av_always_inline void vc1_apply_p_v_loop_filter(VC1Context *v, int block_ } else { dst = s->dest[0] + (block_num & 1) * 8 + ((block_num & 2) * 4 - 8) * linesize; } - if (s->mb_y != s->mb_height || block_num < 2) { + if (s->mb_y != s->end_mb_y || block_num < 2) { int16_t (*mv)[2]; int mv_stride; @@ -3096,7 +3096,7 @@ static void vc1_decode_i_blocks_adv(VC1Context *v) if(v->s.loop_filter) vc1_loop_filter_iblk_delayed(v, v->pq); } if (v->s.loop_filter) - ff_draw_horiz_band(s, (s->mb_height-1)*16, 16); + ff_draw_horiz_band(s, (s->end_mb_y-1)*16, 16); ff_er_add_slice(s, 0, s->start_mb_y, s->mb_width - 1, s->end_mb_y - 1, (AC_END|DC_END|MV_END)); } @@ -3219,7 +3219,7 @@ static void vc1_decode_b_blocks(VC1Context *v) s->first_slice_line = 0; } if (v->s.loop_filter) - ff_draw_horiz_band(s, (s->mb_height-1)*16, 16); + ff_draw_horiz_band(s, (s->end_mb_y-1)*16, 16); ff_er_add_slice(s, 0, s->start_mb_y, s->mb_width - 1, s->end_mb_y - 1, (AC_END|DC_END|MV_END)); } @@ -3227,9 +3227,9 @@ static void vc1_decode_skip_blocks(VC1Context *v) { MpegEncContext *s = &v->s; - ff_er_add_slice(s, 0, 0, s->mb_width - 1, s->mb_height - 1, (AC_END|DC_END|MV_END)); + ff_er_add_slice(s, 0, s->start_mb_y, s->mb_width - 1, s->end_mb_y - 1, (AC_END|DC_END|MV_END)); s->first_slice_line = 1; - for(s->mb_y = 0; s->mb_y < s->mb_height; s->mb_y++) { + for(s->mb_y = s->start_mb_y; s->mb_y < s->end_mb_y; s->mb_y++) { s->mb_x = 0; ff_init_block_index(s); ff_update_block_index(s); From 2b74db8d2781202742535a466a371a10a108b141 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 9 Mar 2011 03:30:24 +0100 Subject: [PATCH 359/652] vf_scale: don't leak SWS context. Signed-off-by: Anton Khirnov (cherry picked from commit 52982dbe474663709033e1ad259f8ff7a5a2eefa) Signed-off-by: Anton Khirnov --- libavfilter/vf_scale.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavfilter/vf_scale.c b/libavfilter/vf_scale.c index 65fe01c9ae..5288d32116 100644 --- a/libavfilter/vf_scale.c +++ b/libavfilter/vf_scale.c @@ -205,6 +205,8 @@ static int config_props(AVFilterLink *outlink) scale->input_is_pal = av_pix_fmt_descriptors[inlink->format].flags & PIX_FMT_PAL; + if (scale->sws) + sws_freeContext(scale->sws); scale->sws = sws_getContext(inlink ->w, inlink ->h, inlink ->format, outlink->w, outlink->h, outlink->format, scale->flags, NULL, NULL, NULL); From 1cf3ba89711748b340c31fe018a3a72e8e9b75f1 Mon Sep 17 00:00:00 2001 From: Sean McGovern Date: Mon, 25 Jul 2011 18:51:02 -0400 Subject: [PATCH 360/652] cpu detection: avoid a signed overflow 1<<31 overflows because 1 is signed, so force it to unsigned. Signed-off-by: Ronald S. Bultje (cherry picked from commit 5938e02185430ca711106aaec9b5622dbf588af3) Signed-off-by: Anton Khirnov --- libavutil/x86/cpu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavutil/x86/cpu.c b/libavutil/x86/cpu.c index 78aeadf0a1..f747e4dba8 100644 --- a/libavutil/x86/cpu.c +++ b/libavutil/x86/cpu.c @@ -113,7 +113,7 @@ int ff_get_cpu_flags_x86(void) if(max_ext_level >= 0x80000001){ cpuid(0x80000001, eax, ebx, ecx, ext_caps); - if (ext_caps & (1<<31)) + if (ext_caps & (1U<<31)) rval |= AV_CPU_FLAG_3DNOW; if (ext_caps & (1<<30)) rval |= AV_CPU_FLAG_3DNOWEXT; From 54f12d2889390293d59c2a9c36f1bf78fbca8dca Mon Sep 17 00:00:00 2001 From: Anton Khirnov Date: Tue, 23 Aug 2011 07:46:51 +0200 Subject: [PATCH 361/652] AVOptions: fix av_set_string3() doxy to match reality. Fixes bug 28. (cherry picked from commit e955a682e125d44143415ff2b96a99a4dac78da2) Signed-off-by: Anton Khirnov --- libavutil/opt.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavutil/opt.h b/libavutil/opt.h index 30aa54f5b6..ce65865069 100644 --- a/libavutil/opt.h +++ b/libavutil/opt.h @@ -134,7 +134,7 @@ const AVOption *av_find_opt(void *obj, const char *name, const char *unit, int m * when 0 then no av_free() nor av_strdup() will be used * @return 0 if the value has been set, or an AVERROR code in case of * error: - * AVERROR(ENOENT) if no matching option exists + * AVERROR_OPTION_NOT_FOUND if no matching option exists * AVERROR(ERANGE) if the value is out of range * AVERROR(EINVAL) if the value is not valid */ From a4f2973b2dfb2efe41d4e387eb9be404511da5e0 Mon Sep 17 00:00:00 2001 From: Anton Khirnov Date: Sun, 4 Sep 2011 09:56:47 +0200 Subject: [PATCH 362/652] lavc: fix type for thread_type option It should be flags, not int. (cherry picked from commit fb47997edb9d8ff16fc380d005a08c0545624aa6) Signed-off-by: Anton Khirnov --- libavcodec/options.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/options.c b/libavcodec/options.c index ae9e0c902d..6f25ebe6d4 100644 --- a/libavcodec/options.c +++ b/libavcodec/options.c @@ -446,7 +446,7 @@ static const AVOption options[]={ {"lpc_passes", "deprecated, use flac-specific options", OFFSET(lpc_passes), FF_OPT_TYPE_INT, {.dbl = -1 }, INT_MIN, INT_MAX, A|E}, #endif {"slices", "number of slices, used in parallelized decoding", OFFSET(slices), FF_OPT_TYPE_INT, {.dbl = 0 }, 0, INT_MAX, V|E}, -{"thread_type", "select multithreading type", OFFSET(thread_type), FF_OPT_TYPE_INT, {.dbl = FF_THREAD_SLICE|FF_THREAD_FRAME }, 0, INT_MAX, V|E|D, "thread_type"}, +{"thread_type", "select multithreading type", OFFSET(thread_type), FF_OPT_TYPE_FLAGS, {.dbl = FF_THREAD_SLICE|FF_THREAD_FRAME }, 0, INT_MAX, V|E|D, "thread_type"}, {"slice", NULL, 0, FF_OPT_TYPE_CONST, {.dbl = FF_THREAD_SLICE }, INT_MIN, INT_MAX, V|E|D, "thread_type"}, {"frame", NULL, 0, FF_OPT_TYPE_CONST, {.dbl = FF_THREAD_FRAME }, INT_MIN, INT_MAX, V|E|D, "thread_type"}, {"vbv_delay", "initial buffer fill time in periods of 27Mhz clock", 0, FF_OPT_TYPE_INT64, {.dbl = 0 }, 0, INT64_MAX}, From aee461277a54736511fdcb6298f0e7f9d90e0672 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Wed, 7 Sep 2011 23:12:32 +0200 Subject: [PATCH 363/652] Fixed invalid access in wavpack decoder on corrupted extra bits sub-blocks. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Storsjö (cherry picked from commit beefafda639dd53fc59c21d8a7cf8334da9a1062) Signed-off-by: Anton Khirnov --- libavcodec/wavpack.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c index e4fe217f59..64725c72c0 100644 --- a/libavcodec/wavpack.c +++ b/libavcodec/wavpack.c @@ -385,7 +385,7 @@ static inline int wv_get_value_integer(WavpackFrameContext *s, uint32_t *crc, in if(s->extra_bits){ S <<= s->extra_bits; - if(s->got_extra_bits){ + if(s->got_extra_bits && get_bits_left(&s->gb_extra_bits) >= s->extra_bits){ S |= get_bits(&s->gb_extra_bits, s->extra_bits); *crc = *crc * 9 + (S&0xffff) * 3 + ((unsigned)S>>16); } From 685940da4c843beb9283a21718cbd2fa4fa5d796 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Wed, 7 Sep 2011 22:17:39 +0200 Subject: [PATCH 364/652] Fixed invalid writes in wavpack decoder on corrupted bitstreams. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Storsjö (cherry picked from commit 0aedab03405849962b469277afe047aa2c61a87f) Signed-off-by: Anton Khirnov --- libavcodec/wavpack.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c index 64725c72c0..5bd677e45e 100644 --- a/libavcodec/wavpack.c +++ b/libavcodec/wavpack.c @@ -1113,7 +1113,7 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no, int16_t *dst = (int16_t*)samples + 1; int16_t *src = (int16_t*)samples; int cnt = samplecount; - while(cnt--){ + while(cnt-- > 0){ *dst = *src; src += channel_stride; dst += channel_stride; @@ -1122,7 +1122,7 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no, int32_t *dst = (int32_t*)samples + 1; int32_t *src = (int32_t*)samples; int cnt = samplecount; - while(cnt--){ + while(cnt-- > 0){ *dst = *src; src += channel_stride; dst += channel_stride; @@ -1131,7 +1131,7 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no, float *dst = (float*)samples + 1; float *src = (float*)samples; int cnt = samplecount; - while(cnt--){ + while(cnt-- > 0){ *dst = *src; src += channel_stride; dst += channel_stride; From 4b84e995ad88f3bfa533c38218f2791c14fd72f0 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Wed, 7 Sep 2011 22:02:55 +0200 Subject: [PATCH 365/652] Fixed invalid access in wavpack decoder on corrupted bitstream. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Storsjö (cherry picked from commit 55354b7de21e7bb4bbeb1c12ff55ea17f807c70c) Signed-off-by: Anton Khirnov --- libavcodec/wavpack.c | 49 +++++++++++++++++++++++++++++++------------- 1 file changed, 35 insertions(+), 14 deletions(-) diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c index 5bd677e45e..343120f494 100644 --- a/libavcodec/wavpack.c +++ b/libavcodec/wavpack.c @@ -292,7 +292,14 @@ static int wv_get_value(WavpackFrameContext *ctx, GetBitContext *gb, int channel } }else{ t = get_unary_0_33(gb); - if(t >= 2) t = get_bits(gb, t - 1) | (1 << (t-1)); + if(t >= 2){ + if(get_bits_left(gb) < t-1) + goto error; + t = get_bits(gb, t - 1) | (1 << (t-1)); + }else{ + if(get_bits_left(gb) < 0) + goto error; + } ctx->zeroes = t; if(ctx->zeroes){ memset(ctx->ch[0].median, 0, sizeof(ctx->ch[0].median)); @@ -303,24 +310,24 @@ static int wv_get_value(WavpackFrameContext *ctx, GetBitContext *gb, int channel } } - if(get_bits_count(gb) >= ctx->data_size){ - *last = 1; - return 0; - } - if(ctx->zero){ t = 0; ctx->zero = 0; }else{ t = get_unary_0_33(gb); - if(get_bits_count(gb) >= ctx->data_size){ - *last = 1; - return 0; - } + if(get_bits_left(gb) < 0) + goto error; if(t == 16) { t2 = get_unary_0_33(gb); - if(t2 < 2) t += t2; - else t += get_bits(gb, t2 - 1) | (1 << (t2 - 1)); + if(t2 < 2){ + if(get_bits_left(gb) < 0) + goto error; + t += t2; + }else{ + if(get_bits_left(gb) < t2 - 1) + goto error; + t += get_bits(gb, t2 - 1) | (1 << (t2 - 1)); + } } if(ctx->one){ @@ -360,9 +367,13 @@ static int wv_get_value(WavpackFrameContext *ctx, GetBitContext *gb, int channel } if(!c->error_limit){ ret = base + get_tail(gb, add); + if (get_bits_left(gb) <= 0) + goto error; }else{ int mid = (base*2 + add + 1) >> 1; while(add > c->error_limit){ + if(get_bits_left(gb) <= 0) + goto error; if(get_bits1(gb)){ add -= (mid - base); base = mid; @@ -376,6 +387,10 @@ static int wv_get_value(WavpackFrameContext *ctx, GetBitContext *gb, int channel if(ctx->hybrid_bitrate) c->slow_level += wp_log2(ret) - LEVEL_DECAY(c->slow_level); return sign ? ~ret : ret; + +error: + *last = 1; + return 0; } static inline int wv_get_value_integer(WavpackFrameContext *s, uint32_t *crc, int S) @@ -580,7 +595,10 @@ static inline int wv_unpack_stereo(WavpackFrameContext *s, GetBitContext *gb, vo count++; }while(!last && count < s->max_samples); - s->samples_left -= count; + if (last) + s->samples_left = 0; + else + s->samples_left -= count; if(!s->samples_left){ if(crc != s->CRC){ av_log(s->avctx, AV_LOG_ERROR, "CRC error\n"); @@ -658,7 +676,10 @@ static inline int wv_unpack_mono(WavpackFrameContext *s, GetBitContext *gb, void count++; }while(!last && count < s->max_samples); - s->samples_left -= count; + if (last) + s->samples_left = 0; + else + s->samples_left -= count; if(!s->samples_left){ if(crc != s->CRC){ av_log(s->avctx, AV_LOG_ERROR, "CRC error\n"); From 5d4c065476da547fd1a8a604e3047e1b3a7a29d8 Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Thu, 8 Sep 2011 11:02:43 -0700 Subject: [PATCH 366/652] wavpack: Check error codes rather than working around error conditions. (cherry picked from commit dba2b63a98bdcac7bda1a8a2c48950518c075e17) Signed-off-by: Anton Khirnov --- libavcodec/wavpack.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c index 343120f494..f614c7afec 100644 --- a/libavcodec/wavpack.c +++ b/libavcodec/wavpack.c @@ -1119,6 +1119,10 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no, samplecount = wv_unpack_stereo(s, &s->gb, samples, AV_SAMPLE_FMT_S32); else samplecount = wv_unpack_stereo(s, &s->gb, samples, AV_SAMPLE_FMT_FLT); + + if (samplecount < 0) + return -1; + samplecount >>= 1; }else{ const int channel_stride = avctx->channels; @@ -1130,11 +1134,14 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no, else samplecount = wv_unpack_mono(s, &s->gb, samples, AV_SAMPLE_FMT_FLT); + if (samplecount < 0) + return -1; + if(s->stereo && avctx->sample_fmt == AV_SAMPLE_FMT_S16){ int16_t *dst = (int16_t*)samples + 1; int16_t *src = (int16_t*)samples; int cnt = samplecount; - while(cnt-- > 0){ + while(cnt--){ *dst = *src; src += channel_stride; dst += channel_stride; @@ -1143,7 +1150,7 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no, int32_t *dst = (int32_t*)samples + 1; int32_t *src = (int32_t*)samples; int cnt = samplecount; - while(cnt-- > 0){ + while(cnt--){ *dst = *src; src += channel_stride; dst += channel_stride; @@ -1152,7 +1159,7 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no, float *dst = (float*)samples + 1; float *src = (float*)samples; int cnt = samplecount; - while(cnt-- > 0){ + while(cnt--){ *dst = *src; src += channel_stride; dst += channel_stride; From 07b3c4cde582a91377372d1dd2afe7c79230f56e Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Fri, 9 Sep 2011 22:04:09 +0200 Subject: [PATCH 367/652] ffv1: Fixed size given to init_get_bits() in decoder. init_get_bits() takes a number of bits and not a number of bytes as its size argument. Signed-off-by: Alex Converse (cherry picked from commit 46b004959bb7870a361a57272cd5fa7eea34250b) Signed-off-by: Anton Khirnov --- libavcodec/ffv1.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/ffv1.c b/libavcodec/ffv1.c index 50f1062ad4..ab2cc6e7cd 100644 --- a/libavcodec/ffv1.c +++ b/libavcodec/ffv1.c @@ -1765,7 +1765,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac bytes_read = c->bytestream - c->bytestream_start - 1; if(bytes_read ==0) av_log(avctx, AV_LOG_ERROR, "error at end of AC stream\n"); //FIXME //printf("pos=%d\n", bytes_read); - init_get_bits(&f->slice_context[0]->gb, buf + bytes_read, buf_size - bytes_read); + init_get_bits(&f->slice_context[0]->gb, buf + bytes_read, (buf_size - bytes_read) * 8); } else { bytes_read = 0; /* avoid warning */ } @@ -1782,7 +1782,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac if(fs->ac){ ff_init_range_decoder(&fs->c, buf_p, v); }else{ - init_get_bits(&fs->gb, buf_p, v); + init_get_bits(&fs->gb, buf_p, v * 8); } } From af32fa929a81188c4c451f8648f2f650dcf5228a Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Fri, 9 Sep 2011 13:24:19 -0700 Subject: [PATCH 368/652] indeo2: init_get_bits size in bits instead of bytes (cherry picked from commit 68ca330cbd479111db9cb7649d7530ad59f04cc8) Signed-off-by: Anton Khirnov --- libavcodec/indeo2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/indeo2.c b/libavcodec/indeo2.c index 0e588c3966..6cf893b15e 100644 --- a/libavcodec/indeo2.c +++ b/libavcodec/indeo2.c @@ -165,7 +165,7 @@ static int ir2_decode_frame(AVCodecContext *avctx, #endif start = 48; /* hardcoded for now */ - init_get_bits(&s->gb, buf + start, buf_size - start); + init_get_bits(&s->gb, buf + start, (buf_size - start) * 8); if (s->decode_delta) { /* intraframe */ ir2_decode_plane(s, avctx->width, avctx->height, From 6550e2b5c51cf7d3d40f666f6966b57f622ffffc Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Fri, 9 Sep 2011 13:26:49 -0700 Subject: [PATCH 369/652] indeo2: fail if input buffer too small (cherry picked from commit b7ce4f1d1c3add86ece7ca595ea6c4a10b471055) Signed-off-by: Anton Khirnov --- libavcodec/indeo2.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libavcodec/indeo2.c b/libavcodec/indeo2.c index 6cf893b15e..544f476774 100644 --- a/libavcodec/indeo2.c +++ b/libavcodec/indeo2.c @@ -156,6 +156,13 @@ static int ir2_decode_frame(AVCodecContext *avctx, return -1; } + start = 48; /* hardcoded for now */ + + if (start >= buf_size) { + av_log(s->avctx, AV_LOG_ERROR, "input buffer size too small (%d)\n", buf_size); + return AVERROR_INVALIDDATA; + } + s->decode_delta = buf[18]; /* decide whether frame uses deltas or not */ @@ -163,7 +170,6 @@ static int ir2_decode_frame(AVCodecContext *avctx, for (i = 0; i < buf_size; i++) buf[i] = av_reverse[buf[i]]; #endif - start = 48; /* hardcoded for now */ init_get_bits(&s->gb, buf + start, (buf_size - start) * 8); From 384ed15c2a81812757ecd182f01256f7426af290 Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Fri, 9 Sep 2011 14:50:33 -0700 Subject: [PATCH 370/652] cljr: init_get_bits size in bits instead of bytes (cherry picked from commit 0c1f5b93d9b97c4cc3684ba91a040e90bfc760d2) Signed-off-by: Anton Khirnov --- libavcodec/cljr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/cljr.c b/libavcodec/cljr.c index e2b01e2a6a..b83919e71d 100644 --- a/libavcodec/cljr.c +++ b/libavcodec/cljr.c @@ -67,7 +67,7 @@ static int decode_frame(AVCodecContext *avctx, p->pict_type= AV_PICTURE_TYPE_I; p->key_frame= 1; - init_get_bits(&a->gb, buf, buf_size); + init_get_bits(&a->gb, buf, buf_size * 8); for(y=0; yheight; y++){ uint8_t *luma= &a->picture.data[0][ y*a->picture.linesize[0] ]; From 9b30b7b9bfc83df9ba7c9a39fd0dcd74dfc063f3 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Wed, 7 Sep 2011 21:43:03 +0200 Subject: [PATCH 371/652] Fixed segfault with wavpack decoder on corrupted decorrelation terms sub-blocks. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Storsjö (cherry picked from commit 8bfea4ab4e2cb32bc7bf6f697ee30a238c65d296) Signed-off-by: Anton Khirnov --- libavcodec/wavpack.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c index f614c7afec..155633f3ac 100644 --- a/libavcodec/wavpack.c +++ b/libavcodec/wavpack.c @@ -862,12 +862,13 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no, } switch(id & WP_IDF_MASK){ case WP_ID_DECTERMS: - s->terms = size; - if(s->terms > MAX_TERMS){ + if(size > MAX_TERMS){ av_log(avctx, AV_LOG_ERROR, "Too many decorrelation terms\n"); + s->terms = 0; buf += ssize; continue; } + s->terms = size; for(i = 0; i < s->terms; i++) { s->decorr[s->terms - i - 1].value = (*buf & 0x1F) - 5; s->decorr[s->terms - i - 1].delta = *buf >> 5; From 0b9b3570a3e3f3eff088ee061dbab165ff3eff2f Mon Sep 17 00:00:00 2001 From: Kostya Shishkov Date: Mon, 12 Sep 2011 09:40:42 +0200 Subject: [PATCH 372/652] smacker demuxer: handle possible av_realloc() failure. Signed-off-by: Anton Khirnov (cherry picked from commit 47a8589f7bc69d1a29da1dfdfbd0dfa78a9e31fd) Signed-off-by: Anton Khirnov --- libavformat/smacker.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/libavformat/smacker.c b/libavformat/smacker.c index db9a02bb6c..135b4ae708 100644 --- a/libavformat/smacker.c +++ b/libavformat/smacker.c @@ -286,11 +286,16 @@ static int smacker_read_packet(AVFormatContext *s, AVPacket *pkt) for(i = 0; i < 7; i++) { if(flags & 1) { int size; + uint8_t *tmpbuf; + size = avio_rl32(s->pb) - 4; frame_size -= size; frame_size -= 4; smk->curstream++; - smk->bufs[smk->curstream] = av_realloc(smk->bufs[smk->curstream], size); + tmpbuf = av_realloc(smk->bufs[smk->curstream], size); + if (!tmpbuf) + return AVERROR(ENOMEM); + smk->bufs[smk->curstream] = tmpbuf; smk->buf_sizes[smk->curstream] = size; ret = avio_read(s->pb, smk->bufs[smk->curstream], size); if(ret != size) From e6694dce1cbaa1ecd2cbe547c9bf45745986e2c1 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 10 Sep 2011 00:32:12 +0200 Subject: [PATCH 373/652] Fixed size given to init_get_bits() in xan decoder. (cherry picked from commit 393d5031c6aaaf8c2dda4eb5d676974c349fae85) Signed-off-by: Anton Khirnov --- libavcodec/xan.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/libavcodec/xan.c b/libavcodec/xan.c index 876a9a5558..521764fd1c 100644 --- a/libavcodec/xan.c +++ b/libavcodec/xan.c @@ -95,17 +95,18 @@ static av_cold int xan_decode_init(AVCodecContext *avctx) return 0; } -static int xan_huffman_decode(unsigned char *dest, const unsigned char *src, - int dest_len) +static int xan_huffman_decode(unsigned char *dest, int dest_len, + const unsigned char *src, int src_len) { unsigned char byte = *src++; unsigned char ival = byte + 0x16; const unsigned char * ptr = src + byte*2; + int ptr_len = src_len - 1 - byte*2; unsigned char val = ival; unsigned char *dest_end = dest + dest_len; GetBitContext gb; - init_get_bits(&gb, ptr, 0); // FIXME: no src size available + init_get_bits(&gb, ptr, ptr_len * 8); while ( val != 0x16 ) { val = src[val - 0x17 + get_bits1(&gb) * byte]; @@ -270,7 +271,8 @@ static void xan_wc3_decode_frame(XanContext *s) { vector_segment = s->buf + AV_RL16(&s->buf[4]); imagedata_segment = s->buf + AV_RL16(&s->buf[6]); - xan_huffman_decode(opcode_buffer, huffman_segment, opcode_buffer_size); + xan_huffman_decode(opcode_buffer, opcode_buffer_size, + huffman_segment, s->size - (huffman_segment - s->buf) ); if (imagedata_segment[0] == 2) xan_unpack(s->buffer2, &imagedata_segment[1], s->buffer2_size); From 61ddc8271d61b0e4ebb3b6954fc32f10799da228 Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Fri, 9 Sep 2011 16:10:03 -0700 Subject: [PATCH 374/652] xan: Add some buffer checks (cherry picked from commit 0872bb23b4bd2d94a8ba91070f706d1bc1c3ced8) Signed-off-by: Anton Khirnov --- libavcodec/xan.c | 37 +++++++++++++++++++++++++++++-------- 1 file changed, 29 insertions(+), 8 deletions(-) diff --git a/libavcodec/xan.c b/libavcodec/xan.c index 521764fd1c..88a9adbc30 100644 --- a/libavcodec/xan.c +++ b/libavcodec/xan.c @@ -106,6 +106,9 @@ static int xan_huffman_decode(unsigned char *dest, int dest_len, unsigned char *dest_end = dest + dest_len; GetBitContext gb; + if (ptr_len < 0) + return AVERROR_INVALIDDATA; + init_get_bits(&gb, ptr, ptr_len * 8); while ( val != 0x16 ) { @@ -245,7 +248,7 @@ static inline void xan_wc3_copy_pixel_run(XanContext *s, } } -static void xan_wc3_decode_frame(XanContext *s) { +static int xan_wc3_decode_frame(XanContext *s) { int width = s->avctx->width; int height = s->avctx->height; @@ -265,14 +268,30 @@ static void xan_wc3_decode_frame(XanContext *s) { const unsigned char *size_segment; const unsigned char *vector_segment; const unsigned char *imagedata_segment; + int huffman_offset, size_offset, vector_offset, imagedata_offset; - huffman_segment = s->buf + AV_RL16(&s->buf[0]); - size_segment = s->buf + AV_RL16(&s->buf[2]); - vector_segment = s->buf + AV_RL16(&s->buf[4]); - imagedata_segment = s->buf + AV_RL16(&s->buf[6]); + if (s->size < 8) + return AVERROR_INVALIDDATA; - xan_huffman_decode(opcode_buffer, opcode_buffer_size, - huffman_segment, s->size - (huffman_segment - s->buf) ); + huffman_offset = AV_RL16(&s->buf[0]); + size_offset = AV_RL16(&s->buf[2]); + vector_offset = AV_RL16(&s->buf[4]); + imagedata_offset = AV_RL16(&s->buf[6]); + + if (huffman_offset >= s->size || + size_offset >= s->size || + vector_offset >= s->size || + imagedata_offset >= s->size) + return AVERROR_INVALIDDATA; + + huffman_segment = s->buf + huffman_offset; + size_segment = s->buf + size_offset; + vector_segment = s->buf + vector_offset; + imagedata_segment = s->buf + imagedata_offset; + + if (xan_huffman_decode(opcode_buffer, opcode_buffer_size, + huffman_segment, s->size - huffman_offset) < 0) + return AVERROR_INVALIDDATA; if (imagedata_segment[0] == 2) xan_unpack(s->buffer2, &imagedata_segment[1], s->buffer2_size); @@ -358,6 +377,7 @@ static void xan_wc3_decode_frame(XanContext *s) { y += (x + size) / width; x = (x + size) % width; } + return 0; } #if RUNTIME_GAMMA @@ -519,7 +539,8 @@ static int xan_decode_frame(AVCodecContext *avctx, s->buf = buf; s->size = buf_size; - xan_wc3_decode_frame(s); + if (xan_wc3_decode_frame(s) < 0) + return AVERROR_INVALIDDATA; /* release the last frame if it is allocated */ if (s->last_frame.data[0]) From 4ee014309c377f7cfaa9578a393864ae500136f6 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sun, 11 Sep 2011 19:17:40 +0200 Subject: [PATCH 375/652] ape demuxer: fix segfault on memory allocation failure. Signed-off-by: Anton Khirnov (cherry picked from commit 273aab99bf7be2bcda95dd64101c2317ee0fcb99) Signed-off-by: Anton Khirnov --- libavformat/ape.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/ape.c b/libavformat/ape.c index 90b02619e0..b0841002a2 100644 --- a/libavformat/ape.c +++ b/libavformat/ape.c @@ -270,6 +270,8 @@ static int ape_read_header(AVFormatContext * s, AVFormatParameters * ap) if (ape->seektablelength > 0) { ape->seektable = av_malloc(ape->seektablelength); + if (!ape->seektable) + return AVERROR(ENOMEM); for (i = 0; i < ape->seektablelength / sizeof(uint32_t); i++) ape->seektable[i] = avio_rl32(pb); } From 4e7905fa9ee75eed404db4d2cca69f833452bf72 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Mon, 12 Sep 2011 20:50:13 +0200 Subject: [PATCH 376/652] Check for invalid packet size in the smacker demuxer. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Storsjö (cherry picked from commit e055932f5636a82275837968eea9c8fcb5bca474) Signed-off-by: Anton Khirnov --- libavformat/smacker.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/smacker.c b/libavformat/smacker.c index 135b4ae708..87c59a3049 100644 --- a/libavformat/smacker.c +++ b/libavformat/smacker.c @@ -304,6 +304,8 @@ static int smacker_read_packet(AVFormatContext *s, AVPacket *pkt) } flags >>= 1; } + if (frame_size < 0) + return AVERROR_INVALIDDATA; if (av_new_packet(pkt, frame_size + 768)) return AVERROR(ENOMEM); if(smk->frm_size[smk->cur_frame] & 1) From 9f391c4971d4ce2e849a6465a19d1f9da1488194 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Mon, 12 Sep 2011 20:50:34 +0200 Subject: [PATCH 377/652] Fixed off by one packet size allocation in the smacker demuxer. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Storsjö (cherry picked from commit a92d0fa5d234582583d41b67dddecffc2c819573) Signed-off-by: Anton Khirnov --- libavformat/smacker.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/smacker.c b/libavformat/smacker.c index 87c59a3049..a817c31355 100644 --- a/libavformat/smacker.c +++ b/libavformat/smacker.c @@ -306,7 +306,7 @@ static int smacker_read_packet(AVFormatContext *s, AVPacket *pkt) } if (frame_size < 0) return AVERROR_INVALIDDATA; - if (av_new_packet(pkt, frame_size + 768)) + if (av_new_packet(pkt, frame_size + 769)) return AVERROR(ENOMEM); if(smk->frm_size[smk->cur_frame] & 1) palchange |= 2; From 5b1f79b092a4684c1e700ea21d5da77c68ca7d44 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Mon, 12 Sep 2011 23:46:49 +0200 Subject: [PATCH 378/652] Check and propagate errors when VLC trees cannot be built in smacker decoder. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Storsjö (cherry picked from commit 9676ffba8346791f494451e68d2a3b37a2918a9b) Signed-off-by: Anton Khirnov --- libavcodec/smacker.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c index 8060e1cee7..e8de0d89c5 100644 --- a/libavcodec/smacker.c +++ b/libavcodec/smacker.c @@ -134,10 +134,10 @@ static int smacker_decode_bigtree(GetBitContext *gb, HuffContext *hc, DBCtx *ctx return -1; } b1 = get_bits_count(gb); - i1 = get_vlc2(gb, ctx->v1->table, SMKTREE_BITS, 3); + i1 = ctx->v1->table ? get_vlc2(gb, ctx->v1->table, SMKTREE_BITS, 3) : 0; b1 = get_bits_count(gb) - b1; b2 = get_bits_count(gb); - i2 = get_vlc2(gb, ctx->v2->table, SMKTREE_BITS, 3); + i2 = ctx->v2->table ? get_vlc2(gb, ctx->v2->table, SMKTREE_BITS, 3) : 0; b2 = get_bits_count(gb) - b2; val = ctx->recode1[i1] | (ctx->recode2[i2] << 8); if(val == ctx->escapes[0]) { @@ -290,7 +290,8 @@ static int decode_header_trees(SmackVContext *smk) { smk->mmap_tbl[0] = 0; smk->mmap_last[0] = smk->mmap_last[1] = smk->mmap_last[2] = 1; } else { - smacker_decode_header_tree(smk, &gb, &smk->mmap_tbl, smk->mmap_last, mmap_size); + if (smacker_decode_header_tree(smk, &gb, &smk->mmap_tbl, smk->mmap_last, mmap_size)) + return -1; } if(!get_bits1(&gb)) { av_log(smk->avctx, AV_LOG_INFO, "Skipping MCLR tree\n"); @@ -298,7 +299,8 @@ static int decode_header_trees(SmackVContext *smk) { smk->mclr_tbl[0] = 0; smk->mclr_last[0] = smk->mclr_last[1] = smk->mclr_last[2] = 1; } else { - smacker_decode_header_tree(smk, &gb, &smk->mclr_tbl, smk->mclr_last, mclr_size); + if (smacker_decode_header_tree(smk, &gb, &smk->mclr_tbl, smk->mclr_last, mclr_size)) + return -1; } if(!get_bits1(&gb)) { av_log(smk->avctx, AV_LOG_INFO, "Skipping FULL tree\n"); @@ -306,7 +308,8 @@ static int decode_header_trees(SmackVContext *smk) { smk->full_tbl[0] = 0; smk->full_last[0] = smk->full_last[1] = smk->full_last[2] = 1; } else { - smacker_decode_header_tree(smk, &gb, &smk->full_tbl, smk->full_last, full_size); + if (smacker_decode_header_tree(smk, &gb, &smk->full_tbl, smk->full_last, full_size)) + return -1; } if(!get_bits1(&gb)) { av_log(smk->avctx, AV_LOG_INFO, "Skipping TYPE tree\n"); @@ -314,7 +317,8 @@ static int decode_header_trees(SmackVContext *smk) { smk->type_tbl[0] = 0; smk->type_last[0] = smk->type_last[1] = smk->type_last[2] = 1; } else { - smacker_decode_header_tree(smk, &gb, &smk->type_tbl, smk->type_last, type_size); + if (smacker_decode_header_tree(smk, &gb, &smk->type_tbl, smk->type_last, type_size)) + return -1; } return 0; @@ -522,8 +526,8 @@ static av_cold int decode_init(AVCodecContext *avctx) return -1; } - decode_header_trees(c); - + if (decode_header_trees(c)) + return -1; return 0; } From 0d93b03e6861fafd3eddd9ee164cf56630c9d899 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Mon, 12 Sep 2011 23:49:36 +0200 Subject: [PATCH 379/652] Check for invalid VLC value in smacker decoder. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Storsjö (cherry picked from commit 6489455495fc5bfbebcfe3f57e5d4fdd6a781091) Signed-off-by: Anton Khirnov --- libavcodec/smacker.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c index e8de0d89c5..9628b07492 100644 --- a/libavcodec/smacker.c +++ b/libavcodec/smacker.c @@ -139,6 +139,8 @@ static int smacker_decode_bigtree(GetBitContext *gb, HuffContext *hc, DBCtx *ctx b2 = get_bits_count(gb); i2 = ctx->v2->table ? get_vlc2(gb, ctx->v2->table, SMKTREE_BITS, 3) : 0; b2 = get_bits_count(gb) - b2; + if (i1 < 0 || i2 < 0) + return -1; val = ctx->recode1[i1] | (ctx->recode2[i2] << 8); if(val == ctx->escapes[0]) { ctx->last[0] = hc->current; From 78cd2e18a4aa2835f6d04cf145121fc82099c1a5 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 13 Sep 2011 23:24:56 +0200 Subject: [PATCH 380/652] smacker: fix a few off by 1 errors MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit stereo & 16bit is untested due to lack of samples Signed-off-by: Martin Storsjö (cherry picked from commit 5166376f24545207607f61ed8ff4e1b0572ff320) Signed-off-by: Anton Khirnov --- libavcodec/smacker.c | 8 +-- tests/ref/fate/smacker | 160 ++++++++++++++++++++--------------------- 2 files changed, 84 insertions(+), 84 deletions(-) diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c index 9628b07492..1fa40def62 100644 --- a/libavcodec/smacker.c +++ b/libavcodec/smacker.c @@ -624,9 +624,9 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data, int *data_size, if(bits) { //decode 16-bit data for(i = stereo; i >= 0; i--) pred[i] = av_bswap16(get_bits(&gb, 16)); - for(i = 0; i < stereo; i++) + for(i = 0; i <= stereo; i++) *samples++ = pred[i]; - for(i = 0; i < unp_size / 2; i++) { + for(; i < unp_size / 2; i++) { if(i & stereo) { if(vlc[2].table) res = get_vlc2(&gb, vlc[2].table, SMKTREE_BITS, 3); @@ -658,9 +658,9 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data, int *data_size, } else { //8-bit data for(i = stereo; i >= 0; i--) pred[i] = get_bits(&gb, 8); - for(i = 0; i < stereo; i++) + for(i = 0; i <= stereo; i++) *samples8++ = pred[i]; - for(i = 0; i < unp_size; i++) { + for(; i < unp_size; i++) { if(i & stereo){ if(vlc[1].table) res = get_vlc2(&gb, vlc[1].table, SMKTREE_BITS, 3); diff --git a/tests/ref/fate/smacker b/tests/ref/fate/smacker index 85c4a9817c..df88a4ae8a 100644 --- a/tests/ref/fate/smacker +++ b/tests/ref/fate/smacker @@ -1,5 +1,5 @@ 0, 0, 192000, 0x8926d7fc -1, 0, 47240, 0xad778a78 +1, 0, 47240, 0x9974897c 0, 6390, 192000, 0x2506d384 0, 12780, 192000, 0x9a8dc93a 0, 19170, 192000, 0x4badb7f2 @@ -15,163 +15,163 @@ 0, 83070, 192000, 0x1a3d7971 0, 89460, 192000, 0xa1a65bd5 0, 95850, 192000, 0x344957b9 -1, 96408, 3128, 0x4c1564ae +1, 96408, 3128, 0x7e4064b4 0, 102240, 192000, 0xe23b5f4e -1, 102792, 3128, 0x34553309 +1, 102792, 3128, 0x80883301 0, 108630, 192000, 0xb5c2710b -1, 109176, 3136, 0xb474d246 +1, 109176, 3136, 0x2ad2d341 0, 115020, 192000, 0x7a25938f -1, 115576, 3128, 0x87b868ea +1, 115576, 3128, 0xda8468e3 0, 121410, 192000, 0x0a84e4c9 -1, 121959, 3136, 0xf1516dc3 +1, 121959, 3136, 0x9d6f6cdf 0, 127800, 192000, 0x94209b0d -1, 128359, 3128, 0x867563cb +1, 128359, 3128, 0x1aaa64b5 0, 134190, 192000, 0xf940e51f -1, 134743, 3128, 0x5200728c +1, 134743, 3128, 0x9182728b 0, 140580, 192000, 0xb9fdec42 -1, 141127, 3136, 0xeda118a0 +1, 141127, 3136, 0xfa8e17b3 0, 146970, 192000, 0x7b04a376 -1, 147527, 3128, 0x03e2c1d6 +1, 147527, 3128, 0x0dc3c1cf 0, 153360, 192000, 0x5fe0026b -1, 153910, 3136, 0xc3e862b6 +1, 153910, 3136, 0x0109639d 0, 159750, 192000, 0x775aca39 -1, 160310, 3128, 0x937a13be +1, 160310, 3128, 0x6d8a12d9 0, 166140, 192000, 0xae14fb32 -1, 166694, 3128, 0x7b1b9577 +1, 166694, 3128, 0x4b9a9597 0, 172530, 192000, 0x661106e5 -1, 173078, 3136, 0x042c7113 +1, 173078, 3136, 0x9112710e 0, 178920, 192000, 0xe8658dbf -1, 179478, 3128, 0xac48f451 +1, 179478, 3128, 0x8cccf522 0, 185310, 192000, 0x5359f0f9 -1, 185861, 3128, 0x018fbbe9 +1, 185861, 3128, 0x6594bbf3 0, 191700, 192000, 0xc1ec80f4 -1, 192245, 3136, 0xc62aa7ce +1, 192245, 3136, 0xd878a7d5 0, 198090, 192000, 0xca53806b -1, 198645, 3128, 0x106e3924 +1, 198645, 3128, 0xaa6e3905 0, 204480, 192000, 0xf0766b2e -1, 205029, 3136, 0xfeb82ecc +1, 205029, 3136, 0x2a062e04 0, 210870, 192000, 0x39962da8 -1, 211429, 3128, 0x7e7c005b +1, 211429, 3128, 0x84e4006a 0, 217260, 192000, 0x4171c37f -1, 217812, 3128, 0x949d3560 +1, 217812, 3128, 0x85183633 0, 223650, 192000, 0x3abf3b46 -1, 224196, 3136, 0x02bd4aff +1, 224196, 3136, 0xb62d4b02 0, 230040, 192000, 0xecc68313 -1, 230596, 3128, 0x4aaf4715 +1, 230596, 3128, 0xe209462a 0, 236430, 192000, 0xea339baf -1, 236980, 3136, 0x2958825f +1, 236980, 3136, 0x57c4824b 0, 242820, 192000, 0x616b8f16 -1, 243380, 3128, 0x99a5914d +1, 243380, 3128, 0x664a9163 0, 249210, 192000, 0xf77a8581 -1, 249763, 3128, 0xe67277a4 +1, 249763, 3128, 0xb4287874 0, 255600, 192000, 0xb315678b -1, 256147, 3136, 0x11296973 +1, 256147, 3136, 0xde626885 0, 261990, 192000, 0x0a4a5218 -1, 262547, 3128, 0x5cc362f7 +1, 262547, 3128, 0x919763c2 0, 268380, 192000, 0x98802be4 -1, 268931, 3128, 0x0c5e6586 +1, 268931, 3128, 0xa4f664e1 0, 274770, 192000, 0xa2f0fd94 -1, 275314, 3136, 0xe940b0f9 +1, 275314, 3136, 0xa0bab0d4 0, 281160, 192000, 0x6671c84f -1, 281714, 3128, 0x2c9292cc +1, 281714, 3128, 0xe938939c 0, 287550, 192000, 0x38327e31 -1, 288098, 3136, 0xa807c096 +1, 288098, 3136, 0x3679bfc7 0, 293940, 192000, 0xb85d3e08 -1, 294498, 3128, 0x9d2254d8 +1, 294498, 3128, 0xc96c55c3 0, 300330, 192000, 0xdc69eba9 -1, 300882, 3128, 0xe68015b0 +1, 300882, 3128, 0x119114d6 0, 306720, 192000, 0x8955a0b3 -1, 307265, 3136, 0x65d58029 +1, 307265, 3136, 0x42f3800f 0, 313110, 192000, 0x714a548b -1, 313665, 3128, 0xcffcc48c +1, 313665, 3128, 0x4250c4ad 0, 319500, 192000, 0xc0471de9 -1, 320049, 3136, 0x8c704944 +1, 320049, 3136, 0x5cdd4925 0, 325890, 192000, 0x2e16e039 -1, 326449, 3128, 0x1459231d +1, 326449, 3128, 0xa4c12360 0, 332280, 192000, 0x9fa4b033 -1, 332833, 3128, 0x7dde4839 +1, 332833, 3128, 0x849f48de 0, 338670, 192000, 0x4a0f9402 -1, 339216, 3136, 0xbb6890e2 +1, 339216, 3136, 0x6acd8ff9 0, 345060, 192000, 0x1f3e6843 -1, 345616, 3128, 0xcd9a8524 +1, 345616, 3128, 0xb2758556 0, 351450, 192000, 0x31774850 -1, 352000, 3128, 0xa244fc31 +1, 352000, 3128, 0x10f2fcb1 0, 357840, 192000, 0x9d5336a2 -1, 358384, 3136, 0x504e2bd9 +1, 358384, 3136, 0xf0f02b23 0, 364230, 192000, 0xf7de27a2 -1, 364784, 3128, 0x655858d8 +1, 364784, 3128, 0x64f759c6 0, 370620, 192000, 0x98c717ce -1, 371167, 3136, 0x46027610 +1, 371167, 3136, 0x7ec075e3 0, 377010, 192000, 0x615b10b8 -1, 377567, 3128, 0x4192d5e3 +1, 377567, 3128, 0xf981d51e 0, 383400, 192000, 0xd5bc0e7e -1, 383951, 3128, 0x21d2e7fe +1, 383951, 3128, 0xc622e8b9 0, 389790, 192000, 0xd5bc0e7e -1, 390335, 3136, 0x7c93e329 +1, 390335, 3136, 0xf632e2f8 0, 396180, 192000, 0xd5bc0e7e -1, 396735, 3128, 0xa67718c0 +1, 396735, 3128, 0xda561864 0, 402570, 192000, 0xd5bc0e7e -1, 403118, 3136, 0x9bb6e8a3 +1, 403118, 3136, 0x14d2e888 0, 408960, 192000, 0xd5bc0e7e -1, 409518, 3128, 0x0933b7a6 +1, 409518, 3128, 0x015bb869 0, 415350, 192000, 0xd5bc0e7e -1, 415902, 3128, 0x07f1fb57 +1, 415902, 3128, 0xedb1fb62 0, 421740, 192000, 0xd5bc0e7e -1, 422286, 3136, 0x8a050cfd +1, 422286, 3136, 0xe0560c41 0, 428130, 192000, 0xd5bc0e7e -1, 428686, 3128, 0xdb773c0b +1, 428686, 3128, 0x14773c9a 0, 434520, 192000, 0xd5bc0e7e -1, 435069, 3136, 0xd1281c53 +1, 435069, 3136, 0x850f1c82 0, 440910, 192000, 0xd5bc0e7e -1, 441469, 3128, 0x9f395324 +1, 441469, 3128, 0xb0bd5347 0, 447300, 192000, 0xd5bc0e7e -1, 447853, 3128, 0x5f13edec +1, 447853, 3128, 0x8f82edbf 0, 453690, 192000, 0xd5bc0e7e -1, 454237, 3136, 0x871cbecf +1, 454237, 3136, 0x493abee2 0, 460080, 192000, 0xd5bc0e7e -1, 460637, 3128, 0x799eff3e +1, 460637, 3128, 0xf5daff3f 0, 466470, 192000, 0xd5bc0e7e -1, 467020, 3128, 0x3f902762 +1, 467020, 3128, 0x78ad2690 0, 472860, 192000, 0xd5bc0e7e -1, 473404, 3136, 0x29f8bb04 +1, 473404, 3136, 0x490ebafc 0, 479250, 192000, 0xd5bc0e7e -1, 479804, 3128, 0xf3523ee9 +1, 479804, 3128, 0x70333fd2 0, 485640, 192000, 0xd5bc0e7e -1, 486188, 3136, 0x4405c435 +1, 486188, 3136, 0x8cb1c350 0, 492030, 192000, 0xd5bc0e7e -1, 492588, 3128, 0x892957cb +1, 492588, 3128, 0x8bd057cb 0, 498420, 192000, 0xd5bc0e7e -1, 498971, 3128, 0xdf483dbd +1, 498971, 3128, 0x161b3dbc 0, 504810, 192000, 0xd5bc0e7e -1, 505355, 3136, 0x5e8ab797 +1, 505355, 3136, 0xb47fb88a 0, 511200, 192000, 0xd5bc0e7e -1, 511755, 3128, 0x92e13820 +1, 511755, 3128, 0x474b381e 0, 517590, 192000, 0xd5bc0e7e -1, 518139, 3136, 0xfde719b6 +1, 518139, 3136, 0x07c519bb 0, 523980, 192000, 0xd5bc0e7e -1, 524539, 3128, 0x442f17ae +1, 524539, 3128, 0x15b916c8 0, 530370, 192000, 0xd5bc0e7e -1, 530922, 3128, 0x011af61f +1, 530922, 3128, 0x0ed7f6fb 0, 536760, 192000, 0xd5bc0e7e -1, 537306, 3136, 0x4e3e3a6d +1, 537306, 3136, 0x54d6397b 0, 543150, 192000, 0xd5bc0e7e -1, 543706, 3128, 0xc11242b9 +1, 543706, 3128, 0x437242bb 0, 549540, 192000, 0xd5bc0e7e -1, 550090, 3128, 0x01415b59 +1, 550090, 3128, 0x38f05c4d 0, 555930, 192000, 0xd5bc0e7e -1, 556473, 3136, 0x302e0e55 +1, 556473, 3136, 0x5d000e59 0, 562320, 192000, 0xd5bc0e7e -1, 562873, 3128, 0x20522d04 +1, 562873, 3128, 0xdeab2d04 0, 568710, 192000, 0xd5bc0e7e -1, 569257, 3136, 0x316a697d +1, 569257, 3136, 0x77de6880 0, 575100, 192000, 0xd5bc0e7e -1, 575657, 3128, 0x6d75ee27 +1, 575657, 3128, 0xbc87ef25 0, 581490, 192000, 0xd5bc0e7e -1, 582041, 3128, 0xcb008ae8 +1, 582041, 3128, 0xc1638ade 0, 587880, 192000, 0xd5bc0e7e -1, 588424, 3136, 0xd2664b51 +1, 588424, 3136, 0xcfb64a5f 0, 594270, 192000, 0xd5bc0e7e -1, 594824, 3128, 0xdfcab728 +1, 594824, 3128, 0x90b1b826 0, 600660, 192000, 0xd5bc0e7e 1, 601208, 3136, 0x00000000 0, 607050, 192000, 0xd5bc0e7e From 54a178f28ff5caf8cac5493cc3f1c22ac2323fcf Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Fri, 9 Sep 2011 23:46:00 +0200 Subject: [PATCH 381/652] Fixed size given to init_get_bits(). init_get_bits() takes a number of bits and not a number of bytes as its size argument. Signed-off-by: Alex Converse (cherry picked from commit b59efc94347ccf0cbc2ff14a5a9e99819c5bdc4d) Signed-off-by: Anton Khirnov --- libavcodec/aac_adtstoasc_bsf.c | 2 +- libavcodec/avs.c | 2 +- libavcodec/jvdec.c | 2 +- libavcodec/rv34.c | 2 +- libavcodec/tta.c | 2 +- libavformat/movenc.c | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/libavcodec/aac_adtstoasc_bsf.c b/libavcodec/aac_adtstoasc_bsf.c index fbb86f8af7..d1310c4149 100644 --- a/libavcodec/aac_adtstoasc_bsf.c +++ b/libavcodec/aac_adtstoasc_bsf.c @@ -72,7 +72,7 @@ static int aac_adtstoasc_filter(AVBitStreamFilterContext *bsfc, int pce_size = 0; uint8_t pce_data[MAX_PCE_SIZE]; if (!hdr.chan_config) { - init_get_bits(&gb, buf, buf_size); + init_get_bits(&gb, buf, buf_size * 8); if (get_bits(&gb, 3) != 5) { av_log_missing_feature(avctx, "PCE based channel configuration, where the PCE is not the first syntax element is", 0); return -1; diff --git a/libavcodec/avs.c b/libavcodec/avs.c index 1c2682b338..1a5e44401c 100644 --- a/libavcodec/avs.c +++ b/libavcodec/avs.c @@ -117,7 +117,7 @@ avs_decode_frame(AVCodecContext * avctx, table = buf + (256 * vect_w * vect_h); if (sub_type != AVS_I_FRAME) { int map_size = ((318 / vect_w + 7) / 8) * (198 / vect_h); - init_get_bits(&change_map, table, map_size); + init_get_bits(&change_map, table, map_size * 8); table += map_size; } diff --git a/libavcodec/jvdec.c b/libavcodec/jvdec.c index 0c346486f5..5249764347 100644 --- a/libavcodec/jvdec.c +++ b/libavcodec/jvdec.c @@ -150,7 +150,7 @@ static int decode_frame(AVCodecContext *avctx, if (video_type == 0 || video_type == 1) { GetBitContext gb; - init_get_bits(&gb, buf, FFMIN(video_size, buf_end - buf)); + init_get_bits(&gb, buf, FFMIN(video_size, (buf_end - buf) * 8)); for (j = 0; j < avctx->height; j += 8) for (i = 0; i < avctx->width; i += 8) diff --git a/libavcodec/rv34.c b/libavcodec/rv34.c index c5dcfdcba4..910b933dd9 100644 --- a/libavcodec/rv34.c +++ b/libavcodec/rv34.c @@ -1444,7 +1444,7 @@ int ff_rv34_decode_frame(AVCodecContext *avctx, av_log(avctx, AV_LOG_ERROR, "Slice offset is greater than frame size\n"); return -1; } - init_get_bits(&s->gb, buf+get_slice_offset(avctx, slices_hdr, 0), buf_size-get_slice_offset(avctx, slices_hdr, 0)); + init_get_bits(&s->gb, buf+get_slice_offset(avctx, slices_hdr, 0), (buf_size-get_slice_offset(avctx, slices_hdr, 0))*8); if(r->parse_slice_header(r, &r->s.gb, &si) < 0 || si.start){ av_log(avctx, AV_LOG_ERROR, "First slice header is incorrect\n"); return -1; diff --git a/libavcodec/tta.c b/libavcodec/tta.c index 57f5818d7b..fd5aa46670 100644 --- a/libavcodec/tta.c +++ b/libavcodec/tta.c @@ -216,7 +216,7 @@ static av_cold int tta_decode_init(AVCodecContext * avctx) if (avctx->extradata_size < 30) return -1; - init_get_bits(&s->gb, avctx->extradata, avctx->extradata_size); + init_get_bits(&s->gb, avctx->extradata, avctx->extradata_size * 8); if (show_bits_long(&s->gb, 32) == AV_RL32("TTA1")) { /* signature */ diff --git a/libavformat/movenc.c b/libavformat/movenc.c index dcc5581443..0cf837c9b1 100644 --- a/libavformat/movenc.c +++ b/libavformat/movenc.c @@ -206,7 +206,7 @@ static int mov_write_ac3_tag(AVIOContext *pb, MOVTrack *track) avio_wb32(pb, 11); ffio_wfourcc(pb, "dac3"); - init_get_bits(&gbc, track->vosData+4, track->vosLen-4); + init_get_bits(&gbc, track->vosData+4, (track->vosLen-4) * 8); fscod = get_bits(&gbc, 2); frmsizecod = get_bits(&gbc, 6); bsid = get_bits(&gbc, 5); From a3d471e500674c31fa4f52a62ef789d5e7fdbd3c Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sun, 11 Sep 2011 23:26:12 +0200 Subject: [PATCH 382/652] oggdec: fix out of bound write in the ogg demuxer Between ogg_save() and ogg_restore() calls, the number of streams could have been reduced. Signed-off-by: Luca Barbato (cherry picked from commit 0e7efb9d23c3641d50caa288818e8c27647ce74d) Signed-off-by: Anton Khirnov --- libavformat/oggdec.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/libavformat/oggdec.c b/libavformat/oggdec.c index 25f5cd8b2d..18201677b8 100644 --- a/libavformat/oggdec.c +++ b/libavformat/oggdec.c @@ -92,14 +92,24 @@ static int ogg_restore(AVFormatContext *s, int discard) ogg->state = ost->next; if (!discard){ + struct ogg_stream *old_streams = ogg->streams; + for (i = 0; i < ogg->nstreams; i++) av_free (ogg->streams[i].buf); avio_seek (bc, ost->pos, SEEK_SET); ogg->curidx = ost->curidx; ogg->nstreams = ost->nstreams; - memcpy(ogg->streams, ost->streams, - ost->nstreams * sizeof(*ogg->streams)); + ogg->streams = av_realloc (ogg->streams, + ogg->nstreams * sizeof (*ogg->streams)); + + if (ogg->streams) { + memcpy(ogg->streams, ost->streams, + ost->nstreams * sizeof(*ogg->streams)); + } else { + av_free(old_streams); + ogg->nstreams = 0; + } } av_free (ost); From 9973ca992e8499848b8d5b0b536e709109dc65e2 Mon Sep 17 00:00:00 2001 From: David Goldwich Date: Sat, 17 Sep 2011 13:50:35 +0200 Subject: [PATCH 383/652] lavf: Fix context pointer in av_open_input_stream when avformat_open_input fails Signed-off-by: David Goldwich Signed-off-by: Anton Khirnov (cherry picked from commit 63d64228a7f31d534e3bcae87cbd37f4a0ae2dd6) Signed-off-by: Anton Khirnov --- libavformat/utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index 2cb096e373..d9d154e3ab 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -469,8 +469,8 @@ int av_open_input_stream(AVFormatContext **ic_ptr, goto fail; ic->pb = ic->pb ? ic->pb : pb; // don't leak custom pb if it wasn't set above - *ic_ptr = ic; fail: + *ic_ptr = ic; av_dict_free(&opts); return err; } From 28d948ac44e38e8bec2f6268ccf4747ff4d992a9 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sun, 18 Sep 2011 00:03:08 +0200 Subject: [PATCH 384/652] rv10: Reject slices that does not have the same type as the first one MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This prevents crashes with some corrupted bitstreams. Signed-off-by: Martin Storsjö (cherry picked from commit 4a29b471869353c3077fb4b25b6518eb1047afb7) Signed-off-by: Anton Khirnov --- libavcodec/rv10.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/rv10.c b/libavcodec/rv10.c index 78f97b16b1..223500c356 100644 --- a/libavcodec/rv10.c +++ b/libavcodec/rv10.c @@ -543,6 +543,11 @@ static int rv10_decode_packet(AVCodecContext *avctx, if(MPV_frame_start(s, avctx) < 0) return -1; ff_er_frame_start(s); + } else { + if (s->current_picture_ptr->pict_type != s->pict_type) { + av_log(s->avctx, AV_LOG_ERROR, "Slice type mismatch\n"); + return -1; + } } av_dlog(avctx, "qscale=%d\n", s->qscale); From f0bcba238a540793adc514fb84e74282b04d2418 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 17 Sep 2011 23:43:58 +0200 Subject: [PATCH 385/652] rv34: Avoid NULL dereference on corrupted bitstream MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit rv34_decode_slice() can return without allocating any pictures. Signed-off-by: Martin Storsjö (cherry picked from commit d0f6ab0298f2309c6104626787ed73416298b019) Signed-off-by: Anton Khirnov --- libavcodec/rv34.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/rv34.c b/libavcodec/rv34.c index 910b933dd9..2383903625 100644 --- a/libavcodec/rv34.c +++ b/libavcodec/rv34.c @@ -1486,7 +1486,7 @@ int ff_rv34_decode_frame(AVCodecContext *avctx, break; } - if(last){ + if(last && s->current_picture_ptr){ if(r->loop_filter) r->loop_filter(r, s->mb_height - 1); ff_er_frame_end(s); From b4a1bf0bbf53cc6a736a608732b2ac1de5c2447b Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 17 Sep 2011 16:56:30 +0200 Subject: [PATCH 386/652] rv34: Fix potential overreads MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Storsjö (cherry picked from commit b4ed3d78cb6c41c9d3ee5918c326ab925edd6a89) Signed-off-by: Anton Khirnov --- libavcodec/rv34.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavcodec/rv34.c b/libavcodec/rv34.c index 2383903625..87fca5c23e 100644 --- a/libavcodec/rv34.c +++ b/libavcodec/rv34.c @@ -1436,6 +1436,7 @@ int ff_rv34_decode_frame(AVCodecContext *avctx, slice_count = (*buf++) + 1; slices_hdr = buf + 4; buf += 8 * slice_count; + buf_size -= 1 + 8 * slice_count; }else slice_count = avctx->slice_count; @@ -1454,7 +1455,7 @@ int ff_rv34_decode_frame(AVCodecContext *avctx, if( (avctx->skip_frame >= AVDISCARD_NONREF && si.type==AV_PICTURE_TYPE_B) || (avctx->skip_frame >= AVDISCARD_NONKEY && si.type!=AV_PICTURE_TYPE_I) || avctx->skip_frame >= AVDISCARD_ALL) - return buf_size; + return avpkt->size; for(i=0; icurrent_picture_ptr= NULL; //so we can detect if frame_end wasnt called (find some nicer solution...) } - return buf_size; + return avpkt->size; } av_cold int ff_rv34_decode_end(AVCodecContext *avctx) From 2bbb142a140173e1870017b66c439f4d430a6f67 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Mon, 19 Sep 2011 22:48:53 +0200 Subject: [PATCH 387/652] rv34: Check for invalid slice offsets MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Storsjö (cherry picked from commit 4cc7732386eb36661ed22d1200339b38a5fa60bc) Signed-off-by: Anton Khirnov --- libavcodec/rv34.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/libavcodec/rv34.c b/libavcodec/rv34.c index 87fca5c23e..70c35ef4ff 100644 --- a/libavcodec/rv34.c +++ b/libavcodec/rv34.c @@ -1441,8 +1441,9 @@ int ff_rv34_decode_frame(AVCodecContext *avctx, slice_count = avctx->slice_count; //parse first slice header to check whether this frame can be decoded - if(get_slice_offset(avctx, slices_hdr, 0) > buf_size){ - av_log(avctx, AV_LOG_ERROR, "Slice offset is greater than frame size\n"); + if(get_slice_offset(avctx, slices_hdr, 0) < 0 || + get_slice_offset(avctx, slices_hdr, 0) > buf_size){ + av_log(avctx, AV_LOG_ERROR, "Slice offset is invalid\n"); return -1; } init_get_bits(&s->gb, buf+get_slice_offset(avctx, slices_hdr, 0), (buf_size-get_slice_offset(avctx, slices_hdr, 0))*8); @@ -1465,8 +1466,8 @@ int ff_rv34_decode_frame(AVCodecContext *avctx, else size= get_slice_offset(avctx, slices_hdr, i+1) - offset; - if(offset > buf_size){ - av_log(avctx, AV_LOG_ERROR, "Slice offset is greater than frame size\n"); + if(offset < 0 || offset > buf_size || size < 0){ + av_log(avctx, AV_LOG_ERROR, "Slice offset is invalid\n"); break; } From ecda54a640a7de55274ad2a86d58d0b483097aac Mon Sep 17 00:00:00 2001 From: Mans Rullgard Date: Sun, 25 Sep 2011 12:53:44 +0100 Subject: [PATCH 388/652] ppc: fix 32-bit PIC build On 32-bit ppc, the GOT pointer must be loaded manually. This adds a "get_got" assembler macro to compute the GOT address. The "movrel" macro is updated to take an additional parameter containing the GOT address since no register is reserved for this purpose on ppc32. These changes have no effect on ppc64 builds. Signed-off-by: Mans Rullgard (cherry picked from commit 6e4a35ced96cdf31a9d3bd82fd147554750af839) Signed-off-by: Reinhard Tartler --- libavcodec/ppc/asm.S | 19 ++++++++++++++++--- libavcodec/ppc/fft_altivec_s.S | 7 ++++--- 2 files changed, 20 insertions(+), 6 deletions(-) diff --git a/libavcodec/ppc/asm.S b/libavcodec/ppc/asm.S index 5cbbf97b64..4d4285b6d3 100644 --- a/libavcodec/ppc/asm.S +++ b/libavcodec/ppc/asm.S @@ -44,10 +44,13 @@ X(\name): L(\name): .endm -.macro movrel rd, sym +.macro movrel rd, sym, gp ld \rd, \sym@got(r2) .endm +.macro get_got rd +.endm + #else /* ARCH_PPC64 */ #define PTR .int @@ -65,15 +68,25 @@ X(\name): \name: .endm -.macro movrel rd, sym +.macro movrel rd, sym, gp #if CONFIG_PIC - lwz \rd, \sym@got(r2) + lwz \rd, \sym@got(\gp) #else lis \rd, \sym@ha la \rd, \sym@l(\rd) #endif .endm +.macro get_got rd +#if CONFIG_PIC + bcl 20, 31, .Lgot\@ +.Lgot\@: + mflr \rd + addis \rd, \rd, _GLOBAL_OFFSET_TABLE_ - .Lgot\@@ha + addi \rd, \rd, _GLOBAL_OFFSET_TABLE_ - .Lgot\@@l +#endif +.endm + #endif /* ARCH_PPC64 */ #if HAVE_IBM_ASM diff --git a/libavcodec/ppc/fft_altivec_s.S b/libavcodec/ppc/fft_altivec_s.S index ab33900582..958d7df0ee 100644 --- a/libavcodec/ppc/fft_altivec_s.S +++ b/libavcodec/ppc/fft_altivec_s.S @@ -353,6 +353,7 @@ extfunc ff_fft_calc\interleave\()_altivec mflr r0 stp r0, 2*PS(r1) stpu r1, -(160+16*PS)(r1) + get_got r11 addi r6, r1, 16*PS stvm r6, v20, v21, v22, v23, v24, v25, v26, v27, v28, v29 mfvrsave r0 @@ -360,14 +361,14 @@ extfunc ff_fft_calc\interleave\()_altivec li r6, 0xfffffffc mtvrsave r6 - movrel r6, fft_data + movrel r6, fft_data, r11 lvm r6, v14, v15, v16, v17, v18, v19, v20, v21 lvm r6, v22, v23, v24, v25, v26, v27, v28, v29 li r9, 16 - movrel r12, X(ff_cos_tabs) + movrel r12, X(ff_cos_tabs), r11 - movrel r6, fft_dispatch_tab\interleave\()_altivec + movrel r6, fft_dispatch_tab\interleave\()_altivec, r11 lwz r3, 0(r3) subi r3, r3, 2 slwi r3, r3, 2+ARCH_PPC64 From dde0fb4aeaf855fc38fb002c23dbbeba06407a09 Mon Sep 17 00:00:00 2001 From: Mans Rullgard Date: Sun, 25 Sep 2011 18:27:47 +0100 Subject: [PATCH 389/652] ppc: fix some pointer to integer casts Use uintptr_t instead of plain int. Without this change, the comparisons will come out wrong for pointers in certain ranges. Fixes random failures on ppc64. Also fixes some compiler warnings. Signed-off-by: Mans Rullgard (cherry picked from commit d853e571ad5e7e12c6a68cfde390daced7d85fbb) Signed-off-by: Reinhard Tartler --- libswscale/ppc/swscale_altivec.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/libswscale/ppc/swscale_altivec.c b/libswscale/ppc/swscale_altivec.c index 42e965de95..4476e1cf67 100644 --- a/libswscale/ppc/swscale_altivec.c +++ b/libswscale/ppc/swscale_altivec.c @@ -36,13 +36,13 @@ altivec_packIntArrayToCharArray(int *val, uint8_t* dest, int dstW) register int i; vector unsigned int altivec_vectorShiftInt19 = vec_add(vec_splat_u32(10), vec_splat_u32(9)); - if ((unsigned int)dest % 16) { + if ((uintptr_t)dest % 16) { /* badly aligned store, we force store alignment */ /* and will handle load misalignment on val w/ vec_perm */ vector unsigned char perm1; vector signed int v1; for (i = 0 ; (i < dstW) && - (((unsigned int)dest + i) % 16) ; i++) { + (((uintptr_t)dest + i) % 16) ; i++) { int t = val[i] >> 19; dest[i] = (t < 0) ? 0 : ((t > 255) ? 255 : t); } @@ -251,7 +251,7 @@ static void hScale_altivec_real(int16_t *dst, int dstW, vector unsigned char src_v1, src_vF; vector signed short src_v, filter_v; vector signed int val_vEven, val_s; - if ((((int)src + srcPos)% 16) > 12) { + if ((((uintptr_t)src + srcPos) % 16) > 12) { src_v1 = vec_ld(srcPos + 16, src); } src_vF = vec_perm(src_v0, src_v1, vec_lvsl(srcPos, src)); @@ -290,7 +290,7 @@ static void hScale_altivec_real(int16_t *dst, int dstW, vector unsigned char src_v1, src_vF; vector signed short src_v, filter_v; vector signed int val_v, val_s; - if ((((int)src + srcPos)% 16) > 8) { + if ((((uintptr_t)src + srcPos) % 16) > 8) { src_v1 = vec_ld(srcPos + 16, src); } src_vF = vec_perm(src_v0, src_v1, vec_lvsl(srcPos, src)); @@ -376,7 +376,7 @@ static void hScale_altivec_real(int16_t *dst, int dstW, //vector unsigned char src_v0 = vec_ld(srcPos + j, src); vector unsigned char src_v1, src_vF; vector signed short src_v, filter_v1R, filter_v; - if ((((int)src + srcPos)% 16) > 8) { + if ((((uintptr_t)src + srcPos) % 16) > 8) { src_v1 = vec_ld(srcPos + j + 16, src); } src_vF = vec_perm(src_v0, src_v1, permS); From fed7f5b04f0ddde81fe1de1af725a63461a31f6f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 24 Sep 2011 18:57:31 +0300 Subject: [PATCH 390/652] flvdec: Check for overflow before allocating arrays MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On allocation, the array length is multiplied by sizeof(int64_t), this prevents the multiplication from overflowing. Signed-off-by: Martin Storsjö (cherry picked from commit a246cefa75aed2ade315d6d09068aacb6b0fe76b) Signed-off-by: Reinhard Tartler --- libavformat/flvdec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c index c6b386e28f..5f442f7265 100644 --- a/libavformat/flvdec.c +++ b/libavformat/flvdec.c @@ -147,6 +147,9 @@ static int parse_keyframes_index(AVFormatContext *s, AVIOContext *ioc, AVStream break; arraylen = avio_rb32(ioc); + if (arraylen >> 28) + break; + /* * Expect only 'times' or 'filepositions' sub-arrays in other case refuse to use such metadata * for indexing From 42c8fdb943b210b2f79e2510a91ca0f542c9bad0 Mon Sep 17 00:00:00 2001 From: Sascha Sommer Date: Sat, 24 Sep 2011 20:56:41 +0200 Subject: [PATCH 391/652] Fix segfault in save_bits: use put_bits_count to get the buffer fill state instead of num_saved_bits as num_saved_bits is sometimes reset when frames are lost (Ticket 495) (cherry picked from commit 780d45473c32fa356c8ce385c3ea4692567c3228) Signed-off-by: Michael Niedermayer (cherry picked from commit 4f6187c7356111540024901932294e9807061dd0) --- libavcodec/wmaprodec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/wmaprodec.c b/libavcodec/wmaprodec.c index e1d942dca2..b0b98f1d98 100644 --- a/libavcodec/wmaprodec.c +++ b/libavcodec/wmaprodec.c @@ -1436,7 +1436,7 @@ static void save_bits(WMAProDecodeCtx *s, GetBitContext* gb, int len, init_put_bits(&s->pb, s->frame_data, MAX_FRAMESIZE); } - buflen = (s->num_saved_bits + len + 8) >> 3; + buflen = (put_bits_count(&s->pb) + len + 8) >> 3; if (len <= 0 || buflen > MAX_FRAMESIZE) { av_log_ask_for_sample(s->avctx, "input buffer too small\n"); From 9960710b872e2d1c7d9d8730c4b6ca2c2cdf183e Mon Sep 17 00:00:00 2001 From: Sascha Sommer Date: Sat, 24 Sep 2011 20:56:41 +0200 Subject: [PATCH 392/652] Fix segfault in save_bits: use put_bits_count to get the buffer fill state instead of num_saved_bits as num_saved_bits is sometimes reset when frames are lost (Ticket 495) (cherry picked from commit 780d45473c32fa356c8ce385c3ea4692567c3228) Signed-off-by: Michael Niedermayer (cherry picked from commit 4f6187c7356111540024901932294e9807061dd0) --- libavcodec/wmaprodec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/wmaprodec.c b/libavcodec/wmaprodec.c index e1d942dca2..b0b98f1d98 100644 --- a/libavcodec/wmaprodec.c +++ b/libavcodec/wmaprodec.c @@ -1436,7 +1436,7 @@ static void save_bits(WMAProDecodeCtx *s, GetBitContext* gb, int len, init_put_bits(&s->pb, s->frame_data, MAX_FRAMESIZE); } - buflen = (s->num_saved_bits + len + 8) >> 3; + buflen = (put_bits_count(&s->pb) + len + 8) >> 3; if (len <= 0 || buflen > MAX_FRAMESIZE) { av_log_ask_for_sample(s->avctx, "input buffer too small\n"); From ad47a5ec854d2ec6e451690622a3484010094aa2 Mon Sep 17 00:00:00 2001 From: Anton Khirnov Date: Fri, 16 Sep 2011 16:06:45 +0200 Subject: [PATCH 393/652] movenc: create an alternate group for each media type Partially fixes bug 44. (cherry picked from commit 7574cacbd5343bc303ee8333956274716e2444d5) Signed-off-by: Reinhard Tartler --- libavformat/movenc.c | 3 ++- tests/ref/acodec/alac | 2 +- tests/ref/acodec/pcm | 8 ++++---- tests/ref/lavf/mov | 2 +- 4 files changed, 8 insertions(+), 7 deletions(-) diff --git a/libavformat/movenc.c b/libavformat/movenc.c index 0cf837c9b1..5d9d3d1bfe 100644 --- a/libavformat/movenc.c +++ b/libavformat/movenc.c @@ -1214,7 +1214,8 @@ static int mov_write_tkhd_tag(AVIOContext *pb, MOVTrack *track, AVStream *st) avio_wb32(pb, 0); /* reserved */ avio_wb32(pb, 0); /* reserved */ - avio_wb32(pb, 0x0); /* reserved (Layer & Alternate group) */ + avio_wb16(pb, 0); /* layer */ + avio_wb16(pb, st->codec->codec_type); /* alternate group) */ /* Volume, only for audio */ if(track->enc->codec_type == AVMEDIA_TYPE_AUDIO) avio_wb16(pb, 0x0100); diff --git a/tests/ref/acodec/alac b/tests/ref/acodec/alac index 1f4b264b87..35a1d8e1bf 100644 --- a/tests/ref/acodec/alac +++ b/tests/ref/acodec/alac @@ -1,4 +1,4 @@ -c68f649777ab8e7c9a0f1f221451d3ad *./tests/data/acodec/alac.m4a +b25bcc7ec3f5c19cdfc01a6bbd32edb8 *./tests/data/acodec/alac.m4a 389386 ./tests/data/acodec/alac.m4a 95e54b261530a1bcf6de6fe3b21dc5f6 *./tests/data/alac.acodec.out.wav stddev: 0.00 PSNR:999.99 MAXDIFF: 0 bytes: 1058400/ 1058400 diff --git a/tests/ref/acodec/pcm b/tests/ref/acodec/pcm index 033f8bc8c6..fc9dd8f29d 100644 --- a/tests/ref/acodec/pcm +++ b/tests/ref/acodec/pcm @@ -6,7 +6,7 @@ f443a8eeb1647ec1eeb8370c939e52d4 *./tests/data/acodec/pcm_mulaw.wav 529256 ./tests/data/acodec/pcm_mulaw.wav 1c3eeaa8814ebd4916780dff80ed6dc5 *./tests/data/pcm.acodec.out.wav stddev: 103.38 PSNR: 56.04 MAXDIFF: 644 bytes: 1058400/ 1058400 -b7936d7170e0efefb379349d81aed360 *./tests/data/acodec/pcm_s8.mov +760f85fb9f4e8aba326fb44ae84c9507 *./tests/data/acodec/pcm_s8.mov 530837 ./tests/data/acodec/pcm_s8.mov 652edf30f35ad89bf27bcc9d2f9c7b53 *./tests/data/pcm.acodec.out.wav stddev: 147.89 PSNR: 52.93 MAXDIFF: 255 bytes: 1058400/ 1058400 @@ -14,7 +14,7 @@ stddev: 147.89 PSNR: 52.93 MAXDIFF: 255 bytes: 1058400/ 1058400 529244 ./tests/data/acodec/pcm_u8.wav 652edf30f35ad89bf27bcc9d2f9c7b53 *./tests/data/pcm.acodec.out.wav stddev: 147.89 PSNR: 52.93 MAXDIFF: 255 bytes: 1058400/ 1058400 -c42b9c04305455250366c84e17c1023f *./tests/data/acodec/pcm_s16be.mov +a4e18d1ca9ef5b8132a84d43625ddc47 *./tests/data/acodec/pcm_s16be.mov 1060037 ./tests/data/acodec/pcm_s16be.mov 95e54b261530a1bcf6de6fe3b21dc5f6 *./tests/data/pcm.acodec.out.wav stddev: 0.00 PSNR:999.99 MAXDIFF: 0 bytes: 1058400/ 1058400 @@ -30,7 +30,7 @@ c4f51bf32fad2f7af8ea5beedb56168b *./tests/data/acodec/pcm_s16le.mkv 1060638 ./tests/data/acodec/pcm_s16le.mkv 95e54b261530a1bcf6de6fe3b21dc5f6 *./tests/data/pcm.acodec.out.wav stddev: 0.00 PSNR:999.99 MAXDIFF: 0 bytes: 1058400/ 1058400 -07ffe7ffb78f3648b6524debdde5aec1 *./tests/data/acodec/pcm_s24be.mov +971d2d2633e41a0326fe2d04a2d0350f *./tests/data/acodec/pcm_s24be.mov 1589237 ./tests/data/acodec/pcm_s24be.mov 95e54b261530a1bcf6de6fe3b21dc5f6 *./tests/data/pcm.acodec.out.wav stddev: 0.00 PSNR:999.99 MAXDIFF: 0 bytes: 1058400/ 1058400 @@ -38,7 +38,7 @@ a85380fb79b0d4fff38e24ac1e34bb94 *./tests/data/acodec/pcm_s24le.wav 1587668 ./tests/data/acodec/pcm_s24le.wav 95e54b261530a1bcf6de6fe3b21dc5f6 *./tests/data/pcm.acodec.out.wav stddev: 0.00 PSNR:999.99 MAXDIFF: 0 bytes: 1058400/ 1058400 -d7792f0343cd66fda8b50b569e2bcc48 *./tests/data/acodec/pcm_s32be.mov +fc4f4e3e195bbde037ed31021d229f12 *./tests/data/acodec/pcm_s32be.mov 2118437 ./tests/data/acodec/pcm_s32be.mov 95e54b261530a1bcf6de6fe3b21dc5f6 *./tests/data/pcm.acodec.out.wav stddev: 0.00 PSNR:999.99 MAXDIFF: 0 bytes: 1058400/ 1058400 diff --git a/tests/ref/lavf/mov b/tests/ref/lavf/mov index 22aac3600e..07404aa862 100644 --- a/tests/ref/lavf/mov +++ b/tests/ref/lavf/mov @@ -1,3 +1,3 @@ -439684b82ccc1fdd24a23392c238ae53 *./tests/data/lavf/lavf.mov +4a3ad13f0355cb5d119109778d555207 *./tests/data/lavf/lavf.mov 357681 ./tests/data/lavf/lavf.mov ./tests/data/lavf/lavf.mov CRC=0x2f6a9b26 From 9f9b731a3a2f873b3fb1e4f52e181a43fab6b89b Mon Sep 17 00:00:00 2001 From: Anton Khirnov Date: Mon, 19 Sep 2011 15:15:56 +0200 Subject: [PATCH 394/652] movenc: fix NULL reference in mov_write_tkhd_tag st may be NULL when there are more mov streams than AVStreams, e.g. when chapters are present. (cherry picked from commit c92a2a4eb8b883e82871c2415f757153d263b6b3) Signed-off-by: Reinhard Tartler --- libavformat/movenc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/movenc.c b/libavformat/movenc.c index 5d9d3d1bfe..b171c2dc14 100644 --- a/libavformat/movenc.c +++ b/libavformat/movenc.c @@ -1215,7 +1215,7 @@ static int mov_write_tkhd_tag(AVIOContext *pb, MOVTrack *track, AVStream *st) avio_wb32(pb, 0); /* reserved */ avio_wb32(pb, 0); /* reserved */ avio_wb16(pb, 0); /* layer */ - avio_wb16(pb, st->codec->codec_type); /* alternate group) */ + avio_wb16(pb, st ? st->codec->codec_type : 0); /* alternate group) */ /* Volume, only for audio */ if(track->enc->codec_type == AVMEDIA_TYPE_AUDIO) avio_wb16(pb, 0x0100); From a2443e89d740204c960da0d29c979a9283071a65 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 28 Jul 2011 14:59:54 +0200 Subject: [PATCH 395/652] Fix memory (re)allocation in matroskadec.c, related to MSVR-11-0080. Whitespace of the patch cleaned up by Aurel Some of the issues have been reported by Steve Manzuik / Microsoft Vulnerability Research (MSVR) Signed-off-by: Michael Niedermayer (cherry picked from commit 956c901c68eff78288f40e3c8f41ee2fa081d4a8) Further suggestions from Kostya have been implemented by Reinhard Tartler (cherry picked from commit 77d2ef13a8fa630e5081f14bde3fd20f84c90aec) Signed-off-by: Reinhard Tartler --- libavformat/matroskadec.c | 37 +++++++++++++++++++++++++++++-------- 1 file changed, 29 insertions(+), 8 deletions(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index f74f76cb8a..59dce4f59f 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -798,11 +798,15 @@ static int ebml_parse_elem(MatroskaDemuxContext *matroska, uint32_t id = syntax->id; uint64_t length; int res; + void *newelem; data = (char *)data + syntax->data_offset; if (syntax->list_elem_size) { EbmlList *list = data; - list->elem = av_realloc(list->elem, (list->nb_elem+1)*syntax->list_elem_size); + newelem = av_realloc(list->elem, (list->nb_elem+1)*syntax->list_elem_size); + if (!newelem) + return AVERROR(ENOMEM); + list->elem = newelem; data = (char*)list->elem + list->nb_elem*syntax->list_elem_size; memset(data, 0, syntax->list_elem_size); list->nb_elem++; @@ -932,6 +936,7 @@ static int matroska_decode_buffer(uint8_t** buf, int* buf_size, uint8_t* data = *buf; int isize = *buf_size; uint8_t* pkt_data = NULL; + uint8_t* newpktdata; int pkt_size = isize; int result = 0; int olen; @@ -961,7 +966,12 @@ static int matroska_decode_buffer(uint8_t** buf, int* buf_size, zstream.avail_in = isize; do { pkt_size *= 3; - pkt_data = av_realloc(pkt_data, pkt_size); + newpktdata = av_realloc(pkt_data, pkt_size); + if (!newpktdata) { + inflateEnd(&zstream); + goto failed; + } + pkt_data = newpktdata; zstream.avail_out = pkt_size - zstream.total_out; zstream.next_out = pkt_data + zstream.total_out; result = inflate(&zstream, Z_NO_FLUSH); @@ -982,7 +992,12 @@ static int matroska_decode_buffer(uint8_t** buf, int* buf_size, bzstream.avail_in = isize; do { pkt_size *= 3; - pkt_data = av_realloc(pkt_data, pkt_size); + newpktdata = av_realloc(pkt_data, pkt_size); + if (!newpktdata) { + BZ2_bzDecompressEnd(&bzstream); + goto failed; + } + pkt_data = newpktdata; bzstream.avail_out = pkt_size - bzstream.total_out_lo32; bzstream.next_out = pkt_data + bzstream.total_out_lo32; result = BZ2_bzDecompress(&bzstream); @@ -1037,13 +1052,17 @@ static void matroska_fix_ass_packet(MatroskaDemuxContext *matroska, } } -static void matroska_merge_packets(AVPacket *out, AVPacket *in) +static int matroska_merge_packets(AVPacket *out, AVPacket *in) { - out->data = av_realloc(out->data, out->size+in->size); + void *newdata = av_realloc(out->data, out->size+in->size); + if (!newdata) + return AVERROR(ENOMEM); + out->data = newdata; memcpy(out->data+out->size, in->data, in->size); out->size += in->size; av_destruct_packet(in); av_free(in); + return 0; } static void matroska_convert_tag(AVFormatContext *s, EbmlList *list, @@ -1568,11 +1587,13 @@ static int matroska_deliver_packet(MatroskaDemuxContext *matroska, memcpy(pkt, matroska->packets[0], sizeof(AVPacket)); av_free(matroska->packets[0]); if (matroska->num_packets > 1) { + void *newpackets; memmove(&matroska->packets[0], &matroska->packets[1], (matroska->num_packets - 1) * sizeof(AVPacket *)); - matroska->packets = - av_realloc(matroska->packets, (matroska->num_packets - 1) * - sizeof(AVPacket *)); + newpackets = av_realloc(matroska->packets, + (matroska->num_packets - 1) * sizeof(AVPacket *)); + if (newpackets) + matroska->packets = newpackets; } else { av_freep(&matroska->packets); } From be9183de2ec54aab2f3e613b53ead369b6cf22fe Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 28 Sep 2011 22:22:56 +0200 Subject: [PATCH 396/652] h264: More correct ref_count check in decode_slice_header() Signed-off-by: Michael Niedermayer (cherry picked from commit dc9ce40069bde3d28f8d0b3e5bd733ae255fecb5) --- libavcodec/h264.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index f227ddfedf..b844c38b56 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -2872,6 +2872,7 @@ static int decode_slice_header(H264Context *h, H264Context *h0){ h->ref_count[1]= h->pps.ref_count[1]; if(h->slice_type_nos != AV_PICTURE_TYPE_I){ + unsigned max= (16<<(s->picture_structure != PICT_FRAME))-1; if(h->slice_type_nos == AV_PICTURE_TYPE_B){ h->direct_spatial_mv_pred= get_bits1(&s->gb); } @@ -2882,11 +2883,11 @@ static int decode_slice_header(H264Context *h, H264Context *h0){ if(h->slice_type_nos==AV_PICTURE_TYPE_B) h->ref_count[1]= get_ue_golomb(&s->gb) + 1; - if(h->ref_count[0]-1 > 32-1 || h->ref_count[1]-1 > 32-1){ - av_log(h->s.avctx, AV_LOG_ERROR, "reference overflow\n"); - h->ref_count[0]= h->ref_count[1]= 1; - return -1; - } + } + if(h->ref_count[0]-1 > max || h->ref_count[1]-1 > max){ + av_log(h->s.avctx, AV_LOG_ERROR, "reference overflow\n"); + h->ref_count[0]= h->ref_count[1]= 1; + return -1; } if(h->slice_type_nos == AV_PICTURE_TYPE_B) h->list_count= 2; From ceede3a802478b6cf0c1cd7d54b76b4af8d00d56 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 28 Sep 2011 22:24:05 +0200 Subject: [PATCH 397/652] h264: fix FIXME and use list_count in ff_h264_fill_mbaff_ref_list() Signed-off-by: Michael Niedermayer (cherry picked from commit 237d31e0b98b95eef687e612177ca3ea24b709fc) --- libavcodec/h264_refs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h264_refs.c b/libavcodec/h264_refs.c index 83a5564e4c..063ac97955 100644 --- a/libavcodec/h264_refs.c +++ b/libavcodec/h264_refs.c @@ -301,7 +301,7 @@ int ff_h264_decode_ref_pic_list_reordering(H264Context *h){ void ff_h264_fill_mbaff_ref_list(H264Context *h){ int list, i, j; - for(list=0; list<2; list++){ //FIXME try list_count + for(list=0; listlist_count; list++){ for(i=0; iref_count[list]; i++){ Picture *frame = &h->ref_list[list][i]; Picture *field = &h->ref_list[list][16+2*i]; From 783f45de4f3ee03a661c7d1479fe1b513bc0a863 Mon Sep 17 00:00:00 2001 From: Mans Rullgard Date: Sun, 17 Jul 2011 15:40:05 +0100 Subject: [PATCH 398/652] fate: separate lavf-mxf_d10 test from lavf-mxf Signed-off-by: Mans Rullgard (cherry picked from commit 0218808d4980b794c78f57931d671508aed500b5) required to unbreak fate with --disable-avfilter Signed-off-by: Reinhard Tartler --- configure | 2 +- tests/lavf-regression.sh | 3 +++ tests/ref/lavf/mxf | 3 --- tests/ref/lavf/mxf_d10 | 3 +++ 4 files changed, 7 insertions(+), 4 deletions(-) create mode 100644 tests/ref/lavf/mxf_d10 diff --git a/configure b/configure index b6e2ff964b..981b0fdffb 100755 --- a/configure +++ b/configure @@ -1576,7 +1576,7 @@ test_deps _muxer _demuxer \ mmf \ mov \ pcm_mulaw=mulaw \ - mxf \ + mxf="mxf mxf_d10" \ nut \ ogg \ rawvideo=pixfmt \ diff --git a/tests/lavf-regression.sh b/tests/lavf-regression.sh index 39e752b3c6..07dedb2ef2 100755 --- a/tests/lavf-regression.sh +++ b/tests/lavf-regression.sh @@ -66,6 +66,9 @@ fi if [ -n "$do_mxf" ] ; then do_lavf mxf "-ar 48000 -bf 2 -timecode_frame_start 264363" +fi + +if [ -n "$do_mxf_d10" ]; then do_lavf mxf_d10 "-ar 48000 -ac 2 -r 25 -s 720x576 -vf pad=720:608:0:32 -vcodec mpeg2video -intra -flags +ildct+low_delay -dc 10 -flags2 +ivlc+non_linear_q -qscale 1 -ps 1 -qmin 1 -rc_max_vbv_use 1 -rc_min_vbv_use 1 -pix_fmt yuv422p -minrate 30000k -maxrate 30000k -b 30000k -bufsize 1200000 -top 1 -rc_init_occupancy 1200000 -qmax 12 -f mxf_d10" fi diff --git a/tests/ref/lavf/mxf b/tests/ref/lavf/mxf index d4bbe2f25e..b5aea3c17e 100644 --- a/tests/ref/lavf/mxf +++ b/tests/ref/lavf/mxf @@ -1,6 +1,3 @@ 6e9bd63c5cadd7550ad313553ebf665f *./tests/data/lavf/lavf.mxf 525881 ./tests/data/lavf/lavf.mxf ./tests/data/lavf/lavf.mxf CRC=0x4ace0849 -e7168856f2b54c6272685967e707fb21 *./tests/data/lavf/lavf.mxf_d10 -5330989 ./tests/data/lavf/lavf.mxf_d10 -./tests/data/lavf/lavf.mxf_d10 CRC=0xc3f4f92e diff --git a/tests/ref/lavf/mxf_d10 b/tests/ref/lavf/mxf_d10 new file mode 100644 index 0000000000..f59a99ee0f --- /dev/null +++ b/tests/ref/lavf/mxf_d10 @@ -0,0 +1,3 @@ +e7168856f2b54c6272685967e707fb21 *./tests/data/lavf/lavf.mxf_d10 +5330989 ./tests/data/lavf/lavf.mxf_d10 +./tests/data/lavf/lavf.mxf_d10 CRC=0xc3f4f92e From 9bb7a128a34fb5e4abcd265e5dfcb61787ad2f0f Mon Sep 17 00:00:00 2001 From: Reinhard Tartler Date: Wed, 28 Sep 2011 00:50:08 +0200 Subject: [PATCH 399/652] fate: allow testing with libavfilter disabled This declares dependencies to skip tests using libavfilter when it is disabled. Signed-off-by: Mans Rullgard (cherry picked from commit 908f12f342341785bf0458e88a06d97a1af90339) Conflicts: configure tests/Makefile tests/fate.mak Signed-off-by: Reinhard Tartler --- Makefile | 7 +++++-- configure | 5 ++++- tests/fate.mak | 2 +- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index d6bae7680b..d29872f277 100644 --- a/Makefile +++ b/Makefile @@ -252,9 +252,12 @@ FATE_SEEK = $(SEEK_TESTS:seek_%=fate-seek-%) FATE = $(FATE_ACODEC) \ $(FATE_VCODEC) \ $(FATE_LAVF) \ - $(FATE_LAVFI) \ $(FATE_SEEK) \ +FATE-$(CONFIG_AVFILTER) += $(FATE_LAVFI) + +FATE += $(FATE-yes) + $(filter-out %-aref,$(FATE_ACODEC)): $(AREF) $(filter-out %-vref,$(FATE_VCODEC)): $(VREF) $(FATE_LAVF): $(REFS) @@ -276,7 +279,7 @@ fate-lavfi: $(FATE_LAVFI) fate-seek: $(FATE_SEEK) ifdef SAMPLES -FATE += $(FATE_TESTS) +FATE += $(FATE_TESTS) $(FATE_TESTS-yes) fate-rsync: rsync -vaLW rsync://fate-suite.libav.org/fate-suite/ $(SAMPLES) else diff --git a/configure b/configure index 981b0fdffb..f4c327439a 100755 --- a/configure +++ b/configure @@ -1504,7 +1504,7 @@ test_deps(){ dep=${v%=*} tests=${v#*=} for name in ${tests}; do - eval ${name}_test_deps="'${dep}$suf1 ${dep}$suf2'" + append ${name}_test_deps ${dep}$suf1 ${dep}$suf2 done done } @@ -1514,6 +1514,9 @@ set_ne_test_deps(){ eval ${1}_le_test_deps="!bigendian" } +mxf_d10_test_deps="avfilter" +seek_lavf_mxf_d10_test_deps="mxf_d10_test" + test_deps _encoder _decoder \ adpcm_g726=g726 \ adpcm_ima_qt \ diff --git a/tests/fate.mak b/tests/fate.mak index 0e3331178b..cf6c44e8e4 100644 --- a/tests/fate.mak +++ b/tests/fate.mak @@ -128,7 +128,7 @@ FATE_TESTS += fate-id-cin-video fate-id-cin-video: CMD = framecrc -i $(SAMPLES)/idcin/idlog-2MB.cin -pix_fmt rgb24 FATE_TESTS += fate-idroq-video-dpcm fate-idroq-video-dpcm: CMD = framecrc -i $(SAMPLES)/idroq/idlogo.roq -FATE_TESTS += fate-idroq-video-encode +FATE_TESTS-$(CONFIG_AVFILTER) += fate-idroq-video-encode fate-idroq-video-encode: CMD = md5 -t 0.2 -f image2 -vcodec pgmyuv -i $(SAMPLES)/ffmpeg-synthetic/vsynth1/%02d.pgm -sws_flags +bitexact -vf pad=512:512:80:112 -f RoQ FATE_TESTS += fate-iff-byterun1 fate-iff-byterun1: CMD = framecrc -i $(SAMPLES)/iff/ASH.LBM -pix_fmt rgb24 From e257eebd17fbb7e880cfdde8a80c089434b6cf1f Mon Sep 17 00:00:00 2001 From: Mans Rullgard Date: Sun, 17 Jul 2011 16:02:33 +0100 Subject: [PATCH 400/652] lavf: do not set codec_tag for rawvideo If the demuxer did not set a codec_tag, there is none and inventing one makes no sense. This change stops the rawvideo "decoder" over-writing user-supplied pixfmt with one derived from the codec_tag. The pixfmt-codec_tag-pixfmt round-trip is lossy since several pixfmts map to the same codec_tag. This fixes fate-lavf-pixfmt with avfilter disabled. Signed-off-by: Mans Rullgard (cherry picked from commit bb416bd68ca46b4a3f1901533064d56a6b8ac95e) Signed-off-by: Reinhard Tartler --- libavformat/utils.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index d9d154e3ab..e3c7d4aa84 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -2405,9 +2405,6 @@ int av_find_stream_info(AVFormatContext *ic) (st->codec_info_nb_frames-2)*(int64_t)st->time_base.den, st->info->codec_info_duration*(int64_t)st->time_base.num, 60000); if (st->codec->codec_type == AVMEDIA_TYPE_VIDEO) { - if(st->codec->codec_id == CODEC_ID_RAWVIDEO && !st->codec->codec_tag && !st->codec->bits_per_coded_sample) - st->codec->codec_tag= avcodec_pix_fmt_to_codec_tag(st->codec->pix_fmt); - // the check for tb_unreliable() is not completely correct, since this is not about handling // a unreliable/inexact time base, but a time base that is finer than necessary, as e.g. // ipmovie.c produces. From 35feff418aabd9964509e2c718c65314606545e3 Mon Sep 17 00:00:00 2001 From: Reinhard Tartler Date: Fri, 30 Sep 2011 15:44:19 +0200 Subject: [PATCH 401/652] Update RELEASE file for 0.7.2 --- RELEASE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/RELEASE b/RELEASE index 39e898a4f9..7486fdbc50 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -0.7.1 +0.7.2 From 58decdb639e8582063807b5ddfb86dada6731f74 Mon Sep 17 00:00:00 2001 From: Reinhard Tartler Date: Fri, 30 Sep 2011 18:14:12 +0200 Subject: [PATCH 402/652] Update Changelog for 0.7.2 release --- Changelog | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/Changelog b/Changelog index 1598336e55..ab02a02bf5 100644 --- a/Changelog +++ b/Changelog @@ -1,6 +1,48 @@ Entries are sorted chronologically from oldest to youngest within each release, releases are sorted from youngest to oldest. +version 0.7.2: + +- check buffer and input values in various parts of the code: + H.264, VC-1, APE, FLV, Indeo 2, XAN, Ogg, MXF, wavpack, ffv1, MOV, + cavs (OCERT-2011-002, CVE-2011-3362), Smacker, cpu detection, lavf, + Matroska (CVE-2011-3504), RV10, RV30/RV40 +- memory leaks: vf_scale, eval + +- ARM: workaround for bug in GNU assembler +- AVOptions: fix av_set_string3() doxy to match reality. (Bug #28) +- Reintroduce AVInputStream.nb_streams to avoid crashes +- aac: Only output configure if audio was found +- aac: Remove some suspicious illegal memcpy()s from LTP +- aacps: skip some memcpy() if src and dst would be equal +- adts: fix PCE copying +- alsa: fallback to buffer_size/4 for period_size +- alsa: limit buffer_size to 32768 frames +- cljr, indeo2: init_get_bits size in bits instead of bytes +- configure: add missing CFLAGS to fix building on the HURD +- dca: set AVCodecContext frame_size for DTS audio +- fate: allow testing with libavfilter disabled +- gxf: fix 25 fps DV material in GXF being misdetected as 50 fps +- h264: correct implicit weight table computation for long ref pics +- h264: correct the check for invalid long term frame index in MMCO decode +- h264: fix PCM intra-coded blocks in monochrome case +- jpegdec: actually search for and parse RSTn +- lavc: fix type for thread_type option +- lavf: fix context pointer in av_open_input_stream when avformat_open_input fails +- lavf: do not set codec_tag for rawvideo +- libx264: do not set pic quality if no frame is output +- movenc: create an alternate group for each media type +- mpegts: fix Continuity Counter error detection +- mxfenc: fix ignored drop flag in binary timecode representation +- fix crashes in 32-bit PIC builds (cf e.g. http://bugs.debian.org/639948) +- ppc64: fix cast related random failures +- riff: Add mpgv MPEG-2 fourcc +- swscale: don't use planar output functions to write to NV12/21 +- vc1: properly zero coded_block[] edges on new slice entry +- vp3/theora: flush after seek + +- various bug other fixes + version 0.7.1: @@ -16,6 +58,7 @@ version 0.7.1: - ffmpeg: fix operation with --disable-avfilter - fixed integer underflow in matroska decoder + version 0.7: - E-AC-3 audio encoder From e62ca1ab74a959584db80f42b49f708257abbdcb Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 1 Oct 2011 00:58:01 +0200 Subject: [PATCH 403/652] mpegvideo: increase emu edge buffer size This fixes a crash with 422 H.264 Signed-off-by: Michael Niedermayer (cherry picked from commit 7322483d72d4abefae9f5c08c611f521de7236a5) --- libavcodec/mpegvideo.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/mpegvideo.c b/libavcodec/mpegvideo.c index d819cc083f..a505b9071c 100644 --- a/libavcodec/mpegvideo.c +++ b/libavcodec/mpegvideo.c @@ -366,8 +366,8 @@ static int init_duplicate_context(MpegEncContext *s, MpegEncContext *base){ int i; // edge emu needs blocksize + filter length - 1 (=17x17 for halfpel / 21x21 for h264) - FF_ALLOCZ_OR_GOTO(s->avctx, s->allocated_edge_emu_buffer, (s->width+64)*2*21*2, fail); //(width + edge + align)*interlaced*MBsize*tolerance - s->edge_emu_buffer= s->allocated_edge_emu_buffer + (s->width+64)*2*21; + FF_ALLOCZ_OR_GOTO(s->avctx, s->allocated_edge_emu_buffer, (s->width+64)*2*21*2*2, fail); //(width + edge + align)*interlaced*MBsize*tolerance + s->edge_emu_buffer= s->allocated_edge_emu_buffer + (s->width+64)*2*21*2; //FIXME should be linesize instead of s->width*2 but that is not known before get_buffer() FF_ALLOCZ_OR_GOTO(s->avctx, s->me.scratchpad, (s->width+64)*4*16*2*sizeof(uint8_t), fail) From 4d36f7cf88ccb869c2febb50c6f42d7a722a6d4f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 1 Oct 2011 01:29:30 +0200 Subject: [PATCH 404/652] avformat_free_context: favor av_freep() Signed-off-by: Michael Niedermayer (cherry picked from commit 2a93f28a4b6eef8b93046e0b4e3225f2ff1e7324) --- libavformat/utils.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index 6f108fb7dd..40f0089c77 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -2659,13 +2659,13 @@ void avformat_free_context(AVFormatContext *s) av_free_packet(&st->cur_pkt); } av_dict_free(&st->metadata); - av_free(st->index_entries); - av_free(st->codec->extradata); - av_free(st->codec->subtitle_header); - av_free(st->codec); - av_free(st->priv_data); - av_free(st->info); - av_free(st); + av_freep(&st->index_entries); + av_freep(&st->codec->extradata); + av_freep(&st->codec->subtitle_header); + av_freep(&st->codec); + av_freep(&st->priv_data); + av_freep(&st->info); + av_freep(&st); } for(i=s->nb_programs-1; i>=0; i--) { av_dict_free(&s->programs[i]->metadata); @@ -2676,7 +2676,7 @@ void avformat_free_context(AVFormatContext *s) av_freep(&s->priv_data); while(s->nb_chapters--) { av_dict_free(&s->chapters[s->nb_chapters]->metadata); - av_free(s->chapters[s->nb_chapters]); + av_freep(&s->chapters[s->nb_chapters]); } av_freep(&s->chapters); av_dict_free(&s->metadata); From a0acc9eff642de0f3d247a728deb320fd4cbb75f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 22 Sep 2011 14:08:39 +0200 Subject: [PATCH 405/652] mpeg4videoenc: guess a good aspect when we cant store the exact one. Signed-off-by: Michael Niedermayer (cherry picked from commit 394781a89706479aa56749a9d69c4e74b398dd71) --- libavcodec/mpegvideo_enc.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavcodec/mpegvideo_enc.c b/libavcodec/mpegvideo_enc.c index a6e9c7c7be..d13534d4f8 100644 --- a/libavcodec/mpegvideo_enc.c +++ b/libavcodec/mpegvideo_enc.c @@ -411,8 +411,10 @@ av_cold int MPV_encode_init(AVCodecContext *avctx) if ((s->codec_id == CODEC_ID_MPEG4 || s->codec_id == CODEC_ID_H263 || s->codec_id == CODEC_ID_H263P) && (avctx->sample_aspect_ratio.num > 255 || avctx->sample_aspect_ratio.den > 255)) { - av_log(avctx, AV_LOG_ERROR, "Invalid pixel aspect ratio %i/%i, limit is 255/255\n", + av_log(avctx, AV_LOG_WARNING, "Invalid pixel aspect ratio %i/%i, limit is 255/255 reducing\n", avctx->sample_aspect_ratio.num, avctx->sample_aspect_ratio.den); + av_reduce(&avctx->sample_aspect_ratio.num, &avctx->sample_aspect_ratio.den, + avctx->sample_aspect_ratio.num, avctx->sample_aspect_ratio.den, 255); return -1; } From 0d68a6f72d8c2ff02ad3f83522ad17123bf1c4e5 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 22 Sep 2011 18:16:57 +0200 Subject: [PATCH 406/652] mpeg4videoenc: remove forgotten return -1 Signed-off-by: Michael Niedermayer (cherry picked from commit f9bb7395a10ae44eb0f0f3f070f23124dfaee06e) --- libavcodec/mpegvideo_enc.c | 1 - 1 file changed, 1 deletion(-) diff --git a/libavcodec/mpegvideo_enc.c b/libavcodec/mpegvideo_enc.c index d13534d4f8..3c92aa93f4 100644 --- a/libavcodec/mpegvideo_enc.c +++ b/libavcodec/mpegvideo_enc.c @@ -415,7 +415,6 @@ av_cold int MPV_encode_init(AVCodecContext *avctx) avctx->sample_aspect_ratio.num, avctx->sample_aspect_ratio.den); av_reduce(&avctx->sample_aspect_ratio.num, &avctx->sample_aspect_ratio.den, avctx->sample_aspect_ratio.num, avctx->sample_aspect_ratio.den, 255); - return -1; } if((s->flags & (CODEC_FLAG_INTERLACED_DCT|CODEC_FLAG_INTERLACED_ME|CODEC_FLAG_ALT_SCAN)) From 3aad92f3e649dcc4f92c805291afb128c663efd3 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 22 Sep 2011 18:17:28 +0200 Subject: [PATCH 407/652] lavf/utils: only complain about aspect missmatch when the difference is "meassureable" Signed-off-by: Michael Niedermayer (cherry picked from commit e8d8517b160bd2dea1279d19ec0efd83e00c8c6c) --- libavformat/utils.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index 40f0089c77..eaa8bd901f 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -2958,7 +2958,9 @@ int avformat_write_header(AVFormatContext *s, AVDictionary **options) ret = AVERROR(EINVAL); goto fail; } - if(av_cmp_q(st->sample_aspect_ratio, st->codec->sample_aspect_ratio)){ + if(av_cmp_q(st->sample_aspect_ratio, st->codec->sample_aspect_ratio) + && FFABS(av_q2d(st->sample_aspect_ratio) - av_q2d(st->codec->sample_aspect_ratio)) > 0.001 + ){ av_log(s, AV_LOG_ERROR, "Aspect ratio mismatch between encoder and muxer layer\n"); ret = AVERROR(EINVAL); goto fail; From e394f7984c6b921210e40f39868597f3627606b8 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 23 Sep 2011 19:01:12 +0200 Subject: [PATCH 408/652] psxstr: improve probe to not misdetect so much. The score of 50 can probably be raised if needed Fixes Ticket490 Signed-off-by: Michael Niedermayer (cherry picked from commit 3f7dc480c1bf6abf4ac0f633a0c7e63d8eb29a55) --- libavformat/psxstr.c | 54 ++++++++++++++++++++++++++++++++++++-------- 1 file changed, 44 insertions(+), 10 deletions(-) diff --git a/libavformat/psxstr.c b/libavformat/psxstr.c index 744ae94459..b65bddd5c1 100644 --- a/libavformat/psxstr.c +++ b/libavformat/psxstr.c @@ -68,6 +68,8 @@ static const char sync_header[12] = {0x00,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xf static int str_probe(AVProbeData *p) { uint8_t *sector= p->buf; + uint8_t *end= sector + p->buf_size; + int aud=0, vid=0; if (p->buf_size < RAW_CD_SECTOR_SIZE) return 0; @@ -79,20 +81,52 @@ static int str_probe(AVProbeData *p) sector += RIFF_HEADER_SIZE; } - /* look for CD sync header (00, 0xFF x 10, 00) */ - if (memcmp(sector,sync_header,sizeof(sync_header))) - return 0; + while (end - sector >= RAW_CD_SECTOR_SIZE) { + /* look for CD sync header (00, 0xFF x 10, 00) */ + if (memcmp(sector,sync_header,sizeof(sync_header))) + return 0; - if(sector[0x11] >= 32) - return 0; - if( (sector[0x12] & CDXA_TYPE_MASK) != CDXA_TYPE_VIDEO - && (sector[0x12] & CDXA_TYPE_MASK) != CDXA_TYPE_AUDIO - && (sector[0x12] & CDXA_TYPE_MASK) != CDXA_TYPE_DATA) - return 0; + if (sector[0x11] >= 32) + return 0; + switch (sector[0x12] & CDXA_TYPE_MASK) { + case CDXA_TYPE_DATA: + case CDXA_TYPE_VIDEO: { + int current_sector = AV_RL16(§or[0x1C]); + int sector_count = AV_RL16(§or[0x1E]); + int frame_size = AV_RL32(§or[0x24]); + + if(!( frame_size>=0 + && current_sector < sector_count + && sector_count*VIDEO_DATA_CHUNK_SIZE >=frame_size)){ + return 0; + } + + /*st->codec->width = AV_RL16(§or[0x28]); + st->codec->height = AV_RL16(§or[0x2A]);*/ + +// if (current_sector == sector_count-1) { + vid++; +// } + + } + break; + case CDXA_TYPE_AUDIO: + if(sector[0x13]&0x2A) + return 0; + aud++; + break; + default: + if(sector[0x12] & CDXA_TYPE_MASK) + return 0; + } + sector += RAW_CD_SECTOR_SIZE; + } /* MPEG files (like those ripped from VCDs) can also look like this; * only return half certainty */ - return 50; + if(vid+aud > 3) return 50; + else if(vid+aud) return 1; + else return 0; } static int str_read_header(AVFormatContext *s, From 03e7314dd8662bdc20050c03d643b579c415a628 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 23 Sep 2011 22:30:27 +0200 Subject: [PATCH 409/652] aacsbr: add a assert0 to check for a inconsistency that occurd during debug. I dont know if this can happen normally but if so it would be quite bad. Signed-off-by: Michael Niedermayer (cherry picked from commit abe0dbea2e228621e97184e39159d189b6085fe3) Signed-off-by: Michael Niedermayer --- libavcodec/aacsbr.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/aacsbr.c b/libavcodec/aacsbr.c index 82092b385d..10b8daf280 100644 --- a/libavcodec/aacsbr.c +++ b/libavcodec/aacsbr.c @@ -33,6 +33,7 @@ #include "fft.h" #include "aacps.h" #include "libavutil/libm.h" +#include "libavutil/avassert.h" #include #include @@ -1457,6 +1458,7 @@ static void sbr_mapping(AACContext *ac, SpectralBandReplication *sbr, uint16_t *table = ch_data->bs_freq_res[e + 1] ? sbr->f_tablehigh : sbr->f_tablelow; int k; + av_assert0(sbr->kx[1] <= table[0]); for (i = 0; i < ilim; i++) for (m = table[i]; m < table[i + 1]; m++) sbr->e_origmapped[e][m - sbr->kx[1]] = ch_data->env_facs[e+1][i]; From 92566cf6eefe62d98d9e10e66c6e294e91d493b8 Mon Sep 17 00:00:00 2001 From: Jean First Date: Fri, 23 Sep 2011 23:39:26 +0200 Subject: [PATCH 410/652] tiffenc: Add forgotten avclass to context. (cherry picked from commit 43c481e56929789883f5b078e0e86d50fcc0025e) Signed-off-by: Michael Niedermayer --- libavcodec/tiffenc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/tiffenc.c b/libavcodec/tiffenc.c index f7228f128f..4a99a38831 100644 --- a/libavcodec/tiffenc.c +++ b/libavcodec/tiffenc.c @@ -42,6 +42,7 @@ static const uint8_t type_sizes2[6] = { }; typedef struct TiffEncoderContext { + AVClass *avclass; AVCodecContext *avctx; AVFrame picture; From 8c0a0f10df9bcb3494eb31cf42ab06371b68b195 Mon Sep 17 00:00:00 2001 From: Jean First Date: Fri, 23 Sep 2011 23:39:51 +0200 Subject: [PATCH 411/652] tiffenc: initialize forgotten avctx. (cherry picked from commit f7e797aa5c987c39b55666a2d41877ef2aec40bc) Signed-off-by: Michael Niedermayer --- libavcodec/tiffenc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/tiffenc.c b/libavcodec/tiffenc.c index 4a99a38831..97e1dd38c4 100644 --- a/libavcodec/tiffenc.c +++ b/libavcodec/tiffenc.c @@ -217,6 +217,7 @@ static int encode_frame(AVCodecContext * avctx, unsigned char *buf, uint8_t *yuv_line = NULL; int shift_h, shift_v; + s->avctx = avctx; s->buf_start = buf; s->buf = &ptr; s->buf_size = buf_size; From 1cf6348cf7ef2bbdbd0020ebeb508c2de08a08c4 Mon Sep 17 00:00:00 2001 From: Sean McGovern Date: Mon, 19 Sep 2011 21:32:09 -0400 Subject: [PATCH 412/652] fft: avoid a signed overflow As a signed integer, 1<<31 overflows, so force it to unsigned. Signed-off-by: Alex Converse (cherry picked from commit c2d3f561072132044114588a5f56b8e1974a2af7) Signed-off-by: Michael Niedermayer --- libavcodec/x86/fft_3dn2.c | 4 ++-- libavcodec/x86/fft_sse.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/libavcodec/x86/fft_3dn2.c b/libavcodec/x86/fft_3dn2.c index 2abb8cfbd7..7a6cac14c4 100644 --- a/libavcodec/x86/fft_3dn2.c +++ b/libavcodec/x86/fft_3dn2.c @@ -23,7 +23,7 @@ #include "libavcodec/dsputil.h" #include "fft.h" -DECLARE_ALIGNED(8, static const int, m1m1)[2] = { 1<<31, 1<<31 }; +DECLARE_ALIGNED(8, static const unsigned int, m1m1)[2] = { 1U<<31, 1U<<31 }; #ifdef EMULATE_3DNOWEXT #define PSWAPD(s,d)\ @@ -70,7 +70,7 @@ void ff_imdct_half_3dn2(FFTContext *s, FFTSample *output, const FFTSample *input in1 = input; in2 = input + n2 - 1; #ifdef EMULATE_3DNOWEXT - __asm__ volatile("movd %0, %%mm7" ::"r"(1<<31)); + __asm__ volatile("movd %0, %%mm7" ::"r"(1U<<31)); #endif for(k = 0; k < n4; k++) { // FIXME a single block is faster, but gcc 2.95 and 3.4.x on 32bit can't compile it diff --git a/libavcodec/x86/fft_sse.c b/libavcodec/x86/fft_sse.c index 26b933c810..43f19fff3b 100644 --- a/libavcodec/x86/fft_sse.c +++ b/libavcodec/x86/fft_sse.c @@ -24,8 +24,8 @@ #include "fft.h" #include "config.h" -DECLARE_ASM_CONST(16, int, ff_m1m1m1m1)[4] = - { 1 << 31, 1 << 31, 1 << 31, 1 << 31 }; +DECLARE_ASM_CONST(16, unsigned int, ff_m1m1m1m1)[4] = + { 1U << 31, 1U << 31, 1U << 31, 1U << 31 }; void ff_fft_dispatch_sse(FFTComplex *z, int nbits); void ff_fft_dispatch_interleave_sse(FFTComplex *z, int nbits); From 101e38e08a0745a1b99d83d17358c6e81a464f8d Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 24 Sep 2011 16:44:14 +0200 Subject: [PATCH 413/652] h264: Check for out of bounds reads in ff_h264_decode_extradata(). Signed-off-by: Michael Niedermayer (cherry picked from commit 57764c699671b32f0c70795feafc0c6d7491f198) --- libavcodec/h264.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index b844c38b56..8d44337b5b 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -1040,6 +1040,8 @@ int ff_h264_decode_extradata(H264Context *h) p += 6; for (i = 0; i < cnt; i++) { nalsize = AV_RB16(p) + 2; + if(nalsize > size - (p-buf)) + return -1; if(decode_nal_units(h, p, nalsize) < 0) { av_log(avctx, AV_LOG_ERROR, "Decoding sps %d from avcC failed\n", i); return -1; @@ -1050,6 +1052,8 @@ int ff_h264_decode_extradata(H264Context *h) cnt = *(p++); // Number of pps for (i = 0; i < cnt; i++) { nalsize = AV_RB16(p) + 2; + if(nalsize > size - (p-buf)) + return -1; if (decode_nal_units(h, p, nalsize) < 0) { av_log(avctx, AV_LOG_ERROR, "Decoding pps %d from avcC failed\n", i); return -1; From f71c761a9e2e528b739e6c86f624ac66357d2327 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 23 Sep 2011 05:42:45 +0200 Subject: [PATCH 414/652] h264: pass buffer & size to ff_h264_decode_extradata() Signed-off-by: Michael Niedermayer --- libavcodec/h264.c | 14 +++++++------- libavcodec/h264.h | 2 +- libavcodec/h264_parser.c | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 8d44337b5b..4a2b0f0a92 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -1018,17 +1018,17 @@ static av_cold void common_init(H264Context *h){ memset(h->pps.scaling_matrix8, 16, 2*64*sizeof(uint8_t)); } -int ff_h264_decode_extradata(H264Context *h) +int ff_h264_decode_extradata(H264Context *h, const uint8_t *buf, int size) { AVCodecContext *avctx = h->s.avctx; - if(avctx->extradata[0] == 1){ + if(buf[0] == 1){ int i, cnt, nalsize; - unsigned char *p = avctx->extradata; + const unsigned char *p = buf; h->is_avc = 1; - if(avctx->extradata_size < 7) { + if(size < 7) { av_log(avctx, AV_LOG_ERROR, "avcC too short\n"); return -1; } @@ -1061,10 +1061,10 @@ int ff_h264_decode_extradata(H264Context *h) p += nalsize; } // Now store right nal length size, that will be use to parse all other nals - h->nal_length_size = (avctx->extradata[4] & 0x03) + 1; + h->nal_length_size = (buf[4] & 0x03) + 1; } else { h->is_avc = 0; - if(decode_nal_units(h, avctx->extradata, avctx->extradata_size) < 0) + if(decode_nal_units(h, buf, size) < 0) return -1; } return 0; @@ -1108,7 +1108,7 @@ av_cold int ff_h264_decode_init(AVCodecContext *avctx){ } if(avctx->extradata_size > 0 && avctx->extradata && - ff_h264_decode_extradata(h)) + ff_h264_decode_extradata(h, avctx->extradata, avctx->extradata_size)) return -1; if(h->sps.bitstream_restriction_flag && s->avctx->has_b_frames < h->sps.num_reorder_frames){ diff --git a/libavcodec/h264.h b/libavcodec/h264.h index 76e9832975..822ba0271a 100644 --- a/libavcodec/h264.h +++ b/libavcodec/h264.h @@ -663,7 +663,7 @@ int ff_h264_check_intra_pred_mode(H264Context *h, int mode); void ff_h264_write_back_intra_pred_mode(H264Context *h); void ff_h264_hl_decode_mb(H264Context *h); int ff_h264_frame_start(H264Context *h); -int ff_h264_decode_extradata(H264Context *h); +int ff_h264_decode_extradata(H264Context *h, const uint8_t *buf, int size); av_cold int ff_h264_decode_init(AVCodecContext *avctx); av_cold int ff_h264_decode_end(AVCodecContext *avctx); av_cold void ff_h264_decode_init_vlc(void); diff --git a/libavcodec/h264_parser.c b/libavcodec/h264_parser.c index 080b6a93b5..d560d3f86a 100644 --- a/libavcodec/h264_parser.c +++ b/libavcodec/h264_parser.c @@ -251,7 +251,7 @@ static int h264_parse(AVCodecParserContext *s, h->got_first = 1; if (avctx->extradata_size) { h->s.avctx = avctx; - ff_h264_decode_extradata(h); + ff_h264_decode_extradata(h, avctx->extradata, avctx->extradata_size); } } From 35f8ad420a0b7ebcade81c2be3ca5968a5861ddc Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 24 Sep 2011 16:19:25 +0200 Subject: [PATCH 415/652] vp6:Reset the internal state when aborting key frames header parsing in vp6 decoder. It prevents leaving the state only half initialized. Signed-off-by: Michael Niedermayer (cherry picked from commit 91f104496bb7632ed5ff03798e06dd8af014f0d9) --- libavcodec/vp6.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavcodec/vp6.c b/libavcodec/vp6.c index d05a3618f7..3721d52192 100644 --- a/libavcodec/vp6.c +++ b/libavcodec/vp6.c @@ -137,8 +137,11 @@ static int vp6_parse_header(VP56Context *s, const uint8_t *buf, int buf_size, if (coeff_offset) { buf += coeff_offset; buf_size -= coeff_offset; - if (buf_size < 0) + if (buf_size < 0) { + if (s->framep[VP56_FRAME_CURRENT]->key_frame) + avcodec_set_dimensions(s->avctx, 0, 0); return 0; + } if (s->use_huffman) { s->parse_coeff = vp6_parse_coeff_huffman; init_get_bits(&s->gb, buf, buf_size<<3); From be22dc60f55bb99dcb0a90ad2e8773612a63a288 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 24 Sep 2011 16:16:40 +0200 Subject: [PATCH 416/652] vp56:Fix error recovery code on size changes in vp5/6 decoder Signed-off-by: Michael Niedermayer (cherry picked from commit 1aad9cd9d26adcca1d398a4cb3d67f89a6fa8967) --- libavcodec/vp56.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavcodec/vp56.c b/libavcodec/vp56.c index 30f3efbc46..5b787b6135 100644 --- a/libavcodec/vp56.c +++ b/libavcodec/vp56.c @@ -465,6 +465,7 @@ static int vp56_size_changed(AVCodecContext *avctx) s->mb_height = (avctx->coded_height+15) / 16; if (s->mb_width > 1000 || s->mb_height > 1000) { + avcodec_set_dimensions(avctx, 0, 0); av_log(avctx, AV_LOG_ERROR, "picture too big\n"); return -1; } @@ -519,8 +520,10 @@ int ff_vp56_decode_frame(AVCodecContext *avctx, void *data, int *data_size, if (s->frames[i].data[0]) avctx->release_buffer(avctx, &s->frames[i]); } - if (is_alpha) + if (is_alpha) { + avcodec_set_dimensions(avctx, 0, 0); return -1; + } } if (!is_alpha) { From 21c9d92646f375f0c3ff9b2bc7b2f5f07a150e74 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 24 Sep 2011 23:16:17 +0200 Subject: [PATCH 417/652] Fix potential overread in vmd audio decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit 00cbe9e4053fd562b6f21e76aca6636ff926b637) --- libavcodec/vmdav.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavcodec/vmdav.c b/libavcodec/vmdav.c index b9acfe921c..ebc8c7eb1d 100644 --- a/libavcodec/vmdav.c +++ b/libavcodec/vmdav.c @@ -523,7 +523,10 @@ static int vmdaudio_decode_frame(AVCodecContext *avctx, silent_chunks = 0; if (block_type == BLOCK_TYPE_INITIAL) { - uint32_t flags = AV_RB32(buf); + uint32_t flags; + if (buf_size < 4) + return -1; + flags = AV_RB32(buf); silent_chunks = av_popcount(flags); buf += 4; buf_size -= 4; From 1ed90c84f6ab75af91b08436cefb8ea464f8495b Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 24 Sep 2011 23:16:18 +0200 Subject: [PATCH 418/652] Check for invalid update parameters in vmd video decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit e7aed1280ea14b60fceae04d71dfd03e1daf2d04) --- libavcodec/vmdav.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/libavcodec/vmdav.c b/libavcodec/vmdav.c index ebc8c7eb1d..d7cd3bbb87 100644 --- a/libavcodec/vmdav.c +++ b/libavcodec/vmdav.c @@ -204,6 +204,16 @@ static void vmd_decode(VmdVideoContext *s) frame_y = AV_RL16(&s->buf[8]); frame_width = AV_RL16(&s->buf[10]) - frame_x + 1; frame_height = AV_RL16(&s->buf[12]) - frame_y + 1; + if (frame_x < 0 || frame_width < 0 || + frame_x >= s->avctx->width || + frame_width > s->avctx->width || + frame_x + frame_width > s->avctx->width) + return; + if (frame_y < 0 || frame_height < 0 || + frame_y >= s->avctx->height || + frame_height > s->avctx->height || + frame_y + frame_height > s->avctx->height) + return; if ((frame_width == s->avctx->width && frame_height == s->avctx->height) && (frame_x || frame_y)) { From d92bfc98f9f64fa891ee4a3640ba6c55e90540ef Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 24 Sep 2011 23:16:19 +0200 Subject: [PATCH 419/652] Prevent NULL dereferences when the previous frame is missing in vmd video decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit 6a6383bebcb03a785797007031ad1c9786a508a5) --- libavcodec/vmdav.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/libavcodec/vmdav.c b/libavcodec/vmdav.c index d7cd3bbb87..f5f8598919 100644 --- a/libavcodec/vmdav.c +++ b/libavcodec/vmdav.c @@ -226,8 +226,9 @@ static void vmd_decode(VmdVideoContext *s) /* if only a certain region will be updated, copy the entire previous * frame before the decode */ - if (frame_x || frame_y || (frame_width != s->avctx->width) || - (frame_height != s->avctx->height)) { + if (s->prev_frame.data[0] && + (frame_x || frame_y || (frame_width != s->avctx->width) || + (frame_height != s->avctx->height))) { memcpy(s->frame.data[0], s->prev_frame.data[0], s->avctx->height * s->frame.linesize[0]); @@ -272,7 +273,7 @@ static void vmd_decode(VmdVideoContext *s) ofs += len; } else { /* interframe pixel copy */ - if (ofs + len + 1 > frame_width) + if (ofs + len + 1 > frame_width || !s->prev_frame.data[0]) return; memcpy(&dp[ofs], &pp[ofs], len + 1); ofs += len + 1; @@ -312,7 +313,7 @@ static void vmd_decode(VmdVideoContext *s) ofs += len; } else { /* interframe pixel copy */ - if (ofs + len + 1 > frame_width) + if (ofs + len + 1 > frame_width || !s->prev_frame.data[0]) return; memcpy(&dp[ofs], &pp[ofs], len + 1); ofs += len + 1; From f40b04e9178c0a5246271c857437c6745276479c Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 24 Sep 2011 23:52:23 +0200 Subject: [PATCH 420/652] Prevent out of bound read in lz_unpack in vmd video decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit 5127f465bd3e2cf9cbf66dea3cf7b481b522d266) --- libavcodec/vmdav.c | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/libavcodec/vmdav.c b/libavcodec/vmdav.c index f5f8598919..d7cf18d62b 100644 --- a/libavcodec/vmdav.c +++ b/libavcodec/vmdav.c @@ -72,9 +72,11 @@ typedef struct VmdVideoContext { #define QUEUE_SIZE 0x1000 #define QUEUE_MASK 0x0FFF -static void lz_unpack(const unsigned char *src, unsigned char *dest, int dest_len) +static void lz_unpack(const unsigned char *src, int src_len, + unsigned char *dest, int dest_len) { const unsigned char *s; + const unsigned char *s_end; unsigned char *d; unsigned char *d_end; unsigned char queue[QUEUE_SIZE]; @@ -87,8 +89,12 @@ static void lz_unpack(const unsigned char *src, unsigned char *dest, int dest_le unsigned int i, j; s = src; + s_end = src + src_len; d = dest; d_end = d + dest_len; + + if (s_end - s < 8) + return; dataleft = AV_RL32(s); s += 4; memset(queue, 0x20, QUEUE_SIZE); @@ -101,10 +107,10 @@ static void lz_unpack(const unsigned char *src, unsigned char *dest, int dest_le speclen = 100; /* no speclen */ } - while (dataleft > 0) { + while (s_end - s > 0 && dataleft > 0) { tag = *s++; if ((tag == 0xFF) && (dataleft > 8)) { - if (d + 8 > d_end) + if (d + 8 > d_end || s_end - s < 8) return; for (i = 0; i < 8; i++) { queue[qpos++] = *d++ = *s++; @@ -116,17 +122,22 @@ static void lz_unpack(const unsigned char *src, unsigned char *dest, int dest_le if (dataleft == 0) break; if (tag & 0x01) { - if (d + 1 > d_end) + if (d + 1 > d_end || s_end - s < 1) return; queue[qpos++] = *d++ = *s++; qpos &= QUEUE_MASK; dataleft--; } else { + if (s_end - s < 2) + return; chainofs = *s++; chainofs |= ((*s & 0xF0) << 4); chainlen = (*s++ & 0x0F) + 3; - if (chainlen == speclen) + if (chainlen == speclen) { + if (s_end - s < 1) + return; chainlen = *s++ + 0xF + 3; + } if (d + chainlen > d_end) return; for (j = 0; j < chainlen; j++) { @@ -189,6 +200,7 @@ static void vmd_decode(VmdVideoContext *s) /* point to the start of the encoded data */ const unsigned char *p = s->buf + 16; + const unsigned char *p_end = s->buf + s->size; const unsigned char *pb; unsigned char meth; @@ -251,7 +263,7 @@ static void vmd_decode(VmdVideoContext *s) pb = p; meth = *pb++; if (meth & 0x80) { - lz_unpack(pb, s->unpack_buffer, s->unpack_buffer_size); + lz_unpack(pb, p_end - pb, s->unpack_buffer, s->unpack_buffer_size); meth &= 0x7F; pb = s->unpack_buffer; } From 08657a2a8a5f7dc420c41ffe0e1c7eb4878741fb Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 24 Sep 2011 23:52:24 +0200 Subject: [PATCH 421/652] Fix potential pointer arithmetic overflows in lz_unpack of vmd video decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit 78cb39d2b2ad731dd3b984b0c0711b9f1d6de004) --- libavcodec/vmdav.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavcodec/vmdav.c b/libavcodec/vmdav.c index d7cf18d62b..0a91d73ebe 100644 --- a/libavcodec/vmdav.c +++ b/libavcodec/vmdav.c @@ -110,7 +110,7 @@ static void lz_unpack(const unsigned char *src, int src_len, while (s_end - s > 0 && dataleft > 0) { tag = *s++; if ((tag == 0xFF) && (dataleft > 8)) { - if (d + 8 > d_end || s_end - s < 8) + if (d_end - d < 8 || s_end - s < 8) return; for (i = 0; i < 8; i++) { queue[qpos++] = *d++ = *s++; @@ -122,7 +122,7 @@ static void lz_unpack(const unsigned char *src, int src_len, if (dataleft == 0) break; if (tag & 0x01) { - if (d + 1 > d_end || s_end - s < 1) + if (d_end - d < 1 || s_end - s < 1) return; queue[qpos++] = *d++ = *s++; qpos &= QUEUE_MASK; @@ -138,7 +138,7 @@ static void lz_unpack(const unsigned char *src, int src_len, return; chainlen = *s++ + 0xF + 3; } - if (d + chainlen > d_end) + if (d_end - d < chainlen) return; for (j = 0; j < chainlen; j++) { *d = queue[chainofs++ & QUEUE_MASK]; From 55efeba2b554f8f2ea134d3d82d01062e0343828 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sun, 25 Sep 2011 00:08:49 +0200 Subject: [PATCH 422/652] Check for out of bound reads in vmd_decode() of vmd video decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit e07377e7366d038d6f28792c46745463a0542650) --- libavcodec/vmdav.c | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/libavcodec/vmdav.c b/libavcodec/vmdav.c index 0a91d73ebe..eb2d208389 100644 --- a/libavcodec/vmdav.c +++ b/libavcodec/vmdav.c @@ -203,6 +203,7 @@ static void vmd_decode(VmdVideoContext *s) const unsigned char *p_end = s->buf + s->size; const unsigned char *pb; + const unsigned char *pb_end; unsigned char meth; unsigned char *dp; /* pointer to current frame */ unsigned char *pp; /* pointer to previous frame */ @@ -248,6 +249,8 @@ static void vmd_decode(VmdVideoContext *s) /* check if there is a new palette */ if (s->buf[15] & 0x02) { + if (p_end - p < 2 + 3 * PALETTE_COUNT) + return; p += 2; palette32 = (unsigned int *)s->palette; for (i = 0; i < PALETTE_COUNT; i++) { @@ -256,16 +259,17 @@ static void vmd_decode(VmdVideoContext *s) b = *p++ * 4; palette32[i] = (r << 16) | (g << 8) | (b); } - s->size -= (256 * 3 + 2); } - if (s->size >= 0) { + if (p < p_end) { /* originally UnpackFrame in VAG's code */ pb = p; + pb_end = p_end; meth = *pb++; if (meth & 0x80) { lz_unpack(pb, p_end - pb, s->unpack_buffer, s->unpack_buffer_size); meth &= 0x7F; pb = s->unpack_buffer; + pb_end = s->unpack_buffer + s->unpack_buffer_size; } dp = &s->frame.data[0][frame_y * s->frame.linesize[0] + frame_x]; @@ -275,10 +279,12 @@ static void vmd_decode(VmdVideoContext *s) for (i = 0; i < frame_height; i++) { ofs = 0; do { + if (pb_end - pb < 1) + return; len = *pb++; if (len & 0x80) { len = (len & 0x7F) + 1; - if (ofs + len > frame_width) + if (ofs + len > frame_width || pb_end - pb < len) return; memcpy(&dp[ofs], pb, len); pb += len; @@ -303,6 +309,8 @@ static void vmd_decode(VmdVideoContext *s) case 2: for (i = 0; i < frame_height; i++) { + if (pb_end -pb < frame_width) + return; memcpy(dp, pb, frame_width); pb += frame_width; dp += s->frame.linesize[0]; @@ -314,13 +322,20 @@ static void vmd_decode(VmdVideoContext *s) for (i = 0; i < frame_height; i++) { ofs = 0; do { + if (pb_end - pb < 1) + return; len = *pb++; if (len & 0x80) { len = (len & 0x7F) + 1; + if (pb_end - pb < 1) + return; if (*pb++ == 0xFF) len = rle_unpack(pb, &dp[ofs], len, frame_width - ofs); - else + else { + if (pb_end - pb < len) + return; memcpy(&dp[ofs], pb, len); + } pb += len; ofs += len; } else { From 02bdeff1ef4915e1794a19184d567ef27e05c9c5 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sun, 25 Sep 2011 00:08:50 +0200 Subject: [PATCH 423/652] Fix out of bound reads in rle_unpack() of vmd video decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit 4749e074987d45cb98935a683a7ee8e1ee376d86) --- libavcodec/vmdav.c | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/libavcodec/vmdav.c b/libavcodec/vmdav.c index eb2d208389..90cbab8b3d 100644 --- a/libavcodec/vmdav.c +++ b/libavcodec/vmdav.c @@ -153,32 +153,39 @@ static void lz_unpack(const unsigned char *src, int src_len, } } -static int rle_unpack(const unsigned char *src, unsigned char *dest, - int src_len, int dest_len) +static int rle_unpack(const unsigned char *src, int src_len, int src_count, + unsigned char *dest, int dest_len) { const unsigned char *ps; + const unsigned char *ps_end; unsigned char *pd; int i, l; unsigned char *dest_end = dest + dest_len; ps = src; + ps_end = src + src_len; pd = dest; - if (src_len & 1) + if (src_count & 1) { + if (ps_end - ps < 1) + return 0; *pd++ = *ps++; + } - src_len >>= 1; + src_count >>= 1; i = 0; do { + if (ps_end - ps < 1) + break; l = *ps++; if (l & 0x80) { l = (l & 0x7F) * 2; - if (pd + l > dest_end) + if (pd + l > dest_end || ps_end - ps < l) return ps - src; memcpy(pd, ps, l); ps += l; pd += l; } else { - if (pd + i > dest_end) + if (pd + i > dest_end || ps_end - ps < 2) return ps - src; for (i = 0; i < l; i++) { *pd++ = ps[0]; @@ -187,7 +194,7 @@ static int rle_unpack(const unsigned char *src, unsigned char *dest, ps += 2; } i += l; - } while (i < src_len); + } while (i < src_count); return ps - src; } @@ -330,7 +337,7 @@ static void vmd_decode(VmdVideoContext *s) if (pb_end - pb < 1) return; if (*pb++ == 0xFF) - len = rle_unpack(pb, &dp[ofs], len, frame_width - ofs); + len = rle_unpack(pb, pb_end - pb, len, &dp[ofs], frame_width - ofs); else { if (pb_end - pb < len) return; From 1b26a734b23829f0756500f9cec2ac47baa65cd7 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sun, 25 Sep 2011 00:08:51 +0200 Subject: [PATCH 424/652] Fix potential pointer arithmetic overflows in rle_unpack() of vmd video decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit 35cb6854bb76b4a5b6f2aea2dce81e18d7ab61cd) --- libavcodec/vmdav.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/vmdav.c b/libavcodec/vmdav.c index 90cbab8b3d..1f9694ea29 100644 --- a/libavcodec/vmdav.c +++ b/libavcodec/vmdav.c @@ -179,13 +179,13 @@ static int rle_unpack(const unsigned char *src, int src_len, int src_count, l = *ps++; if (l & 0x80) { l = (l & 0x7F) * 2; - if (pd + l > dest_end || ps_end - ps < l) + if (dest_end - pd < l || ps_end - ps < l) return ps - src; memcpy(pd, ps, l); ps += l; pd += l; } else { - if (pd + i > dest_end || ps_end - ps < 2) + if (dest_end - pd < i || ps_end - ps < 2) return ps - src; for (i = 0; i < l; i++) { *pd++ = ps[0]; From 5681d74aaf7e241303aa8785dcdc9b6b437e1573 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 24 Sep 2011 18:39:13 +0200 Subject: [PATCH 425/652] Add av_calloc() helper. Signed-off-by: Michael Niedermayer (cherry picked from commit ccecab4a0d7f3f4f296551c2e22bbf12af7d14e8) --- libavutil/mem.c | 7 +++++++ libavutil/mem.h | 12 ++++++++++++ 2 files changed, 19 insertions(+) diff --git a/libavutil/mem.c b/libavutil/mem.c index 87c2008a27..44bfc8c34d 100644 --- a/libavutil/mem.c +++ b/libavutil/mem.c @@ -168,6 +168,13 @@ void *av_mallocz(size_t size) return ptr; } +void *av_calloc(size_t nmemb, size_t size) +{ + if (size <= 0 || nmemb >= INT_MAX / size) + return NULL; + return av_mallocz(nmemb * size); +} + char *av_strdup(const char *s) { char *ptr= NULL; diff --git a/libavutil/mem.h b/libavutil/mem.h index 7c30e160fb..be8a8bf222 100644 --- a/libavutil/mem.h +++ b/libavutil/mem.h @@ -106,6 +106,18 @@ void av_free(void *ptr); */ void *av_mallocz(size_t size) av_malloc_attrib av_alloc_size(1); +/** + * Allocate a block of nmemb * size bytes with alignment suitable for all + * memory accesses (including vectors if available on the CPU) and + * zero all the bytes of the block. + * The allocation will fail if nmemb * size is greater than or equal + * to INT_MAX. + * @param nmemb + * @param size + * @return Pointer to the allocated block, NULL if it cannot be allocated. + */ +void *av_calloc(size_t nmemb, size_t size) av_malloc_attrib; + /** * Duplicate the string s. * @param s string to be duplicated From 6109974cd95cc75a72704029e5608beaaf6691d5 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 25 Sep 2011 16:13:07 +0200 Subject: [PATCH 426/652] ffmpeg: increase bit_buffer_size, the header size is clearly too small for rgb48 raw based formats Signed-off-by: Michael Niedermayer (cherry picked from commit d8289ff9a9a3d0af416e70a1c864e1c6ce095656) --- ffmpeg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ffmpeg.c b/ffmpeg.c index 29060cf025..29a337ac2d 100644 --- a/ffmpeg.c +++ b/ffmpeg.c @@ -2379,9 +2379,9 @@ static int transcode(AVFormatContext **output_files, } } if(codec->codec_type == AVMEDIA_TYPE_VIDEO){ - /* maximum video buffer size is 6-bytes per pixel, plus DPX header size */ + /* maximum video buffer size is 6-bytes per pixel, plus DPX header size (1664)*/ int size= codec->width * codec->height; - bit_buffer_size= FFMAX(bit_buffer_size, 6*size + 1664); + bit_buffer_size= FFMAX(bit_buffer_size, 7*size + 10000); } } From 02affe2f0e8603533a80be9a1864cce0039e9c63 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Wed, 21 Sep 2011 19:10:58 +0200 Subject: [PATCH 427/652] Compile x86/swscale_template with -mno-red-zone. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replaces a very hackish hack to fix the same issue (call instruction overwriting stack variables). Signed-off-by: Reimar Döffinger (cherry picked from commit 424bcc46b5fb0d662e0fb9ad6319c5b9ef3d770f) --- configure | 5 +++++ libswscale/Makefile | 2 ++ libswscale/x86/swscale_template.c | 10 ---------- 3 files changed, 7 insertions(+), 10 deletions(-) diff --git a/configure b/configure index ef3697e3c4..b9badcafc6 100755 --- a/configure +++ b/configure @@ -3073,6 +3073,10 @@ else fi check_cflags -fno-math-errno check_cflags -fno-signed-zeros +check_cc -mno-red-zone < Date: Sat, 24 Sep 2011 18:00:16 +0200 Subject: [PATCH 428/652] h264: ff_h264_decode_extradata: check buffer args The buffer size and pointer were not checked prior to testing the first byte of the buffer. These were sometimes checked before calling, but it is better to add it inside the function as it takes buf and size arguments. Signed-off-by: Alexander Strasser (cherry picked from commit 715f259bf949b06df1b5ed0307606dc258754c99) --- libavcodec/h264.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 4a2b0f0a92..9c7bf24b5f 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -1022,6 +1022,9 @@ int ff_h264_decode_extradata(H264Context *h, const uint8_t *buf, int size) { AVCodecContext *avctx = h->s.avctx; + if(!buf || size <= 0) + return -1; + if(buf[0] == 1){ int i, cnt, nalsize; const unsigned char *p = buf; From 521dbccc1137fdf3c7ebdd75afe64a4d2567ba22 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sun, 25 Sep 2011 13:43:37 +0200 Subject: [PATCH 429/652] Fix return value on EOF in mpc v8 demuxer. Signed-off-by: Michael Niedermayer (cherry picked from commit 7ec5ea437fc88ca58d7ac3cd12dfa2f0fbd4011f) --- libavformat/mpc8.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mpc8.c b/libavformat/mpc8.c index b18726c6db..db23781613 100644 --- a/libavformat/mpc8.c +++ b/libavformat/mpc8.c @@ -264,7 +264,7 @@ static int mpc8_read_packet(AVFormatContext *s, AVPacket *pkt) return AVERROR(EIO); mpc8_handle_chunk(s, tag, pos, size); } - return 0; + return AVERROR_EOF; } static int mpc8_read_seek(AVFormatContext *s, int stream_index, int64_t timestamp, int flags) From cdb72c827c4fc3d8a2dfe939654fa885aaedbbd1 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sun, 25 Sep 2011 13:43:38 +0200 Subject: [PATCH 430/652] Check for out of bound bands limit in mpc v8 decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit 508e47a5751b063e5b3d1d6aceda8a19ad8b1d37) --- libavcodec/mpc8.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/mpc8.c b/libavcodec/mpc8.c index 2864b1a010..bca57451ca 100644 --- a/libavcodec/mpc8.c +++ b/libavcodec/mpc8.c @@ -127,6 +127,8 @@ static av_cold int mpc8_decode_init(AVCodecContext * avctx) skip_bits(&gb, 3);//sample rate c->maxbands = get_bits(&gb, 5) + 1; + if (c->maxbands >= BANDS) + return AVERROR_INVALIDDATA; channels = get_bits(&gb, 4) + 1; if (channels > 2) { av_log_missing_feature(avctx, "Multichannel MPC SV8", 1); @@ -260,6 +262,8 @@ static int mpc8_decode_frame(AVCodecContext * avctx, maxband = c->last_max_band + get_vlc2(gb, band_vlc.table, MPC8_BANDS_BITS, 2); if(maxband > 32) maxband -= 33; } + if(maxband > c->maxbands) + return AVERROR_INVALIDDATA; c->last_max_band = maxband; /* read subband indexes */ From be1ae17ec0e03b494e0ab9f1eedefe83cebd7f4e Mon Sep 17 00:00:00 2001 From: tipok Date: Mon, 26 Sep 2011 02:28:21 +0200 Subject: [PATCH 431/652] libaac+ support Signed-off-by: Michael Niedermayer --- Changelog | 1 + LICENSE | 6 +- configure | 7 +++ doc/general.texi | 4 +- libavcodec/Makefile | 1 + libavcodec/allcodecs.c | 1 + libavcodec/libaacplus.c | 136 ++++++++++++++++++++++++++++++++++++++++ 7 files changed, 152 insertions(+), 4 deletions(-) create mode 100644 libavcodec/libaacplus.c diff --git a/Changelog b/Changelog index 0b38b880f6..2a2089d98a 100644 --- a/Changelog +++ b/Changelog @@ -61,6 +61,7 @@ version 0.7_beta1: - Demuxer for On2's IVF format - Pictor/PC Paint decoder - HE-AAC v2 decoder +- HE-AAC v2 encoding with libaacplus - libfaad2 wrapper removed - DTS-ES extension (XCh) decoding support - native VP8 decoder diff --git a/LICENSE b/LICENSE index 8d4d6515b0..7272b90f8d 100644 --- a/LICENSE +++ b/LICENSE @@ -41,6 +41,6 @@ is incompatible with the LGPL v2.1 and the GPL v2, but not with version 3 of those licenses. So to combine the OpenCORE libraries with FFmpeg, the license version needs to be upgraded by passing --enable-version3 to configure. -The nonfree external library libfaac can be hooked up in FFmpeg. You need to -pass --enable-nonfree to configure to enable it. Employ this option with care -as FFmpeg then becomes nonfree and unredistributable. +The nonfree external libraries libfaac and libaacplus can be hooked up in FFmpeg. +You need to pass --enable-nonfree to configure to enable it. Employ this option +with care as FFmpeg then becomes nonfree and unredistributable. diff --git a/configure b/configure index b9badcafc6..d1169d4863 100755 --- a/configure +++ b/configure @@ -162,6 +162,7 @@ External library support: --enable-bzlib enable bzlib [autodetect] --enable-libcelt enable CELT/Opus decoding via libcelt [no] --enable-frei0r enable frei0r video filtering + --enable-libaacplus enable AAC+ encoding via libaacplus [no] --enable-libopencore-amrnb enable AMR-NB de/encoding via libopencore-amrnb [no] --enable-libopencore-amrwb enable AMR-WB decoding via libopencore-amrwb [no] --enable-libopencv enable video filtering via libopencv [no] @@ -927,6 +928,8 @@ CONFIG_LIST=" h264pred hardcoded_tables huffman + libaacplus + libcdio libcelt libdc1394 libdirac @@ -1401,6 +1404,7 @@ vdpau_deps="vdpau_vdpau_h vdpau_vdpau_x11_h" h264_parser_select="golomb h264dsp h264pred" # external libraries +libaacplus_encoder_deps="libaacplus" libcelt_decoder_deps="libcelt" libdirac_decoder_deps="libdirac !libschroedinger" libdirac_encoder_deps="libdirac" @@ -2584,6 +2588,7 @@ die_license_disabled gpl libxavs die_license_disabled gpl libxvid die_license_disabled gpl x11grab +die_license_disabled nonfree libaacplus die_license_disabled nonfree libfaac die_license_disabled version3 libopencore_amrnb @@ -2916,6 +2921,7 @@ check_mathfunc truncf enabled avisynth && require2 vfw32 "windows.h vfw.h" AVIFileInit -lavifil32 enabled libcelt && require libcelt celt/celt.h celt_decode -lcelt0 enabled frei0r && { check_header frei0r.h || die "ERROR: frei0r.h header not found"; } +enabled libaacplus && require "libaacplus >= 2.0.0" aacplus.h aacplusEncOpen -laacplus enabled libdc1394 && require_pkg_config libdc1394-2 dc1394/dc1394.h dc1394_new enabled libdirac && require_pkg_config dirac \ "libdirac_decoder/dirac_parser.h libdirac_encoder/dirac_encoder.h" \ @@ -3227,6 +3233,7 @@ echo "frei0r enabled ${frei0r-no}" echo "libdc1394 support ${libdc1394-no}" echo "libdirac enabled ${libdirac-no}" echo "libfaac enabled ${libfaac-no}" +echo "libaacplus enabled ${libaacplus-no}" echo "libgsm enabled ${libgsm-no}" echo "libmp3lame enabled ${libmp3lame-no}" echo "libnut enabled ${libnut-no}" diff --git a/doc/general.texi b/doc/general.texi index b193240b01..db78efef78 100644 --- a/doc/general.texi +++ b/doc/general.texi @@ -542,6 +542,8 @@ following image formats are supported: @multitable @columnfractions .4 .1 .1 .4 @item Name @tab Encoding @tab Decoding @tab Comments @item 8SVX audio @tab @tab X +@item AAC+ @tab E @tab X + @tab encoding supported through external library libaacplus @item AAC @tab E @tab X @tab encoding supported through external library libfaac and libvo-aacenc @item AC-3 @tab IX @tab X @@ -1060,7 +1062,7 @@ These library packages are only available from Cygwin Ports (@url{http://sourceware.org/cygwinports/}) : @example -yasm, libSDL-devel, libdirac-devel, libfaac-devel, libgsm-devel, +yasm, libSDL-devel, libdirac-devel, libfaac-devel, libaacplus-devel, libgsm-devel, libmp3lame-devel, libschroedinger1.0-devel, speex-devel, libtheora-devel, libxvidcore-devel @end example diff --git a/libavcodec/Makefile b/libavcodec/Makefile index 738fb264c0..5c6bedc27c 100644 --- a/libavcodec/Makefile +++ b/libavcodec/Makefile @@ -567,6 +567,7 @@ OBJS-$(CONFIG_WEBM_MUXER) += xiph.o mpeg4audio.o \ OBJS-$(CONFIG_WTV_DEMUXER) += mpeg4audio.o mpegaudiodata.o # external codec libraries +OBJS-$(CONFIG_LIBAACPLUS_ENCODER) += libaacplus.o OBJS-$(CONFIG_LIBCELT_DECODER) += libcelt_dec.o OBJS-$(CONFIG_LIBDIRAC_DECODER) += libdiracdec.o OBJS-$(CONFIG_LIBDIRAC_ENCODER) += libdiracenc.o libdirac_libschro.o diff --git a/libavcodec/allcodecs.c b/libavcodec/allcodecs.c index f1c664f5d1..c038524f75 100644 --- a/libavcodec/allcodecs.c +++ b/libavcodec/allcodecs.c @@ -370,6 +370,7 @@ void avcodec_register_all(void) REGISTER_ENCDEC (XSUB, xsub); /* external libraries */ + REGISTER_ENCODER (LIBAACPLUS, libaacplus); REGISTER_DECODER (LIBCELT, libcelt); REGISTER_ENCDEC (LIBDIRAC, libdirac); REGISTER_ENCODER (LIBFAAC, libfaac); diff --git a/libavcodec/libaacplus.c b/libavcodec/libaacplus.c new file mode 100644 index 0000000000..c8c87be549 --- /dev/null +++ b/libavcodec/libaacplus.c @@ -0,0 +1,136 @@ +/* + * Interface to libaacplus for aac+ (sbr+ps) encoding + * Copyright (c) 2010 tipok + * + * This file is part of FFmpeg. + * + * FFmpeg is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * FFmpeg is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with FFmpeg; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +/** + * @file + * Interface to libaacplus for aac+ (sbr+ps) encoding. + */ + +#include "avcodec.h" +#include + +typedef struct aacPlusAudioContext { + aacplusEncHandle aacplus_handle; +} aacPlusAudioContext; + +static av_cold int aacPlus_encode_init(AVCodecContext *avctx) +{ + aacPlusAudioContext *s = avctx->priv_data; + aacplusEncConfiguration *aacplus_cfg; + unsigned long samples_input, max_bytes_output; + + /* number of channels */ + if (avctx->channels < 1 || avctx->channels > 2) { + av_log(avctx, AV_LOG_ERROR, "encoding %d channel(s) is not allowed\n", avctx->channels); + return -1; + } + + s->aacplus_handle = aacplusEncOpen(avctx->sample_rate, + avctx->channels, + &samples_input, &max_bytes_output); + if(!s->aacplus_handle) { + av_log(avctx, AV_LOG_ERROR, "can't open encoder\n"); + return -1; + } + + /* check aacplus version */ + aacplus_cfg = aacplusEncGetCurrentConfiguration(s->aacplus_handle); + + /* put the options in the configuration struct */ + if(avctx->profile != FF_PROFILE_AAC_LOW && avctx->profile != FF_PROFILE_UNKNOWN) { + av_log(avctx, AV_LOG_ERROR, "invalid AAC profile: %d, only LC supported\n", avctx->profile); + aacplusEncClose(s->aacplus_handle); + return -1; + } + + aacplus_cfg->bitRate = avctx->bit_rate; + aacplus_cfg->bandWidth = avctx->cutoff; + if (avctx->flags & CODEC_FLAG_GLOBAL_HEADER) { + aacplus_cfg->outputFormat = 0; //raw aac + } + aacplus_cfg->inputFormat = AACPLUS_INPUT_16BIT; + if (!aacplusEncSetConfiguration(s->aacplus_handle, aacplus_cfg)) { + av_log(avctx, AV_LOG_ERROR, "libaacplus doesn't support this output format!\n"); + return -1; + } + + avctx->frame_size = samples_input / avctx->channels; + + avctx->coded_frame= avcodec_alloc_frame(); + avctx->coded_frame->key_frame= 1; + + /* Set decoder specific info */ + avctx->extradata_size = 0; + if (avctx->flags & CODEC_FLAG_GLOBAL_HEADER) { + + unsigned char *buffer = NULL; + unsigned long decoder_specific_info_size; + + if (aacplusEncGetDecoderSpecificInfo(s->aacplus_handle, &buffer, + &decoder_specific_info_size) == 1) { + avctx->extradata = av_malloc(decoder_specific_info_size + FF_INPUT_BUFFER_PADDING_SIZE); + avctx->extradata_size = decoder_specific_info_size; + memcpy(avctx->extradata, buffer, avctx->extradata_size); + } +#undef free + free(buffer); +#define free please_use_av_free + } + return 0; +} + +static int aacPlus_encode_frame(AVCodecContext *avctx, + unsigned char *frame, int buf_size, void *data) +{ + aacPlusAudioContext *s = avctx->priv_data; + int bytes_written; + + bytes_written = aacplusEncEncode(s->aacplus_handle, + data, + avctx->frame_size * avctx->channels, + frame, + buf_size); + + return bytes_written; +} + +static av_cold int aacPlus_encode_close(AVCodecContext *avctx) +{ + aacPlusAudioContext *s = avctx->priv_data; + + av_freep(&avctx->coded_frame); + av_freep(&avctx->extradata); + + aacplusEncClose(s->aacplus_handle); + return 0; +} + +AVCodec ff_libaacplus_encoder = { + "libaacplus", + AVMEDIA_TYPE_AUDIO, + CODEC_ID_AAC, + sizeof(aacPlusAudioContext), + aacPlus_encode_init, + aacPlus_encode_frame, + aacPlus_encode_close, + .sample_fmts = (const enum SampleFormat[]){SAMPLE_FMT_S16,SAMPLE_FMT_NONE}, + .long_name = NULL_IF_CONFIG_SMALL("libaacplus AAC+ (Advanced Audio Codec with SBR+PS)"), +}; From 7e362df304121003fda7705917d5e797b48a0920 Mon Sep 17 00:00:00 2001 From: Mike Scheutzow Date: Mon, 26 Sep 2011 10:57:53 -0400 Subject: [PATCH 432/652] Fix a buffer overflow in libx264 interface to x264 encoder. Previous code ignored the compressed buffer size passed in. This change returns as many complete NALs as can fit in the buffer, and logs an error message. Signed-off-by: Mike Scheutzow Signed-off-by: Michael Niedermayer (cherry picked from commit e2dae1faa84ada5746ac2114de7eb68abd824131) --- libavcodec/libx264.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/libavcodec/libx264.c b/libavcodec/libx264.c index cc5b9837f8..bf542accdf 100644 --- a/libavcodec/libx264.c +++ b/libavcodec/libx264.c @@ -70,9 +70,14 @@ static int encode_nals(AVCodecContext *ctx, uint8_t *buf, int size, /* Write the SEI as part of the first frame. */ if (x4->sei_size > 0 && nnal > 0) { + if (x4->sei_size > size) { + av_log(ctx, AV_LOG_ERROR, "Error: nal buffer is too small\n"); + return -1; + } memcpy(p, x4->sei, x4->sei_size); p += x4->sei_size; x4->sei_size = 0; + // why is x4->sei not freed? } for (i = 0; i < nnal; i++){ @@ -83,6 +88,11 @@ static int encode_nals(AVCodecContext *ctx, uint8_t *buf, int size, memcpy(x4->sei, nals[i].p_payload, nals[i].i_payload); continue; } + if (nals[i].i_payload > (size - (p - buf))) { + // return only complete nals which fit in buf + av_log(ctx, AV_LOG_ERROR, "Error: nal buffer is too small\n"); + break; + } memcpy(p, nals[i].p_payload, nals[i].i_payload); p += nals[i].i_payload; } From 20047f77b9592da17e8bc56e54d3b2e2ca6959a9 Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Tue, 13 Sep 2011 15:13:44 -0400 Subject: [PATCH 433/652] flacdec: fix buffer size checking in get_metadata_size() Adds an additional check before reading the next block header and avoids a potential integer overflow when checking the metadata size against the remaining buffer size. (cherry picked from commit 4c5e7b27d57dd2be777780e840eef9be63242158) --- libavcodec/flacdec.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavcodec/flacdec.c b/libavcodec/flacdec.c index ece095cf09..011c75faae 100644 --- a/libavcodec/flacdec.c +++ b/libavcodec/flacdec.c @@ -228,9 +228,11 @@ static int get_metadata_size(const uint8_t *buf, int buf_size) buf += 4; do { + if (buf_end - buf < 4) + return 0; ff_flac_parse_block_header(buf, &metadata_last, NULL, &metadata_size); buf += 4; - if (buf + metadata_size > buf_end) { + if (buf_end - buf < metadata_size) { /* need more data in order to read the complete header */ return 0; } From 4db466db9703fc348cc976387312afd6c283debe Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Mon, 12 Sep 2011 08:55:43 -0400 Subject: [PATCH 434/652] ws_snd: decode to AV_SAMPLE_FMT_U8 instead of S16. 8-bit unsigned is the native sample format. (cherry picked from commit 2322ced8da990835717a176b8d2c32961cfecd3e) --- libavcodec/ws-snd1.c | 47 ++++++++++++++++++++++---------------------- 1 file changed, 24 insertions(+), 23 deletions(-) diff --git a/libavcodec/ws-snd1.c b/libavcodec/ws-snd1.c index d6a60d441f..1fb294d753 100644 --- a/libavcodec/ws-snd1.c +++ b/libavcodec/ws-snd1.c @@ -37,13 +37,11 @@ static const int8_t ws_adpcm_4bit[] = { -9, -8, -6, -5, -4, -3, -2, -1, 0, 1, 2, 3, 4, 5, 6, 8 }; -#define CLIP8(a) if(a>127)a=127;if(a<-128)a=-128; - static av_cold int ws_snd_decode_init(AVCodecContext * avctx) { // WSSNDContext *c = avctx->priv_data; - avctx->sample_fmt = AV_SAMPLE_FMT_S16; + avctx->sample_fmt = AV_SAMPLE_FMT_U8; return 0; } @@ -56,15 +54,14 @@ static int ws_snd_decode_frame(AVCodecContext *avctx, // WSSNDContext *c = avctx->priv_data; int in_size, out_size; - int sample = 0; + int sample = 128; int i; - short *samples = data; + uint8_t *samples = data; if (!buf_size) return 0; out_size = AV_RL16(&buf[0]); - *data_size = out_size * 2; in_size = AV_RL16(&buf[2]); buf += 4; @@ -76,9 +73,12 @@ static int ws_snd_decode_frame(AVCodecContext *avctx, av_log(avctx, AV_LOG_ERROR, "Frame data is larger than input buffer\n"); return -1; } + + *data_size = out_size; + if (in_size == out_size) { for (i = 0; i < out_size; i++) - *samples++ = (*buf++ - 0x80) << 8; + *samples++ = *buf++; return buf_size; } @@ -93,17 +93,17 @@ static int ws_snd_decode_frame(AVCodecContext *avctx, for (count++; count > 0; count--) { code = *buf++; sample += ws_adpcm_2bit[code & 0x3]; - CLIP8(sample); - *samples++ = sample << 8; + sample = av_clip_uint8(sample); + *samples++ = sample; sample += ws_adpcm_2bit[(code >> 2) & 0x3]; - CLIP8(sample); - *samples++ = sample << 8; + sample = av_clip_uint8(sample); + *samples++ = sample; sample += ws_adpcm_2bit[(code >> 4) & 0x3]; - CLIP8(sample); - *samples++ = sample << 8; + sample = av_clip_uint8(sample); + *samples++ = sample; sample += ws_adpcm_2bit[(code >> 6) & 0x3]; - CLIP8(sample); - *samples++ = sample << 8; + sample = av_clip_uint8(sample); + *samples++ = sample; out_size -= 4; } break; @@ -111,11 +111,11 @@ static int ws_snd_decode_frame(AVCodecContext *avctx, for (count++; count > 0; count--) { code = *buf++; sample += ws_adpcm_4bit[code & 0xF]; - CLIP8(sample); - *samples++ = sample << 8; + sample = av_clip_uint8(sample); + *samples++ = sample; sample += ws_adpcm_4bit[code >> 4]; - CLIP8(sample); - *samples++ = sample << 8; + sample = av_clip_uint8(sample); + *samples++ = sample; out_size -= 2; } break; @@ -125,19 +125,20 @@ static int ws_snd_decode_frame(AVCodecContext *avctx, t = count; t <<= 3; sample += t >> 3; - *samples++ = sample << 8; + sample = av_clip_uint8(sample); + *samples++ = sample; out_size--; } else { /* copy */ for (count++; count > 0; count--) { - *samples++ = (*buf++ - 0x80) << 8; + *samples++ = *buf++; out_size--; } - sample = buf[-1] - 0x80; + sample = buf[-1]; } break; default: /* run */ for(count++; count > 0; count--) { - *samples++ = sample << 8; + *samples++ = sample; out_size--; } } From 915b905a1b7ee9bd1a1526387abf009a755a8df2 Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Mon, 12 Sep 2011 09:41:06 -0400 Subject: [PATCH 435/652] ws_snd: add some checks to prevent buffer overread or overwrite. (cherry picked from commit 417364ce1f979031ef6fee661fc15e1869bdb1b4) --- libavcodec/ws-snd1.c | 32 ++++++++++++++++++++++++++++---- 1 file changed, 28 insertions(+), 4 deletions(-) diff --git a/libavcodec/ws-snd1.c b/libavcodec/ws-snd1.c index 1fb294d753..48414c7201 100644 --- a/libavcodec/ws-snd1.c +++ b/libavcodec/ws-snd1.c @@ -61,6 +61,11 @@ static int ws_snd_decode_frame(AVCodecContext *avctx, if (!buf_size) return 0; + if (buf_size < 4) { + av_log(avctx, AV_LOG_ERROR, "packet is too small\n"); + return AVERROR(EINVAL); + } + out_size = AV_RL16(&buf[0]); in_size = AV_RL16(&buf[2]); buf += 4; @@ -74,20 +79,37 @@ static int ws_snd_decode_frame(AVCodecContext *avctx, return -1; } - *data_size = out_size; - if (in_size == out_size) { for (i = 0; i < out_size; i++) *samples++ = *buf++; + *data_size = out_size; return buf_size; } - while (out_size > 0) { - int code; + while (out_size > 0 && buf - avpkt->data < buf_size) { + int code, smp, size; uint8_t count; code = (*buf) >> 6; count = (*buf) & 0x3F; buf++; + + /* make sure we don't write more than out_size samples */ + switch (code) { + case 0: smp = 4; break; + case 1: smp = 2; break; + case 2: smp = (count & 0x20) ? 1 : count + 1; break; + default: smp = count + 1; break; + } + if (out_size < smp) { + out_size = 0; + break; + } + + /* make sure we don't read past the input buffer */ + size = ((code == 2 && (count & 0x20)) || code == 3) ? 0 : count + 1; + if ((buf - avpkt->data) + size > buf_size) + break; + switch(code) { case 0: /* ADPCM 2-bit */ for (count++; count > 0; count--) { @@ -144,6 +166,8 @@ static int ws_snd_decode_frame(AVCodecContext *avctx, } } + *data_size = samples - (uint8_t *)data; + return buf_size; } From 857c7e122b102da5c635852a32ba067157575311 Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Mon, 12 Sep 2011 09:44:21 -0400 Subject: [PATCH 436/652] ws_snd: make sure number of channels is 1 (cherry picked from commit 6a818cb3ff2056d43361e5fd09e318cd2ca2a7b4) --- libavcodec/ws-snd1.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/ws-snd1.c b/libavcodec/ws-snd1.c index 48414c7201..f92c3531e0 100644 --- a/libavcodec/ws-snd1.c +++ b/libavcodec/ws-snd1.c @@ -41,6 +41,11 @@ static av_cold int ws_snd_decode_init(AVCodecContext * avctx) { // WSSNDContext *c = avctx->priv_data; + if (avctx->channels != 1) { + av_log_ask_for_sample(avctx, "unsupported number of channels\n"); + return AVERROR(EINVAL); + } + avctx->sample_fmt = AV_SAMPLE_FMT_U8; return 0; } From 9770127cd8b16053b23a3f9fa693f23e18f410c6 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Mon, 26 Sep 2011 23:37:29 +0200 Subject: [PATCH 437/652] Validate the number of audio channels before using it in wmapro decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit fc64434030a8e214fed4179733e49026e7550da5) --- libavcodec/wmaprodec.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/libavcodec/wmaprodec.c b/libavcodec/wmaprodec.c index b0b98f1d98..03fb4a67e1 100644 --- a/libavcodec/wmaprodec.c +++ b/libavcodec/wmaprodec.c @@ -309,10 +309,6 @@ static av_cold int decode_init(AVCodecContext *avctx) s->samples_per_frame = 1 << ff_wma_get_frame_len_bits(avctx->sample_rate, 3, s->decode_flags); - /** init previous block len */ - for (i = 0; i < avctx->channels; i++) - s->channel[i].prev_block_len = s->samples_per_frame; - /** subframe info */ log2_max_num_subframes = ((s->decode_flags & 0x38) >> 3); s->max_num_subframes = 1 << log2_max_num_subframes; @@ -332,6 +328,18 @@ static av_cold int decode_init(AVCodecContext *avctx) s->num_channels = avctx->channels; + if (s->num_channels < 0) { + av_log(avctx, AV_LOG_ERROR, "invalid number of channels %d\n", s->num_channels); + return AVERROR_INVALIDDATA; + } else if (s->num_channels > WMAPRO_MAX_CHANNELS) { + av_log_ask_for_sample(avctx, "unsupported number of channels\n"); + return AVERROR_PATCHWELCOME; + } + + /** init previous block len */ + for (i = 0; i < s->num_channels; i++) + s->channel[i].prev_block_len = s->samples_per_frame; + /** extract lfe channel position */ s->lfe_channel = -1; @@ -343,14 +351,6 @@ static av_cold int decode_init(AVCodecContext *avctx) } } - if (s->num_channels < 0) { - av_log(avctx, AV_LOG_ERROR, "invalid number of channels %d\n", s->num_channels); - return AVERROR_INVALIDDATA; - } else if (s->num_channels > WMAPRO_MAX_CHANNELS) { - av_log_ask_for_sample(avctx, "unsupported number of channels\n"); - return AVERROR_PATCHWELCOME; - } - INIT_VLC_STATIC(&sf_vlc, SCALEVLCBITS, HUFF_SCALE_SIZE, scale_huffbits, 1, 1, scale_huffcodes, 2, 2, 616); From 9851184d304c85b6863dd3a7553e81f4cba32cfa Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Mon, 26 Sep 2011 23:37:30 +0200 Subject: [PATCH 438/652] Reset internal state on corrupted blocks in wavpack decoder. wavpack_decode_block() supposes that it is called back with the exact same buffer unless it has returned with an error. With multi-channels files, wavpack_decode_frame() was breaking this assumption. Signed-off-by: Michael Niedermayer (cherry picked from commit c2a016ad4d9c29285813ba5806189e63e063e0fb) --- libavcodec/wavpack.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c index a785b90046..28e866356d 100644 --- a/libavcodec/wavpack.c +++ b/libavcodec/wavpack.c @@ -1173,6 +1173,15 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no, return samplecount * bpp; } +static void wavpack_decode_flush(AVCodecContext *avctx) +{ + WavpackContext *s = avctx->priv_data; + int i; + + for (i = 0; i < s->fdec_num; i++) + wv_reset_saved_context(s->fdec[i]); +} + static int wavpack_decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPacket *avpkt) @@ -1205,11 +1214,14 @@ static int wavpack_decode_frame(AVCodecContext *avctx, if(frame_size < 0 || frame_size > buf_size){ av_log(avctx, AV_LOG_ERROR, "Block %d has invalid size (size %d vs. %d bytes left)\n", s->block, frame_size, buf_size); + wavpack_decode_flush(avctx); return -1; } if((samplecount = wavpack_decode_block(avctx, s->block, data, - data_size, buf, frame_size)) < 0) + data_size, buf, frame_size)) < 0) { + wavpack_decode_flush(avctx); return -1; + } s->block++; buf += frame_size; buf_size -= frame_size; } From 184a156f7aac93cc0e354f526f9842f648c0b433 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Tue, 27 Sep 2011 01:02:16 +0200 Subject: [PATCH 439/652] Check for various out of bound writes in the bink decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit 36bf135d4c32973933000a819208df7da9dd3e16) --- libavcodec/bink.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/libavcodec/bink.c b/libavcodec/bink.c index 4328a43525..b3e53b8a32 100644 --- a/libavcodec/bink.c +++ b/libavcodec/bink.c @@ -343,14 +343,14 @@ static int read_motion_values(AVCodecContext *avctx, GetBitContext *gb, Bundle * memset(b->cur_dec, v, t); b->cur_dec += t; } else { - do { + while (b->cur_dec < dec_end) { v = GET_HUFF(gb, b->tree); if (v) { sign = -get_bits1(gb); v = (v ^ sign) - sign; } *b->cur_dec++ = v; - } while (b->cur_dec < dec_end); + } } return 0; } @@ -374,7 +374,7 @@ static int read_block_types(AVCodecContext *avctx, GetBitContext *gb, Bundle *b) memset(b->cur_dec, v, t); b->cur_dec += t; } else { - do { + while (b->cur_dec < dec_end) { v = GET_HUFF(gb, b->tree); if (v < 12) { last = v; @@ -382,10 +382,12 @@ static int read_block_types(AVCodecContext *avctx, GetBitContext *gb, Bundle *b) } else { int run = bink_rlelens[v - 12]; + if (dec_end - b->cur_dec < run) + return -1; memset(b->cur_dec, last, run); b->cur_dec += run; } - } while (b->cur_dec < dec_end); + } } return 0; } @@ -456,6 +458,7 @@ static int read_dcs(AVCodecContext *avctx, GetBitContext *gb, Bundle *b, { int i, j, len, len2, bsize, sign, v, v2; int16_t *dst = (int16_t*)b->cur_dec; + int16_t *dst_end =( int16_t*)b->data_end; CHECK_READ_VAL(gb, b, len); v = get_bits(gb, start_bits - has_sign); @@ -463,10 +466,14 @@ static int read_dcs(AVCodecContext *avctx, GetBitContext *gb, Bundle *b, sign = -get_bits1(gb); v = (v ^ sign) - sign; } + if (dst_end - dst < 1) + return -1; *dst++ = v; len--; for (i = 0; i < len; i += 8) { len2 = FFMIN(len - i, 8); + if (dst_end - dst < len2) + return -1; bsize = get_bits(gb, 4); if (bsize) { for (j = 0; j < len2; j++) { @@ -534,6 +541,8 @@ static int binkb_read_bundle(BinkContext *c, GetBitContext *gb, int bundle_num) int i, len; CHECK_READ_VAL(gb, b, len); + if (b->data_end - b->cur_dec < len * (1 + (bits > 8))) + return -1; if (bits <= 8) { if (!issigned) { for (i = 0; i < len; i++) From 1860053820a4a3a9cefa5131dbd263645944bc77 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Tue, 27 Sep 2011 01:02:17 +0200 Subject: [PATCH 440/652] Check for out of bound writes when building tree in bink decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit 254af56dd101bc756194dd080bb99e8f123500dd) --- libavcodec/bink.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/bink.c b/libavcodec/bink.c index b3e53b8a32..f4fa44b761 100644 --- a/libavcodec/bink.c +++ b/libavcodec/bink.c @@ -246,7 +246,7 @@ static void read_tree(GetBitContext *gb, Tree *tree) tree->syms[i] = get_bits(gb, 4); tmp1[tree->syms[i]] = 1; } - for (i = 0; i < 16; i++) + for (i = 0; i < 16 && len < 16 - 1; i++) if (!tmp1[i]) tree->syms[++len] = i; } else { From 08decaeb95f20821df993a7c3b1692ce654ad390 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Tue, 27 Sep 2011 20:22:13 +0200 Subject: [PATCH 441/652] Prevent NULL dereferences when missing the reference frame in the bink decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit 66aae97a60fcd8658f18c484b5af898a48d0e3f9) --- libavcodec/bink.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/libavcodec/bink.c b/libavcodec/bink.c index f4fa44b761..63f17eb577 100644 --- a/libavcodec/bink.c +++ b/libavcodec/bink.c @@ -973,8 +973,9 @@ static int bink_decode_plane(BinkContext *c, GetBitContext *gb, int plane_idx, for (i = 0; i < BINK_NB_SRC; i++) read_bundle(gb, c, i); - ref_start = c->last.data[plane_idx]; - ref_end = c->last.data[plane_idx] + ref_start = c->last.data[plane_idx] ? c->last.data[plane_idx] + : c->pic.data[plane_idx]; + ref_end = ref_start + (bw - 1 + c->last.linesize[plane_idx] * (bh - 1)) * 8; for (i = 0; i < 64; i++) @@ -1003,7 +1004,8 @@ static int bink_decode_plane(BinkContext *c, GetBitContext *gb, int plane_idx, if (by == bh) break; dst = c->pic.data[plane_idx] + 8*by*stride; - prev = c->last.data[plane_idx] + 8*by*stride; + prev = (c->last.data[plane_idx] ? c->last.data[plane_idx] + : c->pic.data[plane_idx]) + 8*by*stride; for (bx = 0; bx < bw; bx++, dst += 8, prev += 8) { blk = get_value(c, BINK_SRC_BLOCK_TYPES); // 16x16 block type on odd line means part of the already decoded block, so skip it From 70727e16ca6840873145332bc16c0cfab1a3cdd5 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Tue, 27 Sep 2011 23:43:51 +0200 Subject: [PATCH 442/652] Check for out of bound writes in the wmavoice decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit e09ae22ab7d9af7f1cbfd2445fa71ad9e7c28ee3) --- libavcodec/wmavoice.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/wmavoice.c b/libavcodec/wmavoice.c index 002c529a30..6cefb9a84d 100644 --- a/libavcodec/wmavoice.c +++ b/libavcodec/wmavoice.c @@ -1880,6 +1880,8 @@ static void copy_bits(PutBitContext *pb, rmn_bits = rmn_bytes = get_bits_left(gb); if (rmn_bits < nbits) return; + if (nbits > pb->size_in_bits - put_bits_count(pb)) + return; rmn_bits &= 7; rmn_bytes >>= 3; if ((rmn_bits = FFMIN(rmn_bits, nbits)) > 0) put_bits(pb, rmn_bits, get_bits(gb, rmn_bits)); From 0a5e269f03cc812d0309ebe9c4ba5053a804635a Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Tue, 27 Sep 2011 23:43:52 +0200 Subject: [PATCH 443/652] Check for corrupted extra data in wmavoice decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit 61930119cbff7572ebe7ade6cd9268becbec37f4) --- libavcodec/wmavoice.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/libavcodec/wmavoice.c b/libavcodec/wmavoice.c index 6cefb9a84d..c343080b36 100644 --- a/libavcodec/wmavoice.c +++ b/libavcodec/wmavoice.c @@ -401,6 +401,10 @@ static av_cold int wmavoice_decode_init(AVCodecContext *ctx) s->min_pitch_val = ((ctx->sample_rate << 8) / 400 + 50) >> 8; s->max_pitch_val = ((ctx->sample_rate << 8) * 37 / 2000 + 50) >> 8; pitch_range = s->max_pitch_val - s->min_pitch_val; + if (pitch_range <= 0) { + av_log(ctx, AV_LOG_ERROR, "Invalid pitch range; broken extradata?\n"); + return -1; + } s->pitch_nbits = av_ceil_log2(pitch_range); s->last_pitch_val = 40; s->last_acb_type = ACB_TYPE_NONE; @@ -422,6 +426,10 @@ static av_cold int wmavoice_decode_init(AVCodecContext *ctx) s->block_conv_table[2] = (pitch_range * 44) >> 6; s->block_conv_table[3] = s->max_pitch_val - 1; s->block_delta_pitch_hrange = (pitch_range >> 3) & ~0xF; + if (s->block_delta_pitch_hrange <= 0) { + av_log(ctx, AV_LOG_ERROR, "Invalid delta pitch hrange; broken extradata?\n"); + return -1; + } s->block_delta_pitch_nbits = 1 + av_ceil_log2(s->block_delta_pitch_hrange); s->block_pitch_range = s->block_conv_table[2] + s->block_conv_table[3] + 1 + From 23197f546762e906837fb3293ce8243852b294dd Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Tue, 27 Sep 2011 23:43:53 +0200 Subject: [PATCH 444/652] Check for out of bounds reads in sun rasterfile decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit 039f3c33fffd2f4ae376b662ea4ec67c1d6a4c04) --- libavcodec/sunrast.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/libavcodec/sunrast.c b/libavcodec/sunrast.c index 558b0edd8f..7ab8e2c3f6 100644 --- a/libavcodec/sunrast.c +++ b/libavcodec/sunrast.c @@ -46,6 +46,7 @@ static av_cold int sunrast_init(AVCodecContext *avctx) { static int sunrast_decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPacket *avpkt) { const uint8_t *buf = avpkt->data; + const uint8_t *buf_end = avpkt->data + avpkt->size; SUNRASTContext * const s = avctx->priv_data; AVFrame *picture = data; AVFrame * const p = &s->picture; @@ -53,6 +54,9 @@ static int sunrast_decode_frame(AVCodecContext *avctx, void *data, uint8_t *ptr; const uint8_t *bufstart = buf; + if (avpkt->size < 32) + return AVERROR_INVALIDDATA; + if (AV_RB32(buf) != 0x59a66a95) { av_log(avctx, AV_LOG_ERROR, "this is not sunras encoded data\n"); return -1; @@ -109,6 +113,9 @@ static int sunrast_decode_frame(AVCodecContext *avctx, void *data, p->pict_type = AV_PICTURE_TYPE_I; + if (buf_end - buf < maplength) + return AVERROR_INVALIDDATA; + if (depth != 8 && maplength) { av_log(avctx, AV_LOG_WARNING, "useless colormap found or file is corrupted, trying to recover\n"); @@ -143,8 +150,11 @@ static int sunrast_decode_frame(AVCodecContext *avctx, void *data, uint8_t *end = ptr + h*stride; x = 0; - while (ptr != end) { + while (ptr != end && buf < buf_end) { run = 1; + if (buf_end - buf < 1) + return AVERROR_INVALIDDATA; + if ((value = *buf++) == 0x80) { run = *buf++ + 1; if (run != 1) @@ -163,6 +173,8 @@ static int sunrast_decode_frame(AVCodecContext *avctx, void *data, } } else { for (y=0; y Date: Tue, 27 Sep 2011 23:43:57 +0200 Subject: [PATCH 445/652] Prevent NULL dereferences when missing the reference frame in the xan decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit 19e95b88459e879d3e67a66350d937c32ed762ca) --- libavcodec/xan.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/xan.c b/libavcodec/xan.c index 357593bf2d..404f4d10c6 100644 --- a/libavcodec/xan.c +++ b/libavcodec/xan.c @@ -222,6 +222,8 @@ static inline void xan_wc3_copy_pixel_run(XanContext *s, palette_plane = s->current_frame.data[0]; prev_palette_plane = s->last_frame.data[0]; + if (!prev_palette_plane) + prev_palette_plane = palette_plane; stride = s->current_frame.linesize[0]; line_inc = stride - width; curframe_index = y * stride + x; From df0d418ce0efd2d59c60518c4b09995948bd5faf Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Tue, 27 Sep 2011 21:24:03 +0200 Subject: [PATCH 446/652] Check for invalid/corrupted bitstream in sun raster decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit b9596a503760ccbd82ca3c03d1c0d5b9449be12b) --- libavcodec/sunrast.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/libavcodec/sunrast.c b/libavcodec/sunrast.c index 7ab8e2c3f6..209d2c0ad3 100644 --- a/libavcodec/sunrast.c +++ b/libavcodec/sunrast.c @@ -68,13 +68,14 @@ static int sunrast_decode_frame(AVCodecContext *avctx, void *data, type = AV_RB32(buf+20); maptype = AV_RB32(buf+24); maplength = AV_RB32(buf+28); + buf += 32; - if (type == RT_FORMAT_TIFF || type == RT_FORMAT_IFF) { - av_log(avctx, AV_LOG_ERROR, "unsupported (compression) type\n"); + if (type < RT_OLD || type > RT_FORMAT_IFF) { + av_log(avctx, AV_LOG_ERROR, "invalid (compression) type\n"); return -1; } - if (type > RT_FORMAT_IFF) { - av_log(avctx, AV_LOG_ERROR, "invalid (compression) type\n"); + if (av_image_check_size(w, h, 0, avctx)) { + av_log(avctx, AV_LOG_ERROR, "invalid image size\n"); return -1; } if (maptype & ~1) { @@ -82,7 +83,10 @@ static int sunrast_decode_frame(AVCodecContext *avctx, void *data, return -1; } - buf += 32; + if (type == RT_FORMAT_TIFF || type == RT_FORMAT_IFF) { + av_log(avctx, AV_LOG_ERROR, "unsupported (compression) type\n"); + return -1; + } switch (depth) { case 1: @@ -102,8 +106,6 @@ static int sunrast_decode_frame(AVCodecContext *avctx, void *data, if (p->data[0]) avctx->release_buffer(avctx, p); - if (av_image_check_size(w, h, 0, avctx)) - return -1; if (w != avctx->width || h != avctx->height) avcodec_set_dimensions(avctx, w, h); if (avctx->get_buffer(avctx, p) < 0) { From 03a4b489f10c2ed3cb004e1d0bbe9515ebf0e586 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Tue, 27 Sep 2011 23:53:47 +0200 Subject: [PATCH 447/652] Prevent out of bound accesses in the xan decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit feca3ba053499e0d38f48910cef9bc431036956f) --- libavcodec/xan.c | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/libavcodec/xan.c b/libavcodec/xan.c index 404f4d10c6..141fccae77 100644 --- a/libavcodec/xan.c +++ b/libavcodec/xan.c @@ -220,6 +220,10 @@ static inline void xan_wc3_copy_pixel_run(XanContext *s, int width = s->avctx->width; unsigned char *palette_plane, *prev_palette_plane; + if ( y + motion_y < 0 || y + motion_y >= s->avctx->height || + x + motion_x < 0 || x + motion_x >= s->avctx->width) + return; + palette_plane = s->current_frame.data[0]; prev_palette_plane = s->last_frame.data[0]; if (!prev_palette_plane) @@ -230,7 +234,9 @@ static inline void xan_wc3_copy_pixel_run(XanContext *s, curframe_x = x; prevframe_index = (y + motion_y) * stride + x + motion_x; prevframe_x = x + motion_x; - while(pixel_count && (curframe_index < s->frame_size)) { + while(pixel_count && + curframe_index < s->frame_size && + prevframe_index < s->frame_size) { int count = FFMIN3(pixel_count, width - curframe_x, width - prevframe_x); memcpy(palette_plane + curframe_index, prev_palette_plane + prevframe_index, count); @@ -264,6 +270,7 @@ static int xan_wc3_decode_frame(XanContext *s) { int x, y; unsigned char *opcode_buffer = s->buffer1; + unsigned char *opcode_buffer_end = s->buffer1 + s->buffer1_size; int opcode_buffer_size = s->buffer1_size; const unsigned char *imagedata_buffer = s->buffer2; @@ -272,7 +279,7 @@ static int xan_wc3_decode_frame(XanContext *s) { const unsigned char *size_segment; const unsigned char *vector_segment; const unsigned char *imagedata_segment; - int huffman_offset, size_offset, vector_offset, imagedata_offset; + int huffman_offset, size_offset, vector_offset, imagedata_offset, imagedata_size; if (s->size < 8) return AVERROR_INVALIDDATA; @@ -297,14 +304,17 @@ static int xan_wc3_decode_frame(XanContext *s) { huffman_segment, s->size - huffman_offset) < 0) return AVERROR_INVALIDDATA; - if (imagedata_segment[0] == 2) + if (imagedata_segment[0] == 2) { xan_unpack(s->buffer2, &imagedata_segment[1], s->buffer2_size); - else + imagedata_size = s->buffer2_size; + } else { + imagedata_size = s->size - imagedata_offset - 1; imagedata_buffer = &imagedata_segment[1]; + } /* use the decoded data segments to build the frame */ x = y = 0; - while (total_pixels) { + while (total_pixels && opcode_buffer < opcode_buffer_end) { opcode = *opcode_buffer++; size = 0; @@ -353,6 +363,8 @@ static int xan_wc3_decode_frame(XanContext *s) { size_segment += 3; break; } + if (size > total_pixels) + break; if (opcode < 12) { flag ^= 1; @@ -361,8 +373,11 @@ static int xan_wc3_decode_frame(XanContext *s) { xan_wc3_copy_pixel_run(s, x, y, size, 0, 0); } else { /* output a run of pixels from imagedata_buffer */ + if (imagedata_size < size) + break; xan_wc3_output_pixel_run(s, imagedata_buffer, x, y, size); imagedata_buffer += size; + imagedata_size -= size; } } else { /* run-based motion compensation from last frame */ From fa816e01f401585bcd06e0c3785a8e2270cf37fd Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Tue, 27 Sep 2011 22:05:15 +0200 Subject: [PATCH 448/652] Check for out of bound reads in the flic decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit 1f024b882094b26c85e87698faa002b8713b5f88) --- libavcodec/flicvideo.c | 44 ++++++++++++++++++++++++++++-------------- 1 file changed, 29 insertions(+), 15 deletions(-) diff --git a/libavcodec/flicvideo.c b/libavcodec/flicvideo.c index 8cc72e241e..2055596503 100644 --- a/libavcodec/flicvideo.c +++ b/libavcodec/flicvideo.c @@ -132,7 +132,6 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, FlicDecodeContext *s = avctx->priv_data; int stream_ptr = 0; - int stream_ptr_after_color_chunk; int pixel_ptr; int palette_ptr; unsigned char palette_idx1; @@ -172,7 +171,11 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, pixels = s->frame.data[0]; pixel_limit = s->avctx->height * s->frame.linesize[0]; + if (buf_size < 16 || buf_size > INT_MAX - (3 * 256 + FF_INPUT_BUFFER_PADDING_SIZE)) + return AVERROR_INVALIDDATA; frame_size = AV_RL32(&buf[stream_ptr]); + if (frame_size > buf_size) + frame_size = buf_size; stream_ptr += 6; /* skip the magic number */ num_chunks = AV_RL16(&buf[stream_ptr]); stream_ptr += 10; /* skip padding */ @@ -180,13 +183,16 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, frame_size -= 16; /* iterate through the chunks */ - while ((frame_size > 0) && (num_chunks > 0)) { + while ((frame_size >= 6) && (num_chunks > 0)) { + int stream_ptr_after_chunk; chunk_size = AV_RL32(&buf[stream_ptr]); if (chunk_size > frame_size) { av_log(avctx, AV_LOG_WARNING, "Invalid chunk_size = %u > frame_size = %u\n", chunk_size, frame_size); chunk_size = frame_size; } + stream_ptr_after_chunk = stream_ptr + chunk_size; + stream_ptr += 4; chunk_type = AV_RL16(&buf[stream_ptr]); stream_ptr += 2; @@ -194,8 +200,6 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, switch (chunk_type) { case FLI_256_COLOR: case FLI_COLOR: - stream_ptr_after_color_chunk = stream_ptr + chunk_size - 6; - /* check special case: If this file is from the Magic Carpet * game and uses 6-bit colors even though it reports 256-color * chunks in a 0xAF12-type file (fli_type is set to 0xAF13 during @@ -219,6 +223,9 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, if (color_changes == 0) color_changes = 256; + if (stream_ptr + color_changes * 3 > stream_ptr_after_chunk) + break; + for (j = 0; j < color_changes; j++) { unsigned int entry; @@ -235,13 +242,6 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, s->palette[palette_ptr++] = entry; } } - - /* color chunks sometimes have weird 16-bit alignment issues; - * therefore, take the hardline approach and set the stream_ptr - * to the value calculated w.r.t. the size specified by the color - * chunk header */ - stream_ptr = stream_ptr_after_color_chunk; - break; case FLI_DELTA: @@ -249,6 +249,8 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, compressed_lines = AV_RL16(&buf[stream_ptr]); stream_ptr += 2; while (compressed_lines > 0) { + if (stream_ptr + 2 > stream_ptr_after_chunk) + break; line_packets = AV_RL16(&buf[stream_ptr]); stream_ptr += 2; if ((line_packets & 0xC000) == 0xC000) { @@ -268,6 +270,8 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, CHECK_PIXEL_PTR(0); pixel_countdown = s->avctx->width; for (i = 0; i < line_packets; i++) { + if (stream_ptr + 2 > stream_ptr_after_chunk) + break; /* account for the skip bytes */ pixel_skip = buf[stream_ptr++]; pixel_ptr += pixel_skip; @@ -284,6 +288,8 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, } } else { CHECK_PIXEL_PTR(byte_run * 2); + if (stream_ptr + byte_run * 2 > stream_ptr_after_chunk) + break; for (j = 0; j < byte_run * 2; j++, pixel_countdown--) { palette_idx1 = buf[stream_ptr++]; pixels[pixel_ptr++] = palette_idx1; @@ -310,6 +316,8 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, CHECK_PIXEL_PTR(0); pixel_countdown = s->avctx->width; line_packets = buf[stream_ptr++]; + if (stream_ptr + 2 * line_packets > stream_ptr_after_chunk) + break; if (line_packets > 0) { for (i = 0; i < line_packets; i++) { /* account for the skip bytes */ @@ -319,6 +327,8 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, byte_run = (signed char)(buf[stream_ptr++]); if (byte_run > 0) { CHECK_PIXEL_PTR(byte_run); + if (stream_ptr + byte_run > stream_ptr_after_chunk) + break; for (j = 0; j < byte_run; j++, pixel_countdown--) { palette_idx1 = buf[stream_ptr++]; pixels[pixel_ptr++] = palette_idx1; @@ -356,6 +366,8 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, stream_ptr++; pixel_countdown = s->avctx->width; while (pixel_countdown > 0) { + if (stream_ptr + 1 > stream_ptr_after_chunk) + break; byte_run = (signed char)(buf[stream_ptr++]); if (byte_run > 0) { palette_idx1 = buf[stream_ptr++]; @@ -370,6 +382,8 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, } else { /* copy bytes if byte_run < 0 */ byte_run = -byte_run; CHECK_PIXEL_PTR(byte_run); + if (stream_ptr + byte_run > stream_ptr_after_chunk) + break; for (j = 0; j < byte_run; j++) { palette_idx1 = buf[stream_ptr++]; pixels[pixel_ptr++] = palette_idx1; @@ -387,10 +401,9 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, case FLI_COPY: /* copy the chunk (uncompressed frame) */ - if (chunk_size - 6 > s->avctx->width * s->avctx->height) { + if (chunk_size - 6 != s->avctx->width * s->avctx->height) { av_log(avctx, AV_LOG_ERROR, "In chunk FLI_COPY : source data (%d bytes) " \ - "bigger than image, skipping chunk\n", chunk_size - 6); - stream_ptr += chunk_size - 6; + "has incorrect size, skipping chunk\n", chunk_size - 6); } else { for (y_ptr = 0; y_ptr < s->frame.linesize[0] * s->avctx->height; y_ptr += s->frame.linesize[0]) { @@ -403,7 +416,6 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, case FLI_MINI: /* some sort of a thumbnail? disregard this chunk... */ - stream_ptr += chunk_size - 6; break; default: @@ -411,6 +423,8 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, break; } + stream_ptr = stream_ptr_after_chunk; + frame_size -= chunk_size; num_chunks--; } From 651e21f584d92709d58242dcad49b238e54dfdd5 Mon Sep 17 00:00:00 2001 From: Nicolas George Date: Sun, 20 Mar 2011 19:39:20 +0100 Subject: [PATCH 449/652] Introduce av_size_mult. av_size_mult helps checking for overflow when computing the size of a memory area. Signed-off-by: Nicolas George Signed-off-by: Michael Niedermayer (cherry picked from commit b2600509fef4d77645491f208b8113c372a32110) --- libavutil/mem.h | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/libavutil/mem.h b/libavutil/mem.h index be8a8bf222..241b453257 100644 --- a/libavutil/mem.h +++ b/libavutil/mem.h @@ -27,6 +27,7 @@ #define AVUTIL_MEM_H #include "attributes.h" +#include "error.h" #include "avutil.h" #if defined(__INTEL_COMPILER) && __INTEL_COMPILER < 1110 || defined(__SUNPRO_C) @@ -144,4 +145,19 @@ void av_freep(void *ptr); */ void av_dynarray_add(void *tab_ptr, int *nb_ptr, void *elem); +/** + * Multiply two size_t values checking for overflow. + * @return 0 if success, AVERROR(EINVAL) if overflow. + */ +static inline int av_size_mult(size_t a, size_t b, size_t *r) +{ + size_t t = a * b; + /* Hack inspired from glibc: only try the division if nelem and elsize + * are both greater than sqrt(SIZE_MAX). */ + if ((a | b) >= ((size_t)1 << (sizeof(size_t) * 4)) && a && t / a != b) + return AVERROR(EINVAL); + *r = t; + return 0; +} + #endif /* AVUTIL_MEM_H */ From a75b5a89d11b80e89bb2ff723cfcc270480dc06d Mon Sep 17 00:00:00 2001 From: Nicolas George Date: Sun, 20 Mar 2011 19:39:20 +0100 Subject: [PATCH 450/652] Introduce av_realloc_f. av_realloc_f helps avoiding memory-leaks in typical uses of realloc. Signed-off-by: Nicolas George Signed-off-by: Michael Niedermayer (cherry picked from commit 5cd754bca290775ec2dbbf88597ab58e0482efca) --- libavutil/mem.c | 15 +++++++++++++++ libavutil/mem.h | 10 ++++++++++ 2 files changed, 25 insertions(+) diff --git a/libavutil/mem.c b/libavutil/mem.c index 44bfc8c34d..a58f432a2c 100644 --- a/libavutil/mem.c +++ b/libavutil/mem.c @@ -143,6 +143,21 @@ void *av_realloc(void *ptr, size_t size) #endif } +void *av_realloc_f(void *ptr, size_t nelem, size_t elsize) +{ + size_t size; + void *r; + + if (av_size_mult(elsize, nelem, &size)) { + av_free(ptr); + return NULL; + } + r = av_realloc(ptr, size); + if (!r && size) + av_free(ptr); + return r; +} + void av_free(void *ptr) { #if CONFIG_MEMALIGN_HACK diff --git a/libavutil/mem.h b/libavutil/mem.h index 241b453257..d3e82b2ace 100644 --- a/libavutil/mem.h +++ b/libavutil/mem.h @@ -87,6 +87,16 @@ void *av_malloc(size_t size) av_malloc_attrib av_alloc_size(1); */ void *av_realloc(void *ptr, size_t size) av_alloc_size(2); +/** + * Allocate or reallocate a block of memory. + * This function does the same thing as av_realloc, except: + * - It takes two arguments and checks the result of the multiplication for + * integer overflow. + * - It frees the input block in case of failure, thus avoiding the memory + * leak with the classic "buf = realloc(buf); if (!buf) return -1;". + */ +void *av_realloc_f(void *ptr, size_t nelem, size_t elsize); + /** * Free a memory block which has been allocated with av_malloc(z)() or * av_realloc(). From bbb191c721d7104e4fcc77b45856cc9d585b0636 Mon Sep 17 00:00:00 2001 From: Nicolas George Date: Wed, 28 Sep 2011 17:16:11 +0200 Subject: [PATCH 451/652] bitstream: Replace av_realloc by av_realloc_f when relevant. Signed-off-by: Nicolas George Signed-off-by: Michael Niedermayer (cherry picked from commit 198ed6474d603f930430067b8b56955d443e821c) --- libavcodec/bitstream.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/bitstream.c b/libavcodec/bitstream.c index f0fa9652c6..e2a3d56d05 100644 --- a/libavcodec/bitstream.c +++ b/libavcodec/bitstream.c @@ -109,8 +109,8 @@ static int alloc_table(VLC *vlc, int size, int use_static) if(use_static) abort(); //cant do anything, init_vlc() is used with too little memory vlc->table_allocated += (1 << vlc->bits); - vlc->table = av_realloc(vlc->table, - sizeof(VLC_TYPE) * 2 * vlc->table_allocated); + vlc->table = av_realloc_f(vlc->table, + vlc->table_allocated, sizeof(VLC_TYPE) * 2); if (!vlc->table) return -1; } From acfe2c9154899b678c7638e3e247ba188cb18cfa Mon Sep 17 00:00:00 2001 From: Nicolas George Date: Wed, 28 Sep 2011 17:16:11 +0200 Subject: [PATCH 452/652] libvpxenc: Replace av_realloc by av_realloc_f when relevant. Signed-off-by: Nicolas George Signed-off-by: Michael Niedermayer (cherry picked from commit 769298a6869c3b16557280a63f6502409d1b5e49) --- libavcodec/libvpxenc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/libvpxenc.c b/libavcodec/libvpxenc.c index ac1b79fcc7..990badb87b 100644 --- a/libavcodec/libvpxenc.c +++ b/libavcodec/libvpxenc.c @@ -481,8 +481,8 @@ static int queue_frames(AVCodecContext *avctx, uint8_t *buf, int buf_size, break; case VPX_CODEC_STATS_PKT: { struct vpx_fixed_buf *stats = &ctx->twopass_stats; - stats->buf = av_realloc(stats->buf, - stats->sz + pkt->data.twopass_stats.sz); + stats->buf = av_realloc_f(stats->buf, 1, + stats->sz + pkt->data.twopass_stats.sz); if (!stats->buf) { av_log(avctx, AV_LOG_ERROR, "Stat buffer realloc failed\n"); return AVERROR(ENOMEM); From 2a934e87b18030ac0b94d1761048a5d5aa9d5ed9 Mon Sep 17 00:00:00 2001 From: Nicolas George Date: Wed, 28 Sep 2011 17:16:11 +0200 Subject: [PATCH 453/652] 4xm: Replace av_realloc by av_realloc_f when relevant. Signed-off-by: Nicolas George Signed-off-by: Michael Niedermayer (cherry picked from commit 0cc44facf17153454727c26f2f40ee2f77b90df5) --- libavformat/4xm.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavformat/4xm.c b/libavformat/4xm.c index 0b79c761a5..0a314dc089 100644 --- a/libavformat/4xm.c +++ b/libavformat/4xm.c @@ -173,8 +173,9 @@ static int fourxm_read_header(AVFormatContext *s, } if (current_track + 1 > fourxm->track_count) { fourxm->track_count = current_track + 1; - fourxm->tracks = av_realloc(fourxm->tracks, - fourxm->track_count * sizeof(AudioTrack)); + fourxm->tracks = av_realloc_f(fourxm->tracks, + sizeof(AudioTrack), + fourxm->track_count); if (!fourxm->tracks) { ret= AVERROR(ENOMEM); goto fail; From 1537f86a9347ec7c17cb4be0d6657c583d316d40 Mon Sep 17 00:00:00 2001 From: Nicolas George Date: Wed, 28 Sep 2011 17:16:11 +0200 Subject: [PATCH 454/652] avidec: Replace av_realloc by av_realloc_f when relevant. Signed-off-by: Nicolas George Signed-off-by: Michael Niedermayer (cherry picked from commit 71e23d39a396f45bbdf258735b02a4bd5e25fd49) --- libavformat/avidec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/avidec.c b/libavformat/avidec.c index 6fedaf7f8e..7394bbc3a8 100644 --- a/libavformat/avidec.c +++ b/libavformat/avidec.c @@ -639,7 +639,7 @@ static int avi_read_header(AVFormatContext *s, AVFormatParameters *ap) if(st->codec->codec_tag==0 && st->codec->height > 0 && st->codec->extradata_size < 1U<<30){ st->codec->extradata_size+= 9; - st->codec->extradata= av_realloc(st->codec->extradata, st->codec->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE); + st->codec->extradata= av_realloc_f(st->codec->extradata, 1, st->codec->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE); if(st->codec->extradata) memcpy(st->codec->extradata + st->codec->extradata_size - 9, "BottomUp", 9); } From 7bc9c32573ab482d44f62bc08f9e508c81adae33 Mon Sep 17 00:00:00 2001 From: Nicolas George Date: Wed, 28 Sep 2011 17:16:11 +0200 Subject: [PATCH 455/652] avienc: Replace av_realloc by av_realloc_f when relevant. Signed-off-by: Nicolas George Signed-off-by: Michael Niedermayer (cherry picked from commit e47cfe9e5c10eee3c8d0b6aff81792c0f10e66e1) --- libavformat/avienc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/avienc.c b/libavformat/avienc.c index 8a53bb53d3..deff1c8d20 100644 --- a/libavformat/avienc.c +++ b/libavformat/avienc.c @@ -558,7 +558,7 @@ static int avi_write_packet(AVFormatContext *s, AVPacket *pkt) int cl = idx->entry / AVI_INDEX_CLUSTER_SIZE; int id = idx->entry % AVI_INDEX_CLUSTER_SIZE; if (idx->ents_allocated <= idx->entry) { - idx->cluster = av_realloc(idx->cluster, (cl+1)*sizeof(void*)); + idx->cluster = av_realloc_f(idx->cluster, sizeof(void*), cl+1); if (!idx->cluster) return -1; idx->cluster[cl] = av_malloc(AVI_INDEX_CLUSTER_SIZE*sizeof(AVIIentry)); From 431937883f5d10b461fd8c6ee5a11abc7af8c9b2 Mon Sep 17 00:00:00 2001 From: Nicolas George Date: Wed, 28 Sep 2011 17:16:11 +0200 Subject: [PATCH 456/652] aviobuf: Replace av_realloc by av_realloc_f when relevant. Signed-off-by: Nicolas George Signed-off-by: Michael Niedermayer (cherry picked from commit 247a1dc84716cb033b538a5bd5ba8b33de0e8260) --- libavformat/aviobuf.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavformat/aviobuf.c b/libavformat/aviobuf.c index aad0240d53..c6a67c3acc 100644 --- a/libavformat/aviobuf.c +++ b/libavformat/aviobuf.c @@ -921,7 +921,7 @@ int ffio_rewind_with_probe_data(AVIOContext *s, unsigned char *buf, int buf_size alloc_size = FFMAX(s->buffer_size, new_size); if (alloc_size > buf_size) - if (!(buf = av_realloc(buf, alloc_size))) + if (!(buf = av_realloc_f(buf, 1, alloc_size))) return AVERROR(ENOMEM); if (new_size > buf_size) { @@ -1090,7 +1090,7 @@ static int dyn_buf_write(void *opaque, uint8_t *buf, int buf_size) } if (new_allocated_size > d->allocated_size) { - d->buffer = av_realloc(d->buffer, new_allocated_size); + d->buffer = av_realloc_f(d->buffer, 1, new_allocated_size); if(d->buffer == NULL) return AVERROR(ENOMEM); d->allocated_size = new_allocated_size; From cfff8db7298e31bc4322af1f1de6fe142d2abd90 Mon Sep 17 00:00:00 2001 From: Nicolas George Date: Wed, 28 Sep 2011 17:16:11 +0200 Subject: [PATCH 457/652] gxfenc: Replace av_realloc by av_realloc_f when relevant. Signed-off-by: Nicolas George Signed-off-by: Michael Niedermayer (cherry picked from commit af84d9bb9e8a69a715fc7596d6cbaa00ad00dc29) --- libavformat/gxfenc.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/libavformat/gxfenc.c b/libavformat/gxfenc.c index 3f7d7851f7..36e2c91ef6 100644 --- a/libavformat/gxfenc.c +++ b/libavformat/gxfenc.c @@ -340,8 +340,9 @@ static int gxf_write_map_packet(AVFormatContext *s, int rewrite) if (!rewrite) { if (!(gxf->map_offsets_nb % 30)) { - gxf->map_offsets = av_realloc(gxf->map_offsets, - (gxf->map_offsets_nb+30)*sizeof(*gxf->map_offsets)); + gxf->map_offsets = av_realloc_f(gxf->map_offsets, + sizeof(*gxf->map_offsets), + gxf->map_offsets_nb+30); if (!gxf->map_offsets) { av_log(s, AV_LOG_ERROR, "could not realloc map offsets\n"); return -1; @@ -876,8 +877,9 @@ static int gxf_write_packet(AVFormatContext *s, AVPacket *pkt) if (st->codec->codec_type == AVMEDIA_TYPE_VIDEO) { if (!(gxf->flt_entries_nb % 500)) { - gxf->flt_entries = av_realloc(gxf->flt_entries, - (gxf->flt_entries_nb+500)*sizeof(*gxf->flt_entries)); + gxf->flt_entries = av_realloc_f(gxf->flt_entries, + sizeof(*gxf->flt_entries), + gxf->flt_entries_nb+500); if (!gxf->flt_entries) { av_log(s, AV_LOG_ERROR, "could not reallocate flt entries\n"); return -1; From 17b6abab50a42f1b81b8ae2207f86f2c76564380 Mon Sep 17 00:00:00 2001 From: Nicolas George Date: Wed, 28 Sep 2011 17:16:11 +0200 Subject: [PATCH 458/652] movenc: Replace av_realloc by av_realloc_f when relevant. Signed-off-by: Nicolas George Signed-off-by: Michael Niedermayer (cherry picked from commit 194c2432eecd97c36914956f3bf7781ac4fc6f3d) --- libavformat/movenc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/movenc.c b/libavformat/movenc.c index 463dd5b601..076f2e3c69 100644 --- a/libavformat/movenc.c +++ b/libavformat/movenc.c @@ -2058,7 +2058,7 @@ int ff_mov_write_packet(AVFormatContext *s, AVPacket *pkt) } if (!(trk->entry % MOV_INDEX_CLUSTER_SIZE)) { - trk->cluster = av_realloc(trk->cluster, (trk->entry + MOV_INDEX_CLUSTER_SIZE) * sizeof(*trk->cluster)); + trk->cluster = av_realloc_f(trk->cluster, sizeof(*trk->cluster), (trk->entry + MOV_INDEX_CLUSTER_SIZE)); if (!trk->cluster) return -1; } From 485b4317bba908f58ffa62181000c6180c31f698 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Thu, 29 Sep 2011 01:04:49 +0200 Subject: [PATCH 459/652] Fixed out of bound accesses in xan_unpack() of the xan decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit 5279141c1d7a72c467b7e0666fc2275cbcec4668) --- libavcodec/xan.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/libavcodec/xan.c b/libavcodec/xan.c index 141fccae77..52f3a3f64a 100644 --- a/libavcodec/xan.c +++ b/libavcodec/xan.c @@ -132,13 +132,16 @@ static int xan_huffman_decode(unsigned char *dest, int dest_len, * * @param dest destination buffer of dest_len, must be padded with at least 130 bytes */ -static void xan_unpack(unsigned char *dest, const unsigned char *src, int dest_len) +static void xan_unpack(unsigned char *dest, int dest_len, + const unsigned char *src, int src_len) { unsigned char opcode; int size; + unsigned char *dest_org = dest; unsigned char *dest_end = dest + dest_len; + const unsigned char *src_end = src + src_len; - while (dest < dest_end) { + while (dest < dest_end && src < src_end) { opcode = *src++; if (opcode < 0xe0) { @@ -163,9 +166,11 @@ static void xan_unpack(unsigned char *dest, const unsigned char *src, int dest_l back = ((opcode & 0x10) << 12) + bytestream_get_be16(&src) + 1; size2 = ((opcode & 0x0c) << 6) + *src++ + 5; - if (size + size2 > dest_end - dest) - return; } + if (dest_end - dest < size + size2 || + dest + size - dest_org < back || + src_end - src < size) + return; memcpy(dest, src, size); dest += size; src += size; av_memcpy_backptr(dest, back, size2); dest += size2; @@ -173,6 +178,8 @@ static void xan_unpack(unsigned char *dest, const unsigned char *src, int dest_l int finish = opcode >= 0xfc; size = finish ? opcode & 3 : ((opcode & 0x1f) << 2) + 4; + if (dest_end - dest < size || src_end - src < size) + return; memcpy(dest, src, size); dest += size; src += size; if (finish) return; @@ -305,7 +312,8 @@ static int xan_wc3_decode_frame(XanContext *s) { return AVERROR_INVALIDDATA; if (imagedata_segment[0] == 2) { - xan_unpack(s->buffer2, &imagedata_segment[1], s->buffer2_size); + xan_unpack(s->buffer2, s->buffer2_size, + &imagedata_segment[1], s->size - imagedata_offset - 1); imagedata_size = s->buffer2_size; } else { imagedata_size = s->size - imagedata_offset - 1; From 14617fa7b8e688f5688d3679c906c8cb75ff42ed Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Thu, 29 Sep 2011 01:04:51 +0200 Subject: [PATCH 460/652] Prevent NULL dereference when the palette is missing in the xan decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit 56ee5a9ad1b385129c40ba4773f99bc5943ae8af) --- libavcodec/xan.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/xan.c b/libavcodec/xan.c index 52f3a3f64a..b90353967d 100644 --- a/libavcodec/xan.c +++ b/libavcodec/xan.c @@ -552,6 +552,9 @@ static int xan_decode_frame(AVCodecContext *avctx, } buf_size = buf_end - buf; } + if (s->palettes_count <= 0) + return AVERROR_INVALIDDATA; + if ((ret = avctx->get_buffer(avctx, &s->current_frame))) { av_log(s->avctx, AV_LOG_ERROR, "get_buffer() failed\n"); return ret; From f8eabfc16ed260ae33bd2c15c240eaf2129dba47 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Thu, 29 Sep 2011 01:04:52 +0200 Subject: [PATCH 461/652] Prevent calling init_vlc() with invalid parameters in motionpixels decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit 41b7389cade702383e59343561776f83bb26e17f) --- libavcodec/motionpixels.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/motionpixels.c b/libavcodec/motionpixels.c index b18efa6b9c..4bd83cb2ae 100644 --- a/libavcodec/motionpixels.c +++ b/libavcodec/motionpixels.c @@ -279,6 +279,8 @@ static int mp_decode_frame(AVCodecContext *avctx, if (sz == 0) goto end; + if (mp->max_codes_bits <= 0) + goto end; if (init_vlc(&mp->vlc, mp->max_codes_bits, mp->codes_count, &mp->codes[0].size, sizeof(HuffCode), 1, &mp->codes[0].code, sizeof(HuffCode), 4, 0)) goto end; mp_decode_frame_helper(mp, &gb); From dc9b708f4d79162771d893532fe35159fad0c21d Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Thu, 29 Sep 2011 01:04:53 +0200 Subject: [PATCH 462/652] Check for out of bound reads in jpeg 2000 decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit 02660a871301adada14b0e0fe64c66f73c2e4541) --- libavcodec/j2kdec.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/libavcodec/j2kdec.c b/libavcodec/j2kdec.c index 73af6a73df..96b4f64098 100644 --- a/libavcodec/j2kdec.c +++ b/libavcodec/j2kdec.c @@ -961,18 +961,20 @@ static int decode_codestream(J2kDecoderContext *s) static int jp2_find_codestream(J2kDecoderContext *s) { - int32_t atom_size; + uint32_t atom_size; int found_codestream = 0, search_range = 10; // skip jpeg2k signature atom s->buf += 12; - while(!found_codestream && search_range) { + while(!found_codestream && search_range && s->buf_end - s->buf >= 8) { atom_size = AV_RB32(s->buf); if(AV_RB32(s->buf + 4) == JP2_CODESTREAM) { found_codestream = 1; s->buf += 8; } else { + if (s->buf_end - s->buf < atom_size) + return 0; s->buf += atom_size; search_range--; } @@ -1005,7 +1007,8 @@ static int decode_frame(AVCodecContext *avctx, return AVERROR(EINVAL); // check if the image is in jp2 format - if((AV_RB32(s->buf) == 12) && (AV_RB32(s->buf + 4) == JP2_SIG_TYPE) && + if(s->buf_end - s->buf >= 12 && + (AV_RB32(s->buf) == 12) && (AV_RB32(s->buf + 4) == JP2_SIG_TYPE) && (AV_RB32(s->buf + 8) == JP2_SIG_VALUE)) { if(!jp2_find_codestream(s)) { av_log(avctx, AV_LOG_ERROR, "couldn't find jpeg2k codestream atom\n"); From d414c77ded5e8896e3a63dbdbd09bd96e70fbf6e Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Thu, 29 Sep 2011 01:04:54 +0200 Subject: [PATCH 463/652] Check for unsupported parameters in ff_j2k_dwt_init() Signed-off-by: Michael Niedermayer (cherry picked from commit b4483a531a139f304f4370f470325facb107202f) --- libavcodec/j2k_dwt.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/j2k_dwt.c b/libavcodec/j2k_dwt.c index 9ba770ad83..ab7a1ab757 100644 --- a/libavcodec/j2k_dwt.c +++ b/libavcodec/j2k_dwt.c @@ -321,6 +321,8 @@ int ff_j2k_dwt_init(DWTContext *s, uint16_t border[2][2], int decomp_levels, int int i, j, lev = decomp_levels, maxlen, b[2][2]; + if (decomp_levels >= FF_DWT_MAX_DECLVLS) + return AVERROR_INVALIDDATA; s->ndeclevels = decomp_levels; s->type = type; From d155fdefb88ac45d90600252cd2348d3d6d2cf36 Mon Sep 17 00:00:00 2001 From: Stefano Sabatini Date: Fri, 12 Aug 2011 08:42:35 +0200 Subject: [PATCH 464/652] vf_unsharp: fix out-of-buffer read In apply_unsharp(), when y is >= height, prevent out-of-buffer reading from src, read from the last buffer line in src2 instead. The check was implemented in the original unsharp libmpcodecs code and lost in the port. This also fixes output discrepancy between the two filters. Signed-off-by: Anton Khirnov (cherry picked from commit 998e8519efbc772994c5ba19c0d39573998be9db) --- libavfilter/vf_unsharp.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libavfilter/vf_unsharp.c b/libavfilter/vf_unsharp.c index 3542ca3eac..2bc090f26a 100644 --- a/libavfilter/vf_unsharp.c +++ b/libavfilter/vf_unsharp.c @@ -70,6 +70,7 @@ static void unsharpen(uint8_t *dst, const uint8_t *src, int dst_stride, int src_ int32_t res; int x, y, z; + const uint8_t *src2; if (!fp->amount) { if (dst_stride == src_stride) @@ -84,9 +85,12 @@ static void unsharpen(uint8_t *dst, const uint8_t *src, int dst_stride, int src_ memset(sc[y], 0, sizeof(sc[y][0]) * (width + 2 * fp->steps_x)); for (y = -fp->steps_y; y < height + fp->steps_y; y++) { + if (y < height) + src2 = src; + memset(sr, 0, sizeof(sr[0]) * (2 * fp->steps_x - 1)); for (x = -fp->steps_x; x < width + fp->steps_x; x++) { - tmp1 = x <= 0 ? src[0] : x >= width ? src[width-1] : src[x]; + tmp1 = x <= 0 ? src2[0] : x >= width ? src2[width-1] : src2[x]; for (z = 0; z < fp->steps_x * 2; z += 2) { tmp2 = sr[z + 0] + tmp1; sr[z + 0] = tmp1; tmp1 = sr[z + 1] + tmp2; sr[z + 1] = tmp2; From 8d61c684423c0b78d8ab076fef00d7095e339a97 Mon Sep 17 00:00:00 2001 From: Stefano Sabatini Date: Sat, 13 Aug 2011 16:30:44 +0200 Subject: [PATCH 465/652] vf_unsharp: set default chroma size value to 5x5 The previous default value 0x0 was not good, since it is not even valid. Signed-off-by: Anton Khirnov (cherry picked from commit 1ee20141900c98f9dc25eca121c66c3ff468c1e4) --- doc/filters.texi | 6 +++--- libavfilter/vf_unsharp.c | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/doc/filters.texi b/doc/filters.texi index eb31714486..e4873fafb2 100644 --- a/doc/filters.texi +++ b/doc/filters.texi @@ -1683,7 +1683,7 @@ It accepts the following parameters: Negative values for the amount will blur the input video, while positive values will sharpen. All parameters are optional and default to the -equivalent of the string '5:5:1.0:0:0:0.0'. +equivalent of the string '5:5:1.0:5:5:0.0'. @table @option @@ -1701,11 +1701,11 @@ and 5.0, default value is 1.0. @item chroma_msize_x Set the chroma matrix horizontal size. It can be an integer between 3 -and 13, default value is 0. +and 13, default value is 5. @item chroma_msize_y Set the chroma matrix vertical size. It can be an integer between 3 -and 13, default value is 0. +and 13, default value is 5. @item luma_amount Set the chroma effect strength. It can be a float number between -2.0 diff --git a/libavfilter/vf_unsharp.c b/libavfilter/vf_unsharp.c index 2bc090f26a..3a58a480b9 100644 --- a/libavfilter/vf_unsharp.c +++ b/libavfilter/vf_unsharp.c @@ -129,8 +129,8 @@ static void set_filter_param(FilterParam *fp, int msize_x, int msize_y, double a static av_cold int init(AVFilterContext *ctx, const char *args, void *opaque) { UnsharpContext *unsharp = ctx->priv; - int lmsize_x = 5, cmsize_x = 0; - int lmsize_y = 5, cmsize_y = 0; + int lmsize_x = 5, cmsize_x = 5; + int lmsize_y = 5, cmsize_y = 5; double lamount = 1.0f, camount = 0.0f; if (args) From 626f11b3bc92011896ae2502788adb423cbd74d9 Mon Sep 17 00:00:00 2001 From: Mans Rullgard Date: Wed, 28 Sep 2011 21:00:35 +0100 Subject: [PATCH 466/652] dca: clear inactive subbands only once in qmf_32_subbands() Writing zeros to the high entries in the array need only be done once as the cutoff position is constant throughout the loop. Signed-off-by: Mans Rullgard (cherry picked from commit bf00a73ace9b1aba790b75dcb26d43adfceb769f) --- libavcodec/dca.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavcodec/dca.c b/libavcodec/dca.c index 5166fc5337..69df8f4597 100644 --- a/libavcodec/dca.c +++ b/libavcodec/dca.c @@ -898,6 +898,9 @@ static void qmf_32_subbands(DCAContext * s, int chans, else /* Perfect reconstruction */ prCoeff = fir_32bands_perfect; + for (i = sb_act; i < 32; i++) + s->raXin[i] = 0.0; + /* Reconstructed channel sample index */ for (subindex = 0; subindex < 8; subindex++) { /* Load in one sample from each subband and clear inactive subbands */ @@ -905,8 +908,6 @@ static void qmf_32_subbands(DCAContext * s, int chans, uint32_t v = AV_RN32A(&samples_in[i][subindex]) ^ ((i-1)&2)<<30; AV_WN32A(&s->raXin[i], v); } - for (; i < 32; i++) - s->raXin[i] = 0.0; s->synth.synth_filter_float(&s->imdct, s->subband_fir_hist[chans], &s->hist_index[chans], From f9efe1d76e2c7fc302337506c42c5fd50ea36b5a Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Wed, 28 Sep 2011 00:45:54 +0200 Subject: [PATCH 467/652] Check for out of bound reads in xan_huffman_decode() of the xan decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit c8b835954ae4aef797112afda3b52f8dfe3c7b74) --- libavcodec/xan.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavcodec/xan.c b/libavcodec/xan.c index b90353967d..fe9eece61a 100644 --- a/libavcodec/xan.c +++ b/libavcodec/xan.c @@ -114,7 +114,10 @@ static int xan_huffman_decode(unsigned char *dest, int dest_len, init_get_bits(&gb, ptr, ptr_len * 8); while ( val != 0x16 ) { - val = src[val - 0x17 + get_bits1(&gb) * byte]; + unsigned idx = val - 0x17 + get_bits1(&gb) * byte; + if (idx >= 2 * byte) + return -1; + val = src[idx]; if ( val < 0x16 ) { if (dest >= dest_end) From 2451228b0c2685ec4b09b7beeaa34c4bad6f37cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tomas=20H=C3=A4rdin?= Date: Wed, 28 Sep 2011 10:34:51 +0200 Subject: [PATCH 468/652] mov: Only touch extradata in mov_read_extradata() if codec_id is what we expect Extradata should only be parsed from the avss, fiel, jp2h and alac atoms for AVS, MJPEG, Motion JPEG 2000 and ALAC respectively. This also fixes the mov demuxer coming up with bogus extradata for some AVC-Intra samples due to the presence of fiel atoms. (cherry picked from commit e571305a71494af195891e314b05936f040f89d3) --- libavformat/mov.c | 36 +++++++++++++++++++++++++++++++----- 1 file changed, 31 insertions(+), 5 deletions(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index 773760c98a..cdba33dcb0 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -755,7 +755,8 @@ static int mov_read_enda(MOVContext *c, AVIOContext *pb, MOVAtom atom) } /* FIXME modify qdm2/svq3/h264 decoders to take full atom as extradata */ -static int mov_read_extradata(MOVContext *c, AVIOContext *pb, MOVAtom atom) +static int mov_read_extradata(MOVContext *c, AVIOContext *pb, MOVAtom atom, + enum CodecID codec_id) { AVStream *st; uint64_t size; @@ -764,6 +765,10 @@ static int mov_read_extradata(MOVContext *c, AVIOContext *pb, MOVAtom atom) if (c->fc->nb_streams < 1) // will happen with jp2 files return 0; st= c->fc->streams[c->fc->nb_streams-1]; + + if (st->codec->codec_id != codec_id) + return 0; /* unexpected codec_id - don't mess with extradata */ + size= (uint64_t)st->codec->extradata_size + atom.size + 8 + FF_INPUT_BUFFER_PADDING_SIZE; if(size > INT_MAX || (uint64_t)atom.size > INT_MAX) return -1; @@ -779,6 +784,27 @@ static int mov_read_extradata(MOVContext *c, AVIOContext *pb, MOVAtom atom) return 0; } +/* wrapper functions for reading ALAC/AVS/MJPEG/MJPEG2000 extradata atoms only for those codecs */ +static int mov_read_alac(MOVContext *c, AVIOContext *pb, MOVAtom atom) +{ + return mov_read_extradata(c, pb, atom, CODEC_ID_ALAC); +} + +static int mov_read_avss(MOVContext *c, AVIOContext *pb, MOVAtom atom) +{ + return mov_read_extradata(c, pb, atom, CODEC_ID_AVS); +} + +static int mov_read_fiel(MOVContext *c, AVIOContext *pb, MOVAtom atom) +{ + return mov_read_extradata(c, pb, atom, CODEC_ID_MJPEG); +} + +static int mov_read_jp2h(MOVContext *c, AVIOContext *pb, MOVAtom atom) +{ + return mov_read_extradata(c, pb, atom, CODEC_ID_JPEG2000); +} + static int mov_read_wave(MOVContext *c, AVIOContext *pb, MOVAtom atom) { AVStream *st; @@ -2228,7 +2254,7 @@ static int mov_read_chan(MOVContext *c, AVIOContext *pb, MOVAtom atom) } static const MOVParseTableEntry mov_default_parse_table[] = { -{ MKTAG('a','v','s','s'), mov_read_extradata }, +{ MKTAG('a','v','s','s'), mov_read_avss }, { MKTAG('c','h','p','l'), mov_read_chpl }, { MKTAG('c','o','6','4'), mov_read_stco }, { MKTAG('c','t','t','s'), mov_read_ctts }, /* composition time to sample */ @@ -2237,12 +2263,12 @@ static const MOVParseTableEntry mov_default_parse_table[] = { { MKTAG('e','d','t','s'), mov_read_default }, { MKTAG('e','l','s','t'), mov_read_elst }, { MKTAG('e','n','d','a'), mov_read_enda }, -{ MKTAG('f','i','e','l'), mov_read_extradata }, +{ MKTAG('f','i','e','l'), mov_read_fiel }, { MKTAG('f','t','y','p'), mov_read_ftyp }, { MKTAG('g','l','b','l'), mov_read_glbl }, { MKTAG('h','d','l','r'), mov_read_hdlr }, { MKTAG('i','l','s','t'), mov_read_ilst }, -{ MKTAG('j','p','2','h'), mov_read_extradata }, +{ MKTAG('j','p','2','h'), mov_read_jp2h }, { MKTAG('m','d','a','t'), mov_read_mdat }, { MKTAG('m','d','h','d'), mov_read_mdhd }, { MKTAG('m','d','i','a'), mov_read_default }, @@ -2253,7 +2279,7 @@ static const MOVParseTableEntry mov_default_parse_table[] = { { MKTAG('m','v','e','x'), mov_read_default }, { MKTAG('m','v','h','d'), mov_read_mvhd }, { MKTAG('S','M','I',' '), mov_read_smi }, /* Sorenson extension ??? */ -{ MKTAG('a','l','a','c'), mov_read_extradata }, /* alac specific atom */ +{ MKTAG('a','l','a','c'), mov_read_alac }, /* alac specific atom */ { MKTAG('a','v','c','C'), mov_read_glbl }, { MKTAG('p','a','s','p'), mov_read_pasp }, { MKTAG('s','t','b','l'), mov_read_default }, From 603cb031f19bff898b99fca2234f4cebbcfd743c Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Fri, 30 Sep 2011 00:05:46 +0200 Subject: [PATCH 469/652] Check for out of bound reads in the QuickDraw decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit 44e2f0c3cd2df68659e07ed3d5eab4974794eb33) --- libavcodec/qdrw.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/libavcodec/qdrw.c b/libavcodec/qdrw.c index cd3146388e..6432728cb8 100644 --- a/libavcodec/qdrw.c +++ b/libavcodec/qdrw.c @@ -37,6 +37,7 @@ static int decode_frame(AVCodecContext *avctx, AVPacket *avpkt) { const uint8_t *buf = avpkt->data; + const uint8_t *buf_end = avpkt->data + avpkt->size; int buf_size = avpkt->size; QdrawContext * const a = avctx->priv_data; AVFrame * const p= (AVFrame*)&a->pic; @@ -59,6 +60,8 @@ static int decode_frame(AVCodecContext *avctx, outdata = a->pic.data[0]; + if (buf_end - buf < 0x68 + 4) + return AVERROR_INVALIDDATA; buf += 0x68; /* jump to palette */ colors = AV_RB32(buf); buf += 4; @@ -67,6 +70,8 @@ static int decode_frame(AVCodecContext *avctx, av_log(avctx, AV_LOG_ERROR, "Error color count - %i(0x%X)\n", colors, colors); return -1; } + if (buf_end - buf < (colors + 1) * 8) + return AVERROR_INVALIDDATA; pal = (uint32_t*)p->data[1]; for (i = 0; i <= colors; i++) { @@ -89,6 +94,8 @@ static int decode_frame(AVCodecContext *avctx, } p->palette_has_changed = 1; + if (buf_end - buf < 18) + return AVERROR_INVALIDDATA; buf += 18; /* skip unneeded data */ for (i = 0; i < avctx->height; i++) { int size, left, code, pix; @@ -100,6 +107,9 @@ static int decode_frame(AVCodecContext *avctx, out = outdata; size = AV_RB16(buf); /* size of packed line */ buf += 2; + if (buf_end - buf < size) + return AVERROR_INVALIDDATA; + left = size; next = buf + size; while (left > 0) { @@ -115,6 +125,8 @@ static int decode_frame(AVCodecContext *avctx, } else { /* copy */ if ((out + code) > (outdata + a->pic.linesize[0])) break; + if (buf_end - buf < code + 1) + return AVERROR_INVALIDDATA; memcpy(out, buf, code + 1); out += code + 1; buf += code + 1; From 18cfe0238df259e4b541d28b465688bea4781b16 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Fri, 30 Sep 2011 00:05:50 +0200 Subject: [PATCH 470/652] Check for out of bounds reads in the Delphine Software International CIN decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit 8e5f093c2cf13eab3d68d893bf8f30c56ba4e733) --- libavcodec/dsicinav.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/dsicinav.c b/libavcodec/dsicinav.c index f12560714a..c33b3edc4c 100644 --- a/libavcodec/dsicinav.c +++ b/libavcodec/dsicinav.c @@ -217,6 +217,8 @@ static int cinvideo_decode_frame(AVCodecContext *avctx, bitmap_frame_size = buf_size - 4; /* handle palette */ + if (bitmap_frame_size < palette_colors_count * (3 + (palette_type != 0))) + return AVERROR_INVALIDDATA; if (palette_type == 0) { for (i = 0; i < palette_colors_count; ++i) { cin->palette[i] = bytestream_get_le24(&buf); From 6e774cf67e6f30feb9b3dec11713d6b6dc0b521c Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Fri, 30 Sep 2011 00:05:51 +0200 Subject: [PATCH 471/652] Check for out of bounds writes in the Delphine Software International CIN decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit 3035c4034b6af3ad47f921e3385196e1b9d44ddf) --- libavcodec/dsicinav.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/dsicinav.c b/libavcodec/dsicinav.c index c33b3edc4c..faca821c7d 100644 --- a/libavcodec/dsicinav.c +++ b/libavcodec/dsicinav.c @@ -220,6 +220,8 @@ static int cinvideo_decode_frame(AVCodecContext *avctx, if (bitmap_frame_size < palette_colors_count * (3 + (palette_type != 0))) return AVERROR_INVALIDDATA; if (palette_type == 0) { + if (palette_colors_count > 256) + return AVERROR_INVALIDDATA; for (i = 0; i < palette_colors_count; ++i) { cin->palette[i] = bytestream_get_le24(&buf); bitmap_frame_size -= 3; From 376b0994746cbb14438c2a58ea1bdb2c9b934610 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Fri, 30 Sep 2011 00:05:48 +0200 Subject: [PATCH 472/652] Clear FF_INPUT_BUFFER_PADDING_SIZE bytes at the end of the temporary buffer used in motion pixels decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit e60619f9b4bdaf9af46887cdb2c86454567b4a61) --- libavcodec/motionpixels.c | 1 + tests/ref/fate/motionpixels | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/motionpixels.c b/libavcodec/motionpixels.c index 4bd83cb2ae..a3afc02582 100644 --- a/libavcodec/motionpixels.c +++ b/libavcodec/motionpixels.c @@ -253,6 +253,7 @@ static int mp_decode_frame(AVCodecContext *avctx, mp->dsp.bswap_buf((uint32_t *)mp->bswapbuf, (const uint32_t *)buf, buf_size / 4); if (buf_size & 3) memcpy(mp->bswapbuf + (buf_size & ~3), buf + (buf_size & ~3), buf_size & 3); + memset(mp->bswapbuf + buf_size, 0, FF_INPUT_BUFFER_PADDING_SIZE); init_get_bits(&gb, mp->bswapbuf, buf_size * 8); memset(mp->changes_map, 0, avctx->width * avctx->height); diff --git a/tests/ref/fate/motionpixels b/tests/ref/fate/motionpixels index e588ed3e18..30651e92c6 100644 --- a/tests/ref/fate/motionpixels +++ b/tests/ref/fate/motionpixels @@ -109,4 +109,4 @@ 0, 648003, 230400, 0xb343f372 0, 654003, 230400, 0xf7f1e588 0, 660003, 230400, 0x9682bdb2 -0, 666003, 230400, 0x538a3db8 +0, 666003, 230400, 0x16f9aad8 From 9b1bf0852548bffde22b8f27f8eb32ab51559bf1 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Fri, 30 Sep 2011 00:05:49 +0200 Subject: [PATCH 473/652] Fix the size of workspace buffers in the motion pixels decoder. Some buffers must be mod 4 in width and/or height. Signed-off-by: Michael Niedermayer (cherry picked from commit 62234a4d3a30f3949694781ef8a941ef55b210fa) --- libavcodec/motionpixels.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libavcodec/motionpixels.c b/libavcodec/motionpixels.c index a3afc02582..635a7d14a1 100644 --- a/libavcodec/motionpixels.c +++ b/libavcodec/motionpixels.c @@ -52,14 +52,16 @@ typedef struct MotionPixelsContext { static av_cold int mp_decode_init(AVCodecContext *avctx) { MotionPixelsContext *mp = avctx->priv_data; + int w4 = (avctx->width + 3) & ~3; + int h4 = (avctx->height + 3) & ~3; motionpixels_tableinit(); mp->avctx = avctx; dsputil_init(&mp->dsp, avctx); - mp->changes_map = av_mallocz(avctx->width * avctx->height); + mp->changes_map = av_mallocz(avctx->width * h4); mp->offset_bits_len = av_log2(avctx->width * avctx->height) + 1; mp->vpt = av_mallocz(avctx->height * sizeof(YuvPixel)); - mp->hpt = av_mallocz(avctx->height * avctx->width / 16 * sizeof(YuvPixel)); + mp->hpt = av_mallocz(h4 * w4 / 16 * sizeof(YuvPixel)); avctx->pix_fmt = PIX_FMT_RGB555; avcodec_get_frame_defaults(&mp->frame); return 0; From 375bd0cfb3d7b86bd5f70d1bc2d15bbd44e3abfe Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Fri, 30 Sep 2011 00:05:47 +0200 Subject: [PATCH 474/652] Check for out of bound reads in the Tiertex Limited SEQ decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit 5d7e3d71673d64a16b58430a0027afadb6b3a54e) --- libavcodec/tiertexseqv.c | 65 +++++++++++++++++++++++++++++++--------- 1 file changed, 51 insertions(+), 14 deletions(-) diff --git a/libavcodec/tiertexseqv.c b/libavcodec/tiertexseqv.c index f3a044882e..160da8c630 100644 --- a/libavcodec/tiertexseqv.c +++ b/libavcodec/tiertexseqv.c @@ -35,15 +35,19 @@ typedef struct SeqVideoContext { } SeqVideoContext; -static const unsigned char *seq_unpack_rle_block(const unsigned char *src, unsigned char *dst, int dst_size) +static const unsigned char *seq_unpack_rle_block(const unsigned char *src, + const unsigned char *src_end, + unsigned char *dst, int dst_size) { int i, len, sz; GetBitContext gb; int code_table[64]; - /* get the rle codes (at most 64 bytes) */ - init_get_bits(&gb, src, 64 * 8); + /* get the rle codes */ + init_get_bits(&gb, src, (src_end - src) * 8); for (i = 0, sz = 0; i < 64 && sz < dst_size; i++) { + if (get_bits_left(&gb) < 4) + return NULL; code_table[i] = get_sbits(&gb, 4); sz += FFABS(code_table[i]); } @@ -54,8 +58,12 @@ static const unsigned char *seq_unpack_rle_block(const unsigned char *src, unsig len = code_table[i]; if (len < 0) { len = -len; + if (src_end - src < 1) + return NULL; memset(dst, *src++, FFMIN(len, dst_size)); } else { + if (src_end - src < len) + return NULL; memcpy(dst, src, FFMIN(len, dst_size)); src += len; } @@ -65,25 +73,30 @@ static const unsigned char *seq_unpack_rle_block(const unsigned char *src, unsig return src; } -static const unsigned char *seq_decode_op1(SeqVideoContext *seq, const unsigned char *src, unsigned char *dst) +static const unsigned char *seq_decode_op1(SeqVideoContext *seq, + const unsigned char *src, + const unsigned char *src_end, + unsigned char *dst) { const unsigned char *color_table; int b, i, len, bits; GetBitContext gb; unsigned char block[8 * 8]; + if (src_end - src < 1) + return NULL; len = *src++; if (len & 0x80) { switch (len & 3) { case 1: - src = seq_unpack_rle_block(src, block, sizeof(block)); + src = seq_unpack_rle_block(src, src_end, block, sizeof(block)); for (b = 0; b < 8; b++) { memcpy(dst, &block[b * 8], 8); dst += seq->frame.linesize[0]; } break; case 2: - src = seq_unpack_rle_block(src, block, sizeof(block)); + src = seq_unpack_rle_block(src, src_end, block, sizeof(block)); for (i = 0; i < 8; i++) { for (b = 0; b < 8; b++) dst[b * seq->frame.linesize[0]] = block[i * 8 + b]; @@ -92,9 +105,13 @@ static const unsigned char *seq_decode_op1(SeqVideoContext *seq, const unsigned break; } } else { + if (len <= 0) + return NULL; + bits = ff_log2_tab[len - 1] + 1; + if (src_end - src < len + 8 * bits) + return NULL; color_table = src; src += len; - bits = ff_log2_tab[len - 1] + 1; init_get_bits(&gb, src, bits * 8 * 8); src += bits * 8; for (b = 0; b < 8; b++) { for (i = 0; i < 8; i++) @@ -106,10 +123,16 @@ static const unsigned char *seq_decode_op1(SeqVideoContext *seq, const unsigned return src; } -static const unsigned char *seq_decode_op2(SeqVideoContext *seq, const unsigned char *src, unsigned char *dst) +static const unsigned char *seq_decode_op2(SeqVideoContext *seq, + const unsigned char *src, + const unsigned char *src_end, + unsigned char *dst) { int i; + if (src_end - src < 8 * 8) + return NULL; + for (i = 0; i < 8; i++) { memcpy(dst, src, 8); src += 8; @@ -119,11 +142,16 @@ static const unsigned char *seq_decode_op2(SeqVideoContext *seq, const unsigned return src; } -static const unsigned char *seq_decode_op3(SeqVideoContext *seq, const unsigned char *src, unsigned char *dst) +static const unsigned char *seq_decode_op3(SeqVideoContext *seq, + const unsigned char *src, + const unsigned char *src_end, + unsigned char *dst) { int pos, offset; do { + if (src_end - src < 2) + return NULL; pos = *src++; offset = ((pos >> 3) & 7) * seq->frame.linesize[0] + (pos & 7); dst[offset] = *src++; @@ -132,8 +160,9 @@ static const unsigned char *seq_decode_op3(SeqVideoContext *seq, const unsigned return src; } -static void seqvideo_decode(SeqVideoContext *seq, const unsigned char *data, int data_size) +static int seqvideo_decode(SeqVideoContext *seq, const unsigned char *data, int data_size) { + const unsigned char *data_end = data + data_size; GetBitContext gb; int flags, i, j, x, y, op; unsigned char c[3]; @@ -144,6 +173,8 @@ static void seqvideo_decode(SeqVideoContext *seq, const unsigned char *data, int if (flags & 1) { palette = (uint32_t *)seq->frame.data[1]; + if (data_end - data < 256 * 3) + return AVERROR_INVALIDDATA; for (i = 0; i < 256; i++) { for (j = 0; j < 3; j++, data++) c[j] = (*data << 2) | (*data >> 4); @@ -153,6 +184,8 @@ static void seqvideo_decode(SeqVideoContext *seq, const unsigned char *data, int } if (flags & 2) { + if (data_end - data < 128) + return AVERROR_INVALIDDATA; init_get_bits(&gb, data, 128 * 8); data += 128; for (y = 0; y < 128; y += 8) for (x = 0; x < 256; x += 8) { @@ -160,17 +193,20 @@ static void seqvideo_decode(SeqVideoContext *seq, const unsigned char *data, int op = get_bits(&gb, 2); switch (op) { case 1: - data = seq_decode_op1(seq, data, dst); + data = seq_decode_op1(seq, data, data_end, dst); break; case 2: - data = seq_decode_op2(seq, data, dst); + data = seq_decode_op2(seq, data, data_end, dst); break; case 3: - data = seq_decode_op3(seq, data, dst); + data = seq_decode_op3(seq, data, data_end, dst); break; } + if (!data) + return AVERROR_INVALIDDATA; } } + return 0; } static av_cold int seqvideo_decode_init(AVCodecContext *avctx) @@ -202,7 +238,8 @@ static int seqvideo_decode_frame(AVCodecContext *avctx, return -1; } - seqvideo_decode(seq, buf, buf_size); + if (seqvideo_decode(seq, buf, buf_size)) + return AVERROR_INVALIDDATA; *data_size = sizeof(AVFrame); *(AVFrame *)data = seq->frame; From 107ea3057eb8de8a38c45c2f7181c42ea694b187 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Fri, 30 Sep 2011 00:05:53 +0200 Subject: [PATCH 475/652] Fix out of bound writes in fix_bitshift() of the shorten decoder. The data pointers s->decoded[*] already take into account s->nwrap. Signed-off-by: Michael Niedermayer (cherry picked from commit f42b3195d3f2692a4dfc0a8668bb4ac35301f2ed) --- libavcodec/shorten.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c index f593d0a164..5e599fd504 100644 --- a/libavcodec/shorten.c +++ b/libavcodec/shorten.c @@ -155,7 +155,7 @@ static void fix_bitshift(ShortenContext *s, int32_t *buffer) if (s->bitshift != 0) for (i = 0; i < s->blocksize; i++) - buffer[s->nwrap + i] <<= s->bitshift; + buffer[i] <<= s->bitshift; } From b8ab1adfcdb1f87e3e26425b4499046352009f29 Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Fri, 23 Sep 2011 21:54:44 -0400 Subject: [PATCH 476/652] avcodec: reject audio packets with NULL data and non-zero size There is no valid reason the user should ever send such packets in the first place, but the documentation for CODEC_CAP_DELAY states that the codec is guaranteed not to get a NULL packet unless that capability is set. That isn't true without preventing this case. (cherry picked from commit 6326afd5e90cfed9df08b652a1cd6f6a948c239a) --- libavcodec/utils.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index 1aa14a3381..ac559d2197 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -785,6 +785,11 @@ int attribute_align_arg avcodec_decode_audio3(AVCodecContext *avctx, int16_t *sa avctx->pkt = avpkt; + if (!avpkt->data && avpkt->size) { + av_log(avctx, AV_LOG_ERROR, "invalid packet: NULL data, size != 0\n"); + return AVERROR(EINVAL); + } + if((avctx->codec->capabilities & CODEC_CAP_DELAY) || avpkt->size){ //FIXME remove the check below _after_ ensuring that all audio check that the available space is enough if(*frame_size_ptr < AVCODEC_MAX_AUDIO_FRAME_SIZE){ From 932b5f3cbb22b9357d60914f85675020041299e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Storsj=C3=B6?= Date: Fri, 30 Sep 2011 20:30:35 +0300 Subject: [PATCH 477/652] lavf: Avoid using av_malloc(0) in av_dump_format MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On OS X, av_malloc(0) returns pointers that cause crashes when freed. Signed-off-by: Martin Storsjö (cherry picked from commit e81e5e8ad2bb5746df0c343c396019aca165cf66) --- libavformat/utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index eaa8bd901f..e79f98e62d 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -3437,7 +3437,7 @@ void av_dump_format(AVFormatContext *ic, int is_output) { int i; - uint8_t *printed = av_mallocz(ic->nb_streams); + uint8_t *printed = ic->nb_streams ? av_mallocz(ic->nb_streams) : NULL; if (ic->nb_streams && !printed) return; From c23d5261f79671a598f32be8bc403552891af24e Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 1 Oct 2011 00:44:54 +0200 Subject: [PATCH 478/652] Check for corrupted data in avs demuxer. Signed-off-by: Michael Niedermayer (cherry picked from commit 1cce7def0a8eff2e7db294b7d195a0fb1a5043b0) --- libavformat/avs.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/avs.c b/libavformat/avs.c index 355ae31f35..83023790d6 100644 --- a/libavformat/avs.c +++ b/libavformat/avs.c @@ -163,6 +163,8 @@ static int avs_read_packet(AVFormatContext * s, AVPacket * pkt) sub_type = avio_r8(s->pb); type = avio_r8(s->pb); size = avio_rl16(s->pb); + if (size < 4) + return AVERROR_INVALIDDATA; avs->remaining_frame_size -= size; switch (type) { From fa79af68453b810af94ccb0260ab38ba7b9bb04c Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 1 Oct 2011 00:44:55 +0200 Subject: [PATCH 479/652] Check for out of bound writes in the avs demuxer. Signed-off-by: Michael Niedermayer (cherry picked from commit 5d44c061cf511d97be5fac8d76be2f3915c6e798) --- libavformat/avs.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/avs.c b/libavformat/avs.c index 83023790d6..127639e7ee 100644 --- a/libavformat/avs.c +++ b/libavformat/avs.c @@ -169,6 +169,8 @@ static int avs_read_packet(AVFormatContext * s, AVPacket * pkt) switch (type) { case AVS_PALETTE: + if (size - 4 > sizeof(palette)) + return AVERROR_INVALIDDATA; ret = avio_read(s->pb, palette, size - 4); if (ret < size - 4) return AVERROR(EIO); From 3b840fab902e596e2f45de9046253ef955bb1979 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 1 Oct 2011 00:44:56 +0200 Subject: [PATCH 480/652] Check for out of bound reads in AVS decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit 7afe9e5638242a3210a0fc378e34e3af41e29176) --- libavcodec/avs.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/libavcodec/avs.c b/libavcodec/avs.c index 354b53c241..c7dcf0e2dc 100644 --- a/libavcodec/avs.c +++ b/libavcodec/avs.c @@ -47,6 +47,7 @@ avs_decode_frame(AVCodecContext * avctx, void *data, int *data_size, AVPacket *avpkt) { const uint8_t *buf = avpkt->data; + const uint8_t *buf_end = avpkt->data + avpkt->size; int buf_size = avpkt->size; AvsContext *const avs = avctx->priv_data; AVFrame *picture = data; @@ -69,6 +70,8 @@ avs_decode_frame(AVCodecContext * avctx, out = avs->picture.data[0]; stride = avs->picture.linesize[0]; + if (buf_end - buf < 4) + return AVERROR_INVALIDDATA; sub_type = buf[0]; type = buf[1]; buf += 4; @@ -79,6 +82,8 @@ avs_decode_frame(AVCodecContext * avctx, first = AV_RL16(buf); last = first + AV_RL16(buf + 2); + if (first >= 256 || last > 256 || buf_end - buf < 4 + 4 + 3 * (last - first)) + return AVERROR_INVALIDDATA; buf += 4; for (i=first; i Date: Sat, 1 Oct 2011 00:44:57 +0200 Subject: [PATCH 481/652] Fix double free on error in Deluxe Paint Animation demuxer. Signed-off-by: Michael Niedermayer (cherry picked from commit d39d7122e34d2cf994d6dc474fe0c8bee2f7fcfd) --- libavformat/anm.c | 23 ++++++++--------------- 1 file changed, 8 insertions(+), 15 deletions(-) diff --git a/libavformat/anm.c b/libavformat/anm.c index 269e325e42..1210e67dc7 100644 --- a/libavformat/anm.c +++ b/libavformat/anm.c @@ -134,18 +134,17 @@ static int read_header(AVFormatContext *s, /* color cycling and palette data */ st->codec->extradata_size = 16*8 + 4*256; st->codec->extradata = av_mallocz(st->codec->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE); - if (!st->codec->extradata) { - ret = AVERROR(ENOMEM); - goto close_and_return; - } + if (!st->codec->extradata) + return AVERROR(ENOMEM); + ret = avio_read(pb, st->codec->extradata, st->codec->extradata_size); if (ret < 0) - goto close_and_return; + return ret; /* read page table */ ret = avio_seek(pb, anm->page_table_offset, SEEK_SET); if (ret < 0) - goto close_and_return; + return ret; for (i = 0; i < MAX_PAGES; i++) { Page *p = &anm->pt[i]; @@ -156,21 +155,15 @@ static int read_header(AVFormatContext *s, /* find page of first frame */ anm->page = find_record(anm, 0); - if (anm->page < 0) { - ret = anm->page; - goto close_and_return; - } + if (anm->page < 0) + return anm->page; anm->record = -1; return 0; invalid: av_log_ask_for_sample(s, NULL); - ret = AVERROR_INVALIDDATA; - -close_and_return: - av_close_input_stream(s); - return ret; + return AVERROR_INVALIDDATA; } static int read_packet(AVFormatContext *s, From 1f2a93cf4b8f779da88a36e5c636db3dd481185e Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 1 Oct 2011 00:44:58 +0200 Subject: [PATCH 482/652] Prevent infinite loop in the ANM decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit 39993860e1525ca5d1b07521865b7e9e1b294ed7) --- libavcodec/anm.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/anm.c b/libavcodec/anm.c index 02244f70e1..8e40059576 100644 --- a/libavcodec/anm.c +++ b/libavcodec/anm.c @@ -79,6 +79,8 @@ static inline int op(uint8_t **dst, const uint8_t *dst_end, int striplen = FFMIN(count, remaining); if (buf) { striplen = FFMIN(striplen, buf_end - *buf); + if (*buf >= buf_end) + goto exhausted; memcpy(*dst, *buf, striplen); *buf += striplen; } else if (pixel >= 0) From df39708269f5c298dea08d63de37f701295a17d3 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 1 Oct 2011 00:44:59 +0200 Subject: [PATCH 483/652] Fix potential pointer arithmetic overflows in the Electronic Arts CMV decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit e9064c9ce8ed18c3a3aab61e58e663b8f5b0c551) --- libavcodec/eacmv.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libavcodec/eacmv.c b/libavcodec/eacmv.c index 408d948812..35701caadd 100644 --- a/libavcodec/eacmv.c +++ b/libavcodec/eacmv.c @@ -56,7 +56,7 @@ static void cmv_decode_intra(CmvContext * s, const uint8_t *buf, const uint8_t * unsigned char *dst = s->frame.data[0]; int i; - for (i=0; i < s->avctx->height && buf+s->avctx->width<=buf_end; i++) { + for (i=0; i < s->avctx->height && buf_end - buf >= s->avctx->width; i++) { memcpy(dst, buf, s->avctx->width); dst += s->frame.linesize[0]; buf += s->avctx->width; @@ -88,7 +88,7 @@ static void cmv_decode_inter(CmvContext * s, const uint8_t *buf, const uint8_t * i = 0; for(y=0; yavctx->height/4; y++) - for(x=0; xavctx->width/4 && buf+iavctx->width/4 && buf_end - buf > i; x++) { if (buf[i]==0xFF) { unsigned char *dst = s->frame.data[0] + (y*4)*s->frame.linesize[0] + x*4; if (raw+16=buf_end) { + if(buf_end - buf < 16) { av_log(s->avctx, AV_LOG_WARNING, "truncated header\n"); return; } @@ -139,7 +139,7 @@ static void cmv_process_header(CmvContext *s, const uint8_t *buf, const uint8_t pal_count = AV_RL16(&buf[14]); buf += 16; - for (i=pal_start; i= 3; i++) { s->palette[i] = AV_RB24(buf); buf += 3; } From d950461f599241c770d29deea201d7438211dbbb Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 1 Oct 2011 00:45:00 +0200 Subject: [PATCH 484/652] Prevent NULL dereferences when missing the reference frame in the Electronic Arts CMV decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit 113d7be62497c4e59db8f224fdb7f0a90cf17d03) --- libavcodec/eacmv.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/libavcodec/eacmv.c b/libavcodec/eacmv.c index 35701caadd..6e3b51998a 100644 --- a/libavcodec/eacmv.c +++ b/libavcodec/eacmv.c @@ -110,9 +110,10 @@ static void cmv_decode_inter(CmvContext * s, const uint8_t *buf, const uint8_t * }else{ /* inter using last frame as reference */ int xoffset = (buf[i] & 0xF) - 7; int yoffset = ((buf[i] >> 4)) - 7; - cmv_motcomp(s->frame.data[0], s->frame.linesize[0], - s->last_frame.data[0], s->last_frame.linesize[0], - x*4, y*4, xoffset, yoffset, s->avctx->width, s->avctx->height); + if (s->last_frame.data[0]) + cmv_motcomp(s->frame.data[0], s->frame.linesize[0], + s->last_frame.data[0], s->last_frame.linesize[0], + x*4, y*4, xoffset, yoffset, s->avctx->width, s->avctx->height); } i++; } From e8fd4a43ba758adb9378afe2cde4a5b9d4bda357 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 1 Oct 2011 00:45:01 +0200 Subject: [PATCH 485/652] Check for out of bound reads in the Electronic Arts CMV decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit a5d46235f3f70f0b620f8e54649ece45ecc5b170) --- libavcodec/eacmv.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/eacmv.c b/libavcodec/eacmv.c index 6e3b51998a..4cd6a6fd1f 100644 --- a/libavcodec/eacmv.c +++ b/libavcodec/eacmv.c @@ -158,6 +158,9 @@ static int cmv_decode_frame(AVCodecContext *avctx, CmvContext *s = avctx->priv_data; const uint8_t *buf_end = buf + buf_size; + if (buf_end - buf < EA_PREAMBLE_SIZE) + return AVERROR_INVALIDDATA; + if (AV_RL32(buf)==MVIh_TAG||AV_RB32(buf)==MVIh_TAG) { cmv_process_header(s, buf+EA_PREAMBLE_SIZE, buf_end); return buf_size; From 802045777afe0c04cc42ef11f59e273239faaa99 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 1 Oct 2011 00:45:02 +0200 Subject: [PATCH 486/652] Fix out of bound reads due to integer overflow in the ADPCM IMA Electronic Arts EACS decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit 346876ec168affe7c21be88d8f1acf1a75cc8409) --- libavcodec/adpcm.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libavcodec/adpcm.c b/libavcodec/adpcm.c index ba312558b0..de7bc7a45b 100644 --- a/libavcodec/adpcm.c +++ b/libavcodec/adpcm.c @@ -1333,10 +1333,11 @@ static int adpcm_decode_frame(AVCodecContext *avctx, buf_size -= 128; } break; - case CODEC_ID_ADPCM_IMA_EA_EACS: + case CODEC_ID_ADPCM_IMA_EA_EACS: { + unsigned header_size = 4 + (8<> (1-st); - if (samples_in_chunk > buf_size-4-(8< buf_size - header_size) { src += buf_size - 4; break; } @@ -1351,6 +1352,7 @@ static int adpcm_decode_frame(AVCodecContext *avctx, *samples++ = adpcm_ima_expand_nibble(&c->status[st], *src&0x0F, 3); } break; + } case CODEC_ID_ADPCM_IMA_EA_SEAD: for (; src < buf+buf_size; src++) { *samples++ = adpcm_ima_expand_nibble(&c->status[0], src[0] >> 4, 6); From e0fb22cea9056afd30848d9d51e92f5ae24ea0f6 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 1 Oct 2011 00:45:04 +0200 Subject: [PATCH 487/652] Fix out of bound reads in the QDM2 decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit 491eaf35ae1f9b619441314bec33766e31580184) --- libavcodec/qdm2.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/qdm2.c b/libavcodec/qdm2.c index 6eb836456c..a6192e91c2 100644 --- a/libavcodec/qdm2.c +++ b/libavcodec/qdm2.c @@ -1353,6 +1353,8 @@ static void qdm2_fft_decode_tones (QDM2Context *q, int duration, GetBitContext * return; local_int_14 = (offset >> local_int_8); + if (local_int_14 >= FF_ARRAY_ELEMS(fft_level_index_table)) + return; if (q->nb_channels > 1) { channel = get_bits1(gb); From b08df314dca6946ed644caacb9d3a533a054c0f6 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 1 Oct 2011 00:45:05 +0200 Subject: [PATCH 488/652] Check for out of bound writes in the QDM2 decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit 4a7876c6e4e62e94d51e364ba99aae4da7671238) --- libavcodec/qdm2.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/qdm2.c b/libavcodec/qdm2.c index a6192e91c2..1665c8daed 100644 --- a/libavcodec/qdm2.c +++ b/libavcodec/qdm2.c @@ -1799,6 +1799,8 @@ static av_cold int qdm2_decode_init(AVCodecContext *avctx) avctx->channels = s->nb_channels = s->channels = AV_RB32(extradata); extradata += 4; + if (s->channels > MPA_MAX_CHANNELS) + return AVERROR_INVALIDDATA; avctx->sample_rate = AV_RB32(extradata); extradata += 4; @@ -1820,6 +1822,8 @@ static av_cold int qdm2_decode_init(AVCodecContext *avctx) // something like max decodable tones s->group_order = av_log2(s->group_size) + 1; s->frame_size = s->group_size / 16; // 16 iterations per super block + if (s->frame_size > FF_ARRAY_ELEMS(s->output_buffer) / 2) + return AVERROR_INVALIDDATA; s->sub_sampling = s->fft_order - 7; s->frequency_range = 255 / (1 << (2 - s->sub_sampling)); From f144a70d6011a71fe6a48ce1b67791301be9b788 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 1 Oct 2011 00:45:03 +0200 Subject: [PATCH 489/652] Fix out of bound reads/writes in the TIFF decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit 5ca5d432e028ffdd4067b87aed6702168c3207b6) --- libavcodec/tiff.c | 40 +++++++++++++++++++++++++--------------- 1 file changed, 25 insertions(+), 15 deletions(-) diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c index c54eaee346..ed01b70147 100644 --- a/libavcodec/tiff.c +++ b/libavcodec/tiff.c @@ -170,6 +170,8 @@ static int tiff_unpack_strip(TiffContext *s, uint8_t* dst, int stride, const uin } switch(s->compr){ case TIFF_RAW: + if (ssrc + size - src < width) + return AVERROR_INVALIDDATA; if (!s->fill_order) { memcpy(dst, src, width); } else { @@ -277,6 +279,8 @@ static int tiff_decode_tag(TiffContext *s, const uint8_t *start, const uint8_t * uint32_t *pal; const uint8_t *rp, *gp, *bp; + if (end_buf - buf < 12) + return -1; tag = tget_short(&buf, s->le); type = tget_short(&buf, s->le); count = tget_long(&buf, s->le); @@ -336,7 +340,7 @@ static int tiff_decode_tag(TiffContext *s, const uint8_t *start, const uint8_t * case TIFF_SHORT: case TIFF_LONG: s->bpp = 0; - for(i = 0; i < count; i++) s->bpp += tget(&buf, type, s->le); + for(i = 0; i < count && buf < end_buf; i++) s->bpp += tget(&buf, type, s->le); break; default: s->bpp = -1; @@ -450,6 +454,8 @@ static int tiff_decode_tag(TiffContext *s, const uint8_t *start, const uint8_t * case TIFF_PAL: pal = (uint32_t *) s->palette; off = type_sizes[type]; + if (count / 3 > 256 || end_buf - buf < count / 3 * off * 3) + return -1; rp = buf; gp = buf + count / 3 * off; bp = buf + count / 3 * off * 2; @@ -493,12 +499,16 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *picture = data; AVFrame * const p= (AVFrame*)&s->picture; const uint8_t *orig_buf = buf, *end_buf = buf + buf_size; - int id, le, off, ret; + unsigned off; + int id, le, ret; int i, j, entries; - int stride, soff, ssize; + int stride; + unsigned soff, ssize; uint8_t *dst; //parse image header + if (end_buf - buf < 8) + return AVERROR_INVALIDDATA; id = AV_RL16(buf); buf += 2; if(id == 0x4949) le = 1; else if(id == 0x4D4D) le = 0; @@ -518,9 +528,9 @@ static int decode_frame(AVCodecContext *avctx, } /* parse image file directory */ off = tget_long(&buf, le); - if(orig_buf + off + 14 >= end_buf){ + if (off >= UINT_MAX - 14 || end_buf - orig_buf < off + 14) { av_log(avctx, AV_LOG_ERROR, "IFD offset is greater than image size\n"); - return -1; + return AVERROR_INVALIDDATA; } buf = orig_buf + off; entries = tget_short(&buf, le); @@ -544,23 +554,23 @@ static int decode_frame(AVCodecContext *avctx, stride = p->linesize[0]; dst = p->data[0]; for(i = 0; i < s->height; i += s->rps){ - if(s->stripsizes) + if(s->stripsizes) { + if (s->stripsizes >= end_buf) + return AVERROR_INVALIDDATA; ssize = tget(&s->stripsizes, s->sstype, s->le); - else + } else ssize = s->stripsize; - if (ssize > buf_size) { - av_log(avctx, AV_LOG_ERROR, "Buffer size is smaller than strip size\n"); - return -1; - } - if(s->stripdata){ + if (s->stripdata >= end_buf) + return AVERROR_INVALIDDATA; soff = tget(&s->stripdata, s->sot, s->le); }else soff = s->stripoff; - if (soff < 0) { - av_log(avctx, AV_LOG_ERROR, "Invalid stripoff: %d\n", soff); - return AVERROR(EINVAL); + + if (soff > buf_size || ssize > buf_size - soff) { + av_log(avctx, AV_LOG_ERROR, "Invalid strip size/offset\n"); + return -1; } if(tiff_unpack_strip(s, dst, stride, orig_buf + soff, ssize, FFMIN(s->rps, s->height - i)) < 0) break; From 00f6cbb53df64a3a730d9c841dddb534ba562d53 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 1 Oct 2011 03:16:32 +0200 Subject: [PATCH 490/652] vf_scale.c: propagate error code Signed-off-by: Michael Niedermayer (cherry picked from commit 8447703c16b9e6fdc48ce92553ec1cfa2e359b84) --- libavfilter/vf_scale.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavfilter/vf_scale.c b/libavfilter/vf_scale.c index ba8f9e1e82..8f2f1d5f52 100644 --- a/libavfilter/vf_scale.c +++ b/libavfilter/vf_scale.c @@ -229,7 +229,7 @@ static int config_props(AVFilterLink *outlink) scale->isws[1] = sws_getContext(inlink ->w, inlink ->h/2, inlink ->format, outlink->w, outlink->h/2, outlink->format, scale->flags, NULL, NULL, NULL); - if (!scale->sws) + if (!scale->sws || !scale->isws[0] || !scale->isws[1]) return AVERROR(EINVAL); if (inlink->sample_aspect_ratio.num){ From 80331265cafe2e331fb47350e00b661eccbe6970 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 1 Oct 2011 03:48:33 +0200 Subject: [PATCH 491/652] avienc: Add a limit on the number of skiped frames muxed in a row. Signed-off-by: Michael Niedermayer (cherry picked from commit 9cb9e39c41959961bdb5a1fd51cdd25e10c050f3) --- libavformat/avienc.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavformat/avienc.c b/libavformat/avienc.c index deff1c8d20..1c8eedad09 100644 --- a/libavformat/avienc.c +++ b/libavformat/avienc.c @@ -523,6 +523,11 @@ static int avi_write_packet(AVFormatContext *s, AVPacket *pkt) while(enc->block_align==0 && pkt->dts != AV_NOPTS_VALUE && pkt->dts > avist->packet_count){ AVPacket empty_packet; + if(pkt->dts - avist->packet_count > 60000){ + av_log(s, AV_LOG_ERROR, "Too large number of skiped frames %Ld\n", pkt->dts - avist->packet_count); + return AVERROR(EINVAL); + } + av_init_packet(&empty_packet); empty_packet.size= 0; empty_packet.data= NULL; From 77a7092d1c22fc49a26514c1e7a36d6a971707d9 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 1 Oct 2011 22:28:16 +0200 Subject: [PATCH 492/652] fate: fix motion pixels checksum change caused by backported bugfix Signed-off-by: Michael Niedermayer --- tests/ref/fate/motionpixels | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ref/fate/motionpixels b/tests/ref/fate/motionpixels index 30651e92c6..70413880f8 100644 --- a/tests/ref/fate/motionpixels +++ b/tests/ref/fate/motionpixels @@ -109,4 +109,4 @@ 0, 648003, 230400, 0xb343f372 0, 654003, 230400, 0xf7f1e588 0, 660003, 230400, 0x9682bdb2 -0, 666003, 230400, 0x16f9aad8 +0, 666003, 230400, 0x009f4640 From 2cd7580ab51b6173f516d9658949ae3da8601039 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 1 Oct 2011 22:12:01 +0200 Subject: [PATCH 493/652] Remove Chnagelog it has nothing to do with reality Signed-off-by: Michael Niedermayer --- Changelog | 764 ------------------------------------------------------ 1 file changed, 764 deletions(-) delete mode 100644 Changelog diff --git a/Changelog b/Changelog deleted file mode 100644 index 7360b67eed..0000000000 --- a/Changelog +++ /dev/null @@ -1,764 +0,0 @@ -Entries are sorted chronologically from oldest to youngest within each release, -releases are sorted from youngest to oldest. - -version 0.7.2: - -- check buffer and input values in various parts of the code: - H.264, VC-1, APE, FLV, Indeo 2, XAN, Ogg, MXF, wavpack, ffv1, MOV, - cavs (OCERT-2011-002, CVE-2011-3362), Smacker, cpu detection, lavf, - Matroska (CVE-2011-3504), RV10, RV30/RV40 -- memory leaks: vf_scale, eval - -- ARM: workaround for bug in GNU assembler -- AVOptions: fix av_set_string3() doxy to match reality. (Bug #28) -- Reintroduce AVInputStream.nb_streams to avoid crashes -- aac: Only output configure if audio was found -- aac: Remove some suspicious illegal memcpy()s from LTP -- aacps: skip some memcpy() if src and dst would be equal -- adts: fix PCE copying -- alsa: fallback to buffer_size/4 for period_size -- alsa: limit buffer_size to 32768 frames -- cljr, indeo2: init_get_bits size in bits instead of bytes -- configure: add missing CFLAGS to fix building on the HURD -- dca: set AVCodecContext frame_size for DTS audio -- fate: allow testing with libavfilter disabled -- gxf: fix 25 fps DV material in GXF being misdetected as 50 fps -- h264: correct implicit weight table computation for long ref pics -- h264: correct the check for invalid long term frame index in MMCO decode -- h264: fix PCM intra-coded blocks in monochrome case -- jpegdec: actually search for and parse RSTn -- lavc: fix type for thread_type option -- lavf: fix context pointer in av_open_input_stream when avformat_open_input fails -- lavf: do not set codec_tag for rawvideo -- libx264: do not set pic quality if no frame is output -- movenc: create an alternate group for each media type -- mpegts: fix Continuity Counter error detection -- mxfenc: fix ignored drop flag in binary timecode representation -- fix crashes in 32-bit PIC builds (cf e.g. http://bugs.debian.org/639948) -- ppc64: fix cast related random failures -- riff: Add mpgv MPEG-2 fourcc -- swscale: don't use planar output functions to write to NV12/21 -- vc1: properly zero coded_block[] edges on new slice entry -- vp3/theora: flush after seek - -- various bug other fixes - - -version 0.7.1: - -- added various additional FOURCC codec identifiers -- H.264 4:4:4 fixes -- build system and compilation fixes -- Doxygen and general documentation corrections and improvements -- fixed segfault in ffprobe -- behavioral fix in av_open_input_stream() -- Licensing clarification for LGPL'ed vf_gradfun -- bugfixes while seeking in multithreaded decoding -- support newer versions of OpenCV -- ffmpeg: fix operation with --disable-avfilter -- fixed integer underflow in matroska decoder - - -version 0.7: - -- many many things we forgot because we rather write code than changelogs -- libmpcodecs video filter support (3 times as many filters than before) -- mpeg2 aspect ratio dection fixed -- libxvid aspect pickiness fixed -- Frame multithreaded decoding -- E-AC-3 audio encoder -- ac3enc: add channel coupling support -- floating-point sample format support for (E-)AC-3, DCA, AAC, Vorbis decoders -- H.264/MPEG frame-level multithreading -- av_metadata_* functions renamed to av_dict_* and moved to libavutil -- 4:4:4 H.264 decoding support -- 10-bit H.264 optimizations for x86 -- lut, lutrgb, and lutyuv filters added -- buffersink libavfilter sink added -- bump libswscale for recently reported ABI break - - -version 0.7_beta2: - -- VP8 frame-level multithreading -- NEON optimizations for VP8 -- removed a lot of deprecated API cruft -- FFT and IMDCT optimizations for AVX (Sandy Bridge) processors -- showinfo filter added -- DPX image encoder -- SMPTE 302M AES3 audio decoder -- Apple Core Audio Format muxer -- 9bit and 10bit per sample support in the H.264 decoder -- 9bit and 10bit FFV1 encoding / decoding -- split filter added -- select filter added -- sdl output device added - - -version 0.7_beta1: - -- WebM support in Matroska de/muxer -- low overhead Ogg muxing -- MMS-TCP support -- VP8 de/encoding via libvpx -- Demuxer for On2's IVF format -- Pictor/PC Paint decoder -- HE-AAC v2 decoder -- HE-AAC v2 encoding with libaacplus -- libfaad2 wrapper removed -- DTS-ES extension (XCh) decoding support -- native VP8 decoder -- RTSP tunneling over HTTP -- RTP depacketization of SVQ3 -- -strict inofficial replaced by -strict unofficial -- ffplay -exitonkeydown and -exitonmousedown options added -- native GSM / GSM MS decoder -- RTP depacketization of QDM2 -- ANSI/ASCII art playback system -- Lego Mindstorms RSO de/muxer -- libavcore added -- SubRip subtitle file muxer and demuxer -- Chinese AVS encoding via libxavs -- ffprobe -show_packets option added -- RTP packetization of Theora and Vorbis -- RTP depacketization of MP4A-LATM -- RTP packetization and depacketization of VP8 -- hflip filter -- Apple HTTP Live Streaming demuxer -- a64 codec -- MMS-HTTP support -- G.722 ADPCM audio encoder/decoder -- R10k video decoder -- ocv_smooth filter -- frei0r wrapper filter -- change crop filter syntax to width:height:x:y -- make the crop filter accept parametric expressions -- make ffprobe accept AVFormatContext options -- yadif filter -- blackframe filter -- Demuxer for Leitch/Harris' VR native stream format (LXF) -- RTP depacketization of the X-QT QuickTime format -- SAP (Session Announcement Protocol, RFC 2974) muxer and demuxer -- cropdetect filter -- ffmpeg -crop* options removed -- transpose filter added -- ffmpeg -force_key_frames option added -- demuxer for receiving raw rtp:// URLs without an SDP description -- single stream LATM/LOAS decoder -- setpts filter added -- Win64 support for optimized x86 assembly functions -- MJPEG/AVI1 to JPEG/JFIF bitstream filter -- ASS subtitle encoder and decoder -- IEC 61937 encapsulation for E-AC-3, TrueHD, DTS-HD (for HDMI passthrough) -- overlay filter added -- rename aspect filter to setdar, and pixelaspect to setsar -- IEC 61937 demuxer -- Mobotix .mxg demuxer -- frei0r source added -- hqdn3d filter added -- RTP depacketization of QCELP -- FLAC parser added -- gradfun filter added -- AMR-WB decoder -- replace the ocv_smooth filter with a more generic ocv filter -- Windows Televison (WTV) demuxer -- FFmpeg metadata format muxer and demuxer -- SubRip (srt) subtitle encoder and decoder -- floating-point AC-3 encoder added -- Lagarith decoder -- ffmpeg -copytb option added -- IVF muxer added -- Wing Commander IV movies decoder added -- movie source added -- Bink version 'b' audio and video decoder -- Bitmap Brothers JV playback system -- Apple HTTP Live Streaming protocol handler -- sndio support for playback and record -- Linux framebuffer input device added -- Chronomaster DFA decoder -- DPX image encoder -- MicroDVD subtitle file muxer and demuxer -- Playstation Portable PMP format demuxer -- fieldorder video filter added -- AAC encoding via libvo-aacenc -- AMR-WB encoding via libvo-amrwbenc -- xWMA demuxer -- Mobotix MxPEG decoder - - -version 0.6: - -- PB-frame decoding for H.263 -- deprecated vhook subsystem removed -- deprecated old scaler removed -- VQF demuxer -- Alpha channel scaler -- PCX encoder -- RTP packetization of H.263 -- RTP packetization of AMR -- RTP depacketization of Vorbis -- CorePNG decoding support -- Cook multichannel decoding support -- introduced avlanguage helpers in libavformat -- 8088flex TMV demuxer and decoder -- per-stream language-tags extraction in asfdec -- V210 decoder and encoder -- remaining GPL parts in AC-3 decoder converted to LGPL -- QCP demuxer -- SoX native format muxer and demuxer -- AMR-NB decoding/encoding, AMR-WB decoding via OpenCORE libraries -- DPX image decoder -- Electronic Arts Madcow decoder -- DivX (XSUB) subtitle encoder -- nonfree libamr support for AMR-NB/WB decoding/encoding removed -- experimental AAC encoder -- RTP depacketization of ASF and RTSP from WMS servers -- RTMP support in libavformat -- noX handling for OPT_BOOL X options -- Wave64 demuxer -- IEC-61937 compatible Muxer -- TwinVQ decoder -- Bluray (PGS) subtitle decoder -- LPCM support in MPEG-TS (HDMV RID as found on Blu-ray disks) -- WMA Pro decoder -- Core Audio Format demuxer -- Atrac1 decoder -- MD STUDIO audio demuxer -- RF64 support in WAV demuxer -- MPEG-4 Audio Lossless Coding (ALS) decoder -- -formats option split into -formats, -codecs, -bsfs, and -protocols -- IV8 demuxer -- CDG demuxer and decoder -- R210 decoder -- Auravision Aura 1 and 2 decoders -- Deluxe Paint Animation playback system -- SIPR decoder -- Adobe Filmstrip muxer and demuxer -- RTP depacketization of H.263 -- Bink demuxer and audio/video decoders -- enable symbol versioning by default for linkers that support it -- IFF PBM/ILBM bitmap decoder -- concat protocol -- Indeo 5 decoder -- RTP depacketization of AMR -- WMA Voice decoder -- ffprobe tool -- AMR-NB decoder -- RTSP muxer -- HE-AAC v1 decoder -- Kega Game Video (KGV1) decoder -- VorbisComment writing for FLAC, Ogg FLAC and Ogg Speex files -- RTP depacketization of Theora -- HTTP Digest authentication -- RTMP/RTMPT/RTMPS/RTMPE/RTMPTE protocol support via librtmp -- Psygnosis YOP demuxer and video decoder -- spectral extension support in the E-AC-3 decoder -- unsharp video filter -- RTP hinting in the mov/3gp/mp4 muxer -- Dirac in Ogg demuxing -- seek to keyframes in Ogg -- 4:2:2 and 4:4:4 Theora decoding -- 35% faster VP3/Theora decoding -- faster AAC decoding -- faster H.264 decoding -- RealAudio 1.0 (14.4K) encoder - - -version 0.5: - -- DV50 AKA DVCPRO50 encoder, decoder, muxer and demuxer -- TechSmith Camtasia (TSCC) video decoder -- IBM Ultimotion (ULTI) video decoder -- Sierra Online audio file demuxer and decoder -- Apple QuickDraw (qdrw) video decoder -- Creative ADPCM audio decoder (16 bits as well as 8 bits schemes) -- Electronic Arts Multimedia (WVE/UV2/etc.) file demuxer -- Miro VideoXL (VIXL) video decoder -- H.261 video encoder -- QPEG video decoder -- Nullsoft Video (NSV) file demuxer -- Shorten audio decoder -- LOCO video decoder -- Apple Lossless Audio Codec (ALAC) decoder -- Winnov WNV1 video decoder -- Autodesk Animator Studio Codec (AASC) decoder -- Indeo 2 video decoder -- Fraps FPS1 video decoder -- Snow video encoder/decoder -- Sonic audio encoder/decoder -- Vorbis audio decoder -- Macromedia ADPCM decoder -- Duck TrueMotion 2 video decoder -- support for decoding FLX and DTA extensions in FLIC files -- H.264 custom quantization matrices support -- ffserver fixed, it should now be usable again -- QDM2 audio decoder -- Real Cooker audio decoder -- TrueSpeech audio decoder -- WMA2 audio decoder fixed, now all files should play correctly -- RealAudio 14.4 and 28.8 decoders fixed -- JPEG-LS decoder -- build system improvements -- tabs and trailing whitespace removed from the codebase -- CamStudio video decoder -- AIFF/AIFF-C audio format, encoding and decoding -- ADTS AAC file reading and writing -- Creative VOC file reading and writing -- American Laser Games multimedia (*.mm) playback system -- Zip Motion Blocks Video decoder -- improved Theora/VP3 decoder -- True Audio (TTA) decoder -- AVS demuxer and video decoder -- JPEG-LS encoder -- Smacker demuxer and decoder -- NuppelVideo/MythTV demuxer and RTjpeg decoder -- KMVC decoder -- MPEG-2 intra VLC support -- MPEG-2 4:2:2 encoder -- Flash Screen Video decoder -- GXF demuxer -- Chinese AVS decoder -- GXF muxer -- MXF demuxer -- VC-1/WMV3/WMV9 video decoder -- MacIntel support -- AVISynth support -- VMware video decoder -- VP5 video decoder -- VP6 video decoder -- WavPack lossless audio decoder -- Targa (.TGA) picture decoder -- Vorbis audio encoder -- Delphine Software .cin demuxer/audio and video decoder -- Tiertex .seq demuxer/video decoder -- MTV demuxer -- TIFF picture encoder and decoder -- GIF picture decoder -- Intel Music Coder decoder -- Zip Motion Blocks Video encoder -- Musepack decoder -- Flash Screen Video encoder -- Theora encoding via libtheora -- BMP encoder -- WMA encoder -- GSM-MS encoder and decoder -- DCA decoder -- DXA demuxer and decoder -- DNxHD decoder -- Gamecube movie (.THP) playback system -- Blackfin optimizations -- Interplay C93 demuxer and video decoder -- Bethsoft VID demuxer and video decoder -- CRYO APC demuxer -- Atrac3 decoder -- V.Flash PTX decoder -- RoQ muxer, RoQ audio encoder -- Renderware TXD demuxer and decoder -- extern C declarations for C++ removed from headers -- sws_flags command line option -- codebook generator -- RoQ video encoder -- QTRLE encoder -- OS/2 support removed and restored again -- AC-3 decoder -- NUT muxer -- additional SPARC (VIS) optimizations -- Matroska muxer -- slice-based parallel H.264 decoding -- Monkey's Audio demuxer and decoder -- AMV audio and video decoder -- DNxHD encoder -- H.264 PAFF decoding -- Nellymoser ASAO decoder -- Beam Software SIFF demuxer and decoder -- libvorbis Vorbis decoding removed in favor of native decoder -- IntraX8 (J-Frame) subdecoder for WMV2 and VC-1 -- Ogg (Theora, Vorbis and FLAC) muxer -- The "device" muxers and demuxers are now in a new libavdevice library -- PC Paintbrush PCX decoder -- Sun Rasterfile decoder -- TechnoTrend PVA demuxer -- Linux Media Labs MPEG-4 (LMLM4) demuxer -- AVM2 (Flash 9) SWF muxer -- QT variant of IMA ADPCM encoder -- VFW grabber -- iPod/iPhone compatible mp4 muxer -- Mimic decoder -- MSN TCP Webcam stream demuxer -- RL2 demuxer / decoder -- IFF demuxer -- 8SVX audio decoder -- non-recursive Makefiles -- BFI demuxer -- MAXIS EA XA (.xa) demuxer / decoder -- BFI video decoder -- OMA demuxer -- MLP/TrueHD decoder -- Electronic Arts CMV decoder -- Motion Pixels Video decoder -- Motion Pixels MVI demuxer -- removed animated GIF decoder/demuxer -- D-Cinema audio muxer -- Electronic Arts TGV decoder -- Apple Lossless Audio Codec (ALAC) encoder -- AAC decoder -- floating point PCM encoder/decoder -- MXF muxer -- DV100 AKA DVCPRO HD decoder and demuxer -- E-AC-3 support added to AC-3 decoder -- Nellymoser ASAO encoder -- ASS and SSA demuxer and muxer -- liba52 wrapper removed -- SVQ3 watermark decoding support -- Speex decoding via libspeex -- Electronic Arts TGQ decoder -- RV40 decoder -- QCELP / PureVoice decoder -- RV30 decoder -- hybrid WavPack support -- R3D REDCODE demuxer -- ALSA support for playback and record -- Electronic Arts TQI decoder -- OpenJPEG based JPEG 2000 decoder -- NC (NC4600) camera file demuxer -- Gopher client support -- MXF D-10 muxer -- generic metadata API -- flash ScreenVideo2 encoder - - -version 0.4.9-pre1: - -- DV encoder, DV muxer -- Microsoft RLE video decoder -- Microsoft Video-1 decoder -- Apple Animation (RLE) decoder -- Apple Graphics (SMC) decoder -- Apple Video (RPZA) decoder -- Cinepak decoder -- Sega FILM (CPK) file demuxer -- Westwood multimedia support (VQA & AUD files) -- Id Quake II CIN playback support -- 8BPS video decoder -- FLIC playback support -- RealVideo 2.0 (RV20) decoder -- Duck TrueMotion v1 (DUCK) video decoder -- Sierra VMD demuxer and video decoder -- MSZH and ZLIB decoder support -- SVQ1 video encoder -- AMR-WB support -- PPC optimizations -- rate distortion optimal cbp support -- rate distorted optimal ac prediction for MPEG-4 -- rate distorted optimal lambda->qp support -- AAC encoding with libfaac -- Sunplus JPEG codec (SP5X) support -- use Lagrange multipler instead of QP for ratecontrol -- Theora/VP3 decoding support -- XA and ADX ADPCM codecs -- export MPEG-2 active display area / pan scan -- Add support for configuring with IBM XLC -- floating point AAN DCT -- initial support for zygo video (not complete) -- RGB ffv1 support -- new audio/video parser API -- av_log() system -- av_read_frame() and av_seek_frame() support -- missing last frame fixes -- seek by mouse in ffplay -- noise reduction of DCT coefficients -- H.263 OBMC & 4MV support -- H.263 alternative inter vlc support -- H.263 loop filter -- H.263 slice structured mode -- interlaced DCT support for MPEG-2 encoding -- stuffing to stay above min_bitrate -- MB type & QP visualization -- frame stepping for ffplay -- interlaced motion estimation -- alternate scantable support -- SVCD scan offset support -- closed GOP support -- SSE2 FDCT -- quantizer noise shaping -- G.726 ADPCM audio codec -- MS ADPCM encoding -- multithreaded/SMP motion estimation -- multithreaded/SMP encoding for MPEG-1/MPEG-2/MPEG-4/H.263 -- multithreaded/SMP decoding for MPEG-2 -- FLAC decoder -- Metrowerks CodeWarrior suppport -- H.263+ custom pcf support -- nicer output for 'ffmpeg -formats' -- Matroska demuxer -- SGI image format, encoding and decoding -- H.264 loop filter support -- H.264 CABAC support -- nicer looking arrows for the motion vector visualization -- improved VCD support -- audio timestamp drift compensation -- MPEG-2 YUV 422/444 support -- polyphase kaiser windowed sinc and blackman nuttall windowed sinc audio resample -- better image scaling -- H.261 support -- correctly interleave packets during encoding -- VIS optimized motion compensation -- intra_dc_precision>0 encoding support -- support reuse of motion vectors/MB types/field select values of the source video -- more accurate deblock filter -- padding support -- many optimizations and bugfixes -- FunCom ISS audio file demuxer and according ADPCM decoding - - -version 0.4.8: - -- MPEG-2 video encoding (Michael) -- Id RoQ playback subsystem (Mike Melanson and Tim Ferguson) -- Wing Commander III Movie (.mve) file playback subsystem (Mike Melanson - and Mario Brito) -- Xan DPCM audio decoder (Mario Brito) -- Interplay MVE playback subsystem (Mike Melanson) -- Duck DK3 and DK4 ADPCM audio decoders (Mike Melanson) - - -version 0.4.7: - -- RealAudio 1.0 (14_4) and 2.0 (28_8) native decoders. Author unknown, code from mplayerhq - (originally from public domain player for Amiga at http://www.honeypot.net/audio) -- current version now also compiles with older GCC (Fabrice) -- 4X multimedia playback system including 4xm file demuxer (Mike - Melanson), and 4X video and audio codecs (Michael) -- Creative YUV (CYUV) decoder (Mike Melanson) -- FFV1 codec (our very simple lossless intra only codec, compresses much better - than HuffYUV) (Michael) -- ASV1 (Asus), H.264, Intel indeo3 codecs have been added (various) -- tiny PNG encoder and decoder, tiny GIF decoder, PAM decoder (PPM with - alpha support), JPEG YUV colorspace support. (Fabrice Bellard) -- ffplay has been replaced with a newer version which uses SDL (optionally) - for multiplatform support (Fabrice) -- Sorenson Version 3 codec (SVQ3) support has been added (decoding only) - donated - by anonymous -- AMR format has been added (Johannes Carlsson) -- 3GP support has been added (Johannes Carlsson) -- VP3 codec has been added (Mike Melanson) -- more MPEG-1/2 fixes -- better multiplatform support, MS Visual Studio fixes (various) -- AltiVec optimizations (Magnus Damn and others) -- SH4 processor support has been added (BERO) -- new public interfaces (avcodec_get_pix_fmt) (Roman Shaposhnick) -- VOB streaming support (Brian Foley) -- better MP3 autodetection (Andriy Rysin) -- qpel encoding (Michael) -- 4mv+b frames encoding finally fixed (Michael) -- chroma ME (Michael) -- 5 comparison functions for ME (Michael) -- B-frame encoding speedup (Michael) -- WMV2 codec (unfinished - Michael) -- user specified diamond size for EPZS (Michael) -- Playstation STR playback subsystem, still experimental (Mike and Michael) -- ASV2 codec (Michael) -- CLJR decoder (Alex) - -.. And lots more new enhancements and fixes. - - -version 0.4.6: - -- completely new integer only MPEG audio layer 1/2/3 decoder rewritten - from scratch -- Recoded DCT and motion vector search with gcc (no longer depends on nasm) -- fix quantization bug in AC3 encoder -- added PCM codecs and format. Corrected WAV/AVI/ASF PCM issues -- added prototype ffplay program -- added GOB header parsing on H.263/H.263+ decoder (Juanjo) -- bug fix on MCBPC tables of H.263 (Juanjo) -- bug fix on DC coefficients of H.263 (Juanjo) -- added Advanced Prediction Mode on H.263/H.263+ decoder (Juanjo) -- now we can decode H.263 streams found in QuickTime files (Juanjo) -- now we can decode H.263 streams found in VIVO v1 files(Juanjo) -- preliminary RTP "friendly" mode for H.263/H.263+ coding. (Juanjo) -- added GOB header for H.263/H.263+ coding on RTP mode (Juanjo) -- now H.263 picture size is returned on the first decoded frame (Juanjo) -- added first regression tests -- added MPEG-2 TS demuxer -- new demux API for libav -- more accurate and faster IDCT (Michael) -- faster and entropy-controlled motion search (Michael) -- two pass video encoding (Michael) -- new video rate control (Michael) -- added MSMPEG4V1, MSMPEGV2 and WMV1 support (Michael) -- great performance improvement of video encoders and decoders (Michael) -- new and faster bit readers and vlc parsers (Michael) -- high quality encoding mode: tries all macroblock/VLC types (Michael) -- added DV video decoder -- preliminary RTP/RTSP support in ffserver and libavformat -- H.263+ AIC decoding/encoding support (Juanjo) -- VCD MPEG-PS mode (Juanjo) -- PSNR stuff (Juanjo) -- simple stats output (Juanjo) -- 16-bit and 15-bit RGB/BGR/GBR support (Bisqwit) - - -version 0.4.5: - -- some header fixes (Zdenek Kabelac ) -- many MMX optimizations (Nick Kurshev ) -- added configure system (actually a small shell script) -- added MPEG audio layer 1/2/3 decoding using LGPL'ed mpglib by - Michael Hipp (temporary solution - waiting for integer only - decoder) -- fixed VIDIOCSYNC interrupt -- added Intel H.263 decoding support ('I263' AVI fourCC) -- added Real Video 1.0 decoding (needs further testing) -- simplified image formats again. Added PGM format (=grey - pgm). Renamed old PGM to PGMYUV. -- fixed msmpeg4 slice issues (tell me if you still find problems) -- fixed OpenDivX bugs with newer versions (added VOL header decoding) -- added support for MPlayer interface -- added macroblock skip optimization -- added MJPEG decoder -- added mmx/mmxext IDCT from libmpeg2 -- added pgmyuvpipe, ppm, and ppm_pipe formats (original patch by Celer - ) -- added pixel format conversion layer (e.g. for MJPEG or PPM) -- added deinterlacing option -- MPEG-1/2 fixes -- MPEG-4 vol header fixes (Jonathan Marsden ) -- ARM optimizations (Lionel Ulmer ). -- Windows porting of file converter -- added MJPEG raw format (input/ouput) -- added JPEG image format support (input/output) - - -version 0.4.4: - -- fixed some std header definitions (Bjorn Lindgren - ). -- added MPEG demuxer (MPEG-1 and 2 compatible). -- added ASF demuxer -- added prototype RM demuxer -- added AC3 decoding (done with libac3 by Aaron Holtzman) -- added decoding codec parameter guessing (.e.g. for MPEG, because the - header does not include them) -- fixed header generation in MPEG-1, AVI and ASF muxer: wmplayer can now - play them (only tested video) -- fixed H.263 white bug -- fixed phase rounding in img resample filter -- add MMX code for polyphase img resample filter -- added CPU autodetection -- added generic title/author/copyright/comment string handling (ASF and RM - use them) -- added SWF demux to extract MP3 track (not usable yet because no MP3 - decoder) -- added fractional frame rate support -- codecs are no longer searched by read_header() (should fix ffserver - segfault) - - -version 0.4.3: - -- BGR24 patch (initial patch by Jeroen Vreeken ) -- fixed raw yuv output -- added motion rounding support in MPEG-4 -- fixed motion bug rounding in MSMPEG4 -- added B-frame handling in video core -- added full MPEG-1 decoding support -- added partial (frame only) MPEG-2 support -- changed the FOURCC code for H.263 to "U263" to be able to see the - +AVI/H.263 file with the UB Video H.263+ decoder. MPlayer works with - this +codec ;) (JuanJo). -- Halfpel motion estimation after MB type selection (JuanJo) -- added pgm and .Y.U.V output format -- suppressed 'img:' protocol. Simply use: /tmp/test%d.[pgm|Y] as input or - output. -- added pgmpipe I/O format (original patch from Martin Aumueller - , but changed completely since we use a format - instead of a protocol) - - -version 0.4.2: - -- added H.263/MPEG-4/MSMPEG4 decoding support. MPEG-4 decoding support - (for OpenDivX) is almost complete: 8x8 MVs and rounding are - missing. MSMPEG4 support is complete. -- added prototype MPEG-1 decoder. Only I- and P-frames handled yet (it - can decode ffmpeg MPEGs :-)). -- added libavcodec API documentation (see apiexample.c). -- fixed image polyphase bug (the bottom of some images could be - greenish) -- added support for non clipped motion vectors (decoding only) - and image sizes non-multiple of 16 -- added support for AC prediction (decoding only) -- added file overwrite confirmation (can be disabled with -y) -- added custom size picture to H.263 using H.263+ (Juanjo) - - -version 0.4.1: - -- added MSMPEG4 (aka DivX) compatible encoder. Changed default codec - of AVI and ASF to DIV3. -- added -me option to set motion estimation method - (default=log). suppressed redundant -hq option. -- added options -acodec and -vcodec to force a given codec (useful for - AVI for example) -- fixed -an option -- improved dct_quantize speed -- factorized some motion estimation code - - -version 0.4.0: - -- removing grab code from ffserver and moved it to ffmpeg. Added - multistream support to ffmpeg. -- added timeshifting support for live feeds (option ?date=xxx in the - URL) -- added high quality image resize code with polyphase filter (need - mmx/see optimization). Enable multiple image size support in ffserver. -- added multi live feed support in ffserver -- suppressed master feature from ffserver (it should be done with an - external program which opens the .ffm url and writes it to another - ffserver) -- added preliminary support for video stream parsing (WAV and AVI half - done). Added proper support for audio/video file conversion in - ffmpeg. -- added preliminary support for video file sending from ffserver -- redesigning I/O subsystem: now using URL based input and output - (see avio.h) -- added WAV format support -- added "tty user interface" to ffmpeg to stop grabbing gracefully -- added MMX/SSE optimizations to SAD (Sums of Absolutes Differences) - (Juan J. Sierralta P. a.k.a. "Juanjo" ) -- added MMX DCT from mpeg2_movie 1.5 (Juanjo) -- added new motion estimation algorithms, log and phods (Juanjo) -- changed directories: libav for format handling, libavcodec for - codecs - - -version 0.3.4: - -- added stereo in MPEG audio encoder - - -version 0.3.3: - -- added 'high quality' mode which use motion vectors. It can be used in - real time at low resolution. -- fixed rounding problems which caused quality problems at high - bitrates and large GOP size - - -version 0.3.2: small fixes - -- ASF fixes -- put_seek bug fix - - -version 0.3.1: added avi/divx support - -- added AVI support -- added MPEG-4 codec compatible with OpenDivX. It is based on the H.263 codec -- added sound for flash format (not tested) - - -version 0.3: initial public release From 3e0dbb8a7ed118308cdddac803063b2cd09de37b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 2 Oct 2011 00:45:41 +0200 Subject: [PATCH 494/652] h264: set unused ref_counts to 0 as a precautionary meassure. Signed-off-by: Michael Niedermayer (cherry picked from commit 3af2de76ac8b7aa762e4ee129ec29140e6247d81) --- libavcodec/h264.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 9c7bf24b5f..a889f422e1 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -2901,7 +2901,7 @@ static int decode_slice_header(H264Context *h, H264Context *h0){ else h->list_count= 1; }else - h->list_count= 0; + h->ref_count[1]= h->ref_count[0]= h->list_count= 0; if(!default_ref_list_done){ ff_h264_fill_default_ref_list(h); From 86491c5dbc160a10926aa1cf4fa36864b09dfb31 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 2 Oct 2011 00:47:54 +0200 Subject: [PATCH 495/652] h264: increase ref_poc size to 32 as it can be per field. Signed-off-by: Michael Niedermayer (cherry picked from commit 8c851ef5a81fb0429453c43fdcfc974ce1b6e447) --- libavcodec/mpegvideo.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mpegvideo.h b/libavcodec/mpegvideo.h index 0b233d0a20..1b8483f9d5 100644 --- a/libavcodec/mpegvideo.h +++ b/libavcodec/mpegvideo.h @@ -123,7 +123,7 @@ typedef struct Picture{ int pic_id; /**< h264 pic_num (short -> no wrap version of pic_num, pic_num & max_pic_num; long -> long_pic_num) */ int long_ref; ///< 1->long term reference 0->short term reference - int ref_poc[2][2][16]; ///< h264 POCs of the frames used as reference (FIXME need per slice) + int ref_poc[2][2][32]; ///< h264 POCs of the frames/fields used as reference (FIXME need per slice) int ref_count[2][2]; ///< number of entries in ref_poc (FIXME need per slice) int mbaff; ///< h264 1 -> MBAFF frame 0-> not MBAFF int field_picture; ///< whether or not the picture was encoded in seperate fields From 2e342df4a266f903084a5f705c7f2932e79067de Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sun, 2 Oct 2011 00:38:26 +0200 Subject: [PATCH 496/652] Fix use of uninitialized memory in 4X Technologies demuxer. Signed-off-by: Michael Niedermayer (cherry picked from commit a1876e0072aa0c69f037e0cafaca1a54bf2e189b) --- libavformat/4xm.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libavformat/4xm.c b/libavformat/4xm.c index 0a314dc089..e3b696d57b 100644 --- a/libavformat/4xm.c +++ b/libavformat/4xm.c @@ -172,14 +172,16 @@ static int fourxm_read_header(AVFormatContext *s, goto fail; } if (current_track + 1 > fourxm->track_count) { - fourxm->track_count = current_track + 1; fourxm->tracks = av_realloc_f(fourxm->tracks, sizeof(AudioTrack), - fourxm->track_count); + current_track + 1); if (!fourxm->tracks) { ret= AVERROR(ENOMEM); goto fail; } + memset(&fourxm->tracks[fourxm->track_count], 0, + sizeof(AudioTrack) * (current_track + 1 - fourxm->track_count)); + fourxm->track_count = current_track + 1; } fourxm->tracks[current_track].adpcm = AV_RL32(&header[i + 12]); fourxm->tracks[current_track].channels = AV_RL32(&header[i + 36]); From 535112b3658c21d1f9c4d2b44689342a32ff6eea Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sun, 2 Oct 2011 00:38:28 +0200 Subject: [PATCH 497/652] Prevent NULL dereference when the huffman table is invalid in the 4xm decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit 4a8ff0636d67c6df059f2ae2df49ad1181de14ca) --- libavcodec/4xm.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/libavcodec/4xm.c b/libavcodec/4xm.c index d89b494b09..1ec64ae3e0 100644 --- a/libavcodec/4xm.c +++ b/libavcodec/4xm.c @@ -601,9 +601,10 @@ static const uint8_t *read_huffman_tables(FourXContext *f, const uint8_t * const len_tab[j]= len; } - init_vlc(&f->pre_vlc, ACDC_VLC_BITS, 257, - len_tab , 1, 1, - bits_tab, 4, 4, 0); + if (init_vlc(&f->pre_vlc, ACDC_VLC_BITS, 257, + len_tab , 1, 1, + bits_tab, 4, 4, 0)) + return NULL; return ptr; } From d2a276a3fd7b34583ee7e8e7ec4c8fb85791c674 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sun, 2 Oct 2011 00:38:31 +0200 Subject: [PATCH 498/652] Fix the check for missing references in ff_er_frame_end() for H264. Signed-off-by: Michael Niedermayer --- libavcodec/error_resilience.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/error_resilience.c b/libavcodec/error_resilience.c index d6ac81f009..0e410f96e8 100644 --- a/libavcodec/error_resilience.c +++ b/libavcodec/error_resilience.c @@ -660,7 +660,7 @@ static int is_intra_more_likely(MpegEncContext *s){ if(s->codec_id == CODEC_ID_H264){ H264Context *h= (void*)s; - if(h->ref_count[0] <= 0 || !h->ref_list[0][0].data[0]) + if (h->list_count <= 0 || h->ref_count[0] <= 0 || !h->ref_list[0][0].data[0]) return 1; } From f421b534007ad791df593208d7998d07500a666e Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sun, 2 Oct 2011 00:38:30 +0200 Subject: [PATCH 499/652] Clear FF_INPUT_BUFFER_PADDING_SIZE bytes at the end of the temporary buffers used in 4xm decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit 90a69b2f61cbd2d58723d712bdf283e5e56b2ea2) --- libavcodec/4xm.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/4xm.c b/libavcodec/4xm.c index 1ec64ae3e0..29cab37ada 100644 --- a/libavcodec/4xm.c +++ b/libavcodec/4xm.c @@ -399,6 +399,7 @@ static int decode_p_frame(FourXContext *f, const uint8_t *buf, int length){ if (!f->bitstream_buffer) return AVERROR(ENOMEM); f->dsp.bswap_buf(f->bitstream_buffer, (const uint32_t*)(buf + extra), bitstream_size/4); + memset((uint8_t*)f->bitstream_buffer + bitstream_size, 0, FF_INPUT_BUFFER_PADDING_SIZE); init_get_bits(&f->gb, f->bitstream_buffer, 8*bitstream_size); f->wordstream= (const uint16_t*)(buf + extra + bitstream_size); @@ -680,6 +681,7 @@ static int decode_i_frame(FourXContext *f, const uint8_t *buf, int length){ if (!f->bitstream_buffer) return AVERROR(ENOMEM); f->dsp.bswap_buf(f->bitstream_buffer, (const uint32_t*)prestream, prestream_size/4); + memset((uint8_t*)f->bitstream_buffer + prestream_size, 0, FF_INPUT_BUFFER_PADDING_SIZE); init_get_bits(&f->pre_gb, f->bitstream_buffer, 8*prestream_size); f->last_dc= 0*128*8*8; From 64a9004d0771473b10655a3779b63e4e64505aa7 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sun, 2 Oct 2011 00:38:32 +0200 Subject: [PATCH 500/652] Check for out of bound reads in PTX decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit 581898ae882dc37967b689b6ea5f2b2a9acd257a) --- libavcodec/ptx.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/libavcodec/ptx.c b/libavcodec/ptx.c index 3273fd2f8e..756dbcd58b 100644 --- a/libavcodec/ptx.c +++ b/libavcodec/ptx.c @@ -39,12 +39,15 @@ static av_cold int ptx_init(AVCodecContext *avctx) { static int ptx_decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPacket *avpkt) { const uint8_t *buf = avpkt->data; + const uint8_t *buf_end = avpkt->data + avpkt->size; PTXContext * const s = avctx->priv_data; AVFrame *picture = data; AVFrame * const p = &s->picture; unsigned int offset, w, h, y, stride, bytes_per_pixel; uint8_t *ptr; + if (buf_end - buf < 14) + return AVERROR_INVALIDDATA; offset = AV_RL16(buf); w = AV_RL16(buf+8); h = AV_RL16(buf+10); @@ -57,6 +60,9 @@ static int ptx_decode_frame(AVCodecContext *avctx, void *data, int *data_size, avctx->pix_fmt = PIX_FMT_RGB555; + + if (buf_end - buf < offset) + return AVERROR_INVALIDDATA; if (offset != 0x2c) av_log_ask_for_sample(avctx, "offset != 0x2c\n"); @@ -80,6 +86,8 @@ static int ptx_decode_frame(AVCodecContext *avctx, void *data, int *data_size, stride = p->linesize[0]; for (y=0; y Date: Sat, 1 Oct 2011 00:43:05 +0200 Subject: [PATCH 501/652] Prevent block size from inreasing in the shorten decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit b399cbfba5d901608c18e1a2d48a24c30541a634) --- libavcodec/shorten.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c index 5e599fd504..4c1abe8e4c 100644 --- a/libavcodec/shorten.c +++ b/libavcodec/shorten.c @@ -483,9 +483,15 @@ static int shorten_decode_frame(AVCodecContext *avctx, case FN_BITSHIFT: s->bitshift = get_ur_golomb_shorten(&s->gb, BITSHIFTSIZE); break; - case FN_BLOCKSIZE: - s->blocksize = get_uint(s, av_log2(s->blocksize)); + case FN_BLOCKSIZE: { + int blocksize = get_uint(s, av_log2(s->blocksize)); + if (blocksize > s->blocksize) { + av_log(avctx, AV_LOG_ERROR, "Increasing block size is not supported\n"); + return AVERROR_PATCHWELCOME; + } + s->blocksize = blocksize; break; + } case FN_QUIT: *data_size = 0; return buf_size; From 2c282e96796039b73f0a4b42c97a4432ec51fcd4 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sun, 2 Oct 2011 00:38:27 +0200 Subject: [PATCH 502/652] Check for out of bound accesses in the 4xm decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit 9c661e952fbcbf044709f9a7031c68cc4860336b) --- libavcodec/4xm.c | 59 +++++++++++++++++++++++++++++++++++++----------- 1 file changed, 46 insertions(+), 13 deletions(-) diff --git a/libavcodec/4xm.c b/libavcodec/4xm.c index 29cab37ada..7b5df62a43 100644 --- a/libavcodec/4xm.c +++ b/libavcodec/4xm.c @@ -133,7 +133,9 @@ typedef struct FourXContext{ GetBitContext pre_gb; ///< ac/dc prefix GetBitContext gb; const uint8_t *bytestream; + const uint8_t *bytestream_end; const uint16_t *wordstream; + const uint16_t *wordstream_end; int mv[256]; VLC pre_vlc; int last_dc; @@ -328,6 +330,8 @@ static void decode_p_block(FourXContext *f, uint16_t *dst, uint16_t *src, int lo assert(code>=0 && code<=6); if(code == 0){ + if (f->bytestream_end - f->bytestream < 1) + return; src += f->mv[ *f->bytestream++ ]; if(start > src || src > end){ av_log(f->avctx, AV_LOG_ERROR, "mv out of pic\n"); @@ -345,15 +349,23 @@ static void decode_p_block(FourXContext *f, uint16_t *dst, uint16_t *src, int lo }else if(code == 3 && f->version<2){ mcdc(dst, src, log2w, h, stride, 1, 0); }else if(code == 4){ + if (f->bytestream_end - f->bytestream < 1) + return; src += f->mv[ *f->bytestream++ ]; if(start > src || src > end){ av_log(f->avctx, AV_LOG_ERROR, "mv out of pic\n"); return; } + if (f->wordstream_end - f->wordstream < 1) + return; mcdc(dst, src, log2w, h, stride, 1, av_le2ne16(*f->wordstream++)); }else if(code == 5){ + if (f->wordstream_end - f->wordstream < 1) + return; mcdc(dst, src, log2w, h, stride, 0, av_le2ne16(*f->wordstream++)); }else if(code == 6){ + if (f->wordstream_end - f->wordstream < 2) + return; if(log2w){ dst[0] = av_le2ne16(*f->wordstream++); dst[1] = av_le2ne16(*f->wordstream++); @@ -375,6 +387,8 @@ static int decode_p_frame(FourXContext *f, const uint8_t *buf, int length){ if(f->version>1){ extra=20; + if (length < extra) + return -1; bitstream_size= AV_RL32(buf+8); wordstream_size= AV_RL32(buf+12); bytestream_size= AV_RL32(buf+16); @@ -385,11 +399,10 @@ static int decode_p_frame(FourXContext *f, const uint8_t *buf, int length){ bytestream_size= FFMAX(length - bitstream_size - wordstream_size, 0); } - if(bitstream_size+ bytestream_size+ wordstream_size + extra != length - || bitstream_size > (1<<26) - || bytestream_size > (1<<26) - || wordstream_size > (1<<26) - ){ + if (bitstream_size > length || + bytestream_size > length - bitstream_size || + wordstream_size > length - bytestream_size - bitstream_size || + extra > length - bytestream_size - bitstream_size - wordstream_size){ av_log(f->avctx, AV_LOG_ERROR, "lengths %d %d %d %d\n", bitstream_size, bytestream_size, wordstream_size, bitstream_size+ bytestream_size+ wordstream_size - length); return -1; @@ -403,7 +416,9 @@ static int decode_p_frame(FourXContext *f, const uint8_t *buf, int length){ init_get_bits(&f->gb, f->bitstream_buffer, 8*bitstream_size); f->wordstream= (const uint16_t*)(buf + extra + bitstream_size); + f->wordstream_end= f->wordstream + wordstream_size/2; f->bytestream= buf + extra + bitstream_size + wordstream_size; + f->bytestream_end = f->bytestream + bytestream_size; init_mv(f); @@ -532,7 +547,7 @@ static int decode_i_mb(FourXContext *f){ return 0; } -static const uint8_t *read_huffman_tables(FourXContext *f, const uint8_t * const buf){ +static const uint8_t *read_huffman_tables(FourXContext *f, const uint8_t * const buf, int buf_size){ int frequency[512]; uint8_t flag[512]; int up[512]; @@ -540,6 +555,7 @@ static const uint8_t *read_huffman_tables(FourXContext *f, const uint8_t * const int bits_tab[257]; int start, end; const uint8_t *ptr= buf; + const uint8_t *ptr_end = buf + buf_size; int j; memset(frequency, 0, sizeof(frequency)); @@ -550,6 +566,8 @@ static const uint8_t *read_huffman_tables(FourXContext *f, const uint8_t * const for(;;){ int i; + if (start <= end && ptr_end - ptr < end - start + 1 + 1) + return NULL; for(i=start; i<=end; i++){ frequency[i]= *ptr++; } @@ -623,10 +641,13 @@ static int decode_i2_frame(FourXContext *f, const uint8_t *buf, int length){ const int height= f->avctx->height; uint16_t *dst= (uint16_t*)f->current_picture.data[0]; const int stride= f->current_picture.linesize[0]>>1; + const uint8_t *buf_end = buf + length; for(y=0; ycurrent_picture.data[0]; const int stride= f->current_picture.linesize[0]>>1; const unsigned int bitstream_size= AV_RL32(buf); - const int token_count av_unused = AV_RL32(buf + bitstream_size + 8); - unsigned int prestream_size= 4*AV_RL32(buf + bitstream_size + 4); - const uint8_t *prestream= buf + bitstream_size + 12; + unsigned int prestream_size; + const uint8_t *prestream; - if(prestream_size + bitstream_size + 12 != length - || bitstream_size > (1<<26) - || prestream_size > (1<<26)){ + if (bitstream_size > (1<<26) || length < bitstream_size + 12) + return -1; + prestream_size = 4*AV_RL32(buf + bitstream_size + 4); + prestream = buf + bitstream_size + 12; + + if (prestream_size > (1<<26) || + prestream_size != length - (bitstream_size + 12)){ av_log(f->avctx, AV_LOG_ERROR, "size mismatch %d %d %d\n", prestream_size, bitstream_size, length); return -1; } - prestream= read_huffman_tables(f, prestream); + prestream= read_huffman_tables(f, prestream, buf + length - prestream); + if (!prestream) + return -1; init_get_bits(&f->gb, buf + 4, 8*bitstream_size); @@ -713,6 +739,8 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *p, temp; int i, frame_4cc, frame_size; + if (buf_size < 12) + return AVERROR_INVALIDDATA; frame_4cc= AV_RL32(buf); if(buf_size != AV_RL32(buf+4)+8 || buf_size < 20){ av_log(f->avctx, AV_LOG_ERROR, "size mismatch %d %d\n", buf_size, AV_RL32(buf+4)); @@ -725,6 +753,9 @@ static int decode_frame(AVCodecContext *avctx, const int whole_size= AV_RL32(buf+16); CFrameBuffer *cfrm; + if (data_size < 0 || whole_size < 0) + return AVERROR_INVALIDDATA; + for(i=0; icfrm[i].id && f->cfrm[i].id < avctx->frame_number) av_log(f->avctx, AV_LOG_ERROR, "lost c frame %d\n", f->cfrm[i].id); @@ -741,6 +772,8 @@ static int decode_frame(AVCodecContext *avctx, } cfrm= &f->cfrm[i]; + if (data_size > UINT_MAX - cfrm->size - FF_INPUT_BUFFER_PADDING_SIZE) + return AVERROR_INVALIDDATA; cfrm->data= av_fast_realloc(cfrm->data, &cfrm->allocated_size, cfrm->size + data_size + FF_INPUT_BUFFER_PADDING_SIZE); if(!cfrm->data){ //explicit check needed as memcpy below might not catch a NULL av_log(f->avctx, AV_LOG_ERROR, "realloc falure"); From 54a1e7b0f28ad4d5d9d50969df2cf786a9aa7e27 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 2 Oct 2011 03:39:59 +0200 Subject: [PATCH 503/652] 4xm decoder: print some error messages in case of errors. Signed-off-by: Michael Niedermayer (cherry picked from commit 1008f639e2ebaa2b3d48ac765ca49c8869042d75) --- libavcodec/4xm.c | 36 +++++++++++++++++++++++++++--------- 1 file changed, 27 insertions(+), 9 deletions(-) diff --git a/libavcodec/4xm.c b/libavcodec/4xm.c index 7b5df62a43..92717d0fef 100644 --- a/libavcodec/4xm.c +++ b/libavcodec/4xm.c @@ -330,8 +330,10 @@ static void decode_p_block(FourXContext *f, uint16_t *dst, uint16_t *src, int lo assert(code>=0 && code<=6); if(code == 0){ - if (f->bytestream_end - f->bytestream < 1) + if (f->bytestream_end - f->bytestream < 1){ + av_log(f->avctx, AV_LOG_ERROR, "bytestream overread\n"); return; + } src += f->mv[ *f->bytestream++ ]; if(start > src || src > end){ av_log(f->avctx, AV_LOG_ERROR, "mv out of pic\n"); @@ -349,23 +351,31 @@ static void decode_p_block(FourXContext *f, uint16_t *dst, uint16_t *src, int lo }else if(code == 3 && f->version<2){ mcdc(dst, src, log2w, h, stride, 1, 0); }else if(code == 4){ - if (f->bytestream_end - f->bytestream < 1) + if (f->bytestream_end - f->bytestream < 1){ + av_log(f->avctx, AV_LOG_ERROR, "bytestream overread\n"); return; + } src += f->mv[ *f->bytestream++ ]; if(start > src || src > end){ av_log(f->avctx, AV_LOG_ERROR, "mv out of pic\n"); return; } - if (f->wordstream_end - f->wordstream < 1) + if (f->wordstream_end - f->wordstream < 1){ + av_log(f->avctx, AV_LOG_ERROR, "wordstream overread\n"); return; + } mcdc(dst, src, log2w, h, stride, 1, av_le2ne16(*f->wordstream++)); }else if(code == 5){ - if (f->wordstream_end - f->wordstream < 1) + if (f->wordstream_end - f->wordstream < 1){ + av_log(f->avctx, AV_LOG_ERROR, "wordstream overread\n"); return; + } mcdc(dst, src, log2w, h, stride, 0, av_le2ne16(*f->wordstream++)); }else if(code == 6){ - if (f->wordstream_end - f->wordstream < 2) + if (f->wordstream_end - f->wordstream < 2){ + av_log(f->avctx, AV_LOG_ERROR, "wordstream overread\n"); return; + } if(log2w){ dst[0] = av_le2ne16(*f->wordstream++); dst[1] = av_le2ne16(*f->wordstream++); @@ -753,8 +763,10 @@ static int decode_frame(AVCodecContext *avctx, const int whole_size= AV_RL32(buf+16); CFrameBuffer *cfrm; - if (data_size < 0 || whole_size < 0) + if (data_size < 0 || whole_size < 0){ + av_log(f->avctx, AV_LOG_ERROR, "sizes invalid\n"); return AVERROR_INVALIDDATA; + } for(i=0; icfrm[i].id && f->cfrm[i].id < avctx->frame_number) @@ -817,12 +829,16 @@ static int decode_frame(AVCodecContext *avctx, if(frame_4cc == AV_RL32("ifr2")){ p->pict_type= AV_PICTURE_TYPE_I; - if(decode_i2_frame(f, buf-4, frame_size) < 0) + if(decode_i2_frame(f, buf-4, frame_size) < 0){ + av_log(f->avctx, AV_LOG_ERROR, "decode i2 frame failed\n"); return -1; + } }else if(frame_4cc == AV_RL32("ifrm")){ p->pict_type= AV_PICTURE_TYPE_I; - if(decode_i_frame(f, buf, frame_size) < 0) + if(decode_i_frame(f, buf, frame_size) < 0){ + av_log(f->avctx, AV_LOG_ERROR, "decode i frame failed\n"); return -1; + } }else if(frame_4cc == AV_RL32("pfrm") || frame_4cc == AV_RL32("pfr2")){ if(!f->last_picture.data[0]){ f->last_picture.reference= 1; @@ -833,8 +849,10 @@ static int decode_frame(AVCodecContext *avctx, } p->pict_type= AV_PICTURE_TYPE_P; - if(decode_p_frame(f, buf, frame_size) < 0) + if(decode_p_frame(f, buf, frame_size) < 0){ + av_log(f->avctx, AV_LOG_ERROR, "decode p frame failed\n"); return -1; + } }else if(frame_4cc == AV_RL32("snd_")){ av_log(avctx, AV_LOG_ERROR, "ignoring snd_ chunk length:%d\n", buf_size); }else{ From 55a070870facd6bc72f9b943baba2833ce24f075 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 2 Oct 2011 03:40:26 +0200 Subject: [PATCH 504/652] 4xm decoder: fix data size for i2 frames. Signed-off-by: Michael Niedermayer (cherry picked from commit 0a19b4b0bae772cac7f8341e94c319c96356ee69) --- libavcodec/4xm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/4xm.c b/libavcodec/4xm.c index 92717d0fef..98169fd8ab 100644 --- a/libavcodec/4xm.c +++ b/libavcodec/4xm.c @@ -829,7 +829,7 @@ static int decode_frame(AVCodecContext *avctx, if(frame_4cc == AV_RL32("ifr2")){ p->pict_type= AV_PICTURE_TYPE_I; - if(decode_i2_frame(f, buf-4, frame_size) < 0){ + if(decode_i2_frame(f, buf-4, frame_size+4) < 0){ av_log(f->avctx, AV_LOG_ERROR, "decode i2 frame failed\n"); return -1; } From 6b998720b29b5fd1c94b01903b0d05c1141fb0c2 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 1 Oct 2011 02:04:45 +0200 Subject: [PATCH 505/652] Reject video with non multiple of 16 width/height in the 4xm decoder. Signed-off-by: Michael Niedermayer (cherry picked from commit db5b4875514eb7740844f514dbf236c9179a6a93) --- libavcodec/4xm.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/4xm.c b/libavcodec/4xm.c index 98169fd8ab..7344f4cd1f 100644 --- a/libavcodec/4xm.c +++ b/libavcodec/4xm.c @@ -885,6 +885,10 @@ static av_cold int decode_init(AVCodecContext *avctx){ av_log(avctx, AV_LOG_ERROR, "extradata wrong or missing\n"); return 1; } + if((avctx->width % 16) || (avctx->height % 16)) { + av_log(avctx, AV_LOG_ERROR, "unsupported width/height\n"); + return AVERROR_INVALIDDATA; + } avcodec_get_frame_defaults(&f->current_picture); avcodec_get_frame_defaults(&f->last_picture); From cf0052931d5776eafacd7771bc9c40da86e31b09 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sun, 2 Oct 2011 16:06:37 +0200 Subject: [PATCH 506/652] h264: do not let invalid values in h->ref_count on ff_h264_decode_ref_pic_list_reordering() errors. Signed-off-by: Michael Niedermayer (cherry picked from commit 2428b53f6d306d8d71dec34fa7b0af733d76cfac) --- libavcodec/h264.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index a889f422e1..dcca6bd73c 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -2907,8 +2907,10 @@ static int decode_slice_header(H264Context *h, H264Context *h0){ ff_h264_fill_default_ref_list(h); } - if(h->slice_type_nos!=AV_PICTURE_TYPE_I && ff_h264_decode_ref_pic_list_reordering(h) < 0) + if(h->slice_type_nos!=AV_PICTURE_TYPE_I && ff_h264_decode_ref_pic_list_reordering(h) < 0) { + h->ref_count[1]= h->ref_count[0]= 0; return -1; + } if(h->slice_type_nos!=AV_PICTURE_TYPE_I){ s->last_picture_ptr= &h->ref_list[0][0]; From bfd7238adbec83981ddd259e26e9e8f90d78f472 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sun, 2 Oct 2011 16:06:38 +0200 Subject: [PATCH 507/652] h264: fix the check for invalid SPS:num_ref_frames. This patch set the limit to 16. For information, thoses previous commits: 41f7e2d11d2dca23842ee89d530ca9fa15cec9d8 5cbb0e70a0a2ee99eb3cb09e837b9a1f7355b9bc assumed it was either 30 or 32. Signed-off-by: Michael Niedermayer (cherry picked from commit bcf881a6858760ecbd9ff4352a38813dc4232dd6) --- libavcodec/h264_ps.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h264_ps.c b/libavcodec/h264_ps.c index 61fb12ce0c..4bb02e0948 100644 --- a/libavcodec/h264_ps.c +++ b/libavcodec/h264_ps.c @@ -365,7 +365,7 @@ int ff_h264_decode_seq_parameter_set(H264Context *h){ } sps->ref_frame_count= get_ue_golomb_31(&s->gb); - if(sps->ref_frame_count > MAX_PICTURE_COUNT-2 || sps->ref_frame_count >= 32U){ + if(sps->ref_frame_count > MAX_PICTURE_COUNT-2 || sps->ref_frame_count > 16U){ av_log(h->s.avctx, AV_LOG_ERROR, "too many reference frames\n"); goto fail; } From 46edabac3c97669d491016903d0f9014692dfcaa Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sun, 2 Oct 2011 18:29:30 +0200 Subject: [PATCH 508/652] h264: add entries for 11 and 12 bits in ff_h264_chroma_qp[][] Signed-off-by: Michael Niedermayer (cherry picked from commit 27d3361e34cf19ad5c0bfb7cfacae0db99b26064) --- libavcodec/h264.h | 4 ++-- libavcodec/h264_ps.c | 15 ++++++++++++++- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/libavcodec/h264.h b/libavcodec/h264.h index 822ba0271a..5b07f3775d 100644 --- a/libavcodec/h264.h +++ b/libavcodec/h264.h @@ -101,7 +101,7 @@ */ #define DELAYED_PIC_REF 4 -#define QP_MAX_NUM (51 + 2*6) // The maximum supported qp +#define QP_MAX_NUM (51 + 4*6) // The maximum supported qp /* NAL unit types */ enum { @@ -584,7 +584,7 @@ typedef struct H264Context{ }H264Context; -extern const uint8_t ff_h264_chroma_qp[3][QP_MAX_NUM+1]; ///< One chroma qp table for each supported bit depth (8, 9, 10). +extern const uint8_t ff_h264_chroma_qp[5][QP_MAX_NUM+1]; ///< One chroma qp table for each possible bit depth (8-12). /** * Decode SEI diff --git a/libavcodec/h264_ps.c b/libavcodec/h264_ps.c index 4bb02e0948..4342c4b1ec 100644 --- a/libavcodec/h264_ps.c +++ b/libavcodec/h264_ps.c @@ -70,7 +70,7 @@ static const AVRational pixel_aspect[17]={ QP(37,d), QP(37,d), QP(37,d), QP(38,d), QP(38,d), QP(38,d),\ QP(39,d), QP(39,d), QP(39,d), QP(39,d) -const uint8_t ff_h264_chroma_qp[3][QP_MAX_NUM+1] = { +const uint8_t ff_h264_chroma_qp[5][QP_MAX_NUM+1] = { { CHROMA_QP_TABLE_END(8) }, @@ -83,6 +83,19 @@ const uint8_t ff_h264_chroma_qp[3][QP_MAX_NUM+1] = { 6, 7, 8, 9, 10, 11, CHROMA_QP_TABLE_END(10) }, + { + 0, 1, 2, 3, 4, 5, + 6, 7, 8, 9, 10, 11, + 12,13,14,15, 16, 17, + CHROMA_QP_TABLE_END(11) + }, + { + 0, 1, 2, 3, 4, 5, + 6, 7, 8, 9, 10, 11, + 12,13,14,15, 16, 17, + 18,19,20,21, 22, 23, + CHROMA_QP_TABLE_END(12) + }, }; static const uint8_t default_scaling4[2][16]={ From efedf09378e82cc75d56e881842c5bf14b2c9d05 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sun, 2 Oct 2011 18:29:31 +0200 Subject: [PATCH 509/652] h264: check for invalid bit depth value. Signed-off-by: Michael Niedermayer (cherry picked from commit c2b7f7748be447e1446f63b13da472ba7e00f329) --- libavcodec/h264_ps.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/h264_ps.c b/libavcodec/h264_ps.c index 4342c4b1ec..423f54b324 100644 --- a/libavcodec/h264_ps.c +++ b/libavcodec/h264_ps.c @@ -346,6 +346,11 @@ int ff_h264_decode_seq_parameter_set(H264Context *h){ sps->residual_color_transform_flag = get_bits1(&s->gb); sps->bit_depth_luma = get_ue_golomb(&s->gb) + 8; sps->bit_depth_chroma = get_ue_golomb(&s->gb) + 8; + if (sps->bit_depth_luma > 12U || sps->bit_depth_chroma > 12U) { + av_log(h->s.avctx, AV_LOG_ERROR, "illegal bit depth value (%d, %d)\n", + sps->bit_depth_luma, sps->bit_depth_chroma); + goto fail; + } sps->transform_bypass = get_bits1(&s->gb); decode_scaling_matrices(h, sps, NULL, 1, sps->scaling_matrix4, sps->scaling_matrix8); }else{ From b89a0c9d7f4c4a23d709761033ad5e2f9c2881fa Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sun, 2 Oct 2011 21:07:41 +0200 Subject: [PATCH 510/652] h264: fix intra 16x16 mode check when using mbaff and constrained_intra_pred. Signed-off-by: Michael Niedermayer (cherry picked from commit a4fd95b5d511384ed3ce388d8d20a16b1c4c0530) --- libavcodec/h264.c | 26 ++++++++++++++++++++------ libavcodec/h264.h | 7 ++++++- libavcodec/h264_cabac.c | 4 ++-- libavcodec/h264_cavlc.c | 4 ++-- libavcodec/svq3.c | 4 ++-- 5 files changed, 32 insertions(+), 13 deletions(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index dcca6bd73c..bab032b300 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -106,12 +106,9 @@ int ff_h264_check_intra4x4_pred_mode(H264Context *h){ } return 0; -} //FIXME cleanup like ff_h264_check_intra_pred_mode +} //FIXME cleanup like check_intra_pred_mode -/** - * checks if the top & left blocks are available if needed & changes the dc mode so it only uses the available blocks. - */ -int ff_h264_check_intra_pred_mode(H264Context *h, int mode){ +static int check_intra_pred_mode(H264Context *h, int mode, int is_chroma){ MpegEncContext * const s = &h->s; static const int8_t top [7]= {LEFT_DC_PRED8x8, 1,-1,-1}; static const int8_t left[7]= { TOP_DC_PRED8x8,-1, 2,-1,DC_128_PRED8x8}; @@ -131,7 +128,7 @@ int ff_h264_check_intra_pred_mode(H264Context *h, int mode){ if((h->left_samples_available&0x8080) != 0x8080){ mode= left[ mode ]; - if(h->left_samples_available&0x8080){ //mad cow disease mode, aka MBAFF + constrained_intra_pred + if(is_chroma && (h->left_samples_available&0x8080)){ //mad cow disease mode, aka MBAFF + constrained_intra_pred mode= ALZHEIMER_DC_L0T_PRED8x8 + (!(h->left_samples_available&0x8000)) + 2*(mode == DC_128_PRED8x8); } if(mode<0){ @@ -143,6 +140,23 @@ int ff_h264_check_intra_pred_mode(H264Context *h, int mode){ return mode; } +/** + * checks if the top & left blocks are available if needed & changes the dc mode so it only uses the available blocks. + */ +int ff_h264_check_intra16x16_pred_mode(H264Context *h, int mode) +{ + return check_intra_pred_mode(h, mode, 0); +} + +/** + * checks if the top & left blocks are available if needed & changes the dc mode so it only uses the available blocks. + */ +int ff_h264_check_intra_chroma_pred_mode(H264Context *h, int mode) +{ + return check_intra_pred_mode(h, mode, 1); +} + + const uint8_t *ff_h264_decode_nal(H264Context *h, const uint8_t *src, int *dst_length, int *consumed, int length){ int i, si, di; uint8_t *dst; diff --git a/libavcodec/h264.h b/libavcodec/h264.h index 5b07f3775d..0a380e03c1 100644 --- a/libavcodec/h264.h +++ b/libavcodec/h264.h @@ -658,7 +658,12 @@ int ff_h264_check_intra4x4_pred_mode(H264Context *h); /** * Check if the top & left blocks are available if needed & change the dc mode so it only uses the available blocks. */ -int ff_h264_check_intra_pred_mode(H264Context *h, int mode); +int ff_h264_check_intra16x16_pred_mode(H264Context *h, int mode); + +/** + * Check if the top & left blocks are available if needed & change the dc mode so it only uses the available blocks. + */ +int ff_h264_check_intra_chroma_pred_mode(H264Context *h, int mode); void ff_h264_write_back_intra_pred_mode(H264Context *h); void ff_h264_hl_decode_mb(H264Context *h); diff --git a/libavcodec/h264_cabac.c b/libavcodec/h264_cabac.c index 3975a61699..7aaecf3c2e 100644 --- a/libavcodec/h264_cabac.c +++ b/libavcodec/h264_cabac.c @@ -2003,14 +2003,14 @@ decode_intra_mb: ff_h264_write_back_intra_pred_mode(h); if( ff_h264_check_intra4x4_pred_mode(h) < 0 ) return -1; } else { - h->intra16x16_pred_mode= ff_h264_check_intra_pred_mode( h, h->intra16x16_pred_mode ); + h->intra16x16_pred_mode= ff_h264_check_intra16x16_pred_mode( h, h->intra16x16_pred_mode ); if( h->intra16x16_pred_mode < 0 ) return -1; } if(decode_chroma){ h->chroma_pred_mode_table[mb_xy] = pred_mode = decode_cabac_mb_chroma_pre_mode( h ); - pred_mode= ff_h264_check_intra_pred_mode( h, pred_mode ); + pred_mode= ff_h264_check_intra_chroma_pred_mode( h, pred_mode ); if( pred_mode < 0 ) return -1; h->chroma_pred_mode= pred_mode; } else { diff --git a/libavcodec/h264_cavlc.c b/libavcodec/h264_cavlc.c index 0ddc430661..92cae7fa93 100644 --- a/libavcodec/h264_cavlc.c +++ b/libavcodec/h264_cavlc.c @@ -735,12 +735,12 @@ decode_intra_mb: if( ff_h264_check_intra4x4_pred_mode(h) < 0) return -1; }else{ - h->intra16x16_pred_mode= ff_h264_check_intra_pred_mode(h, h->intra16x16_pred_mode); + h->intra16x16_pred_mode= ff_h264_check_intra16x16_pred_mode(h, h->intra16x16_pred_mode); if(h->intra16x16_pred_mode < 0) return -1; } if(decode_chroma){ - pred_mode= ff_h264_check_intra_pred_mode(h, get_ue_golomb_31(&s->gb)); + pred_mode= ff_h264_check_intra_chroma_pred_mode(h, get_ue_golomb_31(&s->gb)); if(pred_mode < 0) return -1; h->chroma_pred_mode= pred_mode; diff --git a/libavcodec/svq3.c b/libavcodec/svq3.c index e5c18c59c2..812ac962f2 100644 --- a/libavcodec/svq3.c +++ b/libavcodec/svq3.c @@ -612,7 +612,7 @@ static int svq3_decode_mb(SVQ3Context *svq3, unsigned int mb_type) dir = i_mb_type_info[mb_type - 8].pred_mode; dir = (dir >> 1) ^ 3*(dir & 1) ^ 1; - if ((h->intra16x16_pred_mode = ff_h264_check_intra_pred_mode(h, dir)) == -1){ + if ((h->intra16x16_pred_mode = ff_h264_check_intra16x16_pred_mode(h, dir)) == -1){ av_log(h->s.avctx, AV_LOG_ERROR, "check_intra_pred_mode = -1\n"); return -1; } @@ -711,7 +711,7 @@ static int svq3_decode_mb(SVQ3Context *svq3, unsigned int mb_type) s->current_picture.mb_type[mb_xy] = mb_type; if (IS_INTRA(mb_type)) { - h->chroma_pred_mode = ff_h264_check_intra_pred_mode(h, DC_PRED8x8); + h->chroma_pred_mode = ff_h264_check_intra_chroma_pred_mode(h, DC_PRED8x8); } return 0; From b38b6b27981aa13b5fad9b540b1ff6a7b3e8d04a Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 2 Oct 2011 22:01:44 +0200 Subject: [PATCH 511/652] Update for 0.7.6 Signed-off-by: Michael Niedermayer --- Doxyfile | 2 +- RELEASE | 2 +- VERSION | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Doxyfile b/Doxyfile index bcb13563a5..24ceb58ecd 100644 --- a/Doxyfile +++ b/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 0.7.5 +PROJECT_NUMBER = 0.7.6 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. diff --git a/RELEASE b/RELEASE index 8bd6ba8c5c..c006218557 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -0.7.5 +0.7.6 diff --git a/VERSION b/VERSION index 8bd6ba8c5c..c006218557 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.7.5 +0.7.6 From 09d8f515b90d8acd71b4b897622927287e863346 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 2 Oct 2011 22:02:45 +0200 Subject: [PATCH 512/652] Update for 0.8.5 Signed-off-by: Michael Niedermayer --- Doxyfile | 2 +- RELEASE | 2 +- VERSION | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Doxyfile b/Doxyfile index 4f45f3417e..7b5b0df3c2 100644 --- a/Doxyfile +++ b/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 0.8.4 +PROJECT_NUMBER = 0.8.5 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. diff --git a/RELEASE b/RELEASE index b60d71966a..7ada0d303f 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -0.8.4 +0.8.5 diff --git a/VERSION b/VERSION index b60d71966a..7ada0d303f 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.8.4 +0.8.5 From 57f51e843e55815da5bb75ed32a81f60b7b45212 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 3 Oct 2011 16:32:17 +0200 Subject: [PATCH 513/652] lavf/utils: fix overestimation of the rational number density. Fixes Ticket498 Signed-off-by: Michael Niedermayer --- libavformat/utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index 3490270395..591a121ec2 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -3049,7 +3049,7 @@ int avformat_write_header(AVFormatContext *s, AVDictionary **options) goto fail; } if(av_cmp_q(st->sample_aspect_ratio, st->codec->sample_aspect_ratio) - && FFABS(av_q2d(st->sample_aspect_ratio) - av_q2d(st->codec->sample_aspect_ratio)) > 0.001 + && FFABS(av_q2d(st->sample_aspect_ratio) - av_q2d(st->codec->sample_aspect_ratio)) > 0.004*av_q2d(st->sample_aspect_ratio) ){ av_log(s, AV_LOG_ERROR, "Aspect ratio mismatch between encoder and muxer layer\n"); ret = AVERROR(EINVAL); From a39b603bf6d8c6f47c1864100bcd4d656445194c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 3 Oct 2011 16:32:17 +0200 Subject: [PATCH 514/652] lavf/utils: fix overestimation of the rational number density. Fixes Ticket498 Signed-off-by: Michael Niedermayer --- libavformat/utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index e79f98e62d..b15582acb1 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -2959,7 +2959,7 @@ int avformat_write_header(AVFormatContext *s, AVDictionary **options) goto fail; } if(av_cmp_q(st->sample_aspect_ratio, st->codec->sample_aspect_ratio) - && FFABS(av_q2d(st->sample_aspect_ratio) - av_q2d(st->codec->sample_aspect_ratio)) > 0.001 + && FFABS(av_q2d(st->sample_aspect_ratio) - av_q2d(st->codec->sample_aspect_ratio)) > 0.004*av_q2d(st->sample_aspect_ratio) ){ av_log(s, AV_LOG_ERROR, "Aspect ratio mismatch between encoder and muxer layer\n"); ret = AVERROR(EINVAL); From 60171d8fa68e90bd623daba970a65c4171cac502 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Sun, 28 Aug 2011 23:13:17 +0200 Subject: [PATCH 515/652] Do not set codec_tag property for matroska muxers. Fixes ticket #8, #537. --- libavformat/matroskaenc.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/libavformat/matroskaenc.c b/libavformat/matroskaenc.c index e9c977a59f..986373c4cd 100644 --- a/libavformat/matroskaenc.c +++ b/libavformat/matroskaenc.c @@ -1209,7 +1209,6 @@ AVOutputFormat ff_matroska_muxer = { mkv_write_packet, mkv_write_trailer, .flags = AVFMT_GLOBALHEADER | AVFMT_VARIABLE_FPS, - .codec_tag = (const AVCodecTag* const []){ff_codec_bmp_tags, ff_codec_wav_tags, 0}, .subtitle_codec = CODEC_ID_TEXT, }; #endif @@ -1243,6 +1242,5 @@ AVOutputFormat ff_matroska_audio_muxer = { mkv_write_packet, mkv_write_trailer, .flags = AVFMT_GLOBALHEADER, - .codec_tag = (const AVCodecTag* const []){ff_codec_wav_tags, 0}, }; #endif From 638e183d11367f0ccc46bee6228e5b271fda5a8e Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Sun, 28 Aug 2011 23:13:17 +0200 Subject: [PATCH 516/652] Do not set codec_tag property for matroska muxers. Fixes ticket #8, #537. (cherry picked from commit 60171d8fa68e90bd623daba970a65c4171cac502) --- libavformat/matroskaenc.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/libavformat/matroskaenc.c b/libavformat/matroskaenc.c index e9c977a59f..986373c4cd 100644 --- a/libavformat/matroskaenc.c +++ b/libavformat/matroskaenc.c @@ -1209,7 +1209,6 @@ AVOutputFormat ff_matroska_muxer = { mkv_write_packet, mkv_write_trailer, .flags = AVFMT_GLOBALHEADER | AVFMT_VARIABLE_FPS, - .codec_tag = (const AVCodecTag* const []){ff_codec_bmp_tags, ff_codec_wav_tags, 0}, .subtitle_codec = CODEC_ID_TEXT, }; #endif @@ -1243,6 +1242,5 @@ AVOutputFormat ff_matroska_audio_muxer = { mkv_write_packet, mkv_write_trailer, .flags = AVFMT_GLOBALHEADER, - .codec_tag = (const AVCodecTag* const []){ff_codec_wav_tags, 0}, }; #endif From b981c5d4e0f0dd26fd1c03d70a38aef85d6131bc Mon Sep 17 00:00:00 2001 From: Loren Osborn Date: Mon, 3 Oct 2011 16:03:29 +0200 Subject: [PATCH 517/652] mpegtsenc: Lift limit on PMT PID Fixes Ticket518 (cherry picked from commit bf5c3bac51e422580aad011fcd927c818542f054) --- libavformat/mpegtsenc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mpegtsenc.c b/libavformat/mpegtsenc.c index 7e9647257f..32dedfbae6 100644 --- a/libavformat/mpegtsenc.c +++ b/libavformat/mpegtsenc.c @@ -84,7 +84,7 @@ static const AVOption options[] = { { "mpegts_service_id", "Set service_id field.", offsetof(MpegTSWrite, service_id), FF_OPT_TYPE_INT, {.dbl = 0x0001 }, 0x0001, 0xffff, AV_OPT_FLAG_ENCODING_PARAM}, { "mpegts_pmt_start_pid", "Set the first pid of the PMT.", - offsetof(MpegTSWrite, pmt_start_pid), FF_OPT_TYPE_INT, {.dbl = 0x1000 }, 0x1000, 0x1f00, AV_OPT_FLAG_ENCODING_PARAM}, + offsetof(MpegTSWrite, pmt_start_pid), FF_OPT_TYPE_INT, {.dbl = 0x1000 }, 0x0010, 0x1f00, AV_OPT_FLAG_ENCODING_PARAM}, { "mpegts_start_pid", "Set the first pid.", offsetof(MpegTSWrite, start_pid), FF_OPT_TYPE_INT, {.dbl = 0x0100 }, 0x0100, 0x0f00, AV_OPT_FLAG_ENCODING_PARAM}, { NULL }, From 09a288476fecb855b77c2b13f939310467735af0 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 4 Oct 2011 00:14:48 +0200 Subject: [PATCH 518/652] H264: hotfix for speedloss on frame threading and h264 files with slices. This fix is not ideal as it still limits the multithreading on field pictures to the 2nd field only. Ill try to fix it properly to allow both fields to decode concurrently but this needs more work. This bug exists since and was caused by: commit ea6331f8bbaf3343faec6ffe77a6218a016a3af5 Author: Ronald S. Bultje Date: Mon Jun 20 10:24:33 2011 -0400 h264-mt: fix deadlock in packets with multiple slices (e.g. MP4). (cherry picked from commit eaa21b6870ba8bba4b0370e91f1941307c1c9681) --- libavcodec/h264.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index bab032b300..f6e93bd58d 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -3753,9 +3753,13 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size){ switch (hx->nal_unit_type) { case NAL_SPS: case NAL_PPS: + nals_needed = nal_index; + break; case NAL_IDR_SLICE: case NAL_SLICE: - nals_needed = nal_index; + init_get_bits(&hx->s.gb, ptr, bit_length); + if(!get_ue_golomb(&hx->s.gb)) + nals_needed = nal_index; } continue; } From 414409e6c5260ff8a409a05b34f72ba3d44c61a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20B=C5=93sch?= Date: Tue, 4 Oct 2011 21:34:55 +0200 Subject: [PATCH 519/652] configure: remove bashism equality check for target_os. (cherry picked from commit e39be59b85de63e036bd6db9b79a9a9f29a838f7) --- configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure b/configure index 576daf045b..be2f721f7a 100755 --- a/configure +++ b/configure @@ -3164,7 +3164,7 @@ check_deps $CONFIG_LIST \ enabled asm || { arch=c; disable $ARCH_LIST $ARCH_EXT_LIST; } -if test $target_os == "haiku"; then +if test $target_os = "haiku"; then disable memalign disable posix_memalign fi From e49abd1d92f4ef2258c82f233e138901839eee0c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 4 Oct 2011 23:21:52 +0200 Subject: [PATCH 520/652] libx264: Fix loop failure due to bufsize becoming 0 Signed-off-by: Michael Niedermayer (cherry picked from commit 751a4efd4d754b15ebc6027b09051f27860bb1e8) --- libavcodec/libx264.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavcodec/libx264.c b/libavcodec/libx264.c index bf542accdf..6477f3fbe0 100644 --- a/libavcodec/libx264.c +++ b/libavcodec/libx264.c @@ -101,13 +101,14 @@ static int encode_nals(AVCodecContext *ctx, uint8_t *buf, int size, } static int X264_frame(AVCodecContext *ctx, uint8_t *buf, - int bufsize, void *data) + int orig_bufsize, void *data) { X264Context *x4 = ctx->priv_data; AVFrame *frame = data; x264_nal_t *nal; int nnal, i; x264_picture_t pic_out; + int bufsize; x264_picture_init( &x4->pic ); x4->pic.img.i_csp = X264_CSP_I420; @@ -138,6 +139,7 @@ static int X264_frame(AVCodecContext *ctx, uint8_t *buf, } do { + bufsize = orig_bufsize; if (x264_encoder_encode(x4->enc, &nal, &nnal, frame? &x4->pic: NULL, &pic_out) < 0) return -1; From f74d1c6de7ef810544edae947db1eb1e2c7b6361 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Tue, 4 Oct 2011 22:13:58 +0200 Subject: [PATCH 521/652] h264: do not let invalid values in h->ref_count after a decoder reset. Signed-off-by: Michael Niedermayer (cherry picked from commit 0333d234b0355b375762447e93674e3fe3c5bff1) --- libavcodec/h264.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index f6e93bd58d..96d8ecf77a 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -2633,6 +2633,7 @@ static int decode_slice_header(H264Context *h, H264Context *h0){ free_tables(h, 0); flush_dpb(s->avctx); MPV_common_end(s); + h->list_count = 0; } if (!s->context_initialized) { if (h != h0) { From 7d12b065746d4f5eabe11373d406372308f47b6c Mon Sep 17 00:00:00 2001 From: Gwenole Beauchesne Date: Thu, 6 Oct 2011 15:19:33 +0200 Subject: [PATCH 522/652] vaapi: fix VC-1 decoding (reconstruct bitstream TTFRM correctly). (cherry picked from commit 825dd135d829d85778e6c37f685a6088fef01b2e) --- libavcodec/vaapi_vc1.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/libavcodec/vaapi_vc1.c b/libavcodec/vaapi_vc1.c index d4d76c815f..09bef4a5f9 100644 --- a/libavcodec/vaapi_vc1.c +++ b/libavcodec/vaapi_vc1.c @@ -116,6 +116,18 @@ static inline VAMvModeVC1 vc1_get_MVMODE2(VC1Context *v) return 0; } +/** Reconstruct bitstream TTFRM (7.1.1.41, Table-53) */ +static inline int vc1_get_TTFRM(VC1Context *v) +{ + switch (v->ttfrm) { + case TT_8X8: return 0; + case TT_8X4: return 1; + case TT_4X8: return 2; + case TT_4X4: return 3; + } + return 0; +} + /** Pack FFmpeg bitplanes into a VABitPlaneBuffer element */ static inline void vc1_pack_bitplanes(uint8_t *bitplane, int n, const uint8_t *ff_bp[3], int x, int y, int stride) { @@ -239,7 +251,7 @@ static int vaapi_vc1_start_frame(AVCodecContext *avctx, av_unused const uint8_t pic_param->transform_fields.value = 0; /* reset all bits */ pic_param->transform_fields.bits.variable_sized_transform_flag = v->vstransform; pic_param->transform_fields.bits.mb_level_transform_type_flag = v->ttmbf; - pic_param->transform_fields.bits.frame_level_transform_type = v->ttfrm; + pic_param->transform_fields.bits.frame_level_transform_type = vc1_get_TTFRM(v); pic_param->transform_fields.bits.transform_ac_codingset_idx1 = v->c_ac_table_index; pic_param->transform_fields.bits.transform_ac_codingset_idx2 = v->y_ac_table_index; pic_param->transform_fields.bits.intra_transform_dc_table = v->s.dc_table_index; From 7275dc28f6eec4168dbef79275b605bc73dbc0e4 Mon Sep 17 00:00:00 2001 From: Gwenole Beauchesne Date: Thu, 6 Oct 2011 15:19:33 +0200 Subject: [PATCH 523/652] vaapi: fix VC-1 decoding (reconstruct bitstream TTFRM correctly). (cherry picked from commit 825dd135d829d85778e6c37f685a6088fef01b2e) --- libavcodec/vaapi_vc1.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/libavcodec/vaapi_vc1.c b/libavcodec/vaapi_vc1.c index d4d76c815f..09bef4a5f9 100644 --- a/libavcodec/vaapi_vc1.c +++ b/libavcodec/vaapi_vc1.c @@ -116,6 +116,18 @@ static inline VAMvModeVC1 vc1_get_MVMODE2(VC1Context *v) return 0; } +/** Reconstruct bitstream TTFRM (7.1.1.41, Table-53) */ +static inline int vc1_get_TTFRM(VC1Context *v) +{ + switch (v->ttfrm) { + case TT_8X8: return 0; + case TT_8X4: return 1; + case TT_4X8: return 2; + case TT_4X4: return 3; + } + return 0; +} + /** Pack FFmpeg bitplanes into a VABitPlaneBuffer element */ static inline void vc1_pack_bitplanes(uint8_t *bitplane, int n, const uint8_t *ff_bp[3], int x, int y, int stride) { @@ -239,7 +251,7 @@ static int vaapi_vc1_start_frame(AVCodecContext *avctx, av_unused const uint8_t pic_param->transform_fields.value = 0; /* reset all bits */ pic_param->transform_fields.bits.variable_sized_transform_flag = v->vstransform; pic_param->transform_fields.bits.mb_level_transform_type_flag = v->ttmbf; - pic_param->transform_fields.bits.frame_level_transform_type = v->ttfrm; + pic_param->transform_fields.bits.frame_level_transform_type = vc1_get_TTFRM(v); pic_param->transform_fields.bits.transform_ac_codingset_idx1 = v->c_ac_table_index; pic_param->transform_fields.bits.transform_ac_codingset_idx2 = v->y_ac_table_index; pic_param->transform_fields.bits.intra_transform_dc_table = v->s.dc_table_index; From 7d52ed686b2ccbb2e72d3930cfba69448c346204 Mon Sep 17 00:00:00 2001 From: Gwenole Beauchesne Date: Thu, 6 Oct 2011 15:19:33 +0200 Subject: [PATCH 524/652] vaapi: fix VC-1 decoding (reconstruct bitstream TTFRM correctly). (cherry picked from commit 825dd135d829d85778e6c37f685a6088fef01b2e) --- libavcodec/vaapi_vc1.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/libavcodec/vaapi_vc1.c b/libavcodec/vaapi_vc1.c index d4d76c815f..09bef4a5f9 100644 --- a/libavcodec/vaapi_vc1.c +++ b/libavcodec/vaapi_vc1.c @@ -116,6 +116,18 @@ static inline VAMvModeVC1 vc1_get_MVMODE2(VC1Context *v) return 0; } +/** Reconstruct bitstream TTFRM (7.1.1.41, Table-53) */ +static inline int vc1_get_TTFRM(VC1Context *v) +{ + switch (v->ttfrm) { + case TT_8X8: return 0; + case TT_8X4: return 1; + case TT_4X8: return 2; + case TT_4X4: return 3; + } + return 0; +} + /** Pack FFmpeg bitplanes into a VABitPlaneBuffer element */ static inline void vc1_pack_bitplanes(uint8_t *bitplane, int n, const uint8_t *ff_bp[3], int x, int y, int stride) { @@ -239,7 +251,7 @@ static int vaapi_vc1_start_frame(AVCodecContext *avctx, av_unused const uint8_t pic_param->transform_fields.value = 0; /* reset all bits */ pic_param->transform_fields.bits.variable_sized_transform_flag = v->vstransform; pic_param->transform_fields.bits.mb_level_transform_type_flag = v->ttmbf; - pic_param->transform_fields.bits.frame_level_transform_type = v->ttfrm; + pic_param->transform_fields.bits.frame_level_transform_type = vc1_get_TTFRM(v); pic_param->transform_fields.bits.transform_ac_codingset_idx1 = v->c_ac_table_index; pic_param->transform_fields.bits.transform_ac_codingset_idx2 = v->y_ac_table_index; pic_param->transform_fields.bits.intra_transform_dc_table = v->s.dc_table_index; From 9f70057dd6d1737dd363017027c3b35512c23c27 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Wed, 12 Oct 2011 11:30:16 +0200 Subject: [PATCH 525/652] Do not set codec_tag property for matroska muxers. Fixes tickets #8, #537. --- libavformat/matroskaenc.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/libavformat/matroskaenc.c b/libavformat/matroskaenc.c index ecc5e6bbb3..63edb815e1 100644 --- a/libavformat/matroskaenc.c +++ b/libavformat/matroskaenc.c @@ -1211,7 +1211,6 @@ AVOutputFormat ff_matroska_muxer = { .write_packet = mkv_write_packet, .write_trailer = mkv_write_trailer, .flags = AVFMT_GLOBALHEADER | AVFMT_VARIABLE_FPS, - .codec_tag = (const AVCodecTag* const []){ff_codec_bmp_tags, ff_codec_wav_tags, 0}, .subtitle_codec = CODEC_ID_SSA, }; #endif @@ -1245,6 +1244,5 @@ AVOutputFormat ff_matroska_audio_muxer = { .write_packet = mkv_write_packet, .write_trailer = mkv_write_trailer, .flags = AVFMT_GLOBALHEADER, - .codec_tag = (const AVCodecTag* const []){ff_codec_wav_tags, 0}, }; #endif From b833859daa4eb8fe0ec9117859b21a734905b895 Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Tue, 13 Sep 2011 18:53:18 -0400 Subject: [PATCH 526/652] mpc7: check output buffer size before decoding (cherry picked from commit c8b5c4d27409dfdcec80868686b173ba446c998b) Signed-off-by: Michael Niedermayer --- libavcodec/mpc7.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/libavcodec/mpc7.c b/libavcodec/mpc7.c index bb21469356..515bbf60a7 100644 --- a/libavcodec/mpc7.c +++ b/libavcodec/mpc7.c @@ -197,7 +197,7 @@ static int mpc7_decode_frame(AVCodecContext * avctx, int i, ch; int mb = -1; Band *bands = c->bands; - int off; + int off, out_size; int bits_used, bits_avail; memset(bands, 0, sizeof(bands)); @@ -205,6 +205,12 @@ static int mpc7_decode_frame(AVCodecContext * avctx, av_log(avctx, AV_LOG_ERROR, "Too small buffer passed (%i bytes)\n", buf_size); } + out_size = (buf[1] ? c->lastframelen : MPC_FRAME_SIZE) * 4; + if (*data_size < out_size) { + av_log(avctx, AV_LOG_ERROR, "Output buffer is too small\n"); + return AVERROR(EINVAL); + } + bits = av_malloc(((buf_size - 1) & ~3) + FF_INPUT_BUFFER_PADDING_SIZE); c->dsp.bswap_buf((uint32_t*)bits, (const uint32_t*)(buf + 4), (buf_size - 4) >> 2); init_get_bits(&gb, bits, (buf_size - 4)* 8); @@ -277,7 +283,7 @@ static int mpc7_decode_frame(AVCodecContext * avctx, *data_size = 0; return buf_size; } - *data_size = (buf[1] ? c->lastframelen : MPC_FRAME_SIZE) * 4; + *data_size = out_size; return buf_size; } From 490617b6ffa13f8e49a196a752f927d5ebad6e2b Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Wed, 14 Sep 2011 11:16:42 -0400 Subject: [PATCH 527/652] mpc7: return error if packet is too small. (cherry picked from commit 8290d1f38b438f1b070de67645c8b4a42014c7ac) Signed-off-by: Michael Niedermayer --- libavcodec/mpc7.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/mpc7.c b/libavcodec/mpc7.c index 515bbf60a7..6477edcf28 100644 --- a/libavcodec/mpc7.c +++ b/libavcodec/mpc7.c @@ -203,6 +203,7 @@ static int mpc7_decode_frame(AVCodecContext * avctx, memset(bands, 0, sizeof(bands)); if(buf_size <= 4){ av_log(avctx, AV_LOG_ERROR, "Too small buffer passed (%i bytes)\n", buf_size); + return AVERROR(EINVAL); } out_size = (buf[1] ? c->lastframelen : MPC_FRAME_SIZE) * 4; From fc8c0ee09f8eb8eab6373e1b4946cb503caa9884 Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Wed, 14 Sep 2011 11:39:21 -0400 Subject: [PATCH 528/652] mpc8: check output buffer size before decoding (cherry picked from commit 5674d4b0a35a34b75e3533a8580e0b5a0a8895a7) Signed-off-by: Michael Niedermayer --- libavcodec/mpc8.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/libavcodec/mpc8.c b/libavcodec/mpc8.c index bca57451ca..90bc8c8b96 100644 --- a/libavcodec/mpc8.c +++ b/libavcodec/mpc8.c @@ -243,10 +243,16 @@ static int mpc8_decode_frame(AVCodecContext * avctx, GetBitContext gb2, *gb = &gb2; int i, j, k, ch, cnt, res, t; Band *bands = c->bands; - int off; + int off, out_size; int maxband, keyframe; int last[2]; + out_size = MPC_FRAME_SIZE * 2 * avctx->channels; + if (*data_size < out_size) { + av_log(avctx, AV_LOG_ERROR, "Output buffer is too small\n"); + return AVERROR(EINVAL); + } + keyframe = c->cur_frame == 0; if(keyframe){ @@ -404,7 +410,7 @@ static int mpc8_decode_frame(AVCodecContext * avctx, c->last_bits_used = get_bits_count(gb); if(c->cur_frame >= c->frames) c->cur_frame = 0; - *data_size = MPC_FRAME_SIZE * 2 * avctx->channels; + *data_size = out_size; return c->cur_frame ? c->last_bits_used >> 3 : buf_size; } From d33a1d650742b579c86df1b77fd9ee5a3dc99b87 Mon Sep 17 00:00:00 2001 From: Compn Date: Sun, 2 Oct 2011 17:39:03 -0400 Subject: [PATCH 529/652] riff: map 0x0038 to amrnb, works on http://video.mopoto.com/4/40/407/40709.avi (cherry picked from commit 3ebab62fc67591fd9313fad32892d7d32e805422) Signed-off-by: Michael Niedermayer --- libavformat/riff.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavformat/riff.c b/libavformat/riff.c index 1ccd9091be..a834084b71 100644 --- a/libavformat/riff.c +++ b/libavformat/riff.c @@ -287,6 +287,7 @@ const AVCodecTag ff_codec_wav_tags[] = { { CODEC_ID_ADPCM_YAMAHA, 0x0020 }, { CODEC_ID_TRUESPEECH, 0x0022 }, { CODEC_ID_GSM_MS, 0x0031 }, + { CODEC_ID_AMR_NB, 0x0038 }, /* rogue format number */ { CODEC_ID_ADPCM_G726, 0x0045 }, { CODEC_ID_MP2, 0x0050 }, { CODEC_ID_MP3, 0x0055 }, From 902e9595e3ac5afdedf273a4e69fb43e32d518af Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 3 Oct 2011 00:38:50 +0200 Subject: [PATCH 530/652] MAINTAINERS: new ffplay maintainer Signed-off-by: Michael Niedermayer (cherry picked from commit cffd20b90ee6f35e37cdb51dd94e6b2174fd31b6) Signed-off-by: Michael Niedermayer --- MAINTAINERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MAINTAINERS b/MAINTAINERS index fb28a4e822..8409cd1930 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -19,7 +19,7 @@ ffmpeg: ffmpeg.c Michael Niedermayer ffplay: - ffplay.c Michael Niedermayer + ffplay.c Marton Balint ffprobe: ffprobe.c Stefano Sabatini From 78eab18740b457bc482845d5f4ec8fe484e0afb3 Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Wed, 14 Sep 2011 13:57:04 -0400 Subject: [PATCH 531/652] qdm2: check output buffer size before decoding (cherry picked from commit 7d49f79f1cd47783a963a757a6563b9cac29db62) Signed-off-by: Michael Niedermayer --- libavcodec/qdm2.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/libavcodec/qdm2.c b/libavcodec/qdm2.c index 1665c8daed..144ce98042 100644 --- a/libavcodec/qdm2.c +++ b/libavcodec/qdm2.c @@ -1958,13 +1958,20 @@ static int qdm2_decode_frame(AVCodecContext *avctx, int buf_size = avpkt->size; QDM2Context *s = avctx->priv_data; int16_t *out = data; - int i; + int i, out_size; if(!buf) return 0; if(buf_size < s->checksum_size) return -1; + out_size = 16 * s->channels * s->frame_size * + av_get_bytes_per_sample(avctx->sample_fmt); + if (*data_size < out_size) { + av_log(avctx, AV_LOG_ERROR, "Output buffer is too small\n"); + return AVERROR(EINVAL); + } + av_log(avctx, AV_LOG_DEBUG, "decode(%d): %p[%d] -> %p[%d]\n", buf_size, buf, s->checksum_size, data, *data_size); @@ -1974,7 +1981,7 @@ static int qdm2_decode_frame(AVCodecContext *avctx, out += s->channels * s->frame_size; } - *data_size = (uint8_t*)out - (uint8_t*)data; + *data_size = out_size; return s->checksum_size; } From 4f45967cf5138fb2c7567c5b3d0fb697998b2aeb Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 4 Oct 2011 04:21:19 +0200 Subject: [PATCH 532/652] ff_dv_frame_profile2: Check input buffer size. Based on code by DivX, Inc. / drffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 51b0694bc051cda2bfed048a35e694d1047c6ef0) Signed-off-by: Michael Niedermayer --- libavcodec/dvdata.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/libavcodec/dvdata.c b/libavcodec/dvdata.c index 05993d874f..db6ed2b871 100644 --- a/libavcodec/dvdata.c +++ b/libavcodec/dvdata.c @@ -248,11 +248,13 @@ static const DVprofile dv_profiles[] = { const DVprofile* ff_dv_frame_profile(const DVprofile *sys, const uint8_t* frame, unsigned buf_size) { - int i; + int i, dsf, stype; - int dsf = (frame[3] & 0x80) >> 7; + if(buf_size < DV_PROFILE_BYTES) + return NULL; - int stype = frame[80*5 + 48 + 3] & 0x1f; + dsf = (frame[3] & 0x80) >> 7; + stype = frame[80*5 + 48 + 3] & 0x1f; /* 576i50 25Mbps 4:1:1 is a special case */ if (dsf == 1 && stype == 0 && frame[4] & 0x07 /* the APT field */) { From c2d017e88ff6bb0f557dabfe795d0907c2d11849 Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Tue, 20 Sep 2011 15:27:44 -0400 Subject: [PATCH 533/652] sipr: fix the output data size check and only calculate it once. (cherry picked from commit 1b5a189f06879338088809b3049ea7620f4e7e78) Signed-off-by: Michael Niedermayer --- libavcodec/sipr.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/libavcodec/sipr.c b/libavcodec/sipr.c index 9befe8a158..db5ded740f 100644 --- a/libavcodec/sipr.c +++ b/libavcodec/sipr.c @@ -509,7 +509,7 @@ static int sipr_decode_frame(AVCodecContext *avctx, void *datap, GetBitContext gb; float *data = datap; int subframe_size = ctx->mode == MODE_16k ? L_SUBFR_16k : SUBFR_SIZE; - int i; + int i, out_size; ctx->avctx = avctx; if (avpkt->size < (mode_par->bits_per_frame >> 3)) { @@ -520,7 +520,11 @@ static int sipr_decode_frame(AVCodecContext *avctx, void *datap, *data_size = 0; return -1; } - if (*data_size < subframe_size * mode_par->subframe_count * sizeof(float)) { + + out_size = mode_par->frames_per_packet * subframe_size * + mode_par->subframe_count * + av_get_bytes_per_sample(avctx->sample_fmt); + if (*data_size < out_size) { av_log(avctx, AV_LOG_ERROR, "Error processing packet: output buffer (%d) too small\n", *data_size); @@ -542,8 +546,7 @@ static int sipr_decode_frame(AVCodecContext *avctx, void *datap, data += subframe_size * mode_par->subframe_count; } - *data_size = mode_par->frames_per_packet * subframe_size * - mode_par->subframe_count * sizeof(float); + *data_size = out_size; return mode_par->bits_per_frame >> 3; } From 2809f4ab934ca94b32e64f3a70e6008cd3876420 Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Wed, 14 Sep 2011 13:38:07 -0400 Subject: [PATCH 534/652] qcelp: check output buffer size before decoding (cherry picked from commit e43dd3d2a8e106169e707484090a2d973ece2184) Signed-off-by: Michael Niedermayer --- libavcodec/qcelpdec.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/libavcodec/qcelpdec.c b/libavcodec/qcelpdec.c index e83704d801..61c812c85d 100644 --- a/libavcodec/qcelpdec.c +++ b/libavcodec/qcelpdec.c @@ -738,11 +738,17 @@ static int qcelp_decode_frame(AVCodecContext *avctx, void *data, int *data_size, int buf_size = avpkt->size; QCELPContext *q = avctx->priv_data; float *outbuffer = data; - int i; + int i, out_size; float quantized_lspf[10], lpc[10]; float gain[16]; float *formant_mem; + out_size = 160 * av_get_bytes_per_sample(avctx->sample_fmt); + if (*data_size < out_size) { + av_log(avctx, AV_LOG_ERROR, "Output buffer is too small\n"); + return AVERROR(EINVAL); + } + if((q->bitrate = determine_bitrate(avctx, buf_size, &buf)) == I_F_Q) { warn_insufficient_frame_quality(avctx, "bitrate cannot be determined."); @@ -837,7 +843,7 @@ erasure: memcpy(q->prev_lspf, quantized_lspf, sizeof(q->prev_lspf)); q->prev_bitrate = q->bitrate; - *data_size = 160 * sizeof(*outbuffer); + *data_size = out_size; return buf_size; } From b491c15c8530fafdf5fcef25b1918339f196fbad Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Tue, 4 Oct 2011 22:13:56 +0200 Subject: [PATCH 535/652] h254: explicitly initialize bit depth/chroma idc Signed-off-by: Michael Niedermayer --- libavcodec/h264.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 96d8ecf77a..fd33aeff3e 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -1019,8 +1019,12 @@ static av_cold void common_init(H264Context *h){ s->height = s->avctx->height; s->codec_id= s->avctx->codec->id; - ff_h264dsp_init(&h->h264dsp, 8); - ff_h264_pred_init(&h->hpc, s->codec_id, 8); + s->avctx->bits_per_raw_sample = 8; + + ff_h264dsp_init(&h->h264dsp, + s->avctx->bits_per_raw_sample); + ff_h264_pred_init(&h->hpc, s->codec_id, + s->avctx->bits_per_raw_sample); h->dequant_coeff_pps= -1; s->unrestricted_mv=1; From 5d2b6006f0567629324613ee73b779acbaf8f039 Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Mon, 3 Oct 2011 07:37:24 -0700 Subject: [PATCH 536/652] mpegvideo: fix position of bottom edge. It was wrong in colorspaces where horizontal and vertical chroma subsampling are not the same, e.g. 422. Signed-off-by: Michael Niedermayer --- libavcodec/mpegvideo.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/libavcodec/mpegvideo.c b/libavcodec/mpegvideo.c index a505b9071c..9c47c15a51 100644 --- a/libavcodec/mpegvideo.c +++ b/libavcodec/mpegvideo.c @@ -2302,12 +2302,15 @@ void ff_draw_horiz_band(MpegEncContext *s, int y, int h){ edge_h= FFMIN(h, s->v_edge_pos - y); - s->dsp.draw_edges(s->current_picture_ptr->data[0] + y *s->linesize , s->linesize, - s->h_edge_pos , edge_h , EDGE_WIDTH , EDGE_WIDTH , sides); - s->dsp.draw_edges(s->current_picture_ptr->data[1] + (y>>vshift)*s->uvlinesize, s->uvlinesize, - s->h_edge_pos>>hshift, edge_h>>hshift, EDGE_WIDTH>>hshift, EDGE_WIDTH>>vshift, sides); - s->dsp.draw_edges(s->current_picture_ptr->data[2] + (y>>vshift)*s->uvlinesize, s->uvlinesize, - s->h_edge_pos>>hshift, edge_h>>hshift, EDGE_WIDTH>>hshift, EDGE_WIDTH>>vshift, sides); + s->dsp.draw_edges(s->current_picture_ptr->data[0] + y *s->linesize, + s->linesize, s->h_edge_pos, edge_h, + EDGE_WIDTH, EDGE_WIDTH, sides); + s->dsp.draw_edges(s->current_picture_ptr->data[1] + (y>>vshift)*s->uvlinesize, + s->uvlinesize, s->h_edge_pos>>hshift, edge_h>>vshift, + EDGE_WIDTH>>hshift, EDGE_WIDTH>>vshift, sides); + s->dsp.draw_edges(s->current_picture_ptr->data[2] + (y>>vshift)*s->uvlinesize, + s->uvlinesize, s->h_edge_pos>>hshift, edge_h>>vshift, + EDGE_WIDTH>>hshift, EDGE_WIDTH>>vshift, sides); } h= FFMIN(h, s->avctx->height - y); From 614ef0dc0d9f2d6ec7e2e41a00d285b7a6a2eea1 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 6 Oct 2011 22:54:00 +0200 Subject: [PATCH 537/652] h264: fix fill_colmap() to not store entries mbaff style when the reference is not mbaff at all Signed-off-by: Michael Niedermayer (cherry picked from commit a3ba542af39ba4425cbb44d2a0ae09c212b40001) Signed-off-by: Michael Niedermayer --- libavcodec/h264_direct.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/h264_direct.c b/libavcodec/h264_direct.c index 34a4ff727f..0b19353656 100644 --- a/libavcodec/h264_direct.c +++ b/libavcodec/h264_direct.c @@ -89,7 +89,8 @@ static void fill_colmap(H264Context *h, int map[2][16+32], int list, int field, for(j=start; jref_list[0][j].frame_num + (h->ref_list[0][j].reference&3) == poc){ int cur_ref= mbafi ? (j-16)^field : j; - map[list][2*old_ref + (rfield^field) + 16] = cur_ref; + if(ref1->mbaff) + map[list][2*old_ref + (rfield^field) + 16] = cur_ref; if(rfield == field || !interl) map[list][old_ref] = cur_ref; break; From 06b15b371539cb2f05f717b228d9173d4aee991d Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Thu, 6 Oct 2011 21:55:44 +0200 Subject: [PATCH 538/652] h264: fix the size of PPS::chroma_qp_table Signed-off-by: Michael Niedermayer (cherry picked from commit e588a5c2d418fdcf08ece076a2642de44f444d55) Signed-off-by: Michael Niedermayer --- libavcodec/h264.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h264.h b/libavcodec/h264.h index 0a380e03c1..a6f39730ff 100644 --- a/libavcodec/h264.h +++ b/libavcodec/h264.h @@ -227,7 +227,7 @@ typedef struct PPS{ int transform_8x8_mode; ///< transform_8x8_mode_flag uint8_t scaling_matrix4[6][16]; uint8_t scaling_matrix8[6][64]; - uint8_t chroma_qp_table[2][64]; ///< pre-scaled (with chroma_qp_index_offset) version of qp_table + uint8_t chroma_qp_table[2][QP_MAX_NUM+1]; ///< pre-scaled (with chroma_qp_index_offset) version of qp_table int chroma_qp_diff; }PPS; From 4c5cdb493c25a0ffb05022e7afa001725e0adc62 Mon Sep 17 00:00:00 2001 From: Mans Rullgard Date: Sat, 8 Oct 2011 02:09:42 +0100 Subject: [PATCH 539/652] put_bits: fix invalid shift by 32 in flush_put_bits() If flush_put_bits() is called when the 32-bit buffer is empty, e.g. after writing a multiple of 32 bits, and invalid shift by 32 is performed. Since flush_put_bits() is called infrequently, this additional check should have negligible performance impact. Signed-off-by: Mans Rullgard (cherry picked from commit ac6eab1496aad6f8b09deabbef4fe5fd829e142d) Signed-off-by: Michael Niedermayer --- libavcodec/put_bits.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/put_bits.h b/libavcodec/put_bits.h index 79016912d5..ccd2565920 100644 --- a/libavcodec/put_bits.h +++ b/libavcodec/put_bits.h @@ -100,7 +100,8 @@ static inline void flush_put_bits(PutBitContext *s) align_put_bits(s); #else #ifndef BITSTREAM_WRITER_LE - s->bit_buf<<= s->bit_left; + if (s->bit_left < 32) + s->bit_buf<<= s->bit_left; #endif while (s->bit_left < 32) { /* XXX: should test end of buffer */ From c2c83dcb322504807388f804d73d75a45fab004b Mon Sep 17 00:00:00 2001 From: Mans Rullgard Date: Sat, 8 Oct 2011 13:41:23 +0100 Subject: [PATCH 540/652] aacdec: fix undefined shifts Since nnz can be zero, this is needed to avoid a shift by 32. Signed-off-by: Mans Rullgard (cherry picked from commit d12294304acd82cb219e3f66ca9cd6efb2194fa4) Signed-off-by: Michael Niedermayer --- libavcodec/aacdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/aacdec.c b/libavcodec/aacdec.c index 6cc0cec0f0..e9f2cc53e9 100644 --- a/libavcodec/aacdec.c +++ b/libavcodec/aacdec.c @@ -1090,7 +1090,7 @@ static int decode_spectrum_and_dequant(AACContext *ac, float coef[1024], GET_VLC(code, re, gb, vlc_tab, 8, 2); cb_idx = cb_vector_idx[code]; nnz = cb_idx >> 8 & 15; - bits = SHOW_UBITS(re, gb, nnz) << (32-nnz); + bits = nnz ? GET_CACHE(re, gb) : 0; LAST_SKIP_BITS(re, gb, nnz); cf = VMUL4S(cf, vq, cb_idx, bits, sf + idx); } while (len -= 4); @@ -1130,7 +1130,7 @@ static int decode_spectrum_and_dequant(AACContext *ac, float coef[1024], GET_VLC(code, re, gb, vlc_tab, 8, 2); cb_idx = cb_vector_idx[code]; nnz = cb_idx >> 8 & 15; - sign = SHOW_UBITS(re, gb, nnz) << (cb_idx >> 12); + sign = nnz ? SHOW_UBITS(re, gb, nnz) << (cb_idx >> 12) : 0; LAST_SKIP_BITS(re, gb, nnz); cf = VMUL2S(cf, vq, cb_idx, sign, sf + idx); } while (len -= 2); From 37ce6ba425d70718b646ba49ec23761abd511d9e Mon Sep 17 00:00:00 2001 From: Mans Rullgard Date: Sat, 8 Oct 2011 13:49:42 +0100 Subject: [PATCH 541/652] dca: fix signed overflow in shift Signed-off-by: Mans Rullgard (cherry picked from commit 559c244d42be7a02c23976216b47fd63b80d6c7f) Signed-off-by: Michael Niedermayer --- libavcodec/dca.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/dca.c b/libavcodec/dca.c index 69df8f4597..24153ebdd2 100644 --- a/libavcodec/dca.c +++ b/libavcodec/dca.c @@ -905,7 +905,8 @@ static void qmf_32_subbands(DCAContext * s, int chans, for (subindex = 0; subindex < 8; subindex++) { /* Load in one sample from each subband and clear inactive subbands */ for (i = 0; i < sb_act; i++){ - uint32_t v = AV_RN32A(&samples_in[i][subindex]) ^ ((i-1)&2)<<30; + unsigned sign = (i - 1) & 2; + uint32_t v = AV_RN32A(&samples_in[i][subindex]) ^ sign << 30; AV_WN32A(&s->raXin[i], v); } From 4ba0e0375961fcb05d0d4258e75c807c1ed577f5 Mon Sep 17 00:00:00 2001 From: Mans Rullgard Date: Sat, 8 Oct 2011 13:52:44 +0100 Subject: [PATCH 542/652] motion_est: fix some signed overflows Signed-off-by: Mans Rullgard (cherry picked from commit e708afd3c026a9eb547dab07781320a7e2564312) Signed-off-by: Michael Niedermayer --- libavcodec/motion_est.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/motion_est.c b/libavcodec/motion_est.c index c12ebf4c7c..02e804d88f 100644 --- a/libavcodec/motion_est.c +++ b/libavcodec/motion_est.c @@ -1040,7 +1040,7 @@ void ff_estimate_p_frame_motion(MpegEncContext * s, /* intra / predictive decision */ pix = c->src[0][0]; sum = s->dsp.pix_sum(pix, s->linesize); - varc = s->dsp.pix_norm1(pix, s->linesize) - (((unsigned)(sum*sum))>>8) + 500; + varc = s->dsp.pix_norm1(pix, s->linesize) - (((unsigned)sum*sum)>>8) + 500; pic->mb_mean[s->mb_stride * mb_y + mb_x] = (sum+128)>>8; pic->mb_var [s->mb_stride * mb_y + mb_x] = (varc+128)>>8; @@ -1202,7 +1202,7 @@ void ff_estimate_p_frame_motion(MpegEncContext * s, if((c->avctx->mb_cmp&0xFF)==FF_CMP_SSE){ intra_score= varc - 500; }else{ - int mean= (sum+128)>>8; + unsigned mean = (sum+128)>>8; mean*= 0x01010101; for(i=0; i<16; i++){ From f7be632cbde8aa094535edf0af3a30a7556acbac Mon Sep 17 00:00:00 2001 From: Mans Rullgard Date: Sat, 8 Oct 2011 15:03:51 +0100 Subject: [PATCH 543/652] vp8: fix signed overflows In addition to avoiding undefined behaviour, an unsigned type makes more sense for packing multiple 8-bit values. Signed-off-by: Mans Rullgard (cherry picked from commit bb59156606e00057a706ed30165bc7329db3823f) Signed-off-by: Michael Niedermayer --- libavcodec/vp8.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavcodec/vp8.c b/libavcodec/vp8.c index 3e93653085..a417ae3672 100644 --- a/libavcodec/vp8.c +++ b/libavcodec/vp8.c @@ -919,7 +919,8 @@ void intra_predict(VP8Context *s, uint8_t *dst[3], VP8Macroblock *mb, int mb_x, int mb_y) { AVCodecContext *avctx = s->avctx; - int x, y, mode, nnz, tr; + int x, y, mode, nnz; + uint32_t tr; // for the first row, we need to run xchg_mb_border to init the top edge to 127 // otherwise, skip it if we aren't going to deblock @@ -948,7 +949,7 @@ void intra_predict(VP8Context *s, uint8_t *dst[3], VP8Macroblock *mb, // from the top macroblock if (!(!mb_y && avctx->flags & CODEC_FLAG_EMU_EDGE) && mb_x == s->mb_width-1) { - tr = tr_right[-1]*0x01010101; + tr = tr_right[-1]*0x01010101u; tr_right = (uint8_t *)&tr; } From edc942202b577946c265fe9fdff236fac2b2cc2f Mon Sep 17 00:00:00 2001 From: Mans Rullgard Date: Sat, 8 Oct 2011 02:06:26 +0100 Subject: [PATCH 544/652] lavf: fix signed overflow in avformat_find_stream_info() On the first iteration through this code, last_dts is always INT64_MIN (AV_NOPTS_VALUE) and the subtraction overflows in an invalid manner. Although the result is only used if the input values are valid, performing the subtraction is still not allowed in a strict environment. Signed-off-by: Mans Rullgard (cherry picked from commit a31e9f68a426f634e002282885c6c2eb1bfbea44) Signed-off-by: Michael Niedermayer --- libavformat/utils.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index b15582acb1..400d96826d 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -2396,9 +2396,9 @@ int av_find_stream_info(AVFormatContext *ic) } { int64_t last = st->info->last_dts; - int64_t duration= pkt->dts - last; - if(pkt->dts != AV_NOPTS_VALUE && last != AV_NOPTS_VALUE && duration>0){ + if(pkt->dts != AV_NOPTS_VALUE && last != AV_NOPTS_VALUE && pkt->dts > last){ + int64_t duration= pkt->dts - last; double dur= duration * av_q2d(st->time_base); // if(st->codec->codec_type == AVMEDIA_TYPE_VIDEO) From 1646d2d2ae20c32b075cf271c7b276a1d587ebe4 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 8 Oct 2011 23:40:30 +0200 Subject: [PATCH 545/652] eamad: clear FF_INPUT_BUFFER_PADDING_SIZE bytes at the end of the temporary buffer Signed-off-by: Michael Niedermayer (cherry picked from commit 74b9c598396f76407c6b3841c10bc67ddddb2a98) Signed-off-by: Michael Niedermayer --- libavcodec/eamad.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/eamad.c b/libavcodec/eamad.c index d4881ab843..ee8158174a 100644 --- a/libavcodec/eamad.c +++ b/libavcodec/eamad.c @@ -280,6 +280,7 @@ static int decode_frame(AVCodecContext *avctx, if (!t->bitstream_buf) return AVERROR(ENOMEM); bswap16_buf(t->bitstream_buf, (const uint16_t*)buf, (buf_end-buf)/2); + memset((uint8_t*)t->bitstream_buf + (buf_end-buf), 0, FF_INPUT_BUFFER_PADDING_SIZE); init_get_bits(&s->gb, t->bitstream_buf, 8*(buf_end-buf)); for (s->mb_y=0; s->mb_y < (avctx->height+15)/16; s->mb_y++) From 44740513709cb326667fc8b7d24abb6e16aacee6 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 8 Oct 2011 23:40:27 +0200 Subject: [PATCH 546/652] eatgv: fix out of bound reads on corrupted motions vectors. Signed-off-by: Michael Niedermayer (cherry picked from commit 09302a897d1990b1338f049fcd29638d736b8823) Signed-off-by: Michael Niedermayer --- libavcodec/eatgv.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/eatgv.c b/libavcodec/eatgv.c index 0855f10417..f50a308467 100644 --- a/libavcodec/eatgv.c +++ b/libavcodec/eatgv.c @@ -138,7 +138,7 @@ static int unpack(const uint8_t *src, const uint8_t *src_end, unsigned char *dst * @return 0 on success, -1 on critical buffer underflow */ static int tgv_decode_inter(TgvContext * s, const uint8_t *buf, const uint8_t *buf_end){ - unsigned char *frame0_end = s->last_frame.data[0] + s->avctx->width*s->last_frame.linesize[0]; + unsigned char *frame0_end = s->last_frame.data[0] + s->avctx->height*s->last_frame.linesize[0]; int num_mvs; int num_blocks_raw; int num_blocks_packed; @@ -211,7 +211,7 @@ static int tgv_decode_inter(TgvContext * s, const uint8_t *buf, const uint8_t *b (y*4 + s->mv_codebook[vector][1])*s->last_frame.linesize[0] + x*4 + s->mv_codebook[vector][0]; src_stride = s->last_frame.linesize[0]; - if (src+3*src_stride+3>=frame0_end) + if (src < s->last_frame.data[0] || src+3*src_stride+3>=frame0_end) continue; }else{ int offset = vector - num_mvs; From 1b6e6439faafb8de96ce01f008918ea36eaff8c2 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 8 Oct 2011 23:40:28 +0200 Subject: [PATCH 547/652] eatgv: fix pointer arithmetic overflows. Signed-off-by: Michael Niedermayer (cherry picked from commit 6bfe0d4c3d7de11e859ea6720b011cf5fdf5ef03) Signed-off-by: Michael Niedermayer --- libavcodec/eatgv.c | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/libavcodec/eatgv.c b/libavcodec/eatgv.c index f50a308467..fb88dce5d3 100644 --- a/libavcodec/eatgv.c +++ b/libavcodec/eatgv.c @@ -74,7 +74,7 @@ static int unpack(const uint8_t *src, const uint8_t *src_end, unsigned char *dst else src += 2; - if (src+3>src_end) + if (src_end - src < 3) return -1; size = AV_RB24(src); src += 3; @@ -138,7 +138,7 @@ static int unpack(const uint8_t *src, const uint8_t *src_end, unsigned char *dst * @return 0 on success, -1 on critical buffer underflow */ static int tgv_decode_inter(TgvContext * s, const uint8_t *buf, const uint8_t *buf_end){ - unsigned char *frame0_end = s->last_frame.data[0] + s->avctx->height*s->last_frame.linesize[0]; + unsigned last_frame_size = s->avctx->height*s->last_frame.linesize[0]; int num_mvs; int num_blocks_raw; int num_blocks_packed; @@ -148,7 +148,7 @@ static int tgv_decode_inter(TgvContext * s, const uint8_t *buf, const uint8_t *b int mvbits; const unsigned char *blocks_raw; - if(buf+12>buf_end) + if(buf_end - buf < 12) return -1; num_mvs = AV_RL16(&buf[0]); @@ -171,7 +171,7 @@ static int tgv_decode_inter(TgvContext * s, const uint8_t *buf, const uint8_t *b /* read motion vectors */ mvbits = (num_mvs*2*10+31) & ~31; - if (buf+(mvbits>>3)+16*num_blocks_raw+8*num_blocks_packed>buf_end) + if (buf_end - buf < (mvbits>>3)+16*num_blocks_raw+8*num_blocks_packed) return -1; init_get_bits(&gb, buf, mvbits); @@ -207,12 +207,14 @@ static int tgv_decode_inter(TgvContext * s, const uint8_t *buf, const uint8_t *b int src_stride; if (vector < num_mvs) { - src = s->last_frame.data[0] + - (y*4 + s->mv_codebook[vector][1])*s->last_frame.linesize[0] + - x*4 + s->mv_codebook[vector][0]; + unsigned offset = + (y*4 + s->mv_codebook[vector][1])*s->last_frame.linesize[0] + + x*4 + s->mv_codebook[vector][0]; + src_stride = s->last_frame.linesize[0]; - if (src < s->last_frame.data[0] || src+3*src_stride+3>=frame0_end) + if (offset >= last_frame_size - (3*src_stride+3)) continue; + src = s->last_frame.data[0] + offset; }else{ int offset = vector - num_mvs; if (offsetbuf_end) { + if(buf_end - buf < 12) { av_log(avctx, AV_LOG_WARNING, "truncated header\n"); return -1; } @@ -272,7 +277,7 @@ static int tgv_decode_frame(AVCodecContext *avctx, pal_count = AV_RL16(&buf[6]); buf += 12; - for(i=0; i= 3; i++) { s->palette[i] = AV_RB24(buf); buf += 3; } From 7b3c851526740cb77fe5af0e48c50b7ead1e0143 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 8 Oct 2011 23:40:32 +0200 Subject: [PATCH 548/652] eamad: avoid NULL derefence when missing the reference frame. Signed-off-by: Michael Niedermayer (cherry picked from commit 6e20554a6d33e92b81dc3cfed6082e03bff2a7f8) Signed-off-by: Michael Niedermayer --- libavcodec/eamad.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/eamad.c b/libavcodec/eamad.c index ee8158174a..f5b25354f1 100644 --- a/libavcodec/eamad.c +++ b/libavcodec/eamad.c @@ -205,7 +205,8 @@ static void decode_mb(MadContext *t, int inter) for (j=0; j<6; j++) { if (mv_map & (1<gb); - comp_block(t, s->mb_x, s->mb_y, j, mv_x, mv_y, add); + if (t->last_frame.data[0]) + comp_block(t, s->mb_x, s->mb_y, j, mv_x, mv_y, add); } else { s->dsp.clear_block(t->block); decode_block_intra(t, t->block); From 79bafbb0dd6af48eae51eb69c472208f97eff11d Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 8 Oct 2011 23:40:31 +0200 Subject: [PATCH 549/652] eamad: check for out of bound reads when doing MC Signed-off-by: Michael Niedermayer (cherry picked from commit da35797359cec148f3fe59894c62727b0422d75a) Signed-off-by: Michael Niedermayer --- libavcodec/eamad.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/libavcodec/eamad.c b/libavcodec/eamad.c index f5b25354f1..150bd08108 100644 --- a/libavcodec/eamad.c +++ b/libavcodec/eamad.c @@ -85,15 +85,21 @@ static inline void comp_block(MadContext *t, int mb_x, int mb_y, { MpegEncContext *s = &t->s; if (j < 4) { + unsigned offset = (mb_y*16 + ((j&2)<<2) + mv_y)*t->last_frame.linesize[0] + mb_x*16 + ((j&1)<<3) + mv_x; + if (offset >= (s->height - 7) * t->last_frame.linesize[0] - 7) + return; comp(t->frame.data[0] + (mb_y*16 + ((j&2)<<2))*t->frame.linesize[0] + mb_x*16 + ((j&1)<<3), t->frame.linesize[0], - t->last_frame.data[0] + (mb_y*16 + ((j&2)<<2) + mv_y)*t->last_frame.linesize[0] + mb_x*16 + ((j&1)<<3) + mv_x, + t->last_frame.data[0] + offset, t->last_frame.linesize[0], add); } else if (!(s->avctx->flags & CODEC_FLAG_GRAY)) { int index = j - 3; + unsigned offset = (mb_y * 8 + (mv_y/2))*t->last_frame.linesize[index] + mb_x * 8 + (mv_x/2); + if (offset >= (s->height/2 - 7) * t->last_frame.linesize[index] - 7) + return; comp(t->frame.data[index] + (mb_y*8)*t->frame.linesize[index] + mb_x * 8, t->frame.linesize[index], - t->last_frame.data[index] + (mb_y * 8 + (mv_y/2))*t->last_frame.linesize[index] + mb_x * 8 + (mv_x/2), + t->last_frame.data[index] + offset, t->last_frame.linesize[index], add); } } From 5415c488f9c6103df06ccfdc77dd50d1f030d271 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 8 Oct 2011 23:40:33 +0200 Subject: [PATCH 550/652] eamad: release the reference frame on video size changes Signed-off-by: Michael Niedermayer (cherry picked from commit 6c1fb3e7631178c2a45c6c41b9b8d9ee3a5298fc) Signed-off-by: Michael Niedermayer --- libavcodec/eamad.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/eamad.c b/libavcodec/eamad.c index 150bd08108..602bbfcf93 100644 --- a/libavcodec/eamad.c +++ b/libavcodec/eamad.c @@ -273,6 +273,8 @@ static int decode_frame(AVCodecContext *avctx, avcodec_set_dimensions(avctx, s->width, s->height); if (t->frame.data[0]) avctx->release_buffer(avctx, &t->frame); + if (t->last_frame.data[0]) + avctx->release_buffer(avctx, &t->last_frame); } t->frame.reference = 1; From 2fdbc1d5533ce596bc7e4872dd801c5cdda58aeb Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 8 Oct 2011 23:40:39 +0200 Subject: [PATCH 551/652] vqavideo: check for invalid/unsupported version Signed-off-by: Michael Niedermayer (cherry picked from commit b226af39107f09cd650875388250f4968eea54db) Signed-off-by: Michael Niedermayer --- libavcodec/vqavideo.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/vqavideo.c b/libavcodec/vqavideo.c index ca4fd94d75..6d7f65a051 100644 --- a/libavcodec/vqavideo.c +++ b/libavcodec/vqavideo.c @@ -138,6 +138,10 @@ static av_cold int vqa_decode_init(AVCodecContext *avctx) /* load up the VQA parameters from the header */ vqa_header = (unsigned char *)s->avctx->extradata; s->vqa_version = vqa_header[0]; + if (s->vqa_version < 1 || s->vqa_version > 3) { + av_log(s->avctx, AV_LOG_ERROR, " VQA video: unsupported version %d\n", s->vqa_version); + return -1; + } s->width = AV_RL16(&vqa_header[6]); s->height = AV_RL16(&vqa_header[8]); if(av_image_check_size(s->width, s->height, 0, avctx)){ From b832e539c0dceb2108c8b7f824d9eff9d751853a Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 8 Oct 2011 23:40:37 +0200 Subject: [PATCH 552/652] vqa: fix double free on corrupted streams Signed-off-by: Michael Niedermayer (cherry picked from commit e3123856c79c36507772ada1bcda6cfe36a1e297) Signed-off-by: Michael Niedermayer --- libavformat/westwood.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/libavformat/westwood.c b/libavformat/westwood.c index 818fe2d8d3..dd6ddef905 100644 --- a/libavformat/westwood.c +++ b/libavformat/westwood.c @@ -277,10 +277,8 @@ static int wsvqa_read_header(AVFormatContext *s, /* there are 0 or more chunks before the FINF chunk; iterate until * FINF has been skipped and the file will be ready to be demuxed */ do { - if (avio_read(pb, scratch, VQA_PREAMBLE_SIZE) != VQA_PREAMBLE_SIZE) { - av_free(st->codec->extradata); + if (avio_read(pb, scratch, VQA_PREAMBLE_SIZE) != VQA_PREAMBLE_SIZE) return AVERROR(EIO); - } chunk_tag = AV_RB32(&scratch[0]); chunk_size = AV_RB32(&scratch[4]); From 7ab0b6b7eda60e235b7db07a6895fa8bdade01c8 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sun, 9 Oct 2011 01:54:41 +0200 Subject: [PATCH 553/652] vqavideo: check for out of bound reads. Signed-off-by: Michael Niedermayer (cherry picked from commit 6d45702f7f257c1cfcd3ce3287bf258854528a4a) Signed-off-by: Michael Niedermayer --- libavcodec/vqavideo.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libavcodec/vqavideo.c b/libavcodec/vqavideo.c index 6d7f65a051..64a68e1ca1 100644 --- a/libavcodec/vqavideo.c +++ b/libavcodec/vqavideo.c @@ -230,6 +230,8 @@ static void decode_format80(const unsigned char *src, int src_size, src_index += 2; av_dlog(NULL, "(1) copy %X bytes from absolute pos %X\n", count, src_pos); CHECK_COUNT(); + if (src_pos + count > dest_size) + return; for (i = 0; i < count; i++) dest[dest_index + i] = dest[src_pos + i]; dest_index += count; @@ -252,6 +254,8 @@ static void decode_format80(const unsigned char *src, int src_size, src_index += 2; av_dlog(NULL, "(3) copy %X bytes from absolute pos %X\n", count, src_pos); CHECK_COUNT(); + if (src_pos + count > dest_size) + return; for (i = 0; i < count; i++) dest[dest_index + i] = dest[src_pos + i]; dest_index += count; @@ -272,6 +276,8 @@ static void decode_format80(const unsigned char *src, int src_size, src_index += 2; av_dlog(NULL, "(5) copy %X bytes from relpos %X\n", count, src_pos); CHECK_COUNT(); + if (dest_index < src_pos) + return; for (i = 0; i < count; i++) dest[dest_index + i] = dest[dest_index - src_pos + i]; dest_index += count; From 67c46b9b3027fdd9fd737e21a80d3326748b1c15 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 8 Oct 2011 23:01:33 +0200 Subject: [PATCH 554/652] qtrle: check for invalid line offset Signed-off-by: Michael Niedermayer (cherry picked from commit a4ed7c3fe9f99b89f86b65710d8855dc572f1a25) Signed-off-by: Michael Niedermayer --- libavcodec/qtrle.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/qtrle.c b/libavcodec/qtrle.c index 2cc2de2e23..0f280f5829 100644 --- a/libavcodec/qtrle.c +++ b/libavcodec/qtrle.c @@ -464,6 +464,8 @@ static int qtrle_decode_frame(AVCodecContext *avctx, stream_ptr += 4; height = AV_RB16(&s->buf[stream_ptr]); stream_ptr += 4; + if (height > s->avctx->height - start_line) + goto done; } else { start_line = 0; height = s->avctx->height; From ca58b215ab2c4d593b8be04420dfa6c1720a409c Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 8 Oct 2011 21:57:27 +0200 Subject: [PATCH 555/652] txd: check for out of bound reads. Signed-off-by: Michael Niedermayer (cherry picked from commit e182de9a98272fbe4f368000911191aaeb0d6fb3) Signed-off-by: Michael Niedermayer --- libavcodec/txd.c | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/libavcodec/txd.c b/libavcodec/txd.c index 0e25458c86..219c337534 100644 --- a/libavcodec/txd.c +++ b/libavcodec/txd.c @@ -23,6 +23,7 @@ #include "libavutil/intreadwrite.h" #include "libavutil/imgutils.h" +#include "bytestream.h" #include "avcodec.h" #include "s3tc.h" @@ -42,6 +43,7 @@ static av_cold int txd_init(AVCodecContext *avctx) { static int txd_decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPacket *avpkt) { const uint8_t *buf = avpkt->data; + const uint8_t *buf_end = avpkt->data + avpkt->size; TXDContext * const s = avctx->priv_data; AVFrame *picture = data; AVFrame * const p = &s->picture; @@ -52,6 +54,8 @@ static int txd_decode_frame(AVCodecContext *avctx, void *data, int *data_size, const uint32_t *palette = (const uint32_t *)(cur + 88); uint32_t *pal; + if (buf_end - cur < 92) + return AVERROR_INVALIDDATA; version = AV_RL32(cur); d3d_format = AV_RL32(cur+76); w = AV_RL16(cur+80); @@ -69,6 +73,8 @@ static int txd_decode_frame(AVCodecContext *avctx, void *data, int *data_size, if (depth == 8) { avctx->pix_fmt = PIX_FMT_PAL8; + if (buf_end - cur < 1024) + return AVERROR_INVALIDDATA; cur += 1024; } else if (depth == 16 || depth == 32) avctx->pix_fmt = PIX_FMT_RGB32; @@ -100,6 +106,8 @@ static int txd_decode_frame(AVCodecContext *avctx, void *data, int *data_size, v = AV_RB32(palette+y); pal[y] = (v>>8) + (v<<24); } + if (buf_end - cur < w * h) + return AVERROR_INVALIDDATA; for (y=0; y 1; mipmap_count--) - cur += AV_RL32(cur) + 4; + for (; mipmap_count > 1 && buf_end - cur >= 4; mipmap_count--) { + uint32_t length = bytestream_get_le32(&cur); + if (buf_end - cur < length) + break; + cur += length; + } *picture = s->picture; *data_size = sizeof(AVPicture); From adb12c4deb7685037439ecaea5cac890a6e1f9c3 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 8 Oct 2011 23:40:34 +0200 Subject: [PATCH 556/652] xxan: check for out of bound accesses Signed-off-by: Michael Niedermayer (cherry picked from commit a68a6a4fb19caecc91d5f7fe3ef4f83f6d3c4586) Signed-off-by: Michael Niedermayer --- libavcodec/xxan.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/libavcodec/xxan.c b/libavcodec/xxan.c index 10ec53f467..c93ff43663 100644 --- a/libavcodec/xxan.c +++ b/libavcodec/xxan.c @@ -129,7 +129,9 @@ static int xan_unpack(uint8_t *dest, const int dest_len, if (size + size2 > dest_end - dest) break; } - if (src + size > src_end || dest + size + size2 > dest_end) + if (src + size > src_end || + dest + size + size2 > dest_end || + dest + size - orig_dest < back ) return -1; bytestream_get_buffer(&src, dest, size); dest += size; @@ -194,6 +196,8 @@ static int xan_decode_chroma(AVCodecContext *avctx, AVPacket *avpkt) if (mode) { for (j = 0; j < avctx->height >> 1; j++) { for (i = 0; i < avctx->width >> 1; i++) { + if (src_end - src < 1) + return 0; val = *src++; if (val) { val = AV_RL16(table + (val << 1)); @@ -202,8 +206,6 @@ static int xan_decode_chroma(AVCodecContext *avctx, AVPacket *avpkt) U[i] = uval | (uval >> 5); V[i] = vval | (vval >> 5); } - if (src == src_end) - return 0; } U += s->pic.linesize[1]; V += s->pic.linesize[2]; @@ -214,6 +216,8 @@ static int xan_decode_chroma(AVCodecContext *avctx, AVPacket *avpkt) for (j = 0; j < avctx->height >> 2; j++) { for (i = 0; i < avctx->width >> 1; i += 2) { + if (src_end - src < 1) + return 0; val = *src++; if (val) { val = AV_RL16(table + (val << 1)); @@ -302,6 +306,9 @@ static int xan_decode_frame_type0(AVCodecContext *avctx, AVPacket *avpkt) corr_end - corr_off); if (dec_size < 0) dec_size = 0; + else + dec_size = FFMIN(dec_size, s->buffer_size/2 - 1); + for (i = 0; i < dec_size; i++) s->y_buffer[i*2+1] = (s->y_buffer[i*2+1] + (s->scratch_buffer[i] << 1)) & 0x3F; } From a65045915f5b4ec6da73df54d1914b320a861223 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 8 Oct 2011 23:40:36 +0200 Subject: [PATCH 557/652] qtrle: check for out of bound writes. Signed-off-by: Michael Niedermayer (cherry picked from commit 7fb92be7e50ea4ba5712804326c6814ae02dd190) Signed-off-by: Michael Niedermayer --- libavcodec/qtrle.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/qtrle.c b/libavcodec/qtrle.c index 0f280f5829..124106fc16 100644 --- a/libavcodec/qtrle.c +++ b/libavcodec/qtrle.c @@ -127,6 +127,7 @@ static inline void qtrle_decode_2n4bpp(QtrleContext *s, int stream_ptr, while (lines_to_change--) { CHECK_STREAM_PTR(2); pixel_ptr = row_ptr + (num_pixels * (s->buf[stream_ptr++] - 1)); + CHECK_PIXEL_PTR(0); /* make sure pixel_ptr is positive */ while ((rle_code = (signed char)s->buf[stream_ptr++]) != -1) { if (rle_code == 0) { @@ -183,6 +184,7 @@ static void qtrle_decode_8bpp(QtrleContext *s, int stream_ptr, int row_ptr, int while (lines_to_change--) { CHECK_STREAM_PTR(2); pixel_ptr = row_ptr + (4 * (s->buf[stream_ptr++] - 1)); + CHECK_PIXEL_PTR(0); /* make sure pixel_ptr is positive */ while ((rle_code = (signed char)s->buf[stream_ptr++]) != -1) { if (rle_code == 0) { @@ -236,6 +238,7 @@ static void qtrle_decode_16bpp(QtrleContext *s, int stream_ptr, int row_ptr, int while (lines_to_change--) { CHECK_STREAM_PTR(2); pixel_ptr = row_ptr + (s->buf[stream_ptr++] - 1) * 2; + CHECK_PIXEL_PTR(0); /* make sure pixel_ptr is positive */ while ((rle_code = (signed char)s->buf[stream_ptr++]) != -1) { if (rle_code == 0) { @@ -285,6 +288,7 @@ static void qtrle_decode_24bpp(QtrleContext *s, int stream_ptr, int row_ptr, int while (lines_to_change--) { CHECK_STREAM_PTR(2); pixel_ptr = row_ptr + (s->buf[stream_ptr++] - 1) * 3; + CHECK_PIXEL_PTR(0); /* make sure pixel_ptr is positive */ while ((rle_code = (signed char)s->buf[stream_ptr++]) != -1) { if (rle_code == 0) { @@ -336,6 +340,7 @@ static void qtrle_decode_32bpp(QtrleContext *s, int stream_ptr, int row_ptr, int while (lines_to_change--) { CHECK_STREAM_PTR(2); pixel_ptr = row_ptr + (s->buf[stream_ptr++] - 1) * 4; + CHECK_PIXEL_PTR(0); /* make sure pixel_ptr is positive */ while ((rle_code = (signed char)s->buf[stream_ptr++]) != -1) { if (rle_code == 0) { From 115d88c4b218a2659a5ed9437407ddeda0a7e32e Mon Sep 17 00:00:00 2001 From: Mans Rullgard Date: Sat, 8 Oct 2011 21:22:06 +0100 Subject: [PATCH 558/652] h264pred: use unsigned types for pixel values, fix signed overflows Signed-off-by: Mans Rullgard (cherry picked from commit 60f10e0ad37418cc697765d85b0bc22db70f726a) Signed-off-by: Michael Niedermayer --- libavcodec/h264pred.c | 10 +++++----- libavcodec/h264pred_template.c | 32 ++++++++++++++++---------------- 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/libavcodec/h264pred.c b/libavcodec/h264pred.c index f6533cf9ba..4917e0d3a0 100644 --- a/libavcodec/h264pred.c +++ b/libavcodec/h264pred.c @@ -40,7 +40,7 @@ #undef BIT_DEPTH static void pred4x4_vertical_vp8_c(uint8_t *src, const uint8_t *topright, int stride){ - const int lt= src[-1-1*stride]; + const unsigned lt = src[-1-1*stride]; LOAD_TOP_EDGE LOAD_TOP_RIGHT_EDGE uint32_t v = PACK_4U8((lt + 2*t0 + t1 + 2) >> 2, @@ -55,7 +55,7 @@ static void pred4x4_vertical_vp8_c(uint8_t *src, const uint8_t *topright, int st } static void pred4x4_horizontal_vp8_c(uint8_t *src, const uint8_t *topright, int stride){ - const int lt= src[-1-1*stride]; + const unsigned lt = src[-1-1*stride]; LOAD_LEFT_EDGE AV_WN32A(src+0*stride, ((lt + 2*l0 + l1 + 2) >> 2)*0x01010101); @@ -292,7 +292,7 @@ static void pred16x16_tm_vp8_c(uint8_t *src, int stride){ static void pred8x8_left_dc_rv40_c(uint8_t *src, int stride){ int i; - int dc0; + unsigned dc0; dc0=0; for(i=0;i<8; i++) @@ -307,7 +307,7 @@ static void pred8x8_left_dc_rv40_c(uint8_t *src, int stride){ static void pred8x8_top_dc_rv40_c(uint8_t *src, int stride){ int i; - int dc0; + unsigned dc0; dc0=0; for(i=0;i<8; i++) @@ -322,7 +322,7 @@ static void pred8x8_top_dc_rv40_c(uint8_t *src, int stride){ static void pred8x8_dc_rv40_c(uint8_t *src, int stride){ int i; - int dc0=0; + unsigned dc0 = 0; for(i=0;i<4; i++){ dc0+= src[-1+i*stride] + src[i-stride]; diff --git a/libavcodec/h264pred_template.c b/libavcodec/h264pred_template.c index 3cd4463d76..153aabc5f2 100644 --- a/libavcodec/h264pred_template.c +++ b/libavcodec/h264pred_template.c @@ -120,28 +120,28 @@ static void FUNCC(pred4x4_129_dc)(uint8_t *_src, const uint8_t *topright, int _s #define LOAD_TOP_RIGHT_EDGE\ - const int av_unused t4= topright[0];\ - const int av_unused t5= topright[1];\ - const int av_unused t6= topright[2];\ - const int av_unused t7= topright[3];\ + const unsigned av_unused t4 = topright[0];\ + const unsigned av_unused t5 = topright[1];\ + const unsigned av_unused t6 = topright[2];\ + const unsigned av_unused t7 = topright[3];\ #define LOAD_DOWN_LEFT_EDGE\ - const int av_unused l4= src[-1+4*stride];\ - const int av_unused l5= src[-1+5*stride];\ - const int av_unused l6= src[-1+6*stride];\ - const int av_unused l7= src[-1+7*stride];\ + const unsigned av_unused l4 = src[-1+4*stride];\ + const unsigned av_unused l5 = src[-1+5*stride];\ + const unsigned av_unused l6 = src[-1+6*stride];\ + const unsigned av_unused l7 = src[-1+7*stride];\ #define LOAD_LEFT_EDGE\ - const int av_unused l0= src[-1+0*stride];\ - const int av_unused l1= src[-1+1*stride];\ - const int av_unused l2= src[-1+2*stride];\ - const int av_unused l3= src[-1+3*stride];\ + const unsigned av_unused l0 = src[-1+0*stride];\ + const unsigned av_unused l1 = src[-1+1*stride];\ + const unsigned av_unused l2 = src[-1+2*stride];\ + const unsigned av_unused l3 = src[-1+3*stride];\ #define LOAD_TOP_EDGE\ - const int av_unused t0= src[ 0-1*stride];\ - const int av_unused t1= src[ 1-1*stride];\ - const int av_unused t2= src[ 2-1*stride];\ - const int av_unused t3= src[ 3-1*stride];\ + const unsigned av_unused t0 = src[ 0-1*stride];\ + const unsigned av_unused t1 = src[ 1-1*stride];\ + const unsigned av_unused t2 = src[ 2-1*stride];\ + const unsigned av_unused t3 = src[ 3-1*stride];\ static void FUNCC(pred4x4_down_right)(uint8_t *_src, const uint8_t *topright, int _stride){ pixel *src = (pixel*)_src; From f65e396aa13925f125c320895d4b9eda241fbba6 Mon Sep 17 00:00:00 2001 From: Mans Rullgard Date: Sat, 8 Oct 2011 01:59:51 +0100 Subject: [PATCH 559/652] crc: fix signed overflow This fixes a signed overflow from i << 24 when i == 255 by making i unsigned. The result of the shift is already assigned to an variable of unsigned type. Signed-off-by: Mans Rullgard (cherry picked from commit 8b19ae07616bbd18969b94cbf5d74308a8f2bbdf) Signed-off-by: Michael Niedermayer --- libavutil/crc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavutil/crc.c b/libavutil/crc.c index c3d74a2ce9..d0e736ed4d 100644 --- a/libavutil/crc.c +++ b/libavutil/crc.c @@ -57,7 +57,7 @@ static AVCRC av_crc_table[AV_CRC_MAX][257]; * @return <0 on failure */ int av_crc_init(AVCRC *ctx, int le, int bits, uint32_t poly, int ctx_size){ - int i, j; + unsigned i, j; uint32_t c; if (bits < 8 || bits > 32 || poly >= (1LL< Date: Sun, 9 Oct 2011 20:32:58 +0100 Subject: [PATCH 560/652] mpegvideo_enc: fix a signed overflow Signed-off-by: Mans Rullgard (cherry picked from commit 05795f35be4b479bfa8d60ed3eb13e0f89e439c0) Signed-off-by: Michael Niedermayer --- libavcodec/mpegvideo_enc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mpegvideo_enc.c b/libavcodec/mpegvideo_enc.c index 3c92aa93f4..b9e141d4cd 100644 --- a/libavcodec/mpegvideo_enc.c +++ b/libavcodec/mpegvideo_enc.c @@ -2007,7 +2007,7 @@ static int mb_var_thread(AVCodecContext *c, void *arg){ int varc; int sum = s->dsp.pix_sum(pix, s->linesize); - varc = (s->dsp.pix_norm1(pix, s->linesize) - (((unsigned)(sum*sum))>>8) + 500 + 128)>>8; + varc = (s->dsp.pix_norm1(pix, s->linesize) - (((unsigned)sum*sum)>>8) + 500 + 128)>>8; s->current_picture.mb_var [s->mb_stride * mb_y + mb_x] = varc; s->current_picture.mb_mean[s->mb_stride * mb_y + mb_x] = (sum+128)>>8; From 33029d7353b2d005357ff7ef4d6968a9f70acb69 Mon Sep 17 00:00:00 2001 From: Mans Rullgard Date: Sun, 9 Oct 2011 20:46:22 +0100 Subject: [PATCH 561/652] wmavoice: fix a signed overflow Signed-off-by: Mans Rullgard (cherry picked from commit ba3f07d0611d9a6c10eaa90b3c058ecdffe76676) Signed-off-by: Michael Niedermayer --- libavcodec/wmavoice.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/wmavoice.c b/libavcodec/wmavoice.c index c343080b36..22273527af 100644 --- a/libavcodec/wmavoice.c +++ b/libavcodec/wmavoice.c @@ -1085,7 +1085,7 @@ static void aw_pulse_set2(WMAVoiceContext *s, GetBitContext *gb, int excl_range = s->aw_pulse_range; // always 16 or 24 uint16_t *use_mask_ptr = &use_mask[idx >> 4]; int first_sh = 16 - (idx & 15); - *use_mask_ptr++ &= 0xFFFF << first_sh; + *use_mask_ptr++ &= 0xFFFFu << first_sh; excl_range -= first_sh; if (excl_range >= 16) { *use_mask_ptr++ = 0; From 190807a56c88231d26c9f66f0dc19cb32db3afb4 Mon Sep 17 00:00:00 2001 From: Mans Rullgard Date: Sun, 9 Oct 2011 20:38:01 +0100 Subject: [PATCH 562/652] 4xm: fix signed overflow Signed-off-by: Mans Rullgard (cherry picked from commit 84dda407628e298f33d610e9e04a8b2945d24665) Signed-off-by: Michael Niedermayer --- libavcodec/4xm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/4xm.c b/libavcodec/4xm.c index 7344f4cd1f..3f8061f942 100644 --- a/libavcodec/4xm.c +++ b/libavcodec/4xm.c @@ -279,7 +279,7 @@ static void init_mv(FourXContext *f){ } #endif -static inline void mcdc(uint16_t *dst, uint16_t *src, int log2w, int h, int stride, int scale, int dc){ +static inline void mcdc(uint16_t *dst, uint16_t *src, int log2w, int h, int stride, int scale, unsigned dc){ int i; dc*= 0x10001; From 9b6080f68523353122e1727a10999bb3bab38e15 Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Fri, 7 Oct 2011 18:41:06 -0700 Subject: [PATCH 563/652] mxfdec: Fix some buffer overreads caused by the misuse of AVPacket related functions. (cherry picked from commit 0c46e958d1fd3817b8e9fa048d0450d509c80378) Signed-off-by: Michael Niedermayer --- libavformat/mxfdec.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index a69944d8d2..953d3b0002 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -223,12 +223,13 @@ static int mxf_get_d10_aes3_packet(AVIOContext *pb, AVStream *st, AVPacket *pkt, if (length > 61444) /* worst case PAL 1920 samples 8 channels */ return -1; - av_new_packet(pkt, length); - avio_read(pb, pkt->data, length); + length = av_get_packet(pb, pkt, length); + if (length < 0) + return length; data_ptr = pkt->data; end_ptr = pkt->data + length; buf_ptr = pkt->data + 4; /* skip SMPTE 331M header */ - for (; buf_ptr < end_ptr; ) { + for (; buf_ptr + st->codec->channels*4 < end_ptr; ) { for (i = 0; i < st->codec->channels; i++) { uint32_t sample = bytestream_get_le32(&buf_ptr); if (st->codec->bits_per_coded_sample == 24) @@ -238,7 +239,7 @@ static int mxf_get_d10_aes3_packet(AVIOContext *pb, AVStream *st, AVPacket *pkt, } buf_ptr += 32 - st->codec->channels*4; // always 8 channels stored SMPTE 331M } - pkt->size = data_ptr - pkt->data; + av_shrink_packet(pkt, data_ptr - pkt->data); return 0; } @@ -290,12 +291,16 @@ static int mxf_decrypt_triplet(AVFormatContext *s, AVPacket *pkt, KLVPacket *klv if (memcmp(tmpbuf, checkv, 16)) av_log(s, AV_LOG_ERROR, "probably incorrect decryption key\n"); size -= 32; - av_get_packet(pb, pkt, size); + size = av_get_packet(pb, pkt, size); + if (size < 0) + return size; + else if (size < plaintext_size) + return AVERROR_INVALIDDATA; size -= plaintext_size; if (mxf->aesc) av_aes_crypt(mxf->aesc, &pkt->data[plaintext_size], &pkt->data[plaintext_size], size >> 4, ivec, 1); - pkt->size = orig_size; + av_shrink_packet(pkt, orig_size); pkt->stream_index = index; avio_skip(pb, end - avio_tell(pb)); return 0; @@ -332,8 +337,11 @@ static int mxf_read_packet(AVFormatContext *s, AVPacket *pkt) av_log(s, AV_LOG_ERROR, "error reading D-10 aes3 frame\n"); return -1; } - } else - av_get_packet(s->pb, pkt, klv.length); + } else { + int ret = av_get_packet(s->pb, pkt, klv.length); + if (ret < 0) + return ret; + } pkt->stream_index = index; pkt->pos = klv.offset; return 0; From 73f85eae68b6d40cad1cd53b04a6ed1a31cced1b Mon Sep 17 00:00:00 2001 From: Mans Rullgard Date: Mon, 10 Oct 2011 20:41:31 +0100 Subject: [PATCH 564/652] sipr: fix get_bits(0) calls Zero-length get_bits() is undefined, must check before calling. Signed-off-by: Mans Rullgard (cherry picked from commit c79d2a20bad59298188171f1316a830d563a41ee) Signed-off-by: Michael Niedermayer --- libavcodec/sipr.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libavcodec/sipr.c b/libavcodec/sipr.c index db5ded740f..bd7d22388a 100644 --- a/libavcodec/sipr.c +++ b/libavcodec/sipr.c @@ -194,14 +194,16 @@ static void decode_parameters(SiprParameters* parms, GetBitContext *pgb, { int i, j; - parms->ma_pred_switch = get_bits(pgb, p->ma_predictor_bits); + if (p->ma_predictor_bits) + parms->ma_pred_switch = get_bits(pgb, p->ma_predictor_bits); for (i = 0; i < 5; i++) parms->vq_indexes[i] = get_bits(pgb, p->vq_indexes_bits[i]); for (i = 0; i < p->subframe_count; i++) { parms->pitch_delay[i] = get_bits(pgb, p->pitch_delay_bits[i]); - parms->gp_index[i] = get_bits(pgb, p->gp_index_bits); + if (p->gp_index_bits) + parms->gp_index[i] = get_bits(pgb, p->gp_index_bits); for (j = 0; j < p->number_of_fc_indexes; j++) parms->fc_indexes[i][j] = get_bits(pgb, p->fc_index_bits[j]); From 7f7b2e89e270801ea5918afa1432d3bb32f6ebc7 Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Wed, 21 Sep 2011 11:37:51 -0400 Subject: [PATCH 565/652] smacker: validate number of channels (cherry picked from commit e190e453bd1e4d4b409ed3556b3a50d1087c15d7) Signed-off-by: Michael Niedermayer --- libavcodec/smacker.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c index be4bc2336f..30dbaa7dae 100644 --- a/libavcodec/smacker.c +++ b/libavcodec/smacker.c @@ -560,6 +560,10 @@ static av_cold int decode_end(AVCodecContext *avctx) static av_cold int smka_decode_init(AVCodecContext *avctx) { + if (avctx->channels < 1 || avctx->channels > 2) { + av_log(avctx, AV_LOG_ERROR, "invalid number of channels\n"); + return AVERROR(EINVAL); + } avctx->channel_layout = (avctx->channels==2) ? AV_CH_LAYOUT_STEREO : AV_CH_LAYOUT_MONO; avctx->sample_fmt = avctx->bits_per_coded_sample == 8 ? AV_SAMPLE_FMT_U8 : AV_SAMPLE_FMT_S16; return 0; From e6b225532933655d95266ce772b8a45b14aa27ec Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Wed, 21 Sep 2011 11:42:55 -0400 Subject: [PATCH 566/652] smacker: check buffer size before reading output size (cherry picked from commit cf044f8bff0d28dbc34492f18b0d18b3ba8bad9d) Signed-off-by: Michael Niedermayer --- libavcodec/smacker.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c index 30dbaa7dae..0c1aa16224 100644 --- a/libavcodec/smacker.c +++ b/libavcodec/smacker.c @@ -587,6 +587,11 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data, int *data_size, int bits, stereo; int pred[2] = {0, 0}; + if (buf_size <= 4) { + av_log(avctx, AV_LOG_ERROR, "packet is too small\n"); + return AVERROR(EINVAL); + } + unp_size = AV_RL32(buf); init_get_bits(&gb, buf + 4, (buf_size - 4) * 8); From 800ab099e332c93c90634b14309c5d56659223a8 Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Wed, 21 Sep 2011 11:49:33 -0400 Subject: [PATCH 567/652] smacker: validate channels and sample format. (cherry picked from commit ff1f89de2da3472d133e2c95bf7c9ad2d88df33d) Signed-off-by: Michael Niedermayer --- libavcodec/smacker.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c index 0c1aa16224..0b7a19aa32 100644 --- a/libavcodec/smacker.c +++ b/libavcodec/smacker.c @@ -607,6 +607,14 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data, int *data_size, av_log(avctx, AV_LOG_ERROR, "Frame is too large to fit in buffer\n"); return -1; } + if (stereo ^ (avctx->channels != 1)) { + av_log(avctx, AV_LOG_ERROR, "channels mismatch\n"); + return AVERROR(EINVAL); + } + if (bits && avctx->sample_fmt == AV_SAMPLE_FMT_U8) { + av_log(avctx, AV_LOG_ERROR, "sample format mismatch\n"); + return AVERROR(EINVAL); + } memset(vlc, 0, sizeof(VLC) * 4); memset(h, 0, sizeof(HuffContext) * 4); From 1c3d46a9246af544f3e9b3b81fe8589e58756484 Mon Sep 17 00:00:00 2001 From: Mans Rullgard Date: Tue, 11 Oct 2011 16:00:21 +0100 Subject: [PATCH 568/652] h264: fix HRD parameters parsing The bit_rate_value_minus1 and cpb_size_value_minus1 elements allow a wider range than get_ue_golomb() supports. This adds a get_ue_golomb_long() function supporting up to 31 leading zeros, which is the maximum for these syntax elements, and uses it in decode_hrd_parameters(). Signed-off-by: Mans Rullgard (cherry picked from commit fdba370f8a1bdfc22ecbdf3c7148c2f8680a4ac4) Signed-off-by: Michael Niedermayer --- libavcodec/golomb.h | 14 ++++++++++++++ libavcodec/h264_ps.c | 4 ++-- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/libavcodec/golomb.h b/libavcodec/golomb.h index 90eeb30b54..8dff0322a7 100644 --- a/libavcodec/golomb.h +++ b/libavcodec/golomb.h @@ -75,6 +75,20 @@ static inline int get_ue_golomb(GetBitContext *gb){ } } +/** + * Read an unsigned Exp-Golomb code in the range 0 to UINT32_MAX-1. + */ +static inline unsigned get_ue_golomb_long(GetBitContext *gb) +{ + unsigned buf, log; + + buf = show_bits_long(gb, 32); + log = 31 - av_log2(buf); + skip_bits_long(gb, log); + + return get_bits_long(gb, log + 1) - 1; +} + /** * read unsigned exp golomb code, constraint to a max of 31. * the return value is undefined if the stored value exceeds 31. diff --git a/libavcodec/h264_ps.c b/libavcodec/h264_ps.c index 423f54b324..89e2502e0d 100644 --- a/libavcodec/h264_ps.c +++ b/libavcodec/h264_ps.c @@ -143,8 +143,8 @@ static inline int decode_hrd_parameters(H264Context *h, SPS *sps){ get_bits(&s->gb, 4); /* bit_rate_scale */ get_bits(&s->gb, 4); /* cpb_size_scale */ for(i=0; igb); /* bit_rate_value_minus1 */ - get_ue_golomb(&s->gb); /* cpb_size_value_minus1 */ + get_ue_golomb_long(&s->gb); /* bit_rate_value_minus1 */ + get_ue_golomb_long(&s->gb); /* cpb_size_value_minus1 */ get_bits1(&s->gb); /* cbr_flag */ } sps->initial_cpb_removal_delay_length = get_bits(&s->gb, 5) + 1; From 7d02df7036d4efef1410a840b3e5ffb7a8c42cf1 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 11 Oct 2011 20:09:53 +0200 Subject: [PATCH 569/652] arm: fix av_clipl_int32() asm Note, the other arm asm code is likely affected too and should be changed as well. Signed-off-by: Michael Niedermayer (cherry picked from commit 96bc6485bc929741827fc0f08ef06bea662a3eea) Signed-off-by: Michael Niedermayer --- libavutil/arm/intmath.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavutil/arm/intmath.h b/libavutil/arm/intmath.h index 4130177549..1e9d3e8b15 100644 --- a/libavutil/arm/intmath.h +++ b/libavutil/arm/intmath.h @@ -104,7 +104,7 @@ static av_always_inline av_const int32_t av_clipl_int32_arm(int64_t a) "mvnne %1, #1<<31 \n\t" "moveq %0, %Q2 \n\t" "eorne %0, %1, %R2, asr #31 \n\t" - : "=r"(x), "=&r"(y) : "r"(a)); + : "=r"(x), "=&r"(y) : "r"(a):"cc"); return x; } From 5ae87280e219e843c71201c580780e8e30083559 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 11 Oct 2011 22:03:19 +0200 Subject: [PATCH 570/652] mem: fix memalign hack av_realloc() Signed-off-by: Michael Niedermayer (cherry picked from commit fc11927890f38445a950b453d24928525da0e61a) Signed-off-by: Michael Niedermayer --- libavutil/mem.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavutil/mem.c b/libavutil/mem.c index a58f432a2c..a53676c553 100644 --- a/libavutil/mem.c +++ b/libavutil/mem.c @@ -137,7 +137,9 @@ void *av_realloc(void *ptr, size_t size) //FIXME this isn't aligned correctly, though it probably isn't needed if(!ptr) return av_malloc(size); diff= ((char*)ptr)[-1]; - return (char*)realloc((char*)ptr - diff, size + diff) + diff; + ptr= realloc((char*)ptr - diff, size + diff); + if(ptr) ptr = (char*)ptr + diff; + return ptr; #else return realloc(ptr, size + !size); #endif From d398d042c1b141277b81a24ba800db2832c5fe9c Mon Sep 17 00:00:00 2001 From: John Brooks Date: Wed, 12 Oct 2011 11:06:26 +0300 Subject: [PATCH 571/652] rtpdec: Fix the minimum packet length for RTCP SR packets MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We actually read 20 bytes of these packets. Signed-off-by: Martin Storsjö (cherry picked from commit 5d6ecf5345c0913e2b66427ea062e7989201a139) Signed-off-by: Michael Niedermayer --- libavformat/rtpdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/rtpdec.c b/libavformat/rtpdec.c index 9fc30d7b66..bc0aea6100 100644 --- a/libavformat/rtpdec.c +++ b/libavformat/rtpdec.c @@ -114,7 +114,7 @@ static int rtcp_parse_packet(RTPDemuxContext *s, const unsigned char *buf, int l while (len >= 2) { switch (buf[1]) { case RTCP_SR: - if (len < 16) { + if (len < 20) { av_log(NULL, AV_LOG_ERROR, "Invalid length for RTCP SR packet\n"); return AVERROR_INVALIDDATA; } From 2c0cddf25517b2fbe208637e599d517832ebc0e3 Mon Sep 17 00:00:00 2001 From: John Brooks Date: Wed, 12 Oct 2011 00:53:12 -0600 Subject: [PATCH 572/652] rtpdec: Read the packet length for all RTCP packet types MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This allows skipping past unsupported RTCP packet types, as RFC 3550 section 6.1 mandates. Currently this only has any practical effect if a sender puts an unrecognized type before RTCP_BYE in a compounded packet, or (incorrectly) does not put RTCP_SR first. Signed-off-by: Martin Storsjö (cherry picked from commit 07b77fe3871f86b87e35876d38f1969da5ece4b2) Signed-off-by: Michael Niedermayer --- libavformat/rtpdec.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/libavformat/rtpdec.c b/libavformat/rtpdec.c index bc0aea6100..130a78d0d1 100644 --- a/libavformat/rtpdec.c +++ b/libavformat/rtpdec.c @@ -111,14 +111,15 @@ RTPDynamicProtocolHandler *ff_rtp_handler_find_by_id(int id, static int rtcp_parse_packet(RTPDemuxContext *s, const unsigned char *buf, int len) { int payload_len; - while (len >= 2) { + while (len >= 4) { + payload_len = FFMIN(len, (AV_RB16(buf + 2) + 1) * 4); + switch (buf[1]) { case RTCP_SR: - if (len < 20) { + if (payload_len < 20) { av_log(NULL, AV_LOG_ERROR, "Invalid length for RTCP SR packet\n"); return AVERROR_INVALIDDATA; } - payload_len = (AV_RB16(buf + 2) + 1) * 4; s->last_rtcp_ntp_time = AV_RB64(buf + 8); s->last_rtcp_timestamp = AV_RB32(buf + 16); @@ -129,14 +130,13 @@ static int rtcp_parse_packet(RTPDemuxContext *s, const unsigned char *buf, int l s->rtcp_ts_offset = s->last_rtcp_timestamp - s->base_timestamp; } - buf += payload_len; - len -= payload_len; break; case RTCP_BYE: return -RTCP_BYE; - default: - return -1; } + + buf += payload_len; + len -= payload_len; } return -1; } From 7e95a12d51ffc5369f66ab46ce32f8c126678bbc Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Wed, 12 Oct 2011 22:30:44 -0400 Subject: [PATCH 573/652] mlpdec: validate that the reported channel count matches the actual output channel count (cherry picked from commit caa845851d790f894a2ccbe12580934f75545f92) Signed-off-by: Michael Niedermayer --- libavcodec/mlpdec.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/libavcodec/mlpdec.c b/libavcodec/mlpdec.c index b13d0795cd..baae9a321d 100644 --- a/libavcodec/mlpdec.c +++ b/libavcodec/mlpdec.c @@ -950,7 +950,12 @@ static int output_data_internal(MLPDecodeContext *m, unsigned int substr, int32_t *data_32 = (int32_t*) data; int16_t *data_16 = (int16_t*) data; - if (*data_size < (s->max_channel + 1) * s->blockpos * (is32 ? 4 : 2)) + if (m->avctx->channels != s->max_matrix_channel + 1) { + av_log(m->avctx, AV_LOG_ERROR, "channel count mismatch\n"); + return AVERROR_INVALIDDATA; + } + + if (*data_size < m->avctx->channels * s->blockpos * (is32 ? 4 : 2)) return -1; for (i = 0; i < s->blockpos; i++) { From 62cf52c8602efe8cf8c4713a8f44d5f76a908bb8 Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Wed, 12 Oct 2011 23:23:18 -0400 Subject: [PATCH 574/652] truespeech: check to make sure channels == 1 (cherry picked from commit 3e7a176759e8a8e66d65c779b47b5bba793dfd4e) Signed-off-by: Michael Niedermayer --- libavcodec/truespeech.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/truespeech.c b/libavcodec/truespeech.c index d903a0119e..b5f74662ba 100644 --- a/libavcodec/truespeech.c +++ b/libavcodec/truespeech.c @@ -56,6 +56,11 @@ static av_cold int truespeech_decode_init(AVCodecContext * avctx) { // TSContext *c = avctx->priv_data; + if (avctx->channels != 1) { + av_log_ask_for_sample(avctx, "Unsupported channel count: %d\n", avctx->channels); + return AVERROR(EINVAL); + } + avctx->sample_fmt = AV_SAMPLE_FMT_S16; return 0; } From 5c18bcfd9cb6b4bbb40d487b52226ed5cf79320e Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Thu, 13 Oct 2011 14:47:06 -0700 Subject: [PATCH 575/652] mov: Prevent illegal writes when chapter titles are very short. Signed-off-by: Michael Niedermayer --- libavformat/mov.c | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index cdba33dcb0..553abc246a 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -2402,14 +2402,21 @@ static void mov_read_chapters(AVFormatContext *s) // The samples could theoretically be in any encoding if there's an encd // atom following, but in practice are only utf-8 or utf-16, distinguished // instead by the presence of a BOM - ch = avio_rb16(sc->pb); - if (ch == 0xfeff) - avio_get_str16be(sc->pb, len, title, title_len); - else if (ch == 0xfffe) - avio_get_str16le(sc->pb, len, title, title_len); - else { - AV_WB16(title, ch); - get_strz(sc->pb, title + 2, len - 1); + if (!len) { + title[0] = 0; + } else { + ch = avio_rb16(sc->pb); + if (ch == 0xfeff) + avio_get_str16be(sc->pb, len, title, title_len); + else if (ch == 0xfffe) + avio_get_str16le(sc->pb, len, title, title_len); + else { + AV_WB16(title, ch); + if (len == 1 || len == 2) + title[len] = '0'; + else + get_strz(sc->pb, title + 2, len - 1); + } } ff_new_chapter(s, i, st->time_base, sample->timestamp, end, title); From e58870a58749eb3266e16166d8370a5f2e960311 Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Fri, 14 Oct 2011 10:38:42 -0700 Subject: [PATCH 576/652] mov: 10l: Terminate string with 0 not '0' (cherry picked from commit 7ad06beb2cf31d8a96f475361425d6cc95e8f176) Signed-off-by: Michael Niedermayer --- libavformat/mov.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index 553abc246a..a1aaf4a963 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -2413,7 +2413,7 @@ static void mov_read_chapters(AVFormatContext *s) else { AV_WB16(title, ch); if (len == 1 || len == 2) - title[len] = '0'; + title[len] = 0; else get_strz(sc->pb, title + 2, len - 1); } From d51c7b4cbe022f6b3b026735dc7e29eb50bbf129 Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Sat, 15 Oct 2011 00:03:55 +0200 Subject: [PATCH 577/652] matroskadec: fix out of bounds write Signed-off-by: Janne Grunau (cherry picked from commit 723229c11f1400e6a09c8a1c9c27193f376eb1d1) Signed-off-by: Michael Niedermayer --- libavformat/matroskadec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index 66d3e46b08..f5894124bc 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -1811,7 +1811,7 @@ static int matroska_parse_block(MatroskaDemuxContext *matroska, uint8_t *data, lace_size[n] = lace_size[n - 1] + snum; total += lace_size[n]; } - lace_size[n] = size - total; + lace_size[laces - 1] = size - total; break; } } From d1166f03bea9da2f14fbbfcc6987e6cef0132da1 Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Fri, 14 Oct 2011 23:21:46 +0200 Subject: [PATCH 578/652] vp8: fix return value if update_dimensions fails Signed-off-by: Janne Grunau (cherry picked from commit f05c2fb6eb1f9ddaec3c07d1874ba62ec0891269) Signed-off-by: Michael Niedermayer --- libavcodec/vp8.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/vp8.c b/libavcodec/vp8.c index a417ae3672..6e25876b01 100644 --- a/libavcodec/vp8.c +++ b/libavcodec/vp8.c @@ -273,7 +273,7 @@ static int decode_frame_header(VP8Context *s, const uint8_t *buf, int buf_size) if (!s->macroblocks_base || /* first frame */ width != s->avctx->width || height != s->avctx->height) { - if ((ret = update_dimensions(s, width, height) < 0)) + if ((ret = update_dimensions(s, width, height)) < 0) return ret; } From 5f5f36b52e21d9aed347aef73aefe473e7d31409 Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Fri, 14 Oct 2011 23:27:52 +0200 Subject: [PATCH 579/652] vp8: force reallocation in update_thread_context after frame size change Signed-off-by: Janne Grunau (cherry picked from commit 56535793810584f5b3ae59e62cea66fe22d0307d) Signed-off-by: Michael Niedermayer --- libavcodec/vp8.c | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/libavcodec/vp8.c b/libavcodec/vp8.c index 6e25876b01..daaee83f2d 100644 --- a/libavcodec/vp8.c +++ b/libavcodec/vp8.c @@ -33,6 +33,19 @@ # include "arm/vp8.h" #endif +static void free_buffers(VP8Context *s) +{ + av_freep(&s->macroblocks_base); + av_freep(&s->filter_strength); + av_freep(&s->intra4x4_pred_mode_top); + av_freep(&s->top_nnz); + av_freep(&s->edge_emu_buffer); + av_freep(&s->top_border); + av_freep(&s->segmentation_map); + + s->macroblocks = NULL; +} + static void vp8_decode_flush(AVCodecContext *avctx) { VP8Context *s = avctx->priv_data; @@ -45,15 +58,7 @@ static void vp8_decode_flush(AVCodecContext *avctx) } memset(s->framep, 0, sizeof(s->framep)); - av_freep(&s->macroblocks_base); - av_freep(&s->filter_strength); - av_freep(&s->intra4x4_pred_mode_top); - av_freep(&s->top_nnz); - av_freep(&s->edge_emu_buffer); - av_freep(&s->top_border); - av_freep(&s->segmentation_map); - - s->macroblocks = NULL; + free_buffers(s); } static int update_dimensions(VP8Context *s, int width, int height) @@ -1750,6 +1755,11 @@ static int vp8_decode_update_thread_context(AVCodecContext *dst, const AVCodecCo { VP8Context *s = dst->priv_data, *s_src = src->priv_data; + if (s->macroblocks_base && + (s_src->mb_width != s->mb_width || s_src->mb_height != s->mb_height)) { + free_buffers(s); + } + s->prob[0] = s_src->prob[!s_src->update_probabilities]; s->segmentation = s_src->segmentation; s->lf_delta = s_src->lf_delta; From d32f509de1c6bbd2b441cf1ce9fda08504bfae6f Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Fri, 14 Oct 2011 23:43:29 +0200 Subject: [PATCH 580/652] vp8: prevent read from uninitialized memory in decode_mvs Signed-off-by: Janne Grunau (cherry picked from commit 0f0b5d643401d4d83322eeee0e57eb5a226ef9ab) Signed-off-by: Michael Niedermayer --- libavcodec/vp8.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/vp8.c b/libavcodec/vp8.c index daaee83f2d..3217605e58 100644 --- a/libavcodec/vp8.c +++ b/libavcodec/vp8.c @@ -492,6 +492,7 @@ void decode_mvs(VP8Context *s, VP8Macroblock *mb, int mb_x, int mb_y) AV_ZERO32(&near_mv[0]); AV_ZERO32(&near_mv[1]); + AV_ZERO32(&near_mv[2]); /* Process MB on top, left and top-left */ #define MV_EDGE_CHECK(n)\ From 15a7fe106cb4ae57cf9d36bb1ed2006b5a59ba16 Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Fri, 14 Oct 2011 23:46:06 +0200 Subject: [PATCH 581/652] pthread: copy coded frame dimensions in update_context_from_thread Signed-off-by: Janne Grunau (cherry picked from commit feadcd1bdcbb4601f4ff01878027264fde985ee1) Signed-off-by: Michael Niedermayer --- libavcodec/pthread.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/pthread.c b/libavcodec/pthread.c index fb5c2f1e1e..4feecbaaed 100644 --- a/libavcodec/pthread.c +++ b/libavcodec/pthread.c @@ -332,6 +332,9 @@ static int update_context_from_thread(AVCodecContext *dst, AVCodecContext *src, dst->height = src->height; dst->pix_fmt = src->pix_fmt; + dst->coded_width = src->coded_width; + dst->coded_height = src->coded_height; + dst->has_b_frames = src->has_b_frames; dst->idct_algo = src->idct_algo; dst->slice_count = src->slice_count; From e86e9f8b7acd8c68a3d4fefc803756d7ee8737eb Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Fri, 14 Oct 2011 18:27:59 -0700 Subject: [PATCH 582/652] avio: Check for invalid buffer length. (cherry picked from commit ab2940691ba76e1a9b0ce608db0dfc45021d741e) Signed-off-by: Michael Niedermayer --- libavformat/aviobuf.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/libavformat/aviobuf.c b/libavformat/aviobuf.c index c6a67c3acc..1f79531559 100644 --- a/libavformat/aviobuf.c +++ b/libavformat/aviobuf.c @@ -778,13 +778,14 @@ int avio_get_str(AVIOContext *s, int maxlen, char *buf, int buflen) { int i; + if (buflen <= 0) + return AVERROR(EINVAL); // reserve 1 byte for terminating 0 buflen = FFMIN(buflen - 1, maxlen); for (i = 0; i < buflen; i++) if (!(buf[i] = avio_r8(s))) return i + 1; - if (buflen) - buf[i] = 0; + buf[i] = 0; for (; i < maxlen; i++) if (!avio_r8(s)) return i + 1; @@ -796,6 +797,8 @@ int avio_get_str(AVIOContext *s, int maxlen, char *buf, int buflen) {\ char* q = buf;\ int ret = 0;\ + if (buflen <= 0) \ + return AVERROR(EINVAL); \ while (ret + 1 < maxlen) {\ uint8_t tmp;\ uint32_t ch;\ From f531193690d91399dd99ae1bf61af311d9734f32 Mon Sep 17 00:00:00 2001 From: Matthew Einhorn Date: Wed, 24 Aug 2011 20:14:03 -0400 Subject: [PATCH 583/652] Fixes avpicture_layout to not write past buffer end. avpicture_get_size() returns the size of buffer required for avpicture_layout. For pseudo-paletted formats (gray8...) this size does not include the palette. However, avpicture_layout doesn't know this and still writes the palette. Consequently, avpicture_layout writes passed the length of the buffer. This fixes it by fixing avpicture_layout so that it doesn't write the palette for these formats. Signed-off-by: Matthew Einhorn Signed-off-by: Michael Niedermayer (cherry picked from commit e662b263d9c500270a8f1dc7e1b81b51d5bdfd4e) Signed-off-by: Michael Niedermayer --- libavcodec/imgconvert.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/libavcodec/imgconvert.c b/libavcodec/imgconvert.c index 9aa584fa5c..04c58ca278 100644 --- a/libavcodec/imgconvert.c +++ b/libavcodec/imgconvert.c @@ -470,6 +470,16 @@ int avpicture_layout(const AVPicture* src, enum PixelFormat pix_fmt, int width, } } + switch (pix_fmt) { + case PIX_FMT_RGB8: + case PIX_FMT_BGR8: + case PIX_FMT_RGB4_BYTE: + case PIX_FMT_BGR4_BYTE: + case PIX_FMT_GRAY8: + // do not include palette for these pseudo-paletted formats + return size; + } + if (desc->flags & PIX_FMT_PAL) memcpy((unsigned char *)(((size_t)dest + 3) & ~3), src->data[1], 256 * 4); From feef77ec3a88baa830cfe71a17fe857339cc3ea3 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 8 Oct 2011 23:40:40 +0200 Subject: [PATCH 584/652] mpegts: fix return value when enough ts packets have been parsed or when the first PMT has been seen. Signed-off-by: Michael Niedermayer (cherry picked from commit 49ec0c818dc3c1c293a582b57fb58ba611a10b32) Signed-off-by: Michael Niedermayer --- libavformat/mpegts.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/libavformat/mpegts.c b/libavformat/mpegts.c index 82f422161e..da8f228426 100644 --- a/libavformat/mpegts.c +++ b/libavformat/mpegts.c @@ -1083,7 +1083,7 @@ static void pmt_cb(MpegTSFilter *filter, const uint8_t *section, int section_len // stop parsing after pmt, we found header if (!ts->stream->nb_streams) - ts->stop_parse = 1; + ts->stop_parse = 2; for(;;) { st = 0; @@ -1403,11 +1403,15 @@ static int handle_packets(MpegTSContext *ts, int nb_packets) ts->stop_parse = 0; packet_num = 0; for(;;) { - if (ts->stop_parse>0) - break; packet_num++; - if (nb_packets != 0 && packet_num >= nb_packets) + if (nb_packets != 0 && packet_num >= nb_packets || + ts->stop_parse > 1) { + ret = AVERROR(EAGAIN); break; + } + if (ts->stop_parse > 0) + break; + ret = read_packet(s, packet, ts->raw_packet_size); if (ret != 0) return ret; From cbfd34246cdddc58a627dd10fc563245601b2162 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 8 Oct 2011 23:40:41 +0200 Subject: [PATCH 585/652] mpegts: do not return from ff_mpegts_parse_packet() after having seen the first PMT It prevents leaving the AVPacket uninitialized. Signed-off-by: Michael Niedermayer (cherry picked from commit bc38e83793be5f7a184c88be55e556453a25224b) Signed-off-by: Michael Niedermayer --- libavformat/mpegts.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavformat/mpegts.c b/libavformat/mpegts.c index da8f228426..618bd8f1b4 100644 --- a/libavformat/mpegts.c +++ b/libavformat/mpegts.c @@ -1862,10 +1862,8 @@ int ff_mpegts_parse_packet(MpegTSContext *ts, AVPacket *pkt, len1 = len; ts->pkt = pkt; - ts->stop_parse = 0; for(;;) { - if (ts->stop_parse>0) - break; + ts->stop_parse = 0; if (len < TS_PACKET_SIZE) return -1; if (buf[0] != 0x47) { @@ -1875,6 +1873,8 @@ int ff_mpegts_parse_packet(MpegTSContext *ts, AVPacket *pkt, handle_packet(ts, buf); buf += TS_PACKET_SIZE; len -= TS_PACKET_SIZE; + if (ts->stop_parse == 1) + break; } } return len1 - len; From e1ea35fb52d0ad2466c9c0565d99210df3f97237 Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Thu, 15 Sep 2011 18:08:52 -0400 Subject: [PATCH 586/652] shorten: check for realloc failure (cherry picked from commit 9e5e2c2d010c05c10337e9c1ec9d0d61495e0c9c) Signed-off-by: Michael Niedermayer --- libavcodec/shorten.c | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c index 4c1abe8e4c..8ebe033454 100644 --- a/libavcodec/shorten.c +++ b/libavcodec/shorten.c @@ -113,6 +113,7 @@ static int allocate_buffers(ShortenContext *s) { int i, chan; int *coeffs; + void *tmp_ptr; for (chan=0; chanchannels; chan++) { if(FFMAX(1, s->nmean) >= UINT_MAX/sizeof(int32_t)){ @@ -124,9 +125,15 @@ static int allocate_buffers(ShortenContext *s) return -1; } - s->offset[chan] = av_realloc(s->offset[chan], sizeof(int32_t)*FFMAX(1, s->nmean)); + tmp_ptr = av_realloc(s->offset[chan], sizeof(int32_t)*FFMAX(1, s->nmean)); + if (!tmp_ptr) + return AVERROR(ENOMEM); + s->offset[chan] = tmp_ptr; - s->decoded[chan] = av_realloc(s->decoded[chan], sizeof(int32_t)*(s->blocksize + s->nwrap)); + tmp_ptr = av_realloc(s->decoded[chan], sizeof(int32_t)*(s->blocksize + s->nwrap)); + if (!tmp_ptr) + return AVERROR(ENOMEM); + s->decoded[chan] = tmp_ptr; for (i=0; inwrap; i++) s->decoded[chan][i] = 0; s->decoded[chan] += s->nwrap; @@ -284,8 +291,15 @@ static int shorten_decode_frame(AVCodecContext *avctx, int i, input_buf_size = 0; int16_t *samples = data; if(s->max_framesize == 0){ + void *tmp_ptr; s->max_framesize= 1024; // should hopefully be enough for the first header - s->bitstream= av_fast_realloc(s->bitstream, &s->allocated_bitstream_size, s->max_framesize); + tmp_ptr = av_fast_realloc(s->bitstream, &s->allocated_bitstream_size, + s->max_framesize); + if (!tmp_ptr) { + av_log(avctx, AV_LOG_ERROR, "error allocating bitstream buffer\n"); + return AVERROR(ENOMEM); + } + s->bitstream = tmp_ptr; } if(1 && s->max_framesize){//FIXME truncated From b08001e00ac4be3dd586825d135b30bdf389d7b0 Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Fri, 16 Sep 2011 18:01:28 -0400 Subject: [PATCH 587/652] shorten: check output buffer size before decoding Signed-off-by: Michael Niedermayer --- libavcodec/shorten.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c index 8ebe033454..0b9d420d86 100644 --- a/libavcodec/shorten.c +++ b/libavcodec/shorten.c @@ -481,6 +481,12 @@ static int shorten_decode_frame(AVCodecContext *avctx, s->cur_chan++; if (s->cur_chan == s->channels) { + int out_size = s->blocksize * s->channels * + av_get_bytes_per_sample(avctx->sample_fmt); + if (*data_size < out_size) { + av_log(avctx, AV_LOG_ERROR, "Output buffer is too small\n"); + return AVERROR(EINVAL); + } samples = interleave_buffer(samples, s->channels, s->blocksize, s->decoded); s->cur_chan = 0; goto frame_done; From 93f1159af5221e23c749be8fa0d3df3ef7a93fd0 Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Thu, 3 Nov 2011 15:55:52 -0700 Subject: [PATCH 588/652] vp6: Fix illegal read. (cherry picked from commit 2a6eb06254df79e96b3d791b6b89b2534ced3119) Signed-off-by: Michael Niedermayer --- libavcodec/vp6.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavcodec/vp6.c b/libavcodec/vp6.c index 3721d52192..c66d2e74ff 100644 --- a/libavcodec/vp6.c +++ b/libavcodec/vp6.c @@ -374,7 +374,7 @@ static void vp6_parse_coeff_huffman(VP56Context *s) if (b > 3) pt = 1; vlc_coeff = &s->dccv_vlc[pt]; - for (coeff_idx=0; coeff_idx<64; ) { + for (coeff_idx = 0;;) { int run = 1; if (coeff_idx<2 && s->nb_null[coeff_idx][pt]) { s->nb_null[coeff_idx][pt]--; @@ -411,6 +411,8 @@ static void vp6_parse_coeff_huffman(VP56Context *s) } } coeff_idx+=run; + if (coeff_idx >= 64) + break; cg = FFMIN(vp6_coeff_groups[coeff_idx], 3); vlc_coeff = &s->ract_vlc[pt][ct][cg]; } From e9de2d98a904aa6f13fd07cb776850569e110f22 Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Fri, 23 Sep 2011 19:50:41 -0400 Subject: [PATCH 589/652] twinvq: check output buffer size before decoding (cherry picked from commit e53eecd0e7211973a1a9757f559bdd93a1848901) Signed-off-by: Michael Niedermayer --- libavcodec/twinvq.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/libavcodec/twinvq.c b/libavcodec/twinvq.c index f8e75bb933..7be13bcf0c 100644 --- a/libavcodec/twinvq.c +++ b/libavcodec/twinvq.c @@ -822,7 +822,7 @@ static int twin_decode_frame(AVCodecContext * avctx, void *data, const ModeTab *mtab = tctx->mtab; float *out = data; enum FrameType ftype; - int window_type; + int window_type, out_size; static const enum FrameType wtype_to_ftype_table[] = { FT_LONG, FT_LONG, FT_SHORT, FT_LONG, FT_MEDIUM, FT_LONG, FT_LONG, FT_MEDIUM, FT_MEDIUM @@ -835,6 +835,13 @@ static int twin_decode_frame(AVCodecContext * avctx, void *data, return buf_size; } + out_size = mtab->size * avctx->channels * + av_get_bytes_per_sample(avctx->sample_fmt); + if (*data_size < out_size) { + av_log(avctx, AV_LOG_ERROR, "output buffer is too small\n"); + return AVERROR(EINVAL); + } + init_get_bits(&gb, buf, buf_size * 8); skip_bits(&gb, get_bits(&gb, 8)); window_type = get_bits(&gb, WINDOW_TYPE_BITS); @@ -857,7 +864,7 @@ static int twin_decode_frame(AVCodecContext * avctx, void *data, return buf_size; } - *data_size = mtab->size*avctx->channels*4; + *data_size = out_size; return buf_size; } From 2137d99086b36b95f589ec19ab3f906d32d31b4a Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Fri, 23 Sep 2011 19:56:58 -0400 Subject: [PATCH 590/652] vorbisdec: check output buffer size before writing output (cherry picked from commit 60aa1a358d9c1c8f891e72246d5dcd897857eca8) Signed-off-by: Michael Niedermayer --- libavcodec/vorbisdec.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/libavcodec/vorbisdec.c b/libavcodec/vorbisdec.c index 024c8fd3cf..8f16d3a5a5 100644 --- a/libavcodec/vorbisdec.c +++ b/libavcodec/vorbisdec.c @@ -1605,7 +1605,7 @@ static int vorbis_decode_frame(AVCodecContext *avccontext, vorbis_context *vc = avccontext->priv_data ; GetBitContext *gb = &(vc->gb); const float *channel_ptrs[255]; - int i, len; + int i, len, out_size; if (!buf_size) return 0; @@ -1630,6 +1630,13 @@ static int vorbis_decode_frame(AVCodecContext *avccontext, av_dlog(NULL, "parsed %d bytes %d bits, returned %d samples (*ch*bits) \n", get_bits_count(gb) / 8, get_bits_count(gb) % 8, len); + out_size = len * vc->audio_channels * + av_get_bytes_per_sample(avccontext->sample_fmt); + if (*data_size < out_size) { + av_log(avccontext, AV_LOG_ERROR, "output buffer is too small\n"); + return AVERROR(EINVAL); + } + if (vc->audio_channels > 8) { for (i = 0; i < vc->audio_channels; i++) channel_ptrs[i] = vc->channel_floors + i * len; @@ -1645,8 +1652,7 @@ static int vorbis_decode_frame(AVCodecContext *avccontext, vc->fmt_conv.float_to_int16_interleave(data, channel_ptrs, len, vc->audio_channels); - *data_size = len * vc->audio_channels * - av_get_bytes_per_sample(avccontext->sample_fmt); + *data_size = out_size; return buf_size ; } From 241f15f1c93f5bd661a187e42644220fd89ea7de Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Fri, 23 Sep 2011 19:22:06 -0400 Subject: [PATCH 591/652] tta: check for extradata allocation failure in tta demuxer (cherry picked from commit f540ca22c5fb4504d959c295f55591a9ec2a8859) Signed-off-by: Michael Niedermayer --- libavformat/tta.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavformat/tta.c b/libavformat/tta.c index c37039d0da..9df9763c74 100644 --- a/libavformat/tta.c +++ b/libavformat/tta.c @@ -107,6 +107,10 @@ static int tta_read_header(AVFormatContext *s, AVFormatParameters *ap) return -1; } st->codec->extradata = av_mallocz(st->codec->extradata_size+FF_INPUT_BUFFER_PADDING_SIZE); + if (!st->codec->extradata) { + st->codec->extradata_size = 0; + return AVERROR(ENOMEM); + } avio_seek(s->pb, start_offset, SEEK_SET); avio_read(s->pb, st->codec->extradata, st->codec->extradata_size); From 6ae93d030476ddd7fa2ab4d9d2dd25df85725390 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 27 Oct 2011 14:31:53 +0200 Subject: [PATCH 592/652] resample: Fix overflow Found-by: Jim Radford Signed-off-by: Michael Niedermayer --- libavcodec/resample2.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libavcodec/resample2.c b/libavcodec/resample2.c index b940059d84..fc8ffea466 100644 --- a/libavcodec/resample2.c +++ b/libavcodec/resample2.c @@ -207,8 +207,10 @@ AVResampleContext *av_resample_init(int out_rate, int in_rate, int filter_size, memcpy(&c->filter_bank[c->filter_length*phase_count+1], c->filter_bank, (c->filter_length-1)*sizeof(FELEM)); c->filter_bank[c->filter_length*phase_count]= c->filter_bank[c->filter_length - 1]; - c->src_incr= out_rate; - c->ideal_dst_incr= c->dst_incr= in_rate * phase_count; + if(!av_reduce(&c->src_incr, &c->dst_incr, out_rate, in_rate * (int64_t)phase_count, INT32_MAX/2)) + goto error; + c->ideal_dst_incr= c->dst_incr; + c->index= -phase_count*((c->filter_length-1)/2); return c; From a39b5e8b323785695fb0e3c0f30bd9e24287db87 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 27 Oct 2011 14:34:45 +0200 Subject: [PATCH 593/652] resample2: fix potential overflow Signed-off-by: Michael Niedermayer --- libavcodec/resample2.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/libavcodec/resample2.c b/libavcodec/resample2.c index fc8ffea466..5c425587ab 100644 --- a/libavcodec/resample2.c +++ b/libavcodec/resample2.c @@ -248,10 +248,9 @@ int av_resample(AVResampleContext *c, short *dst, short *src, int *consumed, int dst[dst_index] = src[index2>>32]; index2 += incr; } - frac += dst_index * dst_incr_frac; index += dst_index * dst_incr; - index += frac / c->src_incr; - frac %= c->src_incr; + index += (frac + dst_index * (int64_t)dst_incr_frac) / c->src_incr; + frac = (frac + dst_index * (int64_t)dst_incr_frac) % c->src_incr; }else{ for(dst_index=0; dst_index < dst_size; dst_index++){ FELEM *filter= c->filter_bank + c->filter_length*(index & c->phase_mask); From edf3c5a3ebeee8df55c6a05f88a682091f10a364 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 27 Oct 2011 15:26:45 +0200 Subject: [PATCH 594/652] resample: Fix array size Found-by: Jim Radford Signed-off-by: Michael Niedermayer (cherry picked from commit 3e7db0a9ee758bf0570a141be1fea64f8d9c03db) Signed-off-by: Michael Niedermayer --- libavcodec/resample.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/resample.c b/libavcodec/resample.c index 33413dbeaf..68e604ee92 100644 --- a/libavcodec/resample.c +++ b/libavcodec/resample.c @@ -326,9 +326,9 @@ int audio_resample(ReSampleContext *s, short *output, short *input, int nb_sampl if (s->sample_fmt[1] != AV_SAMPLE_FMT_S16) { output_bak = output; - if (!s->buffer_size[1] || s->buffer_size[1] < lenout) { + if (!s->buffer_size[1] || s->buffer_size[1] < 2*lenout) { av_free(s->buffer[1]); - s->buffer_size[1] = lenout; + s->buffer_size[1] = 2*lenout; s->buffer[1] = av_malloc(s->buffer_size[1]); if (!s->buffer[1]) { av_log(s->resample_context, AV_LOG_ERROR, "Could not allocate buffer\n"); From 4a66fe21073e87079720b961c209ea55fc9234a3 Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Tue, 27 Sep 2011 14:27:43 -0400 Subject: [PATCH 595/652] mpegaudiodec: check output data size based on avctx->frame_size Signed-off-by: Michael Niedermayer --- libavcodec/mpegaudiodec.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/libavcodec/mpegaudiodec.c b/libavcodec/mpegaudiodec.c index 9fbae0c316..32dfd23bc1 100644 --- a/libavcodec/mpegaudiodec.c +++ b/libavcodec/mpegaudiodec.c @@ -1801,8 +1801,8 @@ static int decode_frame(AVCodecContext * avctx, avctx->bit_rate = s->bit_rate; avctx->sub_id = s->layer; - if(*data_size < 1152*avctx->channels*sizeof(OUT_INT)) - return -1; + if (*data_size < avctx->frame_size * avctx->channels * sizeof(OUT_INT)) + return AVERROR(EINVAL); *data_size = 0; if(s->frame_size<=0 || s->frame_size > buf_size){ @@ -1870,6 +1870,9 @@ static int decode_frame_adu(AVCodecContext * avctx, avctx->bit_rate = s->bit_rate; avctx->sub_id = s->layer; + if (*data_size < avctx->frame_size * avctx->channels * sizeof(OUT_INT)) + return AVERROR(EINVAL); + s->frame_size = len; if (avctx->parse_only) { From f19b8d95335a9fb616c7c1d806d3dd3abda031c9 Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Tue, 11 Oct 2011 11:47:15 -0400 Subject: [PATCH 596/652] apedec: check for filter buffer allocation failure (cherry picked from commit 7500781313d11b37772c05a28da20fbc112db478) Signed-off-by: Michael Niedermayer --- libavcodec/apedec.c | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c index f036c4a1d7..7cf72a00bd 100644 --- a/libavcodec/apedec.c +++ b/libavcodec/apedec.c @@ -163,6 +163,18 @@ typedef struct APEContext { // TODO: dsputilize +static av_cold int ape_decode_close(AVCodecContext * avctx) +{ + APEContext *s = avctx->priv_data; + int i; + + for (i = 0; i < APE_FILTER_LEVELS; i++) + av_freep(&s->filterbuf[i]); + + av_freep(&s->data); + return 0; +} + static av_cold int ape_decode_init(AVCodecContext * avctx) { APEContext *s = avctx->priv_data; @@ -195,25 +207,18 @@ static av_cold int ape_decode_init(AVCodecContext * avctx) for (i = 0; i < APE_FILTER_LEVELS; i++) { if (!ape_filter_orders[s->fset][i]) break; - s->filterbuf[i] = av_malloc((ape_filter_orders[s->fset][i] * 3 + HISTORY_SIZE) * 4); + FF_ALLOC_OR_GOTO(avctx, s->filterbuf[i], + (ape_filter_orders[s->fset][i] * 3 + HISTORY_SIZE) * 4, + filter_alloc_fail); } dsputil_init(&s->dsp, avctx); avctx->sample_fmt = AV_SAMPLE_FMT_S16; avctx->channel_layout = (avctx->channels==2) ? AV_CH_LAYOUT_STEREO : AV_CH_LAYOUT_MONO; return 0; -} - -static av_cold int ape_decode_close(AVCodecContext * avctx) -{ - APEContext *s = avctx->priv_data; - int i; - - for (i = 0; i < APE_FILTER_LEVELS; i++) - av_freep(&s->filterbuf[i]); - - av_freep(&s->data); - return 0; +filter_alloc_fail: + ape_decode_close(avctx); + return AVERROR(ENOMEM); } /** From 43fa5bf55ed5e1a26fff6d0cd434fb911250ee9a Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Tue, 11 Oct 2011 12:47:11 -0400 Subject: [PATCH 597/652] apedec: check for data buffer realloc failure (cherry picked from commit 11ca8b2d7486e879926488404b3b79af774f0f2d) Signed-off-by: Michael Niedermayer --- libavcodec/apedec.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c index 7cf72a00bd..4c2d238b16 100644 --- a/libavcodec/apedec.c +++ b/libavcodec/apedec.c @@ -819,7 +819,10 @@ static int ape_decode_frame(AVCodecContext * avctx, } if(!s->samples){ - s->data = av_realloc(s->data, (buf_size + 3) & ~3); + void *tmp_data = av_realloc(s->data, (buf_size + 3) & ~3); + if (!tmp_data) + return AVERROR(ENOMEM); + s->data = tmp_data; s->dsp.bswap_buf((uint32_t*)s->data, (const uint32_t*)buf, buf_size >> 2); s->ptr = s->last_ptr = s->data; s->data_end = s->data + buf_size; From 998fc04bcfeeaa2b0885ee84e37bcd345797981a Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Tue, 11 Oct 2011 13:17:44 -0400 Subject: [PATCH 598/652] apedec: use unsigned int for 'nblocks' and make sure that it's within int range Signed-off-by: Michael Niedermayer --- libavcodec/apedec.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c index 4c2d238b16..260ef2efa0 100644 --- a/libavcodec/apedec.c +++ b/libavcodec/apedec.c @@ -802,7 +802,7 @@ static int ape_decode_frame(AVCodecContext * avctx, int buf_size = avpkt->size; APEContext *s = avctx->priv_data; int16_t *samples = data; - int nblocks; + uint32_t nblocks; int i, n; int blockstodecode; int bytes_used; @@ -838,9 +838,10 @@ static int ape_decode_frame(AVCodecContext * avctx, s->currentframeblocks = nblocks; buf += 4; - if (s->samples <= 0) { + if (!nblocks || nblocks > INT_MAX) { + av_log(avctx, AV_LOG_ERROR, "Invalid sample count: %u.\n", nblocks); *data_size = 0; - return buf_size; + return AVERROR_INVALIDDATA; } memset(s->decoded0, 0, sizeof(s->decoded0)); From ae2d3d6be01a520b1b3f71510359a99c82631751 Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Tue, 11 Oct 2011 13:25:27 -0400 Subject: [PATCH 599/652] apedec: set s->currentframeblocks after validating nblocks --- libavcodec/apedec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c index 260ef2efa0..4d8a9401c1 100644 --- a/libavcodec/apedec.c +++ b/libavcodec/apedec.c @@ -827,7 +827,7 @@ static int ape_decode_frame(AVCodecContext * avctx, s->ptr = s->last_ptr = s->data; s->data_end = s->data + buf_size; - nblocks = s->samples = bytestream_get_be32(&s->ptr); + nblocks = bytestream_get_be32(&s->ptr); n = bytestream_get_be32(&s->ptr); if(n < 0 || n > 3){ av_log(avctx, AV_LOG_ERROR, "Incorrect offset passed\n"); @@ -836,13 +836,13 @@ static int ape_decode_frame(AVCodecContext * avctx, } s->ptr += n; - s->currentframeblocks = nblocks; buf += 4; if (!nblocks || nblocks > INT_MAX) { av_log(avctx, AV_LOG_ERROR, "Invalid sample count: %u.\n", nblocks); *data_size = 0; return AVERROR_INVALIDDATA; } + s->currentframeblocks = s->samples = nblocks; memset(s->decoded0, 0, sizeof(s->decoded0)); memset(s->decoded1, 0, sizeof(s->decoded1)); From 0ac6777a34f4e53b36dc6665826f94798d1e195f Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Fri, 28 Oct 2011 23:50:04 -0700 Subject: [PATCH 600/652] vp3: fix oob read for negative tokens and memleaks on error. (cherry picked from commit 8370e426e42f2e4b9d14a1fb8107ecfe5163ce7f) Signed-off-by: Michael Niedermayer --- libavcodec/vp3.c | 59 ++++++++++++++++++++++++++++++++++++------------ 1 file changed, 45 insertions(+), 14 deletions(-) diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c index b9af998bc5..549f494ff6 100644 --- a/libavcodec/vp3.c +++ b/libavcodec/vp3.c @@ -45,6 +45,7 @@ #define FRAGMENT_PIXELS 8 static av_cold int vp3_decode_end(AVCodecContext *avctx); +static void vp3_decode_flush(AVCodecContext *avctx); //FIXME split things out into their own arrays typedef struct Vp3Fragment { @@ -890,7 +891,7 @@ static int unpack_vlcs(Vp3DecodeContext *s, GetBitContext *gb, /* decode a VLC into a token */ token = get_vlc2(gb, vlc_table, 11, 3); /* use the token to get a zero run, a coefficient, and an eob run */ - if (token <= 6) { + if ((unsigned) token <= 6U) { eob_run = eob_run_base[token]; if (eob_run_get_bits[token]) eob_run += get_bits(gb, eob_run_get_bits[token]); @@ -908,7 +909,7 @@ static int unpack_vlcs(Vp3DecodeContext *s, GetBitContext *gb, coeff_i += eob_run; eob_run = 0; } - } else { + } else if (token >= 0) { bits_to_get = coeff_get_bits[token]; if (bits_to_get) bits_to_get = get_bits(gb, bits_to_get); @@ -942,6 +943,10 @@ static int unpack_vlcs(Vp3DecodeContext *s, GetBitContext *gb, for (i = coeff_index+1; i <= coeff_index+zero_run; i++) s->num_coded_frags[plane][i]--; coeff_i++; + } else { + av_log(s->avctx, AV_LOG_ERROR, + "Invalid token %d\n", token); + return -1; } } @@ -991,6 +996,8 @@ static int unpack_dct_coeffs(Vp3DecodeContext *s, GetBitContext *gb) /* unpack the Y plane DC coefficients */ residual_eob_run = unpack_vlcs(s, gb, &s->dc_vlc[dc_y_table], 0, 0, residual_eob_run); + if (residual_eob_run < 0) + return residual_eob_run; /* reverse prediction of the Y-plane DC coefficients */ reverse_dc_prediction(s, 0, s->fragment_width[0], s->fragment_height[0]); @@ -998,8 +1005,12 @@ static int unpack_dct_coeffs(Vp3DecodeContext *s, GetBitContext *gb) /* unpack the C plane DC coefficients */ residual_eob_run = unpack_vlcs(s, gb, &s->dc_vlc[dc_c_table], 0, 1, residual_eob_run); + if (residual_eob_run < 0) + return residual_eob_run; residual_eob_run = unpack_vlcs(s, gb, &s->dc_vlc[dc_c_table], 0, 2, residual_eob_run); + if (residual_eob_run < 0) + return residual_eob_run; /* reverse prediction of the C-plane DC coefficients */ if (!(s->avctx->flags & CODEC_FLAG_GRAY)) @@ -1036,11 +1047,17 @@ static int unpack_dct_coeffs(Vp3DecodeContext *s, GetBitContext *gb) for (i = 1; i <= 63; i++) { residual_eob_run = unpack_vlcs(s, gb, y_tables[i], i, 0, residual_eob_run); + if (residual_eob_run < 0) + return residual_eob_run; residual_eob_run = unpack_vlcs(s, gb, c_tables[i], i, 1, residual_eob_run); + if (residual_eob_run < 0) + return residual_eob_run; residual_eob_run = unpack_vlcs(s, gb, c_tables[i], i, 2, residual_eob_run); + if (residual_eob_run < 0) + return residual_eob_run; } return 0; @@ -1777,10 +1794,15 @@ static int vp3_update_thread_context(AVCodecContext *dst, const AVCodecContext * Vp3DecodeContext *s = dst->priv_data, *s1 = src->priv_data; int qps_changed = 0, i, err; +#define copy_fields(to, from, start_field, end_field) memcpy(&to->start_field, &from->start_field, (char*)&to->end_field - (char*)&to->start_field) + if (!s1->current_frame.data[0] ||s->width != s1->width - ||s->height!= s1->height) + ||s->height!= s1->height) { + if (s != s1) + copy_fields(s, s1, golden_frame, current_frame); return -1; + } if (s != s1) { // init tables if the first frame hasn't been decoded @@ -1796,8 +1818,6 @@ static int vp3_update_thread_context(AVCodecContext *dst, const AVCodecContext * memcpy(s->motion_val[1], s1->motion_val[1], c_fragment_count * sizeof(*s->motion_val[1])); } -#define copy_fields(to, from, start_field, end_field) memcpy(&to->start_field, &from->start_field, (char*)&to->end_field - (char*)&to->start_field) - // copy previous frame data copy_fields(s, s1, golden_frame, dsp); @@ -1987,9 +2007,6 @@ static av_cold int vp3_decode_end(AVCodecContext *avctx) Vp3DecodeContext *s = avctx->priv_data; int i; - if (avctx->is_copy && !s->current_frame.data[0]) - return 0; - av_free(s->superblock_coding); av_free(s->all_fragments); av_free(s->coded_fragment_list[0]); @@ -2016,12 +2033,7 @@ static av_cold int vp3_decode_end(AVCodecContext *avctx) free_vlc(&s->motion_vector_vlc); /* release all frames */ - if (s->golden_frame.data[0]) - ff_thread_release_buffer(avctx, &s->golden_frame); - if (s->last_frame.data[0] && s->last_frame.type != FF_BUFFER_TYPE_COPY) - ff_thread_release_buffer(avctx, &s->last_frame); - /* no need to release the current_frame since it will always be pointing - * to the same frame as either the golden or last frame */ + vp3_decode_flush(avctx); return 0; } @@ -2341,6 +2353,23 @@ static void vp3_decode_flush(AVCodecContext *avctx) ff_thread_release_buffer(avctx, &s->current_frame); } +static int vp3_init_thread_copy(AVCodecContext *avctx) +{ + Vp3DecodeContext *s = avctx->priv_data; + + s->superblock_coding = NULL; + s->all_fragments = NULL; + s->coded_fragment_list[0] = NULL; + s->dct_tokens_base = NULL; + s->superblock_fragments = NULL; + s->macroblock_coding = NULL; + s->motion_val[0] = NULL; + s->motion_val[1] = NULL; + s->edge_emu_buffer = NULL; + + return 0; +} + AVCodec ff_theora_decoder = { "theora", AVMEDIA_TYPE_VIDEO, @@ -2354,6 +2383,7 @@ AVCodec ff_theora_decoder = { NULL, .flush = vp3_decode_flush, .long_name = NULL_IF_CONFIG_SMALL("Theora"), + .init_thread_copy = ONLY_IF_THREADS_ENABLED(vp3_init_thread_copy), .update_thread_context = ONLY_IF_THREADS_ENABLED(vp3_update_thread_context) }; #endif @@ -2371,5 +2401,6 @@ AVCodec ff_vp3_decoder = { NULL, .flush = vp3_decode_flush, .long_name = NULL_IF_CONFIG_SMALL("On2 VP3"), + .init_thread_copy = ONLY_IF_THREADS_ENABLED(vp3_init_thread_copy), .update_thread_context = ONLY_IF_THREADS_ENABLED(vp3_update_thread_context) }; From 346e089d25ba5f1f7509a7fbff6843471b7ccf6b Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Fri, 14 Oct 2011 00:16:31 -0400 Subject: [PATCH 601/652] atrac1: check output buffer size before decoding (cherry picked from commit 33684b9c12b74c0140fb91e8150263db4a48d55e) Signed-off-by: Michael Niedermayer --- libavcodec/atrac1.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/libavcodec/atrac1.c b/libavcodec/atrac1.c index 1f4c36c141..9d37e4c866 100644 --- a/libavcodec/atrac1.c +++ b/libavcodec/atrac1.c @@ -276,7 +276,7 @@ static int atrac1_decode_frame(AVCodecContext *avctx, void *data, const uint8_t *buf = avpkt->data; int buf_size = avpkt->size; AT1Ctx *q = avctx->priv_data; - int ch, ret, i; + int ch, ret, i, out_size; GetBitContext gb; float* samples = data; @@ -286,6 +286,13 @@ static int atrac1_decode_frame(AVCodecContext *avctx, void *data, return -1; } + out_size = q->channels * AT1_SU_SAMPLES * + av_get_bytes_per_sample(avctx->sample_fmt); + if (*data_size < out_size) { + av_log(avctx, AV_LOG_ERROR, "Output buffer is too small\n"); + return AVERROR(EINVAL); + } + for (ch = 0; ch < q->channels; ch++) { AT1SUCtx* su = &q->SUs[ch]; @@ -318,7 +325,7 @@ static int atrac1_decode_frame(AVCodecContext *avctx, void *data, } } - *data_size = q->channels * AT1_SU_SAMPLES * sizeof(*samples); + *data_size = out_size; return avctx->block_align; } From f98bb0d3ec73b047121bcdf172cc809ac3c47013 Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Fri, 14 Oct 2011 00:24:50 -0400 Subject: [PATCH 602/652] atrac1: validate number of channels (cherry picked from commit bff5b2c1ca1290ea30587ff2f76171f9e3854872) Signed-off-by: Michael Niedermayer --- libavcodec/atrac1.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/atrac1.c b/libavcodec/atrac1.c index 9d37e4c866..6897790307 100644 --- a/libavcodec/atrac1.c +++ b/libavcodec/atrac1.c @@ -336,6 +336,11 @@ static av_cold int atrac1_decode_init(AVCodecContext *avctx) avctx->sample_fmt = AV_SAMPLE_FMT_FLT; + if (avctx->channels < 1 || avctx->channels > AT1_MAX_CHANNELS) { + av_log(avctx, AV_LOG_ERROR, "Unsupported number of channels: %d\n", + avctx->channels); + return AVERROR(EINVAL); + } q->channels = avctx->channels; /* Init the mdct transforms */ From 8491677ab632f89f31bb26e48c8d1c429be07928 Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Tue, 25 Oct 2011 13:47:50 -0400 Subject: [PATCH 603/652] binkaudio: add some buffer overread checks. This stops decoding before overreads instead of after. (cherry picked from commit 101ef19ef4dc9f5c3d536aee8fcc10fff2af4d9e) Signed-off-by: Michael Niedermayer --- libavcodec/binkaudio.c | 47 +++++++++++++++++++++++++++++++++--------- 1 file changed, 37 insertions(+), 10 deletions(-) diff --git a/libavcodec/binkaudio.c b/libavcodec/binkaudio.c index ff36458c7e..3b65a19261 100644 --- a/libavcodec/binkaudio.c +++ b/libavcodec/binkaudio.c @@ -153,11 +153,18 @@ static const uint8_t rle_length_tab[16] = { 2, 3, 4, 5, 6, 8, 9, 10, 11, 12, 13, 14, 15, 16, 32, 64 }; +#define GET_BITS_SAFE(out, nbits) do { \ + if (get_bits_left(gb) < nbits) \ + return AVERROR_INVALIDDATA; \ + out = get_bits(gb, nbits); \ +} while (0) + /** * Decode Bink Audio block * @param[out] out Output buffer (must contain s->block_size elements) + * @return 0 on success, negative error code on failure */ -static void decode_block(BinkAudioContext *s, short *out, int use_dct) +static int decode_block(BinkAudioContext *s, short *out, int use_dct) { int ch, i, j, k; float q, quant[25]; @@ -170,13 +177,19 @@ static void decode_block(BinkAudioContext *s, short *out, int use_dct) for (ch = 0; ch < s->channels; ch++) { FFTSample *coeffs = s->coeffs_ptr[ch]; if (s->version_b) { + if (get_bits_left(gb) < 64) + return AVERROR_INVALIDDATA; coeffs[0] = av_int2flt(get_bits(gb, 32)) * s->root; coeffs[1] = av_int2flt(get_bits(gb, 32)) * s->root; } else { + if (get_bits_left(gb) < 58) + return AVERROR_INVALIDDATA; coeffs[0] = get_float(gb) * s->root; coeffs[1] = get_float(gb) * s->root; } + if (get_bits_left(gb) < s->num_bands * 8) + return AVERROR_INVALIDDATA; for (i = 0; i < s->num_bands; i++) { /* constant is result of 0.066399999/log10(M_E) */ int value = get_bits(gb, 8); @@ -191,15 +204,20 @@ static void decode_block(BinkAudioContext *s, short *out, int use_dct) while (i < s->frame_len) { if (s->version_b) { j = i + 16; - } else if (get_bits1(gb)) { - j = i + rle_length_tab[get_bits(gb, 4)] * 8; } else { - j = i + 8; + int v; + GET_BITS_SAFE(v, 1); + if (v) { + GET_BITS_SAFE(v, 4); + j = i + rle_length_tab[v] * 8; + } else { + j = i + 8; + } } j = FFMIN(j, s->frame_len); - width = get_bits(gb, 4); + GET_BITS_SAFE(width, 4); if (width == 0) { memset(coeffs + i, 0, (j - i) * sizeof(*coeffs)); i = j; @@ -209,9 +227,11 @@ static void decode_block(BinkAudioContext *s, short *out, int use_dct) while (i < j) { if (s->bands[k] == i) q = quant[k++]; - coeff = get_bits(gb, width); + GET_BITS_SAFE(coeff, width); if (coeff) { - if (get_bits1(gb)) + int v; + GET_BITS_SAFE(v, 1); + if (v) coeffs[i] = -q * coeff; else coeffs[i] = q * coeff; @@ -247,6 +267,8 @@ static void decode_block(BinkAudioContext *s, short *out, int use_dct) s->overlap_len * s->channels * sizeof(*out)); s->first = 0; + + return 0; } static av_cold int decode_end(AVCodecContext *avctx) @@ -278,12 +300,17 @@ static int decode_frame(AVCodecContext *avctx, int reported_size; GetBitContext *gb = &s->gb; + if (buf_size < 4) { + av_log(avctx, AV_LOG_ERROR, "Packet is too small\n"); + return AVERROR_INVALIDDATA; + } + init_get_bits(gb, buf, buf_size * 8); reported_size = get_bits_long(gb, 32); - while (get_bits_count(gb) / 8 < buf_size && - samples + s->block_size <= samples_end) { - decode_block(s, samples, avctx->codec->id == CODEC_ID_BINKAUDIO_DCT); + while (samples + s->block_size <= samples_end) { + if (decode_block(s, samples, avctx->codec->id == CODEC_ID_BINKAUDIO_DCT)) + break; samples += s->block_size; get_bits_align32(gb); } From 711e6c947b728b23e84f15152fa59ef8ae20de63 Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Thu, 27 Oct 2011 13:33:57 -0400 Subject: [PATCH 604/652] cin audio: validate the channel count Signed-off-by: Michael Niedermayer --- libavcodec/dsicinav.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/dsicinav.c b/libavcodec/dsicinav.c index faca821c7d..d4dbb35472 100644 --- a/libavcodec/dsicinav.c +++ b/libavcodec/dsicinav.c @@ -310,6 +310,11 @@ static av_cold int cinaudio_decode_init(AVCodecContext *avctx) CinAudioContext *cin = avctx->priv_data; cin->avctx = avctx; + if (avctx->channels != 1) { + av_log_ask_for_sample(avctx, "Number of channels is not supported\n"); + return AVERROR_PATCHWELCOME; + } + cin->initial_decode_frame = 1; cin->delta = 0; avctx->sample_fmt = AV_SAMPLE_FMT_S16; From 0e3dec6b08b16307c2bc276d1b4f8b96ab52414e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 31 Oct 2011 22:42:45 +0100 Subject: [PATCH 605/652] asfdec: Check packet_replic_size earlier Signed-off-by: Michael Niedermayer (cherry picked from commit 60fcc19bff49e0b1972eae014afc087afd94a415) Signed-off-by: Michael Niedermayer --- libavformat/asfdec.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c index 033bdede13..be8885d904 100644 --- a/libavformat/asfdec.c +++ b/libavformat/asfdec.c @@ -808,6 +808,10 @@ static int asf_read_frame_header(AVFormatContext *s, AVIOContext *pb){ DO_2BITS(asf->packet_property >> 2, asf->packet_frag_offset, 0); DO_2BITS(asf->packet_property, asf->packet_replic_size, 0); //printf("key:%d stream:%d seq:%d offset:%d replic_size:%d\n", asf->packet_key_frame, asf->stream_index, asf->packet_seq, //asf->packet_frag_offset, asf->packet_replic_size); + if (rsize+asf->packet_replic_size > asf->packet_size_left) { + av_log(s, AV_LOG_ERROR, "packet_replic_size %d is invalid\n", asf->packet_replic_size); + return -1; + } if (asf->packet_replic_size >= 8) { asf->packet_obj_size = avio_rl32(pb); if(asf->packet_obj_size >= (1<<24) || asf->packet_obj_size <= 0){ @@ -842,10 +846,6 @@ static int asf_read_frame_header(AVFormatContext *s, AVIOContext *pb){ av_log(s, AV_LOG_ERROR, "unexpected packet_replic_size of %d\n", asf->packet_replic_size); return -1; } - if (rsize > asf->packet_size_left) { - av_log(s, AV_LOG_ERROR, "packet_replic_size is invalid\n"); - return -1; - } if (asf->packet_flags & 0x01) { DO_2BITS(asf->packet_segsizetype >> 6, asf->packet_frag_size, 0); // 0 is illegal if (rsize > asf->packet_size_left) { From d8acee792f9d3b2c271d480e4d72ff7e558e0c66 Mon Sep 17 00:00:00 2001 From: Tobias Rapp Date: Mon, 31 Oct 2011 15:11:37 +0100 Subject: [PATCH 606/652] mp3enc: avoid truncating id3v1 tags by one byte Avoid writing the trailing null-byte for id3v1 tags if length reaches max length. Signed-off-by: Michael Niedermayer (cherry picked from commit 0f39fa0279e12c7a174d1da9294bffd95cb15c4c) Signed-off-by: Michael Niedermayer --- libavformat/mp3enc.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/libavformat/mp3enc.c b/libavformat/mp3enc.c index 50342bb950..76d1813172 100644 --- a/libavformat/mp3enc.c +++ b/libavformat/mp3enc.c @@ -51,11 +51,12 @@ static int id3v1_create_tag(AVFormatContext *s, uint8_t *buf) buf[0] = 'T'; buf[1] = 'A'; buf[2] = 'G'; - count += id3v1_set_string(s, "TIT2", buf + 3, 30); //title - count += id3v1_set_string(s, "TPE1", buf + 33, 30); //author|artist - count += id3v1_set_string(s, "TALB", buf + 63, 30); //album - count += id3v1_set_string(s, "TDRL", buf + 93, 4); //date - count += id3v1_set_string(s, "comment", buf + 97, 30); + /* we knowingly overspecify each tag length by one byte to compensate for the mandatory null byte added by av_strlcpy */ + count += id3v1_set_string(s, "TIT2", buf + 3, 30 + 1); //title + count += id3v1_set_string(s, "TPE1", buf + 33, 30 + 1); //author|artist + count += id3v1_set_string(s, "TALB", buf + 63, 30 + 1); //album + count += id3v1_set_string(s, "TDRL", buf + 93, 4 + 1); //date + count += id3v1_set_string(s, "comment", buf + 97, 30 + 1); if ((tag = av_dict_get(s->metadata, "TRCK", NULL, 0))) { //track buf[125] = 0; buf[126] = atoi(tag->value); From 864581fea3afb40f1d40cee000da30be54ec049d Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 1 Nov 2011 14:46:18 +0100 Subject: [PATCH 607/652] configure: fix arch x86_32 Signed-off-by: Michael Niedermayer (cherry picked from commit 078811d9e484892e3ad49819148fe6ae65a1954b) Signed-off-by: Michael Niedermayer --- configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure b/configure index be2f721f7a..822c500eab 100755 --- a/configure +++ b/configure @@ -2203,7 +2203,7 @@ case "$arch" in arch="sparc" subarch="sparc64" ;; - i[3-6]86|i86pc|BePC|x86pc|x86_64|amd64) + i[3-6]86|i86pc|BePC|x86pc|x86_64|x86_32|amd64) arch="x86" ;; esac From 112431705d82eea875635641185a8aee27bcd86e Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Fri, 28 Oct 2011 00:52:36 -0400 Subject: [PATCH 608/652] libgsmdec: check output buffer size before decoding (cherry picked from commit b03761b1309293bbf30edef767503875277b01cf) Signed-off-by: Michael Niedermayer --- libavcodec/libgsm.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/libavcodec/libgsm.c b/libavcodec/libgsm.c index 1f76f82d55..073cf4498d 100644 --- a/libavcodec/libgsm.c +++ b/libavcodec/libgsm.c @@ -141,18 +141,25 @@ static int libgsm_decode_frame(AVCodecContext *avctx, AVPacket *avpkt) { const uint8_t *buf = avpkt->data; int buf_size = avpkt->size; + int out_size = avctx->frame_size * av_get_bytes_per_sample(avctx->sample_fmt); + + if (*data_size < out_size) { + av_log(avctx, AV_LOG_ERROR, "Output buffer is too small\n"); + return AVERROR(EINVAL); + } + *data_size = 0; /* In case of error */ if(buf_size < avctx->block_align) return -1; switch(avctx->codec_id) { case CODEC_ID_GSM: if(gsm_decode(avctx->priv_data,buf,data)) return -1; - *data_size = GSM_FRAME_SIZE*sizeof(int16_t); break; case CODEC_ID_GSM_MS: if(gsm_decode(avctx->priv_data,buf,data) || gsm_decode(avctx->priv_data,buf+33,((int16_t*)data)+GSM_FRAME_SIZE)) return -1; - *data_size = GSM_FRAME_SIZE*sizeof(int16_t)*2; } + + *data_size = out_size; return avctx->block_align; } From 5a3f494466afb9eb9c20e69fa92dfdbae386573a Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Fri, 28 Oct 2011 18:25:49 -0400 Subject: [PATCH 609/652] imc: check for ff_fft_init() failure (cherry picked from commit 95fee70d6773fde1c34ff6422f48e5e66f37f263) Signed-off-by: Michael Niedermayer --- libavcodec/imc.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/libavcodec/imc.c b/libavcodec/imc.c index f08efe46ec..ea0318c371 100644 --- a/libavcodec/imc.c +++ b/libavcodec/imc.c @@ -104,7 +104,7 @@ static VLC_TYPE vlc_tables[VLC_TABLES_SIZE][2]; static av_cold int imc_decode_init(AVCodecContext * avctx) { - int i, j; + int i, j, ret; IMCContext *q = avctx->priv_data; double r1, r2; @@ -156,7 +156,10 @@ static av_cold int imc_decode_init(AVCodecContext * avctx) } q->one_div_log2 = 1/log(2); - ff_fft_init(&q->fft, 7, 1); + if ((ret = ff_fft_init(&q->fft, 7, 1))) { + av_log(avctx, AV_LOG_INFO, "FFT init failed\n"); + return ret; + } dsputil_init(&q->dsp, avctx); avctx->sample_fmt = AV_SAMPLE_FMT_FLT; avctx->channel_layout = (avctx->channels==2) ? AV_CH_LAYOUT_STEREO : AV_CH_LAYOUT_MONO; From cba03dc66730cab43a4257bc027d35f09c393f62 Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Fri, 28 Oct 2011 18:31:21 -0400 Subject: [PATCH 610/652] imc: validate channel count ask for a sample if not mono (cherry picked from commit 7b7f47e73356d113cace74b922eee0b6ff5ffe0b) Signed-off-by: Michael Niedermayer --- libavcodec/imc.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/imc.c b/libavcodec/imc.c index ea0318c371..bc1a6a9f3c 100644 --- a/libavcodec/imc.c +++ b/libavcodec/imc.c @@ -108,6 +108,11 @@ static av_cold int imc_decode_init(AVCodecContext * avctx) IMCContext *q = avctx->priv_data; double r1, r2; + if (avctx->channels != 1) { + av_log_ask_for_sample(avctx, "Number of channels is not supported\n"); + return AVERROR_PATCHWELCOME; + } + q->decoder_reset = 1; for(i = 0; i < BANDS; i++) From c4a34f402528502a857e134a670421048c388c93 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 26 Oct 2011 15:47:14 +0200 Subject: [PATCH 611/652] snow: emu edge support Fixes Ticket592 Signed-off-by: Michael Niedermayer (cherry picked from commit 4416931fc069332e267ab6df037a1227c051d7b1) Signed-off-by: Michael Niedermayer --- libavcodec/snow.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/libavcodec/snow.c b/libavcodec/snow.c index 43a71904eb..86ab710f80 100644 --- a/libavcodec/snow.c +++ b/libavcodec/snow.c @@ -1917,8 +1917,6 @@ static void dwt_quantize(SnowContext *s, Plane *p, DWTELEM *buffer, int width, i static void halfpel_interpol(SnowContext *s, uint8_t *halfpel[4][4], AVFrame *frame){ int p,x,y; - assert(!(s->avctx->flags & CODEC_FLAG_EMU_EDGE)); - for(p=0; p<3; p++){ int is_chroma= !!p; int w= s->avctx->width >>is_chroma; @@ -1975,7 +1973,7 @@ static int frame_start(SnowContext *s){ int w= s->avctx->width; //FIXME round up to x16 ? int h= s->avctx->height; - if(s->current_picture.data[0]){ + if(s->current_picture.data[0] && !(s->avctx->flags&CODEC_FLAG_EMU_EDGE)){ s->dsp.draw_edges(s->current_picture.data[0], s->current_picture.linesize[0], w , h , EDGE_WIDTH , EDGE_WIDTH , EDGE_TOP | EDGE_BOTTOM); From 1e1015fd223ff33a88585db13047ce766369c21b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 4 Nov 2011 13:37:27 +0100 Subject: [PATCH 612/652] Version numbers for 0.8.6 Signed-off-by: Michael Niedermayer --- Doxyfile | 2 +- RELEASE | 2 +- VERSION | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Doxyfile b/Doxyfile index 7b5b0df3c2..b52216e198 100644 --- a/Doxyfile +++ b/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 0.8.5 +PROJECT_NUMBER = 0.8.6 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. diff --git a/RELEASE b/RELEASE index 7ada0d303f..7fc2521fd7 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -0.8.5 +0.8.6 diff --git a/VERSION b/VERSION index 7ada0d303f..7fc2521fd7 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.8.5 +0.8.6 From 8045254bacca54bc5bb242f43b72564037b8a50d Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 4 Nov 2011 22:05:34 +0100 Subject: [PATCH 613/652] update versions for 0.7 branch Signed-off-by: Michael Niedermayer --- Doxyfile | 2 +- RELEASE | 2 +- VERSION | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Doxyfile b/Doxyfile index 24ceb58ecd..61156c4f62 100644 --- a/Doxyfile +++ b/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 0.7.6 +PROJECT_NUMBER = 0.7.7 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. diff --git a/RELEASE b/RELEASE index c006218557..879be8a98f 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -0.7.6 +0.7.7 diff --git a/VERSION b/VERSION index c006218557..879be8a98f 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.7.6 +0.7.7 From 54e4bf32968546cee1b3842ada696763ee0d4a48 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Wed, 19 Oct 2011 18:41:02 +0200 Subject: [PATCH 614/652] Do not call parse_keyframes_index with NULL stream. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Seems to fix trac issue #569. Sample is unfortunately not available, but it might be caused by an index existing for non-existing audio stream (?). Signed-off-by: Reimar Döffinger (cherry picked from commit 6ea6ff053af2aff8a9a898292f9640efa9290c9f) --- libavformat/flvdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c index a2a3c5c493..c48224b445 100644 --- a/libavformat/flvdec.c +++ b/libavformat/flvdec.c @@ -210,7 +210,7 @@ static int amf_parse_object(AVFormatContext *s, AVStream *astream, AVStream *vst case AMF_DATA_TYPE_OBJECT: { unsigned int keylen; - if (ioc->seekable && key && !strcmp(KEYFRAMES_TAG, key) && depth == 1) + if (vstream && ioc->seekable && key && !strcmp(KEYFRAMES_TAG, key) && depth == 1) if (parse_keyframes_index(s, ioc, vstream, max_pos) < 0) av_log(s, AV_LOG_ERROR, "Keyframe index parsing failed\n"); From d484a07f1cb2fd416dd4e733ee793a1603c507bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Wed, 19 Oct 2011 18:41:02 +0200 Subject: [PATCH 615/652] Do not call parse_keyframes_index with NULL stream. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Seems to fix trac issue #569. Sample is unfortunately not available, but it might be caused by an index existing for non-existing audio stream (?). Signed-off-by: Reimar Döffinger (cherry picked from commit 6ea6ff053af2aff8a9a898292f9640efa9290c9f) --- libavformat/flvdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c index a2a3c5c493..c48224b445 100644 --- a/libavformat/flvdec.c +++ b/libavformat/flvdec.c @@ -210,7 +210,7 @@ static int amf_parse_object(AVFormatContext *s, AVStream *astream, AVStream *vst case AMF_DATA_TYPE_OBJECT: { unsigned int keylen; - if (ioc->seekable && key && !strcmp(KEYFRAMES_TAG, key) && depth == 1) + if (vstream && ioc->seekable && key && !strcmp(KEYFRAMES_TAG, key) && depth == 1) if (parse_keyframes_index(s, ioc, vstream, max_pos) < 0) av_log(s, AV_LOG_ERROR, "Keyframe index parsing failed\n"); From 661e0811760844fd03d2f5cfe74c5736bb4b8ecc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Wed, 19 Oct 2011 18:41:02 +0200 Subject: [PATCH 616/652] Do not call parse_keyframes_index with NULL stream. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Seems to fix trac issue #569. Sample is unfortunately not available, but it might be caused by an index existing for non-existing audio stream (?). Signed-off-by: Reimar Döffinger (cherry picked from commit 6ea6ff053af2aff8a9a898292f9640efa9290c9f) --- libavformat/flvdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c index 54f42cd8f1..e52d4b10f6 100644 --- a/libavformat/flvdec.c +++ b/libavformat/flvdec.c @@ -212,7 +212,7 @@ static int amf_parse_object(AVFormatContext *s, AVStream *astream, AVStream *vst case AMF_DATA_TYPE_OBJECT: { unsigned int keylen; - if (ioc->seekable && key && !strcmp(KEYFRAMES_TAG, key) && depth == 1) + if (vstream && ioc->seekable && key && !strcmp(KEYFRAMES_TAG, key) && depth == 1) if (parse_keyframes_index(s, ioc, vstream, max_pos) < 0) av_log(s, AV_LOG_ERROR, "Keyframe index parsing failed\n"); From fd30240e98eb7e4ebdae26c17f9e7e49c99de709 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20Sluge=C5=88?= Date: Mon, 7 Nov 2011 12:13:55 +0100 Subject: [PATCH 617/652] libavformat: add support for G726 audio decoder in RTP and RTSP streams Fixes Ticket611 Signed-off-by: Michael Niedermayer (cherry picked from commit df9c1cfb48c2d8ddb3c11b4d1e8c4c33c6b0d8a2) --- libavformat/Makefile | 1 + libavformat/rtpdec.c | 5 ++ libavformat/rtpdec_formats.h | 4 ++ libavformat/rtpdec_g726.c | 94 ++++++++++++++++++++++++++++++++++++ 4 files changed, 104 insertions(+) create mode 100644 libavformat/rtpdec_g726.c diff --git a/libavformat/Makefile b/libavformat/Makefile index e5ec44bfb6..b84bb581e5 100644 --- a/libavformat/Makefile +++ b/libavformat/Makefile @@ -247,6 +247,7 @@ OBJS-$(CONFIG_RTPDEC) += rdt.o \ rtpdec.o \ rtpdec_amr.o \ rtpdec_asf.o \ + rtpdec_g726.o \ rtpdec_h263.o \ rtpdec_h264.o \ rtpdec_latm.o \ diff --git a/libavformat/rtpdec.c b/libavformat/rtpdec.c index 130a78d0d1..db96a46849 100644 --- a/libavformat/rtpdec.c +++ b/libavformat/rtpdec.c @@ -82,6 +82,11 @@ void av_register_rtp_dynamic_payload_handlers(void) ff_register_dynamic_payload_handler(&ff_qt_rtp_vid_handler); ff_register_dynamic_payload_handler(&ff_quicktime_rtp_aud_handler); ff_register_dynamic_payload_handler(&ff_quicktime_rtp_vid_handler); + + ff_register_dynamic_payload_handler(&ff_g726_16_dynamic_handler); + ff_register_dynamic_payload_handler(&ff_g726_24_dynamic_handler); + ff_register_dynamic_payload_handler(&ff_g726_32_dynamic_handler); + ff_register_dynamic_payload_handler(&ff_g726_40_dynamic_handler); } RTPDynamicProtocolHandler *ff_rtp_handler_find_by_name(const char *name, diff --git a/libavformat/rtpdec_formats.h b/libavformat/rtpdec_formats.h index 16f5a9d3e4..afd047be21 100644 --- a/libavformat/rtpdec_formats.h +++ b/libavformat/rtpdec_formats.h @@ -33,6 +33,10 @@ int ff_wms_parse_sdp_a_line(AVFormatContext *s, const char *p); extern RTPDynamicProtocolHandler ff_amr_nb_dynamic_handler; extern RTPDynamicProtocolHandler ff_amr_wb_dynamic_handler; +extern RTPDynamicProtocolHandler ff_g726_16_dynamic_handler; +extern RTPDynamicProtocolHandler ff_g726_24_dynamic_handler; +extern RTPDynamicProtocolHandler ff_g726_32_dynamic_handler; +extern RTPDynamicProtocolHandler ff_g726_40_dynamic_handler; extern RTPDynamicProtocolHandler ff_h263_1998_dynamic_handler; extern RTPDynamicProtocolHandler ff_h263_2000_dynamic_handler; extern RTPDynamicProtocolHandler ff_h264_dynamic_handler; diff --git a/libavformat/rtpdec_g726.c b/libavformat/rtpdec_g726.c new file mode 100644 index 0000000000..cde832b21a --- /dev/null +++ b/libavformat/rtpdec_g726.c @@ -0,0 +1,94 @@ +/* + * Copyright (c) 2011 Miroslav Slugeň + * + * This file is part of FFmpeg. + * + * FFmpeg is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * FFmpeg is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with FFmpeg; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#include "avformat.h" +#include "rtpdec_formats.h" + +static int g726_16_parse_sdp_line(AVFormatContext *s, int st_index, + PayloadContext *data, const char *line) +{ + AVStream *stream = s->streams[st_index]; + AVCodecContext *codec = stream->codec; + + codec->bit_rate = 16000; + + return 0; +} + +static int g726_24_parse_sdp_line(AVFormatContext *s, int st_index, + PayloadContext *data, const char *line) +{ + AVStream *stream = s->streams[st_index]; + AVCodecContext *codec = stream->codec; + + codec->bit_rate = 24000; + + return 0; +} + +static int g726_32_parse_sdp_line(AVFormatContext *s, int st_index, + PayloadContext *data, const char *line) +{ + AVStream *stream = s->streams[st_index]; + AVCodecContext *codec = stream->codec; + + codec->bit_rate = 32000; + + return 0; +} + +static int g726_40_parse_sdp_line(AVFormatContext *s, int st_index, + PayloadContext *data, const char *line) +{ + AVStream *stream = s->streams[st_index]; + AVCodecContext *codec = stream->codec; + + codec->bit_rate = 40000; + + return 0; +} + +RTPDynamicProtocolHandler ff_g726_16_dynamic_handler = { + .enc_name = "G726-16", + .codec_type = AVMEDIA_TYPE_AUDIO, + .codec_id = CODEC_ID_ADPCM_G726, + .parse_sdp_a_line = g726_16_parse_sdp_line, +}; + +RTPDynamicProtocolHandler ff_g726_24_dynamic_handler = { + .enc_name = "G726-24", + .codec_type = AVMEDIA_TYPE_AUDIO, + .codec_id = CODEC_ID_ADPCM_G726, + .parse_sdp_a_line = g726_24_parse_sdp_line, +}; + +RTPDynamicProtocolHandler ff_g726_32_dynamic_handler = { + .enc_name = "G726-32", + .codec_type = AVMEDIA_TYPE_AUDIO, + .codec_id = CODEC_ID_ADPCM_G726, + .parse_sdp_a_line = g726_32_parse_sdp_line, +}; + +RTPDynamicProtocolHandler ff_g726_40_dynamic_handler = { + .enc_name = "G726-40", + .codec_type = AVMEDIA_TYPE_AUDIO, + .codec_id = CODEC_ID_ADPCM_G726, + .parse_sdp_a_line = g726_40_parse_sdp_line, +}; From 0411b1928965050a940155984a16ad82fe462fc1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Sat, 5 Nov 2011 21:45:31 +0100 Subject: [PATCH 618/652] av_lzo1x_decode: properly handle negative buffer length. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Treating them like 0 is safest, current code would invoke undefined pointer arithmetic behaviour in this case. Signed-off-by: Reimar Döffinger (cherry picked from commit b9242fd12f4be4a79e31fd0aa125ab8a48226896) --- libavutil/lzo.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavutil/lzo.c b/libavutil/lzo.c index 40a41a424d..8407d7d376 100644 --- a/libavutil/lzo.c +++ b/libavutil/lzo.c @@ -175,11 +175,11 @@ int av_lzo1x_decode(void *out, int *outlen, const void *in, int *inlen) { int state= 0; int x; LZOContext c; - if (!*outlen || !*inlen) { + if (*outlen <= 0 || *inlen <= 0) { int res = 0; - if (!*outlen) + if (*outlen <= 0) res |= AV_LZO_OUTPUT_FULL; - if (!*inlen) + if (*inlen <= 0) res |= AV_LZO_INPUT_DEPLETED; return res; } From d58c5586eca69dcfbce299dfb2e622dfc3319faa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Sat, 5 Nov 2011 22:34:09 +0100 Subject: [PATCH 619/652] nuv: Fix combination of size changes and LZO compression. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There were multiple issues, for example might we have to re-run the decompression when the size of the buffer increased, we should always use a decompression buffer large enough for the header (so we do not get stuck when the size is too small). Signed-off-by: Reimar Döffinger --- libavcodec/nuv.c | 38 ++++++++++++++++++++++++++------------ 1 file changed, 26 insertions(+), 12 deletions(-) diff --git a/libavcodec/nuv.c b/libavcodec/nuv.c index 6eb6de3101..3381e275b1 100644 --- a/libavcodec/nuv.c +++ b/libavcodec/nuv.c @@ -20,6 +20,7 @@ */ #include #include +#include #include "libavutil/bswap.h" #include "libavutil/lzo.h" @@ -112,19 +113,23 @@ static int codec_reinit(AVCodecContext *avctx, int width, int height, int qualit if (quality >= 0) get_quant_quality(c, quality); if (width != c->width || height != c->height) { - if (av_image_check_size(height, width, 0, avctx) < 0) - return 0; + // also reserve space for a possible additional header + int buf_size = 24 + height * width * 3 / 2 + AV_LZO_OUTPUT_PADDING; + if (av_image_check_size(height, width, 0, avctx) < 0 || + buf_size > INT_MAX/8) + return -1; avctx->width = c->width = width; avctx->height = c->height = height; - av_fast_malloc(&c->decomp_buf, &c->decomp_size, c->height * c->width * 3 / 2); + av_fast_malloc(&c->decomp_buf, &c->decomp_size, buf_size); if (!c->decomp_buf) { av_log(avctx, AV_LOG_ERROR, "Can't allocate decompression buffer.\n"); - return 0; + return AVERROR(ENOMEM); } rtjpeg_decode_init(&c->rtj, &c->dsp, c->width, c->height, c->lq, c->cq); + return 1; } else if (quality != c->quality) rtjpeg_decode_init(&c->rtj, &c->dsp, c->width, c->height, c->lq, c->cq); - return 1; + return 0; } static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, @@ -135,6 +140,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVFrame *picture = data; int orig_size = buf_size; int keyframe; + int size_change = 0; int result; enum {NUV_UNCOMPRESSED = '0', NUV_RTJPEG = '1', NUV_RTJPEG_IN_LZO = '2', NUV_LZO = '3', @@ -172,18 +178,19 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, default: keyframe = 1; break; } +retry: // skip rest of the frameheader. buf = &buf[12]; buf_size -= 12; if (comptype == NUV_RTJPEG_IN_LZO || comptype == NUV_LZO) { - int outlen = c->decomp_size, inlen = buf_size; + int outlen = c->decomp_size - AV_LZO_OUTPUT_PADDING, inlen = buf_size; if (av_lzo1x_decode(c->decomp_buf, &outlen, buf, &inlen)) av_log(avctx, AV_LOG_ERROR, "error during lzo decompression\n"); buf = c->decomp_buf; - buf_size = c->decomp_size; + buf_size = c->decomp_size - AV_LZO_OUTPUT_PADDING; } if (c->codec_frameheader) { - int w, h, q; + int w, h, q, res; if (buf_size < 12) { av_log(avctx, AV_LOG_ERROR, "invalid nuv video frame\n"); return -1; @@ -191,13 +198,20 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, w = AV_RL16(&buf[6]); h = AV_RL16(&buf[8]); q = buf[10]; - if (!codec_reinit(avctx, w, h, q)) - return -1; + res = codec_reinit(avctx, w, h, q); + if (res < 0) + return res; + if (res) { + buf = avpkt->data; + buf_size = avpkt->size; + size_change = 1; + goto retry; + } buf = &buf[12]; buf_size -= 12; } - if (keyframe && c->pic.data[0]) + if ((size_change || keyframe) && c->pic.data[0]) avctx->release_buffer(avctx, &c->pic); c->pic.reference = 3; c->pic.buffer_hints = FF_BUFFER_HINTS_VALID | FF_BUFFER_HINTS_READABLE | @@ -259,7 +273,7 @@ static av_cold int decode_init(AVCodecContext *avctx) { if (avctx->extradata_size) get_quant(avctx, c, avctx->extradata, avctx->extradata_size); dsputil_init(&c->dsp, avctx); - if (!codec_reinit(avctx, avctx->width, avctx->height, -1)) + if (codec_reinit(avctx, avctx->width, avctx->height, -1) < 0) return 1; return 0; } From 80a173a33b8abe961397834843881d90a1ddb2a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Sat, 5 Nov 2011 21:45:31 +0100 Subject: [PATCH 620/652] av_lzo1x_decode: properly handle negative buffer length. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Treating them like 0 is safest, current code would invoke undefined pointer arithmetic behaviour in this case. Signed-off-by: Reimar Döffinger (cherry picked from commit b9242fd12f4be4a79e31fd0aa125ab8a48226896) (cherry picked from commit 0411b1928965050a940155984a16ad82fe462fc1) --- libavutil/lzo.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavutil/lzo.c b/libavutil/lzo.c index 40a41a424d..8407d7d376 100644 --- a/libavutil/lzo.c +++ b/libavutil/lzo.c @@ -175,11 +175,11 @@ int av_lzo1x_decode(void *out, int *outlen, const void *in, int *inlen) { int state= 0; int x; LZOContext c; - if (!*outlen || !*inlen) { + if (*outlen <= 0 || *inlen <= 0) { int res = 0; - if (!*outlen) + if (*outlen <= 0) res |= AV_LZO_OUTPUT_FULL; - if (!*inlen) + if (*inlen <= 0) res |= AV_LZO_INPUT_DEPLETED; return res; } From 3970d4e72809d9c9bf4c463ba1a6ab2650e3252b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Sat, 5 Nov 2011 22:34:09 +0100 Subject: [PATCH 621/652] nuv: Fix combination of size changes and LZO compression. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There were multiple issues, for example might we have to re-run the decompression when the size of the buffer increased, we should always use a decompression buffer large enough for the header (so we do not get stuck when the size is too small). Signed-off-by: Reimar Döffinger --- libavcodec/nuv.c | 38 ++++++++++++++++++++++++++------------ 1 file changed, 26 insertions(+), 12 deletions(-) diff --git a/libavcodec/nuv.c b/libavcodec/nuv.c index 6eb6de3101..3381e275b1 100644 --- a/libavcodec/nuv.c +++ b/libavcodec/nuv.c @@ -20,6 +20,7 @@ */ #include #include +#include #include "libavutil/bswap.h" #include "libavutil/lzo.h" @@ -112,19 +113,23 @@ static int codec_reinit(AVCodecContext *avctx, int width, int height, int qualit if (quality >= 0) get_quant_quality(c, quality); if (width != c->width || height != c->height) { - if (av_image_check_size(height, width, 0, avctx) < 0) - return 0; + // also reserve space for a possible additional header + int buf_size = 24 + height * width * 3 / 2 + AV_LZO_OUTPUT_PADDING; + if (av_image_check_size(height, width, 0, avctx) < 0 || + buf_size > INT_MAX/8) + return -1; avctx->width = c->width = width; avctx->height = c->height = height; - av_fast_malloc(&c->decomp_buf, &c->decomp_size, c->height * c->width * 3 / 2); + av_fast_malloc(&c->decomp_buf, &c->decomp_size, buf_size); if (!c->decomp_buf) { av_log(avctx, AV_LOG_ERROR, "Can't allocate decompression buffer.\n"); - return 0; + return AVERROR(ENOMEM); } rtjpeg_decode_init(&c->rtj, &c->dsp, c->width, c->height, c->lq, c->cq); + return 1; } else if (quality != c->quality) rtjpeg_decode_init(&c->rtj, &c->dsp, c->width, c->height, c->lq, c->cq); - return 1; + return 0; } static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, @@ -135,6 +140,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVFrame *picture = data; int orig_size = buf_size; int keyframe; + int size_change = 0; int result; enum {NUV_UNCOMPRESSED = '0', NUV_RTJPEG = '1', NUV_RTJPEG_IN_LZO = '2', NUV_LZO = '3', @@ -172,18 +178,19 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, default: keyframe = 1; break; } +retry: // skip rest of the frameheader. buf = &buf[12]; buf_size -= 12; if (comptype == NUV_RTJPEG_IN_LZO || comptype == NUV_LZO) { - int outlen = c->decomp_size, inlen = buf_size; + int outlen = c->decomp_size - AV_LZO_OUTPUT_PADDING, inlen = buf_size; if (av_lzo1x_decode(c->decomp_buf, &outlen, buf, &inlen)) av_log(avctx, AV_LOG_ERROR, "error during lzo decompression\n"); buf = c->decomp_buf; - buf_size = c->decomp_size; + buf_size = c->decomp_size - AV_LZO_OUTPUT_PADDING; } if (c->codec_frameheader) { - int w, h, q; + int w, h, q, res; if (buf_size < 12) { av_log(avctx, AV_LOG_ERROR, "invalid nuv video frame\n"); return -1; @@ -191,13 +198,20 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, w = AV_RL16(&buf[6]); h = AV_RL16(&buf[8]); q = buf[10]; - if (!codec_reinit(avctx, w, h, q)) - return -1; + res = codec_reinit(avctx, w, h, q); + if (res < 0) + return res; + if (res) { + buf = avpkt->data; + buf_size = avpkt->size; + size_change = 1; + goto retry; + } buf = &buf[12]; buf_size -= 12; } - if (keyframe && c->pic.data[0]) + if ((size_change || keyframe) && c->pic.data[0]) avctx->release_buffer(avctx, &c->pic); c->pic.reference = 3; c->pic.buffer_hints = FF_BUFFER_HINTS_VALID | FF_BUFFER_HINTS_READABLE | @@ -259,7 +273,7 @@ static av_cold int decode_init(AVCodecContext *avctx) { if (avctx->extradata_size) get_quant(avctx, c, avctx->extradata, avctx->extradata_size); dsputil_init(&c->dsp, avctx); - if (!codec_reinit(avctx, avctx->width, avctx->height, -1)) + if (codec_reinit(avctx, avctx->width, avctx->height, -1) < 0) return 1; return 0; } From fe06305b0dc50835c39722629a685aee0e184af6 Mon Sep 17 00:00:00 2001 From: Stefano Sabatini Date: Fri, 29 Jul 2011 20:19:04 +0200 Subject: [PATCH 622/652] vf_transpose: avoid multiple calls to avfilter_draw_slice() avfilter_draw_slice() is already called in the end_frame() callback, this avoids multiple calls. This is done by adding a null draw_slice() callback. In particular fix crash occurring with -vf transpose=3,hflip, fix trac issue #371. (cherry picked from commit d9c23a0d5a56488b146eef17a19a9b47643be333) --- libavfilter/vf_transpose.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavfilter/vf_transpose.c b/libavfilter/vf_transpose.c index 8b11ae8d53..f4f72b9c64 100644 --- a/libavfilter/vf_transpose.c +++ b/libavfilter/vf_transpose.c @@ -195,6 +195,8 @@ static void end_frame(AVFilterLink *inlink) avfilter_unref_buffer(outpic); } +static void null_draw_slice(AVFilterLink *link, int y, int h, int slice_dir) { } + AVFilter avfilter_vf_transpose = { .name = "transpose", .description = NULL_IF_CONFIG_SMALL("Transpose input video."), @@ -207,6 +209,7 @@ AVFilter avfilter_vf_transpose = { .inputs = (AVFilterPad[]) {{ .name = "default", .type = AVMEDIA_TYPE_VIDEO, .start_frame = start_frame, + .draw_slice = null_draw_slice, .end_frame = end_frame, .min_perms = AV_PERM_READ, }, { .name = NULL}}, From 87ae12009ea489c5c34e953b2b0194a8ba669fb2 Mon Sep 17 00:00:00 2001 From: Stefano Sabatini Date: Fri, 29 Jul 2011 20:19:04 +0200 Subject: [PATCH 623/652] vf_transpose: avoid multiple calls to avfilter_draw_slice() avfilter_draw_slice() is already called in the end_frame() callback, this avoids multiple calls. This is done by adding a null draw_slice() callback. In particular fix crash occurring with -vf transpose=3,hflip, fix trac issue #371. (cherry picked from commit d9c23a0d5a56488b146eef17a19a9b47643be333) --- libavfilter/vf_transpose.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavfilter/vf_transpose.c b/libavfilter/vf_transpose.c index 8b11ae8d53..f4f72b9c64 100644 --- a/libavfilter/vf_transpose.c +++ b/libavfilter/vf_transpose.c @@ -195,6 +195,8 @@ static void end_frame(AVFilterLink *inlink) avfilter_unref_buffer(outpic); } +static void null_draw_slice(AVFilterLink *link, int y, int h, int slice_dir) { } + AVFilter avfilter_vf_transpose = { .name = "transpose", .description = NULL_IF_CONFIG_SMALL("Transpose input video."), @@ -207,6 +209,7 @@ AVFilter avfilter_vf_transpose = { .inputs = (AVFilterPad[]) {{ .name = "default", .type = AVMEDIA_TYPE_VIDEO, .start_frame = start_frame, + .draw_slice = null_draw_slice, .end_frame = end_frame, .min_perms = AV_PERM_READ, }, { .name = NULL}}, From 8a63deab15ef41fd439be1b46d8dcb73669ccfc1 Mon Sep 17 00:00:00 2001 From: Thierry Foucu Date: Thu, 17 Nov 2011 09:39:52 -0800 Subject: [PATCH 624/652] vp6: Fix illegal read. Found with Address Sanitizer Signed-off-by: Alex Converse (cherry picked from commit e0966eb140b3569b3d6b5b5008961944ef229c06) Signed-off-by: Michael Niedermayer --- libavcodec/vp6.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/libavcodec/vp6.c b/libavcodec/vp6.c index c66d2e74ff..bcb437db57 100644 --- a/libavcodec/vp6.c +++ b/libavcodec/vp6.c @@ -440,7 +440,8 @@ static void vp6_parse_coeff(VP56Context *s) model1 = model->coeff_dccv[pt]; model2 = model->coeff_dcct[pt][ctx]; - for (coeff_idx=0; coeff_idx<64; ) { + coeff_idx = 0; + for (;;) { if ((coeff_idx>1 && ct==0) || vp56_rac_get_prob(c, model2[0])) { /* parse a coeff */ if (vp56_rac_get_prob(c, model2[2])) { @@ -481,8 +482,10 @@ static void vp6_parse_coeff(VP56Context *s) run += vp56_rac_get_prob(c, model3[i+8]) << i; } } - - cg = vp6_coeff_groups[coeff_idx+=run]; + coeff_idx += run; + if (coeff_idx >= 64) + break; + cg = vp6_coeff_groups[coeff_idx]; model1 = model2 = model->coeff_ract[pt][ct][cg]; } From f62fa1ce9f12e4a43b41401a7416c6fa8da579c9 Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Thu, 17 Nov 2011 10:06:14 -0800 Subject: [PATCH 625/652] vp5: Fix illegal read. Found with Address Sanitizer (cherry picked from commit bb4b0ad83b13c3af57675e80163f3f333adef96f) Signed-off-by: Michael Niedermayer --- libavcodec/vp5.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/libavcodec/vp5.c b/libavcodec/vp5.c index f1b0169ae1..47a82e0253 100644 --- a/libavcodec/vp5.c +++ b/libavcodec/vp5.c @@ -183,7 +183,8 @@ static void vp5_parse_coeff(VP56Context *s) model1 = model->coeff_dccv[pt]; model2 = model->coeff_dcct[pt][ctx]; - for (coeff_idx=0; coeff_idx<64; ) { + coeff_idx = 0; + for (;;) { if (vp56_rac_get_prob(c, model2[0])) { if (vp56_rac_get_prob(c, model2[2])) { if (vp56_rac_get_prob(c, model2[3])) { @@ -220,8 +221,11 @@ static void vp5_parse_coeff(VP56Context *s) ct = 0; s->coeff_ctx[vp56_b6to4[b]][coeff_idx] = 0; } + coeff_idx++; + if (coeff_idx >= 64) + break; - cg = vp5_coeff_groups[++coeff_idx]; + cg = vp5_coeff_groups[coeff_idx]; ctx = s->coeff_ctx[vp56_b6to4[b]][coeff_idx]; model1 = model->coeff_ract[pt][ct][cg]; model2 = cg > 2 ? model1 : model->coeff_acct[pt][ct][cg][ctx]; From 4e0fae982e5317b3fbaae5e506c75237dbe77214 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 1 Nov 2011 23:45:28 +0100 Subject: [PATCH 626/652] vf_transpose: remove pix_fmts which can currently not be supported. Signed-off-by: Michael Niedermayer (cherry picked from commit 3fd0f6ed252e51ffaec7765a2637794366a513ba) Signed-off-by: Michael Niedermayer --- libavfilter/vf_transpose.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/libavfilter/vf_transpose.c b/libavfilter/vf_transpose.c index f4f72b9c64..64e1ab5e3e 100644 --- a/libavfilter/vf_transpose.c +++ b/libavfilter/vf_transpose.c @@ -69,16 +69,13 @@ static int query_formats(AVFilterContext *ctx) PIX_FMT_BGR555BE, PIX_FMT_BGR555LE, PIX_FMT_GRAY16BE, PIX_FMT_GRAY16LE, PIX_FMT_YUV420P16LE, PIX_FMT_YUV420P16BE, - PIX_FMT_YUV422P16LE, PIX_FMT_YUV422P16BE, PIX_FMT_YUV444P16LE, PIX_FMT_YUV444P16BE, PIX_FMT_NV12, PIX_FMT_NV21, PIX_FMT_RGB8, PIX_FMT_BGR8, PIX_FMT_RGB4_BYTE, PIX_FMT_BGR4_BYTE, - PIX_FMT_YUV444P, PIX_FMT_YUV422P, + PIX_FMT_YUV444P, PIX_FMT_YUVJ444P, PIX_FMT_YUV420P, PIX_FMT_YUVJ420P, - PIX_FMT_YUV411P, PIX_FMT_YUV410P, - PIX_FMT_YUVJ444P, PIX_FMT_YUVJ422P, - PIX_FMT_YUV440P, PIX_FMT_YUVJ440P, + PIX_FMT_YUV410P, PIX_FMT_YUVA420P, PIX_FMT_GRAY8, PIX_FMT_NONE }; From e5578ad3cd96211f48d3d3ed4894f15f82045c1d Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 8 Nov 2011 01:20:35 +0100 Subject: [PATCH 627/652] v4l2: fix uninitialized variable Signed-off-by: Michael Niedermayer --- libavdevice/v4l2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavdevice/v4l2.c b/libavdevice/v4l2.c index 7223654891..163a4cdc03 100644 --- a/libavdevice/v4l2.c +++ b/libavdevice/v4l2.c @@ -439,7 +439,7 @@ static int v4l2_set_parameters(AVFormatContext *s1, AVFormatParameters *ap) struct v4l2_streamparm streamparm = {0}; struct v4l2_fract *tpf = &streamparm.parm.capture.timeperframe; int i, ret; - AVRational fps; + AVRational fps={0}; streamparm.type = V4L2_BUF_TYPE_VIDEO_CAPTURE; From abaf8c386e6bc5080f5349b66ba31b42110ad84f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 8 Nov 2011 03:14:13 +0100 Subject: [PATCH 628/652] ffplay: limit lowres to the maximum supported. Fixes Ticket591 Signed-off-by: Michael Niedermayer Signed-off-by: Marton Balint (cherry picked from commit d8407ee2b1e9f62763a2f47d55f80f7993718c99) Signed-off-by: Michael Niedermayer --- ffplay.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/ffplay.c b/ffplay.c index 6ac8f34fa0..cf7962aa89 100644 --- a/ffplay.c +++ b/ffplay.c @@ -2135,7 +2135,12 @@ static int stream_component_open(VideoState *is, int stream_index) avctx->workaround_bugs = workaround_bugs; avctx->lowres = lowres; - if(lowres) avctx->flags |= CODEC_FLAG_EMU_EDGE; + if(avctx->lowres > codec->max_lowres){ + av_log(avctx, AV_LOG_WARNING, "The maximum value for lowres supported by the decoder is %d\n", + codec->max_lowres); + avctx->lowres= codec->max_lowres; + } + if(avctx->lowres) avctx->flags |= CODEC_FLAG_EMU_EDGE; avctx->idct_algo= idct; if(fast) avctx->flags2 |= CODEC_FLAG2_FAST; avctx->skip_frame= skip_frame; From 807342e1cfe8a33dbe929d896d56725f88514324 Mon Sep 17 00:00:00 2001 From: "K.Y.H" Date: Fri, 11 Nov 2011 00:30:39 +0100 Subject: [PATCH 629/652] cook: fix apparent typo in extradata parsing Signed-off-by: Michael Niedermayer (cherry picked from commit 554caed2d397e137286f2cc71c6bac477b41fa96) Signed-off-by: Michael Niedermayer --- libavcodec/cook.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/cook.c b/libavcodec/cook.c index 192ec5bdf1..96b889380a 100644 --- a/libavcodec/cook.c +++ b/libavcodec/cook.c @@ -1079,7 +1079,7 @@ static av_cold int cook_decode_init(AVCodecContext *avctx) q->subpacket[s].subbands = bytestream_get_be16(&edata_ptr); extradata_size -= 8; } - if (avctx->extradata_size >= 8){ + if (extradata_size >= 8){ bytestream_get_be32(&edata_ptr); //Unknown unused q->subpacket[s].js_subband_start = bytestream_get_be16(&edata_ptr); q->subpacket[s].js_vlc_bits = bytestream_get_be16(&edata_ptr); From 00d35e82b2500f69db9d482db76e8c2f53521f2d Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Sat, 12 Nov 2011 19:30:27 +0100 Subject: [PATCH 630/652] Do not try to read 16bit gray png files with alpha channel. FFmpeg does not support gray16a. Fixes the crash in ticket #644. (cherry picked from commit 0c5fd6372e6c257912d7ae64cbfc4d8541f0452f) Signed-off-by: Michael Niedermayer --- libavcodec/pngdec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c index 05ba027802..f8ebb1b02d 100644 --- a/libavcodec/pngdec.c +++ b/libavcodec/pngdec.c @@ -471,7 +471,8 @@ static int decode_frame(AVCodecContext *avctx, avctx->pix_fmt = PIX_FMT_MONOBLACK; } else if (s->color_type == PNG_COLOR_TYPE_PALETTE) { avctx->pix_fmt = PIX_FMT_PAL8; - } else if (s->color_type == PNG_COLOR_TYPE_GRAY_ALPHA) { + } else if (s->bit_depth == 8 && + s->color_type == PNG_COLOR_TYPE_GRAY_ALPHA) { avctx->pix_fmt = PIX_FMT_GRAY8A; } else { goto fail; From fdd09e5d7b2b0fff9458e287c41aea2e89359b23 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 16 Nov 2011 03:31:25 +0100 Subject: [PATCH 631/652] wma: Check channel number before init. Fixes Ticket240 Based on patch by ami_stuff Signed-off-by: Michael Niedermayer (cherry picked from commit 20431a9982b9bd2c475042d919890a941ad70c71) Signed-off-by: Michael Niedermayer --- libavcodec/wmadec.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/wmadec.c b/libavcodec/wmadec.c index 9eaf230b01..11895a3996 100644 --- a/libavcodec/wmadec.c +++ b/libavcodec/wmadec.c @@ -109,6 +109,11 @@ static int wma_decode_init(AVCodecContext * avctx) } } + if(avctx->channels > MAX_CHANNELS){ + av_log(avctx, AV_LOG_ERROR, "Invalid number of channels (%d)\n", avctx->channels); + return -1; + } + if(ff_wma_init(avctx, flags2)<0) return -1; From 211a107208ee636da81d2a89592181e2d78a0c8c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 16 Nov 2011 17:21:42 +0100 Subject: [PATCH 632/652] cinepak: check strip_size Signed-off-by: Michael Niedermayer (cherry picked from commit cea0c82d9b9771dfa2ac729c13c0d9e03ea352a7) Signed-off-by: Michael Niedermayer --- libavcodec/cinepak.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/cinepak.c b/libavcodec/cinepak.c index 0b822d2b7a..6d1061b558 100644 --- a/libavcodec/cinepak.c +++ b/libavcodec/cinepak.c @@ -366,6 +366,8 @@ static int cinepak_decode (CinepakContext *s) s->strips[i].x2 = s->avctx->width; strip_size = AV_RB24 (&s->data[1]) - 12; + if(strip_size < 0) + return -1; s->data += 12; strip_size = ((s->data + strip_size) > eod) ? (eod - s->data) : strip_size; From 8120a1d9bd4bcc4434b4f588f50c9d81aa8ad0e0 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 18 Nov 2011 17:56:24 +0100 Subject: [PATCH 633/652] qdm2dec: check remaining input bits in the mainloop of qdm2_fft_decode_tones() This is neccessary but likely not sufficient to prevent out of array reads. Signed-off-by: Michael Niedermayer (cherry picked from commit 14db3af4f26dad8e6ddf2147e96ccc710952ad4d) Signed-off-by: Michael Niedermayer --- libavcodec/qdm2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/qdm2.c b/libavcodec/qdm2.c index 144ce98042..3aa9e5b6c3 100644 --- a/libavcodec/qdm2.c +++ b/libavcodec/qdm2.c @@ -1327,7 +1327,7 @@ static void qdm2_fft_decode_tones (QDM2Context *q, int duration, GetBitContext * local_int_10 = 1 << (q->group_order - duration - 1); offset = 1; - while (1) { + while (get_bits_left(gb)>0) { if (q->superblocktype_2_3) { while ((n = qdm2_get_vlc(gb, &vlc_tab_fft_tone_offset[local_int_8], 1, 2)) < 2) { offset = 1; From 91805f06a39ca82e1463ebce578452d0e2f22bf6 Mon Sep 17 00:00:00 2001 From: Stefano Sabatini Date: Thu, 27 Oct 2011 01:38:21 +0200 Subject: [PATCH 634/652] rawdec: add check on sample_rate Prevent error condition in case sample_rate is unset or set to a negative value. In particular, fix divide-by-zero error occurring in ffmpeg due to sample_rate set to 0 in output_packet(), in code: ist->next_pts += ((int64_t)AV_TIME_BASE * ist->st->codec->frame_size) / ist->st->codec->sample_rate; Fix trac ticket #324. Signed-off-by: Michael Niedermayer --- libavformat/rawdec.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libavformat/rawdec.c b/libavformat/rawdec.c index a4e009b7e0..02e335ad1b 100644 --- a/libavformat/rawdec.c +++ b/libavformat/rawdec.c @@ -59,6 +59,12 @@ int ff_raw_read_header(AVFormatContext *s, AVFormatParameters *ap) if (s1->sample_rate) st->codec->sample_rate = s1->sample_rate; + if (st->codec->sample_rate <= 0) { + av_log(s, AV_LOG_ERROR, "Invalid sample rate %d specified\n", + st->codec->sample_rate); + return AVERROR(EINVAL); + } + if (s1->channels) st->codec->channels = s1->channels; From 64a854d06bb36bd417bdd1ea16567732dc890ad3 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 18 Nov 2011 22:34:41 +0100 Subject: [PATCH 635/652] rawdec: use a default sample rate if none is specified. Fixes "ffmpeg -f s16le -i /dev/zero" Signed-off-by: Michael Niedermayer (cherry picked from commit fca85ce5ecc8acba6a5cf10c5f99e932b26c6367) Signed-off-by: Michael Niedermayer --- libavformat/rawdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavformat/rawdec.c b/libavformat/rawdec.c index 02e335ad1b..d4383d5b49 100644 --- a/libavformat/rawdec.c +++ b/libavformat/rawdec.c @@ -60,9 +60,9 @@ int ff_raw_read_header(AVFormatContext *s, AVFormatParameters *ap) if (s1->sample_rate) st->codec->sample_rate = s1->sample_rate; if (st->codec->sample_rate <= 0) { - av_log(s, AV_LOG_ERROR, "Invalid sample rate %d specified\n", + av_log(s, AV_LOG_WARNING, "Invalid sample rate %d specified using default of 44100\n", st->codec->sample_rate); - return AVERROR(EINVAL); + st->codec->sample_rate= 44100; } if (s1->channels) From 47953c33ea8dc3b5da1903b0c5055043b82db3e7 Mon Sep 17 00:00:00 2001 From: Anton Khirnov Date: Sun, 22 May 2011 14:10:49 +0200 Subject: [PATCH 636/652] lavc: introduce avcodec_open2() as a replacement for avcodec_open(). Adds support for decoder-private options and makes setting other options simpler. (cherry picked from commit 0b950fe240936fa48fd41204bcfd04f35bbf39c3) Conflicts: libavcodec/avcodec.h Signed-off-by: Anton Khirnov --- ffprobe.c | 2 +- ffserver.c | 2 +- libavcodec/avcodec.h | 39 ++++++++++++++++++++++++++++++++++++++ libavcodec/mpegvideo_enc.c | 2 +- libavcodec/utils.c | 24 ++++++++++++++++++++++- libavcodec/version.h | 3 +++ libavfilter/vsrc_movie.c | 2 +- 7 files changed, 69 insertions(+), 5 deletions(-) diff --git a/ffprobe.c b/ffprobe.c index edda454cde..cb4a4c3106 100644 --- a/ffprobe.c +++ b/ffprobe.c @@ -291,7 +291,7 @@ static int open_input_file(AVFormatContext **fmt_ctx_ptr, const char *filename) if (!(codec = avcodec_find_decoder(stream->codec->codec_id))) { fprintf(stderr, "Unsupported codec with id %d for input stream %d\n", stream->codec->codec_id, stream->index); - } else if (avcodec_open(stream->codec, codec) < 0) { + } else if (avcodec_open2(stream->codec, codec, NULL) < 0) { fprintf(stderr, "Error while opening codec for input stream %d\n", stream->index); } diff --git a/ffserver.c b/ffserver.c index 65a97b20cc..179cac4d96 100644 --- a/ffserver.c +++ b/ffserver.c @@ -2116,7 +2116,7 @@ static void open_parser(AVFormatContext *s, int i) codec = avcodec_find_decoder(st->codec->codec_id); if (codec && (codec->capabilities & CODEC_CAP_PARSE_ONLY)) { st->codec->parse_only = 1; - if (avcodec_open(st->codec, codec) < 0) + if (avcodec_open2(st->codec, codec, NULL) < 0) st->codec->parse_only = 0; } } diff --git a/libavcodec/avcodec.h b/libavcodec/avcodec.h index 0269892028..2dbdc86e6a 100644 --- a/libavcodec/avcodec.h +++ b/libavcodec/avcodec.h @@ -30,6 +30,7 @@ #include "libavutil/samplefmt.h" #include "libavutil/avutil.h" #include "libavutil/cpu.h" +#include "libavutil/dict.h" #include "libavcodec/version.h" @@ -3615,6 +3616,7 @@ int avcodec_default_execute(AVCodecContext *c, int (*func)(AVCodecContext *c2, v int avcodec_default_execute2(AVCodecContext *c, int (*func)(AVCodecContext *c2, void *arg2, int, int),void *arg, int *ret, int count); //FIXME func typedef +#if FF_API_AVCODEC_OPEN /** * Initialize the AVCodecContext to use the given AVCodec. Prior to using this * function the context has to be allocated. @@ -3641,8 +3643,45 @@ int avcodec_default_execute2(AVCodecContext *c, int (*func)(AVCodecContext *c2, * @param codec The codec to use within the context. * @return zero on success, a negative value on error * @see avcodec_alloc_context, avcodec_find_decoder, avcodec_find_encoder, avcodec_close + * + * @deprecated use avcodec_open2 */ +attribute_deprecated int avcodec_open(AVCodecContext *avctx, AVCodec *codec); +#endif + +/** + * Initialize the AVCodecContext to use the given AVCodec. Prior to using this + * function the context has to be allocated with avcodec_alloc_context(). + * + * The functions avcodec_find_decoder_by_name(), avcodec_find_encoder_by_name(), + * avcodec_find_decoder() and avcodec_find_encoder() provide an easy way for + * retrieving a codec. + * + * @warning This function is not thread safe! + * + * @code + * avcodec_register_all(); + * av_dict_set(&opts, "b", "2.5M", 0); + * codec = avcodec_find_decoder(CODEC_ID_H264); + * if (!codec) + * exit(1); + * + * context = avcodec_alloc_context(); + * + * if (avcodec_open(context, codec, opts) < 0) + * exit(1); + * @endcode + * + * @param avctx The context to initialize. + * @param options A dictionary filled with AVCodecContext and codec-private options. + * On return this object will be filled with options that were not found. + * + * @return zero on success, a negative value on error + * @see avcodec_alloc_context3(), avcodec_find_decoder(), avcodec_find_encoder(), + * av_dict_set(), av_opt_find(). + */ +int avcodec_open2(AVCodecContext *avctx, AVCodec *codec, AVDictionary **options); /** * Decode the audio frame of size avpkt->size from avpkt->data into samples. diff --git a/libavcodec/mpegvideo_enc.c b/libavcodec/mpegvideo_enc.c index b5a1872eb1..51713a223f 100644 --- a/libavcodec/mpegvideo_enc.c +++ b/libavcodec/mpegvideo_enc.c @@ -972,7 +972,7 @@ static int estimate_best_b_count(MpegEncContext *s){ c->time_base= s->avctx->time_base; c->max_b_frames= s->max_b_frames; - if (avcodec_open(c, codec) < 0) + if (avcodec_open2(c, codec, NULL) < 0) return -1; for(i=0; imax_b_frames+2; i++){ diff --git a/libavcodec/utils.c b/libavcodec/utils.c index bbed7263ab..b264fe422e 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -32,6 +32,7 @@ #include "libavutil/audioconvert.h" #include "libavutil/imgutils.h" #include "libavutil/samplefmt.h" +#include "libavutil/dict.h" #include "avcodec.h" #include "dsputil.h" #include "libavutil/opt.h" @@ -467,9 +468,20 @@ AVFrame *avcodec_alloc_frame(void){ return pic; } +#if FF_API_AVCODEC_OPEN int attribute_align_arg avcodec_open(AVCodecContext *avctx, AVCodec *codec) +{ + return avcodec_open2(avctx, codec, NULL); +} +#endif + +int attribute_align_arg avcodec_open2(AVCodecContext *avctx, AVCodec *codec, AVDictionary **options) { int ret = 0; + AVDictionary *tmp = NULL; + + if (options) + av_dict_copy(&tmp, *options, 0); /* If there is a user-supplied mutex locking routine, call it. */ if (ff_lockmgr_cb) { @@ -496,14 +508,18 @@ int attribute_align_arg avcodec_open(AVCodecContext *avctx, AVCodec *codec) ret = AVERROR(ENOMEM); goto end; } - if(codec->priv_class){ //this can be droped once all user apps use avcodec_get_context_defaults3() + if (codec->priv_class) { *(AVClass**)avctx->priv_data= codec->priv_class; av_opt_set_defaults(avctx->priv_data); } } + if (codec->priv_class && (ret = av_opt_set_dict(avctx->priv_data, &tmp) < 0)) + goto free_and_end; } else { avctx->priv_data = NULL; } + if ((ret = av_opt_set_dict(avctx, &tmp)) < 0) + goto free_and_end; if(avctx->coded_width && avctx->coded_height) avcodec_set_dimensions(avctx, avctx->coded_width, avctx->coded_height); @@ -615,8 +631,14 @@ end: if (ff_lockmgr_cb) { (*ff_lockmgr_cb)(&codec_mutex, AV_LOCK_RELEASE); } + if (options) { + av_dict_free(options); + *options = tmp; + } + return ret; free_and_end: + av_dict_free(&tmp); av_freep(&avctx->priv_data); avctx->codec= NULL; goto end; diff --git a/libavcodec/version.h b/libavcodec/version.h index aded68e83e..f4a0ecd868 100644 --- a/libavcodec/version.h +++ b/libavcodec/version.h @@ -68,5 +68,8 @@ #ifndef FF_API_GET_PIX_FMT_NAME #define FF_API_GET_PIX_FMT_NAME (LIBAVCODEC_VERSION_MAJOR < 54) #endif +#ifndef FF_API_AVCODEC_OPEN +#define FF_API_AVCODEC_OPEN (LIBAVCODEC_VERSION_MAJOR < 54) +#endif #endif /* AVCODEC_VERSION_H */ diff --git a/libavfilter/vsrc_movie.c b/libavfilter/vsrc_movie.c index 7556fa2e9e..bd74f95545 100644 --- a/libavfilter/vsrc_movie.c +++ b/libavfilter/vsrc_movie.c @@ -139,7 +139,7 @@ static int movie_init(AVFilterContext *ctx) return AVERROR(EINVAL); } - if ((ret = avcodec_open(movie->codec_ctx, codec)) < 0) { + if ((ret = avcodec_open2(movie->codec_ctx, codec, NULL)) < 0) { av_log(ctx, AV_LOG_ERROR, "Failed to open codec\n"); return ret; } From 23f0d0f16bb2accc661ab8c135362ee75987c549 Mon Sep 17 00:00:00 2001 From: Baptiste Coudurier Date: Mon, 8 Aug 2011 23:41:50 -0700 Subject: [PATCH 637/652] lavc: fix parentheses placement in avcodec_open2(). Signed-off-by: Anton Khirnov (cherry picked from commit 1d36fb13b088f55ece155153fb6ca8ea278fc837) Signed-off-by: Anton Khirnov --- libavcodec/utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index b264fe422e..5c19dd7d35 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -513,7 +513,7 @@ int attribute_align_arg avcodec_open2(AVCodecContext *avctx, AVCodec *codec, AVD av_opt_set_defaults(avctx->priv_data); } } - if (codec->priv_class && (ret = av_opt_set_dict(avctx->priv_data, &tmp) < 0)) + if (codec->priv_class && (ret = av_opt_set_dict(avctx->priv_data, &tmp)) < 0) goto free_and_end; } else { avctx->priv_data = NULL; From afe2726089a9f45d89e81217cd69505c14b94445 Mon Sep 17 00:00:00 2001 From: Anton Khirnov Date: Sun, 22 May 2011 19:24:59 +0200 Subject: [PATCH 638/652] lavf: add avformat_find_stream_info() It supports passing options to codecs. (cherry picked from commit a67c061e0f3b55ffcc96f336fc0998e44b86c8e4) Conflicts: libavformat/utils.c Signed-off-by: Anton Khirnov --- libavfilter/vsrc_movie.c | 2 +- libavformat/avformat.h | 27 +++++++++++++++++++++++++++ libavformat/utils.c | 18 +++++++++++++----- 3 files changed, 41 insertions(+), 6 deletions(-) diff --git a/libavfilter/vsrc_movie.c b/libavfilter/vsrc_movie.c index bd74f95545..b018ba7418 100644 --- a/libavfilter/vsrc_movie.c +++ b/libavfilter/vsrc_movie.c @@ -96,7 +96,7 @@ static int movie_init(AVFilterContext *ctx) "Failed to avformat_open_input '%s'\n", movie->file_name); return ret; } - if ((ret = av_find_stream_info(movie->format_ctx)) < 0) + if ((ret = avformat_find_stream_info(movie->format_ctx, NULL)) < 0) av_log(ctx, AV_LOG_WARNING, "Failed to find stream info\n"); // if seeking requested, we execute it diff --git a/libavformat/avformat.h b/libavformat/avformat.h index 8561a50c01..c11d650e85 100644 --- a/libavformat/avformat.h +++ b/libavformat/avformat.h @@ -1081,6 +1081,7 @@ int avformat_open_input(AVFormatContext **ps, const char *filename, AVInputForma */ AVFormatContext *avformat_alloc_context(void); +#if FF_API_FORMAT_PARAMETERS /** * Read packets of a media file to get stream information. This * is useful for file formats with no headers such as MPEG. This @@ -1093,8 +1094,34 @@ AVFormatContext *avformat_alloc_context(void); * @return >=0 if OK, AVERROR_xxx on error * @todo Let the user decide somehow what information is needed so that * we do not waste time getting stuff the user does not need. + * + * @deprecated use avformat_find_stream_info. */ int av_find_stream_info(AVFormatContext *ic); +#endif + +/** + * Read packets of a media file to get stream information. This + * is useful for file formats with no headers such as MPEG. This + * function also computes the real framerate in case of MPEG-2 repeat + * frame mode. + * The logical file position is not changed by this function; + * examined packets may be buffered for later processing. + * + * @param ic media file handle + * @param options If non-NULL, an ic.nb_streams long array of pointers to + * dictionaries, where i-th member contains options for + * codec corresponding to i-th stream. + * On return each dictionary will be filled with options that were not found. + * @return >=0 if OK, AVERROR_xxx on error + * + * @note this function isn't guaranteed to open all the codecs, so + * options being non-empty at return is a perfectly normal behavior. + * + * @todo Let the user decide somehow what information is needed so that + * we do not waste time getting stuff the user does not need. + */ +int avformat_find_stream_info(AVFormatContext *ic, AVDictionary **options); /** * Find the "best" stream in the file. diff --git a/libavformat/utils.c b/libavformat/utils.c index e3c7d4aa84..15fed3287a 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -2074,7 +2074,7 @@ static int has_decode_delay_been_guessed(AVStream *st) st->codec_info_nb_frames >= 6 + st->codec->has_b_frames; } -static int try_decode_frame(AVStream *st, AVPacket *avpkt) +static int try_decode_frame(AVStream *st, AVPacket *avpkt, AVDictionary **options) { int16_t *samples; AVCodec *codec; @@ -2085,7 +2085,7 @@ static int try_decode_frame(AVStream *st, AVPacket *avpkt) codec = avcodec_find_decoder(st->codec->codec_id); if (!codec) return -1; - ret = avcodec_open(st->codec, codec); + ret = avcodec_open2(st->codec, codec, options); if (ret < 0) return ret; } @@ -2204,12 +2204,20 @@ static int tb_unreliable(AVCodecContext *c){ return 0; } +#if FF_API_FORMAT_PARAMETERS int av_find_stream_info(AVFormatContext *ic) +{ + return avformat_find_stream_info(ic, NULL); +} +#endif + +int avformat_find_stream_info(AVFormatContext *ic, AVDictionary **options) { int i, count, ret, read_size, j; AVStream *st; AVPacket pkt1, *pkt; int64_t old_offset = avio_tell(ic->pb); + int orig_nb_streams = ic->nb_streams; // new streams might appear, no options for those for(i=0;inb_streams;i++) { AVCodec *codec; @@ -2246,12 +2254,12 @@ int av_find_stream_info(AVFormatContext *ic) /* Ensure that subtitle_header is properly set. */ if (st->codec->codec_type == AVMEDIA_TYPE_SUBTITLE && codec && !st->codec->codec) - avcodec_open(st->codec, codec); + avcodec_open2(st->codec, codec, options ? &options[i] : NULL); //try to just open decoders, in case this is enough to get parameters if(!has_codec_parameters(st->codec)){ if (codec && !st->codec->codec) - avcodec_open(st->codec, codec); + avcodec_open2(st->codec, codec, options ? &options[i] : NULL); } } @@ -2386,7 +2394,7 @@ int av_find_stream_info(AVFormatContext *ic) it takes longer and uses more memory. For MPEG-4, we need to decompress for QuickTime. */ if (!has_codec_parameters(st->codec) || !has_decode_delay_been_guessed(st)) - try_decode_frame(st, pkt); + try_decode_frame(st, pkt, (options && i <= orig_nb_streams )? &options[i] : NULL); st->codec_info_nb_frames++; count++; From e297459eb694490c25acc65bcf75ee1630bd34b6 Mon Sep 17 00:00:00 2001 From: Anton Khirnov Date: Thu, 14 Jul 2011 03:08:53 +0200 Subject: [PATCH 639/652] lavf: fix invalid reads in avformat_find_stream_info() (cherry picked from commit e358f7ee90fec591348ca05dff94ebaf4c1a098b) Conflicts: libavformat/utils.c Signed-off-by: Anton Khirnov --- libavformat/utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index 15fed3287a..d155599058 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -2394,7 +2394,7 @@ int avformat_find_stream_info(AVFormatContext *ic, AVDictionary **options) it takes longer and uses more memory. For MPEG-4, we need to decompress for QuickTime. */ if (!has_codec_parameters(st->codec) || !has_decode_delay_been_guessed(st)) - try_decode_frame(st, pkt, (options && i <= orig_nb_streams )? &options[i] : NULL); + try_decode_frame(st, pkt, (options && i < orig_nb_streams )? &options[i] : NULL); st->codec_info_nb_frames++; count++; From d6f763659c6115e91d2fa981faffdb041d93f7a4 Mon Sep 17 00:00:00 2001 From: Mans Rullgard Date: Tue, 15 Nov 2011 22:33:49 +0000 Subject: [PATCH 640/652] lavf: fix multiplication overflow in avformat_find_stream_info() Converting to double before the multiplication rather than after avoids an integer overflow in some cases. Signed-off-by: Mans Rullgard (cherry picked from commit 52767d891c665ab1124fe4ce82d99b59673de7d2) Signed-off-by: Anton Khirnov --- libavformat/utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index d155599058..aa3ca5990b 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -2368,7 +2368,7 @@ int avformat_find_stream_info(AVFormatContext *ic, AVDictionary **options) for (i=1; iinfo->duration_error); i++) { int framerate= get_std_framerate(i); int ticks= lrintf(dur*framerate/(1001*12)); - double error= dur - ticks*1001*12/(double)framerate; + double error = dur - (double)ticks*1001*12 / framerate; st->info->duration_error[i] += error*error; } st->info->duration_count++; From 07624cfeaa8ea11d213032135fb56ffd5022b73a Mon Sep 17 00:00:00 2001 From: Anton Khirnov Date: Sat, 19 Nov 2011 08:51:26 +0100 Subject: [PATCH 641/652] Add a version bump and APIchanges entry for avcodec_open2 and avformat_find_stream_info. --- doc/APIchanges | 6 ++++++ libavcodec/version.h | 2 +- libavformat/version.h | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/doc/APIchanges b/doc/APIchanges index 79d9749373..165ea98392 100644 --- a/doc/APIchanges +++ b/doc/APIchanges @@ -13,6 +13,12 @@ libavutil: 2011-04-18 API changes, most recent first: +2011-07-10 - xxxxxxx - lavf 53.3.0 + Add avformat_find_stream_info(), deprecate av_find_stream_info(). + +2011-07-10 - xxxxxxx - lavc 53.6.0 + Add avcodec_open2(), deprecate avcodec_open(). + 2011-06-xx - xxxxxxx - lavf 53.2.0 - avformat.h Add avformat_open_input and avformat_write_header(). Deprecate av_open_input_stream, av_open_input_file, diff --git a/libavcodec/version.h b/libavcodec/version.h index f4a0ecd868..44c9198125 100644 --- a/libavcodec/version.h +++ b/libavcodec/version.h @@ -21,7 +21,7 @@ #define AVCODEC_VERSION_H #define LIBAVCODEC_VERSION_MAJOR 53 -#define LIBAVCODEC_VERSION_MINOR 5 +#define LIBAVCODEC_VERSION_MINOR 6 #define LIBAVCODEC_VERSION_MICRO 0 #define LIBAVCODEC_VERSION_INT AV_VERSION_INT(LIBAVCODEC_VERSION_MAJOR, \ diff --git a/libavformat/version.h b/libavformat/version.h index 3cc1718f2b..635b582e87 100644 --- a/libavformat/version.h +++ b/libavformat/version.h @@ -24,7 +24,7 @@ #include "libavutil/avutil.h" #define LIBAVFORMAT_VERSION_MAJOR 53 -#define LIBAVFORMAT_VERSION_MINOR 2 +#define LIBAVFORMAT_VERSION_MINOR 3 #define LIBAVFORMAT_VERSION_MICRO 0 #define LIBAVFORMAT_VERSION_INT AV_VERSION_INT(LIBAVFORMAT_VERSION_MAJOR, \ From 17c54e93176b8d1b39de3d4e892df9befeb07b73 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 17 Nov 2011 03:13:50 +0100 Subject: [PATCH 642/652] mjpeg: support mpo Fixes stereoscopic_photo.mpo Signed-off-by: Michael Niedermayer (cherry picked from commit 1d23e5246c67f765dd5d119c9f3197bdae07330c) Signed-off-by: Michael Niedermayer --- libavformat/rawdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/rawdec.c b/libavformat/rawdec.c index d4383d5b49..76e05237ca 100644 --- a/libavformat/rawdec.c +++ b/libavformat/rawdec.c @@ -252,7 +252,7 @@ AVInputFormat ff_gsm_demuxer = { #endif #if CONFIG_MJPEG_DEMUXER -FF_DEF_RAWVIDEO_DEMUXER(mjpeg, "raw MJPEG video", NULL, "mjpg,mjpeg", CODEC_ID_MJPEG) +FF_DEF_RAWVIDEO_DEMUXER(mjpeg, "raw MJPEG video", NULL, "mjpg,mjpeg,mpo", CODEC_ID_MJPEG) #endif #if CONFIG_MLP_DEMUXER From 5c6a2d9878f12da2730e06fbcc79f35d82f906cf Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 17 Nov 2011 19:38:47 +0100 Subject: [PATCH 643/652] ac3probe: Detect Sonic Foundry Soft Encode AC3 as raw AC3. Our ac3 code chain can handle it fine. More ideal would be to write a demuxer that actually extracts what can be from the additional headers and uses it for whatever it can be used for. Signed-off-by: Michael Niedermayer (cherry picked from commit 30ca700ba17b9ba46f4648afa30559ad890f0221) Signed-off-by: Michael Niedermayer --- libavformat/ac3dec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/ac3dec.c b/libavformat/ac3dec.c index fcf99363ee..92e468da43 100644 --- a/libavformat/ac3dec.c +++ b/libavformat/ac3dec.c @@ -40,6 +40,8 @@ static int ac3_eac3_probe(AVProbeData *p, enum CodecID expected_codec_id) buf2 = buf; for(frames = 0; buf2 < end; frames++) { + if(!memcmp(buf2, "\x1\x10\0\0\0\0\0\0", 8)) + buf2+=16; init_get_bits(&gbc, buf2, 54); if(ff_ac3_parse_header(&gbc, &hdr) < 0) break; From 4007352bd054936fe06cb8b726db008b47101d91 Mon Sep 17 00:00:00 2001 From: Thierry Foucu Date: Fri, 18 Nov 2011 17:36:50 -0800 Subject: [PATCH 644/652] imgutils: Fix illegal read. Found with address sanitizer. Signed-off-by: Alex Converse (cherry picked from commit c693aa6f71b4f539cf9df67ba42f4b1932981687) Signed-off-by: Michael Niedermayer --- libavutil/imgutils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavutil/imgutils.c b/libavutil/imgutils.c index e04c307f62..5033d0d4c1 100644 --- a/libavutil/imgutils.c +++ b/libavutil/imgutils.c @@ -125,7 +125,7 @@ int av_image_fill_pointers(uint8_t *data[4], enum PixelFormat pix_fmt, int heigh has_plane[desc->comp[i].plane] = 1; total_size = size[0]; - for (i = 1; has_plane[i] && i < 4; i++) { + for (i = 1; i < 4 && has_plane[i]; i++) { int h, s = (i == 1 || i == 2) ? desc->log2_chroma_h : 0; data[i] = data[i-1] + size[i-1]; h = (height + (1 << s) - 1) >> s; From 9b667da05d43063f602715feca037a999dee8000 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 20 Nov 2011 17:19:25 +0100 Subject: [PATCH 645/652] mpegvideo: dont use ff_mspel_motion() for vc1 Fixes Ticket655 Signed-off-by: Michael Niedermayer (cherry picked from commit 50d6f8195658d529c57bb42dfd8d7a71d60a9f1d) Signed-off-by: Michael Niedermayer --- libavcodec/mpegvideo_common.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mpegvideo_common.h b/libavcodec/mpegvideo_common.h index 18e49a63c3..50cd851654 100644 --- a/libavcodec/mpegvideo_common.h +++ b/libavcodec/mpegvideo_common.h @@ -725,7 +725,7 @@ static av_always_inline void MPV_motion_internal(MpegEncContext *s, 0, 0, 0, ref_picture, pix_op, qpix_op, s->mv[dir][0][0], s->mv[dir][0][1], 16); - }else if(!is_mpeg12 && (CONFIG_WMV2_DECODER || CONFIG_WMV2_ENCODER) && s->mspel){ + }else if(!is_mpeg12 && (CONFIG_WMV2_DECODER || CONFIG_WMV2_ENCODER) && s->mspel && s->codec_id == CODEC_ID_WMV2){ ff_mspel_motion(s, dest_y, dest_cb, dest_cr, ref_picture, pix_op, s->mv[dir][0][0], s->mv[dir][0][1], 16); From b8fc3017690f89748948b861e09971a5e1a7bd07 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 21 Nov 2011 02:03:13 +0100 Subject: [PATCH 646/652] h264: Fix invalid interlaced progressive MB combinations for direct mode prediction. Fixes Ticket312 Signed-off-by: Michael Niedermayer (cherry picked from commit 833a195905405fc9646c7544ce9d0f3279608977) Signed-off-by: Michael Niedermayer --- libavcodec/h264_direct.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/h264_direct.c b/libavcodec/h264_direct.c index 0b19353656..4ebb60e41c 100644 --- a/libavcodec/h264_direct.c +++ b/libavcodec/h264_direct.c @@ -253,6 +253,10 @@ static void pred_spatial_direct_motion(H264Context * const h, int *mb_type){ mb_type_col[1] = h->ref_list[1][0].mb_type[mb_xy + s->mb_stride]; b8_stride = 2+4*s->mb_stride; b4_stride *= 6; + if(IS_INTERLACED(mb_type_col[0]) != IS_INTERLACED(mb_type_col[1])){ + mb_type_col[0] &= ~MB_TYPE_INTERLACED; + mb_type_col[1] &= ~MB_TYPE_INTERLACED; + } sub_mb_type |= MB_TYPE_16x16|MB_TYPE_DIRECT2; /* B_SUB_8x8 */ if( (mb_type_col[0] & MB_TYPE_16x16_OR_INTRA) From a6a61a6d1d4da219a6fe29250e2a6b28f9d05524 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 18 Nov 2011 17:48:31 +0100 Subject: [PATCH 647/652] qdm2dec: fix buffer overflow. Fixes NGS00144 This also adds a few lines of code from master that are needed for this fix. Thanks to Phillip for suggestions to improve the patch. Found-by: Phillip Langlois Signed-off-by: Michael Niedermayer --- libavcodec/qdm2.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/libavcodec/qdm2.c b/libavcodec/qdm2.c index 3aa9e5b6c3..e000df8efd 100644 --- a/libavcodec/qdm2.c +++ b/libavcodec/qdm2.c @@ -76,6 +76,7 @@ do { \ #define SAMPLES_NEEDED_2(why) \ av_log (NULL,AV_LOG_INFO,"This file triggers some missing code. Please contact the developers.\nPosition: %s\n",why); +#define QDM2_MAX_FRAME_SIZE 512 typedef int8_t sb_int8_array[2][30][64]; @@ -168,7 +169,7 @@ typedef struct { /// I/O data const uint8_t *compressed_data; int compressed_size; - float output_buffer[1024]; + float output_buffer[QDM2_MAX_FRAME_SIZE * MPA_MAX_CHANNELS * 2]; /// Synthesis filter MPADSPContext mpadsp; @@ -1822,7 +1823,8 @@ static av_cold int qdm2_decode_init(AVCodecContext *avctx) // something like max decodable tones s->group_order = av_log2(s->group_size) + 1; s->frame_size = s->group_size / 16; // 16 iterations per super block - if (s->frame_size > FF_ARRAY_ELEMS(s->output_buffer) / 2) + + if (s->frame_size > QDM2_MAX_FRAME_SIZE) return AVERROR_INVALIDDATA; s->sub_sampling = s->fft_order - 7; @@ -1893,6 +1895,9 @@ static int qdm2_decode (QDM2Context *q, const uint8_t *in, int16_t *out) int ch, i; const int frame_size = (q->frame_size * q->channels); + if((unsigned)frame_size > FF_ARRAY_ELEMS(q->output_buffer)/2) + return -1; + /* select input buffer */ q->compressed_data = in; q->compressed_size = q->checksum_size; From fa5292d9d42f10841e3a889bca4ebd878c965268 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 18 Nov 2011 18:08:31 +0100 Subject: [PATCH 648/652] vp3dec: Check coefficient index in vp3_dequant() Fixes NGS00145 Found-by: Phillip Langlois Signed-off-by: Michael Niedermayer (cherry picked from commit eef5c35b4352ec49ca41f6198bee8a976b1f81e5) Signed-off-by: Michael Niedermayer --- libavcodec/vp3.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c index 549f494ff6..2f07af8c4b 100644 --- a/libavcodec/vp3.c +++ b/libavcodec/vp3.c @@ -1308,6 +1308,10 @@ static inline int vp3_dequant(Vp3DecodeContext *s, Vp3Fragment *frag, case 1: // zero run s->dct_tokens[plane][i]++; i += (token >> 2) & 0x7f; + if(i>63){ + av_log(s->avctx, AV_LOG_ERROR, "Coefficient index overflow\n"); + return -1; + } block[perm[i]] = (token >> 9) * dequantizer[perm[i]]; i++; break; From 661ee45f8881bb551eb403472e60c38a7c2818aa Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 18 Nov 2011 19:10:21 +0100 Subject: [PATCH 649/652] svq1dec: call avcodec_set_dimensions() after dimensions changed. Fixes NGS00148 Found-by: Phillip Langlois Signed-off-by: Michael Niedermayer (cherry picked from commit 4931c8f0f10bf8dedcf626104a6b85bfefadc6f2) Signed-off-by: Michael Niedermayer --- libavcodec/svq1dec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/svq1dec.c b/libavcodec/svq1dec.c index f2690fbf33..9553979d45 100644 --- a/libavcodec/svq1dec.c +++ b/libavcodec/svq1dec.c @@ -658,6 +658,7 @@ static int svq1_decode_frame(AVCodecContext *avctx, av_dlog(s->avctx, "Error in svq1_decode_frame_header %i\n",result); return result; } + avcodec_set_dimensions(avctx, s->width, s->height); //FIXME this avoids some confusion for "B frames" without 2 references //this should be removed after libavcodec can handle more flexible picture types & ordering From 4e9b2c57326fe254d0251fbf268b3481705b4c65 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 21 Nov 2011 20:00:13 +0100 Subject: [PATCH 650/652] Update for 0.7.8 Signed-off-by: Michael Niedermayer --- Doxyfile | 2 +- RELEASE | 2 +- VERSION | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Doxyfile b/Doxyfile index 61156c4f62..bb2f7e730f 100644 --- a/Doxyfile +++ b/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 0.7.7 +PROJECT_NUMBER = 0.7.8 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. diff --git a/RELEASE b/RELEASE index 879be8a98f..e7c7d3cc3c 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -0.7.7 +0.7.8 diff --git a/VERSION b/VERSION index 879be8a98f..e7c7d3cc3c 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.7.7 +0.7.8 From 71ef1e494f82be44a0629111f6a80c027f7d3990 Mon Sep 17 00:00:00 2001 From: Sergiy Gur'yev Date: Thu, 24 Nov 2011 14:53:19 +0200 Subject: [PATCH 651/652] Fix adts format creation in aac+ encoder modified: libavcodec/libaacplus.c Signed-off-by: Michael Niedermayer (cherry picked from commit 32ed7da1350e551ec005b75e482da74f2e93fbb9) --- libavcodec/libaacplus.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/libavcodec/libaacplus.c b/libavcodec/libaacplus.c index c8c87be549..a5ededbf39 100644 --- a/libavcodec/libaacplus.c +++ b/libavcodec/libaacplus.c @@ -63,9 +63,7 @@ static av_cold int aacPlus_encode_init(AVCodecContext *avctx) aacplus_cfg->bitRate = avctx->bit_rate; aacplus_cfg->bandWidth = avctx->cutoff; - if (avctx->flags & CODEC_FLAG_GLOBAL_HEADER) { - aacplus_cfg->outputFormat = 0; //raw aac - } + aacplus_cfg->outputFormat = !(avctx->flags & CODEC_FLAG_GLOBAL_HEADER); aacplus_cfg->inputFormat = AACPLUS_INPUT_16BIT; if (!aacplusEncSetConfiguration(s->aacplus_handle, aacplus_cfg)) { av_log(avctx, AV_LOG_ERROR, "libaacplus doesn't support this output format!\n"); From ea4e8e642acc8c192a129470cb58c45beb62940b Mon Sep 17 00:00:00 2001 From: Timothy Gu Date: Sun, 14 Jul 2013 15:25:43 -0700 Subject: [PATCH 652/652] Deprecate oldabi branch by adding a warning to configure In order to build, users must now explicitly pass --enable-building to configure. Signed-off-by: Michael Niedermayer --- configure | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/configure b/configure index 25cea23ed7..ed345daa1a 100755 --- a/configure +++ b/configure @@ -72,6 +72,9 @@ Standard options: --mandir=DIR install man page in DIR [PREFIX/share/man] Configuration options: + --enable-building enable building ONLY if you understand the + potential security risk posed by using this + branch (oldabi) --disable-static do not build static libraries [no] --enable-shared build shared libraries [no] --enable-gpl allow use of GPL code, the resulting libs @@ -910,6 +913,7 @@ CONFIG_LIST=" avfilter avformat avisynth + building bzlib crystalhd dct @@ -1936,6 +1940,22 @@ filter_cflags=echo filter_cppflags=echo filter_asflags=echo +if ! enabled building; then + cat <&1 | grep -q '^gcc.*LLVM'; then cc_type=llvm_gcc cc_version=__VERSION__