diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000000..7a7555d189 --- /dev/null +++ b/.gitignore @@ -0,0 +1,46 @@ +.config +.version +*.o +*.so +*.d +*.exe +*.ho +*-example +*-test +*_g +config.* +doc/*.1 +doc/*.html +doc/*.pod +doxy +ffmpeg +ffplay +ffprobe +ffserver +libavcodec/libavcodec* +libavcore/libavcore* +libavdevice/libavdevice* +libavfilter/libavfilter* +libavformat/libavformat* +libavutil/avconfig.h +libavutil/libavutil* +libpostproc/libpostproc* +libswscale/libswscale* +tests/audiogen +tests/base64 +tests/data +tests/rotozoom +tests/seek_test +tests/tiny_psnr +tests/videogen +tests/vsynth1 +tests/vsynth2 +tools/cws2fws +tools/graph2dot +tools/lavfi-showfiltfmts +tools/pktdumper +tools/probetest +tools/qt-faststart +tools/trasher +tools/trasher*.d +version.h diff --git a/COPYING.GPL b/COPYING.GPLv2 similarity index 100% rename from COPYING.GPL rename to COPYING.GPLv2 diff --git a/COPYING.GPLv3 b/COPYING.GPLv3 new file mode 100644 index 0000000000..94a9ed024d --- /dev/null +++ b/COPYING.GPLv3 @@ -0,0 +1,674 @@ + GNU GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU General Public License is a free, copyleft license for +software and other kinds of works. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +the GNU General Public License is intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. We, the Free Software Foundation, use the +GNU General Public License for most of our software; it applies also to +any other work released this way by its authors. You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + To protect your rights, we need to prevent others from denying you +these rights or asking you to surrender the rights. Therefore, you have +certain responsibilities if you distribute copies of the software, or if +you modify it: responsibilities to respect the freedom of others. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must pass on to the recipients the same +freedoms that you received. You must make sure that they, too, receive +or can get the source code. And you must show them these terms so they +know their rights. + + Developers that use the GNU GPL protect your rights with two steps: +(1) assert copyright on the software, and (2) offer you this License +giving you legal permission to copy, distribute and/or modify it. + + For the developers' and authors' protection, the GPL clearly explains +that there is no warranty for this free software. For both users' and +authors' sake, the GPL requires that modified versions be marked as +changed, so that their problems will not be attributed erroneously to +authors of previous versions. + + Some devices are designed to deny users access to install or run +modified versions of the software inside them, although the manufacturer +can do so. This is fundamentally incompatible with the aim of +protecting users' freedom to change the software. The systematic +pattern of such abuse occurs in the area of products for individuals to +use, which is precisely where it is most unacceptable. Therefore, we +have designed this version of the GPL to prohibit the practice for those +products. If such problems arise substantially in other domains, we +stand ready to extend this provision to those domains in future versions +of the GPL, as needed to protect the freedom of users. + + Finally, every program is threatened constantly by software patents. +States should not allow patents to restrict development and use of +software on general-purpose computers, but in those that do, we wish to +avoid the special danger that patents applied to a free program could +make it effectively proprietary. To prevent this, the GPL assures that +patents cannot be used to render the program non-free. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Use with the GNU Affero General Public License. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU Affero General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the special requirements of the GNU Affero General Public License, +section 13, concerning interaction through a network will apply to the +combination as such. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If the program does terminal interaction, make it output a short +notice like this when it starts in an interactive mode: + + Copyright (C) + This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, your program's commands +might be different; for a GUI interface, you would use an "about box". + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU GPL, see +. + + The GNU General Public License does not permit incorporating your program +into proprietary programs. If your program is a subroutine library, you +may consider it more useful to permit linking proprietary applications with +the library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. But first, please read +. diff --git a/COPYING.LGPL b/COPYING.LGPLv2.1 similarity index 100% rename from COPYING.LGPL rename to COPYING.LGPLv2.1 diff --git a/COPYING.LGPLv3 b/COPYING.LGPLv3 new file mode 100644 index 0000000000..65c5ca88a6 --- /dev/null +++ b/COPYING.LGPLv3 @@ -0,0 +1,165 @@ + GNU LESSER GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + + This version of the GNU Lesser General Public License incorporates +the terms and conditions of version 3 of the GNU General Public +License, supplemented by the additional permissions listed below. + + 0. Additional Definitions. + + As used herein, "this License" refers to version 3 of the GNU Lesser +General Public License, and the "GNU GPL" refers to version 3 of the GNU +General Public License. + + "The Library" refers to a covered work governed by this License, +other than an Application or a Combined Work as defined below. + + An "Application" is any work that makes use of an interface provided +by the Library, but which is not otherwise based on the Library. +Defining a subclass of a class defined by the Library is deemed a mode +of using an interface provided by the Library. + + A "Combined Work" is a work produced by combining or linking an +Application with the Library. The particular version of the Library +with which the Combined Work was made is also called the "Linked +Version". + + The "Minimal Corresponding Source" for a Combined Work means the +Corresponding Source for the Combined Work, excluding any source code +for portions of the Combined Work that, considered in isolation, are +based on the Application, and not on the Linked Version. + + The "Corresponding Application Code" for a Combined Work means the +object code and/or source code for the Application, including any data +and utility programs needed for reproducing the Combined Work from the +Application, but excluding the System Libraries of the Combined Work. + + 1. Exception to Section 3 of the GNU GPL. + + You may convey a covered work under sections 3 and 4 of this License +without being bound by section 3 of the GNU GPL. + + 2. Conveying Modified Versions. + + If you modify a copy of the Library, and, in your modifications, a +facility refers to a function or data to be supplied by an Application +that uses the facility (other than as an argument passed when the +facility is invoked), then you may convey a copy of the modified +version: + + a) under this License, provided that you make a good faith effort to + ensure that, in the event an Application does not supply the + function or data, the facility still operates, and performs + whatever part of its purpose remains meaningful, or + + b) under the GNU GPL, with none of the additional permissions of + this License applicable to that copy. + + 3. Object Code Incorporating Material from Library Header Files. + + The object code form of an Application may incorporate material from +a header file that is part of the Library. You may convey such object +code under terms of your choice, provided that, if the incorporated +material is not limited to numerical parameters, data structure +layouts and accessors, or small macros, inline functions and templates +(ten or fewer lines in length), you do both of the following: + + a) Give prominent notice with each copy of the object code that the + Library is used in it and that the Library and its use are + covered by this License. + + b) Accompany the object code with a copy of the GNU GPL and this license + document. + + 4. Combined Works. + + You may convey a Combined Work under terms of your choice that, +taken together, effectively do not restrict modification of the +portions of the Library contained in the Combined Work and reverse +engineering for debugging such modifications, if you also do each of +the following: + + a) Give prominent notice with each copy of the Combined Work that + the Library is used in it and that the Library and its use are + covered by this License. + + b) Accompany the Combined Work with a copy of the GNU GPL and this license + document. + + c) For a Combined Work that displays copyright notices during + execution, include the copyright notice for the Library among + these notices, as well as a reference directing the user to the + copies of the GNU GPL and this license document. + + d) Do one of the following: + + 0) Convey the Minimal Corresponding Source under the terms of this + License, and the Corresponding Application Code in a form + suitable for, and under terms that permit, the user to + recombine or relink the Application with a modified version of + the Linked Version to produce a modified Combined Work, in the + manner specified by section 6 of the GNU GPL for conveying + Corresponding Source. + + 1) Use a suitable shared library mechanism for linking with the + Library. A suitable mechanism is one that (a) uses at run time + a copy of the Library already present on the user's computer + system, and (b) will operate properly with a modified version + of the Library that is interface-compatible with the Linked + Version. + + e) Provide Installation Information, but only if you would otherwise + be required to provide such information under section 6 of the + GNU GPL, and only to the extent that such information is + necessary to install and execute a modified version of the + Combined Work produced by recombining or relinking the + Application with a modified version of the Linked Version. (If + you use option 4d0, the Installation Information must accompany + the Minimal Corresponding Source and Corresponding Application + Code. If you use option 4d1, you must provide the Installation + Information in the manner specified by section 6 of the GNU GPL + for conveying Corresponding Source.) + + 5. Combined Libraries. + + You may place library facilities that are a work based on the +Library side by side in a single library together with other library +facilities that are not Applications and are not covered by this +License, and convey such a combined library under terms of your +choice, if you do both of the following: + + a) Accompany the combined library with a copy of the same work based + on the Library, uncombined with any other library facilities, + conveyed under the terms of this License. + + b) Give prominent notice with the combined library that part of it + is a work based on the Library, and explaining where to find the + accompanying uncombined form of the same work. + + 6. Revised Versions of the GNU Lesser General Public License. + + The Free Software Foundation may publish revised and/or new versions +of the GNU Lesser General Public License from time to time. Such new +versions will be similar in spirit to the present version, but may +differ in detail to address new problems or concerns. + + Each version is given a distinguishing version number. If the +Library as you received it specifies that a certain numbered version +of the GNU Lesser General Public License "or any later version" +applies to it, you have the option of following the terms and +conditions either of that published version or of any later version +published by the Free Software Foundation. If the Library as you +received it does not specify a version number of the GNU Lesser +General Public License, you may choose any version of the GNU Lesser +General Public License ever published by the Free Software Foundation. + + If the Library as you received it specifies that a proxy can decide +whether future versions of the GNU Lesser General Public License shall +apply, that proxy's public statement of acceptance of any version is +permanent authorization for you to choose that version for the +Library. diff --git a/Changelog b/Changelog index b8791902f1..3e4827b08e 100644 --- a/Changelog +++ b/Changelog @@ -1,3 +1,153 @@ +Entries are sorted chronologically from oldest to youngest within each release, +releases are sorted from youngest to oldest. + +version 0.5.10: + +- mpeg12: do not decode extradata more than once (CVE-2012-2803) +- vp6: properly fail on unsupported feature (CVE-2012-2783) +- vp56: release frames on error (CVE-2012-2783) +- shorten: Use separate pointers for the allocated memory for decoded samples (CVE-2012-0858) +- shorten: check for realloc failure +- h264: check context state before decoding slice data partitions +- oggdec: check memory allocation +- Fix uninitialized reads on malformed Ogg files +- lavf: avoid integer overflow in ff_compute_frame_duration() +- yuv4mpeg: reject unsupported codecs +- tiffenc: Check av_malloc() results +- mpegaudiodec: fix short_start calculation +- h264: avoid stuck buffer pointer in decode_nal_units +- yuv4mpeg: return proper error codes (Bug 373) +- avidec: return 0, not packet size from read_packet() +- cavsdec: check for changing w/h (CVE-2012-2777 and CVE-2012-2784) +- avidec: use actually read size instead of requested size CVE-2012-2788 +- bytestream: add a new set of bytestream functions with overread checking +- avsdec: Set dimensions instead of relying on the demuxer (CVE-2012-2801) +- lavfi: avfilter_merge_formats: handle case where inputs are same +- bmpdec: only initialize palette for pal8 (Bug 367) +- Bump version number for the 0.5.10 release +- lavfi: avfilter_merge_formats: handle case where inputs are same +- mpegvideo: Don't use ff_mspel_motion() for vc1 +- imgconvert: avoid undefined left shift in avcodec_find_best_pix_fmt +- nuv: check RTjpeg header for validity +- vc1dec: add flush function for WMV9 and VC-1 decoders + + +version 0.5.9: + +- dpcm: ignore extra unpaired bytes in stereo streams (CVE-2011-3951) +- h264: Add check for invalid chroma_format_idc (CVE-2012-0851) +- adpcm: ADPCM Electronic Arts has always two channels (CVE-2012-0852) +- kmvc: Check palsize (CVE-2011-3952) +- qdm2: clip array indices returned by qdm2_get_vlc() +- configure: properly check for mingw-w64 through installed headers +- Replace every usage of -lvfw32 with what is particularly necessary for that case +- mingw32: properly check if vfw capture is supported by the system headers +- mingw32: merge checks for mingw-w64 and mingw32-runtime >= 3.15 into one +- vfwcap: Include windows.h before vfw.h since the latter requires defines from the former +- ea: check chunk_size for validity +- eatqi: move "block" variable into context to ensure sufficient alignment for idct_put +- tqi: Pass errors from the MB decoder +- png: check bit depth for PAL8/Y400A pixel formats. + + +version 0.5.8: + +- id3v2: fix skipping extended header in id3v2.4 +- nsvdec: Several bugfixes related to CVE-2011-3940 +- dv: check stype +- dv: Fix null pointer dereference due to ach=0 +- dv: Fix small stack overread related to CVE-2011-3929 and CVE-2011-3936. +- atrac3: Fix crash in tonal component decoding, fixes CVE-2012-0853 +- mjpegbdec: Fix overflow in SOS, fixes CVE-2011-3947 +- motionpixels: Clip YUV values after applying a gradient. +- vqavideo: return error if image size is not a multiple of block size, + fixes CVE-2012-0947. + + +version 0.5.7: +- vorbis: An additional defense in the Vorbis codec. (CVE-2011-3895) +- vorbisdec: Fix decoding bug with channel handling. +- matroskadec: Fix a bug where a pointer was cached to an array that might + later move due to a realloc(). (CVE-2011-3893) +- vorbis: Avoid some out-of-bounds reads. (CVE-2011-3893) +- vp3: fix oob read for negative tokens and memleaks on error, (CVE-2011-3892) +- vp3: fix streams with non-zero last coefficient. + + +version 0.5.6: +- svq1dec: call avcodec_set_dimensions() after dimensions changed. (NGS00148, CVE-2011-4579) +- vmd: fix segfaults on corruped streams (CVE-2011-4364) +- commits related to CVE-2011-4353: + - vp6: partially propagate huffman tree building errors during coeff model parsing and fix misspelling + - Plug some memory leaks in the VP6 decoder + - vp6: Reset the internal state when aborting key frames header parsing + - vp6: Fix illegal read. + - vp6: Fix illegal read. + - Fix out of bound reads in the QDM2 decoder. +- commits related to CVE-2011-4351: + - Check for out of bound writes in the QDM2 decoder. + - qdm2: check output buffer size before decoding + - Fix qdm2 decoder packet handling to match the api + + +version 0.5.5: + +- Fix memory (re)allocation in matroskadec.c (MSVR11-011/CVE-2011-3504) +- Fix some crashes with invalid bitstreams in the CAVS decoder + (CVE-2011-3362, CVE-2011-3973, CVE-2011-3974) +- Compilation fixes for gcc-4.6, testsuite now passes again +- Detect and handle overreads in the MJPEG decoder. +- multiple other security fixes. + + + +version 0.5.4: + +- Fix memory corruption in WMV parsing (addresses CVE-2010-3908) +- Fix heap corruption crashes (addresses CVE-2011-0722) +- Fix crashes in Vorbis decoding found by zzuf (addresses CVE-2010-4704) +- Fix another crash in Vorbis decoding (addresses CVE-2011-0480, Chrome issue 68115) +- Fix invalid reads in VC-1 decoding (related to CVE-2011-0723) +- Do not attempt to decode APE file with no frames + (adresses http://packetstorm.linuxsecurity.com/1103-exploits/vlc105-dos.txt) + + + +version 0.5.3: + +- build system improvements +- performance fix for seekable HTTP +- fix several potentially exploitable issues in the FLIC decoder + (addresses CVE-2010-3429) + + + +version 0.5.2: + +- Hurd support +- PowerPC without AltiVec compilation issues +- validate channels and samplerate in the Vorbis decoder + + + +version 0.5.1: + +- build system updates +- documentation updates +- libswscale now is LGPL except for x86 optimizations +- fix for GPL code in libswscale that was erroneously activated +- AltiVec code in libswscale is now LGPL +- remaining GPL parts in AC-3 decoder converted to LGPL +- (L)GPL license upgrade support +- AMR-NB decoding/encoding, AMR-WB decoding via OpenCORE libraries +- enable symbol versioning by default for linkers that support it +- backport av_lockmgr_register(), see doc/APIchanges for details +- security fixes for: + - ASF, Ogg and MOV demuxers + - FFv1, H.264, HuffYUV, MLP, MPEG audio and Snow decoders + + + version 0.5: - The "device" muxers and demuxers are now in a new libavdevice library diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000000..8dc2c8953d --- /dev/null +++ b/LICENSE @@ -0,0 +1,50 @@ +FFmpeg: +------- + +Most files in FFmpeg are under the GNU Lesser General Public License version 2.1 +or later (LGPL v2.1+). Read the file COPYING.LGPLv2.1 for details. Some other +files have MIT/X11/BSD-style licenses. In combination the LGPL v2.1+ applies to +FFmpeg. + +Some optional parts of FFmpeg are licensed under the GNU General Public License +version 2 or later (GPL v2+). See the file COPYING.GPLv2 for details. None of +these parts are used by default, you have to explicitly pass --enable-gpl to +configure to activate them. In this case, FFmpeg's license changes to GPL v2+. + +Specifically, the GPL parts of FFmpeg are + +- libpostproc +- some x86 optimizations in libswscale +- optional x86 optimizations in the files + libavcodec/x86/h264_deblock_sse2.asm + libavcodec/x86/h264_idct_sse2.asm + libavcodec/x86/idct_mmx.c +- the X11 grabber in libavdevice/x11grab.c + +There are a handful of files under other licensing terms, namely: + +* The files libavcodec/jfdctfst.c, libavcodec/jfdctint.c, libavcodec/jrevdct.c + are taken from libjpeg, see the top of the files for licensing details. + +Should you, for whatever reason, prefer to use version 3 of the (L)GPL, then +the configure parameter --enable-version3 will activate this licensing option +for you. Read the file COPYING.LGPLv3 or, if you have enabled GPL parts, +COPYING.GPLv3 to learn the exact legal terms that apply in this case. + + +external libraries: +------------------- + +Some external libraries, e.g. libx264, are under GPL and can be used in +conjunction with FFmpeg. They require --enable-gpl to be passed to configure +as well. + +The OpenCORE external libraries are under the Apache License 2.0. That license +is incompatible with the LGPL v2.1 and the GPL v2, but not with version 3 of +those licenses. So to combine the OpenCORE libraries with FFmpeg, the license +version needs to be upgraded by passing --enable-version3 to configure. + +The nonfree external libraries libamrnb, libamrwb and libfaac can be hooked up +in FFmpeg. You need to pass --enable-nonfree to configure to enable them. Employ +this option with care as FFmpeg then becomes nonfree and unredistributable. +Note that libfaac claims to be LGPL, but is not. diff --git a/MAINTAINERS b/MAINTAINERS index 70d3de2bee..8cb9d8908e 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -8,7 +8,6 @@ FFmpeg code. Project Leader ============== -Michael Niedermayer final design decisions @@ -49,6 +48,7 @@ build system (configure,Makefiles) Diego Biurrun, Mans Rullgard project server Diego Biurrun, Mans Rullgard mailinglists Michael Niedermayer, Baptiste Coudurier presets Robert Swain +release management Diego Biurrun, Reinhard Tartler libavutil @@ -329,5 +329,6 @@ Loren Merritt ABD9 08F4 C920 3F65 D8BE 35D7 1540 DAA7 060F 56DE Michael Niedermayer 9FF2 128B 147E F673 0BAD F133 611E C787 040B 0FAB Peter Ross A907 E02F A6E5 0CD2 34CD 20D2 6760 79C5 AC40 DD6B Reimar Döffinger C61D 16E5 9E2C D10C 8958 38A4 0899 A2B9 06D4 D9C7 +Reinhard Tartler 9300 5DC2 7E87 6C37 ED7B CA9A 9808 3544 9453 48A4 Reynaldo H. Verdejo Pinochet 6E27 CD34 170C C78E 4D4F 5F40 C18E 077F 3114 452A Sascha Sommer 38A0 F88B 868E 9D3A 97D4 D6A0 E823 706F 1E07 0D3C diff --git a/README b/README index 5a5cb16a96..e907e90223 100644 --- a/README +++ b/README @@ -9,32 +9,4 @@ FFmpeg README 2) Licensing ------------ -* Read the file COPYING.LGPL. FFmpeg and the associated libraries EXCEPT - for libpostproc are licensed under the GNU Lesser General Public License. - -* libpostproc is distributed under the GNU General Public License, see the - file COPYING.GPL for details. Its compilation and use in FFmpeg is optional. - -* libswscale contains some optional processor-specific optimizations that are - distributed under the GNU General Public License. - -* The files libavcodec/x86/idct_mmx.c, libavcodec/x86/h264_deblock_sse2.asm - and libavcodec/x86/h264_idct_sse2.asm are distributed under the GNU General - Public License. They are strictly optimizations and their use is optional. - -* The file libavcodec/ac3dec.c is distributed under the GNU General Public - License. In order for (E-)AC-3 decoding to work you need to enable GPL - components. - -* The file libavdevice/x11grab.c is distributed under the GNU General - Public License. X11 grabbing is optional. - -* The files libavcodec/jfdctfst.c, libavcodec/jfdctint.c, libavcodec/jrevdct.c - are taken from libjpeg, see the top of the files for licensing details. - -* The file libavcodec/fdctref.c is copyrighted by the MPEG Software Simulation - Group with all rights reserved. It is only used to create a DCT test program - and not compiled into libavcodec. - -* Some external libraries are under GPL. If you wish to use them with FFmpeg, - you have to configure FFmpeg as GPL as well. +* See the LICENSE file. diff --git a/RELEASE b/RELEASE new file mode 100644 index 0000000000..2677b999a8 --- /dev/null +++ b/RELEASE @@ -0,0 +1,254 @@ +Release Notes +============= + +* 0.5 "Bike Shed World Domination" March 3, 2009 + +General notes +------------- + +It has been so long since the last release that this should be considered the +first FFmpeg release of recent times. Because of the way things have unfolded to +date, the notes for this version cannot be entirely conventional. + +See the Changelog file for a list of significant changes. + +Please note that our policy on bug reports has not changed. We still only accept +bug reports against HEAD of the FFmpeg trunk repository. If you are experiencing +any issues with any formally released version of FFmpeg, please try a current +version of the development code to check if the issue still exists. If it does, +make your report against the development code following the usual bug reporting +guidelines. + +API notes +--------- + +In the next release, it is intended to remove a number of deprecated APIs. We +decided to put out a release that includes said APIs for the benefit of third +party software. + +As such, this release: +- provides a sync point for said APIs +- increases awareness of API changes +- allows the next release to detail how to transition from the old to the new + +The deprecated APIs to be removed are: +- imgconvert (to be replaced by libswscale) +- vhook (to be replaced by libavfilter) + +If at all possible, do not use the deprecated APIs. All notes on API changes +should appear in doc/APIchanges. + + + +* 0.5.1 March 2, 2010 + +General notes +------------- + +This point release includes some minor updates to make the 0.5 release series +usable for users that need to retain the existing behavior as closely as +possible. The changes follow below: + +Security fixes +-------------- + +Various programming errors in container and codec implementations +may lead to denial of service or the execution of arbitrary code +if the user is tricked into opening a malformed media file or stream. + +Affected and updated have been the implementations of the following +codecs and container formats: + + - the Vorbis audio codec + - the FF Video 1 codec + - the MPEG audio codec + - the H264 video codec + - the MLP codec + - the HuffYUV codec + - the ASF demuxer + - the Ogg container implementation + - the MOV container implementation + +Symbol Versioning enabled +------------------------- + +The backported symbol versioning change is enabled on platforms that support +it. This allows users to upgrade from 0.5.1 to the upcoming 0.6 release +without having to recompile their applications. Please note that distributors +have to recompile applications against 0.5.1 before upgrading to 0.6. + +libx264.c backport +------------------ + +This release includes a backport to the libx264 wrapper that allows FFmpeg to +be compiled against newer versions of libx264 up to API version 85. + +licensing changes +----------------- + +Previously both libswscale and our AC-3 decoder had GPLed parts. These have +been replaced by fresh LGPL code. x86 optimizations for libswscale remain GPL, +but the C code is fully functional. Optimizations for other architectures have +been relicensed to LGPL. + +AMR-NB decoding/encoding and AMR-WB decoding is now possible through the free +software OpenCORE libraries as an alternative to the non-free libamr libraries. + +We found out that libfaac contains non-free parts and is not LGPL as previously +claimed. We have changed configure to reflect this. You now have to pass the +--enable-nonfree option if you wish to compile with libfaac support enabled. + +Furthermore the non-free bits in libavcodec/fdctref.c have been rewritten. Note +well that they were only used in a test program and never compiled into any +FFmpeg library. + + + +* 0.5.2 May 25, 2010 + +General notes +------------- + +This is a maintenance-only release that addresses a small number of security +and portability issues. Distributors and system integrators are encouraged +to update and share their patches against this branch. + + + +* 0.5.3 Oct 18, 2010 + +General notes +------------- + +This is (again) another maintenance-only release that addresses a fix +for seekable HTTP and an exploitable bug in the FLIC decoder +(cf. CVE-2010-3429 for details). Distributors and system integrators are +encouraged to update and share their patches against this branch. + + + +* 0.5.4 Mar 17, 2011 + +General notes +------------- + +This is the first release that we cut after git migration. It is another +maintenance-only release that addresses several security issues that were +brought to our attention. In detail, fixes for RV30/40, WMV, Vorbis and +VC-1 have been backported from trunk. Distributors and system integrators +are encouraged to update and share their patches against this branch. + + + +* 0.5.5 Nov 6, 2011 + +General notes +------------- + +This maintenance-only release addresses several security issues that +were brought to our attention. In detail, fixes for the MJPEG decoder, +the CAVS decoder (CVE-2011-3362, CVE-2011-3973, CVE-2011-3974), and the +Matroska decoder (MSVR11-011/CVE-2011-3504) and many others have been +corrected. Additional, this release contains fixes for compilation with +gcc-4.6. Distributors and system integrators are encouraged to update +and share their patches against this branch. + + + +* 0.5.6 Nov 21, 2011 + +General notes +------------- + +This maintenance-only release addresses several security issues that +were brought to our attention. + + + +* 0.5.7 Dec 25, 2011 + +General notes +------------- + +This maintenance-only release addresses several security issues that +were brought to our attention. In details, it features fixes for the +QDM2 decoder (CVE-2011-4351), DoS in the VP5/VP6 decoders +(CVE-2011-4353), and a buffer overflow in the Sierra VMD decoder +CVE-2011-4364, and a safety fix in the SVQ1 decoder (CVE-2011-4579). +CVE-2011-4352, a bug in the VP3 decoder, is not known to affect this +release. + +Distributors and system integrators are encouraged to update and share +their patches against this branch. + + + +* 0.5.8 Jan 12, 2012 + +General notes +------------- + +This mostly maintenance-only release that addresses a number a number of +bugs such as security and compilation issues that have been brought to +our attention. Among other (rather minor) fixes, this release features +fixes for the VP3 decoder (CVE-2011-3892), vorbis decoder, and matroska +demuxer (CVE-2011-3893 and CVE-2011-3895). + +Distributors and system integrators are encouraged +to update and share their patches against this branch. For a full list +of changes please see the Changelog file. + + + +* 0.5.9 May 11, 2012 + +General notes +------------- + +This maintenance-only release that addresses a number a number of +security issues that have been brought to our attention. Among other +(rather minor) fixes, this release features fixes for the DV decoder +(CVE-2011-3929 and CVE-2011-3936), nsvdec (CVE-2011-3940), Atrac3 +(CVE-2012-0853), mjpegdec (CVE-2011-3947) and the VQA video decoder +(CVE-2012-0947). + +Distributors and system integrators are encouraged +to update and share their patches against this branch. For a full list +of changes please see the Changelog file. + + + +* 0.5.10 Jun 09, 2012 + +General notes +------------- + +This mostly maintenance-only release addresses a number of bugs such as +security and compilation issues that have been brought to our +attention. Among other fixes, this release includes security updates for +the DPCM codecs (CVE-2011-3951), H.264 (CVE-2012-0851), ADPCM +(CVE-2012-0852), and the KMVC decoder (CVE-2011-3952). + +Distributors and system integrators are encouraged to update and share +their patches against this branch. For a full list of changes please see +the Changelog file or the Git commit history. + + + +* 0.5.11 Feb 17, 2013 + +General notes +------------- + +This maintenance-only release addresses a number of bugs such as +security and compilation issues that have been brought to our +attention. Among other fixes, this release includes security updates for +the mpeg12 codecs (CVE-2012-2803), H.264, VP5/VP6 (CVE-2012-2783, +CVE-2012-2783), shorten (CVE-2012-0858), CAVS (CVE-2012-2777 and +CVE-2012-2784), AVS (CVE-2012-2801) and a number of additional safe but +important bugs in other decoders. Additionally, reported bugs in the +yuv4mpeg (Bug 373) and BMP decoder (Bug 367) have been addressed. + +Distributors and system integrators are encouraged to update and share +their patches against this branch. For a full list of changes please +see the Changelog file or the Git commit history. diff --git a/VERSION b/VERSION new file mode 100644 index 0000000000..c5f3c9c45e --- /dev/null +++ b/VERSION @@ -0,0 +1 @@ +0.5.15 diff --git a/cmdutils.c b/cmdutils.c index d5fb6cff7b..8534c60aba 100644 --- a/cmdutils.c +++ b/cmdutils.c @@ -50,7 +50,7 @@ AVCodecContext *avctx_opts[CODEC_TYPE_NB]; AVFormatContext *avformat_opts; struct SwsContext *sws_opts; -const int this_year = 2009; +const int this_year = 2014; double parse_number_or_die(const char *context, const char *numstr, int type, double min, double max) { @@ -309,14 +309,26 @@ void show_version(void) { void show_license(void) { -#if CONFIG_NONFREE printf( +#if CONFIG_NONFREE "This version of %s has nonfree parts compiled in.\n" "Therefore it is not legally redistributable.\n", program_name - ); +#elif CONFIG_GPLV3 + "%s is free software; you can redistribute it and/or modify\n" + "it under the terms of the GNU General Public License as published by\n" + "the Free Software Foundation; either version 3 of the License, or\n" + "(at your option) any later version.\n" + "\n" + "%s is distributed in the hope that it will be useful,\n" + "but WITHOUT ANY WARRANTY; without even the implied warranty of\n" + "MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n" + "GNU General Public License for more details.\n" + "\n" + "You should have received a copy of the GNU General Public License\n" + "along with %s. If not, see .\n", + program_name, program_name, program_name #elif CONFIG_GPL - printf( "%s is free software; you can redistribute it and/or modify\n" "it under the terms of the GNU General Public License as published by\n" "the Free Software Foundation; either version 2 of the License, or\n" @@ -331,9 +343,21 @@ void show_license(void) "along with %s; if not, write to the Free Software\n" "Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n", program_name, program_name, program_name - ); +#elif CONFIG_LGPLV3 + "%s is free software; you can redistribute it and/or modify\n" + "it under the terms of the GNU Lesser General Public License as published by\n" + "the Free Software Foundation; either version 3 of the License, or\n" + "(at your option) any later version.\n" + "\n" + "%s is distributed in the hope that it will be useful,\n" + "but WITHOUT ANY WARRANTY; without even the implied warranty of\n" + "MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n" + "GNU Lesser General Public License for more details.\n" + "\n" + "You should have received a copy of the GNU Lesser General Public License\n" + "along with %s. If not, see .\n", + program_name, program_name, program_name #else - printf( "%s is free software; you can redistribute it and/or\n" "modify it under the terms of the GNU Lesser General Public\n" "License as published by the Free Software Foundation; either\n" @@ -348,8 +372,8 @@ void show_license(void) "License along with %s; if not, write to the Free Software\n" "Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n", program_name, program_name, program_name - ); #endif + ); } void show_formats(void) diff --git a/common.mak b/common.mak index 4be056c876..a98ccd75e2 100644 --- a/common.mak +++ b/common.mak @@ -9,6 +9,7 @@ vpath %.c $(SRC_DIR) vpath %.h $(SRC_DIR) vpath %.S $(SRC_DIR) vpath %.asm $(SRC_DIR) +vpath %.v $(SRC_DIR) ifeq ($(SRC_DIR),$(SRC_PATH_BARE)) BUILD_ROOT_REL = . @@ -43,6 +44,9 @@ CFLAGS := -DHAVE_AV_CONFIG_H -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE \ %$(EXESUF): %.c +%.ver: %.v + sed 's/$$MAJOR/$($(basename $(@F))_VERSION_MAJOR)/' $^ > $@ + SVN_ENTRIES = $(SRC_PATH_BARE)/.svn/entries ifeq ($(wildcard $(SVN_ENTRIES)),$(SVN_ENTRIES)) $(BUILD_ROOT_REL)/version.h: $(SVN_ENTRIES) @@ -77,7 +81,7 @@ checkheaders: $(filter-out %_template.ho,$(ALLHEADERS:.h=.ho)) DEPS := $(OBJS:.o=.d) depend dep: $(DEPS) -CLEANSUFFIXES = *.o *~ *.ho +CLEANSUFFIXES = *.o *~ *.ho *.ver LIBSUFFIXES = *.a *.lib *.so *.so.* *.dylib *.dll *.def *.dll.a *.exp *.map DISTCLEANSUFFIXES = *.d *.pc diff --git a/configure b/configure index 281ce24a17..67cc2f65ca 100755 --- a/configure +++ b/configure @@ -75,13 +75,14 @@ show_help(){ echo " --enable-shared build shared libraries [no]" echo " --enable-gpl allow use of GPL code, the resulting libs" echo " and binaries will be under GPL [no]" + echo " --enable-version3 upgrade (L)GPL to version 3 [no]" echo " --enable-nonfree allow use of nonfree code, the resulting libs" echo " and binaries will be unredistributable [no]" echo " --disable-ffmpeg disable ffmpeg build" echo " --disable-ffplay disable ffplay build" echo " --disable-ffserver disable ffserver build" echo " --enable-postproc enable GPLed postprocessing support [no]" - echo " --enable-swscale enable GPLed software scaler support [no]" + echo " --enable-swscale enable software scaler support [no]" echo " --enable-avfilter video filter support (replaces vhook) [no]" echo " --enable-avfilter-lavf video filters dependent on avformat [no]" echo " --disable-vhook disable video hooking support" @@ -102,6 +103,7 @@ show_help(){ echo " --disable-golomb disable Golomb code" echo " --disable-mdct disable MDCT code" echo " --disable-rdft disable RDFT code" + echo " --enable-runtime-cpudetect detect cpu capabilities at runtime (bigger binary)" echo " --enable-hardcoded-tables use hardcoded tables instead of runtime generation" echo " --enable-memalign-hack emulate memalign, interferes with memory debuggers" echo " --enable-beos-netserver enable BeOS netserver" @@ -148,6 +150,8 @@ show_help(){ echo " --enable-bzlib enable bzlib [autodetect]" echo " --enable-libamr-nb enable libamr-nb floating point audio codec [no]" echo " --enable-libamr-wb enable libamr-wb floating point audio codec [no]" + echo " --enable-libopencore-amrnb enable AMR-NB de/encoding via libopencore-amrnb [no]" + echo " --enable-libopencore-amrwb enable AMR-WB decoding via libopencore-amrwb [no]" echo " --enable-libdc1394 enable IIDC-1394 grabbing using libdc1394" echo " and libraw1394 [no]" echo " --enable-libdirac enable Dirac support via libdirac [no]" @@ -257,7 +261,6 @@ Include the log file "$logfile" produced by configure as this will help solving the problem. EOF fi - rm -f $TMPC $TMPE $TMPH $TMPO $TMPS $TMPSH exit 1 } @@ -563,13 +566,18 @@ int x; EOF } -check_ldflags(){ - log check_ldflags "$@" - check_ld "$@" < $tmp) 2>/dev/null || + die "Unable to create temoporary file in $TMPDIR." + append TMPFILES $tmp + eval $1=$tmp +} + +trap 'rm -f -- $TMPFILES' EXIT +trap exit HUP INT TERM + +tmpfile TMPC .c +tmpfile TMPE $EXESUF +tmpfile TMPH .h +tmpfile TMPO .o +tmpfile TMPS .S +tmpfile TMPV .ver +tmpfile TMPSH .sh + +unset -f mktemp # make sure we can execute files in $TMPDIR cat > $TMPSH 2>> $logfile </dev/null | grep -qi gcc; then cc_type=gcc @@ -1572,13 +1610,10 @@ case $target_os in SHFLAGS='-shared -Wl,--output-def,$$(@:$(SLIBSUF)=.def) -Wl,--enable-runtime-pseudo-reloc -Wl,--enable-auto-image-base' objformat="win32" enable dos_paths - if ! enabled x86_64; then - check_cpp_condition _mingw.h "(__MINGW32_MAJOR_VERSION > 3) || (__MINGW32_MAJOR_VERSION == 3 && __MINGW32_MINOR_VERSION >= 15)" || + check_cflags -fno-common + check_cpp_condition _mingw.h "defined (__MINGW64_VERSION_MAJOR) || (__MINGW32_MAJOR_VERSION > 3) \ + || (__MINGW32_MAJOR_VERSION == 3 && __MINGW32_MINOR_VERSION >= 15)" || die "ERROR: MinGW runtime version must be >= 3.15." - enabled_any avisynth vfwcap_demuxer && - { check_cpp_condition w32api.h "(__W32API_MAJOR_VERSION > 3) || (__W32API_MAJOR_VERSION == 3 && __W32API_MINOR_VERSION >= 13)" || - die "ERROR: avisynth and vfwcap_demuxer require w32api version 3.13 or later."; } - fi ;; cygwin*) target_os=cygwin @@ -1596,6 +1631,7 @@ case $target_os in SHFLAGS='-shared -Wl,--enable-auto-image-base' objformat="win32" enable dos_paths + check_cflags -fno-common ;; *-dos|freedos|opendos) disable ffplay ffserver vhook @@ -1638,6 +1674,11 @@ case $target_os in interix) disable vhook ;; + gnu/kfreebsd) + ;; + gnu) + disable dv1394 + ;; *) die "Unknown OS '$target_os'." @@ -1680,23 +1721,24 @@ EOF fi -if ! enabled gpl; then - die_gpl_disabled(){ - name=$1 - shift - enabled_any $@ && die "$name is under GPL and --enable-gpl is not specified." - } - die_gpl_disabled "The Postprocessing code" postproc - die_gpl_disabled "libx264" libx264 - die_gpl_disabled "libxvidcore" libxvid - die_gpl_disabled "FAAD2" libfaad2 - die_gpl_disabled "The X11 grabber" x11grab - die_gpl_disabled "The software scaler" swscale -fi +die_license_disabled() { + enabled $1 || { enabled $2 && die "$2 is $1 and --enable-$1 is not specified."; } +} -if ! enabled nonfree && enabled_any libamr_nb libamr_wb; then - die "libamr is nonfree and --enable-nonfree is not specified." -fi +die_license_disabled gpl libfaad2 +die_license_disabled gpl libx264 +die_license_disabled gpl libxvid +die_license_disabled gpl postproc +die_license_disabled gpl x11grab + +die_license_disabled nonfree libamr_nb +die_license_disabled nonfree libamr_wb +die_license_disabled nonfree libfaac + +die_license_disabled version3 libopencore_amrnb +die_license_disabled version3 libopencore_amrwb + +enabled version3 && { enabled gpl && enable gplv3 || enable lgplv3; } check_deps $ARCH_EXT_LIST @@ -1976,7 +2018,7 @@ EOF done # these are off by default, so fail if requested and not available -enabled avisynth && require2 vfw32 "windows.h vfw.h" AVIFileInit -lvfw32 +enabled avisynth && require2 vfw32 "windows.h vfw.h" AVIFileInit -lavifil32 enabled libamr_nb && require libamrnb amrnb/interf_dec.h Speech_Decode_Frame_init -lamrnb -lm enabled libamr_wb && require libamrwb amrwb/dec_if.h D_IF_init -lamrwb -lm enabled libdirac && add_cflags $(pkg-config --cflags dirac) && @@ -1987,13 +2029,15 @@ enabled libfaad && require2 libfaad faad.h faacDecOpen -lfaad enabled libgsm && require libgsm gsm.h gsm_create -lgsm enabled libmp3lame && require libmp3lame lame/lame.h lame_init -lmp3lame -lm enabled libnut && require libnut libnut.h nut_demuxer_init -lnut +enabled libopencore_amrnb && require libopencore_amrnb opencore-amrnb/interf_dec.h Decoder_Interface_init -lopencore-amrnb -lm +enabled libopencore_amrwb && require libopencore_amrwb opencore-amrwb/dec_if.h D_IF_init -lopencore-amrwb -lm enabled libopenjpeg && require libopenjpeg openjpeg.h opj_version -lopenjpeg enabled libschroedinger && add_cflags $(pkg-config --cflags schroedinger-1.0) && require libschroedinger schroedinger/schro.h schro_init $(pkg-config --libs schroedinger-1.0) enabled libspeex && require libspeex speex/speex.h speex_decoder_init -lspeex enabled libtheora && require libtheora theora/theora.h theora_info_init -ltheora -logg enabled libvorbis && require libvorbis vorbis/vorbisenc.h vorbis_info_init -lvorbisenc -lvorbis -logg -enabled libx264 && require libx264 x264.h x264_encoder_open -lx264 -lm && +enabled libx264 && require libx264 x264.h x264_encoder_encode -lx264 -lm && { check_cpp_condition x264.h "X264_BUILD >= 65" || die "ERROR: libx264 version must be >= 0.65."; } enabled libxvid && require libxvid xvid.h xvid_global -lxvidcore @@ -2101,7 +2145,10 @@ check_header linux/videodev.h check_header linux/videodev2.h check_header sys/videoio.h -check_func_headers "windows.h vfw.h" capCreateCaptureWindow -lvfw32 +check_func_headers "windows.h vfw.h" capCreateCaptureWindow -lavicap32 +# check that WM_CAP_DRIVER_CONNECT is defined to the proper value +# w32api 3.12 had it defined wrong +check_cpp_condition vfw.h "WM_CAP_DRIVER_CONNECT > WM_USER" && enable vfwcap_defines # check for ioctl_meteor.h, ioctl_bt848.h and alternatives { check_header dev/bktr/ioctl_meteor.h && @@ -2146,6 +2193,10 @@ check_ldflags -Wl,--as-needed check_ldflags '-Wl,-rpath-link,\$(BUILD_ROOT)/libpostproc -Wl,-rpath-link,\$(BUILD_ROOT)/libswscale -Wl,-rpath-link,\$(BUILD_ROOT)/libavfilter -Wl,-rpath-link,\$(BUILD_ROOT)/libavdevice -Wl,-rpath-link,\$(BUILD_ROOT)/libavformat -Wl,-rpath-link,\$(BUILD_ROOT)/libavcodec -Wl,-rpath-link,\$(BUILD_ROOT)/libavutil' check_ldflags -Wl,-Bsymbolic +echo "X{};" > $TMPV +test_ldflags -Wl,--version-script,$TMPV && + append SHFLAGS '-Wl,--version-script,\$(SUBDIR)lib\$(NAME).ver' + if enabled small; then check_cflags -Os # not all compilers support -Os optimizations="small" @@ -2191,7 +2242,7 @@ if enabled shared; then # LIBOBJFLAGS may have already been set in the OS configuration if test -z "$LIBOBJFLAGS" ; then case "${subarch-$arch}" in - x86_64|ia64|alpha|sparc*|power*|parisc*|mips*) LIBOBJFLAGS='$(PIC)' ;; + x86_64|ia64|alpha|sparc*|ppc|power*|parisc*|mips*) LIBOBJFLAGS='$(PIC)' ;; esac fi fi @@ -2244,6 +2295,7 @@ if test "$extra_version" != ""; then echo "version string suffix $extra_version" fi echo "big-endian ${bigendian-no}" +echo "runtime cpu detection ${runtime_cpudetect-no}" if enabled x86; then echo "yasm ${yasm-no}" echo "MMX enabled ${mmx-no}" @@ -2314,6 +2366,8 @@ echo "libfaad dlopened ${libfaadbin-no}" echo "libgsm enabled ${libgsm-no}" echo "libmp3lame enabled ${libmp3lame-no}" echo "libnut enabled ${libnut-no}" +echo "libopencore-amrnb support ${libopencore_amrnb-no}" +echo "libopencore-amrwb support ${libopencore_amrwb-no}" echo "libopenjpeg enabled ${libopenjpeg-no}" echo "libschroedinger enabled ${libschroedinger-no}" echo "libspeex enabled ${libspeex-no}" @@ -2335,11 +2389,15 @@ for type in decoder encoder parser demuxer muxer protocol filter bsf indev outde echo done -license="LGPL" +license="LGPL version 2.1 or later" if enabled nonfree; then - license="unredistributable" + license="nonfree and unredistributable" +elif enabled gplv3; then + license="GPL version 3 or later" +elif enabled lgplv3; then + license="LGPL version 3 or later" elif enabled gpl; then - license="GPL" + license="GPL version 2 or later" fi echo "License: $license" @@ -2484,8 +2542,6 @@ cmp -s $TMPH config.h && echo "config.h is unchanged" || mv -f $TMPH config.h -rm -f $TMPC $TMPE $TMPH $TMPO $TMPS $TMPSH - # build tree in object directory if source path is different from current one if enabled source_path_used; then DIRS="\ diff --git a/doc/APIchanges b/doc/APIchanges index 07e680a04d..db7e245a09 100644 --- a/doc/APIchanges +++ b/doc/APIchanges @@ -1,3 +1,11 @@ +20090601 - r19025 - lavc 52.30.0 - av_lockmgr_register() + av_lockmgr_register() can be used to register a callback function + that lavc (and in the future, libraries that depend on lavc) can use + to implement mutexes. The application should provide a callback function + the implements the AV_LOCK_* operations described in avcodec.h. + When the lock manager is registered FFmpeg is guaranteed to behave + correct also in a multi-threaded application. + 20090301 - r17682 - lavf 52.31.0 - Generic metadata API This version introduce a new metadata API (see av_metadata_get() and friends). The old API is now deprecated and shouldn't be used anymore. This especially diff --git a/doc/TODO b/doc/TODO index 6c0a824107..f03270ec13 100644 --- a/doc/TODO +++ b/doc/TODO @@ -81,7 +81,6 @@ unassigned TODO: (unordered) - add support for using mplayers video filters to ffmpeg - H264 encoder - per MB ratecontrol (so VCD and such do work better) -- replace/rewrite libavcodec/fdctref.c - write a script which iteratively changes all functions between always_inline and noinline and benchmarks the result to find the best set of inlined functions - convert all the non SIMD asm into small asm vs. C testcases and submit them to the gcc devels so they can improve gcc - generic audio mixing API diff --git a/doc/ffmpeg-doc.texi b/doc/ffmpeg-doc.texi index e3f2dc8727..536e0fa36e 100644 --- a/doc/ffmpeg-doc.texi +++ b/doc/ffmpeg-doc.texi @@ -141,8 +141,9 @@ to get the desired audio language. NOTE: To see the supported input formats, use @code{ffmpeg -formats}. -* You can extract images from a video: +* You can extract images from a video, or create a video from many images: +For extracting images from a video: @example ffmpeg -i foo.avi -r 1 -s WxH -f image2 foo-%03d.jpeg @end example @@ -151,15 +152,20 @@ This will extract one video frame per second from the video and will output them in files named @file{foo-001.jpeg}, @file{foo-002.jpeg}, etc. Images will be rescaled to fit the new WxH values. +If you want to extract just a limited number of frames, you can use the +above command in combination with the -vframes or -t option, or in +combination with -ss to start extracting from a certain point in time. + +For creating a video from many images: +@example +ffmpeg -f image2 -i foo-%03d.jpeg -r 12 -s WxH foo.avi +@end example + The syntax @code{foo-%03d.jpeg} specifies to use a decimal number composed of three digits padded with zeroes to express the sequence number. It is the same syntax supported by the C printf function, but only formats accepting a normal integer are suitable. -If you want to extract just a limited number of frames, you can use the -above command in combination with the -vframes or -t option, or in -combination with -ss to start extracting from a certain point in time. - * You can put many streams of the same type in the output: @example @@ -276,29 +282,16 @@ The offset is added to the timestamps of the input files. Specifying a positive offset means that the corresponding streams are delayed by 'offset' seconds. -@item -title @var{string} -Set the title. - @item -timestamp @var{time} Set the timestamp. -@item -author @var{string} -Set the author. +@item -metadata @var{key}=@var{value} +Set a metadata key/value pair. -@item -copyright @var{string} -Set the copyright. - -@item -comment @var{string} -Set the comment. - -@item -album @var{string} -Set the album. - -@item -track @var{number} -Set the track. - -@item -year @var{number} -Set the year. +For example, for setting the title in the output file: +@example +ffmpeg -i in.avi -metadata title="my title" out.flv +@end example @item -v @var{number} Set the logging verbosity level. @@ -687,6 +680,8 @@ Set the number of audio frames to record. Set the audio sampling frequency (default = 44100 Hz). @item -ab @var{bitrate} Set the audio bitrate in bit/s (default = 64k). +@item -aq @var{q} +Set the audio quality (codec-specific, VBR). @item -ac @var{channels} Set the number of audio channels (default = 1). @item -an @@ -728,6 +723,8 @@ Force subtitle codec ('copy' to copy stream). Add a new subtitle stream to the current output stream. @item -slang @var{code} Set the ISO 639 language code (3 letters) of the current subtitle stream. +@item -sn +Disable subtitle recording. @item -sbsf @var{bitstream_filter} Bitstream filters available are "mov2textsub", "text2movsub". @example diff --git a/doc/general.texi b/doc/general.texi index 97a62bbe49..fc7b06d3c2 100644 --- a/doc/general.texi +++ b/doc/general.texi @@ -18,7 +18,22 @@ explicitly requested by passing the appropriate flags to @file{./configure}. AMR comes in two different flavors, wideband and narrowband. FFmpeg can make use of the AMR wideband (floating-point mode) and the AMR narrowband -(floating-point mode) reference decoders and encoders. +(floating-point mode) reference decoders and encoders (libamr) as well as +the OpenCORE libraries for AMR-NB decoding/encoding and AMR-WB decoding. + +@subsection OpenCORE + +Go to @url{http://gitorious.org/opencore-amr/} and follow the instructions for +installing the libraries. Then pass @code{--enable-libopencore-amrnb} and/or +@code{--enable-libopencore-amrwb} to configure to enable the libraries. + +Note that OpenCORE is under the Apache License 2.0 (see +@url{http://www.apache.org/licenses/LICENSE-2.0} for details), which is +incompatible with the LGPL version 2.1 and GPL version 2. You have to +upgrade FFmpeg's license to LGPL version 3 (or if you have enabled +GPL components, GPL version 3) to use it. + +@subsection libamr Go to @url{http://www.penguin.cz/~utx/amr} and follow the instructions for installing the libraries. Then pass @code{--enable-libamr-nb} and/or @@ -511,9 +526,10 @@ following image formats are supported: @tab Used in Westwood Studios games like Command and Conquer. @item ADPCM Yamaha @tab X @tab X @item AMR-NB @tab E @tab E - @tab supported through external library libamrnb + @tab supported through external libraries libamrnb and libopencore-amrnb @item AMR-WB @tab E @tab E - @tab supported through external library libamrwb + @tab decoding supported through external libraries libamrwb and libopencore-amrwb, + encoding supported through external library libamrwb @item Apple lossless audio @tab X @tab X @tab QuickTime fourcc 'alac' @item Atrac 3 @tab @tab X diff --git a/ffmpeg.c b/ffmpeg.c index 8ec1f471a1..05699bc9bb 100644 --- a/ffmpeg.c +++ b/ffmpeg.c @@ -2102,10 +2102,7 @@ static int av_encode(AVFormatContext **output_files, /* read a frame from it and output it in the fifo */ is = input_files[file_index]; - ret= av_read_frame(is, &pkt); - if(ret == AVERROR(EAGAIN) && strcmp(is->iformat->name, "ffm")) - continue; - if (ret < 0) { + if (av_read_frame(is, &pkt) < 0) { file_table[file_index].eof_reached = 1; if (opt_shortest) break; diff --git a/ffpresets/libx264-baseline.ffpreset b/ffpresets/libx264-baseline.ffpreset index 47664189b2..a23b746ded 100644 --- a/ffpresets/libx264-baseline.ffpreset +++ b/ffpresets/libx264-baseline.ffpreset @@ -1,3 +1,4 @@ coder=0 bf=0 -flags2=-wpred-dct8x8 +flags2=-wpred-dct8x8+mbtree +wpredp=0 diff --git a/ffpresets/libx264-default.ffpreset b/ffpresets/libx264-default.ffpreset index ec20174c20..a10c633240 100644 --- a/ffpresets/libx264-default.ffpreset +++ b/ffpresets/libx264-default.ffpreset @@ -3,7 +3,7 @@ flags=+loop cmp=+chroma partitions=+parti8x8+parti4x4+partp8x8+partb8x8 me_method=hex -subq=6 +subq=7 me_range=16 g=250 keyint_min=25 @@ -14,5 +14,9 @@ qcomp=0.6 qmin=10 qmax=51 qdiff=4 +bf=3 +refs=3 directpred=1 -flags2=+fastpskip +trellis=1 +flags2=+mixed_refs+wpred+dct8x8+fastpskip+mbtree +wpredp=2 diff --git a/ffpresets/libx264-fastfirstpass.ffpreset b/ffpresets/libx264-fastfirstpass.ffpreset index aaad4615d0..7cf6faae41 100644 --- a/ffpresets/libx264-fastfirstpass.ffpreset +++ b/ffpresets/libx264-fastfirstpass.ffpreset @@ -3,7 +3,7 @@ flags=+loop cmp=+chroma partitions=-parti8x8-parti4x4-partp8x8-partp4x4-partb8x8 me_method=dia -subq=1 +subq=2 me_range=16 g=250 keyint_min=25 @@ -14,8 +14,9 @@ qcomp=0.6 qmin=10 qmax=51 qdiff=4 -bf=4 +bf=3 refs=1 directpred=3 trellis=0 -flags2=-bpyramid-wpred-mixed_refs-dct8x8+fastpskip +flags2=-bpyramid-wpred-mixed_refs-dct8x8+fastpskip+mbtree +wpredp=2 diff --git a/ffpresets/libx264-hq.ffpreset b/ffpresets/libx264-hq.ffpreset index cdf67eb067..eafc52e410 100644 --- a/ffpresets/libx264-hq.ffpreset +++ b/ffpresets/libx264-hq.ffpreset @@ -14,8 +14,9 @@ qcomp=0.6 qmin=10 qmax=51 qdiff=4 -bf=4 +bf=3 refs=4 directpred=3 trellis=1 -flags2=+bpyramid+wpred+mixed_refs+dct8x8+fastpskip +flags2=+wpred+mixed_refs+dct8x8+fastpskip+mbtree +wpredp=2 diff --git a/ffpresets/libx264-ipod320.ffpreset b/ffpresets/libx264-ipod320.ffpreset index 89441c7deb..b10205025e 100644 --- a/ffpresets/libx264-ipod320.ffpreset +++ b/ffpresets/libx264-ipod320.ffpreset @@ -1,6 +1,7 @@ coder=0 bf=0 -flags2=-wpred-dct8x8 +flags2=-wpred-dct8x8+mbtree level=13 maxrate=768000 bufsize=3000000 +wpredp=0 diff --git a/ffpresets/libx264-ipod640.ffpreset b/ffpresets/libx264-ipod640.ffpreset index fd58e2ad71..aa731dccc5 100644 --- a/ffpresets/libx264-ipod640.ffpreset +++ b/ffpresets/libx264-ipod640.ffpreset @@ -1,7 +1,8 @@ coder=0 bf=0 refs=1 -flags2=-wpred-dct8x8 +flags2=-wpred-dct8x8+mbtree level=30 maxrate=10000000 bufsize=10000000 +wpredp=0 diff --git a/ffpresets/libx264-lossless_fast.ffpreset b/ffpresets/libx264-lossless_fast.ffpreset index dcf418afda..9bbabf5f7c 100644 --- a/ffpresets/libx264-lossless_fast.ffpreset +++ b/ffpresets/libx264-lossless_fast.ffpreset @@ -15,5 +15,6 @@ qmin=10 qmax=51 qdiff=4 directpred=1 -flags2=+fastpskip +flags2=+fastpskip+mbtree cqp=0 +wpredp=0 diff --git a/ffpresets/libx264-lossless_max.ffpreset b/ffpresets/libx264-lossless_max.ffpreset index b8506c227f..d4ba018b75 100644 --- a/ffpresets/libx264-lossless_max.ffpreset +++ b/ffpresets/libx264-lossless_max.ffpreset @@ -16,5 +16,6 @@ qmax=51 qdiff=4 refs=16 directpred=1 -flags2=+mixed_refs+dct8x8+fastpskip +flags2=+mixed_refs+dct8x8+fastpskip+mbtree cqp=0 +wpredp=2 diff --git a/ffpresets/libx264-lossless_medium.ffpreset b/ffpresets/libx264-lossless_medium.ffpreset index 99fb6b9d07..c4133c2279 100644 --- a/ffpresets/libx264-lossless_medium.ffpreset +++ b/ffpresets/libx264-lossless_medium.ffpreset @@ -15,5 +15,6 @@ qmin=10 qmax=51 qdiff=4 directpred=1 -flags2=+fastpskip +flags2=+fastpskip+mbtree cqp=0 +wpredp=2 diff --git a/ffpresets/libx264-lossless_slow.ffpreset b/ffpresets/libx264-lossless_slow.ffpreset index 2ecb55b07e..1421b95603 100644 --- a/ffpresets/libx264-lossless_slow.ffpreset +++ b/ffpresets/libx264-lossless_slow.ffpreset @@ -16,5 +16,6 @@ qmax=51 qdiff=4 refs=2 directpred=1 -flags2=+dct8x8+fastpskip +flags2=+dct8x8+fastpskip+mbtree cqp=0 +wpredp=2 diff --git a/ffpresets/libx264-lossless_slower.ffpreset b/ffpresets/libx264-lossless_slower.ffpreset index dd499c7afd..942445921e 100644 --- a/ffpresets/libx264-lossless_slower.ffpreset +++ b/ffpresets/libx264-lossless_slower.ffpreset @@ -16,5 +16,6 @@ qmax=51 qdiff=4 refs=4 directpred=1 -flags2=+mixed_refs+dct8x8+fastpskip +flags2=+mixed_refs+dct8x8+fastpskip+mbtree cqp=0 +wpredp=2 diff --git a/ffpresets/libx264-lossless_ultrafast.ffpreset b/ffpresets/libx264-lossless_ultrafast.ffpreset index 1c429f21ff..3c44488e8d 100644 --- a/ffpresets/libx264-lossless_ultrafast.ffpreset +++ b/ffpresets/libx264-lossless_ultrafast.ffpreset @@ -15,5 +15,5 @@ qmin=10 qmax=51 qdiff=4 directpred=1 -flags2=+fastpskip +flags2=+fastpskip+mbtree cqp=0 diff --git a/ffpresets/libx264-main.ffpreset b/ffpresets/libx264-main.ffpreset index d1dc7ddae9..0868c53cff 100644 --- a/ffpresets/libx264-main.ffpreset +++ b/ffpresets/libx264-main.ffpreset @@ -1 +1 @@ -flags2=-dct8x8 +flags2=-dct8x8+mbtree diff --git a/ffpresets/libx264-max.ffpreset b/ffpresets/libx264-max.ffpreset index afdde53469..4289ab531e 100644 --- a/ffpresets/libx264-max.ffpreset +++ b/ffpresets/libx264-max.ffpreset @@ -3,8 +3,8 @@ flags=+loop cmp=+chroma partitions=+parti8x8+parti4x4+partp8x8+partp4x4+partb8x8 me_method=tesa -subq=9 -me_range=32 +subq=10 +me_range=24 g=250 keyint_min=25 sc_threshold=40 @@ -14,8 +14,9 @@ qcomp=0.6 qmin=10 qmax=51 qdiff=4 -bf=4 +bf=3 refs=16 directpred=3 trellis=2 -flags2=+bpyramid+wpred+mixed_refs+dct8x8-fastpskip +flags2=+wpred+mixed_refs+dct8x8-fastpskip+mbtree +wpredp=2 diff --git a/ffpresets/libx264-normal.ffpreset b/ffpresets/libx264-normal.ffpreset index 99ac2e319a..dd7991bab4 100644 --- a/ffpresets/libx264-normal.ffpreset +++ b/ffpresets/libx264-normal.ffpreset @@ -14,8 +14,9 @@ qcomp=0.6 qmin=10 qmax=51 qdiff=4 -bf=4 +bf=3 refs=2 directpred=3 trellis=0 -flags2=+bpyramid+wpred+dct8x8+fastpskip +flags2=+wpred+dct8x8+fastpskip+mbtree +wpredp=2 diff --git a/ffpresets/libx264-slowfirstpass.ffpreset b/ffpresets/libx264-slowfirstpass.ffpreset index 7358d446d2..ba49065c14 100644 --- a/ffpresets/libx264-slowfirstpass.ffpreset +++ b/ffpresets/libx264-slowfirstpass.ffpreset @@ -14,8 +14,9 @@ qcomp=0.6 qmin=10 qmax=51 qdiff=4 -bf=4 +bf=3 refs=1 directpred=3 trellis=0 -flags2=+bpyramid+wpred+dct8x8+fastpskip +flags2=+wpred+dct8x8+fastpskip+mbtree +wpredp=2 diff --git a/libavcodec/4xm.c b/libavcodec/4xm.c index 5c96baaf3f..e33001f306 100644 --- a/libavcodec/4xm.c +++ b/libavcodec/4xm.c @@ -133,7 +133,9 @@ typedef struct FourXContext{ GetBitContext pre_gb; ///< ac/dc prefix GetBitContext gb; const uint8_t *bytestream; + const uint8_t *bytestream_end; const uint16_t *wordstream; + const uint16_t *wordstream_end; int mv[256]; VLC pre_vlc; int last_dc; @@ -308,6 +310,8 @@ static void decode_p_block(FourXContext *f, uint16_t *dst, uint16_t *src, int lo assert(code>=0 && code<=6); if(code == 0){ + if (f->bytestream_end - f->bytestream < 1) + return; src += f->mv[ *f->bytestream++ ]; if(start > src || src > end){ av_log(f->avctx, AV_LOG_ERROR, "mv out of pic\n"); @@ -325,15 +329,23 @@ static void decode_p_block(FourXContext *f, uint16_t *dst, uint16_t *src, int lo }else if(code == 3 && f->version<2){ mcdc(dst, src, log2w, h, stride, 1, 0); }else if(code == 4){ + if (f->bytestream_end - f->bytestream < 1) + return; src += f->mv[ *f->bytestream++ ]; if(start > src || src > end){ av_log(f->avctx, AV_LOG_ERROR, "mv out of pic\n"); return; } + if (f->wordstream_end - f->wordstream < 1) + return; mcdc(dst, src, log2w, h, stride, 1, le2me_16(*f->wordstream++)); }else if(code == 5){ + if (f->wordstream_end - f->wordstream < 1) + return; mcdc(dst, src, log2w, h, stride, 0, le2me_16(*f->wordstream++)); }else if(code == 6){ + if (f->wordstream_end - f->wordstream < 2) + return; if(log2w){ dst[0] = le2me_16(*f->wordstream++); dst[1] = le2me_16(*f->wordstream++); @@ -355,6 +367,8 @@ static int decode_p_frame(FourXContext *f, const uint8_t *buf, int length){ if(f->version>1){ extra=20; + if (length < extra) + return -1; bitstream_size= AV_RL32(buf+8); wordstream_size= AV_RL32(buf+12); bytestream_size= AV_RL32(buf+16); @@ -365,11 +379,10 @@ static int decode_p_frame(FourXContext *f, const uint8_t *buf, int length){ bytestream_size= FFMAX(length - bitstream_size - wordstream_size, 0); } - if(bitstream_size+ bytestream_size+ wordstream_size + extra != length - || bitstream_size > (1<<26) - || bytestream_size > (1<<26) - || wordstream_size > (1<<26) - ){ + if (bitstream_size > length || + bytestream_size > length - bitstream_size || + wordstream_size > length - bytestream_size - bitstream_size || + extra > length - bytestream_size - bitstream_size - wordstream_size){ av_log(f->avctx, AV_LOG_ERROR, "lengths %d %d %d %d\n", bitstream_size, bytestream_size, wordstream_size, bitstream_size+ bytestream_size+ wordstream_size - length); return -1; @@ -380,7 +393,9 @@ static int decode_p_frame(FourXContext *f, const uint8_t *buf, int length){ init_get_bits(&f->gb, f->bitstream_buffer, 8*bitstream_size); f->wordstream= (const uint16_t*)(buf + extra + bitstream_size); + f->wordstream_end= f->wordstream + wordstream_size/2; f->bytestream= buf + extra + bitstream_size + wordstream_size; + f->bytestream_end = f->bytestream + bytestream_size; init_mv(f); @@ -509,7 +524,7 @@ static int decode_i_mb(FourXContext *f){ return 0; } -static const uint8_t *read_huffman_tables(FourXContext *f, const uint8_t * const buf){ +static const uint8_t *read_huffman_tables(FourXContext *f, const uint8_t * const buf, int buf_size){ int frequency[512]; uint8_t flag[512]; int up[512]; @@ -517,6 +532,7 @@ static const uint8_t *read_huffman_tables(FourXContext *f, const uint8_t * const int bits_tab[257]; int start, end; const uint8_t *ptr= buf; + const uint8_t *ptr_end = buf + buf_size; int j; memset(frequency, 0, sizeof(frequency)); @@ -527,6 +543,8 @@ static const uint8_t *read_huffman_tables(FourXContext *f, const uint8_t * const for(;;){ int i; + if (start <= end && ptr_end - ptr < end - start + 1 + 1) + return NULL; for(i=start; i<=end; i++){ frequency[i]= *ptr++; } @@ -599,10 +617,13 @@ static int decode_i2_frame(FourXContext *f, const uint8_t *buf, int length){ const int height= f->avctx->height; uint16_t *dst= (uint16_t*)f->current_picture.data[0]; const int stride= f->current_picture.linesize[0]>>1; + const uint8_t *buf_end = buf + length; for(y=0; ycurrent_picture.data[0]; const int stride= f->current_picture.linesize[0]>>1; const unsigned int bitstream_size= AV_RL32(buf); - const int token_count av_unused = AV_RL32(buf + bitstream_size + 8); - unsigned int prestream_size= 4*AV_RL32(buf + bitstream_size + 4); - const uint8_t *prestream= buf + bitstream_size + 12; + unsigned int prestream_size; + const uint8_t *prestream; - if(prestream_size + bitstream_size + 12 != length - || bitstream_size > (1<<26) - || prestream_size > (1<<26)){ + if (bitstream_size > (1<<26) || length < bitstream_size + 12) + return -1; + prestream_size = 4*AV_RL32(buf + bitstream_size + 4); + prestream = buf + bitstream_size + 12; + + if (prestream_size > (1<<26) || + prestream_size != length - (bitstream_size + 12)){ av_log(f->avctx, AV_LOG_ERROR, "size mismatch %d %d %d\n", prestream_size, bitstream_size, length); return -1; } - prestream= read_huffman_tables(f, prestream); + prestream= read_huffman_tables(f, prestream, buf + length - prestream); + if (!prestream) + return -1; init_get_bits(&f->gb, buf + 4, 8*bitstream_size); @@ -684,6 +710,8 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *p, temp; int i, frame_4cc, frame_size; + if (buf_size < 12) + return AVERROR_INVALIDDATA; frame_4cc= AV_RL32(buf); if(buf_size != AV_RL32(buf+4)+8 || buf_size < 20){ av_log(f->avctx, AV_LOG_ERROR, "size mismatch %d %d\n", buf_size, AV_RL32(buf+4)); @@ -696,6 +724,9 @@ static int decode_frame(AVCodecContext *avctx, const int whole_size= AV_RL32(buf+16); CFrameBuffer *cfrm; + if (data_size < 0 || whole_size < 0) + return AVERROR_INVALIDDATA; + for(i=0; icfrm[i].id && f->cfrm[i].id < avctx->frame_number) av_log(f->avctx, AV_LOG_ERROR, "lost c frame %d\n", f->cfrm[i].id); @@ -712,6 +743,8 @@ static int decode_frame(AVCodecContext *avctx, } cfrm= &f->cfrm[i]; + if (data_size > UINT_MAX - cfrm->size - FF_INPUT_BUFFER_PADDING_SIZE) + return AVERROR_INVALIDDATA; cfrm->data= av_fast_realloc(cfrm->data, &cfrm->allocated_size, cfrm->size + data_size + FF_INPUT_BUFFER_PADDING_SIZE); if(!cfrm->data){ //explicit check needed as memcpy below might not catch a NULL av_log(f->avctx, AV_LOG_ERROR, "realloc falure"); diff --git a/libavcodec/Makefile b/libavcodec/Makefile index afa5fac152..cf742d17f4 100644 --- a/libavcodec/Makefile +++ b/libavcodec/Makefile @@ -366,6 +366,8 @@ OBJS-$(CONFIG_LIBFAAC) += libfaac.o OBJS-$(CONFIG_LIBFAAD) += libfaad.o OBJS-$(CONFIG_LIBGSM) += libgsm.o OBJS-$(CONFIG_LIBMP3LAME) += libmp3lame.o +OBJS-$(CONFIG_LIBOPENCORE_AMRNB) += libopencore-amr.o +OBJS-$(CONFIG_LIBOPENCORE_AMRWB) += libopencore-amr.o OBJS-$(CONFIG_LIBOPENJPEG) += libopenjpeg.o OBJS-$(CONFIG_LIBSCHROEDINGER_DECODER) += libschroedingerdec.o libschroedinger.o libdirac_libschro.o OBJS-$(CONFIG_LIBSCHROEDINGER_ENCODER) += libschroedingerenc.o libschroedinger.o libdirac_libschro.o @@ -533,5 +535,4 @@ DIRS = alpha arm bfin mlib ppc ps2 sh4 sparc x86 include $(SUBDIR)../subdir.mak -$(SUBDIR)dct-test$(EXESUF): $(SUBDIR)fdctref.o $(SUBDIR)aandcttab.o -$(SUBDIR)fft-test$(EXESUF): $(SUBDIR)fdctref.o +$(SUBDIR)dct-test$(EXESUF): $(SUBDIR)dctref.o $(SUBDIR)aandcttab.o diff --git a/libavcodec/aac.c b/libavcodec/aac.c index 80195c0641..b6759dd763 100644 --- a/libavcodec/aac.c +++ b/libavcodec/aac.c @@ -97,6 +97,56 @@ static VLC vlc_scalefactors; static VLC vlc_spectral[11]; +static ChannelElement* get_che(AACContext *ac, int type, int elem_id) { + static const int8_t tags_per_config[16] = { 0, 1, 1, 2, 3, 3, 4, 5, 0, 0, 0, 0, 0, 0, 0, 0 }; + if (ac->tag_che_map[type][elem_id]) { + return ac->tag_che_map[type][elem_id]; + } + if (ac->tags_mapped >= tags_per_config[ac->m4ac.chan_config]) { + return NULL; + } + switch (ac->m4ac.chan_config) { + case 7: + if (ac->tags_mapped == 3 && type == TYPE_CPE) { + ac->tags_mapped++; + return ac->tag_che_map[TYPE_CPE][elem_id] = ac->che[TYPE_CPE][2]; + } + case 6: + /* Some streams incorrectly code 5.1 audio as SCE[0] CPE[0] CPE[1] SCE[1] + instead of SCE[0] CPE[0] CPE[0] LFE[0]. If we seem to have + encountered such a stream, transfer the LFE[0] element to SCE[1] */ + if (ac->tags_mapped == tags_per_config[ac->m4ac.chan_config] - 1 && (type == TYPE_LFE || type == TYPE_SCE)) { + ac->tags_mapped++; + return ac->tag_che_map[type][elem_id] = ac->che[TYPE_LFE][0]; + } + case 5: + if (ac->tags_mapped == 2 && type == TYPE_CPE) { + ac->tags_mapped++; + return ac->tag_che_map[TYPE_CPE][elem_id] = ac->che[TYPE_CPE][1]; + } + case 4: + if (ac->tags_mapped == 2 && ac->m4ac.chan_config == 4 && type == TYPE_SCE) { + ac->tags_mapped++; + return ac->tag_che_map[TYPE_SCE][elem_id] = ac->che[TYPE_SCE][1]; + } + case 3: + case 2: + if (ac->tags_mapped == (ac->m4ac.chan_config != 2) && type == TYPE_CPE) { + ac->tags_mapped++; + return ac->tag_che_map[TYPE_CPE][elem_id] = ac->che[TYPE_CPE][0]; + } else if (ac->m4ac.chan_config == 2) { + return NULL; + } + case 1: + if (!ac->tags_mapped && type == TYPE_SCE) { + ac->tags_mapped++; + return ac->tag_che_map[TYPE_SCE][elem_id] = ac->che[TYPE_SCE][0]; + } + default: + return NULL; + } +} + /** * Configure output channel order based on the current program configuration element. * @@ -106,7 +156,7 @@ static VLC vlc_spectral[11]; * @return Returns error status. 0 - OK, !0 - error */ static int output_configure(AACContext *ac, enum ChannelPosition che_pos[4][MAX_ELEM_ID], - enum ChannelPosition new_che_pos[4][MAX_ELEM_ID]) { + enum ChannelPosition new_che_pos[4][MAX_ELEM_ID], int channel_config) { AVCodecContext *avctx = ac->avccontext; int i, type, channels = 0; @@ -140,7 +190,16 @@ static int output_configure(AACContext *ac, enum ChannelPosition che_pos[4][MAX_ } } + if (channel_config) { + memset(ac->tag_che_map, 0, 4 * MAX_ELEM_ID * sizeof(ac->che[0][0])); + ac->tags_mapped = 0; + } else { + memcpy(ac->tag_che_map, ac->che, 4 * MAX_ELEM_ID * sizeof(ac->che[0][0])); + ac->tags_mapped = 4*MAX_ELEM_ID; + } + avctx->channels = channels; + return 0; } @@ -286,7 +345,7 @@ static int decode_ga_specific_config(AACContext * ac, GetBitContext * gb, int ch if((ret = set_default_channel_config(ac, new_che_pos, channel_config))) return ret; } - if((ret = output_configure(ac, ac->che_pos, new_che_pos))) + if((ret = output_configure(ac, ac->che_pos, new_che_pos, channel_config))) return ret; if (extension_flag) { @@ -394,7 +453,7 @@ static av_cold int aac_decode_init(AVCodecContext * avccontext) { memset(new_che_pos, 0, 4 * MAX_ELEM_ID * sizeof(new_che_pos[0][0])); if(set_default_channel_config(ac, new_che_pos, avccontext->channels - (avccontext->channels == 8))) return -1; - if(output_configure(ac, ac->che_pos, new_che_pos)) + if(output_configure(ac, ac->che_pos, new_che_pos, 1)) return -1; ac->m4ac.sample_rate = avccontext->sample_rate; } else { @@ -1538,19 +1597,20 @@ static int parse_adts_frame_header(AACContext * ac, GetBitContext * gb) { ac->m4ac.sample_rate = hdr_info.sample_rate; ac->m4ac.sampling_index = hdr_info.sampling_index; ac->m4ac.object_type = hdr_info.object_type; - } - if (hdr_info.num_aac_frames == 1) { - if (!hdr_info.crc_absent) - skip_bits(gb, 16); - } else { - ff_log_missing_feature(ac->avccontext, "More than one AAC RDB per ADTS frame is", 0); - return -1; + if (hdr_info.num_aac_frames == 1) { + if (!hdr_info.crc_absent) + skip_bits(gb, 16); + } else { + ff_log_missing_feature(ac->avccontext, "More than one AAC RDB per ADTS frame is", 0); + return -1; + } } return size; } static int aac_decode_frame(AVCodecContext * avccontext, void * data, int * data_size, const uint8_t * buf, int buf_size) { AACContext * ac = avccontext->priv_data; + ChannelElement * che = NULL; GetBitContext gb; enum RawDataBlockType elem_type; int err, elem_id, data_size_tmp; @@ -1573,15 +1633,7 @@ static int aac_decode_frame(AVCodecContext * avccontext, void * data, int * data elem_id = get_bits(&gb, 4); err = -1; - if(elem_type == TYPE_SCE && elem_id == 1 && - !ac->che[TYPE_SCE][elem_id] && ac->che[TYPE_LFE][0]) { - /* Some streams incorrectly code 5.1 audio as SCE[0] CPE[0] CPE[1] SCE[1] - instead of SCE[0] CPE[0] CPE[0] LFE[0]. If we seem to have - encountered such a stream, transfer the LFE[0] element to SCE[1] */ - ac->che[TYPE_SCE][elem_id] = ac->che[TYPE_LFE][0]; - ac->che[TYPE_LFE][0] = NULL; - } - if(elem_type < TYPE_DSE && !ac->che[elem_type][elem_id]) { + if(elem_type < TYPE_DSE && !(che=get_che(ac, elem_type, elem_id))) { av_log(ac->avccontext, AV_LOG_ERROR, "channel element %d.%d is not allocated\n", elem_type, elem_id); return -1; } @@ -1589,19 +1641,19 @@ static int aac_decode_frame(AVCodecContext * avccontext, void * data, int * data switch (elem_type) { case TYPE_SCE: - err = decode_ics(ac, &ac->che[TYPE_SCE][elem_id]->ch[0], &gb, 0, 0); + err = decode_ics(ac, &che->ch[0], &gb, 0, 0); break; case TYPE_CPE: - err = decode_cpe(ac, &gb, ac->che[TYPE_CPE][elem_id]); + err = decode_cpe(ac, &gb, che); break; case TYPE_CCE: - err = decode_cce(ac, &gb, ac->che[TYPE_CCE][elem_id]); + err = decode_cce(ac, &gb, che); break; case TYPE_LFE: - err = decode_ics(ac, &ac->che[TYPE_LFE][elem_id]->ch[0], &gb, 0, 0); + err = decode_ics(ac, &che->ch[0], &gb, 0, 0); break; case TYPE_DSE: @@ -1615,7 +1667,7 @@ static int aac_decode_frame(AVCodecContext * avccontext, void * data, int * data memset(new_che_pos, 0, 4 * MAX_ELEM_ID * sizeof(new_che_pos[0][0])); if((err = decode_pce(ac, new_che_pos, &gb))) break; - err = output_configure(ac, ac->che_pos, new_che_pos); + err = output_configure(ac, ac->che_pos, new_che_pos, 0); break; } diff --git a/libavcodec/aac.h b/libavcodec/aac.h index 66b2e22d0e..32e7224c47 100644 --- a/libavcodec/aac.h +++ b/libavcodec/aac.h @@ -260,6 +260,8 @@ typedef struct { * first index as the first 4 raw data block types */ ChannelElement * che[4][MAX_ELEM_ID]; + ChannelElement * tag_che_map[4][MAX_ELEM_ID]; + int tags_mapped; /** @} */ /** diff --git a/libavcodec/ac3dec.c b/libavcodec/ac3dec.c index 766b262e49..7a2042c059 100644 --- a/libavcodec/ac3dec.c +++ b/libavcodec/ac3dec.c @@ -7,24 +7,19 @@ * Copyright (c) 2007-2008 Bartlomiej Wolowiec * Copyright (c) 2007 Justin Ruggles * - * Portions of this code are derived from liba52 - * http://liba52.sourceforge.net - * Copyright (C) 2000-2003 Michel Lespinasse - * Copyright (C) 1999-2000 Aaron Holtzman - * * This file is part of FFmpeg. * * FFmpeg is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public + * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * FFmpeg is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. + * Lesser General Public License for more details. * - * You should have received a copy of the GNU General Public + * You should have received a copy of the GNU Lesser General Public * License along with FFmpeg; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ @@ -438,12 +433,12 @@ static void calc_transform_coeffs_cpl(AC3DecodeContext *s) * Grouped mantissas for 3-level 5-level and 11-level quantization */ typedef struct { - int b1_mant[3]; - int b2_mant[3]; - int b4_mant[2]; - int b1ptr; - int b2ptr; - int b4ptr; + int b1_mant[2]; + int b2_mant[2]; + int b4_mant; + int b1; + int b2; + int b4; } mant_groups; /** @@ -452,73 +447,72 @@ typedef struct { */ static void ac3_decode_transform_coeffs_ch(AC3DecodeContext *s, int ch_index, mant_groups *m) { + int start_freq = s->start_freq[ch_index]; + int end_freq = s->end_freq[ch_index]; + uint8_t *baps = s->bap[ch_index]; + int8_t *exps = s->dexps[ch_index]; + int *coeffs = s->fixed_coeffs[ch_index]; GetBitContext *gbc = &s->gbc; - int i, gcode, tbap, start, end; - uint8_t *exps; - uint8_t *bap; - int *coeffs; + int freq; - exps = s->dexps[ch_index]; - bap = s->bap[ch_index]; - coeffs = s->fixed_coeffs[ch_index]; - start = s->start_freq[ch_index]; - end = s->end_freq[ch_index]; - - for (i = start; i < end; i++) { - tbap = bap[i]; - switch (tbap) { + for(freq = start_freq; freq < end_freq; freq++){ + int bap = baps[freq]; + int mantissa; + switch(bap){ case 0: - coeffs[i] = (av_lfg_get(&s->dith_state) & 0x7FFFFF) - 0x400000; + mantissa = (av_lfg_get(&s->dith_state) & 0x7FFFFF) - 0x400000; break; - case 1: - if(m->b1ptr > 2) { - gcode = get_bits(gbc, 5); - m->b1_mant[0] = b1_mantissas[gcode][0]; - m->b1_mant[1] = b1_mantissas[gcode][1]; - m->b1_mant[2] = b1_mantissas[gcode][2]; - m->b1ptr = 0; + if(m->b1){ + m->b1--; + mantissa = m->b1_mant[m->b1]; + } + else{ + int bits = get_bits(gbc, 5); + mantissa = b1_mantissas[bits][0]; + m->b1_mant[1] = b1_mantissas[bits][1]; + m->b1_mant[0] = b1_mantissas[bits][2]; + m->b1 = 2; } - coeffs[i] = m->b1_mant[m->b1ptr++]; break; - case 2: - if(m->b2ptr > 2) { - gcode = get_bits(gbc, 7); - m->b2_mant[0] = b2_mantissas[gcode][0]; - m->b2_mant[1] = b2_mantissas[gcode][1]; - m->b2_mant[2] = b2_mantissas[gcode][2]; - m->b2ptr = 0; + if(m->b2){ + m->b2--; + mantissa = m->b2_mant[m->b2]; + } + else{ + int bits = get_bits(gbc, 7); + mantissa = b2_mantissas[bits][0]; + m->b2_mant[1] = b2_mantissas[bits][1]; + m->b2_mant[0] = b2_mantissas[bits][2]; + m->b2 = 2; } - coeffs[i] = m->b2_mant[m->b2ptr++]; break; - case 3: - coeffs[i] = b3_mantissas[get_bits(gbc, 3)]; + mantissa = b3_mantissas[get_bits(gbc, 3)]; break; - case 4: - if(m->b4ptr > 1) { - gcode = get_bits(gbc, 7); - m->b4_mant[0] = b4_mantissas[gcode][0]; - m->b4_mant[1] = b4_mantissas[gcode][1]; - m->b4ptr = 0; + if(m->b4){ + m->b4 = 0; + mantissa = m->b4_mant; + } + else{ + int bits = get_bits(gbc, 7); + mantissa = b4_mantissas[bits][0]; + m->b4_mant = b4_mantissas[bits][1]; + m->b4 = 1; } - coeffs[i] = m->b4_mant[m->b4ptr++]; break; - case 5: - coeffs[i] = b5_mantissas[get_bits(gbc, 4)]; + mantissa = b5_mantissas[get_bits(gbc, 4)]; break; - - default: { - /* asymmetric dequantization */ - int qlevel = quantization_tab[tbap]; - coeffs[i] = get_sbits(gbc, qlevel) << (24 - qlevel); + default: /* 6 to 15 */ + mantissa = get_bits(gbc, quantization_tab[bap]); + /* Shift mantissa and sign-extend it. */ + mantissa = (mantissa << (32-quantization_tab[bap]))>>8; break; - } } - coeffs[i] >>= exps[i]; + coeffs[freq] = mantissa >> exps[freq]; } } @@ -581,7 +575,7 @@ static void decode_transform_coeffs(AC3DecodeContext *s, int blk) int got_cplchan = 0; mant_groups m; - m.b1ptr = m.b2ptr = m.b4ptr = 3; + m.b1 = m.b2 = m.b4 = 0; for (ch = 1; ch <= s->channels; ch++) { /* transform coefficients for full-bandwidth channel */ diff --git a/libavcodec/adpcm.c b/libavcodec/adpcm.c index 994c0c6865..8eff05ecb0 100644 --- a/libavcodec/adpcm.c +++ b/libavcodec/adpcm.c @@ -667,17 +667,23 @@ static int adpcm_encode_frame(AVCodecContext *avctx, static av_cold int adpcm_decode_init(AVCodecContext * avctx) { ADPCMContext *c = avctx->priv_data; + unsigned int min_channels = 1; unsigned int max_channels = 2; switch(avctx->codec->id) { + case CODEC_ID_ADPCM_EA: + min_channels = 2; + break; case CODEC_ID_ADPCM_EA_R1: case CODEC_ID_ADPCM_EA_R2: case CODEC_ID_ADPCM_EA_R3: max_channels = 6; break; } - if(avctx->channels > max_channels){ - return -1; + + if (avctx->channels < min_channels || avctx->channels > max_channels) { + av_log(avctx, AV_LOG_ERROR, "Invalid number of channels\n"); + return AVERROR(EINVAL); } switch(avctx->codec->id) { diff --git a/libavcodec/allcodecs.c b/libavcodec/allcodecs.c index 0cb0e6d239..4a6cbc05ed 100644 --- a/libavcodec/allcodecs.c +++ b/libavcodec/allcodecs.c @@ -294,6 +294,8 @@ void avcodec_register_all(void) REGISTER_ENCDEC (LIBGSM, libgsm); REGISTER_ENCDEC (LIBGSM_MS, libgsm_ms); REGISTER_ENCODER (LIBMP3LAME, libmp3lame); + REGISTER_ENCDEC (LIBOPENCORE_AMRNB, libopencore_amrnb); + REGISTER_DECODER (LIBOPENCORE_AMRWB, libopencore_amrwb); REGISTER_DECODER (LIBOPENJPEG, libopenjpeg); REGISTER_ENCDEC (LIBSCHROEDINGER, libschroedinger); REGISTER_DECODER (LIBSPEEX, libspeex); diff --git a/libavcodec/atrac3.c b/libavcodec/atrac3.c index 81d25ec204..22dfdfc426 100644 --- a/libavcodec/atrac3.c +++ b/libavcodec/atrac3.c @@ -454,6 +454,8 @@ static int decodeTonalComponents (GetBitContext *gb, tonal_component *pComponent for (k=0; k=64) + return AVERROR_INVALIDDATA; pComponent[component_count].pos = j * 64 + (get_bits(gb,6)); max_coded_values = 1024 - pComponent[component_count].pos; coded_values = coded_values_per_component + 1; diff --git a/libavcodec/avcodec.h b/libavcodec/avcodec.h index b078bc98c2..19ac4ec59e 100644 --- a/libavcodec/avcodec.h +++ b/libavcodec/avcodec.h @@ -31,7 +31,7 @@ #define LIBAVCODEC_VERSION_MAJOR 52 #define LIBAVCODEC_VERSION_MINOR 20 -#define LIBAVCODEC_VERSION_MICRO 0 +#define LIBAVCODEC_VERSION_MICRO 1 #define LIBAVCODEC_VERSION_INT AV_VERSION_INT(LIBAVCODEC_VERSION_MAJOR, \ LIBAVCODEC_VERSION_MINOR, \ @@ -501,6 +501,7 @@ typedef struct RcOverride{ #define CODEC_FLAG2_CHUNKS 0x00008000 ///< Input bitstream might be truncated at a packet boundaries instead of only at frame boundaries. #define CODEC_FLAG2_NON_LINEAR_QUANT 0x00010000 ///< Use MPEG-2 nonlinear quantizer. #define CODEC_FLAG2_BIT_RESERVOIR 0x00020000 ///< Use a bit reservoir when encoding if possible +#define CODEC_FLAG2_MBTREE 0x00040000 ///< Use macroblock tree ratecontrol (x264 only) /* Unsupported options : * Syntax Arithmetic coding (SAC) @@ -2332,6 +2333,16 @@ typedef struct AVCodecContext { * Set to time_base ticks per frame. Default 1, e.g., H.264/MPEG-2 set it to 2. */ int ticks_per_frame; + + /** + * explicit P-frame weighted prediction analysis method + * 0: off + * 1: fast blind weighting (one reference duplicate with -1 offset) + * 2: smart weighting (full fade detection analysis) + * - encoding: Set by user. + * - decoding: unused + */ + int weighted_p_pred; } AVCodecContext; /** @@ -3344,4 +3355,30 @@ void av_register_hwaccel(AVHWAccel *hwaccel); */ AVHWAccel *av_hwaccel_next(AVHWAccel *hwaccel); + +/** + * Lock operation used by lockmgr + */ +enum AVLockOp { + AV_LOCK_CREATE, ///< Create a mutex + AV_LOCK_OBTAIN, ///< Lock the mutex + AV_LOCK_RELEASE, ///< Unlock the mutex + AV_LOCK_DESTROY, ///< Free mutex resources +}; + +/** + * Register a user provided lock manager supporting the operations + * specified by AVLockOp. \p mutex points to a (void *) where the + * lockmgr should store/get a pointer to a user allocated mutex. It's + * NULL upon AV_LOCK_CREATE and != NULL for all other ops. + * + * @param cb User defined callback. Note: FFmpeg may invoke calls to this + * callback during the call to av_lockmgr_register(). + * Thus, the application must be prepared to handle that. + * If cb is set to NULL the lockmgr will be unregistered. + * Also note that during unregistration the previously registered + * lockmgr callback may also be invoked. + */ +int av_lockmgr_register(int (*cb)(void **mutex, enum AVLockOp op)); + #endif /* AVCODEC_AVCODEC_H */ diff --git a/libavcodec/avs.c b/libavcodec/avs.c index 3b29c853b4..e8a55fdddd 100644 --- a/libavcodec/avs.c +++ b/libavcodec/avs.c @@ -145,6 +145,7 @@ avs_decode_frame(AVCodecContext * avctx, static av_cold int avs_decode_init(AVCodecContext * avctx) { avctx->pix_fmt = PIX_FMT_PAL8; + avcodec_set_dimensions(avctx, 318, 198); return 0; } diff --git a/libavcodec/bitstream.h b/libavcodec/bitstream.h index e1ec934b28..8941da24cb 100644 --- a/libavcodec/bitstream.h +++ b/libavcodec/bitstream.h @@ -946,4 +946,9 @@ static inline int decode210(GetBitContext *gb){ return 2 - get_bits1(gb); } +static inline int get_bits_left(GetBitContext *gb) +{ + return gb->size_in_bits - get_bits_count(gb); +} + #endif /* AVCODEC_BITSTREAM_H */ diff --git a/libavcodec/bmp.c b/libavcodec/bmp.c index 14c070da8f..30bae8c7d0 100644 --- a/libavcodec/bmp.c +++ b/libavcodec/bmp.c @@ -217,9 +217,6 @@ static int bmp_decode_frame(AVCodecContext *avctx, if(comp == BMP_RLE4 || comp == BMP_RLE8) memset(p->data[0], 0, avctx->height * p->linesize[0]); - if(depth == 4 || depth == 8) - memset(p->data[1], 0, 1024); - if(height > 0){ ptr = p->data[0] + (avctx->height - 1) * p->linesize[0]; linesize = -p->linesize[0]; @@ -229,6 +226,9 @@ static int bmp_decode_frame(AVCodecContext *avctx, } if(avctx->pix_fmt == PIX_FMT_PAL8){ + + memset(p->data[1], 0, 1024); + buf = buf0 + 14 + ihsize; //palette location if((hsize-ihsize-14)>>depth < 4){ // OS/2 bitmap, 3 bytes per palette entry for(i = 0; i < (1 << depth); i++) diff --git a/libavcodec/bytestream.h b/libavcodec/bytestream.h index b56f6ce743..7ca36f8ad3 100644 --- a/libavcodec/bytestream.h +++ b/libavcodec/bytestream.h @@ -26,6 +26,10 @@ #include "libavutil/common.h" #include "libavutil/intreadwrite.h" +typedef struct { + const uint8_t *buffer, *buffer_end; +} GetByteContext; + #define DEF_T(type, name, bytes, read, write) \ static av_always_inline type bytestream_get_ ## name(const uint8_t **b){\ (*b) += bytes;\ @@ -34,6 +38,18 @@ static av_always_inline type bytestream_get_ ## name(const uint8_t **b){\ static av_always_inline void bytestream_put_ ##name(uint8_t **b, const type value){\ write(*b, value);\ (*b) += bytes;\ +}\ +static av_always_inline type bytestream2_get_ ## name(GetByteContext *g)\ +{\ + if (g->buffer_end - g->buffer < bytes)\ + return 0;\ + return bytestream_get_ ## name(&g->buffer);\ +}\ +static av_always_inline type bytestream2_peek_ ## name(GetByteContext *g)\ +{\ + if (g->buffer_end - g->buffer < bytes)\ + return 0;\ + return read(g->buffer);\ } #define DEF(name, bytes, read, write) \ @@ -55,6 +71,34 @@ DEF (byte, 1, AV_RB8 , AV_WB8 ) #undef DEF64 #undef DEF_T +static av_always_inline void bytestream2_init(GetByteContext *g, + const uint8_t *buf, int buf_size) +{ + g->buffer = buf; + g->buffer_end = buf + buf_size; +} + +static av_always_inline unsigned int bytestream2_get_bytes_left(GetByteContext *g) +{ + return g->buffer_end - g->buffer; +} + +static av_always_inline void bytestream2_skip(GetByteContext *g, + unsigned int size) +{ + g->buffer += FFMIN(g->buffer_end - g->buffer, size); +} + +static av_always_inline unsigned int bytestream2_get_buffer(GetByteContext *g, + uint8_t *dst, + unsigned int size) +{ + int size2 = FFMIN(g->buffer_end - g->buffer, size); + memcpy(dst, g->buffer, size2); + g->buffer += size2; + return size2; +} + static av_always_inline unsigned int bytestream_get_buffer(const uint8_t **b, uint8_t *dst, unsigned int size) { memcpy(dst, *b, size); diff --git a/libavcodec/cavsdec.c b/libavcodec/cavsdec.c index a1895bcb88..fae8879476 100644 --- a/libavcodec/cavsdec.c +++ b/libavcodec/cavsdec.c @@ -130,12 +130,14 @@ static int decode_residual_block(AVSContext *h, GetBitContext *gb, r++; mask = -(level_code & 1); level = (level^mask) - mask; - } else { + } else if (level_code >= 0) { level = r->rltab[level_code][0]; if(!level) //end of block signal break; run = r->rltab[level_code][1]; r += r->rltab[level_code][2]; + } else { + break; } level_buf[i] = level; run_buf[i] = run; @@ -163,7 +165,7 @@ static inline int decode_residual_inter(AVSContext *h) { /* get coded block pattern */ int cbp= get_ue_golomb(&h->s.gb); - if(cbp > 63){ + if(cbp > 63U){ av_log(h->s.avctx, AV_LOG_ERROR, "illegal inter cbp\n"); return -1; } @@ -189,7 +191,8 @@ static inline int decode_residual_inter(AVSContext *h) { static int decode_mb_i(AVSContext *h, int cbp_code) { GetBitContext *gb = &h->s.gb; - int block, pred_mode_uv; + unsigned pred_mode_uv; + int block; uint8_t top[18]; uint8_t *left = NULL; uint8_t *d; @@ -222,7 +225,7 @@ static int decode_mb_i(AVSContext *h, int cbp_code) { /* get coded block pattern */ if(h->pic_type == FF_I_TYPE) cbp_code = get_ue_golomb(gb); - if(cbp_code > 63){ + if(cbp_code > 63U){ av_log(h->s.avctx, AV_LOG_ERROR, "illegal intra cbp\n"); return -1; } @@ -445,6 +448,8 @@ static inline int check_for_slice(AVSContext *h) { if((show_bits_long(gb,24+align) & 0xFFFFFF) == 0x000001) { skip_bits_long(gb,24+align); h->stc = get_bits(gb,8); + if (h->stc >= h->mb_height) + return 0; decode_slice_header(h,gb); return 1; } @@ -594,12 +599,21 @@ static int decode_pic(AVSContext *h) { static int decode_seq_header(AVSContext *h) { MpegEncContext *s = &h->s; int frame_rate_code; + int width, height; h->profile = get_bits(&s->gb,8); h->level = get_bits(&s->gb,8); skip_bits1(&s->gb); //progressive sequence - s->width = get_bits(&s->gb,14); - s->height = get_bits(&s->gb,14); + + width = get_bits(&s->gb, 14); + height = get_bits(&s->gb, 14); + if ((s->width || s->height) && (s->width != width || s->height != height)) { + av_log(s, AV_LOG_ERROR, "Width/height changing in CAVS is unsupported"); + return AVERROR_PATCHWELCOME; + } + s->width = width; + s->height = height; + skip_bits(&s->gb,2); //chroma format skip_bits(&s->gb,3); //sample_precision h->aspect_ratio = get_bits(&s->gb,4); @@ -648,7 +662,7 @@ static int cavs_decode_frame(AVCodecContext * avctx,void *data, int *data_size, buf_end = buf + buf_size; for(;;) { buf_ptr = ff_find_start_code(buf_ptr,buf_end, &stc); - if(stc & 0xFFFFFE00) + if((stc & 0xFFFFFE00) || buf_ptr == buf_end) return FFMAX(0, buf_ptr - buf - s->parse_context.last_index); input_size = (buf_end - buf_ptr)*8; switch(stc) { diff --git a/libavcodec/cinepak.c b/libavcodec/cinepak.c index d0f5adb7fc..f6d457dd97 100644 --- a/libavcodec/cinepak.c +++ b/libavcodec/cinepak.c @@ -336,7 +336,8 @@ static int cinepak_decode (CinepakContext *s) * If the frame header is followed by the bytes FE 00 00 06 00 00 then * this is probably one of the two known files that have 6 extra bytes * after the frame header. Else, assume 2 extra bytes. */ - if ((s->data[10] == 0xFE) && + if (s->size >= 16 && + (s->data[10] == 0xFE) && (s->data[11] == 0x00) && (s->data[12] == 0x00) && (s->data[13] == 0x06) && @@ -365,6 +366,8 @@ static int cinepak_decode (CinepakContext *s) s->strips[i].x2 = s->avctx->width; strip_size = AV_RB24 (&s->data[1]) - 12; + if(strip_size < 0) + return -1; s->data += 12; strip_size = ((s->data + strip_size) > eod) ? (eod - s->data) : strip_size; diff --git a/libavcodec/cljr.c b/libavcodec/cljr.c index 9f7ab61efd..39ac7d6d26 100644 --- a/libavcodec/cljr.c +++ b/libavcodec/cljr.c @@ -60,7 +60,7 @@ static int decode_frame(AVCodecContext *avctx, p->pict_type= FF_I_TYPE; p->key_frame= 1; - init_get_bits(&a->gb, buf, buf_size); + init_get_bits(&a->gb, buf, buf_size * 8); for(y=0; yheight; y++){ uint8_t *luma= &a->picture.data[0][ y*a->picture.linesize[0] ]; diff --git a/libavcodec/dct-test.c b/libavcodec/dct-test.c index fef142fe94..48e7c5a091 100644 --- a/libavcodec/dct-test.c +++ b/libavcodec/dct-test.c @@ -46,9 +46,9 @@ void *fast_memcpy(void *a, const void *b, size_t c){return memcpy(a,b,c);}; /* reference fdct/idct */ -void fdct(DCTELEM *block); -void idct(DCTELEM *block); -void init_fdct(void); +void ff_ref_fdct(DCTELEM *block); +void ff_ref_idct(DCTELEM *block); +void ff_ref_dct_init(void); void ff_mmx_idct(DCTELEM *data); void ff_mmxext_idct(DCTELEM *data); @@ -90,57 +90,57 @@ struct algo { static int cpu_flags; struct algo algos[] = { - {"REF-DBL", 0, fdct, fdct, NO_PERM}, - {"FAAN", 0, ff_faandct, fdct, FAAN_SCALE}, - {"FAANI", 1, ff_faanidct, idct, NO_PERM}, - {"IJG-AAN-INT", 0, fdct_ifast, fdct, SCALE_PERM}, - {"IJG-LLM-INT", 0, ff_jpeg_fdct_islow, fdct, NO_PERM}, - {"REF-DBL", 1, idct, idct, NO_PERM}, - {"INT", 1, j_rev_dct, idct, MMX_PERM}, - {"SIMPLE-C", 1, ff_simple_idct, idct, NO_PERM}, + {"REF-DBL", 0, ff_ref_fdct, ff_ref_fdct, NO_PERM}, + {"FAAN", 0, ff_faandct, ff_ref_fdct, FAAN_SCALE}, + {"FAANI", 1, ff_faanidct, ff_ref_idct, NO_PERM}, + {"IJG-AAN-INT", 0, fdct_ifast, ff_ref_fdct, SCALE_PERM}, + {"IJG-LLM-INT", 0, ff_jpeg_fdct_islow, ff_ref_fdct, NO_PERM}, + {"REF-DBL", 1, ff_ref_idct, ff_ref_idct, NO_PERM}, + {"INT", 1, j_rev_dct, ff_ref_idct, MMX_PERM}, + {"SIMPLE-C", 1, ff_simple_idct, ff_ref_idct, NO_PERM}, #if HAVE_MMX - {"MMX", 0, ff_fdct_mmx, fdct, NO_PERM, FF_MM_MMX}, + {"MMX", 0, ff_fdct_mmx, ff_ref_fdct, NO_PERM, FF_MM_MMX}, #if HAVE_MMX2 - {"MMX2", 0, ff_fdct_mmx2, fdct, NO_PERM, FF_MM_MMXEXT}, - {"SSE2", 0, ff_fdct_sse2, fdct, NO_PERM, FF_MM_SSE2}, + {"MMX2", 0, ff_fdct_mmx2, ff_ref_fdct, NO_PERM, FF_MM_MMXEXT}, + {"SSE2", 0, ff_fdct_sse2, ff_ref_fdct, NO_PERM, FF_MM_SSE2}, #endif #if CONFIG_GPL - {"LIBMPEG2-MMX", 1, ff_mmx_idct, idct, MMX_PERM, FF_MM_MMX}, - {"LIBMPEG2-MMXEXT", 1, ff_mmxext_idct, idct, MMX_PERM, FF_MM_MMXEXT}, + {"LIBMPEG2-MMX", 1, ff_mmx_idct, ff_ref_idct, MMX_PERM, FF_MM_MMX}, + {"LIBMPEG2-MMXEXT", 1, ff_mmxext_idct, ff_ref_idct, MMX_PERM, FF_MM_MMXEXT}, #endif - {"SIMPLE-MMX", 1, ff_simple_idct_mmx, idct, MMX_SIMPLE_PERM, FF_MM_MMX}, - {"XVID-MMX", 1, ff_idct_xvid_mmx, idct, NO_PERM, FF_MM_MMX}, - {"XVID-MMX2", 1, ff_idct_xvid_mmx2, idct, NO_PERM, FF_MM_MMXEXT}, - {"XVID-SSE2", 1, ff_idct_xvid_sse2, idct, SSE2_PERM, FF_MM_SSE2}, + {"SIMPLE-MMX", 1, ff_simple_idct_mmx, ff_ref_idct, MMX_SIMPLE_PERM, FF_MM_MMX}, + {"XVID-MMX", 1, ff_idct_xvid_mmx, ff_ref_idct, NO_PERM, FF_MM_MMX}, + {"XVID-MMX2", 1, ff_idct_xvid_mmx2, ff_ref_idct, NO_PERM, FF_MM_MMXEXT}, + {"XVID-SSE2", 1, ff_idct_xvid_sse2, ff_ref_idct, SSE2_PERM, FF_MM_SSE2}, #endif #if HAVE_ALTIVEC - {"altivecfdct", 0, fdct_altivec, fdct, NO_PERM, FF_MM_ALTIVEC}, + {"altivecfdct", 0, fdct_altivec, ff_ref_fdct, NO_PERM, FF_MM_ALTIVEC}, #endif #if ARCH_BFIN - {"BFINfdct", 0, ff_bfin_fdct, fdct, NO_PERM}, - {"BFINidct", 1, ff_bfin_idct, idct, NO_PERM}, + {"BFINfdct", 0, ff_bfin_fdct, ff_ref_fdct, NO_PERM}, + {"BFINidct", 1, ff_bfin_idct, ff_ref_idct, NO_PERM}, #endif #if ARCH_ARM - {"SIMPLE-ARM", 1, simple_idct_ARM, idct, NO_PERM }, - {"INT-ARM", 1, j_rev_dct_ARM, idct, MMX_PERM }, + {"SIMPLE-ARM", 1, simple_idct_ARM, ff_ref_idct, NO_PERM }, + {"INT-ARM", 1, j_rev_dct_ARM, ff_ref_idct, MMX_PERM }, #if HAVE_ARMV5TE - {"SIMPLE-ARMV5TE", 1, simple_idct_armv5te, idct, NO_PERM }, + {"SIMPLE-ARMV5TE", 1, simple_idct_armv5te, ff_ref_idct, NO_PERM }, #endif #if HAVE_ARMV6 - {"SIMPLE-ARMV6", 1, ff_simple_idct_armv6, idct, MMX_PERM }, + {"SIMPLE-ARMV6", 1, ff_simple_idct_armv6, ff_ref_idct, MMX_PERM }, #endif #if HAVE_NEON - {"SIMPLE-NEON", 1, ff_simple_idct_neon, idct, PARTTRANS_PERM }, + {"SIMPLE-NEON", 1, ff_simple_idct_neon, ff_ref_idct, PARTTRANS_PERM }, #endif #endif /* ARCH_ARM */ #if ARCH_ALPHA - {"SIMPLE-ALPHA", 1, ff_simple_idct_axp, idct, NO_PERM }, + {"SIMPLE-ALPHA", 1, ff_simple_idct_axp, ff_ref_idct, NO_PERM }, #endif { 0 } @@ -222,7 +222,7 @@ void dct_error(const char *name, int is_idct, for(i=0;i<64;i++) block1[i] = (random() % 512) -256; if (is_idct){ - fdct(block1); + ff_ref_fdct(block1); for(i=0;i<64;i++) block1[i]>>=3; @@ -336,7 +336,7 @@ void dct_error(const char *name, int is_idct, for(i=0;i<64;i++) block1[i] = (random() % 512) -256; if (is_idct){ - fdct(block1); + ff_ref_fdct(block1); for(i=0;i<64;i++) block1[i]>>=3; @@ -559,7 +559,7 @@ int main(int argc, char **argv) int test=1; cpu_flags = mm_support(); - init_fdct(); + ff_ref_dct_init(); idct_mmx_init(); for(i=0;i<256;i++) cropTbl[i + MAX_NEG_CROP] = i; diff --git a/libavcodec/dctref.c b/libavcodec/dctref.c new file mode 100644 index 0000000000..faad057a9a --- /dev/null +++ b/libavcodec/dctref.c @@ -0,0 +1,121 @@ +/* + * reference discrete cosine transform (double precision) + * Copyright (C) 2009 Dylan Yudaken + * + * This file is part of FFmpeg. + * + * FFmpeg is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * FFmpeg is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with FFmpeg; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +/** + * @file libavcodec/dctref.c + * reference discrete cosine transform (double precision) + * + * @author Dylan Yudaken (dyudaken at gmail) + * + * @note This file could be optimized a lot, but is for + * reference and so readability is better. + */ + +#include "libavutil/mathematics.h" +static double coefficients[8 * 8]; + +/** + * Initialize the double precision discrete cosine transform + * functions fdct & idct. + */ +av_cold void ff_ref_dct_init(void) +{ + unsigned int i, j; + + for (j = 0; j < 8; ++j) { + coefficients[j] = sqrt(0.125); + for (i = 8; i < 64; i += 8) { + coefficients[i + j] = 0.5 * cos(i * (j + 0.5) * M_PI / 64.0); + } + } +} + +/** + * Transform 8x8 block of data with a double precision forward DCT
+ * This is a reference implementation. + * + * @param block pointer to 8x8 block of data to transform + */ +void ff_ref_fdct(short *block) +{ + /* implement the equation: block = coefficients * block * coefficients' */ + + unsigned int i, j, k; + double out[8 * 8]; + + /* out = coefficients * block */ + for (i = 0; i < 64; i += 8) { + for (j = 0; j < 8; ++j) { + double tmp = 0; + for (k = 0; k < 8; ++k) { + tmp += coefficients[i + k] * block[k * 8 + j]; + } + out[i + j] = tmp * 8; + } + } + + /* block = out * (coefficients') */ + for (j = 0; j < 8; ++j) { + for (i = 0; i < 64; i += 8) { + double tmp = 0; + for (k = 0; k < 8; ++k) { + tmp += out[i + k] * coefficients[j * 8 + k]; + } + block[i + j] = floor(tmp + 0.499999999999); + } + } +} + +/** + * Transform 8x8 block of data with a double precision inverse DCT
+ * This is a reference implementation. + * + * @param block pointer to 8x8 block of data to transform + */ +void ff_ref_idct(short *block) +{ + /* implement the equation: block = (coefficients') * block * coefficients */ + + unsigned int i, j, k; + double out[8 * 8]; + + /* out = block * coefficients */ + for (i = 0; i < 64; i += 8) { + for (j = 0; j < 8; ++j) { + double tmp = 0; + for (k = 0; k < 8; ++k) { + tmp += block[i + k] * coefficients[k * 8 + j]; + } + out[i + j] = tmp; + } + } + + /* block = (coefficients') * out */ + for (i = 0; i < 8; ++i) { + for (j = 0; j < 8; ++j) { + double tmp = 0; + for (k = 0; k < 64; k += 8) { + tmp += coefficients[k + i] * out[k + j]; + } + block[i * 8 + j] = floor(tmp + 0.5); + } + } +} diff --git a/libavcodec/dpcm.c b/libavcodec/dpcm.c index daa21cd09e..a364864ba3 100644 --- a/libavcodec/dpcm.c +++ b/libavcodec/dpcm.c @@ -167,6 +167,7 @@ static int dpcm_decode_frame(AVCodecContext *avctx, int in, out = 0; int predictor[2]; int channel_number = 0; + int stereo = s->channels - 1; short *output_samples = data; int shift[2]; unsigned char byte; @@ -175,6 +176,9 @@ static int dpcm_decode_frame(AVCodecContext *avctx, if (!buf_size) return 0; + if (stereo && (buf_size & 1)) + buf_size--; + // almost every DPCM variant expands one byte of data into two if(*data_size/2 < buf_size) return -1; diff --git a/libavcodec/dsicinav.c b/libavcodec/dsicinav.c index f8093fccf2..0d9fe0502e 100644 --- a/libavcodec/dsicinav.c +++ b/libavcodec/dsicinav.c @@ -215,6 +215,8 @@ static int cinvideo_decode_frame(AVCodecContext *avctx, /* handle palette */ if (palette_type == 0) { + if (palette_colors_count > 256) + return AVERROR_INVALIDDATA; for (i = 0; i < palette_colors_count; ++i) { cin->palette[i] = bytestream_get_le24(&buf); bitmap_frame_size -= 3; diff --git a/libavcodec/dsputil.c b/libavcodec/dsputil.c index 86a6c37793..4645e79bf1 100644 --- a/libavcodec/dsputil.c +++ b/libavcodec/dsputil.c @@ -3497,7 +3497,7 @@ static void clear_blocks_c(DCTELEM *blocks) static void add_bytes_c(uint8_t *dst, uint8_t *src, int w){ long i; - for(i=0; i<=w-sizeof(long); i+=sizeof(long)){ + for(i=0; i<=w-(int)sizeof(long); i+=sizeof(long)){ long a = *(long*)(src+i); long b = *(long*)(dst+i); *(long*)(dst+i) = ((a&pb_7f) + (b&pb_7f)) ^ ((a^b)&pb_80); @@ -3508,7 +3508,7 @@ static void add_bytes_c(uint8_t *dst, uint8_t *src, int w){ static void add_bytes_l2_c(uint8_t *dst, uint8_t *src1, uint8_t *src2, int w){ long i; - for(i=0; i<=w-sizeof(long); i+=sizeof(long)){ + for(i=0; i<=w-(int)sizeof(long); i+=sizeof(long)){ long a = *(long*)(src1+i); long b = *(long*)(src2+i); *(long*)(dst+i) = ((a&pb_7f) + (b&pb_7f)) ^ ((a^b)&pb_80); @@ -3533,7 +3533,7 @@ static void diff_bytes_c(uint8_t *dst, uint8_t *src1, uint8_t *src2, int w){ } }else #endif - for(i=0; i<=w-sizeof(long); i+=sizeof(long)){ + for(i=0; i<=w-(int)sizeof(long); i+=sizeof(long)){ long a = *(long*)(src1+i); long b = *(long*)(src2+i); *(long*)(dst+i) = ((a|pb_80) - (b&pb_7f)) ^ ((a^b^pb_80)&pb_80); diff --git a/libavcodec/dv.c b/libavcodec/dv.c index 59ebb088e6..be4a746de5 100644 --- a/libavcodec/dv.c +++ b/libavcodec/dv.c @@ -414,11 +414,6 @@ static const int vs_total_ac_bits = (100 * 4 + 68*2) * 5; /* see dv_88_areas and dv_248_areas for details */ static const int mb_area_start[5] = { 1, 6, 21, 43, 64 }; -static inline int get_bits_left(GetBitContext *s) -{ - return s->size_in_bits - get_bits_count(s); -} - static inline int put_bits_left(PutBitContext* s) { return (s->buf_end - s->buf) * 8 - put_bits_count(s); diff --git a/libavcodec/dxa.c b/libavcodec/dxa.c index e415da7187..6d754980c7 100644 --- a/libavcodec/dxa.c +++ b/libavcodec/dxa.c @@ -290,6 +290,11 @@ static av_cold int decode_init(AVCodecContext *avctx) { DxaDecContext * const c = avctx->priv_data; + if (avctx->width%4 || avctx->height%4) { + av_log(avctx, AV_LOG_ERROR, "dimensions are not a multiple of 4"); + return AVERROR_INVALIDDATA; + } + c->avctx = avctx; avctx->pix_fmt = PIX_FMT_PAL8; diff --git a/libavcodec/eatqi.c b/libavcodec/eatqi.c index 66123a2aae..e3c06c0055 100644 --- a/libavcodec/eatqi.c +++ b/libavcodec/eatqi.c @@ -40,6 +40,7 @@ typedef struct TqiContext { AVFrame frame; uint8_t *bitstream_buf; unsigned int bitstream_buf_size; + DECLARE_ALIGNED_16(DCTELEM, block[6][64]); } TqiContext; static av_cold int tqi_decode_init(AVCodecContext *avctx) @@ -58,12 +59,15 @@ static av_cold int tqi_decode_init(AVCodecContext *avctx) return 0; } -static void tqi_decode_mb(MpegEncContext *s, DCTELEM (*block)[64]) +static int tqi_decode_mb(MpegEncContext *s, DCTELEM (*block)[64]) { int n; s->dsp.clear_blocks(block[0]); for (n=0; n<6; n++) - ff_mpeg1_decode_block_intra(s, block[n], n); + if (ff_mpeg1_decode_block_intra(s, block[n], n) < 0) + return -1; + + return 0; } static inline void tqi_idct_put(TqiContext *t, DCTELEM (*block)[64]) @@ -106,7 +110,6 @@ static int tqi_decode_frame(AVCodecContext *avctx, const uint8_t *buf_end = buf+buf_size; TqiContext *t = avctx->priv_data; MpegEncContext *s = &t->s; - DECLARE_ALIGNED_16(DCTELEM, block[6][64]); s->width = AV_RL16(&buf[0]); s->height = AV_RL16(&buf[2]); @@ -134,8 +137,9 @@ static int tqi_decode_frame(AVCodecContext *avctx, for (s->mb_y=0; s->mb_y<(avctx->height+15)/16; s->mb_y++) for (s->mb_x=0; s->mb_x<(avctx->width+15)/16; s->mb_x++) { - tqi_decode_mb(s, block); - tqi_idct_put(t, block); + if (tqi_decode_mb(s, t->block) < 0) + break; + tqi_idct_put(t, t->block); } *data_size = sizeof(AVFrame); diff --git a/libavcodec/fdctref.c b/libavcodec/fdctref.c deleted file mode 100644 index 164883dcbc..0000000000 --- a/libavcodec/fdctref.c +++ /dev/null @@ -1,157 +0,0 @@ -/** - * @file libavcodec/fdctref.c - * forward discrete cosine transform, double precision. - */ - -/* Copyright (C) 1996, MPEG Software Simulation Group. All Rights Reserved. */ - -/* - * Disclaimer of Warranty - * - * These software programs are available to the user without any license fee or - * royalty on an "as is" basis. The MPEG Software Simulation Group disclaims - * any and all warranties, whether express, implied, or statuary, including any - * implied warranties or merchantability or of fitness for a particular - * purpose. In no event shall the copyright-holder be liable for any - * incidental, punitive, or consequential damages of any kind whatsoever - * arising from the use of these programs. - * - * This disclaimer of warranty extends to the user of these programs and user's - * customers, employees, agents, transferees, successors, and assigns. - * - * The MPEG Software Simulation Group does not represent or warrant that the - * programs furnished hereunder are free of infringement of any third-party - * patents. - * - * Commercial implementations of MPEG-1 and MPEG-2 video, including shareware, - * are subject to royalty fees to patent holders. Many of these patents are - * general enough such that they are unavoidable regardless of implementation - * design. - */ - -#include - -#ifndef PI -# ifdef M_PI -# define PI M_PI -# else -# define PI 3.14159265358979323846 -# endif -#endif - -/* global declarations */ -void init_fdct (void); -void fdct (short *block); - -/* private data */ -static double c[8][8]; /* transform coefficients */ - -void init_fdct(void) -{ - int i, j; - double s; - - for (i=0; i<8; i++) - { - s = (i==0) ? sqrt(0.125) : 0.5; - - for (j=0; j<8; j++) - c[i][j] = s * cos((PI/8.0)*i*(j+0.5)); - } -} - -void fdct(block) -short *block; -{ - register int i, j; - double s; - double tmp[64]; - - for(i = 0; i < 8; i++) - for(j = 0; j < 8; j++) - { - s = 0.0; - -/* - * for(k = 0; k < 8; k++) - * s += c[j][k] * block[8 * i + k]; - */ - s += c[j][0] * block[8 * i + 0]; - s += c[j][1] * block[8 * i + 1]; - s += c[j][2] * block[8 * i + 2]; - s += c[j][3] * block[8 * i + 3]; - s += c[j][4] * block[8 * i + 4]; - s += c[j][5] * block[8 * i + 5]; - s += c[j][6] * block[8 * i + 6]; - s += c[j][7] * block[8 * i + 7]; - - tmp[8 * i + j] = s; - } - - for(j = 0; j < 8; j++) - for(i = 0; i < 8; i++) - { - s = 0.0; - -/* - * for(k = 0; k < 8; k++) - * s += c[i][k] * tmp[8 * k + j]; - */ - s += c[i][0] * tmp[8 * 0 + j]; - s += c[i][1] * tmp[8 * 1 + j]; - s += c[i][2] * tmp[8 * 2 + j]; - s += c[i][3] * tmp[8 * 3 + j]; - s += c[i][4] * tmp[8 * 4 + j]; - s += c[i][5] * tmp[8 * 5 + j]; - s += c[i][6] * tmp[8 * 6 + j]; - s += c[i][7] * tmp[8 * 7 + j]; - s*=8.0; - - block[8 * i + j] = (short)floor(s + 0.499999); -/* - * reason for adding 0.499999 instead of 0.5: - * s is quite often x.5 (at least for i and/or j = 0 or 4) - * and setting the rounding threshold exactly to 0.5 leads to an - * extremely high arithmetic implementation dependency of the result; - * s being between x.5 and x.500001 (which is now incorrectly rounded - * downwards instead of upwards) is assumed to occur less often - * (if at all) - */ - } -} - -/* perform IDCT matrix multiply for 8x8 coefficient block */ - -void idct(block) -short *block; -{ - int i, j, k, v; - double partial_product; - double tmp[64]; - - for (i=0; i<8; i++) - for (j=0; j<8; j++) - { - partial_product = 0.0; - - for (k=0; k<8; k++) - partial_product+= c[k][j]*block[8*i+k]; - - tmp[8*i+j] = partial_product; - } - - /* Transpose operation is integrated into address mapping by switching - loop order of i and j */ - - for (j=0; j<8; j++) - for (i=0; i<8; i++) - { - partial_product = 0.0; - - for (k=0; k<8; k++) - partial_product+= c[k][i]*tmp[8*k+j]; - - v = (int) floor(partial_product+0.5); - block[8*i+j] = v; - } -} diff --git a/libavcodec/ffv1.c b/libavcodec/ffv1.c index 72c5fbd881..db68a18ab4 100644 --- a/libavcodec/ffv1.c +++ b/libavcodec/ffv1.c @@ -248,10 +248,9 @@ static inline int get_symbol(RangeCoder *c, uint8_t *state, int is_signed){ else{ int i, e, a; e= 0; - while(get_rac(c, state+1 + e)){ //1..10 + while(get_rac(c, state+1 + e) && e<9){ //1..10 e++; } - assert(e<=9); a= 1; for(i=e-1; i>=0; i--){ @@ -361,7 +360,7 @@ static inline int encode_line(FFV1Context *s, int w, int_fast16_t *sample[2], in int run_mode=0; if(s->ac){ - if(c->bytestream_end - c->bytestream < w*20){ + if(c->bytestream_end - c->bytestream < w*35){ av_log(s->avctx, AV_LOG_ERROR, "encoded frame too large\n"); return -1; } diff --git a/libavcodec/flicvideo.c b/libavcodec/flicvideo.c index 2261c40524..95255f99b3 100644 --- a/libavcodec/flicvideo.c +++ b/libavcodec/flicvideo.c @@ -160,7 +160,7 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, int pixel_skip; int pixel_countdown; unsigned char *pixels; - int pixel_limit; + unsigned int pixel_limit; s->frame.reference = 1; s->frame.buffer_hints = FF_BUFFER_HINTS_VALID | FF_BUFFER_HINTS_PRESERVE | FF_BUFFER_HINTS_REUSABLE; @@ -254,10 +254,13 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, av_log(avctx, AV_LOG_ERROR, "Undefined opcode (%x) in DELTA_FLI\n", line_packets); } else if ((line_packets & 0xC000) == 0x8000) { // "last byte" opcode - pixels[y_ptr + s->frame.linesize[0] - 1] = line_packets & 0xff; + pixel_ptr= y_ptr + s->frame.linesize[0] - 1; + CHECK_PIXEL_PTR(0); + pixels[pixel_ptr] = line_packets & 0xff; } else { compressed_lines--; pixel_ptr = y_ptr; + CHECK_PIXEL_PTR(0); pixel_countdown = s->avctx->width; for (i = 0; i < line_packets; i++) { /* account for the skip bytes */ @@ -269,7 +272,7 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, byte_run = -byte_run; palette_idx1 = buf[stream_ptr++]; palette_idx2 = buf[stream_ptr++]; - CHECK_PIXEL_PTR(byte_run); + CHECK_PIXEL_PTR(byte_run * 2); for (j = 0; j < byte_run; j++, pixel_countdown -= 2) { pixels[pixel_ptr++] = palette_idx1; pixels[pixel_ptr++] = palette_idx2; @@ -299,6 +302,7 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, stream_ptr += 2; while (compressed_lines > 0) { pixel_ptr = y_ptr; + CHECK_PIXEL_PTR(0); pixel_countdown = s->avctx->width; line_packets = buf[stream_ptr++]; if (line_packets > 0) { @@ -454,7 +458,7 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, int pixel_countdown; unsigned char *pixels; int pixel; - int pixel_limit; + unsigned int pixel_limit; s->frame.reference = 1; s->frame.buffer_hints = FF_BUFFER_HINTS_VALID | FF_BUFFER_HINTS_PRESERVE | FF_BUFFER_HINTS_REUSABLE; @@ -504,6 +508,7 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, } else { compressed_lines--; pixel_ptr = y_ptr; + CHECK_PIXEL_PTR(0); pixel_countdown = s->avctx->width; for (i = 0; i < line_packets; i++) { /* account for the skip bytes */ @@ -515,13 +520,13 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, byte_run = -byte_run; pixel = AV_RL16(&buf[stream_ptr]); stream_ptr += 2; - CHECK_PIXEL_PTR(byte_run); + CHECK_PIXEL_PTR(2 * byte_run); for (j = 0; j < byte_run; j++, pixel_countdown -= 2) { *((signed short*)(&pixels[pixel_ptr])) = pixel; pixel_ptr += 2; } } else { - CHECK_PIXEL_PTR(byte_run); + CHECK_PIXEL_PTR(2 * byte_run); for (j = 0; j < byte_run; j++, pixel_countdown--) { *((signed short*)(&pixels[pixel_ptr])) = AV_RL16(&buf[stream_ptr]); stream_ptr += 2; @@ -612,7 +617,7 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, if (byte_run > 0) { pixel = AV_RL16(&buf[stream_ptr]); stream_ptr += 2; - CHECK_PIXEL_PTR(byte_run); + CHECK_PIXEL_PTR(2 * byte_run); for (j = 0; j < byte_run; j++) { *((signed short*)(&pixels[pixel_ptr])) = pixel; pixel_ptr += 2; @@ -623,7 +628,7 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, } } else { /* copy pixels if byte_run < 0 */ byte_run = -byte_run; - CHECK_PIXEL_PTR(byte_run); + CHECK_PIXEL_PTR(2 * byte_run); for (j = 0; j < byte_run; j++) { *((signed short*)(&pixels[pixel_ptr])) = AV_RL16(&buf[stream_ptr]); stream_ptr += 2; diff --git a/libavcodec/gifdec.c b/libavcodec/gifdec.c index d24550c846..49ee7e0e8d 100644 --- a/libavcodec/gifdec.c +++ b/libavcodec/gifdec.c @@ -125,26 +125,21 @@ static int gif_read_image(GifState *s) case 1: y1 += 8; ptr += linesize * 8; - if (y1 >= height) { - y1 = pass ? 2 : 4; - ptr = ptr1 + linesize * y1; - pass++; - } break; case 2: y1 += 4; ptr += linesize * 4; - if (y1 >= height) { - y1 = 1; - ptr = ptr1 + linesize; - pass++; - } break; case 3: y1 += 2; ptr += linesize * 2; break; } + while (y1 >= height) { + y1 = 4 >> pass; + ptr = ptr1 + linesize * y1; + pass++; + } } else { ptr += linesize; } diff --git a/libavcodec/h261dec.c b/libavcodec/h261dec.c index 70542869c5..aa1be6f642 100644 --- a/libavcodec/h261dec.c +++ b/libavcodec/h261dec.c @@ -285,6 +285,10 @@ static int h261_decode_mb(H261Context *h){ // Read mtype h->mtype = get_vlc2(&s->gb, h261_mtype_vlc.table, H261_MTYPE_VLC_BITS, 2); + if (h->mtype < 0) { + av_log(s->avctx, AV_LOG_ERROR, "illegal mtype %d\n", h->mtype); + return SLICE_ERROR; + } h->mtype = h261_mtype_map[h->mtype]; // Read mquant diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 91f20c9867..099f5f1a3a 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -3743,6 +3743,7 @@ static int decode_slice_header(H264Context *h, H264Context *h0){ free_tables(h); flush_dpb(s->avctx); MPV_common_end(s); + h->list_count = 0; } if (!s->context_initialized) { if(h != h0) @@ -3940,8 +3941,10 @@ static int decode_slice_header(H264Context *h, H264Context *h0){ fill_default_ref_list(h); } - if(h->slice_type_nos!=FF_I_TYPE && decode_ref_pic_list_reordering(h) < 0) + if(h->slice_type_nos!=FF_I_TYPE && decode_ref_pic_list_reordering(h) < 0) { + h->ref_count[1]= h->ref_count[0]= 0; return -1; + } if(h->slice_type_nos!=FF_I_TYPE){ s->last_picture_ptr= &h->ref_list[0][0]; @@ -7016,6 +7019,10 @@ static inline int decode_vui_parameters(H264Context *h, SPS *sps){ if(sps->timing_info_present_flag){ sps->num_units_in_tick = get_bits_long(&s->gb, 32); sps->time_scale = get_bits_long(&s->gb, 32); + if(sps->num_units_in_tick-1 > 0x7FFFFFFEU || sps->time_scale-1 > 0x7FFFFFFEU){ + av_log(h->s.avctx, AV_LOG_ERROR, "time_scale/num_units_in_tick inavlid or unsupported (%d/%d)\n", sps->time_scale, sps->num_units_in_tick); + return -1; + } sps->fixed_frame_rate_flag = get_bits1(&s->gb); } @@ -7127,8 +7134,12 @@ int ff_h264_decode_seq_parameter_set(H264Context *h){ if(sps->profile_idc >= 100){ //high profile sps->chroma_format_idc= get_ue_golomb_31(&s->gb); - if(sps->chroma_format_idc == 3) + if(sps->chroma_format_idc > 3) { + av_log(h->s.avctx, AV_LOG_ERROR, "chroma_format_idc (%u) out of range\n", sps->chroma_format_idc); + return -1; + } else if(sps->chroma_format_idc == 3) { sps->residual_color_transform_flag = get_bits1(&s->gb); + } sps->bit_depth_luma = get_ue_golomb(&s->gb) + 8; sps->bit_depth_chroma = get_ue_golomb(&s->gb) + 8; sps->transform_bypass = get_bits1(&s->gb); @@ -7161,7 +7172,7 @@ int ff_h264_decode_seq_parameter_set(H264Context *h){ } sps->ref_frame_count= get_ue_golomb_31(&s->gb); - if(sps->ref_frame_count > MAX_PICTURE_COUNT-2 || sps->ref_frame_count >= 32U){ + if(sps->ref_frame_count > MAX_PICTURE_COUNT-2 || sps->ref_frame_count > 16U){ av_log(h->s.avctx, AV_LOG_ERROR, "too many reference frames\n"); goto fail; } @@ -7448,7 +7459,11 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size){ break; } - if(buf_index+3 >= buf_size) break; + + if (buf_index + 3 >= buf_size) { + buf_index = buf_size; + break; + } buf_index+=3; } @@ -7542,6 +7557,7 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size){ hx->inter_gb_ptr= &hx->inter_gb; if(hx->redundant_pic_count==0 && hx->intra_gb_ptr && hx->s.data_partitioning + && s->current_picture_ptr && s->context_initialized && s->hurry_up < 5 && (avctx->skip_frame < AVDISCARD_NONREF || hx->nal_ref_idc) diff --git a/libavcodec/huffyuv.c b/libavcodec/huffyuv.c index 51acf0570d..72dd52ee06 100644 --- a/libavcodec/huffyuv.c +++ b/libavcodec/huffyuv.c @@ -312,12 +312,13 @@ static void generate_joint_tables(HYuvContext *s){ for(i=y=0; y<256; y++){ int len0 = s->len[0][y]; int limit = VLC_BITS - len0; - if(limit <= 0) + if(limit <= 0 || !len0) continue; for(u=0; u<256; u++){ int len1 = s->len[p][u]; - if(len1 > limit) + if (len1 > limit || !len1) continue; + assert(i < (1 << VLC_BITS)); len[i] = len0 + len1; bits[i] = (s->bits[0][y] << len1) + s->bits[p][u]; symbols[i] = (y<<8) + u; @@ -339,18 +340,19 @@ static void generate_joint_tables(HYuvContext *s){ for(i=0, g=-16; g<16; g++){ int len0 = s->len[p0][g&255]; int limit0 = VLC_BITS - len0; - if(limit0 < 2) + if (limit0 < 2 || !len0) continue; for(b=-16; b<16; b++){ int len1 = s->len[p1][b&255]; int limit1 = limit0 - len1; - if(limit1 < 1) + if (limit1 < 1 || !len1) continue; code = (s->bits[p0][g&255] << len1) + s->bits[p1][b&255]; for(r=-16; r<16; r++){ int len2 = s->len[2][r&255]; - if(len2 > limit1) + if (len2 > limit1 || !len2) continue; + assert(i < (1 << VLC_BITS)); len[i] = len0 + len1 + len2; bits[i] = (code << len2) + s->bits[2][r&255]; if(s->decorrelate){ @@ -374,6 +376,7 @@ static void generate_joint_tables(HYuvContext *s){ static int read_huffman_tables(HYuvContext *s, uint8_t *src, int length){ GetBitContext gb; int i; + int ret; init_get_bits(&gb, src, length*8); @@ -389,7 +392,8 @@ printf("%6X, %2d, %3d\n", s->bits[i][j], s->len[i][j], j); } #endif free_vlc(&s->vlc[i]); - init_vlc(&s->vlc[i], VLC_BITS, 256, s->len[i], 1, 1, s->bits[i], 4, 4, 0); + if ((ret = init_vlc(&s->vlc[i], VLC_BITS, 256, s->len[i], 1, 1, s->bits[i], 4, 4, 0)) < 0) + return ret; } generate_joint_tables(s); @@ -401,6 +405,7 @@ static int read_old_huffman_tables(HYuvContext *s){ #if 1 GetBitContext gb; int i; + int ret; init_get_bits(&gb, classic_shift_luma, sizeof(classic_shift_luma)*8); read_len_table(s->len[0], &gb); @@ -419,7 +424,8 @@ static int read_old_huffman_tables(HYuvContext *s){ for(i=0; i<3; i++){ free_vlc(&s->vlc[i]); - init_vlc(&s->vlc[i], VLC_BITS, 256, s->len[i], 1, 1, s->bits[i], 4, 4, 0); + if ((ret = init_vlc(&s->vlc[i], VLC_BITS, 256, s->len[i], 1, 1, s->bits[i], 4, 4, 0)) < 0) + return ret; } generate_joint_tables(s); @@ -549,7 +555,10 @@ s->bgr32=1; default: assert(0); } - + if (s->predictor == MEDIAN && avctx->pix_fmt == PIX_FMT_YUV422P && avctx->width%4) { + av_log(avctx, AV_LOG_ERROR, "width must be a multiple of 4 this colorspace and predictor\n"); + return AVERROR_INVALIDDATA; + } alloc_temp(s); // av_log(NULL, AV_LOG_DEBUG, "pred:%d bpp:%d hbpp:%d il:%d\n", s->predictor, s->bitstream_bpp, avctx->bits_per_coded_sample, s->interlaced); @@ -728,10 +737,17 @@ static void decode_422_bitstream(HYuvContext *s, int count){ count/=2; + if(count >= (s->gb.size_in_bits - get_bits_count(&s->gb))/(31*4)){ + for(i=0; igb) < s->gb.size_in_bits; i++){ + READ_2PIX(s->temp[0][2*i ], s->temp[1][i], 1); + READ_2PIX(s->temp[0][2*i+1], s->temp[2][i], 2); + } + }else{ for(i=0; itemp[0][2*i ], s->temp[1][i], 1); READ_2PIX(s->temp[0][2*i+1], s->temp[2][i], 2); } + } } static void decode_gray_bitstream(HYuvContext *s, int count){ @@ -739,9 +755,15 @@ static void decode_gray_bitstream(HYuvContext *s, int count){ count/=2; + if(count >= (s->gb.size_in_bits - get_bits_count(&s->gb))/(31*2)){ + for(i=0; igb) < s->gb.size_in_bits; i++){ + READ_2PIX(s->temp[0][2*i ], s->temp[0][2*i+1], 0); + } + }else{ for(i=0; itemp[0][2*i ], s->temp[0][2*i+1], 0); } + } } #if CONFIG_HUFFYUV_ENCODER || CONFIG_FFVHUFF_ENCODER diff --git a/libavcodec/imgconvert.c b/libavcodec/imgconvert.c index 1e0c66de84..eecd12535e 100644 --- a/libavcodec/imgconvert.c +++ b/libavcodec/imgconvert.c @@ -890,7 +890,8 @@ static int avcodec_find_best_pix_fmt1(int64_t pix_fmt_mask, /* find exact color match with smallest size */ dst_pix_fmt = -1; min_dist = 0x7fffffff; - for(i = 0;i < PIX_FMT_NB; i++) { + /* test only the first 64 pixel formats to avoid undefined behaviour */ + for (i = 0; i < 64; i++) { if (pix_fmt_mask & (1ULL << i)) { loss = avcodec_get_pix_fmt_loss(i, src_pix_fmt, has_alpha) & loss_mask; if (loss == 0) { diff --git a/libavcodec/indeo2.c b/libavcodec/indeo2.c index 40c561a559..8ee6a86e9e 100644 --- a/libavcodec/indeo2.c +++ b/libavcodec/indeo2.c @@ -153,6 +153,13 @@ static int ir2_decode_frame(AVCodecContext *avctx, return -1; } + start = 48; /* hardcoded for now */ + + if (start >= buf_size) { + av_log(s->avctx, AV_LOG_ERROR, "input buffer size too small (%d)\n", buf_size); + return AVERROR_INVALIDDATA; + } + s->decode_delta = buf[18]; /* decide whether frame uses deltas or not */ @@ -160,9 +167,8 @@ static int ir2_decode_frame(AVCodecContext *avctx, for (i = 0; i < buf_size; i++) buf[i] = ff_reverse[buf[i]]; #endif - start = 48; /* hardcoded for now */ - init_get_bits(&s->gb, buf + start, buf_size - start); + init_get_bits(&s->gb, buf + start, (buf_size - start) * 8); if (s->decode_delta) { /* intraframe */ ir2_decode_plane(s, avctx->width, avctx->height, diff --git a/libavcodec/jpeglsdec.c b/libavcodec/jpeglsdec.c index fdf4c4c424..1079fc811f 100644 --- a/libavcodec/jpeglsdec.c +++ b/libavcodec/jpeglsdec.c @@ -143,6 +143,8 @@ static inline int ls_get_code_runterm(GetBitContext *gb, JLSState *state, int RI ret = ret >> 1; } + if(FFABS(ret) > 0xFFFF) + return -0x10000; /* update state */ state->A[Q] += FFABS(ret) - RItype; ret *= state->twonear; @@ -203,6 +205,11 @@ static inline void ls_decode_line(JLSState *state, MJpegDecodeContext *s, void * x += stride; } + if (x >= w) { + av_log(NULL, AV_LOG_ERROR, "run overflow\n"); + return; + } + /* decode run termination value */ Rb = R(last, x); RItype = (FFABS(Ra - Rb) <= state->near) ? 1 : 0; diff --git a/libavcodec/kmvc.c b/libavcodec/kmvc.c index 30939ab411..69b5937668 100644 --- a/libavcodec/kmvc.c +++ b/libavcodec/kmvc.c @@ -33,6 +33,7 @@ #define KMVC_KEYFRAME 0x80 #define KMVC_PALETTE 0x40 #define KMVC_METHOD 0x0F +#define MAX_PALSIZE 256 /* * Decoder context @@ -43,7 +44,7 @@ typedef struct KmvcContext { int setpal; int palsize; - uint32_t pal[256]; + uint32_t pal[MAX_PALSIZE]; uint8_t *cur, *prev; uint8_t *frm0, *frm1; } KmvcContext; @@ -366,6 +367,10 @@ static av_cold int decode_init(AVCodecContext * avctx) c->palsize = 127; } else { c->palsize = AV_RL16(avctx->extradata + 10); + if (c->palsize >= MAX_PALSIZE) { + av_log(avctx, AV_LOG_ERROR, "KMVC palette too large\n"); + return AVERROR_INVALIDDATA; + } } if (avctx->extradata_size == 1036) { // palette in extradata diff --git a/libavcodec/libamr.c b/libavcodec/libamr.c index 6a9de50fdc..cfbd1bbe73 100644 --- a/libavcodec/libamr.c +++ b/libavcodec/libamr.c @@ -25,22 +25,13 @@ * This code implements both an AMR-NarrowBand (AMR-NB) and an AMR-WideBand * (AMR-WB) audio encoder/decoder through external reference code from * http://www.3gpp.org/. The license of the code from 3gpp is unclear so you - * have to download the code separately. Two versions exists: One fixed-point - * and one floating-point. For some reason the float encoder is significantly - * faster at least on a P4 1.5GHz (0.9s instead of 9.9s on a 30s audio clip - * at MR102). Both float and fixed point are supported for AMR-NB, but only - * float for AMR-WB. + * have to download the code separately. * * \section AMR-NB * - * \subsection Float * The float version (default) can be downloaded from: * http://www.3gpp.org/ftp/Specs/archive/26_series/26.104/26104-610.zip * - * \subsection Fixed-point - * The fixed-point (TS26.073) can be downloaded from: - * http://www.3gpp.org/ftp/Specs/archive/26_series/26.073/26073-600.zip - * * \subsection Specification * The specification for AMR-NB can be found in TS 26.071 * (http://www.3gpp.org/ftp/Specs/html-info/26071.htm) and some other @@ -48,14 +39,9 @@ * * \section AMR-WB * - * \subsection Float * The reference code can be downloaded from: * http://www.3gpp.org/ftp/Specs/archive/26_series/26.204/26204-600.zip * - * \subsection Fixed-point - * If someone wants to use the fixed point version it can be downloaded from: - * http://www.3gpp.org/ftp/Specs/archive/26_series/26.173/26173-571.zip. - * * \subsection Specification * The specification for AMR-WB can be found in TS 26.171 * (http://www.3gpp.org/ftp/Specs/html-info/26171.htm) and some other @@ -65,31 +51,30 @@ #include "avcodec.h" -#if CONFIG_LIBAMR_NB_FIXED +static void amr_decode_fix_avctx(AVCodecContext *avctx) +{ + const int is_amr_wb = 1 + (avctx->codec_id == CODEC_ID_AMR_WB); -#define MMS_IO + if (!avctx->sample_rate) + avctx->sample_rate = 8000 * is_amr_wb; -#include "amr/sp_dec.h" -#include "amr/d_homing.h" -#include "amr/typedef.h" -#include "amr/sp_enc.h" -#include "amr/sid_sync.h" -#include "amr/e_homing.h" + if (!avctx->channels) + avctx->channels = 1; + + avctx->frame_size = 160 * is_amr_wb; + avctx->sample_fmt = SAMPLE_FMT_S16; +} + +#if CONFIG_LIBAMR_NB -#else #include #include -#endif static const char nb_bitrate_unsupported[] = "bitrate not supported: use one of 4.75k, 5.15k, 5.9k, 6.7k, 7.4k, 7.95k, 10.2k or 12.2k\n"; -static const char wb_bitrate_unsupported[] = - "bitrate not supported: use one of 6.6k, 8.85k, 12.65k, 14.25k, 15.85k, 18.25k, 19.85k, 23.05k, or 23.85k\n"; -/* Common code for fixed and float version*/ -typedef struct AMR_bitrates -{ - int rate; +typedef struct AMR_bitrates { + int rate; enum Mode mode; } AMR_bitrates; @@ -97,287 +82,44 @@ typedef struct AMR_bitrates static int getBitrateMode(int bitrate) { /* make the correspondance between bitrate and mode */ - AMR_bitrates rates[]={ {4750,MR475}, - {5150,MR515}, - {5900,MR59}, - {6700,MR67}, - {7400,MR74}, - {7950,MR795}, - {10200,MR102}, - {12200,MR122}, - }; + AMR_bitrates rates[] = { { 4750, MR475}, + { 5150, MR515}, + { 5900, MR59}, + { 6700, MR67}, + { 7400, MR74}, + { 7950, MR795}, + {10200, MR102}, + {12200, MR122}, }; int i; - for(i=0;i<8;i++) - { - if(rates[i].rate==bitrate) - { + for (i = 0; i < 8; i++) + if (rates[i].rate == bitrate) return rates[i].mode; - } - } /* no bitrate matching, return an error */ return -1; } -static void amr_decode_fix_avctx(AVCodecContext * avctx) -{ - const int is_amr_wb = 1 + (avctx->codec_id == CODEC_ID_AMR_WB); - - if(avctx->sample_rate == 0) - { - avctx->sample_rate = 8000 * is_amr_wb; - } - - if(avctx->channels == 0) - { - avctx->channels = 1; - } - - avctx->frame_size = 160 * is_amr_wb; - avctx->sample_fmt = SAMPLE_FMT_S16; -} - -#if CONFIG_LIBAMR_NB_FIXED -/* fixed point version*/ -/* frame size in serial bitstream file (frame type + serial stream + flags) */ -#define SERIAL_FRAMESIZE (1+MAX_SERIAL_SIZE+5) - typedef struct AMRContext { - int frameCount; - Speech_Decode_FrameState *speech_decoder_state; - enum RXFrameType rx_type; - enum Mode mode; - Word16 reset_flag; - Word16 reset_flag_old; - - int enc_bitrate; - Speech_Encode_FrameState *enstate; - sid_syncState *sidstate; - enum TXFrameType tx_frametype; + int frameCount; + void *decState; + int *enstate; + int enc_bitrate; } AMRContext; -static av_cold int amr_nb_decode_init(AVCodecContext * avctx) +static av_cold int amr_nb_decode_init(AVCodecContext *avctx) { AMRContext *s = avctx->priv_data; - s->frameCount=0; - s->speech_decoder_state=NULL; - s->rx_type = (enum RXFrameType)0; - s->mode= (enum Mode)0; - s->reset_flag=0; - s->reset_flag_old=1; - - if(Speech_Decode_Frame_init(&s->speech_decoder_state, "Decoder")) - { - av_log(avctx, AV_LOG_ERROR, "Speech_Decode_Frame_init error\n"); - return -1; - } - - amr_decode_fix_avctx(avctx); - - if(avctx->channels > 1) - { - av_log(avctx, AV_LOG_ERROR, "amr_nb: multichannel decoding not supported\n"); - return -1; - } - - return 0; -} - -static av_cold int amr_nb_encode_init(AVCodecContext * avctx) -{ - AMRContext *s = avctx->priv_data; - - s->frameCount=0; - s->speech_decoder_state=NULL; - s->rx_type = (enum RXFrameType)0; - s->mode= (enum Mode)0; - s->reset_flag=0; - s->reset_flag_old=1; - - if(avctx->sample_rate!=8000) - { - av_log(avctx, AV_LOG_ERROR, "Only 8000Hz sample rate supported\n"); - return -1; - } - - if(avctx->channels!=1) - { - av_log(avctx, AV_LOG_ERROR, "Only mono supported\n"); - return -1; - } - - avctx->frame_size=160; - avctx->coded_frame= avcodec_alloc_frame(); - - if(Speech_Encode_Frame_init(&s->enstate, 0, "encoder") || sid_sync_init (&s->sidstate)) - { - av_log(avctx, AV_LOG_ERROR, "Speech_Encode_Frame_init error\n"); - return -1; - } - - if((s->enc_bitrate=getBitrateMode(avctx->bit_rate))<0) - { - av_log(avctx, AV_LOG_ERROR, nb_bitrate_unsupported); - return -1; - } - - return 0; -} - -static av_cold int amr_nb_encode_close(AVCodecContext * avctx) -{ - AMRContext *s = avctx->priv_data; - - Speech_Encode_Frame_exit(&s->enstate); - sid_sync_exit (&s->sidstate); - av_freep(&avctx->coded_frame); - return 0; -} - -static av_cold int amr_nb_decode_close(AVCodecContext * avctx) -{ - AMRContext *s = avctx->priv_data; - - Speech_Decode_Frame_exit(&s->speech_decoder_state); - return 0; -} - -static int amr_nb_decode_frame(AVCodecContext * avctx, - void *data, int *data_size, - const uint8_t * buf, int buf_size) -{ - AMRContext *s = avctx->priv_data; - const uint8_t*amrData=buf; - int offset=0; - UWord8 toc, q, ft; - Word16 serial[SERIAL_FRAMESIZE]; /* coded bits */ - Word16 *synth; - UWord8 *packed_bits; - static Word16 packed_size[16] = {12, 13, 15, 17, 19, 20, 26, 31, 5, 0, 0, 0, 0, 0, 0, 0}; - int i; - - //printf("amr_decode_frame data_size=%i buf=0x%X buf_size=%d frameCount=%d!!\n",*data_size,buf,buf_size,s->frameCount); - - synth=data; - - toc=amrData[offset]; - /* read rest of the frame based on ToC byte */ - q = (toc >> 2) & 0x01; - ft = (toc >> 3) & 0x0F; - - //printf("offset=%d, packet_size=%d amrData= 0x%X %X %X %X\n",offset,packed_size[ft],amrData[offset],amrData[offset+1],amrData[offset+2],amrData[offset+3]); - - offset++; - - packed_bits=amrData+offset; - - offset+=packed_size[ft]; - - //Unsort and unpack bits - s->rx_type = UnpackBits(q, ft, packed_bits, &s->mode, &serial[1]); - - //We have a new frame - s->frameCount++; - - if (s->rx_type == RX_NO_DATA) - { - s->mode = s->speech_decoder_state->prev_mode; - } - else { - s->speech_decoder_state->prev_mode = s->mode; - } - - /* if homed: check if this frame is another homing frame */ - if (s->reset_flag_old == 1) - { - /* only check until end of first subframe */ - s->reset_flag = decoder_homing_frame_test_first(&serial[1], s->mode); - } - /* produce encoder homing frame if homed & input=decoder homing frame */ - if ((s->reset_flag != 0) && (s->reset_flag_old != 0)) - { - for (i = 0; i < L_FRAME; i++) - { - synth[i] = EHF_MASK; - } - } - else - { - /* decode frame */ - Speech_Decode_Frame(s->speech_decoder_state, s->mode, &serial[1], s->rx_type, synth); - } - - //Each AMR-frame results in 160 16-bit samples - *data_size=160*2; - - /* if not homed: check whether current frame is a homing frame */ - if (s->reset_flag_old == 0) - { - /* check whole frame */ - s->reset_flag = decoder_homing_frame_test(&serial[1], s->mode); - } - /* reset decoder if current frame is a homing frame */ - if (s->reset_flag != 0) - { - Speech_Decode_Frame_reset(s->speech_decoder_state); - } - s->reset_flag_old = s->reset_flag; - - return offset; -} - - -static int amr_nb_encode_frame(AVCodecContext *avctx, - unsigned char *frame/*out*/, int buf_size, void *data/*in*/) -{ - short serial_data[250] = {0}; - AMRContext *s = avctx->priv_data; - int written; - - s->reset_flag = encoder_homing_frame_test(data); - - Speech_Encode_Frame(s->enstate, s->enc_bitrate, data, &serial_data[1], &s->mode); - - /* add frame type and mode */ - sid_sync (s->sidstate, s->mode, &s->tx_frametype); - - written = PackBits(s->mode, s->enc_bitrate, s->tx_frametype, &serial_data[1], frame); - - if (s->reset_flag != 0) - { - Speech_Encode_Frame_reset(s->enstate); - sid_sync_reset(s->sidstate); - } - return written; -} - - -#elif CONFIG_LIBAMR_NB /* Float point version*/ - -typedef struct AMRContext { - int frameCount; - void * decState; - int *enstate; - int enc_bitrate; -} AMRContext; - -static av_cold int amr_nb_decode_init(AVCodecContext * avctx) -{ - AMRContext *s = avctx->priv_data; - - s->frameCount=0; - s->decState=Decoder_Interface_init(); - if(!s->decState) - { + s->frameCount = 0; + s->decState = Decoder_Interface_init(); + if (!s->decState) { av_log(avctx, AV_LOG_ERROR, "Decoder_Interface_init error\r\n"); return -1; } amr_decode_fix_avctx(avctx); - if(avctx->channels > 1) - { + if (avctx->channels > 1) { av_log(avctx, AV_LOG_ERROR, "amr_nb: multichannel decoding not supported\n"); return -1; } @@ -385,44 +127,7 @@ static av_cold int amr_nb_decode_init(AVCodecContext * avctx) return 0; } -static av_cold int amr_nb_encode_init(AVCodecContext * avctx) -{ - AMRContext *s = avctx->priv_data; - - s->frameCount=0; - - if(avctx->sample_rate!=8000) - { - av_log(avctx, AV_LOG_ERROR, "Only 8000Hz sample rate supported\n"); - return -1; - } - - if(avctx->channels!=1) - { - av_log(avctx, AV_LOG_ERROR, "Only mono supported\n"); - return -1; - } - - avctx->frame_size=160; - avctx->coded_frame= avcodec_alloc_frame(); - - s->enstate=Encoder_Interface_init(0); - if(!s->enstate) - { - av_log(avctx, AV_LOG_ERROR, "Encoder_Interface_init error\n"); - return -1; - } - - if((s->enc_bitrate=getBitrateMode(avctx->bit_rate))<0) - { - av_log(avctx, AV_LOG_ERROR, nb_bitrate_unsupported); - return -1; - } - - return 0; -} - -static av_cold int amr_nb_decode_close(AVCodecContext * avctx) +static av_cold int amr_nb_decode_close(AVCodecContext *avctx) { AMRContext *s = avctx->priv_data; @@ -430,72 +135,39 @@ static av_cold int amr_nb_decode_close(AVCodecContext * avctx) return 0; } -static av_cold int amr_nb_encode_close(AVCodecContext * avctx) +static int amr_nb_decode_frame(AVCodecContext *avctx, void *data, + int *data_size, + const uint8_t *buf, int buf_size) { AMRContext *s = avctx->priv_data; - - Encoder_Interface_exit(s->enstate); - av_freep(&avctx->coded_frame); - return 0; -} - -static int amr_nb_decode_frame(AVCodecContext * avctx, - void *data, int *data_size, - const uint8_t * buf, int buf_size) -{ - AMRContext *s = avctx->priv_data; - const uint8_t*amrData=buf; - static const uint8_t block_size[16]={ 12, 13, 15, 17, 19, 20, 26, 31, 5, 0, 0, 0, 0, 0, 0, 0 }; + const uint8_t *amrData = buf; + static const uint8_t block_size[16] = { 12, 13, 15, 17, 19, 20, 26, 31, 5, 0, 0, 0, 0, 0, 0, 0 }; enum Mode dec_mode; int packet_size; - /* av_log(NULL,AV_LOG_DEBUG,"amr_decode_frame buf=%p buf_size=%d frameCount=%d!!\n",buf,buf_size,s->frameCount); */ + /* av_log(NULL, AV_LOG_DEBUG, "amr_decode_frame buf=%p buf_size=%d frameCount=%d!!\n", + buf, buf_size, s->frameCount); */ dec_mode = (buf[0] >> 3) & 0x000F; - packet_size = block_size[dec_mode]+1; + packet_size = block_size[dec_mode] + 1; - if(packet_size > buf_size) { - av_log(avctx, AV_LOG_ERROR, "amr frame too short (%u, should be %u)\n", buf_size, packet_size); + if (packet_size > buf_size) { + av_log(avctx, AV_LOG_ERROR, "amr frame too short (%u, should be %u)\n", + buf_size, packet_size); return -1; } s->frameCount++; - /* av_log(NULL,AV_LOG_DEBUG,"packet_size=%d amrData= 0x%X %X %X %X\n",packet_size,amrData[0],amrData[1],amrData[2],amrData[3]); */ + /* av_log(NULL, AV_LOG_DEBUG, "packet_size=%d amrData= 0x%X %X %X %X\n", + packet_size, amrData[0], amrData[1], amrData[2], amrData[3]); */ /* call decoder */ Decoder_Interface_Decode(s->decState, amrData, data, 0); - *data_size=160*2; + *data_size = 160 * 2; return packet_size; } -static int amr_nb_encode_frame(AVCodecContext *avctx, - unsigned char *frame/*out*/, int buf_size, void *data/*in*/) -{ - AMRContext *s = avctx->priv_data; - int written; - - if((s->enc_bitrate=getBitrateMode(avctx->bit_rate))<0) - { - av_log(avctx, AV_LOG_ERROR, nb_bitrate_unsupported); - return -1; - } - - written = Encoder_Interface_Encode(s->enstate, - s->enc_bitrate, - data, - frame, - 0); - /* av_log(NULL,AV_LOG_DEBUG,"amr_nb_encode_frame encoded %u bytes, bitrate %u, first byte was %#02x\n",written, s->enc_bitrate, frame[0] ); */ - - return written; -} - -#endif - -#if CONFIG_LIBAMR_NB || CONFIG_LIBAMR_NB_FIXED - -AVCodec libamr_nb_decoder = -{ +AVCodec libamr_nb_decoder = { "libamr_nb", CODEC_TYPE_AUDIO, CODEC_ID_AMR_NB, @@ -507,8 +179,69 @@ AVCodec libamr_nb_decoder = .long_name = NULL_IF_CONFIG_SMALL("libamr-nb Adaptive Multi-Rate (AMR) Narrow-Band"), }; -AVCodec libamr_nb_encoder = +static av_cold int amr_nb_encode_init(AVCodecContext *avctx) { + AMRContext *s = avctx->priv_data; + + s->frameCount = 0; + + if (avctx->sample_rate != 8000) { + av_log(avctx, AV_LOG_ERROR, "Only 8000Hz sample rate supported\n"); + return -1; + } + + if (avctx->channels != 1) { + av_log(avctx, AV_LOG_ERROR, "Only mono supported\n"); + return -1; + } + + avctx->frame_size = 160; + avctx->coded_frame = avcodec_alloc_frame(); + + s->enstate=Encoder_Interface_init(0); + if (!s->enstate) { + av_log(avctx, AV_LOG_ERROR, "Encoder_Interface_init error\n"); + return -1; + } + + if ((s->enc_bitrate = getBitrateMode(avctx->bit_rate)) < 0) { + av_log(avctx, AV_LOG_ERROR, nb_bitrate_unsupported); + return -1; + } + + return 0; +} + +static av_cold int amr_nb_encode_close(AVCodecContext *avctx) +{ + AMRContext *s = avctx->priv_data; + + Encoder_Interface_exit(s->enstate); + av_freep(&avctx->coded_frame); + return 0; +} + +static int amr_nb_encode_frame(AVCodecContext *avctx, + unsigned char *frame/*out*/, + int buf_size, void *data/*in*/) +{ + AMRContext *s = avctx->priv_data; + int written; + + if ((s->enc_bitrate = getBitrateMode(avctx->bit_rate)) < 0) { + av_log(avctx, AV_LOG_ERROR, nb_bitrate_unsupported); + return -1; + } + + written = Encoder_Interface_Encode(s->enstate, s->enc_bitrate, data, + frame, 0); + /* av_log(NULL, AV_LOG_DEBUG, "amr_nb_encode_frame encoded %u bytes, bitrate %u, first byte was %#02x\n", + written, s->enc_bitrate, frame[0] ); */ + + return written; +} + +AVCodec libamr_nb_encoder = { "libamr_nb", CODEC_TYPE_AUDIO, CODEC_ID_AMR_NB, @@ -531,85 +264,80 @@ AVCodec libamr_nb_encoder = #define typedef_h #endif -#include #include #include -/* Common code for fixed and float version*/ -typedef struct AMRWB_bitrates -{ +static const char wb_bitrate_unsupported[] = + "bitrate not supported: use one of 6.6k, 8.85k, 12.65k, 14.25k, 15.85k, 18.25k, 19.85k, 23.05k, or 23.85k\n"; + +typedef struct AMRWB_bitrates { int rate; int mode; } AMRWB_bitrates; +typedef struct AMRWBContext { + int frameCount; + void *state; + int mode; + Word16 allow_dtx; +} AMRWBContext; + +#if CONFIG_LIBAMR_WB_ENCODER + +#include + static int getWBBitrateMode(int bitrate) { /* make the correspondance between bitrate and mode */ - AMRWB_bitrates rates[]={ {6600,0}, - {8850,1}, - {12650,2}, - {14250,3}, - {15850,4}, - {18250,5}, - {19850,6}, - {23050,7}, - {23850,8}, - }; + AMRWB_bitrates rates[] = { { 6600, 0}, + { 8850, 1}, + {12650, 2}, + {14250, 3}, + {15850, 4}, + {18250, 5}, + {19850, 6}, + {23050, 7}, + {23850, 8}, }; int i; - for(i=0;i<9;i++) - { - if(rates[i].rate==bitrate) - { + for (i = 0; i < 9; i++) + if (rates[i].rate == bitrate) return rates[i].mode; - } - } /* no bitrate matching, return an error */ return -1; } - -typedef struct AMRWBContext { - int frameCount; - void *state; - int mode; - Word16 allow_dtx; -} AMRWBContext; - -static int amr_wb_encode_init(AVCodecContext * avctx) +static av_cold int amr_wb_encode_init(AVCodecContext *avctx) { AMRWBContext *s = avctx->priv_data; - s->frameCount=0; + s->frameCount = 0; - if(avctx->sample_rate!=16000) - { + if (avctx->sample_rate != 16000) { av_log(avctx, AV_LOG_ERROR, "Only 16000Hz sample rate supported\n"); return -1; } - if(avctx->channels!=1) - { + if (avctx->channels != 1) { av_log(avctx, AV_LOG_ERROR, "Only mono supported\n"); return -1; } - if((s->mode=getWBBitrateMode(avctx->bit_rate))<0) - { + if ((s->mode = getWBBitrateMode(avctx->bit_rate)) < 0) { av_log(avctx, AV_LOG_ERROR, wb_bitrate_unsupported); return -1; } - avctx->frame_size=320; - avctx->coded_frame= avcodec_alloc_frame(); + avctx->frame_size = 320; + avctx->coded_frame = avcodec_alloc_frame(); - s->state = E_IF_init(); - s->allow_dtx=0; + s->state = E_IF_init(); + s->allow_dtx = 0; return 0; } -static int amr_wb_encode_close(AVCodecContext * avctx) +static int amr_wb_encode_close(AVCodecContext *avctx) { AMRWBContext *s = avctx->priv_data; @@ -620,13 +348,13 @@ static int amr_wb_encode_close(AVCodecContext * avctx) } static int amr_wb_encode_frame(AVCodecContext *avctx, - unsigned char *frame/*out*/, int buf_size, void *data/*in*/) + unsigned char *frame/*out*/, + int buf_size, void *data/*in*/) { AMRWBContext *s = avctx->priv_data; int size; - if((s->mode=getWBBitrateMode(avctx->bit_rate))<0) - { + if ((s->mode = getWBBitrateMode(avctx->bit_rate)) < 0) { av_log(avctx, AV_LOG_ERROR, wb_bitrate_unsupported); return -1; } @@ -634,76 +362,7 @@ static int amr_wb_encode_frame(AVCodecContext *avctx, return size; } -static int amr_wb_decode_init(AVCodecContext * avctx) -{ - AMRWBContext *s = avctx->priv_data; - - s->frameCount=0; - s->state = D_IF_init(); - - amr_decode_fix_avctx(avctx); - - if(avctx->channels > 1) - { - av_log(avctx, AV_LOG_ERROR, "amr_wb: multichannel decoding not supported\n"); - return -1; - } - - return 0; -} - -static int amr_wb_decode_frame(AVCodecContext * avctx, - void *data, int *data_size, - const uint8_t * buf, int buf_size) -{ - AMRWBContext *s = avctx->priv_data; - const uint8_t*amrData=buf; - int mode; - int packet_size; - static const uint8_t block_size[16] = {18, 23, 33, 37, 41, 47, 51, 59, 61, 6, 6, 0, 0, 0, 1, 1}; - - if(buf_size==0) { - /* nothing to do */ - return 0; - } - - mode = (amrData[0] >> 3) & 0x000F; - packet_size = block_size[mode]; - - if(packet_size > buf_size) { - av_log(avctx, AV_LOG_ERROR, "amr frame too short (%u, should be %u)\n", buf_size, packet_size+1); - return -1; - } - - s->frameCount++; - D_IF_decode( s->state, amrData, data, _good_frame); - *data_size=320*2; - return packet_size; -} - -static int amr_wb_decode_close(AVCodecContext * avctx) -{ - AMRWBContext *s = avctx->priv_data; - - D_IF_exit(s->state); - return 0; -} - -AVCodec libamr_wb_decoder = -{ - "libamr_wb", - CODEC_TYPE_AUDIO, - CODEC_ID_AMR_WB, - sizeof(AMRWBContext), - amr_wb_decode_init, - NULL, - amr_wb_decode_close, - amr_wb_decode_frame, - .long_name = NULL_IF_CONFIG_SMALL("libamr-wb Adaptive Multi-Rate (AMR) Wide-Band"), -}; - -AVCodec libamr_wb_encoder = -{ +AVCodec libamr_wb_encoder = { "libamr_wb", CODEC_TYPE_AUDIO, CODEC_ID_AMR_WB, @@ -716,4 +375,72 @@ AVCodec libamr_wb_encoder = .long_name = NULL_IF_CONFIG_SMALL("libamr-wb Adaptive Multi-Rate (AMR) Wide-Band"), }; +#endif + +static av_cold int amr_wb_decode_init(AVCodecContext *avctx) +{ + AMRWBContext *s = avctx->priv_data; + + s->frameCount = 0; + s->state = D_IF_init(); + + amr_decode_fix_avctx(avctx); + + if (avctx->channels > 1) { + av_log(avctx, AV_LOG_ERROR, "amr_wb: multichannel decoding not supported\n"); + return -1; + } + + return 0; +} + +static int amr_wb_decode_frame(AVCodecContext *avctx, + void *data, int *data_size, + const uint8_t *buf, int buf_size) +{ + AMRWBContext *s = avctx->priv_data; + const uint8_t *amrData = buf; + int mode; + int packet_size; + static const uint8_t block_size[16] = {18, 24, 33, 37, 41, 47, 51, 59, 61, 6, 6, 0, 0, 0, 1, 1}; + + if (!buf_size) + /* nothing to do */ + return 0; + + mode = (amrData[0] >> 3) & 0x000F; + packet_size = block_size[mode]; + + if (packet_size > buf_size) { + av_log(avctx, AV_LOG_ERROR, "amr frame too short (%u, should be %u)\n", + buf_size, packet_size + 1); + return -1; + } + + s->frameCount++; + D_IF_decode(s->state, amrData, data, _good_frame); + *data_size = 320 * 2; + return packet_size; +} + +static int amr_wb_decode_close(AVCodecContext *avctx) +{ + AMRWBContext *s = avctx->priv_data; + + D_IF_exit(s->state); + return 0; +} + +AVCodec libamr_wb_decoder = { + "libamr_wb", + CODEC_TYPE_AUDIO, + CODEC_ID_AMR_WB, + sizeof(AMRWBContext), + amr_wb_decode_init, + NULL, + amr_wb_decode_close, + amr_wb_decode_frame, + .long_name = NULL_IF_CONFIG_SMALL("libamr-wb Adaptive Multi-Rate (AMR) Wide-Band"), +}; + #endif //CONFIG_LIBAMR_WB diff --git a/libavcodec/libavcodec.v b/libavcodec/libavcodec.v new file mode 100644 index 0000000000..561a42cd4f --- /dev/null +++ b/libavcodec/libavcodec.v @@ -0,0 +1,3 @@ +LIBAVCODEC_$MAJOR { + global: *; +}; diff --git a/libavcodec/libopencore-amr.c b/libavcodec/libopencore-amr.c new file mode 100644 index 0000000000..6ff8c3eada --- /dev/null +++ b/libavcodec/libopencore-amr.c @@ -0,0 +1,323 @@ +/* + * AMR Audio decoder stub + * Copyright (c) 2003 the ffmpeg project + * + * This file is part of FFmpeg. + * + * FFmpeg is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * FFmpeg is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with FFmpeg; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#include "avcodec.h" + +static void amr_decode_fix_avctx(AVCodecContext *avctx) +{ + const int is_amr_wb = 1 + (avctx->codec_id == CODEC_ID_AMR_WB); + + if (!avctx->sample_rate) + avctx->sample_rate = 8000 * is_amr_wb; + + if (!avctx->channels) + avctx->channels = 1; + + avctx->frame_size = 160 * is_amr_wb; + avctx->sample_fmt = SAMPLE_FMT_S16; +} + +#if CONFIG_LIBOPENCORE_AMRNB + +#include +#include + +static const char nb_bitrate_unsupported[] = + "bitrate not supported: use one of 4.75k, 5.15k, 5.9k, 6.7k, 7.4k, 7.95k, 10.2k or 12.2k\n"; + +/* Common code for fixed and float version*/ +typedef struct AMR_bitrates { + int rate; + enum Mode mode; +} AMR_bitrates; + +/* Match desired bitrate */ +static int getBitrateMode(int bitrate) +{ + /* make the correspondance between bitrate and mode */ + AMR_bitrates rates[] = { { 4750, MR475}, + { 5150, MR515}, + { 5900, MR59}, + { 6700, MR67}, + { 7400, MR74}, + { 7950, MR795}, + {10200, MR102}, + {12200, MR122}, }; + int i; + + for (i = 0; i < 8; i++) + if (rates[i].rate == bitrate) + return rates[i].mode; + /* no bitrate matching, return an error */ + return -1; +} + +typedef struct AMRContext { + int frameCount; + void *decState; + int *enstate; + int enc_bitrate; +} AMRContext; + +static av_cold int amr_nb_decode_init(AVCodecContext *avctx) +{ + AMRContext *s = avctx->priv_data; + + s->frameCount = 0; + s->decState = Decoder_Interface_init(); + if (!s->decState) { + av_log(avctx, AV_LOG_ERROR, "Decoder_Interface_init error\r\n"); + return -1; + } + + amr_decode_fix_avctx(avctx); + + if (avctx->channels > 1) { + av_log(avctx, AV_LOG_ERROR, "amr_nb: multichannel decoding not supported\n"); + return -1; + } + + return 0; +} + +static av_cold int amr_nb_decode_close(AVCodecContext *avctx) +{ + AMRContext *s = avctx->priv_data; + + Decoder_Interface_exit(s->decState); + return 0; +} + +static int amr_nb_decode_frame(AVCodecContext *avctx, void *data, + int *data_size, + const uint8_t *buf, int buf_size) +{ + AMRContext *s = avctx->priv_data; + const uint8_t *amrData = buf; + static const uint8_t block_size[16] = { 12, 13, 15, 17, 19, 20, 26, 31, 5, 0, 0, 0, 0, 0, 0, 0 }; + enum Mode dec_mode; + int packet_size; + + /* av_log(NULL, AV_LOG_DEBUG, "amr_decode_frame buf=%p buf_size=%d frameCount=%d!!\n", + buf, buf_size, s->frameCount); */ + + dec_mode = (buf[0] >> 3) & 0x000F; + packet_size = block_size[dec_mode] + 1; + + if (packet_size > buf_size) { + av_log(avctx, AV_LOG_ERROR, "amr frame too short (%u, should be %u)\n", + buf_size, packet_size); + return -1; + } + + s->frameCount++; + /* av_log(NULL, AV_LOG_DEBUG, "packet_size=%d amrData= 0x%X %X %X %X\n", + packet_size, amrData[0], amrData[1], amrData[2], amrData[3]); */ + /* call decoder */ + Decoder_Interface_Decode(s->decState, amrData, data, 0); + *data_size = 160 * 2; + + return packet_size; +} + +AVCodec libopencore_amrnb_decoder = { + "libopencore_amrnb", + CODEC_TYPE_AUDIO, + CODEC_ID_AMR_NB, + sizeof(AMRContext), + amr_nb_decode_init, + NULL, + amr_nb_decode_close, + amr_nb_decode_frame, + .long_name = NULL_IF_CONFIG_SMALL("OpenCORE Adaptive Multi-Rate (AMR) Narrow-Band"), +}; + +static av_cold int amr_nb_encode_init(AVCodecContext *avctx) +{ + AMRContext *s = avctx->priv_data; + + s->frameCount = 0; + + if (avctx->sample_rate != 8000) { + av_log(avctx, AV_LOG_ERROR, "Only 8000Hz sample rate supported\n"); + return -1; + } + + if (avctx->channels != 1) { + av_log(avctx, AV_LOG_ERROR, "Only mono supported\n"); + return -1; + } + + avctx->frame_size = 160; + avctx->coded_frame = avcodec_alloc_frame(); + + s->enstate=Encoder_Interface_init(0); + if (!s->enstate) { + av_log(avctx, AV_LOG_ERROR, "Encoder_Interface_init error\n"); + return -1; + } + + if ((s->enc_bitrate = getBitrateMode(avctx->bit_rate)) < 0) { + av_log(avctx, AV_LOG_ERROR, nb_bitrate_unsupported); + return -1; + } + + return 0; +} + +static av_cold int amr_nb_encode_close(AVCodecContext *avctx) +{ + AMRContext *s = avctx->priv_data; + + Encoder_Interface_exit(s->enstate); + av_freep(&avctx->coded_frame); + return 0; +} + +static int amr_nb_encode_frame(AVCodecContext *avctx, + unsigned char *frame/*out*/, + int buf_size, void *data/*in*/) +{ + AMRContext *s = avctx->priv_data; + int written; + + if ((s->enc_bitrate = getBitrateMode(avctx->bit_rate)) < 0) { + av_log(avctx, AV_LOG_ERROR, nb_bitrate_unsupported); + return -1; + } + + written = Encoder_Interface_Encode(s->enstate, s->enc_bitrate, data, + frame, 0); + /* av_log(NULL, AV_LOG_DEBUG, "amr_nb_encode_frame encoded %u bytes, bitrate %u, first byte was %#02x\n", + written, s->enc_bitrate, frame[0] ); */ + + return written; +} + +AVCodec libopencore_amrnb_encoder = { + "libopencore_amrnb", + CODEC_TYPE_AUDIO, + CODEC_ID_AMR_NB, + sizeof(AMRContext), + amr_nb_encode_init, + amr_nb_encode_frame, + amr_nb_encode_close, + NULL, + .sample_fmts = (enum SampleFormat[]){SAMPLE_FMT_S16,SAMPLE_FMT_NONE}, + .long_name = NULL_IF_CONFIG_SMALL("OpenCORE Adaptive Multi-Rate (AMR) Narrow-Band"), +}; + +#endif + +/* -----------AMR wideband ------------*/ +#if CONFIG_LIBOPENCORE_AMRWB + +#ifdef _TYPEDEF_H +//To avoid duplicate typedefs from typedef in amr-nb +#define typedef_h +#endif + +#include +#include + +static const char wb_bitrate_unsupported[] = + "bitrate not supported: use one of 6.6k, 8.85k, 12.65k, 14.25k, 15.85k, 18.25k, 19.85k, 23.05k, or 23.85k\n"; + +/* Common code for fixed and float version*/ +typedef struct AMRWB_bitrates { + int rate; + int mode; +} AMRWB_bitrates; + +typedef struct AMRWBContext { + int frameCount; + void *state; + int mode; + Word16 allow_dtx; +} AMRWBContext; + +static av_cold int amr_wb_decode_init(AVCodecContext *avctx) +{ + AMRWBContext *s = avctx->priv_data; + + s->frameCount = 0; + s->state = D_IF_init(); + + amr_decode_fix_avctx(avctx); + + if (avctx->channels > 1) { + av_log(avctx, AV_LOG_ERROR, "amr_wb: multichannel decoding not supported\n"); + return -1; + } + + return 0; +} + +static int amr_wb_decode_frame(AVCodecContext *avctx, + void *data, int *data_size, + const uint8_t *buf, int buf_size) +{ + AMRWBContext *s = avctx->priv_data; + const uint8_t *amrData = buf; + int mode; + int packet_size; + static const uint8_t block_size[16] = {18, 24, 33, 37, 41, 47, 51, 59, 61, 6, 6, 0, 0, 0, 1, 1}; + + if (!buf_size) + /* nothing to do */ + return 0; + + mode = (amrData[0] >> 3) & 0x000F; + packet_size = block_size[mode]; + + if (packet_size > buf_size) { + av_log(avctx, AV_LOG_ERROR, "amr frame too short (%u, should be %u)\n", + buf_size, packet_size + 1); + return -1; + } + + s->frameCount++; + D_IF_decode(s->state, amrData, data, _good_frame); + *data_size = 320 * 2; + return packet_size; +} + +static int amr_wb_decode_close(AVCodecContext *avctx) +{ + AMRWBContext *s = avctx->priv_data; + + D_IF_exit(s->state); + return 0; +} + +AVCodec libopencore_amrwb_decoder = { + "libopencore_amrwb", + CODEC_TYPE_AUDIO, + CODEC_ID_AMR_WB, + sizeof(AMRWBContext), + amr_wb_decode_init, + NULL, + amr_wb_decode_close, + amr_wb_decode_frame, + .long_name = NULL_IF_CONFIG_SMALL("OpenCORE Adaptive Multi-Rate (AMR) Wide-Band"), +}; + +#endif /* CONFIG_LIBOPENCORE_AMRWB */ diff --git a/libavcodec/libx264.c b/libavcodec/libx264.c index d82756b62f..645d45dbbb 100644 --- a/libavcodec/libx264.c +++ b/libavcodec/libx264.c @@ -27,14 +27,15 @@ #include typedef struct X264Context { - x264_param_t params; - x264_t *enc; - x264_picture_t pic; - AVFrame out_pic; + x264_param_t params; + x264_t *enc; + x264_picture_t pic; + uint8_t *sei; + int sei_size; + AVFrame out_pic; } X264Context; -static void -X264_log(void *p, int level, const char *fmt, va_list args) +static void X264_log(void *p, int level, const char *fmt, va_list args) { static const int level_map[] = { [X264_LOG_ERROR] = AV_LOG_ERROR, @@ -43,31 +44,75 @@ X264_log(void *p, int level, const char *fmt, va_list args) [X264_LOG_DEBUG] = AV_LOG_DEBUG }; - if(level < 0 || level > X264_LOG_DEBUG) + if (level < 0 || level > X264_LOG_DEBUG) return; av_vlog(p, level_map[level], fmt, args); } - -static int -encode_nals(uint8_t *buf, int size, x264_nal_t *nals, int nnal) +#if X264_BUILD >= 76 +static int encode_nals(AVCodecContext *ctx, uint8_t *buf, int size, + x264_nal_t *nals, int nnal, int skip_sei) { + X264Context *x4 = ctx->priv_data; uint8_t *p = buf; int i; - for(i = 0; i < nnal; i++){ - int s = x264_nal_encode(p, &size, 1, nals + i); - if(s < 0) + /* Write the SEI as part of the first frame. */ + if (x4->sei_size > 0 && nnal > 0) { + memcpy(p, x4->sei, x4->sei_size); + p += x4->sei_size; + x4->sei_size = 0; + } + + for (i = 0; i < nnal; i++){ + /* Don't put the SEI in extradata. */ + if (skip_sei && nals[i].i_type == NAL_SEI) { + x4->sei_size = nals[i].i_payload; + x4->sei = av_malloc(x4->sei_size); + memcpy(x4->sei, nals[i].p_payload, nals[i].i_payload); + continue; + } + memcpy(p, nals[i].p_payload, nals[i].i_payload); + p += nals[i].i_payload; + } + + return p - buf; +} +#else +static int encode_nals(AVCodecContext *ctx, uint8_t *buf, int size, x264_nal_t *nals, int nnal, int skip_sei) +{ + X264Context *x4 = ctx->priv_data; + uint8_t *p = buf; + int i, s; + + /* Write the SEI as part of the first frame. */ + if (x4->sei_size > 0 && nnal > 0) { + memcpy(p, x4->sei, x4->sei_size); + p += x4->sei_size; + x4->sei_size = 0; + } + + for (i = 0; i < nnal; i++) { + /* Don't put the SEI in extradata. */ + if (skip_sei && nals[i].i_type == NAL_SEI) { + x4->sei = av_malloc( 5 + nals[i].i_payload * 4 / 3 ); + if(x264_nal_encode(x4->sei, &x4->sei_size, 1, nals + i) < 0) + return -1; + continue; + } + s = x264_nal_encode(p, &size, 1, nals + i); + if (s < 0) return -1; p += s; } return p - buf; } +#endif -static int -X264_frame(AVCodecContext *ctx, uint8_t *buf, int bufsize, void *data) +static int X264_frame(AVCodecContext *ctx, uint8_t *buf, + int bufsize, void *data) { X264Context *x4 = ctx->priv_data; AVFrame *frame = data; @@ -75,31 +120,30 @@ X264_frame(AVCodecContext *ctx, uint8_t *buf, int bufsize, void *data) int nnal, i; x264_picture_t pic_out; - x4->pic.img.i_csp = X264_CSP_I420; + x4->pic.img.i_csp = X264_CSP_I420; x4->pic.img.i_plane = 3; if (frame) { - for(i = 0; i < 3; i++){ + for (i = 0; i < 3; i++) { x4->pic.img.plane[i] = frame->data[i]; x4->pic.img.i_stride[i] = frame->linesize[i]; } - x4->pic.i_pts = frame->pts; + x4->pic.i_pts = frame->pts; x4->pic.i_type = X264_TYPE_AUTO; } - if(x264_encoder_encode(x4->enc, &nal, &nnal, frame? &x4->pic: NULL, - &pic_out)) + if (x264_encoder_encode(x4->enc, &nal, &nnal, frame? &x4->pic: NULL, &pic_out) < 0) return -1; - bufsize = encode_nals(buf, bufsize, nal, nnal); - if(bufsize < 0) + bufsize = encode_nals(ctx, buf, bufsize, nal, nnal, 0); + if (bufsize < 0) return -1; - /* FIXME: dts */ + /* FIXME: libx264 now provides DTS, but AVFrame doesn't have a field for it. */ x4->out_pic.pts = pic_out.i_pts; - switch(pic_out.i_type){ + switch (pic_out.i_type) { case X264_TYPE_IDR: case X264_TYPE_I: x4->out_pic.pict_type = FF_I_TYPE; @@ -113,166 +157,194 @@ X264_frame(AVCodecContext *ctx, uint8_t *buf, int bufsize, void *data) break; } +#if X264_BUILD < 82 x4->out_pic.key_frame = pic_out.i_type == X264_TYPE_IDR; - x4->out_pic.quality = (pic_out.i_qpplus1 - 1) * FF_QP2LAMBDA; +#else + x4->out_pic.key_frame = pic_out.b_keyframe; +#endif + x4->out_pic.quality = (pic_out.i_qpplus1 - 1) * FF_QP2LAMBDA; return bufsize; } -static av_cold int -X264_close(AVCodecContext *avctx) +static av_cold int X264_close(AVCodecContext *avctx) { X264Context *x4 = avctx->priv_data; av_freep(&avctx->extradata); + av_free(x4->sei); - if(x4->enc) + if (x4->enc) x264_encoder_close(x4->enc); return 0; } -static av_cold int -X264_init(AVCodecContext *avctx) +static av_cold int X264_init(AVCodecContext *avctx) { X264Context *x4 = avctx->priv_data; + x4->sei_size = 0; x264_param_default(&x4->params); - x4->params.pf_log = X264_log; - x4->params.p_log_private = avctx; + x4->params.pf_log = X264_log; + x4->params.p_log_private = avctx; - x4->params.i_keyint_max = avctx->gop_size; - x4->params.rc.i_bitrate = avctx->bit_rate / 1000; + x4->params.i_keyint_max = avctx->gop_size; + x4->params.rc.i_bitrate = avctx->bit_rate / 1000; x4->params.rc.i_vbv_buffer_size = avctx->rc_buffer_size / 1000; - x4->params.rc.i_vbv_max_bitrate = avctx->rc_max_rate / 1000; - x4->params.rc.b_stat_write = avctx->flags & CODEC_FLAG_PASS1; - if(avctx->flags & CODEC_FLAG_PASS2) x4->params.rc.b_stat_read = 1; - else{ - if(avctx->crf){ - x4->params.rc.i_rc_method = X264_RC_CRF; + x4->params.rc.i_vbv_max_bitrate = avctx->rc_max_rate / 1000; + x4->params.rc.b_stat_write = avctx->flags & CODEC_FLAG_PASS1; + if (avctx->flags & CODEC_FLAG_PASS2) { + x4->params.rc.b_stat_read = 1; + } else { + if (avctx->crf) { + x4->params.rc.i_rc_method = X264_RC_CRF; x4->params.rc.f_rf_constant = avctx->crf; - }else if(avctx->cqp > -1){ - x4->params.rc.i_rc_method = X264_RC_CQP; + } else if (avctx->cqp > -1) { + x4->params.rc.i_rc_method = X264_RC_CQP; x4->params.rc.i_qp_constant = avctx->cqp; } } // if neither crf nor cqp modes are selected we have to enable the RC // we do it this way because we cannot check if the bitrate has been set - if(!(avctx->crf || (avctx->cqp > -1))) x4->params.rc.i_rc_method = X264_RC_ABR; + if (!(avctx->crf || (avctx->cqp > -1))) + x4->params.rc.i_rc_method = X264_RC_ABR; - x4->params.i_bframe = avctx->max_b_frames; - x4->params.b_cabac = avctx->coder_type == FF_CODER_TYPE_AC; + x4->params.i_bframe = avctx->max_b_frames; + x4->params.b_cabac = avctx->coder_type == FF_CODER_TYPE_AC; x4->params.i_bframe_adaptive = avctx->b_frame_strategy; - x4->params.i_bframe_bias = avctx->bframebias; - x4->params.b_bframe_pyramid = avctx->flags2 & CODEC_FLAG2_BPYRAMID; - avctx->has_b_frames= avctx->flags2 & CODEC_FLAG2_BPYRAMID ? 2 : !!avctx->max_b_frames; + x4->params.i_bframe_bias = avctx->bframebias; +#if X264_BUILD >= 78 + x4->params.i_bframe_pyramid = avctx->flags2 & CODEC_FLAG2_BPYRAMID ? X264_B_PYRAMID_NORMAL : X264_B_PYRAMID_NONE; +#else + x4->params.b_bframe_pyramid = avctx->flags2 & CODEC_FLAG2_BPYRAMID; +#endif + avctx->has_b_frames = avctx->flags2 & CODEC_FLAG2_BPYRAMID ? 2 : !!avctx->max_b_frames; x4->params.i_keyint_min = avctx->keyint_min; - if(x4->params.i_keyint_min > x4->params.i_keyint_max) + if (x4->params.i_keyint_min > x4->params.i_keyint_max) x4->params.i_keyint_min = x4->params.i_keyint_max; - x4->params.i_scenecut_threshold = avctx->scenechange_threshold; + x4->params.i_scenecut_threshold = avctx->scenechange_threshold; - x4->params.b_deblocking_filter = avctx->flags & CODEC_FLAG_LOOP_FILTER; + x4->params.b_deblocking_filter = avctx->flags & CODEC_FLAG_LOOP_FILTER; x4->params.i_deblocking_filter_alphac0 = avctx->deblockalpha; - x4->params.i_deblocking_filter_beta = avctx->deblockbeta; + x4->params.i_deblocking_filter_beta = avctx->deblockbeta; - x4->params.rc.i_qp_min = avctx->qmin; - x4->params.rc.i_qp_max = avctx->qmax; - x4->params.rc.i_qp_step = avctx->max_qdiff; + x4->params.rc.i_qp_min = avctx->qmin; + x4->params.rc.i_qp_max = avctx->qmax; + x4->params.rc.i_qp_step = avctx->max_qdiff; - x4->params.rc.f_qcompress = avctx->qcompress; /* 0.0 => cbr, 1.0 => constant qp */ - x4->params.rc.f_qblur = avctx->qblur; /* temporally blur quants */ + x4->params.rc.f_qcompress = avctx->qcompress; /* 0.0 => cbr, 1.0 => constant qp */ + x4->params.rc.f_qblur = avctx->qblur; /* temporally blur quants */ x4->params.rc.f_complexity_blur = avctx->complexityblur; - x4->params.i_frame_reference = avctx->refs; + x4->params.i_frame_reference = avctx->refs; - x4->params.i_width = avctx->width; - x4->params.i_height = avctx->height; - x4->params.vui.i_sar_width = avctx->sample_aspect_ratio.num; - x4->params.vui.i_sar_height = avctx->sample_aspect_ratio.den; - x4->params.i_fps_num = avctx->time_base.den; - x4->params.i_fps_den = avctx->time_base.num; + x4->params.i_width = avctx->width; + x4->params.i_height = avctx->height; + x4->params.vui.i_sar_width = avctx->sample_aspect_ratio.num; + x4->params.vui.i_sar_height = avctx->sample_aspect_ratio.den; +#if X264_BUILD >= 81 + x4->params.i_fps_num = x4->params.i_timebase_den = avctx->time_base.den; + x4->params.i_fps_den = x4->params.i_timebase_num = avctx->time_base.num; +#endif - x4->params.analyse.inter = 0; - if(avctx->partitions){ - if(avctx->partitions & X264_PART_I4X4) + x4->params.analyse.inter = 0; + if (avctx->partitions) { + if (avctx->partitions & X264_PART_I4X4) x4->params.analyse.inter |= X264_ANALYSE_I4x4; - if(avctx->partitions & X264_PART_I8X8) + if (avctx->partitions & X264_PART_I8X8) x4->params.analyse.inter |= X264_ANALYSE_I8x8; - if(avctx->partitions & X264_PART_P8X8) + if (avctx->partitions & X264_PART_P8X8) x4->params.analyse.inter |= X264_ANALYSE_PSUB16x16; - if(avctx->partitions & X264_PART_P4X4) + if (avctx->partitions & X264_PART_P4X4) x4->params.analyse.inter |= X264_ANALYSE_PSUB8x8; - if(avctx->partitions & X264_PART_B8X8) + if (avctx->partitions & X264_PART_B8X8) x4->params.analyse.inter |= X264_ANALYSE_BSUB16x16; } - x4->params.analyse.i_direct_mv_pred = avctx->directpred; + x4->params.analyse.i_direct_mv_pred = avctx->directpred; x4->params.analyse.b_weighted_bipred = avctx->flags2 & CODEC_FLAG2_WPRED; +#if X264_BUILD >= 79 + x4->params.analyse.i_weighted_pred = avctx->weighted_p_pred; +#endif - if(avctx->me_method == ME_EPZS) + if (avctx->me_method == ME_EPZS) x4->params.analyse.i_me_method = X264_ME_DIA; - else if(avctx->me_method == ME_HEX) + else if (avctx->me_method == ME_HEX) x4->params.analyse.i_me_method = X264_ME_HEX; - else if(avctx->me_method == ME_UMH) + else if (avctx->me_method == ME_UMH) x4->params.analyse.i_me_method = X264_ME_UMH; - else if(avctx->me_method == ME_FULL) + else if (avctx->me_method == ME_FULL) x4->params.analyse.i_me_method = X264_ME_ESA; - else if(avctx->me_method == ME_TESA) + else if (avctx->me_method == ME_TESA) x4->params.analyse.i_me_method = X264_ME_TESA; else x4->params.analyse.i_me_method = X264_ME_HEX; - x4->params.analyse.i_me_range = avctx->me_range; - x4->params.analyse.i_subpel_refine = avctx->me_subpel_quality; + x4->params.analyse.i_me_range = avctx->me_range; + x4->params.analyse.i_subpel_refine = avctx->me_subpel_quality; - x4->params.analyse.b_mixed_references = - avctx->flags2 & CODEC_FLAG2_MIXED_REFS; - x4->params.analyse.b_chroma_me = avctx->me_cmp & FF_CMP_CHROMA; - x4->params.analyse.b_transform_8x8 = avctx->flags2 & CODEC_FLAG2_8X8DCT; - x4->params.analyse.b_fast_pskip = avctx->flags2 & CODEC_FLAG2_FASTPSKIP; + x4->params.analyse.b_mixed_references = avctx->flags2 & CODEC_FLAG2_MIXED_REFS; + x4->params.analyse.b_chroma_me = avctx->me_cmp & FF_CMP_CHROMA; + x4->params.analyse.b_transform_8x8 = avctx->flags2 & CODEC_FLAG2_8X8DCT; + x4->params.analyse.b_fast_pskip = avctx->flags2 & CODEC_FLAG2_FASTPSKIP; - x4->params.analyse.i_trellis = avctx->trellis; - x4->params.analyse.i_noise_reduction = avctx->noise_reduction; + x4->params.analyse.i_trellis = avctx->trellis; + x4->params.analyse.i_noise_reduction = avctx->noise_reduction; - if(avctx->level > 0) x4->params.i_level_idc = avctx->level; + if (avctx->level > 0) + x4->params.i_level_idc = avctx->level; x4->params.rc.f_rate_tolerance = (float)avctx->bit_rate_tolerance/avctx->bit_rate; - if((avctx->rc_buffer_size != 0) && - (avctx->rc_initial_buffer_occupancy <= avctx->rc_buffer_size)){ + if ((avctx->rc_buffer_size != 0) && + (avctx->rc_initial_buffer_occupancy <= avctx->rc_buffer_size)) { x4->params.rc.f_vbv_buffer_init = - (float)avctx->rc_initial_buffer_occupancy/avctx->rc_buffer_size; - } - else x4->params.rc.f_vbv_buffer_init = 0.9; + (float)avctx->rc_initial_buffer_occupancy / avctx->rc_buffer_size; + } else + x4->params.rc.f_vbv_buffer_init = 0.9; - x4->params.rc.f_ip_factor = 1/fabs(avctx->i_quant_factor); - x4->params.rc.f_pb_factor = avctx->b_quant_factor; +#if X264_BUILD >= 69 + x4->params.rc.b_mb_tree = !!(avctx->flags2 & CODEC_FLAG2_MBTREE); +#endif + x4->params.rc.f_ip_factor = 1 / fabs(avctx->i_quant_factor); + x4->params.rc.f_pb_factor = avctx->b_quant_factor; x4->params.analyse.i_chroma_qp_offset = avctx->chromaoffset; x4->params.analyse.b_psnr = avctx->flags & CODEC_FLAG_PSNR; - x4->params.i_log_level = X264_LOG_DEBUG; + x4->params.i_log_level = X264_LOG_DEBUG; - x4->params.b_aud = avctx->flags2 & CODEC_FLAG2_AUD; + x4->params.b_aud = avctx->flags2 & CODEC_FLAG2_AUD; - x4->params.i_threads = avctx->thread_count; + x4->params.i_threads = avctx->thread_count; - x4->params.b_interlaced = avctx->flags & CODEC_FLAG_INTERLACED_DCT; + x4->params.b_interlaced = avctx->flags & CODEC_FLAG_INTERLACED_DCT; - if(avctx->flags & CODEC_FLAG_GLOBAL_HEADER){ + if (avctx->flags & CODEC_FLAG_GLOBAL_HEADER) x4->params.b_repeat_headers = 0; - } x4->enc = x264_encoder_open(&x4->params); - if(!x4->enc) + if (!x4->enc) return -1; avctx->coded_frame = &x4->out_pic; +#if X264_BUILD >= 76 + if (avctx->flags & CODEC_FLAG_GLOBAL_HEADER) { + x264_nal_t *nal; + int nnal, s; + + s = x264_encoder_headers(x4->enc, &nal, &nnal); + + avctx->extradata = av_malloc(s); + avctx->extradata_size = encode_nals(avctx, avctx->extradata, s, nal, nnal, 1); + } +#else if(avctx->flags & CODEC_FLAG_GLOBAL_HEADER){ x264_nal_t *nal; int nnal, i, s = 0; @@ -280,25 +352,26 @@ X264_init(AVCodecContext *avctx) x264_encoder_headers(x4->enc, &nal, &nnal); /* 5 bytes NAL header + worst case escaping */ - for(i = 0; i < nnal; i++) - s += 5 + nal[i].i_payload * 4 / 3; + for (i = 0; i < nnal; i++) + s += 5 + nal[i].i_payload * 4 / 3; avctx->extradata = av_malloc(s); - avctx->extradata_size = encode_nals(avctx->extradata, s, nal, nnal); + avctx->extradata_size = encode_nals(avctx, avctx->extradata, s, nal, nnal, 1); } +#endif return 0; } AVCodec libx264_encoder = { - .name = "libx264", - .type = CODEC_TYPE_VIDEO, - .id = CODEC_ID_H264, + .name = "libx264", + .type = CODEC_TYPE_VIDEO, + .id = CODEC_ID_H264, .priv_data_size = sizeof(X264Context), - .init = X264_init, - .encode = X264_frame, - .close = X264_close, - .capabilities = CODEC_CAP_DELAY, - .pix_fmts = (enum PixelFormat[]) { PIX_FMT_YUV420P, PIX_FMT_NONE }, - .long_name = NULL_IF_CONFIG_SMALL("libx264 H.264 / AVC / MPEG-4 AVC / MPEG-4 part 10"), + .init = X264_init, + .encode = X264_frame, + .close = X264_close, + .capabilities = CODEC_CAP_DELAY, + .pix_fmts = (const enum PixelFormat[]) { PIX_FMT_YUV420P, PIX_FMT_NONE }, + .long_name = NULL_IF_CONFIG_SMALL("libx264 H.264 / AVC / MPEG-4 AVC / MPEG-4 part 10"), }; diff --git a/libavcodec/libxvidff.c b/libavcodec/libxvidff.c index bdf70a09df..0bbb7123c9 100644 --- a/libavcodec/libxvidff.c +++ b/libavcodec/libxvidff.c @@ -485,6 +485,7 @@ av_cold int ff_xvid_encode_close(AVCodecContext *avctx) { if( x->twopassbuffer != NULL ) { av_free(x->twopassbuffer); av_free(x->old_twopassbuffer); + avctx->stats_out = NULL; } if( x->twopassfile != NULL ) av_free(x->twopassfile); diff --git a/libavcodec/mjpegbdec.c b/libavcodec/mjpegbdec.c index 62b29e0623..f19a87ff96 100644 --- a/libavcodec/mjpegbdec.c +++ b/libavcodec/mjpegbdec.c @@ -49,6 +49,9 @@ read_header: s->restart_count = 0; s->mjpb_skiptosod = 0; + if (buf_end - buf_ptr >= 1 << 28) + return AVERROR_INVALIDDATA; + init_get_bits(&hgb, buf_ptr, /*buf_size*/(buf_end - buf_ptr)*8); skip_bits(&hgb, 32); /* reserved zeros */ @@ -99,8 +102,8 @@ read_header: av_log(avctx, AV_LOG_DEBUG, "sod offs: 0x%x\n", sod_offs); if (sos_offs) { -// init_get_bits(&s->gb, buf+sos_offs, (buf_end - (buf+sos_offs))*8); - init_get_bits(&s->gb, buf_ptr+sos_offs, field_size*8); + init_get_bits(&s->gb, buf_ptr + sos_offs, + 8 * FFMIN(field_size, buf_end - buf_ptr - sos_offs)); s->mjpb_skiptosod = (sod_offs - sos_offs - show_bits(&s->gb, 16)); s->start_code = SOS; ff_mjpeg_decode_sos(s); diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index 145719c16e..cbaebb2f30 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -193,16 +193,16 @@ int ff_mjpeg_decode_dht(MJpegDecodeContext *s) int ff_mjpeg_decode_sof(MJpegDecodeContext *s) { - int len, nb_components, i, width, height, pix_fmt_id; + int len, nb_components, i, width, height, bits, pix_fmt_id; /* XXX: verify len field validity */ len = get_bits(&s->gb, 16); - s->bits= get_bits(&s->gb, 8); + bits= get_bits(&s->gb, 8); - if(s->pegasus_rct) s->bits=9; - if(s->bits==9 && !s->pegasus_rct) s->rct=1; //FIXME ugly + if(s->pegasus_rct) bits=9; + if(bits==9 && !s->pegasus_rct) s->rct=1; //FIXME ugly - if (s->bits != 8 && !s->lossless){ + if (bits != 8 && !s->lossless){ av_log(s->avctx, AV_LOG_ERROR, "only 8 bits/component accepted\n"); return -1; } @@ -222,7 +222,7 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s) if (nb_components <= 0 || nb_components > MAX_COMPONENTS) return -1; - if (s->ls && !(s->bits <= 8 || nb_components == 1)){ + if (s->ls && !(bits <= 8 || nb_components == 1)){ av_log(s->avctx, AV_LOG_ERROR, "only <= 8 bits/component or 16-bit gray accepted for JPEG-LS\n"); return -1; } @@ -255,11 +255,14 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s) /* if different size, realloc/alloc picture */ /* XXX: also check h_count and v_count */ - if (width != s->width || height != s->height) { + if ( width != s->width || height != s->height + || bits != s->bits + ) { av_freep(&s->qscale_table); s->width = width; s->height = height; + s->bits = bits; s->interlaced = 0; /* test interlaced mode */ @@ -784,6 +787,10 @@ static int mjpeg_decode_scan(MJpegDecodeContext *s, int nb_components, int Ah, i if (s->restart_interval && !s->restart_count) s->restart_count = s->restart_interval; + if(get_bits_count(&s->gb)>s->gb.size_in_bits){ + av_log(s->avctx, AV_LOG_ERROR, "overread %d\n", get_bits_count(&s->gb) - s->gb.size_in_bits); + return -1; + } for(i=0;i buf_size) + if (length < 4 || length > buf_size) return -1; init_get_bits(&gb, (buf + 4), (length - 4) * 8); diff --git a/libavcodec/mmvideo.c b/libavcodec/mmvideo.c index 238b991a8d..d45564c2cf 100644 --- a/libavcodec/mmvideo.c +++ b/libavcodec/mmvideo.c @@ -104,7 +104,7 @@ static void mm_decode_intra(MmContext * s, int half_horiz, int half_vert, const if (color) { memset(s->frame.data[0] + y*s->frame.linesize[0] + x, color, run_length); - if (half_vert) + if (half_vert && y + half_vert < s->avctx->height) memset(s->frame.data[0] + (y+1)*s->frame.linesize[0] + x, color, run_length); } x+= run_length; diff --git a/libavcodec/motionpixels.c b/libavcodec/motionpixels.c index f69dcf95fe..7971b09761 100644 --- a/libavcodec/motionpixels.c +++ b/libavcodec/motionpixels.c @@ -239,10 +239,13 @@ static void mp_decode_line(MotionPixelsContext *mp, GetBitContext *gb, int y) p = mp_get_yuv_from_rgb(mp, x - 1, y); } else { p.y += mp_gradient(mp, 0, mp_get_vlc(mp, gb)); + p.y = av_clip(p.y, 0, 31); if ((x & 3) == 0) { if ((y & 3) == 0) { p.v += mp_gradient(mp, 1, mp_get_vlc(mp, gb)); + p.v = av_clip(p.v, -32, 31); p.u += mp_gradient(mp, 2, mp_get_vlc(mp, gb)); + p.u = av_clip(p.u, -32, 31); mp->hpt[((y / 4) * mp->avctx->width + x) / 4] = p; } else { p.v = mp->hpt[((y / 4) * mp->avctx->width + x) / 4].v; @@ -266,9 +269,12 @@ static void mp_decode_frame_helper(MotionPixelsContext *mp, GetBitContext *gb) p = mp_get_yuv_from_rgb(mp, 0, y); } else { p.y += mp_gradient(mp, 0, mp_get_vlc(mp, gb)); + p.y = av_clip(p.y, 0, 31); if ((y & 3) == 0) { p.v += mp_gradient(mp, 1, mp_get_vlc(mp, gb)); + p.v = av_clip(p.v, -32, 31); p.u += mp_gradient(mp, 2, mp_get_vlc(mp, gb)); + p.u = av_clip(p.u, -32, 31); } mp->vpt[y] = p; mp_set_rgb_from_yuv(mp, 0, y, &p); @@ -325,7 +331,8 @@ static int mp_decode_frame(AVCodecContext *avctx, if (sz == 0) goto end; - init_vlc(&mp->vlc, mp->max_codes_bits, mp->codes_count, &mp->codes[0].size, sizeof(HuffCode), 1, &mp->codes[0].code, sizeof(HuffCode), 4, 0); + if (init_vlc(&mp->vlc, mp->max_codes_bits, mp->codes_count, &mp->codes[0].size, sizeof(HuffCode), 1, &mp->codes[0].code, sizeof(HuffCode), 4, 0)) + goto end; mp_decode_frame_helper(mp, &gb); free_vlc(&mp->vlc); diff --git a/libavcodec/mpc7.c b/libavcodec/mpc7.c index 7077c96fc2..34f76932b8 100644 --- a/libavcodec/mpc7.c +++ b/libavcodec/mpc7.c @@ -164,12 +164,19 @@ static int mpc7_decode_frame(AVCodecContext * avctx, int i, ch, t; int mb = -1; Band *bands = c->bands; - int off; + int off, out_size; int bits_used, bits_avail; memset(bands, 0, sizeof(bands)); if(buf_size <= 4){ av_log(avctx, AV_LOG_ERROR, "Too small buffer passed (%i bytes)\n", buf_size); + return AVERROR(EINVAL); + } + + out_size = (buf[1] ? c->lastframelen : MPC_FRAME_SIZE) * 4; + if (*data_size < out_size) { + av_log(avctx, AV_LOG_ERROR, "Output buffer is too small\n"); + return AVERROR(EINVAL); } bits = av_malloc(((buf_size - 1) & ~3) + FF_INPUT_BUFFER_PADDING_SIZE); @@ -248,7 +255,7 @@ static int mpc7_decode_frame(AVCodecContext * avctx, *data_size = 0; return buf_size; } - *data_size = (buf[1] ? c->lastframelen : MPC_FRAME_SIZE) * 4; + *data_size = out_size; return buf_size; } diff --git a/libavcodec/mpeg12.c b/libavcodec/mpeg12.c index 9e67ee5c61..95d128214d 100644 --- a/libavcodec/mpeg12.c +++ b/libavcodec/mpeg12.c @@ -1163,6 +1163,7 @@ typedef struct Mpeg1Context { int save_width, save_height; AVRational frame_rate_ext; ///< MPEG-2 specific framerate modificator + int extradata_decoded; } Mpeg1Context; static av_cold int mpeg_decode_init(AVCodecContext *avctx) @@ -2299,8 +2300,10 @@ static int mpeg_decode_frame(AVCodecContext *avctx, s->slice_count= 0; - if(avctx->extradata && !avctx->frame_number) + if (avctx->extradata && !s->extradata_decoded) { decode_chunks(avctx, picture, data_size, avctx->extradata, avctx->extradata_size); + s->extradata_decoded = 1; + } return decode_chunks(avctx, picture, data_size, buf, buf_size); } diff --git a/libavcodec/mpegaudiodec.c b/libavcodec/mpegaudiodec.c index ce0066bbf7..c95a571f72 100644 --- a/libavcodec/mpegaudiodec.c +++ b/libavcodec/mpegaudiodec.c @@ -173,7 +173,7 @@ void ff_compute_band_indexes(MPADecodeContext *s, GranuleDef *g){ else g->long_end = 4; /* 8000 Hz */ - g->short_start = 2 + (s->sample_rate_index != 8); + g->short_start = 3; } else { g->long_end = 0; g->short_start = 0; @@ -2287,6 +2287,10 @@ retry: avctx->bit_rate = s->bit_rate; avctx->sub_id = s->layer; + if(*data_size < 1152*avctx->channels*sizeof(OUT_INT)) + return -1; + *data_size = 0; + if(s->frame_size<=0 || s->frame_size > buf_size){ av_log(avctx, AV_LOG_ERROR, "incomplete frame\n"); return -1; @@ -2470,6 +2474,9 @@ static int decode_frame_mp3on4(AVCodecContext * avctx, OUT_INT *outptr, *bp; int fr, j, n; + if(*data_size < MPA_FRAME_SIZE * MPA_MAX_CHANNELS * s->frames * sizeof(OUT_INT)) + return -1; + *data_size = 0; // Discard too short frames if (buf_size < HEADER_SIZE) diff --git a/libavcodec/mpegvideo_common.h b/libavcodec/mpegvideo_common.h index cf66dc7fbb..6c39ac7325 100644 --- a/libavcodec/mpegvideo_common.h +++ b/libavcodec/mpegvideo_common.h @@ -727,7 +727,7 @@ static av_always_inline void MPV_motion_internal(MpegEncContext *s, 0, 0, 0, ref_picture, pix_op, qpix_op, s->mv[dir][0][0], s->mv[dir][0][1], 16); - }else if(!is_mpeg12 && CONFIG_WMV2 && s->mspel){ + }else if(!is_mpeg12 && CONFIG_WMV2 && s->mspel && s->codec_id == CODEC_ID_WMV2){ ff_mspel_motion(s, dest_y, dest_cb, dest_cr, ref_picture, pix_op, s->mv[dir][0][0], s->mv[dir][0][1], 16); diff --git a/libavcodec/nellymoserdec.c b/libavcodec/nellymoserdec.c index 94e6129877..ec35369916 100644 --- a/libavcodec/nellymoserdec.c +++ b/libavcodec/nellymoserdec.c @@ -154,6 +154,7 @@ static int decode_tag(AVCodecContext * avctx, void *data, int *data_size, const uint8_t * buf, int buf_size) { NellyMoserDecodeContext *s = avctx->priv_data; + int data_max = *data_size; int blocks, i; int16_t* samples; *data_size = 0; @@ -177,6 +178,8 @@ static int decode_tag(AVCodecContext * avctx, } for (i=0 ; i data_max) + return i > 0 ? i * NELLY_BLOCK_LEN : -1; nelly_decode_block(s, &buf[i*NELLY_BLOCK_LEN], s->float_buf); s->dsp.float_to_int16(&samples[i*NELLY_SAMPLES], s->float_buf, NELLY_SAMPLES); *data_size += NELLY_SAMPLES*sizeof(int16_t); diff --git a/libavcodec/nuv.c b/libavcodec/nuv.c index 109ef41a8c..64ba3ccc10 100644 --- a/libavcodec/nuv.c +++ b/libavcodec/nuv.c @@ -182,17 +182,18 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, } if (c->codec_frameheader) { int w, h, q; - if (buf_size < 12) { + if (buf_size < RTJPEG_HEADER_SIZE || buf[4] != RTJPEG_HEADER_SIZE || + buf[5] != RTJPEG_FILE_VERSION) { av_log(avctx, AV_LOG_ERROR, "invalid nuv video frame\n"); - return -1; + return AVERROR_INVALIDDATA; } w = AV_RL16(&buf[6]); h = AV_RL16(&buf[8]); q = buf[10]; if (!codec_reinit(avctx, w, h, q)) return -1; - buf = &buf[12]; - buf_size -= 12; + buf = &buf[RTJPEG_HEADER_SIZE]; + buf_size -= RTJPEG_HEADER_SIZE; } if (keyframe && c->pic.data[0]) diff --git a/libavcodec/options.c b/libavcodec/options.c index e5a67a4893..1ab78180a3 100644 --- a/libavcodec/options.c +++ b/libavcodec/options.c @@ -122,6 +122,7 @@ static const AVOption options[]={ {"b_qfactor", "qp factor between p and b frames", OFFSET(b_quant_factor), FF_OPT_TYPE_FLOAT, 1.25, -FLT_MAX, FLT_MAX, V|E}, {"rc_strategy", "ratecontrol method", OFFSET(rc_strategy), FF_OPT_TYPE_INT, DEFAULT, INT_MIN, INT_MAX, V|E}, {"b_strategy", "strategy to choose between I/P/B-frames", OFFSET(b_frame_strategy), FF_OPT_TYPE_INT, 0, INT_MIN, INT_MAX, V|E}, +{"wpredp", "weighted prediction analysis method", OFFSET(weighted_p_pred), FF_OPT_TYPE_INT, 0, INT_MIN, INT_MAX, V|E}, {"hurry_up", NULL, OFFSET(hurry_up), FF_OPT_TYPE_INT, DEFAULT, INT_MIN, INT_MAX, V|D}, {"ps", "rtp payload size in bits", OFFSET(rtp_payload_size), FF_OPT_TYPE_INT, DEFAULT, INT_MIN, INT_MAX, V|E}, {"mv_bits", NULL, OFFSET(mv_bits), FF_OPT_TYPE_INT, DEFAULT, INT_MIN, INT_MAX}, @@ -388,6 +389,7 @@ static const AVOption options[]={ {"request_channels", "set desired number of audio channels", OFFSET(request_channels), FF_OPT_TYPE_INT, DEFAULT, 0, INT_MAX, A|D}, {"drc_scale", "percentage of dynamic range compression to apply", OFFSET(drc_scale), FF_OPT_TYPE_FLOAT, 1.0, 0.0, 1.0, A|D}, {"reservoir", "use bit reservoir", 0, FF_OPT_TYPE_CONST, CODEC_FLAG2_BIT_RESERVOIR, INT_MIN, INT_MAX, A|E, "flags2"}, +{"mbtree", "use macroblock tree ratecontrol (x264 only)", 0, FF_OPT_TYPE_CONST, CODEC_FLAG2_MBTREE, INT_MIN, INT_MAX, V|E, "flags2"}, {"bits_per_raw_sample", NULL, OFFSET(bits_per_raw_sample), FF_OPT_TYPE_INT, DEFAULT, INT_MIN, INT_MAX}, {"channel_layout", NULL, OFFSET(channel_layout), FF_OPT_TYPE_INT64, DEFAULT, 0, INT64_MAX, A|E|D, "channel_layout"}, {"request_channel_layout", NULL, OFFSET(request_channel_layout), FF_OPT_TYPE_INT64, DEFAULT, 0, INT64_MAX, A|D, "request_channel_layout"}, diff --git a/libavcodec/parser.c b/libavcodec/parser.c index d738a62b83..1a8f4cff06 100644 --- a/libavcodec/parser.c +++ b/libavcodec/parser.c @@ -253,8 +253,10 @@ int ff_combine_frame(ParseContext *pc, int next, const uint8_t **buf, int *buf_s if(next == END_NOT_FOUND){ void* new_buffer = av_fast_realloc(pc->buffer, &pc->buffer_size, (*buf_size) + pc->index + FF_INPUT_BUFFER_PADDING_SIZE); - if(!new_buffer) + if(!new_buffer) { + pc->index = 0; return AVERROR(ENOMEM); + } pc->buffer = new_buffer; memcpy(&pc->buffer[pc->index], *buf, *buf_size); pc->index += *buf_size; @@ -267,9 +269,11 @@ int ff_combine_frame(ParseContext *pc, int next, const uint8_t **buf, int *buf_s /* append to buffer */ if(pc->index){ void* new_buffer = av_fast_realloc(pc->buffer, &pc->buffer_size, next + pc->index + FF_INPUT_BUFFER_PADDING_SIZE); - - if(!new_buffer) + if(!new_buffer) { + pc->overread_index = + pc->index = 0; return AVERROR(ENOMEM); + } pc->buffer = new_buffer; memcpy(&pc->buffer[pc->index], *buf, next + FF_INPUT_BUFFER_PADDING_SIZE ); pc->index = 0; diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c index a3431525b6..e9d80f89a9 100644 --- a/libavcodec/pngdec.c +++ b/libavcodec/pngdec.c @@ -426,6 +426,12 @@ static int decode_frame(AVCodecContext *avctx, case MKTAG('I', 'H', 'D', 'R'): if (length != 13) goto fail; + + if (s->state & PNG_IDAT) { + av_log(avctx, AV_LOG_ERROR, "IHDR after IDAT\n"); + goto fail; + } + s->width = bytestream_get_be32(&s->bytestream); s->height = bytestream_get_be32(&s->bytestream); if(avcodec_check_dimensions(avctx, s->width, s->height)){ @@ -473,7 +479,8 @@ static int decode_frame(AVCodecContext *avctx, } else if (s->bit_depth == 1 && s->color_type == PNG_COLOR_TYPE_GRAY) { avctx->pix_fmt = PIX_FMT_MONOBLACK; - } else if (s->color_type == PNG_COLOR_TYPE_PALETTE) { + } else if (s->bit_depth == 8 && + s->color_type == PNG_COLOR_TYPE_PALETTE) { avctx->pix_fmt = PIX_FMT_PAL8; } else { goto fail; diff --git a/libavcodec/ppc/check_altivec.c b/libavcodec/ppc/check_altivec.c index e034ceba41..08cc0f4374 100644 --- a/libavcodec/ppc/check_altivec.c +++ b/libavcodec/ppc/check_altivec.c @@ -63,7 +63,7 @@ int has_altivec(void) if (err == 0) return has_vu != 0; return 0; -#elif defined(RUNTIME_CPUDETECT) +#elif CONFIG_RUNTIME_CPUDETECT int proc_ver; // Support of mfspr PVR emulation added in Linux 2.6.17. __asm__ volatile("mfspr %0, 287" : "=r" (proc_ver)); diff --git a/libavcodec/qcelpdec.c b/libavcodec/qcelpdec.c index 59eff1f919..3a18470b65 100644 --- a/libavcodec/qcelpdec.c +++ b/libavcodec/qcelpdec.c @@ -802,7 +802,7 @@ erasure: *data_size = 160 * sizeof(*outbuffer); - return *data_size; + return buf_size; } AVCodec qcelp_decoder = diff --git a/libavcodec/qdm2.c b/libavcodec/qdm2.c index a3373a16d9..ba68d02103 100644 --- a/libavcodec/qdm2.c +++ b/libavcodec/qdm2.c @@ -77,6 +77,7 @@ do { \ #define SAMPLES_NEEDED_2(why) \ av_log (NULL,AV_LOG_INFO,"This file triggers some missing code. Please contact the developers.\nPosition: %s\n",why); +#define QDM2_MAX_FRAME_SIZE 512 typedef int8_t sb_int8_array[2][30][64]; @@ -169,7 +170,7 @@ typedef struct { /// I/O data const uint8_t *compressed_data; int compressed_size; - float output_buffer[1024]; + float output_buffer[QDM2_MAX_FRAME_SIZE * MPA_MAX_CHANNELS * 2]; /// Synthesis filter DECLARE_ALIGNED_16(MPA_INT, synth_buf[MPA_MAX_CHANNELS][512*2]); @@ -904,9 +905,13 @@ static void synthfilt_build_sb_samples (QDM2Context *q, GetBitContext *gb, int l break; case 30: - if (BITS_LEFT(length,gb) >= 4) - samples[0] = type30_dequant[qdm2_get_vlc(gb, &vlc_tab_type30, 0, 1)]; - else + if (BITS_LEFT(length,gb) >= 4) { + unsigned index = qdm2_get_vlc(gb, &vlc_tab_type30, 0, 1); + if (index < FF_ARRAY_ELEMS(type30_dequant)) { + samples[0] = type30_dequant[index]; + } else + samples[0] = SB_DITHERING_NOISE(sb,q->noise_idx); + } else samples[0] = SB_DITHERING_NOISE(sb,q->noise_idx); run = 1; @@ -920,8 +925,12 @@ static void synthfilt_build_sb_samples (QDM2Context *q, GetBitContext *gb, int l type34_predictor = samples[0]; type34_first = 0; } else { - samples[0] = type34_delta[qdm2_get_vlc(gb, &vlc_tab_type34, 0, 1)] / type34_div + type34_predictor; - type34_predictor = samples[0]; + unsigned index = qdm2_get_vlc(gb, &vlc_tab_type34, 0, 1); + if (index < FF_ARRAY_ELEMS(type34_delta)) { + samples[0] = type34_delta[index] / type34_div + type34_predictor; + type34_predictor = samples[0]; + } else + samples[0] = SB_DITHERING_NOISE(sb,q->noise_idx); } } else { samples[0] = SB_DITHERING_NOISE(sb,q->noise_idx); @@ -1253,6 +1262,11 @@ static void qdm2_decode_super_block (QDM2Context *q) for (i = 0; packet_bytes > 0; i++) { int j; + if (i>=FF_ARRAY_ELEMS(q->sub_packet_list_A)) { + SAMPLES_NEEDED_2("too many packet bytes"); + return; + } + q->sub_packet_list_A[i].next = NULL; if (i > 0) { @@ -1351,7 +1365,7 @@ static void qdm2_fft_decode_tones (QDM2Context *q, int duration, GetBitContext * local_int_10 = 1 << (q->group_order - duration - 1); offset = 1; - while (1) { + while (get_bits_left(gb)>0) { if (q->superblocktype_2_3) { while ((n = qdm2_get_vlc(gb, &vlc_tab_fft_tone_offset[local_int_8], 1, 2)) < 2) { offset = 1; @@ -1377,6 +1391,8 @@ static void qdm2_fft_decode_tones (QDM2Context *q, int duration, GetBitContext * return; local_int_14 = (offset >> local_int_8); + if (local_int_14 >= FF_ARRAY_ELEMS(fft_level_index_table)) + return; if (q->nb_channels > 1) { channel = get_bits1(gb); @@ -1821,6 +1837,8 @@ static av_cold int qdm2_decode_init(AVCodecContext *avctx) avctx->channels = s->nb_channels = s->channels = AV_RB32(extradata); extradata += 4; + if (s->channels > MPA_MAX_CHANNELS) + return AVERROR_INVALIDDATA; avctx->sample_rate = AV_RB32(extradata); extradata += 4; @@ -1844,6 +1862,9 @@ static av_cold int qdm2_decode_init(AVCodecContext *avctx) s->group_order = av_log2(s->group_size) + 1; s->frame_size = s->group_size / 16; // 16 iterations per super block + if (s->frame_size > QDM2_MAX_FRAME_SIZE) + return AVERROR_INVALIDDATA; + s->sub_sampling = s->fft_order - 7; s->frequency_range = 255 / (1 << (2 - s->sub_sampling)); @@ -1906,11 +1927,14 @@ static av_cold int qdm2_decode_close(AVCodecContext *avctx) } -static void qdm2_decode (QDM2Context *q, const uint8_t *in, int16_t *out) +static int qdm2_decode (QDM2Context *q, const uint8_t *in, int16_t *out) { int ch, i; const int frame_size = (q->frame_size * q->channels); + if((unsigned)frame_size > FF_ARRAY_ELEMS(q->output_buffer)/2) + return -1; + /* select input buffer */ q->compressed_data = in; q->compressed_size = q->checksum_size; @@ -1942,7 +1966,7 @@ static void qdm2_decode (QDM2Context *q, const uint8_t *in, int16_t *out) if (!q->has_errors && q->sub_packet_list_C[0].packet != NULL) { SAMPLES_NEEDED_2("has errors, and C list is not empty") - return; + return -1; } } @@ -1963,6 +1987,8 @@ static void qdm2_decode (QDM2Context *q, const uint8_t *in, int16_t *out) out[i] = value; } + + return 0; } @@ -1971,25 +1997,33 @@ static int qdm2_decode_frame(AVCodecContext *avctx, const uint8_t *buf, int buf_size) { QDM2Context *s = avctx->priv_data; + int16_t *out = data; + int i, out_size; if(!buf) return 0; if(buf_size < s->checksum_size) return -1; - *data_size = s->channels * s->frame_size * sizeof(int16_t); + out_size = 16 * s->channels * s->frame_size * + av_get_bits_per_sample_format(avctx->sample_fmt)/8; + if (*data_size < out_size) { + av_log(avctx, AV_LOG_ERROR, "Output buffer is too small\n"); + return AVERROR(EINVAL); + } av_log(avctx, AV_LOG_DEBUG, "decode(%d): %p[%d] -> %p[%d]\n", buf_size, buf, s->checksum_size, data, *data_size); - qdm2_decode(s, buf, data); - - // reading only when next superblock found - if (s->sub_packet == 0) { - return s->checksum_size; + for (i = 0; i < 16; i++) { + if (qdm2_decode(s, buf, out) < 0) + return -1; + out += s->channels * s->frame_size; } - return 0; + *data_size = out_size; + + return buf_size; } AVCodec qdm2_decoder = diff --git a/libavcodec/qpeg.c b/libavcodec/qpeg.c index aa8f69c0cf..454c371ed5 100644 --- a/libavcodec/qpeg.c +++ b/libavcodec/qpeg.c @@ -165,7 +165,7 @@ static void qpeg_decode_inter(const uint8_t *src, uint8_t *dst, int size, /* check motion vector */ if ((me_x + filled < 0) || (me_x + me_w + filled > width) || - (height - me_y - me_h < 0) || (height - me_y > orig_height) || + (height - me_y - me_h < 0) || (height - me_y >= orig_height) || (filled + me_w > width) || (height - me_h < 0)) av_log(NULL, AV_LOG_ERROR, "Bogus motion vector (%i,%i), block size %ix%i at %i,%i\n", me_x, me_y, me_w, me_h, filled, height); diff --git a/libavcodec/qtrle.c b/libavcodec/qtrle.c index d535c38dd9..d68b44f405 100644 --- a/libavcodec/qtrle.c +++ b/libavcodec/qtrle.c @@ -127,6 +127,7 @@ static inline void qtrle_decode_2n4bpp(QtrleContext *s, int stream_ptr, while (lines_to_change--) { CHECK_STREAM_PTR(2); pixel_ptr = row_ptr + (num_pixels * (s->buf[stream_ptr++] - 1)); + CHECK_PIXEL_PTR(0); /* make sure pixel_ptr is positive */ while ((rle_code = (signed char)s->buf[stream_ptr++]) != -1) { if (rle_code == 0) { @@ -183,6 +184,7 @@ static void qtrle_decode_8bpp(QtrleContext *s, int stream_ptr, int row_ptr, int while (lines_to_change--) { CHECK_STREAM_PTR(2); pixel_ptr = row_ptr + (4 * (s->buf[stream_ptr++] - 1)); + CHECK_PIXEL_PTR(0); /* make sure pixel_ptr is positive */ while ((rle_code = (signed char)s->buf[stream_ptr++]) != -1) { if (rle_code == 0) { @@ -236,6 +238,7 @@ static void qtrle_decode_16bpp(QtrleContext *s, int stream_ptr, int row_ptr, int while (lines_to_change--) { CHECK_STREAM_PTR(2); pixel_ptr = row_ptr + (s->buf[stream_ptr++] - 1) * 2; + CHECK_PIXEL_PTR(0); /* make sure pixel_ptr is positive */ while ((rle_code = (signed char)s->buf[stream_ptr++]) != -1) { if (rle_code == 0) { @@ -285,6 +288,7 @@ static void qtrle_decode_24bpp(QtrleContext *s, int stream_ptr, int row_ptr, int while (lines_to_change--) { CHECK_STREAM_PTR(2); pixel_ptr = row_ptr + (s->buf[stream_ptr++] - 1) * 3; + CHECK_PIXEL_PTR(0); /* make sure pixel_ptr is positive */ while ((rle_code = (signed char)s->buf[stream_ptr++]) != -1) { if (rle_code == 0) { @@ -336,6 +340,7 @@ static void qtrle_decode_32bpp(QtrleContext *s, int stream_ptr, int row_ptr, int while (lines_to_change--) { CHECK_STREAM_PTR(2); pixel_ptr = row_ptr + (s->buf[stream_ptr++] - 1) * 4; + CHECK_PIXEL_PTR(0); /* make sure pixel_ptr is positive */ while ((rle_code = (signed char)s->buf[stream_ptr++]) != -1) { if (rle_code == 0) { @@ -461,6 +466,8 @@ static int qtrle_decode_frame(AVCodecContext *avctx, stream_ptr += 4; height = AV_RB16(&s->buf[stream_ptr]); stream_ptr += 4; + if (height > s->avctx->height - start_line) + goto done; } else { start_line = 0; height = s->avctx->height; diff --git a/libavcodec/resample.c b/libavcodec/resample.c index 829db76570..c40f7225c2 100644 --- a/libavcodec/resample.c +++ b/libavcodec/resample.c @@ -279,9 +279,9 @@ int audio_resample(ReSampleContext *s, short *output, short *input, int nb_sampl if (s->sample_fmt[1] != SAMPLE_FMT_S16) { output_bak = output; - if (!s->buffer_size[1] || s->buffer_size[1] < lenout) { + if (!s->buffer_size[1] || s->buffer_size[1] < 2*lenout) { av_free(s->buffer[1]); - s->buffer_size[1] = lenout; + s->buffer_size[1] = 2*lenout; s->buffer[1] = av_malloc(s->buffer_size[1]); if (!s->buffer[1]) { av_log(s, AV_LOG_ERROR, "Could not allocate buffer\n"); diff --git a/libavcodec/resample2.c b/libavcodec/resample2.c index ac9db73c8c..19fed30a38 100644 --- a/libavcodec/resample2.c +++ b/libavcodec/resample2.c @@ -190,8 +190,10 @@ AVResampleContext *av_resample_init(int out_rate, int in_rate, int filter_size, memcpy(&c->filter_bank[c->filter_length*phase_count+1], c->filter_bank, (c->filter_length-1)*sizeof(FELEM)); c->filter_bank[c->filter_length*phase_count]= c->filter_bank[c->filter_length - 1]; - c->src_incr= out_rate; - c->ideal_dst_incr= c->dst_incr= in_rate * phase_count; + if(!av_reduce(&c->src_incr, &c->dst_incr, out_rate, in_rate * (int64_t)phase_count, INT32_MAX/2)) + return NULL; + c->ideal_dst_incr= c->dst_incr; + c->index= -phase_count*((c->filter_length-1)/2); return c; @@ -225,10 +227,9 @@ int av_resample(AVResampleContext *c, short *dst, short *src, int *consumed, int dst[dst_index] = src[index2>>32]; index2 += incr; } - frac += dst_index * dst_incr_frac; index += dst_index * dst_incr; - index += frac / c->src_incr; - frac %= c->src_incr; + index += (frac + dst_index * (int64_t)dst_incr_frac) / c->src_incr; + frac = (frac + dst_index * (int64_t)dst_incr_frac) % c->src_incr; }else{ for(dst_index=0; dst_index < dst_size; dst_index++){ FELEM *filter= c->filter_bank + c->filter_length*(index & c->phase_mask); diff --git a/libavcodec/roqvideodec.c b/libavcodec/roqvideodec.c index c9daec729f..8949b92144 100644 --- a/libavcodec/roqvideodec.c +++ b/libavcodec/roqvideodec.c @@ -158,6 +158,12 @@ static av_cold int roq_decode_init(AVCodecContext *avctx) RoqContext *s = avctx->priv_data; s->avctx = avctx; + + if (avctx->width%16 || avctx->height%16) { + av_log(avctx, AV_LOG_ERROR, "dimensions not being a multiple of 16 are unsupported\n"); + return AVERROR_PATCHWELCOME; + } + s->width = avctx->width; s->height = avctx->height; s->last_frame = &s->frames[0]; diff --git a/libavcodec/rpza.c b/libavcodec/rpza.c index 27ed71f937..4a0025ba63 100644 --- a/libavcodec/rpza.c +++ b/libavcodec/rpza.c @@ -84,7 +84,7 @@ static void rpza_decode_stream(RpzaContext *s) unsigned short *pixels = (unsigned short *)s->frame.data[0]; int row_ptr = 0; - int pixel_ptr = 0; + int pixel_ptr = -4; int block_ptr; int pixel_x, pixel_y; int total_blocks; @@ -140,6 +140,7 @@ static void rpza_decode_stream(RpzaContext *s) colorA = AV_RB16 (&s->buf[stream_ptr]); stream_ptr += 2; while (n_blocks--) { + ADVANCE_BLOCK() block_ptr = row_ptr + pixel_ptr; for (pixel_y = 0; pixel_y < 4; pixel_y++) { for (pixel_x = 0; pixel_x < 4; pixel_x++){ @@ -148,7 +149,6 @@ static void rpza_decode_stream(RpzaContext *s) } block_ptr += row_inc; } - ADVANCE_BLOCK(); } break; @@ -185,6 +185,7 @@ static void rpza_decode_stream(RpzaContext *s) color4[2] |= ((21 * ta + 11 * tb) >> 5); while (n_blocks--) { + ADVANCE_BLOCK(); block_ptr = row_ptr + pixel_ptr; for (pixel_y = 0; pixel_y < 4; pixel_y++) { index = s->buf[stream_ptr++]; @@ -195,12 +196,12 @@ static void rpza_decode_stream(RpzaContext *s) } block_ptr += row_inc; } - ADVANCE_BLOCK(); } break; /* Fill block with 16 colors */ case 0x00: + ADVANCE_BLOCK(); block_ptr = row_ptr + pixel_ptr; for (pixel_y = 0; pixel_y < 4; pixel_y++) { for (pixel_x = 0; pixel_x < 4; pixel_x++){ @@ -214,7 +215,6 @@ static void rpza_decode_stream(RpzaContext *s) } block_ptr += row_inc; } - ADVANCE_BLOCK(); break; /* Unknown opcode */ diff --git a/libavcodec/rtjpeg.h b/libavcodec/rtjpeg.h index 02f2058b2c..c12a78c67b 100644 --- a/libavcodec/rtjpeg.h +++ b/libavcodec/rtjpeg.h @@ -25,6 +25,9 @@ #include #include "dsputil.h" +#define RTJPEG_FILE_VERSION 0 +#define RTJPEG_HEADER_SIZE 12 + typedef struct { int w, h; DSPContext *dsp; diff --git a/libavcodec/rv10.c b/libavcodec/rv10.c index 71a25d650f..ddf0f1db1b 100644 --- a/libavcodec/rv10.c +++ b/libavcodec/rv10.c @@ -642,6 +642,11 @@ static int rv10_decode_packet(AVCodecContext *avctx, if(MPV_frame_start(s, avctx) < 0) return -1; ff_er_frame_start(s); + } else { + if (s->current_picture_ptr->pict_type != s->pict_type) { + av_log(s->avctx, AV_LOG_ERROR, "Slice type mismatch\n"); + return -1; + } } #ifdef DEBUG diff --git a/libavcodec/rv30.c b/libavcodec/rv30.c index e1b3ad1db6..0d25eac159 100644 --- a/libavcodec/rv30.c +++ b/libavcodec/rv30.c @@ -51,6 +51,11 @@ static int rv30_parse_slice_header(RV34DecContext *r, GetBitContext *gb, SliceIn skip_bits1(gb); si->pts = get_bits(gb, 13); rpr = get_bits(gb, r->rpr); + if (r->s.avctx->extradata_size < 8 + rpr*2) { + av_log(r->s.avctx, AV_LOG_WARNING, + "Extradata does not contain selected resolution\n"); + rpr = 0; + } if(rpr){ w = r->s.avctx->extradata[6 + rpr*2] << 2; h = r->s.avctx->extradata[7 + rpr*2] << 2; @@ -74,7 +79,7 @@ static int rv30_decode_intra_types(RV34DecContext *r, GetBitContext *gb, int8_t for(i = 0; i < 4; i++, dst += r->s.b4_stride - 4){ for(j = 0; j < 4; j+= 2){ int code = svq3_get_ue_golomb(gb) << 1; - if(code >= 81*2){ + if(code >= 81U*2U){ av_log(r->s.avctx, AV_LOG_ERROR, "Incorrect intra prediction code\n"); return -1; } @@ -103,7 +108,7 @@ static int rv30_decode_mb_info(RV34DecContext *r) GetBitContext *gb = &s->gb; int code = svq3_get_ue_golomb(gb); - if(code > 11){ + if(code > 11U){ av_log(s->avctx, AV_LOG_ERROR, "Incorrect MB type code\n"); return -1; } diff --git a/libavcodec/rv34.c b/libavcodec/rv34.c index c2277076a5..c4e36211f7 100644 --- a/libavcodec/rv34.c +++ b/libavcodec/rv34.c @@ -1249,6 +1249,7 @@ static int rv34_decode_slice(RV34DecContext *r, int end, const uint8_t* buf, int MPV_common_end(s); s->width = r->si.width; s->height = r->si.height; + avcodec_set_dimensions(s->avctx, s->width, s->height); if(MPV_common_init(s) < 0) return -1; r->intra_types_hist = av_realloc(r->intra_types_hist, s->b4_stride * 4 * 2 * sizeof(*r->intra_types_hist)); @@ -1268,6 +1269,17 @@ static int rv34_decode_slice(RV34DecContext *r, int end, const uint8_t* buf, int r->next_pts = r->cur_pts; } s->mb_x = s->mb_y = 0; + } else { + int slice_type = r->si.type ? r->si.type : FF_I_TYPE; + + if (slice_type != s->pict_type) { + av_log(s->avctx, AV_LOG_ERROR, "Slice type mismatch\n"); + return AVERROR_INVALIDDATA; + } + if (s->width != r->si.width || s->height != r->si.height) { + av_log(s->avctx, AV_LOG_ERROR, "Size mismatch\n"); + return AVERROR_INVALIDDATA; + } } r->si.end = end; @@ -1400,8 +1412,9 @@ int ff_rv34_decode_frame(AVCodecContext *avctx, slice_count = avctx->slice_count; //parse first slice header to check whether this frame can be decoded - if(get_slice_offset(avctx, slices_hdr, 0) > buf_size){ - av_log(avctx, AV_LOG_ERROR, "Slice offset is greater than frame size\n"); + if(get_slice_offset(avctx, slices_hdr, 0) < 0 || + get_slice_offset(avctx, slices_hdr, 0) > buf_size){ + av_log(avctx, AV_LOG_ERROR, "Slice offset is invalid\n"); return -1; } init_get_bits(&s->gb, buf+get_slice_offset(avctx, slices_hdr, 0), buf_size-get_slice_offset(avctx, slices_hdr, 0)); @@ -1429,8 +1442,8 @@ int ff_rv34_decode_frame(AVCodecContext *avctx, else size= get_slice_offset(avctx, slices_hdr, i+1) - offset; - if(offset > buf_size){ - av_log(avctx, AV_LOG_ERROR, "Slice offset is greater than frame size\n"); + if(offset < 0 || offset > buf_size || size < 0){ + av_log(avctx, AV_LOG_ERROR, "Slice offset is invalid\n"); break; } @@ -1451,7 +1464,7 @@ int ff_rv34_decode_frame(AVCodecContext *avctx, break; } - if(last){ + if(last && s->current_picture_ptr){ if(r->loop_filter) r->loop_filter(r, s->mb_height - 1); ff_er_frame_end(s); diff --git a/libavcodec/rv40.c b/libavcodec/rv40.c index 8e1a470954..31c9ca3596 100644 --- a/libavcodec/rv40.c +++ b/libavcodec/rv40.c @@ -207,8 +207,11 @@ static int rv40_decode_mb_info(RV34DecContext *r) int blocks[RV34_MB_TYPES] = {0}; int count = 0; - if(!r->s.mb_skip_run) + if(!r->s.mb_skip_run) { r->s.mb_skip_run = svq3_get_ue_golomb(gb) + 1; + if(r->s.mb_skip_run > (unsigned)s->mb_num) + return -1; + } if(--r->s.mb_skip_run) return RV34_MB_SKIP; diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c index 053f5c2ed1..b39c3ab632 100644 --- a/libavcodec/shorten.c +++ b/libavcodec/shorten.c @@ -82,6 +82,7 @@ typedef struct ShortenContext { int channels; int32_t *decoded[MAX_CHANNELS]; + int32_t *decoded_base[MAX_CHANNELS]; int32_t *offset[MAX_CHANNELS]; uint8_t *bitstream; int bitstream_size; @@ -112,6 +113,8 @@ static av_cold int shorten_decode_init(AVCodecContext * avctx) static int allocate_buffers(ShortenContext *s) { int i, chan; + void *tmp_ptr; + for (chan=0; chanchannels; chan++) { if(FFMAX(1, s->nmean) >= UINT_MAX/sizeof(int32_t)){ av_log(s->avctx, AV_LOG_ERROR, "nmean too large\n"); @@ -122,12 +125,19 @@ static int allocate_buffers(ShortenContext *s) return -1; } - s->offset[chan] = av_realloc(s->offset[chan], sizeof(int32_t)*FFMAX(1, s->nmean)); + tmp_ptr = av_realloc(s->offset[chan], sizeof(int32_t)*FFMAX(1, s->nmean)); + if (!tmp_ptr) + return AVERROR(ENOMEM); + s->offset[chan] = tmp_ptr; - s->decoded[chan] = av_realloc(s->decoded[chan], sizeof(int32_t)*(s->blocksize + s->nwrap)); + tmp_ptr = av_realloc(s->decoded_base[chan], (s->blocksize + s->nwrap) * + sizeof(s->decoded_base[0][0])); + if (!tmp_ptr) + return AVERROR(ENOMEM); + s->decoded_base[chan] = tmp_ptr; for (i=0; inwrap; i++) - s->decoded[chan][i] = 0; - s->decoded[chan] += s->nwrap; + s->decoded_base[chan][i] = 0; + s->decoded[chan] = s->decoded_base[chan] + s->nwrap; } return 0; } @@ -147,7 +157,7 @@ static void fix_bitshift(ShortenContext *s, int32_t *buffer) if (s->bitshift != 0) for (i = 0; i < s->blocksize; i++) - buffer[s->nwrap + i] <<= s->bitshift; + buffer[i] <<= s->bitshift; } @@ -275,8 +285,15 @@ static int shorten_decode_frame(AVCodecContext *avctx, int i, input_buf_size = 0; int16_t *samples = data; if(s->max_framesize == 0){ + void *tmp_ptr; s->max_framesize= 1024; // should hopefully be enough for the first header - s->bitstream= av_fast_realloc(s->bitstream, &s->allocated_bitstream_size, s->max_framesize); + tmp_ptr = av_fast_realloc(s->bitstream, &s->allocated_bitstream_size, + s->max_framesize); + if (!tmp_ptr) { + av_log(avctx, AV_LOG_ERROR, "error allocating bitstream buffer\n"); + return AVERROR(ENOMEM); + } + s->bitstream = tmp_ptr; } if(1 && s->max_framesize){//FIXME truncated @@ -469,9 +486,15 @@ static int shorten_decode_frame(AVCodecContext *avctx, case FN_BITSHIFT: s->bitshift = get_ur_golomb_shorten(&s->gb, BITSHIFTSIZE); break; - case FN_BLOCKSIZE: - s->blocksize = get_uint(s, av_log2(s->blocksize)); + case FN_BLOCKSIZE: { + int blocksize = get_uint(s, av_log2(s->blocksize)); + if (blocksize > s->blocksize) { + av_log(avctx, AV_LOG_ERROR, "Increasing block size is not supported\n"); + return AVERROR_PATCHWELCOME; + } + s->blocksize = blocksize; break; + } case FN_QUIT: *data_size = 0; return buf_size; @@ -508,8 +531,8 @@ static av_cold int shorten_decode_close(AVCodecContext *avctx) int i; for (i = 0; i < s->channels; i++) { - s->decoded[i] -= s->nwrap; - av_freep(&s->decoded[i]); + s->decoded[i] = NULL; + av_freep(&s->decoded_base[i]); av_freep(&s->offset[i]); } av_freep(&s->bitstream); diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c index 03241cf921..95a9beb0a9 100644 --- a/libavcodec/smacker.c +++ b/libavcodec/smacker.c @@ -133,11 +133,13 @@ static int smacker_decode_bigtree(GetBitContext *gb, HuffContext *hc, DBCtx *ctx return -1; } b1 = get_bits_count(gb); - i1 = get_vlc2(gb, ctx->v1->table, SMKTREE_BITS, 3); + i1 = ctx->v1->table ? get_vlc2(gb, ctx->v1->table, SMKTREE_BITS, 3) : 0; b1 = get_bits_count(gb) - b1; b2 = get_bits_count(gb); - i2 = get_vlc2(gb, ctx->v2->table, SMKTREE_BITS, 3); + i2 = ctx->v2->table ? get_vlc2(gb, ctx->v2->table, SMKTREE_BITS, 3) : 0; b2 = get_bits_count(gb) - b2; + if (i1 < 0 || i2 < 0) + return -1; val = ctx->recode1[i1] | (ctx->recode2[i2] << 8); if(val == ctx->escapes[0]) { ctx->last[0] = hc->current; @@ -289,7 +291,8 @@ static int decode_header_trees(SmackVContext *smk) { smk->mmap_tbl[0] = 0; smk->mmap_last[0] = smk->mmap_last[1] = smk->mmap_last[2] = 1; } else { - smacker_decode_header_tree(smk, &gb, &smk->mmap_tbl, smk->mmap_last, mmap_size); + if (smacker_decode_header_tree(smk, &gb, &smk->mmap_tbl, smk->mmap_last, mmap_size)) + return -1; } if(!get_bits1(&gb)) { av_log(smk->avctx, AV_LOG_INFO, "Skipping MCLR tree\n"); @@ -297,7 +300,8 @@ static int decode_header_trees(SmackVContext *smk) { smk->mclr_tbl[0] = 0; smk->mclr_last[0] = smk->mclr_last[1] = smk->mclr_last[2] = 1; } else { - smacker_decode_header_tree(smk, &gb, &smk->mclr_tbl, smk->mclr_last, mclr_size); + if (smacker_decode_header_tree(smk, &gb, &smk->mclr_tbl, smk->mclr_last, mclr_size)) + return -1; } if(!get_bits1(&gb)) { av_log(smk->avctx, AV_LOG_INFO, "Skipping FULL tree\n"); @@ -305,7 +309,8 @@ static int decode_header_trees(SmackVContext *smk) { smk->full_tbl[0] = 0; smk->full_last[0] = smk->full_last[1] = smk->full_last[2] = 1; } else { - smacker_decode_header_tree(smk, &gb, &smk->full_tbl, smk->full_last, full_size); + if (smacker_decode_header_tree(smk, &gb, &smk->full_tbl, smk->full_last, full_size)) + return -1; } if(!get_bits1(&gb)) { av_log(smk->avctx, AV_LOG_INFO, "Skipping TYPE tree\n"); @@ -313,7 +318,8 @@ static int decode_header_trees(SmackVContext *smk) { smk->type_tbl[0] = 0; smk->type_last[0] = smk->type_last[1] = smk->type_last[2] = 1; } else { - smacker_decode_header_tree(smk, &gb, &smk->type_tbl, smk->type_last, type_size); + if (smacker_decode_header_tree(smk, &gb, &smk->type_tbl, smk->type_last, type_size)) + return -1; } return 0; @@ -527,8 +533,8 @@ static av_cold int decode_init(AVCodecContext *avctx) return -1; } - decode_header_trees(c); - + if (decode_header_trees(c)) + return -1; return 0; } @@ -654,6 +660,8 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data, int *data_size, } else { //8-bit data for(i = stereo; i >= 0; i--) pred[i] = get_bits(&gb, 8); + if (stereo + unp_size > *data_size) + return -1; for(i = 0; i < stereo; i++) *samples++ = (pred[i] - 0x80) << 8; for(i = 0; i < unp_size; i++) { diff --git a/libavcodec/smc.c b/libavcodec/smc.c index d0102eaa9c..c640fb2195 100644 --- a/libavcodec/smc.c +++ b/libavcodec/smc.c @@ -69,7 +69,7 @@ typedef struct SmcContext { row_ptr += stride * 4; \ } \ total_blocks--; \ - if (total_blocks < 0) \ + if (total_blocks < 0 + !!n_blocks) \ { \ av_log(s->avctx, AV_LOG_INFO, "warning: block counter just went negative (this should not happen)\n"); \ return; \ diff --git a/libavcodec/snow.c b/libavcodec/snow.c index b4a0d5a8fd..fbffce8429 100644 --- a/libavcodec/snow.c +++ b/libavcodec/snow.c @@ -1626,6 +1626,7 @@ static int alloc_blocks(SnowContext *s){ s->b_width = w; s->b_height= h; + av_free(s->block); s->block= av_mallocz(w * h * sizeof(BlockNode) << (s->block_max_depth*2)); return 0; } @@ -3554,7 +3555,7 @@ static void decode_qlogs(SnowContext *s){ } static int decode_header(SnowContext *s){ - int plane_index; + int plane_index, tmp; uint8_t kstate[32]; memset(kstate, MID_STATE, sizeof(kstate)); @@ -3583,7 +3584,12 @@ static int decode_header(SnowContext *s){ s->chroma_v_shift= get_symbol(&s->c, s->header_state, 0); s->spatial_scalability= get_rac(&s->c, s->header_state); // s->rate_scalability= get_rac(&s->c, s->header_state); - s->max_ref_frames= get_symbol(&s->c, s->header_state, 0)+1; + tmp= get_symbol(&s->c, s->header_state, 0)+1; + if(tmp < 1 || tmp > MAX_REF_FRAMES){ + av_log(s->avctx, AV_LOG_ERROR, "reference frame count is %d\n", tmp); + return -1; + } + s->max_ref_frames= tmp; decode_qlogs(s); } @@ -3649,6 +3655,7 @@ static av_cold int common_init(AVCodecContext *avctx){ int i, j; s->avctx= avctx; + s->max_ref_frames=1; //just make sure its not an invalid value in case of no initial keyframe dsputil_init(&s->dsp, avctx); @@ -4509,7 +4516,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, const && p->hcoeff[2]==2; } - if(!s->block) alloc_blocks(s); + alloc_blocks(s); frame_start(s); //keyframe flag duplication mess FIXME diff --git a/libavcodec/sp5xdec.c b/libavcodec/sp5xdec.c index 920b32d8cd..f1e436c905 100644 --- a/libavcodec/sp5xdec.c +++ b/libavcodec/sp5xdec.c @@ -88,7 +88,6 @@ static int sp5x_decode_frame(AVCodecContext *avctx, recoded[j++] = 0xFF; recoded[j++] = 0xD9; - avctx->flags &= ~CODEC_FLAG_EMU_EDGE; i = ff_mjpeg_decode_frame(avctx, data, data_size, recoded, j); av_free(recoded); diff --git a/libavcodec/svq1dec.c b/libavcodec/svq1dec.c index 7fef10bb99..7c4e5c960c 100644 --- a/libavcodec/svq1dec.c +++ b/libavcodec/svq1dec.c @@ -676,6 +676,7 @@ static int svq1_decode_frame(AVCodecContext *avctx, #endif return result; } + avcodec_set_dimensions(avctx, s->width, s->height); //FIXME this avoids some confusion for "B frames" without 2 references //this should be removed after libavcodec can handle more flexible picture types & ordering diff --git a/libavcodec/svq3.c b/libavcodec/svq3.c index bef7075a26..5d4d4119e0 100644 --- a/libavcodec/svq3.c +++ b/libavcodec/svq3.c @@ -202,7 +202,7 @@ static inline int svq3_decode_block(GetBitContext *gb, DCTELEM *block, for (limit = (16 >> intra); index < 16; index = limit, limit += 8) { for (; (vlc = svq3_get_ue_golomb(gb)) != 0; index++) { - if (vlc == INVALID_VLC) + if (vlc < 0) return -1; sign = (vlc & 0x1) - 1; @@ -220,7 +220,7 @@ static inline int svq3_decode_block(GetBitContext *gb, DCTELEM *block, level = ((vlc + 9) >> 2) - run; } } else { - if (vlc < 16) { + if (vlc < 16U) { run = svq3_dct_tables[intra][vlc].run; level = svq3_dct_tables[intra][vlc].level; } else if (intra) { @@ -549,7 +549,7 @@ static int svq3_decode_mb(H264Context *h, unsigned int mb_type) for (i = 0; i < 16; i+=2) { vlc = svq3_get_ue_golomb(&s->gb); - if (vlc >= 25){ + if (vlc >= 25U){ av_log(h->s.avctx, AV_LOG_ERROR, "luma prediction:%d\n", vlc); return -1; } @@ -620,7 +620,7 @@ static int svq3_decode_mb(H264Context *h, unsigned int mb_type) } if (!IS_INTRA16x16(mb_type) && (!IS_SKIP(mb_type) || s->pict_type == FF_B_TYPE)) { - if ((vlc = svq3_get_ue_golomb(&s->gb)) >= 48){ + if ((vlc = svq3_get_ue_golomb(&s->gb)) >= 48U){ av_log(h->s.avctx, AV_LOG_ERROR, "cbp_vlc=%d\n", vlc); return -1; } @@ -630,7 +630,7 @@ static int svq3_decode_mb(H264Context *h, unsigned int mb_type) if (IS_INTRA16x16(mb_type) || (s->pict_type != FF_I_TYPE && s->adaptive_quant && cbp)) { s->qscale += svq3_get_se_golomb(&s->gb); - if (s->qscale > 31){ + if (s->qscale > 31U){ av_log(h->s.avctx, AV_LOG_ERROR, "qscale:%d\n", s->qscale); return -1; } @@ -727,7 +727,7 @@ static int svq3_decode_slice_header(H264Context *h) skip_bits_long(&s->gb, 0); } - if ((i = svq3_get_ue_golomb(&s->gb)) == INVALID_VLC || i >= 3){ + if ((i = svq3_get_ue_golomb(&s->gb)) >= 3U){ av_log(h->s.avctx, AV_LOG_ERROR, "illegal slice type %d \n", i); return -1; } diff --git a/libavcodec/tiffenc.c b/libavcodec/tiffenc.c index 1bc3c82c7e..4d6172fc46 100644 --- a/libavcodec/tiffenc.c +++ b/libavcodec/tiffenc.c @@ -304,6 +304,10 @@ static int encode_frame(AVCodecContext * avctx, unsigned char *buf, strip_sizes = av_mallocz(sizeof(*strip_sizes) * strips); strip_offsets = av_mallocz(sizeof(*strip_offsets) * strips); + if (!strip_sizes || !strip_offsets) { + ret = AVERROR(ENOMEM); + goto fail; + } bytes_per_row = (((s->width - 1)/s->subsampling[0] + 1) * s->bpp * s->subsampling[0] * s->subsampling[1] + 7) >> 3; @@ -311,6 +315,7 @@ static int encode_frame(AVCodecContext * avctx, unsigned char *buf, yuv_line = av_malloc(bytes_per_row); if (yuv_line == NULL){ av_log(s->avctx, AV_LOG_ERROR, "Not enough memory\n"); + ret = AVERROR(ENOMEM); goto fail; } } @@ -323,6 +328,10 @@ static int encode_frame(AVCodecContext * avctx, unsigned char *buf, zlen = bytes_per_row * s->rps; zbuf = av_malloc(zlen); + if (!zbuf) { + ret = AVERROR(ENOMEM); + goto fail; + } strip_offsets[0] = ptr - buf; zn = 0; for (j = 0; j < s->rps; j++) { @@ -347,8 +356,13 @@ static int encode_frame(AVCodecContext * avctx, unsigned char *buf, } else #endif { - if(s->compr == TIFF_LZW) + if (s->compr == TIFF_LZW) { s->lzws = av_malloc(ff_lzw_encode_state_size); + if (!s->lzws) { + ret = AVERROR(ENOMEM); + goto fail; + } + } for (i = 0; i < s->height; i++) { if (strip_sizes[i / s->rps] == 0) { if(s->compr == TIFF_LZW){ diff --git a/libavcodec/truemotion1.c b/libavcodec/truemotion1.c index 1cf56ed3dd..ada1270bac 100644 --- a/libavcodec/truemotion1.c +++ b/libavcodec/truemotion1.c @@ -519,6 +519,10 @@ hres,vres,i,i%vres (0 < i < 4) } #define APPLY_C_PREDICTOR() \ + if(index > 1023){\ + av_log(s->avctx, AV_LOG_ERROR, " index %d went out of bounds\n", index); \ + return; \ + }\ predictor_pair = s->c_predictor_table[index]; \ horiz_pred += (predictor_pair >> 1); \ if (predictor_pair & 1) { \ @@ -536,6 +540,10 @@ hres,vres,i,i%vres (0 < i < 4) index++; #define APPLY_C_PREDICTOR_24() \ + if(index > 1023){\ + av_log(s->avctx, AV_LOG_ERROR, " index %d went out of bounds\n", index); \ + return; \ + }\ predictor_pair = s->c_predictor_table[index]; \ horiz_pred += (predictor_pair >> 1); \ if (predictor_pair & 1) { \ @@ -554,6 +562,10 @@ hres,vres,i,i%vres (0 < i < 4) #define APPLY_Y_PREDICTOR() \ + if(index > 1023){\ + av_log(s->avctx, AV_LOG_ERROR, " index %d went out of bounds\n", index); \ + return; \ + }\ predictor_pair = s->y_predictor_table[index]; \ horiz_pred += (predictor_pair >> 1); \ if (predictor_pair & 1) { \ @@ -571,6 +583,10 @@ hres,vres,i,i%vres (0 < i < 4) index++; #define APPLY_Y_PREDICTOR_24() \ + if(index > 1023){\ + av_log(s->avctx, AV_LOG_ERROR, " index %d went out of bounds\n", index); \ + return; \ + }\ predictor_pair = s->y_predictor_table[index]; \ horiz_pred += (predictor_pair >> 1); \ if (predictor_pair & 1) { \ diff --git a/libavcodec/utils.c b/libavcodec/utils.c index b6412a5313..99bfae4a0e 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -65,6 +65,8 @@ const uint8_t ff_reverse[256]={ }; static int volatile entangled_thread_counter=0; +int (*ff_lockmgr_cb)(void **mutex, enum AVLockOp op); +static void *codec_mutex; void *av_fast_realloc(void *ptr, unsigned int *size, unsigned int min_size) { @@ -163,9 +165,10 @@ void avcodec_align_dimensions(AVCodecContext *s, int *width, int *height){ case PIX_FMT_PAL8: case PIX_FMT_BGR8: case PIX_FMT_RGB8: - if(s->codec_id == CODEC_ID_SMC){ - w_align=4; - h_align=4; + if (s->codec_id == CODEC_ID_SMC || + s->codec_id == CODEC_ID_CINEPAK) { + w_align = 4; + h_align = 4; } break; case PIX_FMT_BGR24: @@ -174,6 +177,12 @@ void avcodec_align_dimensions(AVCodecContext *s, int *width, int *height){ h_align=4; } break; + case PIX_FMT_RGB24: + if (s->codec_id == CODEC_ID_CINEPAK) { + w_align = 4; + h_align = 4; + } + break; default: w_align= 1; h_align= 1; @@ -187,7 +196,7 @@ void avcodec_align_dimensions(AVCodecContext *s, int *width, int *height){ } int avcodec_check_dimensions(void *av_log_ctx, unsigned int w, unsigned int h){ - if((int)w>0 && (int)h>0 && (w+128)*(uint64_t)(h+128) < INT_MAX/4) + if((int)w>0 && (int)h>0 && (w+128)*(uint64_t)(h+128) < INT_MAX/8) return 0; av_log(av_log_ctx, AV_LOG_ERROR, "picture size invalid (%ux%u)\n", w, h); @@ -420,6 +429,12 @@ int attribute_align_arg avcodec_open(AVCodecContext *avctx, AVCodec *codec) { int ret= -1; + /* If there is a user-supplied mutex locking routine, call it. */ + if (ff_lockmgr_cb) { + if ((*ff_lockmgr_cb)(&codec_mutex, AV_LOCK_OBTAIN)) + return -1; + } + entangled_thread_counter++; if(entangled_thread_counter != 1){ av_log(avctx, AV_LOG_ERROR, "insufficient thread locking around avcodec_open/close()\n"); @@ -464,6 +479,11 @@ int attribute_align_arg avcodec_open(AVCodecContext *avctx, AVCodec *codec) ret=0; end: entangled_thread_counter--; + + /* Release any user-supplied mutex. */ + if (ff_lockmgr_cb) { + (*ff_lockmgr_cb)(&codec_mutex, AV_LOCK_RELEASE); + } return ret; } @@ -583,6 +603,12 @@ int avcodec_decode_subtitle(AVCodecContext *avctx, AVSubtitle *sub, int avcodec_close(AVCodecContext *avctx) { + /* If there is a user-supplied mutex locking routine, call it. */ + if (ff_lockmgr_cb) { + if ((*ff_lockmgr_cb)(&codec_mutex, AV_LOCK_OBTAIN)) + return -1; + } + entangled_thread_counter++; if(entangled_thread_counter != 1){ av_log(avctx, AV_LOG_ERROR, "insufficient thread locking around avcodec_open/close()\n"); @@ -598,6 +624,11 @@ int avcodec_close(AVCodecContext *avctx) av_freep(&avctx->priv_data); avctx->codec = NULL; entangled_thread_counter--; + + /* Release any user-supplied mutex. */ + if (ff_lockmgr_cb) { + (*ff_lockmgr_cb)(&codec_mutex, AV_LOCK_RELEASE); + } return 0; } @@ -1152,3 +1183,19 @@ AVHWAccel *ff_find_hwaccel(enum CodecID codec_id, enum PixelFormat pix_fmt) } return NULL; } + +int av_lockmgr_register(int (*cb)(void **mutex, enum AVLockOp op)) +{ + if (ff_lockmgr_cb) { + if (ff_lockmgr_cb(&codec_mutex, AV_LOCK_DESTROY)) + return -1; + } + + ff_lockmgr_cb = cb; + + if (ff_lockmgr_cb) { + if (ff_lockmgr_cb(&codec_mutex, AV_LOCK_CREATE)) + return -1; + } + return 0; +} diff --git a/libavcodec/vc1.c b/libavcodec/vc1.c index 03257b8f37..3b8cd22933 100644 --- a/libavcodec/vc1.c +++ b/libavcodec/vc1.c @@ -2366,7 +2366,7 @@ static void vc1_decode_ac_coeff(VC1Context *v, int *last, int *skip, int *value, if (index != vc1_ac_sizes[codingset] - 1) { run = vc1_index_decode_table[codingset][index][0]; level = vc1_index_decode_table[codingset][index][1]; - lst = index >= vc1_last_decode_table[codingset]; + lst = index >= vc1_last_decode_table[codingset] || get_bits_left(gb) < 0; if(get_bits1(gb)) level = -level; } else { @@ -4347,6 +4347,7 @@ AVCodec vc1_decoder = { vc1_decode_frame, CODEC_CAP_DELAY, NULL, + .flush = ff_mpeg_flush, .long_name = NULL_IF_CONFIG_SMALL("SMPTE VC-1"), .pix_fmts = ff_pixfmt_list_420 }; @@ -4362,6 +4363,7 @@ AVCodec wmv3_decoder = { vc1_decode_frame, CODEC_CAP_DELAY, NULL, + .flush = ff_mpeg_flush, .long_name = NULL_IF_CONFIG_SMALL("Windows Media Video 9"), .pix_fmts = ff_pixfmt_list_420 }; diff --git a/libavcodec/vmdav.c b/libavcodec/vmdav.c index 1921c81ca2..60dc7f958c 100644 --- a/libavcodec/vmdav.c +++ b/libavcodec/vmdav.c @@ -73,9 +73,11 @@ typedef struct VmdVideoContext { #define QUEUE_SIZE 0x1000 #define QUEUE_MASK 0x0FFF -static void lz_unpack(const unsigned char *src, unsigned char *dest, int dest_len) +static void lz_unpack(const unsigned char *src, int src_len, + unsigned char *dest, int dest_len) { const unsigned char *s; + unsigned int s_len; unsigned char *d; unsigned char *d_end; unsigned char queue[QUEUE_SIZE]; @@ -88,13 +90,16 @@ static void lz_unpack(const unsigned char *src, unsigned char *dest, int dest_le unsigned int i, j; s = src; + s_len = src_len; d = dest; d_end = d + dest_len; dataleft = AV_RL32(s); - s += 4; + s += 4; s_len -= 4; memset(queue, 0x20, QUEUE_SIZE); + if (s_len < 4) + return; if (AV_RL32(s) == 0x56781234) { - s += 4; + s += 4; s_len -= 4; qpos = 0x111; speclen = 0xF + 3; } else { @@ -102,32 +107,41 @@ static void lz_unpack(const unsigned char *src, unsigned char *dest, int dest_le speclen = 100; /* no speclen */ } - while (dataleft > 0) { - tag = *s++; + while (dataleft > 0 && s_len > 0) { + tag = *s++; s_len--; if ((tag == 0xFF) && (dataleft > 8)) { - if (d + 8 > d_end) + if (d + 8 > d_end || s_len < 8) return; for (i = 0; i < 8; i++) { queue[qpos++] = *d++ = *s++; qpos &= QUEUE_MASK; } + s_len -= 8; dataleft -= 8; } else { for (i = 0; i < 8; i++) { if (dataleft == 0) break; if (tag & 0x01) { - if (d + 1 > d_end) + if (d + 1 > d_end || s_len < 1) return; queue[qpos++] = *d++ = *s++; qpos &= QUEUE_MASK; dataleft--; + s_len--; } else { + if (s_len < 2) + return; chainofs = *s++; chainofs |= ((*s & 0xF0) << 4); chainlen = (*s++ & 0x0F) + 3; - if (chainlen == speclen) + s_len -= 2; + if (chainlen == speclen) { + if (s_len < 1) + return; chainlen = *s++ + 0xF + 3; + s_len--; + } if (d + chainlen > d_end) return; for (j = 0; j < chainlen; j++) { @@ -144,7 +158,7 @@ static void lz_unpack(const unsigned char *src, unsigned char *dest, int dest_le } static int rle_unpack(const unsigned char *src, unsigned char *dest, - int src_len, int dest_len) + int src_count, int src_size, int dest_len) { const unsigned char *ps; unsigned char *pd; @@ -153,31 +167,40 @@ static int rle_unpack(const unsigned char *src, unsigned char *dest, ps = src; pd = dest; - if (src_len & 1) + if (src_count & 1) { + if (src_size < 1) + return 0; *pd++ = *ps++; + src_size--; + } - src_len >>= 1; + src_count >>= 1; i = 0; do { + if (src_size < 1) + break; l = *ps++; + src_size--; if (l & 0x80) { l = (l & 0x7F) * 2; - if (pd + l > dest_end) + if (pd + l > dest_end || src_size < l) return ps - src; memcpy(pd, ps, l); ps += l; + src_size -= l; pd += l; } else { - if (pd + i > dest_end) + if (pd + i > dest_end || src_size < 2) return ps - src; for (i = 0; i < l; i++) { *pd++ = ps[0]; *pd++ = ps[1]; } ps += 2; + src_size -= 2; } i += l; - } while (i < src_len); + } while (i < src_count); return ps - src; } @@ -192,6 +215,7 @@ static void vmd_decode(VmdVideoContext *s) const unsigned char *p = s->buf + 16; const unsigned char *pb; + unsigned int pb_size; unsigned char meth; unsigned char *dp; /* pointer to current frame */ unsigned char *pp; /* pointer to previous frame */ @@ -206,6 +230,16 @@ static void vmd_decode(VmdVideoContext *s) frame_y = AV_RL16(&s->buf[8]); frame_width = AV_RL16(&s->buf[10]) - frame_x + 1; frame_height = AV_RL16(&s->buf[12]) - frame_y + 1; + if (frame_x < 0 || frame_width < 0 || + frame_x >= s->avctx->width || + frame_width > s->avctx->width || + frame_x + frame_width > s->avctx->width) + return; + if (frame_y < 0 || frame_height < 0 || + frame_y >= s->avctx->height || + frame_height > s->avctx->height || + frame_y + frame_height > s->avctx->height) + return; if ((frame_width == s->avctx->width && frame_height == s->avctx->height) && (frame_x || frame_y)) { @@ -218,8 +252,9 @@ static void vmd_decode(VmdVideoContext *s) /* if only a certain region will be updated, copy the entire previous * frame before the decode */ - if (frame_x || frame_y || (frame_width != s->avctx->width) || - (frame_height != s->avctx->height)) { + if (s->prev_frame.data[0] && + (frame_x || frame_y || (frame_width != s->avctx->width) || + (frame_height != s->avctx->height))) { memcpy(s->frame.data[0], s->prev_frame.data[0], s->avctx->height * s->frame.linesize[0]); @@ -237,14 +272,19 @@ static void vmd_decode(VmdVideoContext *s) } s->size -= (256 * 3 + 2); } - if (s->size >= 0) { + if (s->size > 0) { /* originally UnpackFrame in VAG's code */ pb = p; - meth = *pb++; + pb_size = s->buf + s->size - pb; + if (pb_size < 1) + return; + meth = *pb++; pb_size--; if (meth & 0x80) { - lz_unpack(pb, s->unpack_buffer, s->unpack_buffer_size); + lz_unpack(pb, pb_size, + s->unpack_buffer, s->unpack_buffer_size); meth &= 0x7F; pb = s->unpack_buffer; + pb_size = s->unpack_buffer_size; } dp = &s->frame.data[0][frame_y * s->frame.linesize[0] + frame_x]; @@ -255,17 +295,21 @@ static void vmd_decode(VmdVideoContext *s) for (i = 0; i < frame_height; i++) { ofs = 0; do { + if (pb_size < 1) + return; len = *pb++; + pb_size--; if (len & 0x80) { len = (len & 0x7F) + 1; - if (ofs + len > frame_width) + if (ofs + len > frame_width || pb_size < len) return; memcpy(&dp[ofs], pb, len); pb += len; + pb_size -= len; ofs += len; } else { /* interframe pixel copy */ - if (ofs + len + 1 > frame_width) + if (ofs + len + 1 > frame_width || !s->prev_frame.data[0]) return; memcpy(&dp[ofs], &pp[ofs], len + 1); ofs += len + 1; @@ -283,8 +327,11 @@ static void vmd_decode(VmdVideoContext *s) case 2: for (i = 0; i < frame_height; i++) { + if (pb_size < frame_width) + return; memcpy(dp, pb, frame_width); pb += frame_width; + pb_size -= frame_width; dp += s->frame.linesize[0]; pp += s->prev_frame.linesize[0]; } @@ -294,18 +341,27 @@ static void vmd_decode(VmdVideoContext *s) for (i = 0; i < frame_height; i++) { ofs = 0; do { + if (pb_size < 1) + return; len = *pb++; + pb_size--; if (len & 0x80) { len = (len & 0x7F) + 1; + if (pb_size < 1) + return; if (*pb++ == 0xFF) - len = rle_unpack(pb, &dp[ofs], len, frame_width - ofs); - else + len = rle_unpack(pb, &dp[ofs], len, pb_size, frame_width - ofs); + else { + if (pb_size < len) + return; memcpy(&dp[ofs], pb, len); + } pb += len; + pb_size -= 1 + len; ofs += len; } else { /* interframe pixel copy */ - if (ofs + len + 1 > frame_width) + if (ofs + len + 1 > frame_width || !s->prev_frame.data[0]) return; memcpy(&dp[ofs], &pp[ofs], len + 1); ofs += len + 1; diff --git a/libavcodec/vmnc.c b/libavcodec/vmnc.c index c7efaf8a2f..aafd89c30b 100644 --- a/libavcodec/vmnc.c +++ b/libavcodec/vmnc.c @@ -275,6 +275,11 @@ static int decode_hextile(VmncContext *c, uint8_t* dst, const uint8_t* src, int } xy = *src++; wh = *src++; + if ( (xy >> 4) + (wh >> 4) + 1 > w - i + || (xy & 0xF) + (wh & 0xF)+1 > h - j) { + av_log(c->avctx, AV_LOG_ERROR, "Rectangle outside picture\n"); + return AVERROR_INVALIDDATA; + } paint_rect(dst2, xy >> 4, xy & 0xF, (wh>>4)+1, (wh & 0xF)+1, fg, bpp, stride); } } diff --git a/libavcodec/vorbis.c b/libavcodec/vorbis.c index 45daa3c2a9..13e7e65b0f 100644 --- a/libavcodec/vorbis.c +++ b/libavcodec/vorbis.c @@ -45,6 +45,9 @@ unsigned int ff_vorbis_nth_root(unsigned int x, unsigned int n) { // x^(1/n) // Generate vlc codes from vorbis huffman code lengths +// the two bits[p] > 32 checks should be redundant, all calling code should +// already ensure that, but since it allows overwriting the stack it seems +// reasonable to check redundantly. int ff_vorbis_len2vlc(uint8_t *bits, uint32_t *codes, uint_fast32_t num) { uint_fast32_t exit_at_level[33]={404,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; @@ -63,6 +66,7 @@ int ff_vorbis_len2vlc(uint8_t *bits, uint32_t *codes, uint_fast32_t num) { } codes[p]=0; + if (bits[p] > 32) return 1; for(i=0;i 32) return 1; if (bits[p]==0) continue; // find corresponding exit(node which the tree can grow further from) for(i=bits[p];i>0;--i) { @@ -141,13 +146,13 @@ void ff_vorbis_ready_floor1_list(vorbis_floor1_entry * list, int values) { } } -static void render_line(int x0, int y0, int x1, int y1, float * buf) { +static void render_line(int x0, uint8_t y0, int x1, int y1, float * buf) { int dy = y1 - y0; int adx = x1 - x0; int base = dy / adx; int ady = FFABS(dy) - FFABS(base) * adx; int x = x0; - int y = y0; + uint8_t y = y0; int err = 0; int sy = dy<0 ? -1 : 1; buf[x] = ff_vorbis_floor1_inverse_db_table[y]; @@ -163,7 +168,8 @@ static void render_line(int x0, int y0, int x1, int y1, float * buf) { } void ff_vorbis_floor1_render_list(vorbis_floor1_entry * list, int values, uint_fast16_t * y_list, int * flag, int multiplier, float * out, int samples) { - int lx, ly, i; + int lx, i; + uint8_t ly; lx = 0; ly = y_list[0] * multiplier; for (i = 1; i < values; i++) { diff --git a/libavcodec/vorbis_dec.c b/libavcodec/vorbis_dec.c index 6ca8763bb3..1321b08440 100644 --- a/libavcodec/vorbis_dec.c +++ b/libavcodec/vorbis_dec.c @@ -37,6 +37,7 @@ #define V_NB_BITS 8 #define V_NB_BITS2 11 #define V_MAX_VLCS (1<<16) +#define V_MAX_PARTITIONS (1<<20) #ifndef V_DEBUG #define AV_DEBUG(...) @@ -59,8 +60,8 @@ typedef struct vorbis_floor0_s vorbis_floor0; typedef struct vorbis_floor1_s vorbis_floor1; struct vorbis_context_s; typedef -uint_fast8_t (* vorbis_floor_decode_func) - (struct vorbis_context_s *, vorbis_floor_data *, float *); +int (* vorbis_floor_decode_func) + (struct vorbis_context_s *, vorbis_floor_data *, float *); typedef struct { uint_fast8_t floor_type; vorbis_floor_decode_func decode; @@ -249,8 +250,8 @@ static int vorbis_parse_setup_hdr_codebooks(vorbis_context *vc) { } codebook_setup->dimensions=get_bits(gb, 16); - if (codebook_setup->dimensions>16) { - av_log(vc->avccontext, AV_LOG_ERROR, " %"PRIdFAST16". Codebook's dimension is too large (%d). \n", cb, codebook_setup->dimensions); + if (codebook_setup->dimensions>16||codebook_setup->dimensions==0) { + av_log(vc->avccontext, AV_LOG_ERROR, " %"PRIdFAST16". Codebook's dimension is invalid (%d). \n", cb, codebook_setup->dimensions); goto error; } entries=get_bits(gb, 24); @@ -442,14 +443,14 @@ static int vorbis_parse_setup_hdr_tdtransforms(vorbis_context *vc) { // Process floors part -static uint_fast8_t vorbis_floor0_decode(vorbis_context *vc, +static int vorbis_floor0_decode(vorbis_context *vc, vorbis_floor_data *vfu, float *vec); static void create_map( vorbis_context * vc, uint_fast8_t floor_number ); -static uint_fast8_t vorbis_floor1_decode(vorbis_context *vc, +static int vorbis_floor1_decode(vorbis_context *vc, vorbis_floor_data *vfu, float *vec); static int vorbis_parse_setup_hdr_floors(vorbis_context *vc) { GetBitContext *gb=&vc->gb; - uint_fast16_t i,j,k; + int i,j,k; vc->floor_count=get_bits(gb, 6)+1; @@ -465,6 +466,7 @@ static int vorbis_parse_setup_hdr_floors(vorbis_context *vc) { if (floor_setup->floor_type==1) { uint_fast8_t maximum_class=0; uint_fast8_t rangebits; + uint_fast32_t rangemax; uint_fast16_t floor1_values=2; floor_setup->decode=vorbis_floor1_decode; @@ -492,13 +494,23 @@ static int vorbis_parse_setup_hdr_floors(vorbis_context *vc) { AV_DEBUG(" %d floor %d class dim: %d subclasses %d \n", i, j, floor_setup->data.t1.class_dimensions[j], floor_setup->data.t1.class_subclasses[j]); if (floor_setup->data.t1.class_subclasses[j]) { - floor_setup->data.t1.class_masterbook[j]=get_bits(gb, 8); + int bits=get_bits(gb, 8); + if (bits>=vc->codebook_count) { + av_log(vc->avccontext, AV_LOG_ERROR, "Masterbook index %d is out of range.\n", bits); + return 1; + } + floor_setup->data.t1.class_masterbook[j]=bits; AV_DEBUG(" masterbook: %d \n", floor_setup->data.t1.class_masterbook[j]); } for(k=0;k<(1<data.t1.class_subclasses[j]);++k) { - floor_setup->data.t1.subclass_books[j][k]=(int16_t)get_bits(gb, 8)-1; + int16_t bits=get_bits(gb, 8)-1; + if (bits!=-1 && bits>=vc->codebook_count) { + av_log(vc->avccontext, AV_LOG_ERROR, "Subclass book index %d is out of range.\n", bits); + return 1; + } + floor_setup->data.t1.subclass_books[j][k]=bits; AV_DEBUG(" book %d. : %d \n", k, floor_setup->data.t1.subclass_books[j][k]); } @@ -515,8 +527,15 @@ static int vorbis_parse_setup_hdr_floors(vorbis_context *vc) { rangebits=get_bits(gb, 4); + rangemax = (1 << rangebits); + if (rangemax > vc->blocksize[1] / 2) { + av_log(vc->avccontext, AV_LOG_ERROR, + "Floor value is too large for blocksize: %d (%d)\n", + rangemax, vc->blocksize[1] / 2); + return -1; + } floor_setup->data.t1.list[0].x = 0; - floor_setup->data.t1.list[1].x = (1<data.t1.list[1].x = rangemax; for(j=0;jdata.t1.partitions;++j) { for(k=0;kdata.t1.class_dimensions[floor_setup->data.t1.partition_class[j]];++k,++floor1_values) { @@ -558,12 +577,11 @@ static int vorbis_parse_setup_hdr_floors(vorbis_context *vc) { uint_fast8_t book_idx; for (idx=0;idxdata.t0.num_books;++idx) { book_idx=get_bits(gb, 8); + if (book_idx>=vc->codebook_count) + return 1; floor_setup->data.t0.book_list[idx]=book_idx; if (vc->codebooks[book_idx].dimensions > max_codebook_dim) max_codebook_dim=vc->codebooks[book_idx].dimensions; - - if (floor_setup->data.t0.book_list[idx]>vc->codebook_count) - return 1; } } @@ -634,8 +652,20 @@ static int vorbis_parse_setup_hdr_residues(vorbis_context *vc){ res_setup->begin=get_bits(gb, 24); res_setup->end=get_bits(gb, 24); res_setup->partition_size=get_bits(gb, 24)+1; + /* Validations to prevent a buffer overflow later. */ + if (res_setup->begin>res_setup->end + || res_setup->end > (res_setup->type == 2 ? vc->avccontext->channels : 1) * vc->blocksize[1] / 2 + || (res_setup->end-res_setup->begin)/res_setup->partition_size>V_MAX_PARTITIONS) { + av_log(vc->avccontext, AV_LOG_ERROR, "partition out of bounds: type, begin, end, size, blocksize: %d, %d, %d, %d, %d\n", res_setup->type, res_setup->begin, res_setup->end, res_setup->partition_size, vc->blocksize[1]/2); + return 1; + } + res_setup->classifications=get_bits(gb, 6)+1; res_setup->classbook=get_bits(gb, 8); + if (res_setup->classbook>=vc->codebook_count) { + av_log(vc->avccontext, AV_LOG_ERROR, "classbook value %d out of range. \n", res_setup->classbook); + return 1; + } AV_DEBUG(" begin %d end %d part.size %d classif.s %d classbook %d \n", res_setup->begin, res_setup->end, res_setup->partition_size, res_setup->classifications, res_setup->classbook); @@ -655,7 +685,12 @@ static int vorbis_parse_setup_hdr_residues(vorbis_context *vc){ for(j=0;jclassifications;++j) { for(k=0;k<8;++k) { if (cascade[j]&(1<books[j][k]=get_bits(gb, 8); + int bits=get_bits(gb, 8); + if (bits>=vc->codebook_count) { + av_log(vc->avccontext, AV_LOG_ERROR, "book value %d out of range. \n", bits); + return 1; + } + res_setup->books[j][k]=bits; AV_DEBUG(" %d class casscade depth %d book: %d \n", j, k, res_setup->books[j][k]); @@ -702,7 +737,14 @@ static int vorbis_parse_setup_hdr_mappings(vorbis_context *vc) { for(j=0;jcoupling_steps;++j) { mapping_setup->magnitude[j]=get_bits(gb, ilog(vc->audio_channels-1)); mapping_setup->angle[j]=get_bits(gb, ilog(vc->audio_channels-1)); - // FIXME: sanity checks + if (mapping_setup->magnitude[j]>=vc->audio_channels) { + av_log(vc->avccontext, AV_LOG_ERROR, "magnitude channel %d out of range. \n", mapping_setup->magnitude[j]); + return 1; + } + if (mapping_setup->angle[j]>=vc->audio_channels) { + av_log(vc->avccontext, AV_LOG_ERROR, "angle channel %d out of range. \n", mapping_setup->angle[j]); + return 1; + } } } else { mapping_setup->coupling_steps=0; @@ -723,9 +765,20 @@ static int vorbis_parse_setup_hdr_mappings(vorbis_context *vc) { } for(j=0;jsubmaps;++j) { + int bits; skip_bits(gb, 8); // FIXME check? - mapping_setup->submap_floor[j]=get_bits(gb, 8); - mapping_setup->submap_residue[j]=get_bits(gb, 8); + bits=get_bits(gb, 8); + if (bits>=vc->floor_count) { + av_log(vc->avccontext, AV_LOG_ERROR, "submap floor value %d out of range. \n", bits); + return -1; + } + mapping_setup->submap_floor[j]=bits; + bits=get_bits(gb, 8); + if (bits>=vc->residue_count) { + av_log(vc->avccontext, AV_LOG_ERROR, "submap residue value %d out of range. \n", bits); + return -1; + } + mapping_setup->submap_residue[j]=bits; AV_DEBUG(" %d mapping %d submap : floor %d, residue %d \n", i, j, mapping_setup->submap_floor[j], mapping_setup->submap_residue[j]); } @@ -788,7 +841,11 @@ static int vorbis_parse_setup_hdr_modes(vorbis_context *vc) { mode_setup->blockflag=get_bits1(gb); mode_setup->windowtype=get_bits(gb, 16); //FIXME check mode_setup->transformtype=get_bits(gb, 16); //FIXME check - mode_setup->mapping=get_bits(gb, 8); //FIXME check + mode_setup->mapping=get_bits(gb, 8); + if (mode_setup->mapping>=vc->mapping_count) { + av_log(vc->avccontext, AV_LOG_ERROR, "mode mapping value %d out of range. \n", mode_setup->mapping); + return 1; + } AV_DEBUG(" %d mode: blockflag %d, windowtype %d, transformtype %d, mapping %d \n", i, mode_setup->blockflag, mode_setup->windowtype, mode_setup->transformtype, mode_setup->mapping); } @@ -853,8 +910,16 @@ static int vorbis_parse_id_hdr(vorbis_context *vc){ } vc->version=get_bits_long(gb, 32); //FIXME check 0 - vc->audio_channels=get_bits(gb, 8); //FIXME check >0 - vc->audio_samplerate=get_bits_long(gb, 32); //FIXME check >0 + vc->audio_channels=get_bits(gb, 8); + if(vc->audio_channels <= 0){ + av_log(vc->avccontext, AV_LOG_ERROR, "Invalid number of channels\n"); + return -1; + } + vc->audio_samplerate=get_bits_long(gb, 32); + if(vc->audio_samplerate <= 0){ + av_log(vc->avccontext, AV_LOG_ERROR, "Invalid samplerate\n"); + return -1; + } vc->bitrate_maximum=get_bits_long(gb, 32); vc->bitrate_nominal=get_bits_long(gb, 32); vc->bitrate_minimum=get_bits_long(gb, 32); @@ -981,7 +1046,7 @@ static av_cold int vorbis_decode_init(AVCodecContext *avccontext) { // Read and decode floor -static uint_fast8_t vorbis_floor0_decode(vorbis_context *vc, +static int vorbis_floor0_decode(vorbis_context *vc, vorbis_floor_data *vfu, float *vec) { vorbis_floor0 * vf=&vfu->t0; float * lsp=vf->lsp; @@ -1005,6 +1070,9 @@ static uint_fast8_t vorbis_floor0_decode(vorbis_context *vc, } AV_DEBUG( "floor0 dec: booknumber: %u\n", book_idx ); codebook=vc->codebooks[vf->book_list[book_idx]]; + /* Invalid codebook! */ + if (!codebook.codevectors) + return -1; while (lsp_lenorder) { int vec_off; @@ -1094,7 +1162,7 @@ static uint_fast8_t vorbis_floor0_decode(vorbis_context *vc, return 0; } -static uint_fast8_t vorbis_floor1_decode(vorbis_context *vc, vorbis_floor_data *vfu, float *vec) { +static int vorbis_floor1_decode(vorbis_context *vc, vorbis_floor_data *vfu, float *vec) { vorbis_floor1 * vf=&vfu->t1; GetBitContext *gb=&vc->gb; uint_fast16_t range_v[4]={ 256, 128, 86, 64 }; @@ -1225,7 +1293,7 @@ static uint_fast8_t vorbis_floor1_decode(vorbis_context *vc, vorbis_floor_data * // Read and decode residue -static av_always_inline int vorbis_residue_decode_internal(vorbis_context *vc, vorbis_residue *vr, uint_fast8_t ch, uint_fast8_t *do_not_decode, float *vec, uint_fast16_t vlen, int vr_type) { +static av_always_inline int vorbis_residue_decode_internal(vorbis_context *vc, vorbis_residue *vr, uint_fast8_t ch, uint_fast8_t *do_not_decode, float *vec, uint_fast16_t vlen, unsigned ch_left, int vr_type) { GetBitContext *gb=&vc->gb; uint_fast8_t c_p_c=vc->codebooks[vr->classbook].dimensions; uint_fast16_t n_to_read=vr->end-vr->begin; @@ -1235,6 +1303,7 @@ static av_always_inline int vorbis_residue_decode_internal(vorbis_context *vc, v uint_fast8_t ch_used; uint_fast8_t i,j,l; uint_fast16_t k; + unsigned max_output = (ch - 1) * vlen; if (vr_type==2) { for(j=1;jend / ch; } else { ch_used=ch; + max_output += vr->end; + } + + if (max_output > ch_left * vlen) { + av_log(vc->avccontext, AV_LOG_ERROR, "Insufficient output buffer\n"); + return -1; } AV_DEBUG(" residue type 0/1/2 decode begin, ch: %d cpc %d \n", ch, c_p_c); @@ -1367,14 +1443,14 @@ static av_always_inline int vorbis_residue_decode_internal(vorbis_context *vc, v return 0; } -static inline int vorbis_residue_decode(vorbis_context *vc, vorbis_residue *vr, uint_fast8_t ch, uint_fast8_t *do_not_decode, float *vec, uint_fast16_t vlen) +static inline int vorbis_residue_decode(vorbis_context *vc, vorbis_residue *vr, uint_fast8_t ch, uint_fast8_t *do_not_decode, float *vec, uint_fast16_t vlen, unsigned ch_left) { if (vr->type==2) - return vorbis_residue_decode_internal(vc, vr, ch, do_not_decode, vec, vlen, 2); - else if (vr->type==1) - return vorbis_residue_decode_internal(vc, vr, ch, do_not_decode, vec, vlen, 1); - else if (vr->type==0) - return vorbis_residue_decode_internal(vc, vr, ch, do_not_decode, vec, vlen, 0); + return vorbis_residue_decode_internal(vc, vr, ch, do_not_decode, vec, vlen, ch_left, 2); + else if (vr->type == 1) + return vorbis_residue_decode_internal(vc, vr, ch, do_not_decode, vec, vlen, ch_left, 1); + else if (vr->type == 0) + return vorbis_residue_decode_internal(vc, vr, ch, do_not_decode, vec, vlen, ch_left, 0); else { av_log(vc->avccontext, AV_LOG_ERROR, " Invalid residue type while residue decode?! \n"); return 1; @@ -1437,6 +1513,8 @@ static int vorbis_parse_audio_packet(vorbis_context *vc) { uint_fast8_t res_num=0; int_fast16_t retlen=0; float fadd_bias = vc->add_bias; + unsigned ch_left = vc->audio_channels; + unsigned vlen; if (get_bits1(gb)) { av_log(vc->avccontext, AV_LOG_ERROR, "Not a Vorbis I audio packet.\n"); @@ -1448,6 +1526,10 @@ static int vorbis_parse_audio_packet(vorbis_context *vc) { } else { mode_number=get_bits(gb, ilog(vc->mode_count-1)); } + if (mode_number>=vc->mode_count) { + av_log(vc->avccontext, AV_LOG_ERROR, "mode number %d out of range.\n", mode_number); + return -1; + } vc->mode_number=mode_number; mapping=&vc->mappings[vc->modes[mode_number].mapping]; @@ -1455,25 +1537,33 @@ static int vorbis_parse_audio_packet(vorbis_context *vc) { blockflag=vc->modes[mode_number].blockflag; blocksize=vc->blocksize[blockflag]; + vlen = blocksize / 2; if (blockflag) { skip_bits(gb, 2); // previous_window, next_window } - memset(ch_res_ptr, 0, sizeof(float)*vc->audio_channels*blocksize/2); //FIXME can this be removed ? - memset(ch_floor_ptr, 0, sizeof(float)*vc->audio_channels*blocksize/2); //FIXME can this be removed ? + memset(ch_res_ptr, 0, sizeof(float)*vc->audio_channels*vlen); //FIXME can this be removed ? + memset(ch_floor_ptr, 0, sizeof(float)*vc->audio_channels*vlen); //FIXME can this be removed ? // Decode floor for(i=0;iaudio_channels;++i) { vorbis_floor *floor; + int ret; if (mapping->submaps>1) { floor=&vc->floors[mapping->submap_floor[mapping->mux[i]]]; } else { floor=&vc->floors[mapping->submap_floor[0]]; } - no_residue[i]=floor->decode(vc, &floor->data, ch_floor_ptr); - ch_floor_ptr+=blocksize/2; + ret = floor->decode(vc, &floor->data, ch_floor_ptr); + + if (ret < 0) { + av_log(vc->avccontext, AV_LOG_ERROR, "Invalid codebook in vorbis_floor_decode.\n"); + return -1; + } + no_residue[i] = ret; + ch_floor_ptr += vlen; } // Nonzero vector propagate @@ -1490,9 +1580,10 @@ static int vorbis_parse_audio_packet(vorbis_context *vc) { for(i=0;isubmaps;++i) { vorbis_residue *residue; uint_fast8_t ch=0; + int ret; for(j=0;jaudio_channels;++j) { - if ((mapping->submaps==1) || (i=mapping->mux[j])) { + if ((mapping->submaps==1) || (i==mapping->mux[j])) { res_chan[j]=res_num; if (no_residue[j]) { do_not_decode[ch]=1; @@ -1504,9 +1595,18 @@ static int vorbis_parse_audio_packet(vorbis_context *vc) { } } residue=&vc->residues[mapping->submap_residue[i]]; - vorbis_residue_decode(vc, residue, ch, do_not_decode, ch_res_ptr, blocksize/2); + if (ch_left < ch) { + av_log(vc->avccontext, AV_LOG_ERROR, "Too many channels in vorbis_floor_decode.\n"); + return -1; + } + if (ch) { + ret = vorbis_residue_decode(vc, residue, ch, do_not_decode, ch_res_ptr, vlen, ch_left); + if (ret < 0) + return ret; + } - ch_res_ptr+=ch*blocksize/2; + ch_res_ptr += ch * vlen; + ch_left -= ch; } // Inverse coupling diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c index 64901616cc..69248d6775 100644 --- a/libavcodec/vp3.c +++ b/libavcodec/vp3.c @@ -43,6 +43,8 @@ #define FRAGMENT_PIXELS 8 +static av_cold int vp3_decode_end(AVCodecContext *avctx); + typedef struct Coeff { struct Coeff *next; DCTELEM coeff; @@ -1009,12 +1011,12 @@ static int unpack_vlcs(Vp3DecodeContext *s, GetBitContext *gb, /* decode a VLC into a token */ token = get_vlc2(gb, table->table, 5, 3); /* use the token to get a zero run, a coefficient, and an eob run */ - if (token <= 6) { + if ((unsigned) token <= 6U) { eob_run = eob_run_base[token]; if (eob_run_get_bits[token]) eob_run += get_bits(gb, eob_run_get_bits[token]); coeff = zero_run = 0; - } else { + } else if (token >= 0) { bits_to_get = coeff_get_bits[token]; if (!bits_to_get) coeff = coeff_tables[token][0]; @@ -1024,6 +1026,10 @@ static int unpack_vlcs(Vp3DecodeContext *s, GetBitContext *gb, zero_run = zero_run_base[token]; if (zero_run_get_bits[token]) zero_run += get_bits(gb, zero_run_get_bits[token]); + } else { + av_log(s->avctx, AV_LOG_ERROR, + "Invalid token %d\n", token); + return -1; } } @@ -1069,6 +1075,8 @@ static int unpack_dct_coeffs(Vp3DecodeContext *s, GetBitContext *gb) /* unpack the C plane DC coefficients */ residual_eob_run = unpack_vlcs(s, gb, &s->dc_vlc[dc_c_table], 0, s->first_coded_c_fragment, s->last_coded_c_fragment, residual_eob_run); + if (residual_eob_run < 0) + return residual_eob_run; /* fetch the AC table indexes */ ac_y_table = get_bits(gb, 4); @@ -1078,36 +1086,52 @@ static int unpack_dct_coeffs(Vp3DecodeContext *s, GetBitContext *gb) for (i = 1; i <= 5; i++) { residual_eob_run = unpack_vlcs(s, gb, &s->ac_vlc_1[ac_y_table], i, s->first_coded_y_fragment, s->last_coded_y_fragment, residual_eob_run); + if (residual_eob_run < 0) + return residual_eob_run; residual_eob_run = unpack_vlcs(s, gb, &s->ac_vlc_1[ac_c_table], i, s->first_coded_c_fragment, s->last_coded_c_fragment, residual_eob_run); + if (residual_eob_run < 0) + return residual_eob_run; } /* unpack the group 2 AC coefficients (coeffs 6-14) */ for (i = 6; i <= 14; i++) { residual_eob_run = unpack_vlcs(s, gb, &s->ac_vlc_2[ac_y_table], i, s->first_coded_y_fragment, s->last_coded_y_fragment, residual_eob_run); + if (residual_eob_run < 0) + return residual_eob_run; residual_eob_run = unpack_vlcs(s, gb, &s->ac_vlc_2[ac_c_table], i, s->first_coded_c_fragment, s->last_coded_c_fragment, residual_eob_run); + if (residual_eob_run < 0) + return residual_eob_run; } /* unpack the group 3 AC coefficients (coeffs 15-27) */ for (i = 15; i <= 27; i++) { residual_eob_run = unpack_vlcs(s, gb, &s->ac_vlc_3[ac_y_table], i, s->first_coded_y_fragment, s->last_coded_y_fragment, residual_eob_run); + if (residual_eob_run < 0) + return residual_eob_run; residual_eob_run = unpack_vlcs(s, gb, &s->ac_vlc_3[ac_c_table], i, s->first_coded_c_fragment, s->last_coded_c_fragment, residual_eob_run); + if (residual_eob_run < 0) + return residual_eob_run; } /* unpack the group 4 AC coefficients (coeffs 28-63) */ for (i = 28; i <= 63; i++) { residual_eob_run = unpack_vlcs(s, gb, &s->ac_vlc_4[ac_y_table], i, s->first_coded_y_fragment, s->last_coded_y_fragment, residual_eob_run); + if (residual_eob_run < 0) + return residual_eob_run; residual_eob_run = unpack_vlcs(s, gb, &s->ac_vlc_4[ac_c_table], i, s->first_coded_c_fragment, s->last_coded_c_fragment, residual_eob_run); + if (residual_eob_run < 0) + return residual_eob_run; } return 0; @@ -1684,6 +1708,11 @@ static av_cold int vp3_decode_init(AVCodecContext *avctx) s->coeffs = av_malloc(s->fragment_count * sizeof(Coeff) * 65); s->coded_fragment_list = av_malloc(s->fragment_count * sizeof(int)); s->pixel_addresses_initialized = 0; + if (!s->superblock_coding || !s->all_fragments || !s->coeff_counts || + !s->coeffs || !s->coded_fragment_list) { + vp3_decode_end(avctx); + return -1; + } if (!s->theora_tables) { @@ -1737,29 +1766,34 @@ static av_cold int vp3_decode_init(AVCodecContext *avctx) for (i = 0; i < 16; i++) { /* DC histograms */ - init_vlc(&s->dc_vlc[i], 5, 32, + if (init_vlc(&s->dc_vlc[i], 5, 32, &s->huffman_table[i][0][1], 4, 2, - &s->huffman_table[i][0][0], 4, 2, 0); + &s->huffman_table[i][0][0], 4, 2, 0) < 0) + goto vlc_fail; /* group 1 AC histograms */ - init_vlc(&s->ac_vlc_1[i], 5, 32, + if (init_vlc(&s->ac_vlc_1[i], 5, 32, &s->huffman_table[i+16][0][1], 4, 2, - &s->huffman_table[i+16][0][0], 4, 2, 0); + &s->huffman_table[i+16][0][0], 4, 2, 0) < 0) + goto vlc_fail; /* group 2 AC histograms */ - init_vlc(&s->ac_vlc_2[i], 5, 32, + if (init_vlc(&s->ac_vlc_2[i], 5, 32, &s->huffman_table[i+16*2][0][1], 4, 2, - &s->huffman_table[i+16*2][0][0], 4, 2, 0); + &s->huffman_table[i+16*2][0][0], 4, 2, 0) < 0) + goto vlc_fail; /* group 3 AC histograms */ - init_vlc(&s->ac_vlc_3[i], 5, 32, + if (init_vlc(&s->ac_vlc_3[i], 5, 32, &s->huffman_table[i+16*3][0][1], 4, 2, - &s->huffman_table[i+16*3][0][0], 4, 2, 0); + &s->huffman_table[i+16*3][0][0], 4, 2, 0) < 0) + goto vlc_fail; /* group 4 AC histograms */ - init_vlc(&s->ac_vlc_4[i], 5, 32, + if (init_vlc(&s->ac_vlc_4[i], 5, 32, &s->huffman_table[i+16*4][0][1], 4, 2, - &s->huffman_table[i+16*4][0][0], 4, 2, 0); + &s->huffman_table[i+16*4][0][0], 4, 2, 0) < 0) + goto vlc_fail; } } @@ -1784,6 +1818,11 @@ static av_cold int vp3_decode_init(AVCodecContext *avctx) s->superblock_macroblocks = av_malloc(s->superblock_count * 4 * sizeof(int)); s->macroblock_fragments = av_malloc(s->macroblock_count * 6 * sizeof(int)); s->macroblock_coding = av_malloc(s->macroblock_count + 1); + if (!s->superblock_fragments || !s->superblock_macroblocks || + !s->macroblock_fragments || !s->macroblock_coding) { + vp3_decode_end(avctx); + return -1; + } init_block_mapping(s); for (i = 0; i < 3; i++) { @@ -1793,6 +1832,10 @@ static av_cold int vp3_decode_init(AVCodecContext *avctx) } return 0; + +vlc_fail: + av_log(avctx, AV_LOG_FATAL, "Invalid huffman table\n"); + return -1; } /* @@ -2231,7 +2274,7 @@ static av_cold int theora_decode_init(AVCodecContext *avctx) } for(i=0;i<3;i++) { - init_get_bits(&gb, header_start[i], header_len[i]); + init_get_bits(&gb, header_start[i], header_len[i] * 8); ptype = get_bits(&gb, 8); diff --git a/libavcodec/vp5.c b/libavcodec/vp5.c index dfa2a1b094..c32f4f050e 100644 --- a/libavcodec/vp5.c +++ b/libavcodec/vp5.c @@ -199,7 +199,8 @@ static void vp5_parse_coeff(VP56Context *s) model1 = model->coeff_dccv[pt]; model2 = model->coeff_dcct[pt][ctx]; - for (coeff_idx=0; coeff_idx<64; ) { + coeff_idx = 0; + for (;;) { if (vp56_rac_get_prob(c, model2[0])) { if (vp56_rac_get_prob(c, model2[2])) { if (vp56_rac_get_prob(c, model2[3])) { @@ -236,8 +237,11 @@ static void vp5_parse_coeff(VP56Context *s) ct = 0; s->coeff_ctx[vp56_b6to4[b]][coeff_idx] = 0; } + coeff_idx++; + if (coeff_idx >= 64) + break; - cg = vp5_coeff_groups[++coeff_idx]; + cg = vp5_coeff_groups[coeff_idx]; ctx = s->coeff_ctx[vp56_b6to4[b]][coeff_idx]; model1 = model->coeff_ract[pt][ct][cg]; model2 = cg > 2 ? model1 : model->coeff_acct[pt][ct][cg][ctx]; diff --git a/libavcodec/vp56.c b/libavcodec/vp56.c index ad11b5289a..f48dd15692 100644 --- a/libavcodec/vp56.c +++ b/libavcodec/vp56.c @@ -516,8 +516,24 @@ int vp56_decode_frame(AVCodecContext *avctx, void *data, int *data_size, s->modelp = &s->models[is_alpha]; res = s->parse_header(s, buf, remaining_buf_size, &golden_frame); - if (!res) - return -1; + if (!res) { + int i; + for (i = 0; i < 4; i++) { + if (s->frames[i].data[0]) + avctx->release_buffer(avctx, &s->frames[i]); + } + return res; + } + + if (res == 2) { + int i; + for (i = 0; i < 4; i++) { + if (s->frames[i].data[0]) + avctx->release_buffer(avctx, &s->frames[i]); + } + if (is_alpha) + return -1; + } if (!is_alpha) { p->reference = 1; @@ -685,6 +701,7 @@ av_cold void vp56_init(AVCodecContext *avctx, int flip, int has_alpha) av_cold int vp56_free(AVCodecContext *avctx) { VP56Context *s = avctx->priv_data; + int pt; av_free(s->above_blocks); av_free(s->macroblocks); @@ -695,5 +712,15 @@ av_cold int vp56_free(AVCodecContext *avctx) avctx->release_buffer(avctx, s->framep[VP56_FRAME_GOLDEN2]); if (s->framep[VP56_FRAME_PREVIOUS]->data[0]) avctx->release_buffer(avctx, s->framep[VP56_FRAME_PREVIOUS]); + + for (pt=0; pt < 2; pt++) { + int ct, cg; + free_vlc(&s->dccv_vlc[pt]); + free_vlc(&s->runv_vlc[pt]); + for (ct=0; ct<3; ct++) + for (cg = 0; cg < 6; cg++) + free_vlc(&s->ract_vlc[pt][ct][cg]); + } + return 0; } diff --git a/libavcodec/vp6.c b/libavcodec/vp6.c index 5071903701..6d0d3b2d6e 100644 --- a/libavcodec/vp6.c +++ b/libavcodec/vp6.c @@ -61,8 +61,8 @@ static int vp6_parse_header(VP56Context *s, const uint8_t *buf, int buf_size, return 0; s->filter_header = buf[1] & 0x06; if (buf[1] & 1) { - av_log(s->avctx, AV_LOG_ERROR, "interlacing not supported\n"); - return 0; + av_log(s->avctx, AV_LOG_WARNING, "interlacing not supported\n"); + return AVERROR_PATCHWELCOME; } if (separated_coeff || !s->filter_header) { coeff_offset = AV_RB16(buf+2) - 2; @@ -136,8 +136,11 @@ static int vp6_parse_header(VP56Context *s, const uint8_t *buf, int buf_size, if (coeff_offset) { buf += coeff_offset; buf_size -= coeff_offset; - if (buf_size < 0) + if (buf_size < 0) { + if (s->framep[VP56_FRAME_CURRENT]->key_frame) + avcodec_set_dimensions(s->avctx, 0, 0); return 0; + } if (s->use_huffman) { s->parse_coeff = vp6_parse_coeff_huffman; init_get_bits(&s->gb, buf, buf_size<<3); @@ -212,8 +215,8 @@ static int vp6_huff_cmp(const void *va, const void *vb) return (a->count - b->count)*16 + (b->sym - a->sym); } -static void vp6_build_huff_tree(VP56Context *s, uint8_t coeff_model[], - const uint8_t *map, unsigned size, VLC *vlc) +static int vp6_build_huff_tree(VP56Context *s, uint8_t coeff_model[], + const uint8_t *map, unsigned size, VLC *vlc) { Node nodes[2*size], *tmp = &nodes[size]; int a, b, i; @@ -227,9 +230,10 @@ static void vp6_build_huff_tree(VP56Context *s, uint8_t coeff_model[], nodes[map[2*i+1]].count = b + !b; } - /* then build the huffman tree accodring to probabilities */ - ff_huff_build_tree(s->avctx, vlc, size, nodes, vp6_huff_cmp, - FF_HUFFMAN_FLAG_HNODE_FIRST); + free_vlc(vlc); + /* then build the huffman tree according to probabilities */ + return ff_huff_build_tree(s->avctx, vlc, size, nodes, vp6_huff_cmp, + FF_HUFFMAN_FLAG_HNODE_FIRST); } static void vp6_parse_coeff_models(VP56Context *s) @@ -365,7 +369,7 @@ static void vp6_parse_coeff_huffman(VP56Context *s) if (b > 3) pt = 1; vlc_coeff = &s->dccv_vlc[pt]; - for (coeff_idx=0; coeff_idx<64; ) { + for (coeff_idx = 0;;) { int run = 1; if (coeff_idx<2 && s->nb_null[coeff_idx][pt]) { s->nb_null[coeff_idx][pt]--; @@ -400,6 +404,8 @@ static void vp6_parse_coeff_huffman(VP56Context *s) } } coeff_idx+=run; + if (coeff_idx >= 64) + break; cg = FFMIN(vp6_coeff_groups[coeff_idx], 3); vlc_coeff = &s->ract_vlc[pt][ct][cg]; } @@ -427,7 +433,8 @@ static void vp6_parse_coeff(VP56Context *s) model1 = model->coeff_dccv[pt]; model2 = model->coeff_dcct[pt][ctx]; - for (coeff_idx=0; coeff_idx<64; ) { + coeff_idx = 0; + for (;;) { if ((coeff_idx>1 && ct==0) || vp56_rac_get_prob(c, model2[0])) { /* parse a coeff */ if (vp56_rac_get_prob(c, model2[2])) { @@ -468,8 +475,10 @@ static void vp6_parse_coeff(VP56Context *s) run += vp56_rac_get_prob(c, model3[i+8]) << i; } } - - cg = vp6_coeff_groups[coeff_idx+=run]; + coeff_idx += run; + if (coeff_idx >= 64) + break; + cg = vp6_coeff_groups[coeff_idx]; model1 = model2 = model->coeff_ract[pt][ct][cg]; } diff --git a/libavcodec/vqavideo.c b/libavcodec/vqavideo.c index 00df736d3b..9edee58b2a 100644 --- a/libavcodec/vqavideo.c +++ b/libavcodec/vqavideo.c @@ -163,6 +163,12 @@ static av_cold int vqa_decode_init(AVCodecContext *avctx) return -1; } + if (s->width & (s->vector_width - 1) || + s->height & (s->vector_height - 1)) { + av_log(avctx, AV_LOG_ERROR, "Image size not multiple of block size\n"); + return AVERROR_INVALIDDATA; + } + /* allocate codebooks */ s->codebook_size = MAX_CODEBOOK_SIZE; s->codebook = av_malloc(s->codebook_size); @@ -520,6 +526,11 @@ static void vqa_decode_chunk(VqaContext *s) chunk_size = AV_RB32(&s->buf[cbp0_chunk + 4]); cbp0_chunk += CHUNK_PREAMBLE_SIZE; + if (chunk_size > MAX_CODEBOOK_SIZE - s->next_codebook_buffer_index) { + av_log(s->avctx, AV_LOG_ERROR, "cbp0 chunk too large (0x%X bytes)\n", chunk_size); + return; + } + /* accumulate partial codebook */ memcpy(&s->next_codebook_buffer[s->next_codebook_buffer_index], &s->buf[cbp0_chunk], chunk_size); @@ -543,6 +554,11 @@ static void vqa_decode_chunk(VqaContext *s) chunk_size = AV_RB32(&s->buf[cbpz_chunk + 4]); cbpz_chunk += CHUNK_PREAMBLE_SIZE; + if (chunk_size > MAX_CODEBOOK_SIZE - s->next_codebook_buffer_index) { + av_log(s->avctx, AV_LOG_ERROR, "cbpz chunk too large (0x%X bytes)\n", chunk_size); + return; + } + /* accumulate partial codebook */ memcpy(&s->next_codebook_buffer[s->next_codebook_buffer_index], &s->buf[cbpz_chunk], chunk_size); diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c index 12eac33fe7..19e5e057aa 100644 --- a/libavcodec/wavpack.c +++ b/libavcodec/wavpack.c @@ -536,12 +536,13 @@ static int wavpack_decode_frame(AVCodecContext *avctx, } switch(id & WP_IDF_MASK){ case WP_ID_DECTERMS: - s->terms = size; - if(s->terms > MAX_TERMS){ + if(size > MAX_TERMS){ av_log(avctx, AV_LOG_ERROR, "Too many decorrelation terms\n"); + s->terms = 0; buf += ssize; continue; } + s->terms = size; for(i = 0; i < s->terms; i++) { s->decorr[s->terms - i - 1].value = (*buf & 0x1F) - 5; s->decorr[s->terms - i - 1].delta = *buf >> 5; diff --git a/libavcodec/wma.c b/libavcodec/wma.c index ff01f49b5c..12faf273e5 100644 --- a/libavcodec/wma.c +++ b/libavcodec/wma.c @@ -133,6 +133,10 @@ int ff_wma_init(AVCodecContext * avctx, int flags2) bps = (float)s->bit_rate / (float)(s->nb_channels * s->sample_rate); s->byte_offset_bits = av_log2((int)(bps * s->frame_len / 8.0 + 0.5)) + 2; + if (s->byte_offset_bits + 3 > MIN_CACHE_BITS) { + av_log(avctx, AV_LOG_ERROR, "byte_offset_bits %d is too large\n", s->byte_offset_bits); + return AVERROR_PATCHWELCOME; + } /* compute high frequency value and choose if noise coding should be activated */ diff --git a/libavcodec/wmadec.c b/libavcodec/wmadec.c index e7936ce49f..088d510a0b 100644 --- a/libavcodec/wmadec.c +++ b/libavcodec/wmadec.c @@ -105,6 +105,11 @@ static int wma_decode_init(AVCodecContext * avctx) s->use_bit_reservoir = flags2 & 0x0002; s->use_variable_block_len = flags2 & 0x0004; + if(avctx->channels > MAX_CHANNELS){ + av_log(avctx, AV_LOG_ERROR, "Invalid number of channels (%d)\n", avctx->channels); + return -1; + } + if(ff_wma_init(avctx, flags2)<0) return -1; diff --git a/libavcodec/wnv1.c b/libavcodec/wnv1.c index 7c0105f1ef..aa284da22f 100644 --- a/libavcodec/wnv1.c +++ b/libavcodec/wnv1.c @@ -67,6 +67,11 @@ static int decode_frame(AVCodecContext *avctx, int prev_y = 0, prev_u = 0, prev_v = 0; uint8_t *rbuf; + if(buf_size<=8) { + av_log(avctx, AV_LOG_ERROR, "buf_size %d is too small\n", buf_size); + return AVERROR_INVALIDDATA; + } + rbuf = av_malloc(buf_size + FF_INPUT_BUFFER_PADDING_SIZE); if(!rbuf){ av_log(avctx, AV_LOG_ERROR, "Cannot allocate temporary buffer\n"); diff --git a/libavcodec/x86/dsputilenc_mmx.c b/libavcodec/x86/dsputilenc_mmx.c index 1717a01796..c1a648b308 100644 --- a/libavcodec/x86/dsputilenc_mmx.c +++ b/libavcodec/x86/dsputilenc_mmx.c @@ -882,6 +882,7 @@ static int vsad16_mmx2(void *v, uint8_t * pix1, uint8_t * pix2, int line_size, i static void diff_bytes_mmx(uint8_t *dst, uint8_t *src1, uint8_t *src2, int w){ x86_reg i=0; + if(w>=16) __asm__ volatile( "1: \n\t" "movq (%2, %0), %%mm0 \n\t" diff --git a/libavcodec/x86/fft_sse.c b/libavcodec/x86/fft_sse.c index 3d9f1c5145..918fdf299a 100644 --- a/libavcodec/x86/fft_sse.c +++ b/libavcodec/x86/fft_sse.c @@ -22,7 +22,7 @@ #include "libavutil/x86_cpu.h" #include "libavcodec/dsputil.h" -static const int m1m1m1m1[4] __attribute__((aligned(16))) = +DECLARE_ASM_CONST(16, int, m1m1m1m1)[4] = { 1 << 31, 1 << 31, 1 << 31, 1 << 31 }; void ff_fft_dispatch_sse(FFTComplex *z, int nbits); @@ -182,7 +182,7 @@ void ff_imdct_calc_sse(MDCTContext *s, FFTSample *output, const FFTSample *input j = -n; k = n-16; __asm__ volatile( - "movaps %4, %%xmm7 \n" + "movaps "MANGLE(m1m1m1m1)", %%xmm7 \n" "1: \n" "movaps (%2,%1), %%xmm0 \n" "movaps (%3,%0), %%xmm1 \n" @@ -195,8 +195,7 @@ void ff_imdct_calc_sse(MDCTContext *s, FFTSample *output, const FFTSample *input "add $16, %0 \n" "jl 1b \n" :"+r"(j), "+r"(k) - :"r"(output+n4), "r"(output+n4*3), - "m"(*m1m1m1m1) + :"r"(output+n4), "r"(output+n4*3) ); } diff --git a/libavdevice/libavdevice.v b/libavdevice/libavdevice.v new file mode 100644 index 0000000000..663af85ba8 --- /dev/null +++ b/libavdevice/libavdevice.v @@ -0,0 +1,4 @@ +LIBAVDEVICE_$MAJOR { + global: avdevice_*; + local: *; +}; diff --git a/libavdevice/vfwcap.c b/libavdevice/vfwcap.c index 4b6f73bc47..e415b740cf 100644 --- a/libavdevice/vfwcap.c +++ b/libavdevice/vfwcap.c @@ -20,8 +20,8 @@ */ #include "libavformat/avformat.h" -#include #include +#include //#define DEBUG_VFW diff --git a/libavfilter/formats.c b/libavfilter/formats.c index 33fec163a5..39b3453e41 100644 --- a/libavfilter/formats.c +++ b/libavfilter/formats.c @@ -43,6 +43,12 @@ AVFilterFormats *avfilter_merge_formats(AVFilterFormats *a, AVFilterFormats *b) AVFilterFormats *ret; unsigned i, j, k = 0; + if (a == b) + return a; + + if (a == b) + return a; + ret = av_mallocz(sizeof(AVFilterFormats)); /* merge list of formats */ diff --git a/libavfilter/libavfilter.v b/libavfilter/libavfilter.v new file mode 100644 index 0000000000..83e8887080 --- /dev/null +++ b/libavfilter/libavfilter.v @@ -0,0 +1,4 @@ +LIBAVFILTER_$MAJOR { + global: avfilter_*; av_*; + local: *; +}; diff --git a/libavformat/4xm.c b/libavformat/4xm.c index 631f8216a5..d0fd312cc8 100644 --- a/libavformat/4xm.c +++ b/libavformat/4xm.c @@ -127,6 +127,10 @@ static int fourxm_read_header(AVFormatContext *s, for (i = 0; i < header_size - 8; i++) { fourcc_tag = AV_RL32(&header[i]); size = AV_RL32(&header[i + 4]); + if (size > header_size - i - 8 && (fourcc_tag == vtrk_TAG || fourcc_tag == strk_TAG)) { + av_log(s, AV_LOG_ERROR, "chunk larger than array %d>%d\n", size, header_size - i - 8); + return AVERROR_INVALIDDATA; + } if (fourcc_tag == std__TAG) { fourxm->fps = av_int2flt(AV_RL32(&header[i + 12])); diff --git a/libavformat/ape.c b/libavformat/ape.c index fac967879a..7511d936da 100644 --- a/libavformat/ape.c +++ b/libavformat/ape.c @@ -335,6 +335,10 @@ static int ape_read_header(AVFormatContext * s, AVFormatParameters * ap) url_fskip(pb, ape->wavheaderlength); } + if(!ape->totalframes){ + av_log(s, AV_LOG_ERROR, "No frames in the file!\n"); + return AVERROR(EINVAL); + } if(ape->totalframes > UINT_MAX / sizeof(APEFrame)){ av_log(s, AV_LOG_ERROR, "Too many frames: %d\n", ape->totalframes); return -1; @@ -352,6 +356,8 @@ static int ape_read_header(AVFormatContext * s, AVFormatParameters * ap) if (ape->seektablelength > 0) { ape->seektable = av_malloc(ape->seektablelength); + if (!ape->seektable) + return AVERROR(ENOMEM); for (i = 0; i < ape->seektablelength / sizeof(uint32_t); i++) ape->seektable[i] = get_le32(pb); } diff --git a/libavformat/asf.h b/libavformat/asf.h index a36013bdd2..7e7225cae7 100644 --- a/libavformat/asf.h +++ b/libavformat/asf.h @@ -80,7 +80,6 @@ typedef struct { typedef struct { uint32_t seqno; - unsigned int packet_size; int is_streamed; int asfid2avid[128]; ///< conversion table from asf ID 2 AVStream ID ASFStream streams[128]; ///< it's max number and it's not that big diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c index 4d61739719..074266bb1c 100644 --- a/libavformat/asfdec.c +++ b/libavformat/asfdec.c @@ -212,7 +212,7 @@ static int asf_read_header(AVFormatContext *s, AVFormatParameters *ap) asf->hdr.min_pktsize = get_le32(pb); asf->hdr.max_pktsize = get_le32(pb); asf->hdr.max_bitrate = get_le32(pb); - asf->packet_size = asf->hdr.max_pktsize; + s->packet_size = asf->hdr.max_pktsize; } else if (!memcmp(&g, &ff_asf_stream_header, sizeof(GUID))) { enum CodecType type; int type_specific_size, sizeX; @@ -555,7 +555,9 @@ int ff_asf_get_packet(AVFormatContext *s, ByteIOContext *pb) int rsize = 8; int c, d, e, off; - off= (url_ftell(pb) - s->data_offset) % asf->packet_size + 3; + off= 32768; + if (s->packet_size > 0) + off= (url_ftell(pb) - s->data_offset) % s->packet_size + 3; c=d=e=-1; while(off-- > 0){ @@ -585,12 +587,12 @@ int ff_asf_get_packet(AVFormatContext *s, ByteIOContext *pb) asf->packet_flags = c; asf->packet_property = d; - DO_2BITS(asf->packet_flags >> 5, packet_length, asf->packet_size); + DO_2BITS(asf->packet_flags >> 5, packet_length, s->packet_size); DO_2BITS(asf->packet_flags >> 1, padsize, 0); // sequence ignored DO_2BITS(asf->packet_flags >> 3, padsize, 0); // padding length //the following checks prevent overflows and infinite loops - if(packet_length >= (1U<<29)){ + if(!packet_length || packet_length >= (1U<<29)){ av_log(s, AV_LOG_ERROR, "invalid packet_length %d at:%"PRId64"\n", packet_length, url_ftell(pb)); return -1; } @@ -614,7 +616,7 @@ int ff_asf_get_packet(AVFormatContext *s, ByteIOContext *pb) if (packet_length < asf->hdr.min_pktsize) padsize += asf->hdr.min_pktsize - packet_length; asf->packet_padsize = padsize; - dprintf(s, "packet: size=%d padsize=%d left=%d\n", asf->packet_size, asf->packet_padsize, asf->packet_size_left); + dprintf(s, "packet: size=%d padsize=%d left=%d\n", s->packet_size, asf->packet_padsize, asf->packet_size_left); return 0; } @@ -786,7 +788,7 @@ int ff_asf_parse_packet(AVFormatContext *s, ByteIOContext *pb, AVPacket *pkt) /* read data */ //printf("READ PACKET s:%d os:%d o:%d,%d l:%d DATA:%p\n", - // asf->packet_size, asf_st->pkt.size, asf->packet_frag_offset, + // s->packet_size, asf_st->pkt.size, asf->packet_frag_offset, // asf_st->frag_offset, asf->packet_frag_size, asf_st->pkt.data); asf->packet_size_left -= asf->packet_frag_size; if (asf->packet_size_left < 0) @@ -929,7 +931,6 @@ static int asf_read_close(AVFormatContext *s) static int64_t asf_read_pts(AVFormatContext *s, int stream_index, int64_t *ppos, int64_t pos_limit) { - ASFContext *asf = s->priv_data; AVPacket pkt1, *pkt = &pkt1; ASFStream *asf_st; int64_t pts; @@ -941,7 +942,8 @@ static int64_t asf_read_pts(AVFormatContext *s, int stream_index, int64_t *ppos, start_pos[i]= pos; } - pos= (pos+asf->packet_size-1-s->data_offset)/asf->packet_size*asf->packet_size+ s->data_offset; + if (s->packet_size > 0) + pos= (pos+s->packet_size-1-s->data_offset)/s->packet_size*s->packet_size+ s->data_offset; *ppos= pos; url_fseek(s->pb, pos, SEEK_SET); @@ -961,7 +963,7 @@ static int64_t asf_read_pts(AVFormatContext *s, int stream_index, int64_t *ppos, asf_st= s->streams[i]->priv_data; -// assert((asf_st->packet_pos - s->data_offset) % asf->packet_size == 0); +// assert((asf_st->packet_pos - s->data_offset) % s->packet_size == 0); pos= asf_st->packet_pos; av_add_index_entry(s->streams[i], pos, pts, pkt->size, pos - start_pos[i] + 1, AVINDEX_KEYFRAME); @@ -1004,10 +1006,10 @@ static void asf_build_simple_index(AVFormatContext *s, int stream_index) int pktct =get_le16(s->pb); av_log(s, AV_LOG_DEBUG, "pktnum:%d, pktct:%d\n", pktnum, pktct); - pos=s->data_offset + asf->packet_size*(int64_t)pktnum; + pos=s->data_offset + s->packet_size*(int64_t)pktnum; index_pts=av_rescale(itime, i, 10000); - av_add_index_entry(s->streams[stream_index], pos, index_pts, asf->packet_size, 0, AVINDEX_KEYFRAME); + av_add_index_entry(s->streams[stream_index], pos, index_pts, s->packet_size, 0, AVINDEX_KEYFRAME); } asf->index_read= 1; } @@ -1021,7 +1023,7 @@ static int asf_read_seek(AVFormatContext *s, int stream_index, int64_t pts, int int64_t pos; int index; - if (asf->packet_size <= 0) + if (s->packet_size <= 0) return -1; /* Try using the protocol's read_seek if available */ diff --git a/libavformat/asfenc.c b/libavformat/asfenc.c index 8c5aec738f..8b33071e8b 100644 --- a/libavformat/asfenc.c +++ b/libavformat/asfenc.c @@ -321,8 +321,8 @@ static int asf_write_header1(AVFormatContext *s, int64_t file_size, int64_t data put_le64(pb, asf->duration); /* duration (in 100ns units) */ put_le64(pb, PREROLL_TIME); /* start time stamp */ put_le32(pb, (asf->is_streamed || url_is_streamed(pb)) ? 3 : 2); /* ??? */ - put_le32(pb, asf->packet_size); /* packet size */ - put_le32(pb, asf->packet_size); /* packet size */ + put_le32(pb, s->packet_size); /* packet size */ + put_le32(pb, s->packet_size); /* packet size */ put_le32(pb, bit_rate); /* Nominal data rate in bps */ end_header(pb, hpos); @@ -514,7 +514,7 @@ static int asf_write_header(AVFormatContext *s) { ASFContext *asf = s->priv_data; - asf->packet_size = PACKET_SIZE; + s->packet_size = PACKET_SIZE; asf->nb_packets = 0; asf->last_indexed_pts = 0; @@ -536,7 +536,7 @@ static int asf_write_header(AVFormatContext *s) asf->packet_nb_payloads = 0; asf->packet_timestamp_start = -1; asf->packet_timestamp_end = -1; - init_put_byte(&asf->pb, asf->packet_buf, asf->packet_size, 1, + init_put_byte(&asf->pb, asf->packet_buf, s->packet_size, 1, NULL, NULL, NULL, NULL); return 0; @@ -612,7 +612,7 @@ static void flush_packet(AVFormatContext *s) assert(asf->packet_timestamp_end >= asf->packet_timestamp_start); if (asf->is_streamed) { - put_chunk(s, 0x4424, asf->packet_size, 0); + put_chunk(s, 0x4424, s->packet_size, 0); } packet_hdr_size = put_payload_parsing_info( @@ -627,14 +627,14 @@ static void flush_packet(AVFormatContext *s) assert(packet_hdr_size <= asf->packet_size_left); memset(asf->packet_buf + packet_filled_size, 0, asf->packet_size_left); - put_buffer(s->pb, asf->packet_buf, asf->packet_size - packet_hdr_size); + put_buffer(s->pb, asf->packet_buf, s->packet_size - packet_hdr_size); put_flush_packet(s->pb); asf->nb_packets++; asf->packet_nb_payloads = 0; asf->packet_timestamp_start = -1; asf->packet_timestamp_end = -1; - init_put_byte(&asf->pb, asf->packet_buf, asf->packet_size, 1, + init_put_byte(&asf->pb, asf->packet_buf, s->packet_size, 1, NULL, NULL, NULL, NULL); } diff --git a/libavformat/avformat.h b/libavformat/avformat.h index 18ec2c86f9..6b871444b8 100644 --- a/libavformat/avformat.h +++ b/libavformat/avformat.h @@ -1035,7 +1035,7 @@ AVChapter *ff_new_chapter(AVFormatContext *s, int id, AVRational time_base, * @param pts_den denominator to convert to seconds (MPEG: 90000) */ void av_set_pts_info(AVStream *s, int pts_wrap_bits, - int pts_num, int pts_den); + unsigned int pts_num, unsigned int pts_den); #define AVSEEK_FLAG_BACKWARD 1 ///< seek backward #define AVSEEK_FLAG_BYTE 2 ///< seeking based on position in bytes diff --git a/libavformat/avidec.c b/libavformat/avidec.c index 78e5051e1e..46dffa11b8 100644 --- a/libavformat/avidec.c +++ b/libavformat/avidec.c @@ -780,13 +780,13 @@ resync: else ast->frame_offset++; } - ast->remaining -= size; + ast->remaining -= err; if(!ast->remaining){ avi->stream_index= -1; ast->packet_size= 0; } - return size; + return 0; } memset(d, -1, sizeof(int)*8); diff --git a/libavformat/aviobuf.c b/libavformat/aviobuf.c index 93efd65d0b..3143a23a61 100644 --- a/libavformat/aviobuf.c +++ b/libavformat/aviobuf.c @@ -27,6 +27,13 @@ #define IO_BUFFER_SIZE 32768 +/** + * Do seeks within this distance ahead of the current buffer by skipping + * data instead of calling the protocol seek function, for seekable + * protocols. + */ +#define SHORT_SEEK_THRESHOLD 4096 + static void fill_buffer(ByteIOContext *s); int init_put_byte(ByteIOContext *s, @@ -151,8 +158,9 @@ int64_t url_fseek(ByteIOContext *s, int64_t offset, int whence) offset1 >= 0 && offset1 < (s->buf_end - s->buffer)) { /* can do the seek inside the buffer */ s->buf_ptr = s->buffer + offset1; - } else if(s->is_streamed && !s->write_flag && - offset1 >= 0 && offset1 < (s->buf_end - s->buffer) + (1<<16)){ + } else if ((s->is_streamed || + offset1 <= s->buf_end + SHORT_SEEK_THRESHOLD - s->buffer) && + !s->write_flag && offset1 >= 0) { while(s->pos < offset && !s->eof_reached) fill_buffer(s); if (s->eof_reached) diff --git a/libavformat/avs.c b/libavformat/avs.c index 1fcb19fdde..eda7f9d2f7 100644 --- a/libavformat/avs.c +++ b/libavformat/avs.c @@ -163,10 +163,14 @@ static int avs_read_packet(AVFormatContext * s, AVPacket * pkt) sub_type = get_byte(s->pb); type = get_byte(s->pb); size = get_le16(s->pb); + if (size < 4) + return AVERROR_INVALIDDATA; avs->remaining_frame_size -= size; switch (type) { case AVS_PALETTE: + if (size - 4 > sizeof(palette)) + return AVERROR_INVALIDDATA; ret = get_buffer(s->pb, palette, size - 4); if (ret < size - 4) return AVERROR(EIO); diff --git a/libavformat/dv.c b/libavformat/dv.c index 820c3b5cec..256dcd4312 100644 --- a/libavformat/dv.c +++ b/libavformat/dv.c @@ -125,10 +125,14 @@ static int dv_extract_audio(uint8_t* frame, uint8_t* ppcm[4], /* We work with 720p frames split in half, thus even frames have * channels 0,1 and odd 2,3. */ ipcm = (sys->height == 720 && !(frame[1] & 0x0C)) ? 2 : 0; - pcm = ppcm[ipcm++]; /* for each DIF channel */ for (chan = 0; chan < sys->n_difchan; chan++) { + /* next stereo channel (50Mbps and 100Mbps only) */ + pcm = ppcm[ipcm++]; + if (!pcm) + break; + /* for each DIF segment */ for (i = 0; i < sys->difseg_size; i++) { frame += 6 * 80; /* skip DIF segment header */ @@ -176,11 +180,6 @@ static int dv_extract_audio(uint8_t* frame, uint8_t* ppcm[4], frame += 16 * 80; /* 15 Video DIFs + 1 Audio DIF */ } } - - /* next stereo channel (50Mbps and 100Mbps only) */ - pcm = ppcm[ipcm++]; - if (!pcm) - break; } return size; @@ -202,6 +201,12 @@ static int dv_extract_audio_info(DVDemuxContext* c, uint8_t* frame) stype = (as_pack[3] & 0x1f); /* 0 - 2CH, 2 - 4CH, 3 - 8CH */ quant = as_pack[4] & 0x07; /* 0 - 16bit linear, 1 - 12bit nonlinear */ + if (stype > 3) { + av_log(c->fctx, AV_LOG_ERROR, "stype %d is invalid\n", stype); + c->ach = 0; + return 0; + } + /* note: ach counts PAIRS of channels (i.e. stereo channels) */ ach = ((int[4]){ 1, 0, 2, 4})[stype]; if (ach == 1 && quant && freq == 2) @@ -335,7 +340,8 @@ int dv_produce_packet(DVDemuxContext *c, AVPacket *pkt, c->audio_pkt[i].pts = c->abytes * 30000*8 / c->ast[i]->codec->bit_rate; ppcm[i] = c->audio_buf[i]; } - dv_extract_audio(buf, ppcm, c->sys); + if (c->ach) + dv_extract_audio(buf, ppcm, c->sys); c->abytes += size; /* We work with 720p frames split in half, thus even frames have diff --git a/libavformat/electronicarts.c b/libavformat/electronicarts.c index fe19e70f73..ad63c5619b 100644 --- a/libavformat/electronicarts.c +++ b/libavformat/electronicarts.c @@ -448,12 +448,17 @@ static int ea_read_packet(AVFormatContext *s, while (!packet_read) { chunk_type = get_le32(pb); - chunk_size = (ea->big_endian ? get_be32(pb) : get_le32(pb)) - 8; + chunk_size = ea->big_endian ? get_be32(pb) : get_le32(pb); + if (chunk_size <= 8) + return AVERROR_INVALIDDATA; + chunk_size -= 8; switch (chunk_type) { /* audio data */ case ISNh_TAG: /* header chunk also contains data; skip over the header portion*/ + if (chunk_size < 32) + return AVERROR_INVALIDDATA; url_fskip(pb, 32); chunk_size -= 32; case ISNd_TAG: diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c index c925e54539..9bc2517b15 100644 --- a/libavformat/flvdec.c +++ b/libavformat/flvdec.c @@ -313,6 +313,7 @@ static int flv_read_packet(AVFormatContext *s, AVPacket *pkt) int64_t dts, pts = AV_NOPTS_VALUE; AVStream *st = NULL; + retry: for(;;){ pos = url_ftell(s->pb); url_fskip(s->pb, 4); /* size of previous packet */ @@ -348,7 +349,7 @@ static int flv_read_packet(AVFormatContext *s, AVPacket *pkt) av_log(s, AV_LOG_ERROR, "skipping flv packet: type %d, size %d, flags %d\n", type, size, flags); skip: url_fseek(s->pb, next, SEEK_SET); - return AVERROR(EAGAIN); + continue; } /* skip empty data packets */ @@ -372,7 +373,7 @@ static int flv_read_packet(AVFormatContext *s, AVPacket *pkt) || st->discard >= AVDISCARD_ALL ){ url_fseek(s->pb, next, SEEK_SET); - return AVERROR(EAGAIN); + continue; } if ((flags & FLV_VIDEO_FRAMETYPE_MASK) == FLV_FRAME_KEY) av_add_index_entry(st, pos, dts, size, 0, AVINDEX_KEYFRAME); @@ -435,7 +436,7 @@ static int flv_read_packet(AVFormatContext *s, AVPacket *pkt) st->codec->channels, st->codec->sample_rate); } - return AVERROR(EAGAIN); + goto retry; } } diff --git a/libavformat/libavformat.v b/libavformat/libavformat.v new file mode 100644 index 0000000000..da2311eb36 --- /dev/null +++ b/libavformat/libavformat.v @@ -0,0 +1,3 @@ +LIBAVFORMAT_$MAJOR { + global: *; +}; diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index ac12f1ea66..6cf9028135 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -752,11 +752,15 @@ static int ebml_parse_elem(MatroskaDemuxContext *matroska, uint32_t id = syntax->id; uint64_t length; int res; + void *newelem; data = (char *)data + syntax->data_offset; if (syntax->list_elem_size) { EbmlList *list = data; - list->elem = av_realloc(list->elem, (list->nb_elem+1)*syntax->list_elem_size); + newelem = av_realloc(list->elem, (list->nb_elem+1)*syntax->list_elem_size); + if (!newelem) + return AVERROR(ENOMEM); + list->elem = newelem; data = (char*)list->elem + list->nb_elem*syntax->list_elem_size; memset(data, 0, syntax->list_elem_size); list->nb_elem++; @@ -873,6 +877,7 @@ static int matroska_decode_buffer(uint8_t** buf, int* buf_size, uint8_t* data = *buf; int isize = *buf_size; uint8_t* pkt_data = NULL; + uint8_t* newpktdata; int pkt_size = isize; int result = 0; int olen; @@ -899,7 +904,12 @@ static int matroska_decode_buffer(uint8_t** buf, int* buf_size, zstream.avail_in = isize; do { pkt_size *= 3; - pkt_data = av_realloc(pkt_data, pkt_size); + newpktdata = av_realloc(pkt_data, pkt_size); + if (!newpktdata) { + inflateEnd(&zstream); + goto failed; + } + pkt_data = newpktdata; zstream.avail_out = pkt_size - zstream.total_out; zstream.next_out = pkt_data + zstream.total_out; result = inflate(&zstream, Z_NO_FLUSH); @@ -920,7 +930,12 @@ static int matroska_decode_buffer(uint8_t** buf, int* buf_size, bzstream.avail_in = isize; do { pkt_size *= 3; - pkt_data = av_realloc(pkt_data, pkt_size); + newpktdata = av_realloc(pkt_data, pkt_size); + if (!newpktdata) { + BZ2_bzDecompressEnd(&bzstream); + goto failed; + } + pkt_data = newpktdata; bzstream.avail_out = pkt_size - bzstream.total_out_lo32; bzstream.next_out = pkt_data + bzstream.total_out_lo32; result = BZ2_bzDecompress(&bzstream); @@ -975,13 +990,17 @@ static void matroska_fix_ass_packet(MatroskaDemuxContext *matroska, } } -static void matroska_merge_packets(AVPacket *out, AVPacket *in) +static int matroska_merge_packets(AVPacket *out, AVPacket *in) { - out->data = av_realloc(out->data, out->size+in->size); + void *newdata = av_realloc(out->data, out->size+in->size); + if (!newdata) + return AVERROR(ENOMEM); + out->data = newdata; memcpy(out->data+out->size, in->data, in->size); out->size += in->size; av_destruct_packet(in); av_free(in); + return 0; } static void matroska_convert_tag(AVFormatContext *s, EbmlList *list, @@ -1044,13 +1063,13 @@ static void matroska_convert_tags(AVFormatContext *s) static void matroska_execute_seekhead(MatroskaDemuxContext *matroska) { EbmlList *seekhead_list = &matroska->seekhead; - MatroskaSeekhead *seekhead = seekhead_list->elem; uint32_t level_up = matroska->level_up; int64_t before_pos = url_ftell(matroska->ctx->pb); MatroskaLevel level; int i; for (i=0; inb_elem; i++) { + MatroskaSeekhead *seekhead = seekhead_list->elem; int64_t offset = seekhead[i].pos + matroska->segment_start; if (seekhead[i].pos <= before_pos @@ -1462,11 +1481,13 @@ static int matroska_deliver_packet(MatroskaDemuxContext *matroska, memcpy(pkt, matroska->packets[0], sizeof(AVPacket)); av_free(matroska->packets[0]); if (matroska->num_packets > 1) { + void *newpackets; memmove(&matroska->packets[0], &matroska->packets[1], (matroska->num_packets - 1) * sizeof(AVPacket *)); - matroska->packets = - av_realloc(matroska->packets, (matroska->num_packets - 1) * - sizeof(AVPacket *)); + newpackets = av_realloc(matroska->packets, + (matroska->num_packets - 1) * sizeof(AVPacket *)); + if (newpackets) + matroska->packets = newpackets; } else { av_freep(&matroska->packets); } @@ -1482,6 +1503,7 @@ static int matroska_deliver_packet(MatroskaDemuxContext *matroska, */ static void matroska_clear_queue(MatroskaDemuxContext *matroska) { + matroska->prev_pkt = NULL; if (matroska->packets) { int n; for (n = 0; n < matroska->num_packets; n++) { @@ -1620,7 +1642,7 @@ static int matroska_parse_block(MatroskaDemuxContext *matroska, uint8_t *data, lace_size[n] = lace_size[n - 1] + snum; total += lace_size[n]; } - lace_size[n] = size - total; + lace_size[laces - 1] = size - total; break; } } @@ -1799,10 +1821,11 @@ static int matroska_read_seek(AVFormatContext *s, int stream_index, if (tracks[i].type == MATROSKA_TRACK_TYPE_SUBTITLE && !tracks[i].stream->discard != AVDISCARD_ALL) { index_sub = av_index_search_timestamp(tracks[i].stream, st->index_entries[index].timestamp, AVSEEK_FLAG_BACKWARD); - if (index_sub >= 0 - && st->index_entries[index_sub].pos < st->index_entries[index_min].pos - && st->index_entries[index].timestamp - st->index_entries[index_sub].timestamp < 30000000000/matroska->time_scale) - index_min = index_sub; + while(index_sub >= 0 + && index_min >= 0 + && tracks[i].stream->index_entries[index_sub].pos < st->index_entries[index_min].pos + && st->index_entries[index].timestamp - tracks[i].stream->index_entries[index_sub].timestamp < 30000000000/matroska->time_scale) + index_min--; } } diff --git a/libavformat/mm.c b/libavformat/mm.c index 6c621ab493..1868e900bc 100644 --- a/libavformat/mm.c +++ b/libavformat/mm.c @@ -162,7 +162,6 @@ static int mm_read_packet(AVFormatContext *s, case MM_TYPE_AUDIO : if (av_get_packet(s->pb, pkt, length)<0) return AVERROR(ENOMEM); - pkt->size = length; pkt->stream_index = 1; pkt->pts = mm->audio_pts++; return 0; diff --git a/libavformat/mov.c b/libavformat/mov.c index b34326c3cf..c55b8b2a35 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -238,10 +238,15 @@ static int mov_read_default(MOVContext *c, ByteIOContext *pb, MOVAtom atom) static int mov_read_dref(MOVContext *c, ByteIOContext *pb, MOVAtom atom) { - AVStream *st = c->fc->streams[c->fc->nb_streams-1]; - MOVStreamContext *sc = st->priv_data; + AVStream *st; + MOVStreamContext *sc; int entries, i, j; + if (c->fc->nb_streams < 1) + return 0; + st = c->fc->streams[c->fc->nb_streams-1]; + sc = st->priv_data; + get_be32(pb); // version + flags entries = get_be32(pb); if (entries >= UINT_MAX / sizeof(*sc->drefs)) @@ -381,9 +386,13 @@ static const AVCodecTag mp4_audio_types[] = { static int mov_read_esds(MOVContext *c, ByteIOContext *pb, MOVAtom atom) { - AVStream *st = c->fc->streams[c->fc->nb_streams-1]; + AVStream *st; int tag, len; + if (c->fc->nb_streams < 1) + return 0; + st = c->fc->streams[c->fc->nb_streams-1]; + get_be32(pb); /* version + flags */ len = mp4_read_descr(c, pb, &tag); if (tag == MP4ESDescrTag) { @@ -440,7 +449,12 @@ static int mov_read_pasp(MOVContext *c, ByteIOContext *pb, MOVAtom atom) { const int num = get_be32(pb); const int den = get_be32(pb); - AVStream * const st = c->fc->streams[c->fc->nb_streams-1]; + AVStream *st; + + if (c->fc->nb_streams < 1) + return 0; + st = c->fc->streams[c->fc->nb_streams-1]; + if (den != 0) { if ((st->sample_aspect_ratio.den != 1 || st->sample_aspect_ratio.num) && // default (den != st->sample_aspect_ratio.den || num != st->sample_aspect_ratio.num)) @@ -494,12 +508,18 @@ static int mov_read_moof(MOVContext *c, ByteIOContext *pb, MOVAtom atom) static int mov_read_mdhd(MOVContext *c, ByteIOContext *pb, MOVAtom atom) { - AVStream *st = c->fc->streams[c->fc->nb_streams-1]; - MOVStreamContext *sc = st->priv_data; - int version = get_byte(pb); + AVStream *st; + MOVStreamContext *sc; + int version; char language[4] = {0}; unsigned lang; + if (c->fc->nb_streams < 1) + return 0; + st = c->fc->streams[c->fc->nb_streams-1]; + sc = st->priv_data; + + version = get_byte(pb); if (version > 1) return -1; /* unsupported */ @@ -561,7 +581,11 @@ static int mov_read_mvhd(MOVContext *c, ByteIOContext *pb, MOVAtom atom) static int mov_read_smi(MOVContext *c, ByteIOContext *pb, MOVAtom atom) { - AVStream *st = c->fc->streams[c->fc->nb_streams-1]; + AVStream *st; + + if (c->fc->nb_streams < 1) + return 0; + st = c->fc->streams[c->fc->nb_streams-1]; if((uint64_t)atom.size > (1<<30)) return -1; @@ -581,9 +605,14 @@ static int mov_read_smi(MOVContext *c, ByteIOContext *pb, MOVAtom atom) static int mov_read_enda(MOVContext *c, ByteIOContext *pb, MOVAtom atom) { - AVStream *st = c->fc->streams[c->fc->nb_streams-1]; - int little_endian = get_be16(pb); + AVStream *st; + int little_endian; + if (c->fc->nb_streams < 1) + return 0; + st = c->fc->streams[c->fc->nb_streams-1]; + + little_endian = get_be16(pb); dprintf(c->fc, "enda %d\n", little_endian); if (little_endian == 1) { switch (st->codec->codec_id) { @@ -633,7 +662,11 @@ static int mov_read_extradata(MOVContext *c, ByteIOContext *pb, MOVAtom atom) static int mov_read_wave(MOVContext *c, ByteIOContext *pb, MOVAtom atom) { - AVStream *st = c->fc->streams[c->fc->nb_streams-1]; + AVStream *st; + + if (c->fc->nb_streams < 1) + return 0; + st = c->fc->streams[c->fc->nb_streams-1]; if((uint64_t)atom.size > (1<<30)) return -1; @@ -660,7 +693,11 @@ static int mov_read_wave(MOVContext *c, ByteIOContext *pb, MOVAtom atom) */ static int mov_read_glbl(MOVContext *c, ByteIOContext *pb, MOVAtom atom) { - AVStream *st = c->fc->streams[c->fc->nb_streams-1]; + AVStream *st; + + if (c->fc->nb_streams < 1) + return 0; + st = c->fc->streams[c->fc->nb_streams-1]; if((uint64_t)atom.size > (1<<30)) return -1; @@ -676,10 +713,15 @@ static int mov_read_glbl(MOVContext *c, ByteIOContext *pb, MOVAtom atom) static int mov_read_stco(MOVContext *c, ByteIOContext *pb, MOVAtom atom) { - AVStream *st = c->fc->streams[c->fc->nb_streams-1]; - MOVStreamContext *sc = st->priv_data; + AVStream *st; + MOVStreamContext *sc; unsigned int i, entries; + if (c->fc->nb_streams < 1) + return 0; + st = c->fc->streams[c->fc->nb_streams-1]; + sc = st->priv_data; + get_byte(pb); /* version */ get_be24(pb); /* flags */ @@ -742,10 +784,15 @@ static enum CodecID mov_get_lpcm_codec_id(int bps, int flags) static int mov_read_stsd(MOVContext *c, ByteIOContext *pb, MOVAtom atom) { - AVStream *st = c->fc->streams[c->fc->nb_streams-1]; - MOVStreamContext *sc = st->priv_data; + AVStream *st; + MOVStreamContext *sc; int j, entries, pseudo_stream_id; + if (c->fc->nb_streams < 1) + return 0; + st = c->fc->streams[c->fc->nb_streams-1]; + sc = st->priv_data; + get_byte(pb); /* version */ get_be24(pb); /* flags */ @@ -1064,10 +1111,15 @@ static int mov_read_stsd(MOVContext *c, ByteIOContext *pb, MOVAtom atom) static int mov_read_stsc(MOVContext *c, ByteIOContext *pb, MOVAtom atom) { - AVStream *st = c->fc->streams[c->fc->nb_streams-1]; - MOVStreamContext *sc = st->priv_data; + AVStream *st; + MOVStreamContext *sc; unsigned int i, entries; + if (c->fc->nb_streams < 1) + return 0; + st = c->fc->streams[c->fc->nb_streams-1]; + sc = st->priv_data; + get_byte(pb); /* version */ get_be24(pb); /* flags */ @@ -1092,10 +1144,15 @@ static int mov_read_stsc(MOVContext *c, ByteIOContext *pb, MOVAtom atom) static int mov_read_stss(MOVContext *c, ByteIOContext *pb, MOVAtom atom) { - AVStream *st = c->fc->streams[c->fc->nb_streams-1]; - MOVStreamContext *sc = st->priv_data; + AVStream *st; + MOVStreamContext *sc; unsigned int i, entries; + if (c->fc->nb_streams < 1) + return 0; + st = c->fc->streams[c->fc->nb_streams-1]; + sc = st->priv_data; + get_byte(pb); /* version */ get_be24(pb); /* flags */ @@ -1119,10 +1176,15 @@ static int mov_read_stss(MOVContext *c, ByteIOContext *pb, MOVAtom atom) static int mov_read_stsz(MOVContext *c, ByteIOContext *pb, MOVAtom atom) { - AVStream *st = c->fc->streams[c->fc->nb_streams-1]; - MOVStreamContext *sc = st->priv_data; + AVStream *st; + MOVStreamContext *sc; unsigned int i, entries, sample_size; + if (c->fc->nb_streams < 1) + return 0; + st = c->fc->streams[c->fc->nb_streams-1]; + sc = st->priv_data; + get_byte(pb); /* version */ get_be24(pb); /* flags */ @@ -1150,12 +1212,17 @@ static int mov_read_stsz(MOVContext *c, ByteIOContext *pb, MOVAtom atom) static int mov_read_stts(MOVContext *c, ByteIOContext *pb, MOVAtom atom) { - AVStream *st = c->fc->streams[c->fc->nb_streams-1]; - MOVStreamContext *sc = st->priv_data; + AVStream *st; + MOVStreamContext *sc; unsigned int i, entries; int64_t duration=0; int64_t total_sample_count=0; + if (c->fc->nb_streams < 1) + return 0; + st = c->fc->streams[c->fc->nb_streams-1]; + sc = st->priv_data; + get_byte(pb); /* version */ get_be24(pb); /* flags */ entries = get_be32(pb); @@ -1194,10 +1261,15 @@ static int mov_read_stts(MOVContext *c, ByteIOContext *pb, MOVAtom atom) static int mov_read_ctts(MOVContext *c, ByteIOContext *pb, MOVAtom atom) { - AVStream *st = c->fc->streams[c->fc->nb_streams-1]; - MOVStreamContext *sc = st->priv_data; + AVStream *st; + MOVStreamContext *sc; unsigned int i, entries; + if (c->fc->nb_streams < 1) + return 0; + st = c->fc->streams[c->fc->nb_streams-1]; + sc = st->priv_data; + get_byte(pb); /* version */ get_be24(pb); /* flags */ entries = get_be32(pb); @@ -1504,10 +1576,16 @@ static int mov_read_tkhd(MOVContext *c, ByteIOContext *pb, MOVAtom atom) int height; int64_t disp_transform[2]; int display_matrix[3][2]; - AVStream *st = c->fc->streams[c->fc->nb_streams-1]; - MOVStreamContext *sc = st->priv_data; - int version = get_byte(pb); + AVStream *st; + MOVStreamContext *sc; + int version; + if (c->fc->nb_streams < 1) + return 0; + st = c->fc->streams[c->fc->nb_streams-1]; + sc = st->priv_data; + + version = get_byte(pb); get_be24(pb); /* flags */ /* MOV_TRACK_ENABLED 0x0001 @@ -1776,9 +1854,13 @@ free_and_return: /* edit list atom */ static int mov_read_elst(MOVContext *c, ByteIOContext *pb, MOVAtom atom) { - MOVStreamContext *sc = c->fc->streams[c->fc->nb_streams-1]->priv_data; + MOVStreamContext *sc; int i, edit_count; + if (c->fc->nb_streams < 1) + return 0; + sc = c->fc->streams[c->fc->nb_streams-1]->priv_data; + get_byte(pb); /* version */ get_be24(pb); /* flags */ edit_count = get_be32(pb); /* entries */ diff --git a/libavformat/mp3.c b/libavformat/mp3.c index fa383d6512..ca414082ea 100644 --- a/libavformat/mp3.c +++ b/libavformat/mp3.c @@ -246,8 +246,17 @@ static void id3v2_parse(AVFormatContext *s, int len, uint8_t version, uint8_t fl goto error; } - if(isv34 && flags & 0x40) /* Extended header present, just skip over it */ - url_fskip(s->pb, id3v2_get_size(s->pb, 4)); + if (isv34 && flags & 0x40) { /* Extended header present, just skip over it */ + int extlen = id3v2_get_size(s->pb, 4); + if (version == 4) + extlen -= 4; // in v2.4 the length includes the length field we just read + + if (extlen < 0) { + reason = "invalid extended header length"; + goto error; + } + url_fskip(s->pb, extlen); + } while(len >= taghdrlen) { if(isv34) { diff --git a/libavformat/mpegts.c b/libavformat/mpegts.c index 33e618c058..c3045d9237 100644 --- a/libavformat/mpegts.c +++ b/libavformat/mpegts.c @@ -769,7 +769,7 @@ static void sdt_cb(MpegTSFilter *filter, const uint8_t *section, int section_len break; desc_len = get8(&p, desc_list_end); desc_end = p + desc_len; - if (desc_end > desc_list_end) + if (desc_len < 0 || desc_end > desc_list_end) break; #ifdef DEBUG_SI av_log(ts->stream, AV_LOG_DEBUG, "tag: 0x%02x len=%d\n", diff --git a/libavformat/nsvdec.c b/libavformat/nsvdec.c index 719337c898..25b3d6c4ae 100644 --- a/libavformat/nsvdec.c +++ b/libavformat/nsvdec.c @@ -317,7 +317,9 @@ static int nsv_parse_NSVf_header(AVFormatContext *s, AVFormatParameters *ap) char *token, *value; char quote; - p = strings = av_mallocz(strings_size + 1); + p = strings = av_mallocz((size_t)strings_size + 1); + if (!p) + return AVERROR(ENOMEM); endp = strings + strings_size; get_buffer(pb, strings, strings_size); while (p < endp) { @@ -351,6 +353,8 @@ static int nsv_parse_NSVf_header(AVFormatContext *s, AVFormatParameters *ap) if((unsigned)table_entries >= UINT_MAX / sizeof(uint32_t)) return -1; nsv->nsvf_index_data = av_malloc(table_entries * sizeof(uint32_t)); + if (!nsv->nsvf_index_data) + return AVERROR(ENOMEM); #warning "FIXME: Byteswap buffer as needed" get_buffer(pb, (unsigned char *)nsv->nsvf_index_data, table_entries * sizeof(uint32_t)); } @@ -507,11 +511,16 @@ static int nsv_read_header(AVFormatContext *s, AVFormatParameters *ap) for (i = 0; i < NSV_MAX_RESYNC_TRIES; i++) { if (nsv_resync(s) < 0) return -1; - if (nsv->state == NSV_FOUND_NSVF) + if (nsv->state == NSV_FOUND_NSVF) { err = nsv_parse_NSVf_header(s, ap); + if (err < 0) + return err; + } /* we need the first NSVs also... */ if (nsv->state == NSV_FOUND_NSVS) { err = nsv_parse_NSVs_header(s, ap); + if (err < 0) + return err; break; /* we just want the first one */ } } @@ -586,12 +595,12 @@ null_chunk_retry: } /* map back streams to v,a */ - if (s->streams[0]) + if (s->nb_streams > 0) st[s->streams[0]->id] = s->streams[0]; - if (s->streams[1]) + if (s->nb_streams > 1) st[s->streams[1]->id] = s->streams[1]; - if (vsize/* && st[NSV_ST_VIDEO]*/) { + if (vsize && st[NSV_ST_VIDEO]) { nst = st[NSV_ST_VIDEO]->priv_data; pkt = &nsv->ahead[NSV_ST_VIDEO]; av_get_packet(pb, pkt, vsize); @@ -606,7 +615,7 @@ null_chunk_retry: if(st[NSV_ST_VIDEO]) ((NSVStream*)st[NSV_ST_VIDEO]->priv_data)->frame_offset++; - if (asize/*st[NSV_ST_AUDIO]*/) { + if (asize && st[NSV_ST_AUDIO]) { nst = st[NSV_ST_AUDIO]->priv_data; pkt = &nsv->ahead[NSV_ST_AUDIO]; /* read raw audio specific header on the first audio chunk... */ diff --git a/libavformat/oggdec.c b/libavformat/oggdec.c index 28dc56eeb9..469f54dca6 100644 --- a/libavformat/oggdec.c +++ b/libavformat/oggdec.c @@ -66,8 +66,7 @@ ogg_save (AVFormatContext * s) for (i = 0; i < ogg->nstreams; i++){ struct ogg_stream *os = ogg->streams + i; - os->buf = av_malloc (os->bufsize); - memset (os->buf, 0, os->bufsize); + os->buf = av_mallocz (os->bufsize + FF_INPUT_BUFFER_PADDING_SIZE); memcpy (os->buf, ost->streams[i].buf, os->bufpos); } @@ -90,14 +89,24 @@ ogg_restore (AVFormatContext * s, int discard) ogg->state = ost->next; if (!discard){ + struct ogg_stream *old_streams = ogg->streams; + for (i = 0; i < ogg->nstreams; i++) av_free (ogg->streams[i].buf); url_fseek (bc, ost->pos, SEEK_SET); ogg->curidx = ost->curidx; ogg->nstreams = ost->nstreams; - memcpy(ogg->streams, ost->streams, - ost->nstreams * sizeof(*ogg->streams)); + ogg->streams = av_realloc (ogg->streams, + ogg->nstreams * sizeof (*ogg->streams)); + + if (ogg->streams) { + memcpy(ogg->streams, ost->streams, + ost->nstreams * sizeof(*ogg->streams)); + } else { + av_free(old_streams); + ogg->nstreams = 0; + } } av_free (ost); @@ -160,13 +169,18 @@ ogg_new_stream (AVFormatContext * s, uint32_t serial) AVStream *st; struct ogg_stream *os; - ogg->streams = av_realloc (ogg->streams, - ogg->nstreams * sizeof (*ogg->streams)); + os = av_realloc (ogg->streams, ogg->nstreams * sizeof (*ogg->streams)); + + if (!os) + return AVERROR(ENOMEM); + + ogg->streams = os; + memset (ogg->streams + idx, 0, sizeof (*ogg->streams)); os = ogg->streams + idx; os->serial = serial; os->bufsize = DECODER_BUFFER_SIZE; - os->buf = av_malloc(os->bufsize); + os->buf = av_malloc(os->bufsize + FF_INPUT_BUFFER_PADDING_SIZE); os->header = -1; st = av_new_stream (s, idx); @@ -182,7 +196,7 @@ static int ogg_new_buf(struct ogg *ogg, int idx) { struct ogg_stream *os = ogg->streams + idx; - uint8_t *nb = av_malloc(os->bufsize); + uint8_t *nb = av_malloc(os->bufsize + FF_INPUT_BUFFER_PADDING_SIZE); int size = os->bufpos - os->pstart; if(os->buf){ memcpy(nb, os->buf + os->pstart, size); @@ -279,7 +293,9 @@ ogg_read_page (AVFormatContext * s, int *str) } if (os->bufsize - os->bufpos < size){ - uint8_t *nb = av_malloc (os->bufsize *= 2); + uint8_t *nb = av_malloc ((os->bufsize *= 2) + FF_INPUT_BUFFER_PADDING_SIZE); + if (!nb) + return AVERROR(ENOMEM); memcpy (nb, os->buf, os->bufpos); av_free (os->buf); os->buf = nb; @@ -293,6 +309,7 @@ ogg_read_page (AVFormatContext * s, int *str) os->granule = gp; os->flags = flags; + memset(os->buf + os->bufpos, 0, FF_INPUT_BUFFER_PADDING_SIZE); if (str) *str = idx; @@ -477,12 +494,17 @@ static int ogg_read_header (AVFormatContext * s, AVFormatParameters * ap) { struct ogg *ogg = s->priv_data; + int i; ogg->curidx = -1; //linear headers seek from start if (ogg_get_headers (s) < 0){ return -1; } + for (i = 0; i < ogg->nstreams; i++) + if (ogg->streams[i].header < 0) + ogg->streams[i].codec = NULL; + //linear granulepos seek from end ogg_get_length (s); diff --git a/libavformat/oggparsevorbis.c b/libavformat/oggparsevorbis.c index 7c97807c01..82029daf93 100644 --- a/libavformat/oggparsevorbis.c +++ b/libavformat/oggparsevorbis.c @@ -35,27 +35,28 @@ vorbis_comment(AVFormatContext * as, uint8_t *buf, int size) { const uint8_t *p = buf; const uint8_t *end = buf + size; - unsigned s, n, j; + unsigned n, j; + int s; if (size < 8) /* must have vendor_length and user_comment_list_length */ return -1; s = bytestream_get_le32(&p); - if (end - p < s) + if (end - p - 4 < s || s < 0) return -1; p += s; n = bytestream_get_le32(&p); - while (p < end && n > 0) { + while (end - p >= 4 && n > 0) { const char *t, *v; int tl, vl; s = bytestream_get_le32(&p); - if (end - p < s) + if (end - p < s || s < 0) break; t = p; diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c index 5e3b3c760c..65bc79c332 100644 --- a/libavformat/rmdec.c +++ b/libavformat/rmdec.c @@ -154,8 +154,9 @@ static int rm_read_audio_stream_info(AVFormatContext *s, ByteIOContext *pb, ast->audio_framesize = st->codec->block_align; st->codec->block_align = coded_framesize; - if(ast->audio_framesize >= UINT_MAX / sub_packet_h){ - av_log(s, AV_LOG_ERROR, "ast->audio_framesize * sub_packet_h too large\n"); + if (ast->audio_framesize <= 0 || sub_packet_h <= 0 || + ast->audio_framesize >= UINT_MAX / sub_packet_h){ + av_log(s, AV_LOG_ERROR, "ast->audio_framesize * sub_packet_h is invalid\n"); return -1; } @@ -185,8 +186,9 @@ static int rm_read_audio_stream_info(AVFormatContext *s, ByteIOContext *pb, ast->audio_framesize = st->codec->block_align; st->codec->block_align = ast->sub_packet_size; - if(ast->audio_framesize >= UINT_MAX / sub_packet_h){ - av_log(s, AV_LOG_ERROR, "rm->audio_framesize * sub_packet_h too large\n"); + if (ast->audio_framesize <= 0 || sub_packet_h <= 0 || + ast->audio_framesize >= UINT_MAX / sub_packet_h){ + av_log(s, AV_LOG_ERROR, "rm->audio_framesize * sub_packet_h is invalid\n"); return -1; } diff --git a/libavformat/segafilm.c b/libavformat/segafilm.c index ae1263cf98..c1da78998d 100644 --- a/libavformat/segafilm.c +++ b/libavformat/segafilm.c @@ -111,11 +111,16 @@ static int film_read_header(AVFormatContext *s, film->audio_samplerate = AV_RB16(&scratch[24]); film->audio_channels = scratch[21]; film->audio_bits = scratch[22]; - if (film->audio_bits == 8) - film->audio_type = CODEC_ID_PCM_S8; - else if (film->audio_bits == 16) - film->audio_type = CODEC_ID_PCM_S16BE; - else + if (scratch[23] == 2) + film->audio_type = CODEC_ID_ADPCM_ADX; + else if (film->audio_channels > 0) { + if (film->audio_bits == 8) + film->audio_type = CODEC_ID_PCM_S8; + else if (film->audio_bits == 16) + film->audio_type = CODEC_ID_PCM_S16BE; + else + film->audio_type = CODEC_ID_NONE; + } else film->audio_type = CODEC_ID_NONE; } @@ -167,6 +172,8 @@ static int film_read_header(AVFormatContext *s, if(film->sample_count >= UINT_MAX / sizeof(film_sample)) return -1; film->sample_table = av_malloc(film->sample_count * sizeof(film_sample)); + if (!film->sample_table) + return AVERROR(ENOMEM); for(i=0; inb_streams; i++) av_set_pts_info(s->streams[i], 33, 1, film->base_clock); @@ -187,8 +194,12 @@ static int film_read_header(AVFormatContext *s, film->sample_table[i].pts *= film->base_clock; film->sample_table[i].pts /= film->audio_samplerate; - audio_frame_counter += (film->sample_table[i].sample_size / - (film->audio_channels * film->audio_bits / 8)); + if (film->audio_type == CODEC_ID_ADPCM_ADX) + audio_frame_counter += (film->sample_table[i].sample_size * 32 / + (18 * film->audio_channels)); + else if (film->audio_type != CODEC_ID_NONE) + audio_frame_counter += (film->sample_table[i].sample_size / + (film->audio_channels * film->audio_bits / 8)); } else { film->sample_table[i].stream = film->video_stream_index; film->sample_table[i].pts = AV_RB32(&scratch[8]) & 0x7FFFFFFF; @@ -238,6 +249,10 @@ static int film_read_packet(AVFormatContext *s, av_free(film->stereo_buffer); film->stereo_buffer_size = sample->sample_size; film->stereo_buffer = av_malloc(film->stereo_buffer_size); + if (!film->stereo_buffer) { + film->stereo_buffer_size = 0; + return AVERROR(ENOMEM); + } } pkt->pos= url_ftell(pb); diff --git a/libavformat/smacker.c b/libavformat/smacker.c index 8ec28bcd3b..b4fc5f7176 100644 --- a/libavformat/smacker.c +++ b/libavformat/smacker.c @@ -284,6 +284,10 @@ static int smacker_read_packet(AVFormatContext *s, AVPacket *pkt) frame_size -= 4; smk->curstream++; smk->bufs[smk->curstream] = av_realloc(smk->bufs[smk->curstream], size); + if (!smk->bufs[smk->curstream]) { + smk->buf_sizes[smk->curstream] = 0; + return AVERROR(ENOMEM); + } smk->buf_sizes[smk->curstream] = size; ret = get_buffer(s->pb, smk->bufs[smk->curstream], size); if(ret != size) @@ -292,7 +296,9 @@ static int smacker_read_packet(AVFormatContext *s, AVPacket *pkt) } flags >>= 1; } - if (av_new_packet(pkt, frame_size + 768)) + if (frame_size < 0) + return AVERROR_INVALIDDATA; + if (av_new_packet(pkt, frame_size + 769)) return AVERROR(ENOMEM); if(smk->frm_size[smk->cur_frame] & 1) palchange |= 2; diff --git a/libavformat/swfenc.c b/libavformat/swfenc.c index b433f6b713..c1bb2b7023 100644 --- a/libavformat/swfenc.c +++ b/libavformat/swfenc.c @@ -496,8 +496,10 @@ static int swf_write_trailer(AVFormatContext *s) put_le32(pb, file_size); url_fseek(pb, swf->duration_pos, SEEK_SET); put_le16(pb, swf->video_frame_number); + if (swf->vframes_pos) { url_fseek(pb, swf->vframes_pos, SEEK_SET); put_le16(pb, swf->video_frame_number); + } url_fseek(pb, file_size, SEEK_SET); } return 0; diff --git a/libavformat/utils.c b/libavformat/utils.c index 900bd206e1..271502327f 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -680,7 +680,10 @@ static void compute_frame_duration(int *pnum, int *pden, AVStream *st, *pnum = st->codec->time_base.num; *pden = st->codec->time_base.den; if (pc && pc->repeat_pict) { - *pnum = (*pnum) * (1 + pc->repeat_pict); + if (*pnum > INT_MAX / (1 + pc->repeat_pict)) + *pden /= 1 + pc->repeat_pict; + else + *pnum *= 1 + pc->repeat_pict; } } break; @@ -1515,10 +1518,7 @@ static int av_seek_frame_generic(AVFormatContext *s, return ret; } for(i=0;; i++) { - int ret; - do{ - ret = av_read_frame(s, &pkt); - }while(ret == AVERROR(EAGAIN)); + int ret = av_read_frame(s, &pkt); if(ret<0) break; av_free_packet(&pkt); @@ -1741,9 +1741,7 @@ static void av_estimate_timings_from_pts(AVFormatContext *ic, int64_t old_offset if (i == ic->nb_streams) break; - do{ - ret = av_read_packet(ic, pkt); - }while(ret == AVERROR(EAGAIN)); + ret = av_read_packet(ic, pkt); if (ret != 0) break; read_size += pkt->size; @@ -1768,9 +1766,7 @@ static void av_estimate_timings_from_pts(AVFormatContext *ic, int64_t old_offset if (read_size >= DURATION_MAX_READ_SIZE) break; - do{ - ret = av_read_packet(ic, pkt); - }while(ret == AVERROR(EAGAIN)); + ret = av_read_packet(ic, pkt); if (ret != 0) break; read_size += pkt->size; @@ -2079,8 +2075,6 @@ int av_find_stream_info(AVFormatContext *ic) /* NOTE: a new stream can be added there if no header in file (AVFMTCTX_NOHEADER) */ ret = av_read_frame_internal(ic, &pkt1); - if(ret == AVERROR(EAGAIN)) - continue; if (ret < 0) { /* EOF or error */ ret = -1; /* we could not have all the codec parameters before EOF */ @@ -3295,7 +3289,7 @@ char *ff_data_to_hex(char *buff, const uint8_t *src, int s) } void av_set_pts_info(AVStream *s, int pts_wrap_bits, - int pts_num, int pts_den) + unsigned int pts_num, unsigned int pts_den) { unsigned int gcd= av_gcd(pts_num, pts_den); s->pts_wrap_bits = pts_wrap_bits; diff --git a/libavformat/westwood.c b/libavformat/westwood.c index d2736accc5..7ca179717c 100644 --- a/libavformat/westwood.c +++ b/libavformat/westwood.c @@ -279,10 +279,8 @@ static int wsvqa_read_header(AVFormatContext *s, /* there are 0 or more chunks before the FINF chunk; iterate until * FINF has been skipped and the file will be ready to be demuxed */ do { - if (get_buffer(pb, scratch, VQA_PREAMBLE_SIZE) != VQA_PREAMBLE_SIZE) { - av_free(st->codec->extradata); + if (get_buffer(pb, scratch, VQA_PREAMBLE_SIZE) != VQA_PREAMBLE_SIZE) return AVERROR(EIO); - } chunk_tag = AV_RB32(&scratch[0]); chunk_size = AV_RB32(&scratch[4]); diff --git a/libavformat/yuv4mpeg.c b/libavformat/yuv4mpeg.c index 3fd7927884..19e8be7636 100644 --- a/libavformat/yuv4mpeg.c +++ b/libavformat/yuv4mpeg.c @@ -152,6 +152,11 @@ static int yuv4_write_header(AVFormatContext *s) if (s->nb_streams != 1) return AVERROR(EIO); + if (s->streams[0]->codec->codec_id != CODEC_ID_RAWVIDEO) { + av_log(s, AV_LOG_ERROR, "ERROR: Only rawvideo supported.\n"); + return AVERROR_INVALIDDATA; + } + if (s->streams[0]->codec->pix_fmt == PIX_FMT_YUV411P) { av_log(s, AV_LOG_ERROR, "Warning: generating rarely used 4:1:1 YUV stream, some mjpegtools might not work.\n"); } @@ -340,7 +345,7 @@ static int yuv4_read_packet(AVFormatContext *s, AVPacket *pkt) { int i; char header[MAX_FRAME_HEADER+1]; - int packet_size, width, height; + int packet_size, width, height, ret; AVStream *st = s->streams[0]; struct frame_attributes *s1 = s->priv_data; @@ -351,18 +356,28 @@ static int yuv4_read_packet(AVFormatContext *s, AVPacket *pkt) break; } } - if (i == MAX_FRAME_HEADER) return -1; - if (strncmp(header, Y4M_FRAME_MAGIC, strlen(Y4M_FRAME_MAGIC))) return -1; + if (s->pb->error) + return s->pb->error; + else if (s->pb->eof_reached) + return AVERROR_EOF; + else if (i == MAX_FRAME_HEADER) + return AVERROR_INVALIDDATA; + + if (strncmp(header, Y4M_FRAME_MAGIC, strlen(Y4M_FRAME_MAGIC))) + return AVERROR_INVALIDDATA; width = st->codec->width; height = st->codec->height; packet_size = avpicture_get_size(st->codec->pix_fmt, width, height); if (packet_size < 0) - return -1; + return packet_size; - if (av_get_packet(s->pb, pkt, packet_size) != packet_size) - return AVERROR(EIO); + ret = av_get_packet(s->pb, pkt, packet_size); + if (ret < 0) + return ret; + else if (ret != packet_size) + return s->pb->eof_reached ? AVERROR_EOF : AVERROR(EIO); if (s->streams[0]->codec->coded_frame) { s->streams[0]->codec->coded_frame->interlaced_frame = s1->interlaced_frame; diff --git a/libavutil/internal.h b/libavutil/internal.h index f5f769e2c0..792fd29a6c 100644 --- a/libavutil/internal.h +++ b/libavutil/internal.h @@ -256,11 +256,11 @@ if((y)<(x)){\ } #if defined(__ICC) || defined(__SUNPRO_C) - #define DECLARE_ALIGNED(n,t,v) t v __attribute__ ((aligned (n))) + #define DECLARE_ALIGNED(n,t,v) t __attribute__ ((aligned (n))) v #define DECLARE_ASM_CONST(n,t,v) const t __attribute__ ((aligned (n))) v #elif defined(__GNUC__) - #define DECLARE_ALIGNED(n,t,v) t v __attribute__ ((aligned (n))) - #define DECLARE_ASM_CONST(n,t,v) static const t v attribute_used __attribute__ ((aligned (n))) + #define DECLARE_ALIGNED(n,t,v) t __attribute__ ((aligned (n))) v + #define DECLARE_ASM_CONST(n,t,v) static const t attribute_used __attribute__ ((aligned (n))) v #elif defined(_MSC_VER) #define DECLARE_ALIGNED(n,t,v) __declspec(align(n)) t v #define DECLARE_ASM_CONST(n,t,v) __declspec(align(n)) static const t v diff --git a/libavutil/libavutil.v b/libavutil/libavutil.v new file mode 100644 index 0000000000..ec52f2be7a --- /dev/null +++ b/libavutil/libavutil.v @@ -0,0 +1,4 @@ +LIBAVUTIL_$MAJOR { + global: av_*; ff_*; avutil_*; + local: *; +}; diff --git a/libavutil/log.c b/libavutil/log.c index 4bb9652c2c..fb773d0712 100644 --- a/libavutil/log.c +++ b/libavutil/log.c @@ -33,7 +33,8 @@ void av_log_default_callback(void* ptr, int level, const char* fmt, va_list vl) { static int print_prefix=1; static int count; - static char line[1024], prev[1024]; + static char prev[1024]; + char line[1024]; AVClass* avc= ptr ? *(AVClass**)ptr : NULL; if(level>av_log_level) return; diff --git a/libavutil/lzo.c b/libavutil/lzo.c index 83fa9bfbaf..e284fa8f26 100644 --- a/libavutil/lzo.c +++ b/libavutil/lzo.c @@ -62,7 +62,13 @@ static inline int get_byte(LZOContext *c) { static inline int get_len(LZOContext *c, int x, int mask) { int cnt = x & mask; if (!cnt) { - while (!(x = get_byte(c))) cnt += 255; + while (!(x = get_byte(c))) { + if (cnt >= INT_MAX - 1000) { + c->error |= AV_LZO_ERROR; + break; + } + cnt += 255; + } cnt += mask + x; } return cnt; @@ -118,10 +124,10 @@ static inline void memcpy_backptr(uint8_t *dst, int back, int cnt); * cnt > back is valid, this will copy the bytes we just copied, * thus creating a repeating pattern with a period length of back. */ -static inline void copy_backptr(LZOContext *c, int back, int cnt) { - register const uint8_t *src = &c->out[-back]; - register uint8_t *dst = c->out; - if (src < c->out_start || src > dst) { +static inline void copy_backptr(LZOContext *c, int back, int cnt) +{ + register uint8_t *dst = c->out; + if (dst - c->out_start < back) { c->error |= AV_LZO_INVALID_BACKPTR; return; } diff --git a/libavutil/mem.c b/libavutil/mem.c index 741450b53f..1ce0b778cc 100644 --- a/libavutil/mem.c +++ b/libavutil/mem.c @@ -113,7 +113,9 @@ void *av_realloc(void *ptr, unsigned int size) //FIXME this isn't aligned correctly, though it probably isn't needed if(!ptr) return av_malloc(size); diff= ((char*)ptr)[-1]; - return (char*)realloc((char*)ptr - diff, size + diff) + diff; + ptr= realloc((char*)ptr - diff, size + diff); + if(ptr) ptr = (char*)ptr + diff; + return ptr; #else return realloc(ptr, size); #endif diff --git a/libpostproc/libpostproc.v b/libpostproc/libpostproc.v new file mode 100644 index 0000000000..e65d76f4f6 --- /dev/null +++ b/libpostproc/libpostproc.v @@ -0,0 +1,4 @@ +LIBPOSTPROC_$MAJOR { + global: postproc_*; pp_*; + local: *; +}; diff --git a/libpostproc/postprocess.c b/libpostproc/postprocess.c index 4cfbaad7ca..b5b6649f93 100644 --- a/libpostproc/postprocess.c +++ b/libpostproc/postprocess.c @@ -554,7 +554,7 @@ static av_always_inline void do_a_deblock_C(uint8_t *src, int step, int stride, //Note: we have C, MMX, MMX2, 3DNOW version there is no 3DNOW+MMX2 one //Plain C versions -#if !(HAVE_MMX || HAVE_ALTIVEC) || defined (RUNTIME_CPUDETECT) +#if !(HAVE_MMX || HAVE_ALTIVEC) || CONFIG_RUNTIME_CPUDETECT #define COMPILE_C #endif @@ -564,15 +564,15 @@ static av_always_inline void do_a_deblock_C(uint8_t *src, int step, int stride, #if ARCH_X86 -#if (HAVE_MMX && !HAVE_AMD3DNOW && !HAVE_MMX2) || defined (RUNTIME_CPUDETECT) +#if (HAVE_MMX && !HAVE_AMD3DNOW && !HAVE_MMX2) || CONFIG_RUNTIME_CPUDETECT #define COMPILE_MMX #endif -#if HAVE_MMX2 || defined (RUNTIME_CPUDETECT) +#if HAVE_MMX2 || CONFIG_RUNTIME_CPUDETECT #define COMPILE_MMX2 #endif -#if (HAVE_AMD3DNOW && !HAVE_MMX2) || defined (RUNTIME_CPUDETECT) +#if (HAVE_AMD3DNOW && !HAVE_MMX2) || CONFIG_RUNTIME_CPUDETECT #define COMPILE_3DNOW #endif #endif /* ARCH_X86 */ @@ -645,7 +645,7 @@ static inline void postProcess(const uint8_t src[], int srcStride, uint8_t dst[] // Using ifs here as they are faster than function pointers although the // difference would not be measurable here but it is much better because // someone might exchange the CPU whithout restarting MPlayer ;) -#ifdef RUNTIME_CPUDETECT +#if CONFIG_RUNTIME_CPUDETECT #if ARCH_X86 // ordered per speed fastest first if(c->cpuCaps & PP_CPU_CAPS_MMX2) @@ -664,7 +664,7 @@ static inline void postProcess(const uint8_t src[], int srcStride, uint8_t dst[] #endif postProcess_C(src, srcStride, dst, dstStride, width, height, QPs, QPStride, isColor, c); #endif -#else //RUNTIME_CPUDETECT +#else //CONFIG_RUNTIME_CPUDETECT #if HAVE_MMX2 postProcess_MMX2(src, srcStride, dst, dstStride, width, height, QPs, QPStride, isColor, c); #elif HAVE_AMD3DNOW @@ -676,7 +676,7 @@ static inline void postProcess(const uint8_t src[], int srcStride, uint8_t dst[] #else postProcess_C(src, srcStride, dst, dstStride, width, height, QPs, QPStride, isColor, c); #endif -#endif //!RUNTIME_CPUDETECT +#endif //!CONFIG_RUNTIME_CPUDETECT } //static void postProcess(uint8_t src[], int srcStride, uint8_t dst[], int dstStride, int width, int height, diff --git a/libswscale/libswscale.v b/libswscale/libswscale.v new file mode 100644 index 0000000000..06e907a228 --- /dev/null +++ b/libswscale/libswscale.v @@ -0,0 +1,3 @@ +LIBSWSCALE_$MAJOR { + global: *; +}; diff --git a/libswscale/swscale.c b/libswscale/swscale.c index 7c335f1680..dd8f27adbc 100644 --- a/libswscale/swscale.c +++ b/libswscale/swscale.c @@ -955,28 +955,27 @@ static inline void yuv2rgbXinC_full(SwsContext *c, int16_t *lumFilter, int16_t * //Note: we have C, X86, MMX, MMX2, 3DNOW versions, there is no 3DNOW+MMX2 one //Plain C versions -#if !HAVE_MMX || defined (RUNTIME_CPUDETECT) || !CONFIG_GPL +#if ((!HAVE_MMX || !CONFIG_GPL) && !HAVE_ALTIVEC) || CONFIG_RUNTIME_CPUDETECT #define COMPILE_C #endif #if ARCH_PPC -#if (HAVE_ALTIVEC || defined (RUNTIME_CPUDETECT)) && CONFIG_GPL -#undef COMPILE_C +#if HAVE_ALTIVEC #define COMPILE_ALTIVEC #endif #endif //ARCH_PPC #if ARCH_X86 -#if ((HAVE_MMX && !HAVE_AMD3DNOW && !HAVE_MMX2) || defined (RUNTIME_CPUDETECT)) && CONFIG_GPL +#if ((HAVE_MMX && !HAVE_AMD3DNOW && !HAVE_MMX2) || CONFIG_RUNTIME_CPUDETECT) && CONFIG_GPL #define COMPILE_MMX #endif -#if (HAVE_MMX2 || defined (RUNTIME_CPUDETECT)) && CONFIG_GPL +#if (HAVE_MMX2 || CONFIG_RUNTIME_CPUDETECT) && CONFIG_GPL #define COMPILE_MMX2 #endif -#if ((HAVE_AMD3DNOW && !HAVE_MMX2) || defined (RUNTIME_CPUDETECT)) && CONFIG_GPL +#if ((HAVE_AMD3DNOW && !HAVE_MMX2) || CONFIG_RUNTIME_CPUDETECT) && CONFIG_GPL #define COMPILE_3DNOW #endif #endif //ARCH_X86 @@ -1637,8 +1636,8 @@ static void globalInit(void){ static SwsFunc getSwsFunc(int flags){ -#if defined(RUNTIME_CPUDETECT) && CONFIG_GPL -#if ARCH_X86 +#if CONFIG_RUNTIME_CPUDETECT +#if ARCH_X86 && CONFIG_GPL // ordered per speed fastest first if (flags & SWS_CPU_CAPS_MMX2) return swScale_MMX2; @@ -1650,15 +1649,15 @@ static SwsFunc getSwsFunc(int flags){ return swScale_C; #else -#if ARCH_PPC +#if ARCH_PPC && defined COMPILE_ALTIVEC if (flags & SWS_CPU_CAPS_ALTIVEC) return swScale_altivec; else return swScale_C; #endif return swScale_C; -#endif /* ARCH_X86 */ -#else //RUNTIME_CPUDETECT +#endif /* ARCH_X86 && CONFIG_GPL */ +#else //CONFIG_RUNTIME_CPUDETECT #if HAVE_MMX2 return swScale_MMX2; #elif HAVE_AMD3DNOW @@ -1670,7 +1669,7 @@ static SwsFunc getSwsFunc(int flags){ #else return swScale_C; #endif -#endif //!RUNTIME_CPUDETECT +#endif //!CONFIG_RUNTIME_CPUDETECT } static int PlanarToNV12Wrapper(SwsContext *c, uint8_t* src[], int srcStride[], int srcSliceY, @@ -2194,7 +2193,7 @@ SwsContext *sws_getContext(int srcW, int srcH, enum PixelFormat srcFormat, int d __asm__ volatile("emms\n\t"::: "memory"); #endif -#if !defined(RUNTIME_CPUDETECT) || !CONFIG_GPL //ensure that the flags match the compiled variant if cpudetect is off +#if !CONFIG_RUNTIME_CPUDETECT //ensure that the flags match the compiled variant if cpudetect is off flags &= ~(SWS_CPU_CAPS_MMX|SWS_CPU_CAPS_MMX2|SWS_CPU_CAPS_3DNOW|SWS_CPU_CAPS_ALTIVEC|SWS_CPU_CAPS_BFIN); #if HAVE_MMX2 flags |= SWS_CPU_CAPS_MMX|SWS_CPU_CAPS_MMX2; @@ -2207,7 +2206,7 @@ SwsContext *sws_getContext(int srcW, int srcH, enum PixelFormat srcFormat, int d #elif ARCH_BFIN flags |= SWS_CPU_CAPS_BFIN; #endif -#endif /* RUNTIME_CPUDETECT */ +#endif /* CONFIG_RUNTIME_CPUDETECT */ if (clip_table[512] != 255) globalInit(); if (!rgb15to16) sws_rgb2rgb_init(flags); diff --git a/libswscale/swscale_altivec_template.c b/libswscale/swscale_altivec_template.c index a008b966e8..0bf620bc83 100644 --- a/libswscale/swscale_altivec_template.c +++ b/libswscale/swscale_altivec_template.c @@ -6,18 +6,18 @@ * * This file is part of FFmpeg. * - * FFmpeg is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. + * FFmpeg is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. * * FFmpeg is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. * - * You should have received a copy of the GNU General Public License - * along with FFmpeg; if not, write to the Free Software + * You should have received a copy of the GNU Lesser General Public + * License along with FFmpeg; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ diff --git a/libswscale/swscale_template.c b/libswscale/swscale_template.c index 3262b6ee85..9016778a9c 100644 --- a/libswscale/swscale_template.c +++ b/libswscale/swscale_template.c @@ -1739,7 +1739,7 @@ static inline void RENAME(bgr24ToY_mmx)(uint8_t *dst, uint8_t *src, long width, static inline void RENAME(bgr24ToUV_mmx)(uint8_t *dstU, uint8_t *dstV, uint8_t *src, long width, int srcFormat) { __asm__ volatile( - "movq 24+%4, %%mm6 \n\t" + "movq 24(%4), %%mm6 \n\t" "mov %3, %%"REG_a" \n\t" "pxor %%mm7, %%mm7 \n\t" "1: \n\t" @@ -1750,9 +1750,9 @@ static inline void RENAME(bgr24ToUV_mmx)(uint8_t *dstU, uint8_t *dstV, uint8_t * "punpcklbw %%mm7, %%mm1 \n\t" "movq %%mm0, %%mm2 \n\t" "movq %%mm1, %%mm3 \n\t" - "pmaddwd %4, %%mm0 \n\t" - "pmaddwd 8+%4, %%mm1 \n\t" - "pmaddwd 16+%4, %%mm2 \n\t" + "pmaddwd (%4), %%mm0 \n\t" + "pmaddwd 8(%4), %%mm1 \n\t" + "pmaddwd 16(%4), %%mm2 \n\t" "pmaddwd %%mm6, %%mm3 \n\t" "paddd %%mm1, %%mm0 \n\t" "paddd %%mm3, %%mm2 \n\t" @@ -1764,9 +1764,9 @@ static inline void RENAME(bgr24ToUV_mmx)(uint8_t *dstU, uint8_t *dstV, uint8_t * "punpcklbw %%mm7, %%mm3 \n\t" "movq %%mm1, %%mm4 \n\t" "movq %%mm3, %%mm5 \n\t" - "pmaddwd %4, %%mm1 \n\t" - "pmaddwd 8+%4, %%mm3 \n\t" - "pmaddwd 16+%4, %%mm4 \n\t" + "pmaddwd (%4), %%mm1 \n\t" + "pmaddwd 8(%4), %%mm3 \n\t" + "pmaddwd 16(%4), %%mm4 \n\t" "pmaddwd %%mm6, %%mm5 \n\t" "paddd %%mm3, %%mm1 \n\t" "paddd %%mm5, %%mm4 \n\t" @@ -1789,7 +1789,7 @@ static inline void RENAME(bgr24ToUV_mmx)(uint8_t *dstU, uint8_t *dstV, uint8_t * "add $4, %%"REG_a" \n\t" " js 1b \n\t" : "+r" (src) - : "r" (dstU+width), "r" (dstV+width), "g" (-width), "m"(ff_bgr24toUV[srcFormat == PIX_FMT_RGB24][0]) + : "r" (dstU+width), "r" (dstV+width), "g" (-width), "r"(ff_bgr24toUV[srcFormat == PIX_FMT_RGB24]) : "%"REG_a ); } @@ -2219,7 +2219,7 @@ static inline void RENAME(hyscale)(SwsContext *c, uint16_t *dst, long dstWidth, } else // fast bilinear upscale / crap downscale { -#if ARCH_X86 +#if ARCH_X86 && CONFIG_GPL #if HAVE_MMX2 int i; #if defined(PIC) @@ -2492,7 +2492,7 @@ inline static void RENAME(hcscale)(SwsContext *c, uint16_t *dst, long dstWidth, } else // fast bilinear upscale / crap downscale { -#if ARCH_X86 +#if ARCH_X86 && CONFIG_GPL #if HAVE_MMX2 int i; #if defined(PIC) diff --git a/libswscale/yuv2rgb.c b/libswscale/yuv2rgb.c index 65af412c2c..c95d07c3e5 100644 --- a/libswscale/yuv2rgb.c +++ b/libswscale/yuv2rgb.c @@ -453,7 +453,7 @@ SwsFunc sws_yuv2rgb_get_func_ptr(SwsContext *c) #if CONFIG_MLIB t = sws_yuv2rgb_init_mlib(c); #endif -#if HAVE_ALTIVEC && CONFIG_GPL +#if HAVE_ALTIVEC if (c->flags & SWS_CPU_CAPS_ALTIVEC) t = sws_yuv2rgb_init_altivec(c); #endif diff --git a/subdir.mak b/subdir.mak index df5bb8a09a..a5f83c5b88 100644 --- a/subdir.mak +++ b/subdir.mak @@ -27,9 +27,9 @@ install-libs: install-lib$(NAME)-shared $(SUBDIR)$(SLIBNAME): $(SUBDIR)$(SLIBNAME_WITH_MAJOR) cd ./$(SUBDIR) && $(LN_S) $(SLIBNAME_WITH_MAJOR) $(SLIBNAME) -$(SUBDIR)$(SLIBNAME_WITH_MAJOR): $(OBJS) +$(SUBDIR)$(SLIBNAME_WITH_MAJOR): $(OBJS) $(SUBDIR)lib$(NAME).ver $(SLIB_CREATE_DEF_CMD) - $(CC) $(SHFLAGS) $(FFLDFLAGS) -o $$@ $$(filter-out $(DEP_LIBS),$$^) $(FFEXTRALIBS) $(EXTRAOBJS) + $(CC) $(SHFLAGS) $(FFLDFLAGS) -o $$@ $$(filter-out $(SUBDIR)lib$(NAME).ver $(DEP_LIBS),$$^) $(FFEXTRALIBS) $(EXTRAOBJS) $(SLIB_EXTRA_CMD) ifdef SUBDIR diff --git a/version.sh b/version.sh index adaa46aa91..9809d6d14e 100755 --- a/version.sh +++ b/version.sh @@ -13,12 +13,16 @@ if ! test $revision; then test $revision && revision=git-$revision fi -# no version number found +# no revision number found test $revision || revision=UNKNOWN -test -n "$3" && revision=$revision-$3 +# releases extract the version number from the VERSION file +version=$(cat VERSION 2> /dev/null) +test $version || version=$revision -NEW_REVISION="#define FFMPEG_VERSION \"$revision\"" +test -n "$3" && version=$version-$3 + +NEW_REVISION="#define FFMPEG_VERSION \"$version\"" OLD_REVISION=$(cat version.h 2> /dev/null) # Update version.h only on revision changes to avoid spurious rebuilds