From bdd2db60c2a60567f51df0a51693e7c35764cb14 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 8 Mar 2013 14:45:26 +0100 Subject: [PATCH 001/452] MAINTAINERS: update for 1.2 Signed-off-by: Michael Niedermayer --- MAINTAINERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MAINTAINERS b/MAINTAINERS index 3319359bdf..32efcab3a3 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -445,9 +445,9 @@ x86 Michael Niedermayer Releases ======== +1.2 Michael Niedermayer 1.1 Michael Niedermayer 1.0 Michael Niedermayer -0.11 Michael Niedermayer From 1ea3248290a36c5fbde7863d6ad8cf91e18f3fc8 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 9 Mar 2013 14:31:52 +0100 Subject: [PATCH 002/452] Update for FFmpeg 1.2 Signed-off-by: Michael Niedermayer --- RELEASE | 2 +- VERSION | 1 + doc/Doxyfile | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) create mode 100644 VERSION diff --git a/RELEASE b/RELEASE index 3d529fb483..5625e59da8 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -1.1.git +1.2 diff --git a/VERSION b/VERSION new file mode 100644 index 0000000000..5625e59da8 --- /dev/null +++ b/VERSION @@ -0,0 +1 @@ +1.2 diff --git a/doc/Doxyfile b/doc/Doxyfile index 7e6d0f56fd..55dd7a71d2 100644 --- a/doc/Doxyfile +++ b/doc/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = +PROJECT_NUMBER = 1.2 # With the PROJECT_LOGO tag one can specify an logo or icon that is included # in the documentation. The maximum height of the logo should not exceed 55 From 0b198e38c52ca716def04433876b8438b4bc218e Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Sat, 9 Mar 2013 18:25:22 +0100 Subject: [PATCH 003/452] Revert "build: disable iconv by default." This reverts commit 9ad3cd5b5f848eb3cd033be515d34296f099148b. The misdetection on OS X should be fixed, we will only get problem reports if auto-detection is enabled. (cherry picked from commit 3f78f0904bfa012b171cecfae87af7c6909c8ede) --- configure | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure b/configure index c1dcd55aeb..dff53d8db0 100755 --- a/configure +++ b/configure @@ -188,7 +188,7 @@ External library support: --enable-fontconfig enable fontconfig --enable-frei0r enable frei0r video filtering --enable-gnutls enable gnutls [no] - --enable-iconv enable iconv [no] + --enable-iconv enable iconv [autodetect] --enable-libaacplus enable AAC+ encoding via libaacplus [no] --enable-libass enable libass subtitles rendering [no] --enable-libbluray enable BluRay reading using libbluray [no] @@ -4053,7 +4053,7 @@ enabled vdpau && disable vdpau # Funny iconv installations are not unusual, so check it after all flags have been set -enabled iconv && { check_func_headers iconv.h iconv || check_lib2 iconv.h iconv -liconv || die "ERROR: iconv not found"; } +disabled iconv || check_func_headers iconv.h iconv || check_lib2 iconv.h iconv -liconv || disable iconv enabled debug && add_cflags -g"$debuglevel" && add_asflags -g"$debuglevel" enabled coverage && add_cflags "-fprofile-arcs -ftest-coverage" && add_ldflags "-fprofile-arcs -ftest-coverage" From 0ec869527c13fce6755bc6f6b07cb50138936449 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 4 Feb 2013 23:41:53 +0100 Subject: [PATCH 004/452] mpegts: clear avprograms only for removed programs Fixes Ticket2186 Requested-by: carl Signed-off-by: Michael Niedermayer (cherry picked from commit 806a66fd08a395486e763fb10588c5fd02e8d54e) --- libavformat/mpegts.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/libavformat/mpegts.c b/libavformat/mpegts.c index 8b92bc421e..32aa51f97e 100644 --- a/libavformat/mpegts.c +++ b/libavformat/mpegts.c @@ -208,9 +208,6 @@ static void clear_program(MpegTSContext *ts, unsigned int programid) static void clear_programs(MpegTSContext *ts) { - int i; - for(i=0; inb_prg; i++) - clear_avprogram(ts, ts->prg[i].id); av_freep(&ts->prg); ts->nb_prg=0; } @@ -1636,6 +1633,17 @@ static void pat_cb(MpegTSFilter *filter, const uint8_t *section, int section_len add_pid_to_pmt(ts, sid, pmt_pid); } } + + if (sid < 0) { + int i,j; + for (j=0; jstream->nb_programs; j++) { + for (i=0; inb_prg; i++) + if (ts->prg[i].id == ts->stream->programs[j]->id) + break; + if (i==ts->nb_prg) + clear_avprogram(ts, ts->stream->programs[j]->id); + } + } } static void sdt_cb(MpegTSFilter *filter, const uint8_t *section, int section_len) From 7c6c5767eb6fc45a67dd7930fa5567b8c40d5950 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 14 Mar 2013 17:20:44 +0100 Subject: [PATCH 005/452] jpegdec: be less picky on padding Fixes Ticket2353 Signed-off-by: Michael Niedermayer (cherry picked from commit 3c24fbbf651d4ec28eccfd7ef05a2595a11dd55a) --- libavcodec/mjpegdec.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index f3080d9aa0..54090e58d3 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -747,7 +747,9 @@ static void handle_rstn(MJpegDecodeContext *s, int nb_components) i = 8 + ((-get_bits_count(&s->gb)) & 7); /* skip RSTn */ - if (s->restart_count == 0 && show_bits(&s->gb, i) == (1 << i) - 1) { + if (s->restart_count == 0) { + if( show_bits(&s->gb, i) == (1 << i) - 1 + || show_bits(&s->gb, i) == 0xFF) { int pos = get_bits_count(&s->gb); align_get_bits(&s->gb); while (get_bits_left(&s->gb) >= 8 && show_bits(&s->gb, 8) == 0xFF) @@ -757,6 +759,7 @@ static void handle_rstn(MJpegDecodeContext *s, int nb_components) s->last_dc[i] = 1024; } else skip_bits_long(&s->gb, pos - get_bits_count(&s->gb)); + } } } } From 2ed7f5a6700bcffadac062e468146fd8248225c4 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 14 Mar 2013 20:50:15 +0100 Subject: [PATCH 006/452] Changelog: update version Signed-off-by: Michael Niedermayer --- Changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Changelog b/Changelog index a535864104..020f5f1271 100644 --- a/Changelog +++ b/Changelog @@ -1,7 +1,7 @@ Entries are sorted chronologically from oldest to youngest within each release, releases are sorted from youngest to oldest. -version : +version 1.2: - VDPAU hardware acceleration through normal hwaccel - SRTP support From 17911d0a96a8e8fa3390d719c4433775cdb573a0 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 14 Mar 2013 20:51:23 +0100 Subject: [PATCH 007/452] release_notes: update Signed-off-by: Michael Niedermayer --- doc/RELEASE_NOTES | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/doc/RELEASE_NOTES b/doc/RELEASE_NOTES index f71f18a3aa..2faf40d656 100644 --- a/doc/RELEASE_NOTES +++ b/doc/RELEASE_NOTES @@ -1,7 +1,7 @@ Release Notes ============= -* 0.10 "Freedom" January, 2012 +* 1.2 "Magic" March, 2013 General notes @@ -14,9 +14,3 @@ accepted. If you are experiencing issues with any formally released version of FFmpeg, please try git master to check if the issue still exists. If it does, make your report against the development code following the usual bug reporting guidelines. - -Of big interest to our Windows users, FFmpeg now supports building with the MSVC -compiler. Since MSVC does not support C99 features used extensively by FFmpeg, -this has been accomplished using a converter that turns C99 code to C89. See the -platform-specific documentation for more detailed documentation on building -FFmpeg with MSVC. From e820e3a2591a0d544925ff1522d2a688a647f1b0 Mon Sep 17 00:00:00 2001 From: Fabrizio Gennari Date: Sun, 10 Mar 2013 10:22:45 +0100 Subject: [PATCH 008/452] mem: Fix usage of memalign() on DJGPP. Credits to Khusraw of bttr-software.de forum. Signed-off-by: Carl Eugen Hoyos (cherry picked from commit 91b747ac78218805a79435f50587f87167569dad) Signed-off-by: Michael Niedermayer --- libavutil/mem.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavutil/mem.c b/libavutil/mem.c index a7fe60837b..860c0111eb 100644 --- a/libavutil/mem.c +++ b/libavutil/mem.c @@ -95,7 +95,11 @@ void *av_malloc(size_t size) #elif HAVE_ALIGNED_MALLOC ptr = _aligned_malloc(size, ALIGN); #elif HAVE_MEMALIGN +#ifndef __DJGPP__ ptr = memalign(ALIGN, size); +#else + ptr = memalign(size, ALIGN); +#endif /* Why 64? * Indeed, we should align it: * on 4 for 386 From fc5c81ce0a4463822a3693277d21ceaf16b873b7 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Sat, 16 Mar 2013 20:13:44 +0100 Subject: [PATCH 009/452] Do not (re-)set libx264 parameter b_tff if interlaced encoding was not requested. Reconfiguring can break x264 lossless encoding. Fixes ticket #2165. (cherry picked from commit 75c7e4583f4fd727d236a12763a265502fe00988) --- libavcodec/libx264.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/libx264.c b/libavcodec/libx264.c index a394213680..7e8fa65818 100644 --- a/libavcodec/libx264.c +++ b/libavcodec/libx264.c @@ -175,7 +175,7 @@ static int X264_frame(AVCodecContext *ctx, AVPacket *pkt, const AVFrame *frame, frame->pict_type == AV_PICTURE_TYPE_P ? X264_TYPE_P : frame->pict_type == AV_PICTURE_TYPE_B ? X264_TYPE_B : X264_TYPE_AUTO; - if (x4->params.b_tff != frame->top_field_first) { + if (x4->params.b_interlaced && x4->params.b_tff != frame->top_field_first) { x4->params.b_tff = frame->top_field_first; x264_encoder_reconfig(x4->enc, &x4->params); } From 90f1aa38b6664b9c260b4c7bda5df49e38b964bc Mon Sep 17 00:00:00 2001 From: Diego Biurrun Date: Fri, 22 Mar 2013 13:24:16 +0100 Subject: [PATCH 010/452] configure: Enable hwaccels without external dependencies by default. Fixes ticket #2368. (cherry picked from commit 2e2ec667416d8ed345491ac360fccc94e7a4772f) --- configure | 3 +++ 1 file changed, 3 insertions(+) diff --git a/configure b/configure index dff53d8db0..d557cac516 100755 --- a/configure +++ b/configure @@ -2169,6 +2169,9 @@ enable safe_bitstream_reader enable static enable swscale_alpha +# By default, enable only those hwaccels that have no external dependencies. +enable dxva2 vdpau + # build settings SHFLAGS='-shared -Wl,-soname,$$(@F)' FFSERVERLDFLAGS=-Wl,-E From 9ecfd7daa37d84209b5e47b9fdd3cdb88d197203 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Tue, 26 Mar 2013 15:16:07 +0100 Subject: [PATCH 011/452] Only test the first frame for missing aac_adtstoasc bistream filter. Many players ignore broken aac frames, so don't abort mov or flv muxing when encountering one, just print a warning instead. Fixes ticket #2380. (cherry picked from commit 1741fece7073f51efdd837a4f307ea2cdf3d1cfb) --- libavformat/flvenc.c | 3 +++ libavformat/movenc.c | 3 +++ 2 files changed, 6 insertions(+) diff --git a/libavformat/flvenc.c b/libavformat/flvenc.c index 502da0f0c5..e1dd43f716 100644 --- a/libavformat/flvenc.c +++ b/libavformat/flvenc.c @@ -493,10 +493,13 @@ static int flv_write_packet(AVFormatContext *s, AVPacket *pkt) return ret; } else if (enc->codec_id == AV_CODEC_ID_AAC && pkt->size > 2 && (AV_RB16(pkt->data) & 0xfff0) == 0xfff0) { + if (!s->streams[pkt->stream_index]->nb_frames) { av_log(s, AV_LOG_ERROR, "Malformed AAC bitstream detected: " "use audio bitstream filter 'aac_adtstoasc' to fix it " "('-bsf:a aac_adtstoasc' option with ffmpeg)\n"); return AVERROR_INVALIDDATA; + } + av_log(s, AV_LOG_WARNING, "aac bitstream error\n"); } if (flv->delay == AV_NOPTS_VALUE) diff --git a/libavformat/movenc.c b/libavformat/movenc.c index 42496b57e9..47dde94fd2 100644 --- a/libavformat/movenc.c +++ b/libavformat/movenc.c @@ -3185,8 +3185,11 @@ int ff_mov_write_packet(AVFormatContext *s, AVPacket *pkt) } } else if (enc->codec_id == AV_CODEC_ID_AAC && pkt->size > 2 && (AV_RB16(pkt->data) & 0xfff0) == 0xfff0) { + if (!s->streams[pkt->stream_index]->nb_frames) { av_log(s, AV_LOG_ERROR, "malformated aac bitstream, use -absf aac_adtstoasc\n"); return -1; + } + av_log(s, AV_LOG_WARNING, "aac bitstream error\n"); } else { avio_write(pb, pkt->data, size); } From 0b6d5f27c811781eed938d6187fe32efa446a57c Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Sat, 30 Mar 2013 08:41:46 +0100 Subject: [PATCH 012/452] Write broken aac frames to mov files instead of skipping them. Fixes decoding with picky media players. Signed-off-by: Michael Niedermayer (cherry picked from commit b448c0a68d0cc7dfef736267dfdaed0e213c020b) --- libavformat/movenc.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/libavformat/movenc.c b/libavformat/movenc.c index 47dde94fd2..8f3b1bc57a 100644 --- a/libavformat/movenc.c +++ b/libavformat/movenc.c @@ -3173,6 +3173,14 @@ int ff_mov_write_packet(AVFormatContext *s, AVPacket *pkt) memcpy(trk->vos_data, enc->extradata, trk->vos_len); } + if (enc->codec_id == AV_CODEC_ID_AAC && pkt->size > 2 && + (AV_RB16(pkt->data) & 0xfff0) == 0xfff0) { + if (!s->streams[pkt->stream_index]->nb_frames) { + av_log(s, AV_LOG_ERROR, "malformated aac bitstream, use -absf aac_adtstoasc\n"); + return -1; + } + av_log(s, AV_LOG_WARNING, "aac bitstream error\n"); + } if (enc->codec_id == AV_CODEC_ID_H264 && trk->vos_len > 0 && *(uint8_t *)trk->vos_data != 1) { /* from x264 or from bytestream h264 */ /* nal reformating needed */ @@ -3183,13 +3191,6 @@ int ff_mov_write_packet(AVFormatContext *s, AVPacket *pkt) } else { size = ff_avc_parse_nal_units(pb, pkt->data, pkt->size); } - } else if (enc->codec_id == AV_CODEC_ID_AAC && pkt->size > 2 && - (AV_RB16(pkt->data) & 0xfff0) == 0xfff0) { - if (!s->streams[pkt->stream_index]->nb_frames) { - av_log(s, AV_LOG_ERROR, "malformated aac bitstream, use -absf aac_adtstoasc\n"); - return -1; - } - av_log(s, AV_LOG_WARNING, "aac bitstream error\n"); } else { avio_write(pb, pkt->data, size); } From d553a522b969786c3e61350bc9a066a5237b0f52 Mon Sep 17 00:00:00 2001 From: Paul B Mahol Date: Wed, 3 Apr 2013 12:57:58 +0000 Subject: [PATCH 013/452] smacker: fix off by one error Regression since a93b572ae4f517ce0c35cf085167c318e9215908. Fixes #2426. Signed-off-by: Paul B Mahol (cherry picked from commit e3cc92a623a6ece42816c7a692c8815688a99ab0) --- libavformat/smacker.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/smacker.c b/libavformat/smacker.c index 883a2b7254..84481e22a6 100644 --- a/libavformat/smacker.c +++ b/libavformat/smacker.c @@ -276,7 +276,7 @@ static int smacker_read_packet(AVFormatContext *s, AVPacket *pkt) } else if(t & 0x40){ /* copy with offset */ off = avio_r8(s->pb); j = (t & 0x3F) + 1; - if (off + j > 0xff) { + if (off + j - 1 > 0xff) { av_log(s, AV_LOG_ERROR, "Invalid palette update, offset=%d length=%d extends beyond palette size\n", off, j); From c351d8781dc58742b6db63cdf275395e1f646919 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Wed, 3 Apr 2013 15:45:46 +0200 Subject: [PATCH 014/452] Skip padding in an id3 tag in aiff files. Fixes ticket #2430. Reviewed-by: Matthieu Bouron (cherry picked from commit db2d3a90825025b2f5da85792e1df33280c61391) --- libavformat/aiffdec.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavformat/aiffdec.c b/libavformat/aiffdec.c index 8d466fa815..4a2629888b 100644 --- a/libavformat/aiffdec.c +++ b/libavformat/aiffdec.c @@ -192,7 +192,7 @@ static int aiff_probe(AVProbeData *p) static int aiff_read_header(AVFormatContext *s) { int ret, size, filesize; - int64_t offset = 0; + int64_t offset = 0, position; uint32_t tag; unsigned version = AIFF_C_VERSION1; AVIOContext *pb = s->pb; @@ -236,6 +236,7 @@ static int aiff_read_header(AVFormatContext *s) goto got_sound; break; case MKTAG('I', 'D', '3', ' '): + position = avio_tell(pb); ff_id3v2_read(s, ID3v2_DEFAULT_MAGIC, &id3v2_extra_meta); if (id3v2_extra_meta) if ((ret = ff_id3v2_parse_apic(s, &id3v2_extra_meta)) < 0) { @@ -243,6 +244,8 @@ static int aiff_read_header(AVFormatContext *s) return ret; } ff_id3v2_free_extra_meta(&id3v2_extra_meta); + if (position + size > avio_tell(pb)) + avio_skip(pb, position + size - avio_tell(pb)); break; case MKTAG('F', 'V', 'E', 'R'): /* Version chunk */ version = avio_rb32(pb); From df8c36265a74e7a1da6da119c63f202dd38a7aed Mon Sep 17 00:00:00 2001 From: Nicolas George Date: Sun, 7 Apr 2013 09:48:57 +0200 Subject: [PATCH 015/452] lavc: fix recoded subtitles end. Text subtitles packets are not 0-terminated (and if they are, it is handled by the recoding process since 0 is a valid Unicode code point). The terminating 0 would overwrite the last payload octet. OTOH, packets must be 0-padded. Fix a problem reported in trac ticket #2431. --- libavcodec/utils.c | 2 +- tests/ref/fate/sub-charenc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index 9aec72a8cc..8a4aaf486f 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -1938,7 +1938,7 @@ static int recode_subtitle(AVCodecContext *avctx, goto end; } outpkt->size -= outl; - outpkt->data[outpkt->size - 1] = '\0'; + memset(outpkt->data + outpkt->size, 0, outl); end: if (cd != (iconv_t)-1) diff --git a/tests/ref/fate/sub-charenc b/tests/ref/fate/sub-charenc index 3c4825e206..ef727546fd 100644 --- a/tests/ref/fate/sub-charenc +++ b/tests/ref/fate/sub-charenc @@ -1 +1 @@ -a39d7e299a8e25b4ffece0f8d64bf19e +9615088d613931b50fd5016c7535b99a From f0dc5c04194f82db95167b7a2a0e481fc123cba2 Mon Sep 17 00:00:00 2001 From: Janne Grunau Date: Thu, 14 Mar 2013 15:12:30 +0100 Subject: [PATCH 016/452] vaapi: fix argument for ff_vaapi_common_end_frame call (cherry picked from commit b066d90211072c7532e17c0c54d8475f10fc97ad) --- libavcodec/vaapi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/vaapi.c b/libavcodec/vaapi.c index fc869bdc61..a220a9d3c2 100644 --- a/libavcodec/vaapi.c +++ b/libavcodec/vaapi.c @@ -212,7 +212,7 @@ int ff_vaapi_mpeg_end_frame(AVCodecContext *avctx) ff_mpeg_draw_horiz_band(s, 0, s->avctx->height); finish: - ff_vaapi_common_end_frame(avctx->priv_data); + ff_vaapi_common_end_frame(avctx); return ret; } From 0a53c7016f77be5a6a6c9b045b1b57c48a594bce Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Sun, 5 May 2013 19:29:00 +0200 Subject: [PATCH 017/452] Fix type of shared flac table ff_flac_blocksize_table[]. Fixes ticket #2533. (cherry picked from commit a07ac1f7888fd08e42da2bed0421e74f1cfac177) --- libavcodec/flacdata.c | 2 +- libavcodec/flacdata.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/flacdata.c b/libavcodec/flacdata.c index 6fcbe3955a..1954f32d32 100644 --- a/libavcodec/flacdata.c +++ b/libavcodec/flacdata.c @@ -27,7 +27,7 @@ const int ff_flac_sample_rate_table[16] = 8000, 16000, 22050, 24000, 32000, 44100, 48000, 96000, 0, 0, 0, 0 }; -const int16_t ff_flac_blocksize_table[16] = { +const int32_t ff_flac_blocksize_table[16] = { 0, 192, 576<<0, 576<<1, 576<<2, 576<<3, 0, 0, 256<<0, 256<<1, 256<<2, 256<<3, 256<<4, 256<<5, 256<<6, 256<<7 }; diff --git a/libavcodec/flacdata.h b/libavcodec/flacdata.h index 96a50b9183..e2c1e5d7f2 100644 --- a/libavcodec/flacdata.h +++ b/libavcodec/flacdata.h @@ -26,6 +26,6 @@ extern const int ff_flac_sample_rate_table[16]; -extern const int16_t ff_flac_blocksize_table[16]; +extern const int32_t ff_flac_blocksize_table[16]; #endif /* AVCODEC_FLACDATA_H */ From 3d6219b6dbf4f2686bc6a56377f2610a49ec1e31 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20B=C5=93sch?= Date: Thu, 25 Apr 2013 00:56:36 +0200 Subject: [PATCH 018/452] lavfi/subtitles: zero-init AVSubtitle. This avoids invalid free when the stream id doesn't match the packet stream index. Ticket #2501 (cherry picked from commit 035a3792c223d3b2bba79f38049bd6363b2d470d) --- libavfilter/vf_subtitles.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavfilter/vf_subtitles.c b/libavfilter/vf_subtitles.c index 7513e2402c..7ba883a168 100644 --- a/libavfilter/vf_subtitles.c +++ b/libavfilter/vf_subtitles.c @@ -332,7 +332,7 @@ static av_cold int init_subtitles(AVFilterContext *ctx, const char *args) pkt.size = 0; while (av_read_frame(fmt, &pkt) >= 0) { int i, got_subtitle; - AVSubtitle sub; + AVSubtitle sub = {0}; if (pkt.stream_index == sid) { ret = avcodec_decode_subtitle2(dec_ctx, &sub, &got_subtitle, &pkt); From a857811c755b880b667763c74506150ebec72a81 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Sun, 5 May 2013 09:46:37 +0200 Subject: [PATCH 019/452] matroska: set "done" only during resync fail. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes playback of test7.mkv validation test file. Signed-off-by: Reimar Döffinger (cherry picked from commit 762d4335aec2e5299a06bfbce15d21336af19464) --- libavformat/matroskadec.c | 1 - 1 file changed, 1 deletion(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index 249a023471..45c1638d85 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -2359,7 +2359,6 @@ static int matroska_parse_cluster_incremental(MatroskaDemuxContext *matroska) } } - if (res < 0) matroska->done = 1; return res; } From 84df0dc40bd6dec02bc45594be7b1ff93e7335e3 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 8 May 2013 01:17:45 +0200 Subject: [PATCH 020/452] avcodec/mpegvideo: Fix block height for lowres 3 interlaced blocks Fixes green trash Fixes part of Ticket2535 Signed-off-by: Michael Niedermayer (cherry picked from commit bca50e5cd52240d885afeb3edb0fa2c74b352add) --- libavcodec/mpegvideo.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/libavcodec/mpegvideo.c b/libavcodec/mpegvideo.c index 66a7ed559e..92b301dbba 100644 --- a/libavcodec/mpegvideo.c +++ b/libavcodec/mpegvideo.c @@ -2261,11 +2261,12 @@ static av_always_inline void mpeg_motion_lowres(MpegEncContext *s, pix_op[lowres - 1](dest_y, ptr_y, linesize, h, sx, sy); if (!CONFIG_GRAY || !(s->flags & CODEC_FLAG_GRAY)) { + int hc = s->chroma_y_shift ? (h+1-bottom_field)>>1 : h; uvsx = (uvsx << 2) >> lowres; uvsy = (uvsy << 2) >> lowres; - if (h >> s->chroma_y_shift) { - pix_op[op_index](dest_cb, ptr_cb, uvlinesize, h >> s->chroma_y_shift, uvsx, uvsy); - pix_op[op_index](dest_cr, ptr_cr, uvlinesize, h >> s->chroma_y_shift, uvsx, uvsy); + if (hc) { + pix_op[op_index](dest_cb, ptr_cb, uvlinesize, hc, uvsx, uvsy); + pix_op[op_index](dest_cr, ptr_cr, uvlinesize, hc, uvsx, uvsy); } } // FIXME h261 lowres loop filter From 3ca6253beb1207d8021d728984c1aefe06dce91a Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 8 May 2013 01:18:56 +0200 Subject: [PATCH 021/452] avcodec/mpegvideo: Fix edge emu with lowres Fixes a few green artifacts at the top Fixes rest of Ticket 2535 Signed-off-by: Michael Niedermayer (cherry picked from commit c67bca2b5a94efb8fb3c2ba2c7d9b1b413468838) --- libavcodec/mpegvideo.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mpegvideo.c b/libavcodec/mpegvideo.c index 92b301dbba..5da9c98d90 100644 --- a/libavcodec/mpegvideo.c +++ b/libavcodec/mpegvideo.c @@ -2221,7 +2221,7 @@ static av_always_inline void mpeg_motion_lowres(MpegEncContext *s, ptr_cb = ref_picture[1] + uvsrc_y * uvlinesize + uvsrc_x; ptr_cr = ref_picture[2] + uvsrc_y * uvlinesize + uvsrc_x; - if ((unsigned) src_x > FFMAX( h_edge_pos - (!!sx) - 2 * block_s, 0) || + if ((unsigned) src_x > FFMAX( h_edge_pos - (!!sx) - 2 * block_s, 0) || uvsrc_y<0 || (unsigned) src_y > FFMAX((v_edge_pos >> field_based) - (!!sy) - h, 0)) { s->vdsp.emulated_edge_mc(s->edge_emu_buffer, ptr_y, linesize >> field_based, 17, 17 + field_based, From 54f39023931653fe3b925e1d2a0a3244f72b14ad Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 18 Mar 2013 00:00:02 +0100 Subject: [PATCH 022/452] rmdec: flush audio packet on seeking Fixes Ticket1605 Signed-off-by: Michael Niedermayer (cherry picked from commit 519ebb5ee5b89b8ecc80b4a4540fcbeb65cda172) Signed-off-by: Michael Niedermayer --- libavformat/rmdec.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c index ee1e0ff30a..243c693343 100644 --- a/libavformat/rmdec.c +++ b/libavformat/rmdec.c @@ -1000,6 +1000,18 @@ static int64_t rm_read_dts(AVFormatContext *s, int stream_index, return dts; } +static int rm_read_seek(AVFormatContext *s, int stream_index, + int64_t pts, int flags) +{ + RMDemuxContext *rm = s->priv_data; + + if (ff_seek_frame_binary(s, stream_index, pts, flags) < 0) + return -1; + rm->audio_pkt_cnt = 0; + return 0; +} + + AVInputFormat ff_rm_demuxer = { .name = "rm", .long_name = NULL_IF_CONFIG_SMALL("RealMedia"), @@ -1009,6 +1021,7 @@ AVInputFormat ff_rm_demuxer = { .read_packet = rm_read_packet, .read_close = rm_read_close, .read_timestamp = rm_read_dts, + .read_seek = rm_read_seek, }; AVInputFormat ff_rdt_demuxer = { From 298e03d1023daf4c7074e0d781b0cdd9d56d9f8f Mon Sep 17 00:00:00 2001 From: ArnoB Date: Thu, 14 Mar 2013 18:35:55 +0100 Subject: [PATCH 023/452] dpxenc: fix data offset Signed-off-by: Michael Niedermayer (cherry picked from commit 361319d0f49475bc14c744194870f9bab78a8a83) Signed-off-by: Michael Niedermayer --- libavcodec/dpxenc.c | 1 + tests/ref/lavf/dpx | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/libavcodec/dpxenc.c b/libavcodec/dpxenc.c index bd44b16ffc..f210bbc774 100644 --- a/libavcodec/dpxenc.c +++ b/libavcodec/dpxenc.c @@ -212,6 +212,7 @@ static int encode_frame(AVCodecContext *avctx, AVPacket *pkt, buf[803] = s->bits_per_component; write16(buf + 804, (s->bits_per_component == 10 || s->bits_per_component == 12) ? 1 : 0); /* packing method */ + write32(buf + 808, HEADER_SIZE); /* data offset */ /* Image source information header */ write32(buf + 1628, avctx->sample_aspect_ratio.num); diff --git a/tests/ref/lavf/dpx b/tests/ref/lavf/dpx index 5961e00d0a..0206bd7d02 100644 --- a/tests/ref/lavf/dpx +++ b/tests/ref/lavf/dpx @@ -1,9 +1,9 @@ -808ea110635774252439722a48329d61 *./tests/data/images/dpx/02.dpx +d2f0b4e854fda2d3b3bee84cef80593c *./tests/data/images/dpx/02.dpx ./tests/data/images/dpx/%02d.dpx CRC=0x6da01946 305792 ./tests/data/images/dpx/02.dpx -5e1a777fa3f4094c9c4dd989cf9e8e8b *./tests/data/images/dpx/02.dpx +075963c3c08978b6a20555ba09161434 *./tests/data/images/dpx/02.dpx ./tests/data/images/dpx/%02d.dpx CRC=0xe5b9c023 609920 ./tests/data/images/dpx/02.dpx -13dc41b1e1e36399a5e1f8b7e3344a81 *./tests/data/images/dpx/02.dpx +b9f22728f8ff393bf30cf6cbd624fa95 *./tests/data/images/dpx/02.dpx ./tests/data/images/dpx/%02d.dpx CRC=0xb6310a70 407168 ./tests/data/images/dpx/02.dpx From f8d5f3dff5d665234d50d5d91085eaf8644e5ff8 Mon Sep 17 00:00:00 2001 From: Dale Curtis Date: Tue, 26 Mar 2013 14:12:30 -0700 Subject: [PATCH 024/452] Fix heap-buffer-overflow in matroska_parse_block Signed-off-by: Michael Niedermayer (cherry picked from commit 81e85bc95cb1e4f8cc7b1ba71ec027c8791b55d1) Signed-off-by: Michael Niedermayer --- libavformat/matroskadec.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index 45c1638d85..f8cd81f2ba 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -1916,10 +1916,10 @@ static void matroska_clear_queue(MatroskaDemuxContext *matroska) } static int matroska_parse_laces(MatroskaDemuxContext *matroska, uint8_t **buf, - int size, int type, + int* buf_size, int type, uint32_t **lace_buf, int *laces) { - int res = 0, n; + int res = 0, n, size = *buf_size; uint8_t *data = *buf; uint32_t *lace_size; @@ -2017,6 +2017,7 @@ static int matroska_parse_laces(MatroskaDemuxContext *matroska, uint8_t **buf, *buf = data; *lace_buf = lace_size; + *buf_size = size; return res; } @@ -2252,7 +2253,7 @@ static int matroska_parse_block(MatroskaDemuxContext *matroska, uint8_t *data, matroska->skip_to_keyframe = 0; } - res = matroska_parse_laces(matroska, &data, size, (flags & 0x06) >> 1, + res = matroska_parse_laces(matroska, &data, &size, (flags & 0x06) >> 1, &lace_size, &laces); if (res) From 4d0090f90a9775c7d18d887a97f05fdb01fc51e9 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 5 May 2013 00:23:13 +0200 Subject: [PATCH 025/452] xbmdec: fix off by one error in scanf() Fixes out of array access Signed-off-by: Michael Niedermayer --- libavcodec/xbmdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/xbmdec.c b/libavcodec/xbmdec.c index 8632db7b0f..04318f10e8 100644 --- a/libavcodec/xbmdec.c +++ b/libavcodec/xbmdec.c @@ -59,7 +59,7 @@ static int xbm_decode_frame(AVCodecContext *avctx, void *data, int number, len; ptr += strcspn(ptr, "#"); - if (sscanf(ptr, "#define %256s %u", name, &number) != 2) { + if (sscanf(ptr, "#define %255s %u", name, &number) != 2) { av_log(avctx, AV_LOG_ERROR, "Unexpected preprocessor directive\n"); return AVERROR_INVALIDDATA; } From 1ce3f736d2aa531af362d75f675efb11e36c5172 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 5 May 2013 00:56:39 +0200 Subject: [PATCH 026/452] src_movie: fix scanf string Fixes out of array accesses Signed-off-by: Michael Niedermayer (cherry picked from commit adaa7743f5fdca0c0aca0b7ffdebf61c7d868571) Signed-off-by: Michael Niedermayer --- libavfilter/src_movie.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavfilter/src_movie.c b/libavfilter/src_movie.c index bd45766641..ec9131ecab 100644 --- a/libavfilter/src_movie.c +++ b/libavfilter/src_movie.c @@ -91,13 +91,13 @@ static int movie_request_frame(AVFilterLink *outlink); static AVStream *find_stream(void *log, AVFormatContext *avf, const char *spec) { int i, ret, already = 0, stream_id = -1; - char type_char, dummy; + char type_char[2], dummy; AVStream *found = NULL; enum AVMediaType type; - ret = sscanf(spec, "d%[av]%d%c", &type_char, &stream_id, &dummy); + ret = sscanf(spec, "d%1[av]%d%c", type_char, &stream_id, &dummy); if (ret >= 1 && ret <= 2) { - type = type_char == 'v' ? AVMEDIA_TYPE_VIDEO : AVMEDIA_TYPE_AUDIO; + type = type_char[0] == 'v' ? AVMEDIA_TYPE_VIDEO : AVMEDIA_TYPE_AUDIO; ret = av_find_best_stream(avf, type, stream_id, -1, NULL, 0); if (ret < 0) { av_log(log, AV_LOG_ERROR, "No %s stream with index '%d' found\n", From 840931e76608d6b242fd416c42cd88a10bb0e42a Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 16 Apr 2013 19:53:24 +0200 Subject: [PATCH 027/452] mjpegdec: fix overlapping memcpy with upscale_v Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit b39fd7d63648442c20671c3e4b357268ec5c49f2) Signed-off-by: Michael Niedermayer --- libavcodec/mjpegdec.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index 54090e58d3..f1e9b6809b 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -1639,6 +1639,7 @@ int ff_mjpeg_decode_frame(AVCodecContext *avctx, void *data, int *got_frame, MJpegDecodeContext *s = avctx->priv_data; const uint8_t *buf_end, *buf_ptr; const uint8_t *unescaped_buf_ptr; + int hshift, vshift; int unescaped_buf_size; int start_code; int i, index; @@ -1817,6 +1818,9 @@ the_end: } if (s->upscale_v) { uint8_t *dst = &((uint8_t *)s->picture_ptr->data[s->upscale_v])[(s->height - 1) * s->linesize[s->upscale_v]]; + int w; + avcodec_get_chroma_sub_sample(s->avctx->pix_fmt, &hshift, &vshift); + w = s->width >> hshift; av_assert0(avctx->pix_fmt == AV_PIX_FMT_YUVJ444P || avctx->pix_fmt == AV_PIX_FMT_YUV444P || avctx->pix_fmt == AV_PIX_FMT_YUVJ422P || @@ -1825,16 +1829,16 @@ the_end: uint8_t *src1 = &((uint8_t *)s->picture_ptr->data[s->upscale_v])[i / 2 * s->linesize[s->upscale_v]]; uint8_t *src2 = &((uint8_t *)s->picture_ptr->data[s->upscale_v])[(i + 1) / 2 * s->linesize[s->upscale_v]]; if (src1 == src2) { - memcpy(dst, src1, s->width); + memcpy(dst, src1, w); } else { - for (index = 0; index < s->width; index++) + for (index = 0; index < w; index++) dst[index] = (src1[index] + src2[index]) >> 1; } dst -= s->linesize[s->upscale_v]; } } if (s->flipped && (s->avctx->flags & CODEC_FLAG_EMU_EDGE)) { - int hshift, vshift, j; + int j; avcodec_get_chroma_sub_sample(s->avctx->pix_fmt, &hshift, &vshift); for (index=0; index<4; index++) { uint8_t *dst = s->picture_ptr->data[index]; From 7fa6db2545643efb4fe2e0bb501fa50af35a6330 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 2 May 2013 21:52:08 +0200 Subject: [PATCH 028/452] mmvideo/mm_decode_inter: check horizontal coordinate too Fixes out of array accesses Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 8d3c99e825317b7efda5fd12e69896b47c700303) Signed-off-by: Michael Niedermayer --- libavcodec/mmvideo.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/mmvideo.c b/libavcodec/mmvideo.c index c61cd576e4..4214eeb964 100644 --- a/libavcodec/mmvideo.c +++ b/libavcodec/mmvideo.c @@ -151,6 +151,8 @@ static int mm_decode_inter(MmContext * s, int half_horiz, int half_vert) int replace_array = bytestream2_get_byte(&s->gb); for(j=0; j<8; j++) { int replace = (replace_array >> (7-j)) & 1; + if (x + half_horiz >= s->avctx->width) + return AVERROR_INVALIDDATA; if (replace) { int color = bytestream2_get_byte(&data_ptr); s->frame.data[0][y*s->frame.linesize[0] + x] = color; From 039f6921c276498e71e4a08063dc687c8f32fa48 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 2 May 2013 22:06:03 +0200 Subject: [PATCH 029/452] mmvideo/mm_decode_intra: check horizontal coordinate too Signed-off-by: Michael Niedermayer (cherry picked from commit ae2132ac90f02330b0988e6e26ee0d53e41cd196) Signed-off-by: Michael Niedermayer --- libavcodec/mmvideo.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/mmvideo.c b/libavcodec/mmvideo.c index 4214eeb964..b74424cc13 100644 --- a/libavcodec/mmvideo.c +++ b/libavcodec/mmvideo.c @@ -104,6 +104,9 @@ static int mm_decode_intra(MmContext * s, int half_horiz, int half_vert) if (half_horiz) run_length *=2; + if (run_length > s->avctx->width - x) + return AVERROR_INVALIDDATA; + if (color) { memset(s->frame.data[0] + y*s->frame.linesize[0] + x, color, run_length); if (half_vert) From 0baa0a5a02e16ef097ed9f72bc8a7d7b585c7652 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 1 May 2013 23:46:38 +0200 Subject: [PATCH 030/452] vmdav: Try to fix unpack_rle() This fixes out of array accesses The code prior to this commit could not have worked, thus obviously was untested. I was also not able to find a valid sample that uses this code. This fix is thus only based on the description of the format If someone has a sample that uses unpack_rle(), please mail me. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit c1f2c4c3b49277d65b71ccdd3b6b2878f1b593eb) Conflicts: libavcodec/vmdav.c Signed-off-by: Michael Niedermayer --- libavcodec/vmdav.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavcodec/vmdav.c b/libavcodec/vmdav.c index d7f136c8a1..79a33b867f 100644 --- a/libavcodec/vmdav.c +++ b/libavcodec/vmdav.c @@ -162,7 +162,7 @@ static int rle_unpack(const unsigned char *src, int src_len, int src_count, const unsigned char *ps; const unsigned char *ps_end; unsigned char *pd; - int i, l; + int i, j, l; unsigned char *dest_end = dest + dest_len; ps = src; @@ -188,9 +188,9 @@ static int rle_unpack(const unsigned char *src, int src_len, int src_count, ps += l; pd += l; } else { - if (dest_end - pd < i || ps_end - ps < 2) + if (dest_end - pd < 2*l || ps_end - ps < 2) return ps - src; - for (i = 0; i < l; i++) { + for (j = 0; j < l; j++) { *pd++ = ps[0]; *pd++ = ps[1]; } From cc0dd86580b3257f22a4981a79eb5fa6804182b6 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 30 Apr 2013 20:05:31 +0200 Subject: [PATCH 031/452] avutil/log: Fix context pointer used for get_category() Fixes calling a random pointer Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 7edb984dd051b6919d7d8471c70499273f31b0fa) Signed-off-by: Michael Niedermayer --- libavutil/log.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavutil/log.c b/libavutil/log.c index 700e89fa97..49dd4d1897 100644 --- a/libavutil/log.c +++ b/libavutil/log.c @@ -178,7 +178,7 @@ static void format_line(void *ptr, int level, const char *fmt, va_list vl, if (parent && *parent) { snprintf(part[0], part_size, "[%s @ %p] ", (*parent)->item_name(parent), parent); - if(type) type[0] = get_category(((uint8_t *) ptr) + avc->parent_log_context_offset); + if(type) type[0] = get_category(parent); } } snprintf(part[1], part_size, "[%s @ %p] ", From ec89046fa11057e130ea9c968c32b713d85c8fa2 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 17 Apr 2013 20:40:56 +0200 Subject: [PATCH 032/452] avutil/intfloat_readwrite: avoid comparission with INFINITY, use isinf() Should fix pgc warning Signed-off-by: Michael Niedermayer (cherry picked from commit cc6f848dba89a6dc89b840cc2e1942cc3007c2a3) Signed-off-by: Michael Niedermayer --- libavutil/intfloat_readwrite.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavutil/intfloat_readwrite.c b/libavutil/intfloat_readwrite.c index 2998229e49..9574532116 100644 --- a/libavutil/intfloat_readwrite.c +++ b/libavutil/intfloat_readwrite.c @@ -88,7 +88,7 @@ AVExtFloat av_dbl2ext(double d){ ext.mantissa[i] = m>>(56-(i<<3)); } else if (f != 0.0) { ext.exponent[0] = 0x7f; ext.exponent[1] = 0xff; - if (f != INFINITY) + if (!isinf(f)) ext.mantissa[0] = ~0; } if (d < 0) From 9f7baf139f721e84a5db06e1352e4fb14a7965c8 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 17 Apr 2013 23:16:05 +0200 Subject: [PATCH 033/452] avutil/intfloat_readwrite: include common.h for isinf() Solution based on rational.c, which uses isinf() too This should fix compilation with msvc Signed-off-by: Michael Niedermayer (cherry picked from commit c25224737cba4079602c447c344cb54b81430ce4) Signed-off-by: Michael Niedermayer --- libavutil/intfloat_readwrite.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavutil/intfloat_readwrite.c b/libavutil/intfloat_readwrite.c index 9574532116..142331dac1 100644 --- a/libavutil/intfloat_readwrite.c +++ b/libavutil/intfloat_readwrite.c @@ -26,6 +26,7 @@ */ #include +#include "common.h" #include "mathematics.h" #include "intfloat_readwrite.h" From 91f04e741096f5ced87f696adb924c6817d6f77c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20B=C5=93sch?= Date: Sun, 31 Mar 2013 14:49:14 +0200 Subject: [PATCH 034/452] cmdutils: avtool -> fftool (cherry picked from commit 7d8ad6c1fa11ec548fc63427656989e0e7c6af8b) Signed-off-by: Michael Niedermayer --- cmdutils.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cmdutils.h b/cmdutils.h index 08c92ce6ee..6341a2f1cb 100644 --- a/cmdutils.h +++ b/cmdutils.h @@ -190,13 +190,13 @@ void show_help_options(const OptionDef *options, const char *msg, int req_flags, void show_help_children(const AVClass *class, int flags); /** - * Per-avtool specific help handler. Implemented in each - * avtool, called by show_help(). + * Per-fftool specific help handler. Implemented in each + * fftool, called by show_help(). */ void show_help_default(const char *opt, const char *arg); /** - * Generic -h handler common to all avtools. + * Generic -h handler common to all fftools. */ int show_help(void *optctx, const char *opt, const char *arg); From 524d0d2cfc7bab1b348f85e7c0369859e63781cf Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 7 May 2013 21:58:27 +0200 Subject: [PATCH 035/452] sanm: Check dimensions before use Fixes integer overflow and out of array accesses Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 9dd04f6d8cdd1c10c28b2cb4252c1a41df581915) Signed-off-by: Michael Niedermayer --- libavcodec/sanm.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/sanm.c b/libavcodec/sanm.c index caeaa366a6..61c3006068 100644 --- a/libavcodec/sanm.c +++ b/libavcodec/sanm.c @@ -739,6 +739,11 @@ static int process_frame_obj(SANMVideoContext *ctx) w = bytestream2_get_le16u(&ctx->gb); h = bytestream2_get_le16u(&ctx->gb); + if (!w || !h) { + av_log(ctx->avctx, AV_LOG_ERROR, "dimensions are invalid\n"); + return AVERROR_INVALIDDATA; + } + if (ctx->width < left + w || ctx->height < top + h) { if (av_image_check_size(FFMAX(left + w, ctx->width), FFMAX(top + h, ctx->height), 0, ctx->avctx) < 0) From 7ef2dbd2392e3e4d430e0173e1e5c4df9f18b6dd Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 7 May 2013 21:04:33 +0200 Subject: [PATCH 036/452] avcodec/cdgraphics: check buffer size before use Fixes out of array accesses Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit ad002e1a13a8df934bd6cb2c84175a4780ab8942) Signed-off-by: Michael Niedermayer --- libavcodec/cdgraphics.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavcodec/cdgraphics.c b/libavcodec/cdgraphics.c index 202211d124..94ce6ae946 100644 --- a/libavcodec/cdgraphics.c +++ b/libavcodec/cdgraphics.c @@ -300,7 +300,9 @@ static int cdg_decode_frame(AVCodecContext *avctx, inst = bytestream_get_byte(&buf); inst &= CDG_MASK; buf += 2; /// skipping 2 unneeded bytes - bytestream_get_buffer(&buf, cdg_data, buf_size - CDG_HEADER_SIZE); + + if (buf_size > CDG_HEADER_SIZE) + bytestream_get_buffer(&buf, cdg_data, buf_size - CDG_HEADER_SIZE); if ((command & CDG_MASK) == CDG_COMMAND) { switch (inst) { From 7ee5e97c46e30fb3d6f9f78cc3313dbc06528b37 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 7 May 2013 16:07:27 +0200 Subject: [PATCH 037/452] gifdec: reset previous Graphic Control Extension disposal type This fixes out of array accesses. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit d23b8462b5a4a9da78ed45c4a7a3b35d538df909) Signed-off-by: Michael Niedermayer --- libavcodec/gifdec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/gifdec.c b/libavcodec/gifdec.c index 8fb1f4bbbd..727887ab44 100644 --- a/libavcodec/gifdec.c +++ b/libavcodec/gifdec.c @@ -462,6 +462,7 @@ static int gif_decode_frame(AVCodecContext *avctx, void *data, int *got_frame, A if (s->keyframe) { s->keyframe_ok = 0; + s->gce_prev_disposal = GCE_DISPOSAL_NONE; if ((ret = gif_read_header1(s)) < 0) return ret; From c5948b472b7ddda5acdad9c9e0f3f7217fb643ad Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 9 May 2013 22:17:06 +0200 Subject: [PATCH 038/452] update for 1.2.1 Signed-off-by: Michael Niedermayer --- RELEASE | 2 +- VERSION | 2 +- doc/Doxyfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/RELEASE b/RELEASE index 5625e59da8..6085e94650 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -1.2 +1.2.1 diff --git a/VERSION b/VERSION index 5625e59da8..6085e94650 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.2 +1.2.1 diff --git a/doc/Doxyfile b/doc/Doxyfile index 55dd7a71d2..d3d5e42cfe 100644 --- a/doc/Doxyfile +++ b/doc/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 1.2 +PROJECT_NUMBER = 1.2.1 # With the PROJECT_LOGO tag one can specify an logo or icon that is included # in the documentation. The maximum height of the logo should not exceed 55 From f166a02b67a261ba4fddc5650b235dbd26ae6263 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 13 Mar 2013 14:56:22 +0100 Subject: [PATCH 039/452] exr: silence warning "libavcodec/exr.c:351:9: warning: variable ret set but not used" Signed-off-by: Michael Niedermayer (cherry picked from commit 7ff3bfd584a732e6b8b601e13d171a0f0200c151) Signed-off-by: Michael Niedermayer --- libavcodec/exr.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/exr.c b/libavcodec/exr.c index 143281751d..d727791561 100644 --- a/libavcodec/exr.c +++ b/libavcodec/exr.c @@ -348,7 +348,8 @@ static int decode_block(AVCodecContext *avctx, void *tdata, const uint8_t *src; int axmax = (avctx->width - (s->xmax + 1)) * 2 * s->desc->nb_components; int bxmin = s->xmin * 2 * s->desc->nb_components; - int ret, i, x, buf_size = s->buf_size; + int i, x, buf_size = s->buf_size; + int av_unused ret; line_offset = AV_RL64(s->table + jobnr * 8); // Check if the buffer has the required bytes needed from the offset From 33d699a4e73d5281b2cfcd0fa355c0d80241dd23 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Fri, 10 May 2013 09:55:15 +0200 Subject: [PATCH 040/452] Fix configure --help output for some autodetected features. (cherry picked from commit 0f05b72f19c0a07cf48c912d2a71c3fb5f7bc325) --- configure | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/configure b/configure index d557cac516..e11767ba99 100755 --- a/configure +++ b/configure @@ -140,10 +140,10 @@ Component options: --disable-fft disable FFT code Hardware accelerators: - --enable-dxva2 enable DXVA2 code + --disable-dxva2 disable DXVA2 code [autodetect] --enable-vaapi enable VAAPI code --enable-vda enable VDA code - --enable-vdpau enable VDPAU code + --disable-vdpau disable VDPAU code [autodetect] Individual component options: --disable-everything disable all components listed below @@ -184,11 +184,11 @@ Individual component options: External library support: --enable-avisynth enable reading of AVISynth script files [no] - --enable-bzlib enable bzlib [autodetect] + --disable-bzlib disable bzlib [autodetect] --enable-fontconfig enable fontconfig --enable-frei0r enable frei0r video filtering --enable-gnutls enable gnutls [no] - --enable-iconv enable iconv [autodetect] + --disable-iconv disable iconv [autodetect] --enable-libaacplus enable AAC+ encoding via libaacplus [no] --enable-libass enable libass subtitles rendering [no] --enable-libbluray enable BluRay reading using libbluray [no] @@ -235,7 +235,7 @@ External library support: --enable-openal enable OpenAL 1.1 capture support [no] --enable-openssl enable openssl [no] --enable-x11grab enable X11 grabbing [no] - --enable-zlib enable zlib [autodetect] + --disable-zlib disable zlib [autodetect] Advanced options (experts only): --cross-prefix=PREFIX use PREFIX for compilation tools [$cross_prefix] From 79a3f364dd35dfe07f03f2b2b1a737d07046e864 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Mon, 13 May 2013 12:39:44 +0200 Subject: [PATCH 041/452] Do not read strd chunk in avi files as H264 extradata. Fixes ticket #2561. (cherry picked from commit 231b3317184790b6be4b4619d96fd328f13aeabb) --- libavformat/avidec.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavformat/avidec.c b/libavformat/avidec.c index 00ac3de2af..18e2d96868 100644 --- a/libavformat/avidec.c +++ b/libavformat/avidec.c @@ -706,7 +706,9 @@ static int avi_read_header(AVFormatContext *s) } break; case MKTAG('s', 't', 'r', 'd'): - if (stream_index >= (unsigned)s->nb_streams || s->streams[stream_index]->codec->extradata_size) { + if (stream_index >= (unsigned)s->nb_streams + || s->streams[stream_index]->codec->extradata_size + || s->streams[stream_index]->codec->codec_tag == MKTAG('H','2','6','4')) { avio_skip(pb, size); } else { uint64_t cur_pos = avio_tell(pb); From fd60aeb55b12caddd40a970c751e22539072f13f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 17 May 2013 22:03:14 +0200 Subject: [PATCH 042/452] avidec: dont randomly skip packets for offseting the index Fixes Ticket2490 Signed-off-by: Michael Niedermayer (cherry picked from commit 6c593f1b671b7725b8c36f92f7c0a23ccf8e7628) --- libavformat/avidec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavformat/avidec.c b/libavformat/avidec.c index 18e2d96868..6513f3f9eb 100644 --- a/libavformat/avidec.c +++ b/libavformat/avidec.c @@ -1005,9 +1005,9 @@ start_sync: || st->discard >= AVDISCARD_ALL){ if (!exit_early) { ast->frame_offset += get_duration(ast, size); + avio_skip(pb, size); + goto start_sync; } - avio_skip(pb, size); - goto start_sync; } if (d[2] == 'p' && d[3] == 'c' && size<=4*256+4) { From af589dd5e9f804629ac025ba6b40f750426a6e41 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Fri, 17 May 2013 02:32:21 +0200 Subject: [PATCH 043/452] configure: Autodetect VA-API This fixes a regression (reproducible since 1.2) and restores the behaviour of 0.6, 0.7, 0.8, 0.9, 0.10, 0.11, 1.0 and 1.1. (cherry picked from commit 17989dcf540c13a7122663f64c09dc830ffc3a41) --- configure | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/configure b/configure index e11767ba99..58469a901a 100755 --- a/configure +++ b/configure @@ -141,7 +141,7 @@ Component options: Hardware accelerators: --disable-dxva2 disable DXVA2 code [autodetect] - --enable-vaapi enable VAAPI code + --disable-vaapi disable VAAPI code [autodetect] --enable-vda enable VDA code --disable-vdpau disable VDPAU code [autodetect] @@ -2169,8 +2169,8 @@ enable safe_bitstream_reader enable static enable swscale_alpha -# By default, enable only those hwaccels that have no external dependencies. -enable dxva2 vdpau +# Enable hwaccels by default. +enable dxva2 vaapi vdpau # build settings SHFLAGS='-shared -Wl,-soname,$$(@F)' @@ -3876,7 +3876,6 @@ fi check_lib math.h sin -lm && LIBM="-lm" disabled crystalhd || check_lib libcrystalhd/libcrystalhd_if.h DtsCrystalHDVersion -lcrystalhd || disable crystalhd -enabled vaapi && require vaapi va/va.h vaInitialize -lva atan2f_args=2 ldexpf_args=2 @@ -4044,12 +4043,9 @@ require X11 X11/Xlib.h XOpenDisplay -lX11 && require Xext X11/extensions/XShm.h XShmCreateImage -lXext && require Xfixes X11/extensions/Xfixes.h XFixesGetCursorImage -lXfixes -if ! disabled vaapi; then - check_lib va/va.h vaInitialize -lva && { - check_cpp_condition va/va_version.h "VA_CHECK_VERSION(0,32,0)" || - warn "Please upgrade to VA-API >= 0.32 if you would like full VA-API support."; - } || disable vaapi -fi +enabled vaapi && + check_lib va/va.h vaInitialize -lva || + disable vaapi enabled vdpau && check_cpp_condition vdpau/vdpau.h "defined VDP_DECODER_PROFILE_MPEG4_PART2_ASP" || From ffd28de388638036c1a88f793876423507c21c48 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 15 May 2013 01:08:18 +0200 Subject: [PATCH 044/452] ffmpeg: free threads on error conditions. Fixes Ticket2562 Signed-off-by: Michael Niedermayer (cherry picked from commit 1a36c756d8959207d3386f03e11c15216abc50b7) --- ffmpeg.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ffmpeg.c b/ffmpeg.c index 2ea3694394..b272b55f8f 100644 --- a/ffmpeg.c +++ b/ffmpeg.c @@ -162,6 +162,8 @@ static struct termios oldtty; static int restore_tty; #endif +static void free_input_threads(void); + /* sub2video hack: Convert subtitles to video with alpha to insert them in filter graphs. @@ -457,6 +459,9 @@ static void exit_program(void) av_freep(&output_streams[i]->logfile_prefix); av_freep(&output_streams[i]); } +#if HAVE_PTHREADS + free_input_threads(); +#endif for (i = 0; i < nb_input_files; i++) { avformat_close_input(&input_files[i]->ctx); av_freep(&input_files[i]); From 5f64a7a6252ff7872975cd992f0d0ab5190eb43b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 20 May 2013 21:42:06 +0200 Subject: [PATCH 045/452] smacker: remove av_clip_int16() Fixes Ticket2425 Signed-off-by: Michael Niedermayer (cherry picked from commit 2211c76287e073a9e176fde7dbb9a63ceb2af8d1) --- libavcodec/smacker.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c index ad1d4c3171..5143d0b180 100644 --- a/libavcodec/smacker.c +++ b/libavcodec/smacker.c @@ -694,7 +694,7 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data, } val |= h[3].values[res] << 8; pred[1] += sign_extend(val, 16); - *samples++ = av_clip_int16(pred[1]); + *samples++ = pred[1]; } else { if(vlc[0].table) res = get_vlc2(&gb, vlc[0].table, SMKTREE_BITS, 3); @@ -715,7 +715,7 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data, } val |= h[1].values[res] << 8; pred[0] += sign_extend(val, 16); - *samples++ = av_clip_int16(pred[0]); + *samples++ = pred[0]; } } } else { //8-bit data From 735deda2cfeca24e842604f09eca487d501c2224 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 20 May 2013 18:58:39 +0200 Subject: [PATCH 046/452] avienc: Disallow the first frame to be skiped Fixes Ticket2386 Signed-off-by: Michael Niedermayer (cherry picked from commit cc0db8cf3042186d8355dcf10be67071cfbbcc5d) --- libavformat/avienc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/avienc.c b/libavformat/avienc.c index 15f07943f6..918992f5a9 100644 --- a/libavformat/avienc.c +++ b/libavformat/avienc.c @@ -523,7 +523,7 @@ static int avi_write_packet(AVFormatContext *s, AVPacket *pkt) int size= pkt->size; av_dlog(s, "dts:%s packet_count:%d stream_index:%d\n", av_ts2str(pkt->dts), avist->packet_count, stream_index); - while(enc->block_align==0 && pkt->dts != AV_NOPTS_VALUE && pkt->dts > avist->packet_count && enc->codec_id != AV_CODEC_ID_XSUB){ + while(enc->block_align==0 && pkt->dts != AV_NOPTS_VALUE && pkt->dts > avist->packet_count && enc->codec_id != AV_CODEC_ID_XSUB && avist->packet_count){ AVPacket empty_packet; if(pkt->dts - avist->packet_count > 60000){ From 96e6d4da374ffef3705e0dfcf312685d059484b4 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 30 May 2013 18:30:42 +0200 Subject: [PATCH 047/452] h264_cavlc: fix reading skip run Fixes Ticket2606 Signed-off-by: Michael Niedermayer (cherry picked from commit 826b3a75cd295c03720e00d3de83e1abcbedd4b9) --- libavcodec/h264_cavlc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h264_cavlc.c b/libavcodec/h264_cavlc.c index b75e653268..089d41aca4 100644 --- a/libavcodec/h264_cavlc.c +++ b/libavcodec/h264_cavlc.c @@ -706,7 +706,7 @@ int ff_h264_decode_mb_cavlc(H264Context *h){ down the code */ if(h->slice_type_nos != AV_PICTURE_TYPE_I){ if(h->mb_skip_run==-1) - h->mb_skip_run= get_ue_golomb(&h->gb); + h->mb_skip_run= get_ue_golomb_long(&h->gb); if (h->mb_skip_run--) { if(FRAME_MBAFF && (h->mb_y&1) == 0){ From f2361593ca1b542f0e9284d2d4276387f8fec1e3 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 2 Jun 2013 16:17:09 +0200 Subject: [PATCH 048/452] mpegvideo: implement ff_put_h264_chroma_mc1 & ff_avg_h264_chroma_mc2 These are needed for lowres 3 Fixes Ticket2538 Signed-off-by: Michael Niedermayer (cherry picked from commit c2625c26c5e58edfa39360b51125f1ddd593e4db) Signed-off-by: Carl Eugen Hoyos --- libavcodec/h264chroma.c | 2 ++ libavcodec/h264chroma.h | 4 ++-- libavcodec/h264chroma_template.c | 28 ++++++++++++++++++++++++++++ libavcodec/mpegvideo.c | 6 +++--- 4 files changed, 35 insertions(+), 5 deletions(-) diff --git a/libavcodec/h264chroma.c b/libavcodec/h264chroma.c index 3b780a04e2..8295f1943a 100644 --- a/libavcodec/h264chroma.c +++ b/libavcodec/h264chroma.c @@ -31,9 +31,11 @@ c->put_h264_chroma_pixels_tab[0] = put_h264_chroma_mc8_ ## depth ## _c; \ c->put_h264_chroma_pixels_tab[1] = put_h264_chroma_mc4_ ## depth ## _c; \ c->put_h264_chroma_pixels_tab[2] = put_h264_chroma_mc2_ ## depth ## _c; \ + c->put_h264_chroma_pixels_tab[3] = put_h264_chroma_mc1_ ## depth ## _c; \ c->avg_h264_chroma_pixels_tab[0] = avg_h264_chroma_mc8_ ## depth ## _c; \ c->avg_h264_chroma_pixels_tab[1] = avg_h264_chroma_mc4_ ## depth ## _c; \ c->avg_h264_chroma_pixels_tab[2] = avg_h264_chroma_mc2_ ## depth ## _c; \ + c->avg_h264_chroma_pixels_tab[3] = avg_h264_chroma_mc1_ ## depth ## _c; \ void ff_h264chroma_init(H264ChromaContext *c, int bit_depth) { diff --git a/libavcodec/h264chroma.h b/libavcodec/h264chroma.h index 4e035b0c38..90a09cc4d3 100644 --- a/libavcodec/h264chroma.h +++ b/libavcodec/h264chroma.h @@ -24,8 +24,8 @@ typedef void (*h264_chroma_mc_func)(uint8_t *dst/*align 8*/, uint8_t *src/*align 1*/, int srcStride, int h, int x, int y); typedef struct H264ChromaContext { - h264_chroma_mc_func put_h264_chroma_pixels_tab[3]; - h264_chroma_mc_func avg_h264_chroma_pixels_tab[3]; + h264_chroma_mc_func put_h264_chroma_pixels_tab[4]; + h264_chroma_mc_func avg_h264_chroma_pixels_tab[4]; } H264ChromaContext; void ff_h264chroma_init(H264ChromaContext *c, int bit_depth); diff --git a/libavcodec/h264chroma_template.c b/libavcodec/h264chroma_template.c index 93559d7c68..b64172aadf 100644 --- a/libavcodec/h264chroma_template.c +++ b/libavcodec/h264chroma_template.c @@ -24,6 +24,34 @@ #include "bit_depth_template.c" #define H264_CHROMA_MC(OPNAME, OP)\ +static void FUNCC(OPNAME ## h264_chroma_mc1)(uint8_t *_dst/*align 8*/, uint8_t *_src/*align 1*/, int stride, int h, int x, int y){\ + pixel *dst = (pixel*)_dst;\ + pixel *src = (pixel*)_src;\ + const int A=(8-x)*(8-y);\ + const int B=( x)*(8-y);\ + const int C=(8-x)*( y);\ + const int D=( x)*( y);\ + int i;\ + stride >>= sizeof(pixel)-1;\ + \ + av_assert2(x<8 && y<8 && x>=0 && y>=0);\ +\ + if(D){\ + for(i=0; iavctx->lowres; - const int op_index = FFMIN(lowres, 2); + const int op_index = FFMIN(lowres, 3); const int s_mask = (2 << lowres) - 1; int emu = 0; int sx, sy; @@ -2155,7 +2155,7 @@ static av_always_inline void mpeg_motion_lowres(MpegEncContext *s, int mx, my, src_x, src_y, uvsrc_x, uvsrc_y, uvlinesize, linesize, sx, sy, uvsx, uvsy; const int lowres = s->avctx->lowres; - const int op_index = FFMIN(lowres-1+s->chroma_x_shift, 2); + const int op_index = FFMIN(lowres-1+s->chroma_x_shift, 3); const int block_s = 8>>lowres; const int s_mask = (2 << lowres) - 1; const int h_edge_pos = s->h_edge_pos >> lowres; @@ -2279,7 +2279,7 @@ static inline void chroma_4mv_motion_lowres(MpegEncContext *s, int mx, int my) { const int lowres = s->avctx->lowres; - const int op_index = FFMIN(lowres, 2); + const int op_index = FFMIN(lowres, 3); const int block_s = 8 >> lowres; const int s_mask = (2 << lowres) - 1; const int h_edge_pos = s->h_edge_pos >> lowres + 1; From 9af68f8d1f3df12a32574e003e065bc565695b52 Mon Sep 17 00:00:00 2001 From: Claudio Freire Date: Sat, 4 May 2013 18:36:37 -0300 Subject: [PATCH 049/452] AAC encoder: Fix rate control on twoloop. Fixes a case where multichannel bitrate isn't accurately targetted by psy model alone, never achieving the target bitrate. Now fixed. Fixes ticket #2625. Signed-off-by: Michael Niedermayer Signed-off-by: Carl Eugen Hoyos --- libavcodec/aaccoder.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/aaccoder.c b/libavcodec/aaccoder.c index 994de286c9..45fbc2dedf 100644 --- a/libavcodec/aaccoder.c +++ b/libavcodec/aaccoder.c @@ -710,7 +710,7 @@ static void search_for_quantizers_twoloop(AVCodecContext *avctx, const float lambda) { int start = 0, i, w, w2, g; - int destbits = avctx->bit_rate * 1024.0 / avctx->sample_rate / avctx->channels; + int destbits = avctx->bit_rate * 1024.0 / avctx->sample_rate / avctx->channels * (lambda / 120.f); float dists[128] = { 0 }, uplims[128]; float maxvals[128]; int fflag, minscaler; From 376a9f8e6e362178c4e9d95c7d18e1775c014eb6 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 11 Jun 2013 00:33:27 +0200 Subject: [PATCH 050/452] avcodec/utils: Fix encoder allocation size Fixes Ticket2645 Found-by: Darrell Walisser Signed-off-by: Michael Niedermayer (cherry picked from commit 175e916fa20b7887bdb29809817985e481ae0888) Conflicts: libavcodec/utils.c --- libavcodec/utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index 8a4aaf486f..2fd61e627c 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -474,7 +474,7 @@ static int video_get_buffer(AVCodecContext *s, AVFrame *pic) buf->linesize[i] = picture.linesize[i]; - buf->base[i] = av_malloc(size[i] + 16); //FIXME 16 + buf->base[i] = av_malloc(size[i] + 16 + STRIDE_ALIGN - 1); //FIXME 16 if (buf->base[i] == NULL) return AVERROR(ENOMEM); From e22dd7fbd09d9384a08b11bafe3d1bbe0a89bf8b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 13 Jun 2013 00:01:13 +0200 Subject: [PATCH 051/452] alacenc: Fix missing sign_extend() Fixes ticket #2497 Signed-off-by: Michael Niedermayer (cherry picked from commit 8aea2f05dc56f7e7d60767dd27ba8e846a05e8ae) --- libavcodec/alacenc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/alacenc.c b/libavcodec/alacenc.c index 4ee558c673..83063ab0f7 100644 --- a/libavcodec/alacenc.c +++ b/libavcodec/alacenc.c @@ -274,7 +274,7 @@ static void alac_linear_predictor(AlacEncodeContext *s, int ch) // generate warm-up samples residual[0] = samples[0]; for (i = 1; i <= lpc.lpc_order; i++) - residual[i] = samples[i] - samples[i-1]; + residual[i] = sign_extend(samples[i] - samples[i-1], s->write_sample_size); // perform lpc on remaining samples for (i = lpc.lpc_order + 1; i < s->frame_size; i++) { From 054779625f76bcc3dea9ff1175f4eedc8847c187 Mon Sep 17 00:00:00 2001 From: Janne Grunau Date: Tue, 18 Jun 2013 01:56:06 +0200 Subject: [PATCH 052/452] vaapi: return early from ff_vaapi_render_picture() without picture Fixes an assertion when called on uninitialized frame. Spotted after seeking in vlc. Fixes ticket #2461. Tested-by: Timo Reviewed-by: Joakim Plate Signed-off-by: Carl Eugen Hoyos (cherry picked from commit 2ee380aefbb92c89e8e9c7aa5846aa404919ec7c) --- libavcodec/vaapi.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/vaapi.c b/libavcodec/vaapi.c index a220a9d3c2..94959bf5ed 100644 --- a/libavcodec/vaapi.c +++ b/libavcodec/vaapi.c @@ -46,6 +46,9 @@ int ff_vaapi_render_picture(struct vaapi_context *vactx, VASurfaceID surface) VABufferID va_buffers[3]; unsigned int n_va_buffers = 0; + if (!vactx->pic_param_buf_id) + return 0; + vaUnmapBuffer(vactx->display, vactx->pic_param_buf_id); va_buffers[n_va_buffers++] = vactx->pic_param_buf_id; From ae93d3405e5e3c04bad2a74b4679482666535a51 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 18 Jun 2013 02:09:46 +0200 Subject: [PATCH 053/452] swresample/x86/audio_convert: add emms to CONV Fixes ticket #1874 Signed-off-by: Michael Niedermayer (cherry picked from commit ca2818b88155029bb6f989ee522e7f8e9e9f5927) --- libswresample/x86/audio_convert.asm | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libswresample/x86/audio_convert.asm b/libswresample/x86/audio_convert.asm index ad46977c6f..4963959c54 100644 --- a/libswresample/x86/audio_convert.asm +++ b/libswresample/x86/audio_convert.asm @@ -195,7 +195,12 @@ cglobal %2_to_%1_%3, 3, 3, 6, dst, src, len add lenq, 2*mmsize/(1<<%4) %endif jl .next +%if mmsize == 8 + emms + RET +%else REP_RET +%endif %endmacro %macro PACK_6CH 5-7 From 04d69466003ff9496a8238d5d5e8714759662112 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 18 Jun 2013 20:47:07 +0200 Subject: [PATCH 054/452] ff_gen_search: make step 64 bit to prevent hypothetical integer overflow Signed-off-by: Michael Niedermayer (cherry picked from commit 9d73e302537144877ca9d5b648b21aca28b78f4f) --- libavformat/utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index 7383cdeb9d..1ba9258977 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -1859,7 +1859,7 @@ int64_t ff_gen_search(AVFormatContext *s, int stream_index, int64_t target_ts, } if(ts_max == AV_NOPTS_VALUE){ - int step= 1024; + int64_t step= 1024; filesize = avio_size(s->pb); pos_max = filesize - 1; do{ From c77b3737b9d1bdc27a7ac9ae8d5655c5bb000304 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 18 Jun 2013 20:48:53 +0200 Subject: [PATCH 055/452] ff_gen_search: fix limit The limit value could become slightly wrong in the last iteration Signed-off-by: Michael Niedermayer (cherry picked from commit b3dd50cd0dbbda08610b75384128f5f47f5199d9) --- libavformat/utils.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index 1ba9258977..d9c95cf999 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -1860,11 +1860,13 @@ int64_t ff_gen_search(AVFormatContext *s, int stream_index, int64_t target_ts, if(ts_max == AV_NOPTS_VALUE){ int64_t step= 1024; + int64_t limit; filesize = avio_size(s->pb); pos_max = filesize - 1; do{ + limit = pos_max; pos_max = FFMAX(0, pos_max - step); - ts_max = ff_read_timestamp(s, stream_index, &pos_max, pos_max + step, read_timestamp); + ts_max = ff_read_timestamp(s, stream_index, &pos_max, limit, read_timestamp); step += step; }while(ts_max == AV_NOPTS_VALUE && pos_max > 0); if (ts_max == AV_NOPTS_VALUE) From c0445df5b35947cf40abcb15ce6b39e404e20799 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 18 Jun 2013 20:50:15 +0200 Subject: [PATCH 056/452] ff_gen_search: fix infinite loop Fixes Ticket2639 Signed-off-by: Michael Niedermayer (cherry picked from commit f8ca8138f01d0a7d96d4e1ea65fecd1197f96206) --- libavformat/utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index d9c95cf999..ed83f28b0a 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -1868,7 +1868,7 @@ int64_t ff_gen_search(AVFormatContext *s, int stream_index, int64_t target_ts, pos_max = FFMAX(0, pos_max - step); ts_max = ff_read_timestamp(s, stream_index, &pos_max, limit, read_timestamp); step += step; - }while(ts_max == AV_NOPTS_VALUE && pos_max > 0); + }while(ts_max == AV_NOPTS_VALUE && 2*limit > step); if (ts_max == AV_NOPTS_VALUE) return -1; From 59549b5ab7f26d6b95853e8f998baf8d2889c426 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Wed, 19 Jun 2013 16:31:10 +0200 Subject: [PATCH 057/452] Autodetect idcin only if audio properties allow decoding. Fixes ticket #2688. (cherry picked from commit 06bede95fcea47d2e51e8ff248c15311f335b898) --- libavformat/idcin.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/libavformat/idcin.c b/libavformat/idcin.c index c32607def2..e73e873d34 100644 --- a/libavformat/idcin.c +++ b/libavformat/idcin.c @@ -93,7 +93,7 @@ typedef struct IdcinDemuxContext { static int idcin_probe(AVProbeData *p) { - unsigned int number; + unsigned int number, sample_rate; /* * This is what you could call a "probabilistic" file check: id CIN @@ -122,18 +122,18 @@ static int idcin_probe(AVProbeData *p) return 0; /* check the audio sample rate */ - number = AV_RL32(&p->buf[8]); - if ((number != 0) && ((number < 8000) | (number > 48000))) + sample_rate = AV_RL32(&p->buf[8]); + if (sample_rate && (sample_rate < 8000 || sample_rate > 48000)) return 0; /* check the audio bytes/sample */ number = AV_RL32(&p->buf[12]); - if (number > 2) + if (number > 2 || sample_rate && !number) return 0; /* check the audio channels */ number = AV_RL32(&p->buf[16]); - if (number > 2) + if (number > 2 || sample_rate && !number) return 0; /* return half certainly since this check is a bit sketchy */ From e4bb67bc506924e1eb115b04202aebd2a31374bc Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 21 Jun 2013 01:11:45 +0200 Subject: [PATCH 058/452] avformat/libmodplug: Reduce the probe score for small input This ensures that theres enough data for mpeg_probe() to recognize mpeg-ps Fixes Ticket2583 Based on code by: Paul B Mahol Signed-off-by: Michael Niedermayer (cherry picked from commit c605adbf562fbf535e83ae427bb681bc45e440c8) --- libavformat/libmodplug.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/libavformat/libmodplug.c b/libavformat/libmodplug.c index aa8edccb59..4ba9392aa0 100644 --- a/libavformat/libmodplug.c +++ b/libavformat/libmodplug.c @@ -347,6 +347,19 @@ static int modplug_read_seek(AVFormatContext *s, int stream_idx, int64_t ts, int return 0; } +static const char modplug_extensions[] = "669,abc,amf,ams,dbm,dmf,dsm,far,it,mdl,med,mid,mod,mt2,mtm,okt,psm,ptm,s3m,stm,ult,umx,xm,itgz,itr,itz,mdgz,mdr,mdz,s3gz,s3r,s3z,xmgz,xmr,xmz"; + +static int modplug_probe(AVProbeData *p) +{ + if (av_match_ext(p->filename, modplug_extensions)) { + if (p->buf_size < 16384) + return AVPROBE_SCORE_MAX/4-1; + else + return AVPROBE_SCORE_MAX/2; + } + return 0; +} + static const AVClass modplug_class = { .class_name = "ModPlug demuxer", .item_name = av_default_item_name, @@ -358,11 +371,11 @@ AVInputFormat ff_libmodplug_demuxer = { .name = "libmodplug", .long_name = NULL_IF_CONFIG_SMALL("ModPlug demuxer"), .priv_data_size = sizeof(ModPlugContext), + .read_probe = modplug_probe, .read_header = modplug_read_header, .read_packet = modplug_read_packet, .read_close = modplug_read_close, .read_seek = modplug_read_seek, - .extensions = "669,abc,amf,ams,dbm,dmf,dsm,far,it,mdl,med,mid,mod,mt2,mtm,okt,psm,ptm,s3m,stm,ult,umx,xm" - ",itgz,itr,itz,mdgz,mdr,mdz,s3gz,s3r,s3z,xmgz,xmr,xmz", // compressed mods + .extensions = modplug_extensions, .priv_class = &modplug_class, }; From 073bde2b1fbb19eeabd00abe944cdf5c3cfdb000 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 20 Jun 2013 21:49:02 +0200 Subject: [PATCH 059/452] avformat/iff: Byte seek is unsupported Fixes Ticket2194 Signed-off-by: Michael Niedermayer (cherry picked from commit 03cd3bec6e66a49bcec138d72bac97cb8a64d246) --- libavformat/iff.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/iff.c b/libavformat/iff.c index 100d981cab..17be2b1ece 100644 --- a/libavformat/iff.c +++ b/libavformat/iff.c @@ -478,5 +478,5 @@ AVInputFormat ff_iff_demuxer = { .read_probe = iff_probe, .read_header = iff_read_header, .read_packet = iff_read_packet, - .flags = AVFMT_GENERIC_INDEX, + .flags = AVFMT_GENERIC_INDEX | AVFMT_NO_BYTE_SEEK, }; From fbb1af39e464f519fbc8b2dd964d80ac19eb76b6 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 20 Jun 2013 20:20:56 +0200 Subject: [PATCH 060/452] avdevice/x11grab: allocate just one Cursor Fixes resource leak and Ticket2450 Reviewed-by: Carl Eugen Hoyos Signed-off-by: Michael Niedermayer (cherry picked from commit 1ee8fadb811f3b1ef370c7d6c7bf62088f1cc954) --- libavdevice/x11grab.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/libavdevice/x11grab.c b/libavdevice/x11grab.c index 612400654b..7db1da675a 100644 --- a/libavdevice/x11grab.c +++ b/libavdevice/x11grab.c @@ -78,6 +78,7 @@ struct x11grab { int show_region; /**< set by a private option. */ char *framerate; /**< Set by a private option. */ + Cursor c; Window region_win; /**< This is used by show_region option. */ }; @@ -353,7 +354,6 @@ paint_mouse_pointer(XImage *image, struct x11grab *s) * Anyone who performs further investigation of the xlib API likely risks * permanent brain damage. */ uint8_t *pix = image->data; - Cursor c; Window w; XSetWindowAttributes attr; @@ -361,9 +361,10 @@ paint_mouse_pointer(XImage *image, struct x11grab *s) if (image->bits_per_pixel != 24 && image->bits_per_pixel != 32) return; - c = XCreateFontCursor(dpy, XC_left_ptr); + if(!s->c) + s->c = XCreateFontCursor(dpy, XC_left_ptr); w = DefaultRootWindow(dpy); - attr.cursor = c; + attr.cursor = s->c; XChangeWindowAttributes(dpy, w, CWCursor, &attr); xcim = XFixesGetCursorImage(dpy); From 1065d4197e979f5b37d5232e90eeb1f35d994ccd Mon Sep 17 00:00:00 2001 From: Hendrik Leppkes Date: Sat, 15 Jun 2013 22:46:01 +0200 Subject: [PATCH 061/452] mathops/x86: work around inline asm miscompilation with GCC 4.8.1 The volatile is not required here, and prevents a miscompilation with GCC 4.8.1 when building on x86 with --cpu=i686 Signed-off-by: Michael Niedermayer (cherry picked from commit 659df32a9d8984081ccd54adc3aee7daeb33388d) --- libavcodec/x86/mathops.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/x86/mathops.h b/libavcodec/x86/mathops.h index 79e29e6232..76ea1315c2 100644 --- a/libavcodec/x86/mathops.h +++ b/libavcodec/x86/mathops.h @@ -74,7 +74,7 @@ static av_always_inline av_const int64_t MUL64(int a, int b) static inline av_const int mid_pred(int a, int b, int c) { int i=b; - __asm__ volatile( + __asm__ ( "cmp %2, %1 \n\t" "cmovg %1, %0 \n\t" "cmovg %2, %1 \n\t" From fcc6460dbfccfb551fc6496b9e685b58839d1f1c Mon Sep 17 00:00:00 2001 From: Nigel Touati-Evans Date: Thu, 27 Jun 2013 12:28:43 +0100 Subject: [PATCH 062/452] Fix copying extradata to codec in mxfdec.c The code that copies any extradata from the MXFDescriptor to the codec does not set the size, which it should otherwise the copied data is useless. Signed-off-by: Michael Niedermayer (cherry picked from commit 42bd0cd21ae68abef4436cc97d67f592be38d3e3) Conflicts: libavformat/mxfdec.c --- libavformat/mxfdec.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index f7aaa5a9de..06aa8ac617 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -1600,8 +1600,10 @@ static int mxf_parse_structural_metadata(MXFContext *mxf) } if (descriptor->extradata) { st->codec->extradata = av_mallocz(descriptor->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE); - if (st->codec->extradata) + if (st->codec->extradata) { memcpy(st->codec->extradata, descriptor->extradata, descriptor->extradata_size); + st->codec->extradata_size = descriptor->extradata_size; + } } else if(st->codec->codec_id == CODEC_ID_H264) { ff_generate_avci_extradata(st); } From 99036565ca8ba81fee31ddb0ba196c325696c8c2 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 1 Jul 2013 20:48:38 +0200 Subject: [PATCH 063/452] avcodec/x86/dsputil_init: only use xvid idct for lowres=0 Fixes crash Fixes Ticket2714 Signed-off-by: Michael Niedermayer (cherry picked from commit b791a0831b0a027e7ba4eb6961cc0180472ac603) Conflicts: libavcodec/x86/dsputil_init.c --- libavcodec/x86/dsputil_mmx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/x86/dsputil_mmx.c b/libavcodec/x86/dsputil_mmx.c index 15e46c7228..ad1123c827 100644 --- a/libavcodec/x86/dsputil_mmx.c +++ b/libavcodec/x86/dsputil_mmx.c @@ -1764,7 +1764,7 @@ static av_cold void dsputil_init_sse2(DSPContext *c, AVCodecContext *avctx, const int high_bit_depth = bit_depth > 8; #if HAVE_SSE2_INLINE - if (!high_bit_depth && avctx->idct_algo == FF_IDCT_XVIDMMX) { + if (!high_bit_depth && avctx->idct_algo == FF_IDCT_XVIDMMX && avctx->lowres == 0) { c->idct_put = ff_idct_xvid_sse2_put; c->idct_add = ff_idct_xvid_sse2_add; c->idct = ff_idct_xvid_sse2; From b88bea1d6c8aa11cb4ea9d4ad90d80bd66776f24 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 1 Jul 2013 23:38:08 +0200 Subject: [PATCH 064/452] rmdec: Pass AVIOContext to rm_read_metadata() Fix null pointer dereference Fixes Ticket2588 Signed-off-by: Michael Niedermayer (cherry picked from commit bf87908cd8da31e8f8fe75c06577170928ea70a8) --- libavformat/rmdec.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c index 243c693343..2edbfc3780 100644 --- a/libavformat/rmdec.c +++ b/libavformat/rmdec.c @@ -95,13 +95,14 @@ static int rm_read_extradata(AVIOContext *pb, AVCodecContext *avctx, unsigned si return 0; } -static void rm_read_metadata(AVFormatContext *s, int wide) +static void rm_read_metadata(AVFormatContext *s, AVIOContext *pb, int wide) { char buf[1024]; int i; + for (i=0; ipb) : avio_r8(s->pb); - get_strl(s->pb, buf, sizeof(buf), len); + int len = wide ? avio_rb16(pb) : avio_r8(pb); + get_strl(pb, buf, sizeof(buf), len); av_dict_set(&s->metadata, ff_rm_metadata[i], buf, 0); } } @@ -134,7 +135,7 @@ static int rm_read_audio_stream_info(AVFormatContext *s, AVIOContext *pb, avio_skip(pb, 8); bytes_per_minute = avio_rb16(pb); avio_skip(pb, 4); - rm_read_metadata(s, 0); + rm_read_metadata(s, pb, 0); if ((startpos + header_size) >= avio_tell(pb) + 2) { // fourcc (should always be "lpcJ") avio_r8(pb); @@ -293,7 +294,7 @@ static int rm_read_audio_stream_info(AVFormatContext *s, AVIOContext *pb, avio_r8(pb); avio_r8(pb); avio_r8(pb); - rm_read_metadata(s, 0); + rm_read_metadata(s, pb, 0); } } return 0; @@ -516,7 +517,7 @@ static int rm_read_header(AVFormatContext *s) flags = avio_rb16(pb); /* flags */ break; case MKTAG('C', 'O', 'N', 'T'): - rm_read_metadata(s, 1); + rm_read_metadata(s, pb, 1); break; case MKTAG('M', 'D', 'P', 'R'): st = avformat_new_stream(s, NULL); From cb340ecd7d96a2933efdde16462df7bd6cf97dfe Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 5 Jul 2013 03:27:07 +0200 Subject: [PATCH 065/452] mpegts: only reopen pmt_cb filter if its different from the previous. Fixes Ticket2632 Signed-off-by: Michael Niedermayer (cherry picked from commit b009267910df10c004b5f340a090d45da29089a0) --- libavformat/mpegts.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/libavformat/mpegts.c b/libavformat/mpegts.c index 32aa51f97e..216e2f06f6 100644 --- a/libavformat/mpegts.c +++ b/libavformat/mpegts.c @@ -1622,12 +1622,18 @@ static void pat_cb(MpegTSFilter *filter, const uint8_t *section, int section_len if (sid == 0x0000) { /* NIT info */ } else { + MpegTSFilter *fil = ts->pids[pmt_pid]; program = av_new_program(ts->stream, sid); program->program_num = sid; program->pmt_pid = pmt_pid; - if (ts->pids[pmt_pid]) - mpegts_close_filter(ts, ts->pids[pmt_pid]); - mpegts_open_section_filter(ts, pmt_pid, pmt_cb, ts, 1); + if (fil) + if ( fil->type != MPEGTS_SECTION + || fil->pid != pmt_pid + || fil->u.section_filter.section_cb != pmt_cb) + mpegts_close_filter(ts, ts->pids[pmt_pid]); + + if (!ts->pids[pmt_pid]) + mpegts_open_section_filter(ts, pmt_pid, pmt_cb, ts, 1); add_pat_entry(ts, sid); add_pid_to_pmt(ts, sid, 0); //add pat pid to program add_pid_to_pmt(ts, sid, pmt_pid); From 5effd65312dd738fb590f1ce45be30a50aaabc72 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 7 Jul 2013 01:29:18 +0200 Subject: [PATCH 066/452] avcodec/x86/vp3dsp_init: move mmx functions under HAVE_MMX_INLINE Signed-off-by: Michael Niedermayer (cherry picked from commit abce6dfd9ecea358f8def5040f60fcbe7f89e970) --- libavcodec/x86/vp3dsp_init.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libavcodec/x86/vp3dsp_init.c b/libavcodec/x86/vp3dsp_init.c index 288dbcc6f3..75dcdf6811 100644 --- a/libavcodec/x86/vp3dsp_init.c +++ b/libavcodec/x86/vp3dsp_init.c @@ -43,7 +43,7 @@ void ff_vp3_v_loop_filter_mmxext(uint8_t *src, int stride, void ff_vp3_h_loop_filter_mmxext(uint8_t *src, int stride, int *bounding_values); -#if HAVE_INLINE_ASM +#if HAVE_MMX_INLINE #define MOVQ_BFE(regd) \ __asm__ volatile ( \ @@ -95,15 +95,15 @@ static void put_vp_no_rnd_pixels8_l2_mmx(uint8_t *dst, const uint8_t *a, const u :"memory"); // STOP_TIMER("put_vp_no_rnd_pixels8_l2_mmx") } -#endif /* HAVE_INLINE_ASM */ +#endif /* HAVE_MMX_INLINE */ av_cold void ff_vp3dsp_init_x86(VP3DSPContext *c, int flags) { int cpuflags = av_get_cpu_flags(); -#if HAVE_INLINE_ASM +#if HAVE_MMX_INLINE c->put_no_rnd_pixels_l2 = put_vp_no_rnd_pixels8_l2_mmx; -#endif /* HAVE_INLINE_ASM */ +#endif /* HAVE_MMX_INLINE */ #if ARCH_X86_32 if (EXTERNAL_MMX(cpuflags)) { From 5ce57e0248ec5b768568d9cc2aaf4d73a90b4d33 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 7 Jul 2013 01:29:48 +0200 Subject: [PATCH 067/452] libavcodec/x86/mpegvideo: Move mmx functions under HAVE_MMX_INLINE should fix ticket2755 Signed-off-by: Michael Niedermayer (cherry picked from commit 707b2135fda3687a6eeb91411f801e437f633f30) --- libavcodec/x86/mpegvideo.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libavcodec/x86/mpegvideo.c b/libavcodec/x86/mpegvideo.c index 903ad62dd5..8007fb5e77 100644 --- a/libavcodec/x86/mpegvideo.c +++ b/libavcodec/x86/mpegvideo.c @@ -26,7 +26,7 @@ #include "libavcodec/mpegvideo.h" #include "dsputil_mmx.h" -#if HAVE_INLINE_ASM +#if HAVE_MMX_INLINE static void dct_unquantize_h263_intra_mmx(MpegEncContext *s, int16_t *block, int n, int qscale) @@ -574,11 +574,11 @@ static void denoise_dct_sse2(MpegEncContext *s, int16_t *block){ ); } -#endif /* HAVE_INLINE_ASM */ +#endif /* HAVE_MMX_INLINE */ av_cold void ff_MPV_common_init_x86(MpegEncContext *s) { -#if HAVE_INLINE_ASM +#if HAVE_MMX_INLINE int mm_flags = av_get_cpu_flags(); if (mm_flags & AV_CPU_FLAG_MMX) { @@ -596,5 +596,5 @@ av_cold void ff_MPV_common_init_x86(MpegEncContext *s) s->denoise_dct= denoise_dct_mmx; } } -#endif /* HAVE_INLINE_ASM */ +#endif /* HAVE_MMX_INLINE */ } From 627772d9886f1a766c73dc161710c54de07bfdd3 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 7 Jul 2013 02:42:40 +0200 Subject: [PATCH 068/452] avformat/mov: Fix duration of fragmented mov Fixes Ticket2757 Signed-off-by: Michael Niedermayer (cherry picked from commit dc2a13aa802fc691c25d5e0194818831058316ee) --- libavformat/mov.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index 137f79b331..82972777a7 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -880,7 +880,7 @@ static int mov_read_mvhd(MOVContext *c, AVIOContext *pb, MOVAtom atom) c->duration = (version == 1) ? avio_rb64(pb) : avio_rb32(pb); /* duration */ // set the AVCodecContext duration because the duration of individual tracks // may be inaccurate - if (c->time_scale > 0) + if (c->time_scale > 0 && !c->trex_data) c->fc->duration = av_rescale(c->duration, AV_TIME_BASE, c->time_scale); avio_rb32(pb); /* preferred scale */ From 430ef8a7166b47666d45f180c33b2515cf555933 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 17 Jun 2013 22:03:36 +0200 Subject: [PATCH 069/452] mmsh: dont close context on seeking failure Fixes Ticket2581 Signed-off-by: Michael Niedermayer (cherry picked from commit b4579a29c75e2968ede2ad002dd4a495dbfc883d) --- libavformat/mmsh.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libavformat/mmsh.c b/libavformat/mmsh.c index 86a0575e59..d5d2f0c171 100644 --- a/libavformat/mmsh.c +++ b/libavformat/mmsh.c @@ -309,14 +309,16 @@ static int mmsh_open_internal(URLContext *h, const char *uri, int flags, int tim return 0; fail: av_freep(&stream_selection); - mmsh_close(h); av_dlog(NULL, "Connection failed with error %d\n", err); return err; } static int mmsh_open(URLContext *h, const char *uri, int flags) { - return mmsh_open_internal(h, uri, flags, 0, 0); + int ret = mmsh_open_internal(h, uri, flags, 0, 0); + if (ret < 0) + mmsh_close(h); + return ret; } static int handle_chunk_type(MMSHContext *mmsh) From ce11d9490cc2e89b62734cc6c5b58a9f90fdd27f Mon Sep 17 00:00:00 2001 From: James Almer Date: Sat, 6 Jul 2013 04:34:13 -0300 Subject: [PATCH 070/452] oggparseskeleton: Fix fisbone header parsing start_granule should be applied to the stream referenced in the fisbone packet, not to the Skeleton stream. This was broken in d1f05dd18375f2f8e68372edee11436927e43ba8 and produced bogus warnings about multiple fisbone in the same stream on files with more than one stream. Signed-off-by: Michael Niedermayer (cherry picked from commit 3960992f0abf8e28acada220c79fb754d67298ba) --- libavformat/oggparseskeleton.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/libavformat/oggparseskeleton.c b/libavformat/oggparseskeleton.c index b6959a6543..719e06583d 100644 --- a/libavformat/oggparseskeleton.c +++ b/libavformat/oggparseskeleton.c @@ -74,12 +74,17 @@ static int skeleton_header(AVFormatContext *s, int idx) target_idx = ogg_find_stream(ogg, AV_RL32(buf+12)); start_granule = AV_RL64(buf+36); + if (target_idx < 0) { + av_log(s, AV_LOG_WARNING, "Serial number in fisbone doesn't match any stream\n"); + return 1; + } + os = ogg->streams + target_idx; if (os->start_granule != OGG_NOGRANULE_VALUE) { av_log_missing_feature(s, "Multiple fisbone for the same stream", 0); return 1; } - if (target_idx >= 0 && start_granule != OGG_NOGRANULE_VALUE) { + if (start_granule != OGG_NOGRANULE_VALUE) { os->start_granule = start_granule; } } From dc73774792265e24fc1aad1b9d36f7c6669b8d66 Mon Sep 17 00:00:00 2001 From: James Almer Date: Sat, 6 Jul 2013 04:34:13 -0300 Subject: [PATCH 071/452] oggparseskeleton: Replace avpriv_report_missing_feature() with a normal av_log() call since there should not be more than one fisbone for a given stream. Signed-off-by: Michael Niedermayer (cherry picked from commit 63d7684fefcfa9de1a04b43471f876e882ba7aac) Conflicts: libavformat/oggparseskeleton.c --- libavformat/oggparseskeleton.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libavformat/oggparseskeleton.c b/libavformat/oggparseskeleton.c index 719e06583d..b0121059a0 100644 --- a/libavformat/oggparseskeleton.c +++ b/libavformat/oggparseskeleton.c @@ -80,8 +80,7 @@ static int skeleton_header(AVFormatContext *s, int idx) } os = ogg->streams + target_idx; if (os->start_granule != OGG_NOGRANULE_VALUE) { - av_log_missing_feature(s, - "Multiple fisbone for the same stream", 0); + av_log(s, AV_LOG_WARNING, "Multiple fisbone for the same stream\n"); return 1; } if (start_granule != OGG_NOGRANULE_VALUE) { From ba4cb43f0b94ad7a468d34c172a87c73c95243a7 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 6 Jul 2013 23:53:19 +0200 Subject: [PATCH 072/452] oggparseskeleton: avoid header parsing failure Based on description by James Almer and the xiph wiki Signed-off-by: Michael Niedermayer (cherry picked from commit 9a6e814be7c052deb34a8f585176d053f4c187c1) --- libavformat/oggparseskeleton.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/oggparseskeleton.c b/libavformat/oggparseskeleton.c index b0121059a0..d94b0c2e07 100644 --- a/libavformat/oggparseskeleton.c +++ b/libavformat/oggparseskeleton.c @@ -37,6 +37,9 @@ static int skeleton_header(AVFormatContext *s, int idx) strcpy(st->codec->codec_name, "skeleton"); st->codec->codec_type = AVMEDIA_TYPE_DATA; + if ((os->flags & OGG_FLAG_EOS) && os->psize == 0) + return 1; + if (os->psize < 8) return -1; From 2e75c455935d46b205d3f2ebd162874c00bbc08b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 7 Jul 2013 13:15:32 +0200 Subject: [PATCH 073/452] mp3dec: detect CBR and use CBR axiom to seek This should also work reasonable with truncated and growing mp3s. Fixes Ticket2590 Signed-off-by: Michael Niedermayer (cherry picked from commit e096283ea55bc36a637b47329e19ddb26fb1440b) Conflicts: libavformat/mp3dec.c --- libavformat/mp3dec.c | 29 +++++++++++++++++++++++------ 1 file changed, 23 insertions(+), 6 deletions(-) diff --git a/libavformat/mp3dec.c b/libavformat/mp3dec.c index 57e4ba33b1..858e93c3c7 100644 --- a/libavformat/mp3dec.c +++ b/libavformat/mp3dec.c @@ -37,9 +37,11 @@ typedef struct { int64_t filesize; + int64_t header_filesize; int xing_toc; int start_pad; int end_pad; + int is_cbr; } MP3Context; /* mp3 read */ @@ -185,6 +187,9 @@ static int mp3_parse_vbr_tags(AVFormatContext *s, AVStream *st, int64_t base) if (size && frames && !is_cbr) st->codec->bit_rate = av_rescale(size, 8 * c.sample_rate, frames * (int64_t)spf); + mp3->is_cbr = is_cbr; + mp3->header_filesize = size; + return 0; } @@ -274,21 +279,33 @@ static int mp3_seek(AVFormatContext *s, int stream_index, int64_t timestamp, int flags) { MP3Context *mp3 = s->priv_data; - AVIndexEntry *ie; + AVIndexEntry *ie, ie1; AVStream *st = s->streams[0]; int64_t ret = av_index_search_timestamp(st, timestamp, flags); int i, j; - if (!mp3->xing_toc) { + if (mp3->is_cbr && st->duration > 0 && mp3->header_filesize > s->data_offset) { + int64_t filesize = avio_size(s->pb); + int64_t duration; + if (filesize <= s->data_offset) + filesize = mp3->header_filesize; + filesize -= s->data_offset; + duration = av_rescale(st->duration, filesize, mp3->header_filesize - s->data_offset); + ie = &ie1; + timestamp = av_clip64(timestamp, 0, duration); + ie->timestamp = timestamp; + ie->pos = av_rescale(timestamp, filesize, duration) + s->data_offset; + } else if (mp3->xing_toc) { + if (ret < 0) + return ret; + + ie = &st->index_entries[ret]; + } else { st->skip_samples = timestamp <= 0 ? mp3->start_pad + 528 + 1 : 0; return -1; } - if (ret < 0) - return ret; - - ie = &st->index_entries[ret]; ret = avio_seek(s->pb, ie->pos, SEEK_SET); if (ret < 0) return ret; From 6cb33e076323c684e91abe71d9b3fabe6830c75d Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 8 Jul 2013 21:46:20 +0200 Subject: [PATCH 074/452] mpeg12dec: avoid reinitialization on PS changes when possible. Fixes Ticket2574 Signed-off-by: Michael Niedermayer (cherry picked from commit 970c8df73528659925819dec31c4c8c0887f0321) Conflicts: libavcodec/mpeg12dec.c --- libavcodec/mpeg12.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mpeg12.c b/libavcodec/mpeg12.c index 9d2743a6df..40219960da 100644 --- a/libavcodec/mpeg12.c +++ b/libavcodec/mpeg12.c @@ -1266,7 +1266,7 @@ static int mpeg_decode_postinit(AVCodecContext *avctx) s1->save_width != s->width || s1->save_height != s->height || s1->save_aspect_info != s->aspect_ratio_info || - s1->save_progressive_seq != s->progressive_sequence || + (s1->save_progressive_seq != s->progressive_sequence && (s->height&31)) || 0) { From d8538a10024cc33075a8d5b121336ed12ba545ad Mon Sep 17 00:00:00 2001 From: Dale Curtis Date: Wed, 22 May 2013 15:17:08 -0700 Subject: [PATCH 075/452] avformat/utils: Keep internal and external av_read_frame() packets in sync. Otherwise, during error conditions, the caller will be left with dangling pointers to a destructed packet => boom. BUG=242786 TEST=ffmpeg_regression_tests Commit slightly simplified by commiter Signed-off-by: Michael Niedermayer (cherry picked from commit c54a1565f512858ccfa70392f40f11c098bc1b63) Signed-off-by: Michael Niedermayer --- libavformat/utils.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/utils.c b/libavformat/utils.c index ed83f28b0a..4e6e21586d 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -1457,6 +1457,9 @@ static int read_frame_internal(AVFormatContext *s, AVPacket *pkt) st->skip_to_keyframe = 0; if (st->skip_to_keyframe) { av_free_packet(&cur_pkt); + if (got_packet) { + *pkt = cur_pkt; + } got_packet = 0; } } From 9a87ba0933c83a1a8f79721f644ee9bf39add248 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 29 Jun 2013 19:46:33 +0200 Subject: [PATCH 076/452] update all trac links to use the trac subdomain Signed-off-by: Michael Niedermayer --- doc/issue_tracker.txt | 2 +- libavcodec/qtrle.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/issue_tracker.txt b/doc/issue_tracker.txt index d487f66830..27b0009b58 100644 --- a/doc/issue_tracker.txt +++ b/doc/issue_tracker.txt @@ -24,7 +24,7 @@ a mail for every change to every issue. The subscription URL for the ffmpeg-trac list is: http(s)://ffmpeg.org/mailman/listinfo/ffmpeg-trac The URL of the webinterface of the tracker is: -http(s)://ffmpeg.org/trac/ffmpeg +http(s)://trac.ffmpeg.org Type: ----- diff --git a/libavcodec/qtrle.c b/libavcodec/qtrle.c index 1b92885b32..4c6706777e 100644 --- a/libavcodec/qtrle.c +++ b/libavcodec/qtrle.c @@ -67,7 +67,7 @@ static void qtrle_decode_1bpp(QtrleContext *s, int row_ptr, int lines_to_change) * line' at the beginning. Since we always interpret it as 'go to next line' * in the decoding loop (which makes code simpler/faster), the first line * would not be counted, so we count one more. - * See: https://ffmpeg.org/trac/ffmpeg/ticket/226 + * See: https://trac.ffmpeg.org/ticket/226 * In the following decoding loop, row_ptr will be the position of the * current row. */ From fffc9316daab9690ab0e124a0cfbcbb0faea836c Mon Sep 17 00:00:00 2001 From: Luca Barbato Date: Sun, 30 Jun 2013 09:57:56 +0200 Subject: [PATCH 077/452] indeo: Properly forward the error codes If the tile data size does not match the buffer size it did not return an AVERROR_INVALIDDATA causing futher corruption later. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit 7388c0c58601477db076e2e74e8b11f8a644384a) Signed-off-by: Michael Niedermayer --- libavcodec/ivi_common.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/libavcodec/ivi_common.c b/libavcodec/ivi_common.c index 21954ec5a4..180c19eb6f 100644 --- a/libavcodec/ivi_common.c +++ b/libavcodec/ivi_common.c @@ -804,8 +804,16 @@ static int decode_band(IVI45DecContext *ctx, break; result = ivi_decode_blocks(&ctx->gb, band, tile, avctx); - if (result < 0 || ((get_bits_count(&ctx->gb) - pos) >> 3) != tile->data_size) { - av_log(avctx, AV_LOG_ERROR, "Corrupted tile data encountered!\n"); + if (result < 0) { + av_log(avctx, AV_LOG_ERROR, + "Corrupted tile data encountered!\n"); + break; + } + + if (((get_bits_count(&ctx->gb) - pos) >> 3) != tile->data_size) { + av_log(avctx, AV_LOG_ERROR, + "Tile data_size mismatch!\n"); + result = AVERROR_INVALIDDATA; break; } From 221bbd002c62ede7427d465922b91f75f055a1a9 Mon Sep 17 00:00:00 2001 From: Luca Barbato Date: Tue, 9 Jul 2013 01:03:13 +0200 Subject: [PATCH 078/452] atrac3: fix error handling decode_tonal_components returns a proper AVERROR. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 5eaed6d33689cc6f6e7c07463ede6b387b08afc4) Signed-off-by: Michael Niedermayer --- libavcodec/atrac3.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/atrac3.c b/libavcodec/atrac3.c index 6216536363..8475aa1d09 100644 --- a/libavcodec/atrac3.c +++ b/libavcodec/atrac3.c @@ -661,8 +661,8 @@ static int decode_channel_sound_unit(ATRAC3Context *q, GetBitContext *gb, snd->num_components = decode_tonal_components(gb, snd->components, snd->bands_coded); - if (snd->num_components == -1) - return -1; + if (snd->num_components < 0) + return snd->num_components; num_subbands = decode_spectrum(gb, snd->spectrum); From 5e3e67f977a3706f898cc8ebe4f5f97a4dbbea1d Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 10 Jul 2013 16:18:52 +0200 Subject: [PATCH 079/452] avcodec/qdm2: store bits in an integer instead of float variable Signed-off-by: Michael Niedermayer (cherry picked from commit fbe159e85079f1f94a7201dc210b155dba7ff4a6) Signed-off-by: Michael Niedermayer --- libavcodec/qdm2.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/qdm2.c b/libavcodec/qdm2.c index 7136cf1c23..68a920e137 100644 --- a/libavcodec/qdm2.c +++ b/libavcodec/qdm2.c @@ -767,7 +767,8 @@ static int synthfilt_build_sb_samples (QDM2Context *q, GetBitContext *gb, int le int type34_first; float type34_div = 0; float type34_predictor; - float samples[10], sign_bits[16]; + float samples[10]; + int sign_bits[16]; if (length == 0) { // If no data use noise From 72c1de649ae92bc720268d406b16f6cdcf9ee36c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 10 Jul 2013 16:21:33 +0200 Subject: [PATCH 080/452] avcodec/qdm2: initialize sign_bits Fixes non deterministic output Signed-off-by: Michael Niedermayer (cherry picked from commit 8f09957194b8d7a3ea909647e22eaf1389b6f5c4) Signed-off-by: Michael Niedermayer --- libavcodec/qdm2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/qdm2.c b/libavcodec/qdm2.c index 68a920e137..4c045eb256 100644 --- a/libavcodec/qdm2.c +++ b/libavcodec/qdm2.c @@ -768,7 +768,7 @@ static int synthfilt_build_sb_samples (QDM2Context *q, GetBitContext *gb, int le float type34_div = 0; float type34_predictor; float samples[10]; - int sign_bits[16]; + int sign_bits[16] = {0}; if (length == 0) { // If no data use noise From 47de8ccf426629a93f383ebcad2b7914b51a1f44 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 10 Jul 2013 16:39:10 +0200 Subject: [PATCH 081/452] avfilter/af_earwax: Fix out of array accesses on odd packets Found-by: Paul B Mahol Signed-off-by: Michael Niedermayer (cherry picked from commit 0a3a0edd52b98aec27d1b8c63c85cb52ff46d40e) Conflicts: libavfilter/af_earwax.c Signed-off-by: Michael Niedermayer --- libavfilter/af_earwax.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/libavfilter/af_earwax.c b/libavfilter/af_earwax.c index a169d2aaf1..8216b1416d 100644 --- a/libavfilter/af_earwax.c +++ b/libavfilter/af_earwax.c @@ -117,6 +117,7 @@ static int filter_frame(AVFilterLink *inlink, AVFilterBufferRef *insamples) ff_get_audio_buffer(inlink, AV_PERM_WRITE, insamples->audio->nb_samples); int ret; + int len; if (!outsamples) return AVERROR(ENOMEM); @@ -126,16 +127,20 @@ static int filter_frame(AVFilterLink *inlink, AVFilterBufferRef *insamples) out = (int16_t *)outsamples->data[0]; in = (int16_t *)insamples ->data[0]; + len = FFMIN(NUMTAPS, 2*insamples->audio->nb_samples); // copy part of new input and process with saved input - memcpy(taps+NUMTAPS, in, NUMTAPS * sizeof(*taps)); - out = scalarproduct(taps, taps + NUMTAPS, out); + memcpy(taps+NUMTAPS, in, len * sizeof(*taps)); + out = scalarproduct(taps, taps + len, out); // process current input - endin = in + insamples->audio->nb_samples * 2 - NUMTAPS; - scalarproduct(in, endin, out); + if (2*insamples->audio->nb_samples >= NUMTAPS ){ + endin = in + insamples->audio->nb_samples * 2 - NUMTAPS; + scalarproduct(in, endin, out); - // save part of input for next round - memcpy(taps, endin, NUMTAPS * sizeof(*taps)); + // save part of input for next round + memcpy(taps, endin, NUMTAPS * sizeof(*taps)); + } else + memmove(taps, taps + 2*insamples->audio->nb_samples, NUMTAPS * sizeof(*taps)); ret = ff_filter_frame(outlink, outsamples); avfilter_unref_buffer(insamples); From 06190d75d09a2c2ac7d080c0633eef3fd2d51dca Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 15 Jul 2013 17:13:45 +0200 Subject: [PATCH 082/452] avformat/matroskadec: Detect conflicting sample rate/default_duration Fixes Ticket2508 Thanks-to: Moritz Bunkus Signed-off-by: Michael Niedermayer (cherry picked from commit 6158a3bcdf52fafc1d9ae9eb358a56c614b23aa3) --- libavformat/matroskadec.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index f8cd81f2ba..af407d7c56 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -2205,6 +2205,7 @@ static int matroska_parse_block(MatroskaDemuxContext *matroska, uint8_t *data, uint32_t *lace_size = NULL; int n, flags, laces = 0; uint64_t num; + int trust_default_duration = 1; if ((n = matroska_ebmlnum_uint(matroska, data, size, &num)) < 0) { av_log(matroska->ctx, AV_LOG_ERROR, "EBML block data error\n"); @@ -2259,7 +2260,15 @@ static int matroska_parse_block(MatroskaDemuxContext *matroska, uint8_t *data, if (res) goto end; - if (!block_duration) + if (track->audio.samplerate == 8000) { + // If this is needed for more codecs, then add them here + if (st->codec->codec_id == AV_CODEC_ID_AC3) { + if(track->audio.samplerate != st->codec->sample_rate || !st->codec->frame_size) + trust_default_duration = 0; + } + } + + if (!block_duration && trust_default_duration) block_duration = track->default_duration * laces / matroska->time_scale; if (cluster_time != (uint64_t)-1 && (block_time >= 0 || cluster_time >= -block_time)) From d83ab33715cbf25ed552306a436d39531b07c55b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 19 Jul 2013 04:19:23 +0200 Subject: [PATCH 083/452] swscale/input: fix 16bit gbrp input Fixes Ticket2793 Signed-off-by: Michael Niedermayer (cherry picked from commit a4b55bbb6f8ba055bba1493f6872792503e47563) Conflicts: libswscale/input.c --- libswscale/input.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/libswscale/input.c b/libswscale/input.c index 2def2de6c8..acf56b3404 100644 --- a/libswscale/input.c +++ b/libswscale/input.c @@ -724,12 +724,13 @@ static av_always_inline void planar_rgb16_to_y(uint8_t *_dst, const uint8_t *_sr int i; const uint16_t **src = (const uint16_t **)_src; uint16_t *dst = (uint16_t *)_dst; + int shift = bpc < 16 ? bpc : 14; for (i = 0; i < width; i++) { int g = rdpx(src[0] + i); int b = rdpx(src[1] + i); int r = rdpx(src[2] + i); - dst[i] = ((RY * r + GY * g + BY * b + (33 << (RGB2YUV_SHIFT + bpc - 9))) >> (RGB2YUV_SHIFT + bpc - 14)); + dst[i] = ((RY * r + GY * g + BY * b + (33 << (RGB2YUV_SHIFT + bpc - 9))) >> (RGB2YUV_SHIFT + shift - 14)); } } @@ -791,13 +792,14 @@ static av_always_inline void planar_rgb16_to_uv(uint8_t *_dstU, uint8_t *_dstV, const uint16_t **src = (const uint16_t **)_src; uint16_t *dstU = (uint16_t *)_dstU; uint16_t *dstV = (uint16_t *)_dstV; + int shift = bpc < 16 ? bpc : 14; for (i = 0; i < width; i++) { int g = rdpx(src[0] + i); int b = rdpx(src[1] + i); int r = rdpx(src[2] + i); - dstU[i] = (RU * r + GU * g + BU * b + (257 << (RGB2YUV_SHIFT + bpc - 9))) >> (RGB2YUV_SHIFT + bpc - 14); - dstV[i] = (RV * r + GV * g + BV * b + (257 << (RGB2YUV_SHIFT + bpc - 9))) >> (RGB2YUV_SHIFT + bpc - 14); + dstU[i] = (RU * r + GU * g + BU * b + (257 << (RGB2YUV_SHIFT + bpc - 9))) >> (RGB2YUV_SHIFT + shift - 14); + dstV[i] = (RV * r + GV * g + BV * b + (257 << (RGB2YUV_SHIFT + bpc - 9))) >> (RGB2YUV_SHIFT + shift - 14); } } #undef rdpx From 70127070dd9f7eef52ed029dd68606b0c8efd137 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20Denis-Courmont?= Date: Wed, 24 Jul 2013 19:50:43 +0300 Subject: [PATCH 084/452] mpeg12: Ignore slice threading if hwaccel is active Slice threading does not work with hardware acceleration, as decoding is per-picture. This fixes Bugzilla #542. Signed-off-by: Diego Biurrun (cherry picked from commit 93a51984a27f3ba84d4e6f13d0c704ee9891603e) Conflicts: libavcodec/mpeg12dec.c --- libavcodec/mpeg12.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/libavcodec/mpeg12.c b/libavcodec/mpeg12.c index 40219960da..7f72f13f44 100644 --- a/libavcodec/mpeg12.c +++ b/libavcodec/mpeg12.c @@ -2277,7 +2277,8 @@ static int decode_chunks(AVCodecContext *avctx, buf_ptr = avpriv_mpv_find_start_code(buf_ptr, buf_end, &start_code); if (start_code > 0x1ff) { if (s2->pict_type != AV_PICTURE_TYPE_B || avctx->skip_frame <= AVDISCARD_DEFAULT) { - if (HAVE_THREADS && (avctx->active_thread_type & FF_THREAD_SLICE)) { + if (HAVE_THREADS && (avctx->active_thread_type & FF_THREAD_SLICE) && + !avctx->hwaccel) { int i; av_assert0(avctx->thread_count > 1); @@ -2337,7 +2338,8 @@ static int decode_chunks(AVCodecContext *avctx, s2->intra_dc_precision= 3; s2->intra_matrix[0]= 1; } - if (HAVE_THREADS && (avctx->active_thread_type & FF_THREAD_SLICE) && s->slice_count) { + if (HAVE_THREADS && (avctx->active_thread_type & FF_THREAD_SLICE) && + !avctx->hwaccel && s->slice_count) { int i; avctx->execute(avctx, slice_decode_thread, @@ -2504,7 +2506,8 @@ static int decode_chunks(AVCodecContext *avctx, break; } - if (HAVE_THREADS && (avctx->active_thread_type & FF_THREAD_SLICE)) { + if (HAVE_THREADS && (avctx->active_thread_type & FF_THREAD_SLICE) && + !avctx->hwaccel) { int threshold = (s2->mb_height * s->slice_count + s2->slice_context_count / 2) / s2->slice_context_count; From 875649bfaef83172e44404930d755b76e36f9ba1 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 26 Jul 2013 04:09:30 +0200 Subject: [PATCH 085/452] avformat/dtsdec: Improve probe, reject things looking like analog signals Fixes Ticket2810 Signed-off-by: Michael Niedermayer (cherry picked from commit 6663205338f57eedb2392263dde48e2717c6e980) Conflicts: libavformat/dtsdec.c --- libavformat/dtsdec.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/libavformat/dtsdec.c b/libavformat/dtsdec.c index 5c05758327..009dd5c456 100644 --- a/libavformat/dtsdec.c +++ b/libavformat/dtsdec.c @@ -34,6 +34,7 @@ static int dts_probe(AVProbeData *p) uint32_t state = -1; int markers[3] = {0}; int sum, max; + int64_t diff = 0; buf = p->buf; @@ -54,12 +55,16 @@ static int dts_probe(AVProbeData *p) if (state == DCA_MARKER_14B_LE) if ((bytestream_get_be16(&bufp) & 0xF0FF) == 0xF007) markers[2]++; + + if (buf - p->buf >= 4) + diff += FFABS(AV_RL16(buf) - AV_RL16(buf-4)); } sum = markers[0] + markers[1] + markers[2]; max = markers[1] > markers[0]; max = markers[2] > markers[max] ? 2 : max; if (markers[max] > 3 && p->buf_size / markers[max] < 32*1024 && - markers[max] * 4 > sum * 3) + markers[max] * 4 > sum * 3 && + diff / p->buf_size > 200) return AVPROBE_SCORE_MAX/2+1; return 0; From 930d035e72ca78abf30d8627a82bbfd36fa350ac Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 28 Jul 2013 00:24:46 +0200 Subject: [PATCH 086/452] update for 1.2.2 Signed-off-by: Michael Niedermayer --- RELEASE | 2 +- VERSION | 2 +- doc/Doxyfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/RELEASE b/RELEASE index 6085e94650..23aa839063 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -1.2.1 +1.2.2 diff --git a/VERSION b/VERSION index 6085e94650..23aa839063 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.2.1 +1.2.2 diff --git a/doc/Doxyfile b/doc/Doxyfile index d3d5e42cfe..77d55d9294 100644 --- a/doc/Doxyfile +++ b/doc/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 1.2.1 +PROJECT_NUMBER = 1.2.2 # With the PROJECT_LOGO tag one can specify an logo or icon that is included # in the documentation. The maximum height of the logo should not exceed 55 From 9f2d73168f54ded7129d3a67c0dee988990abb1a Mon Sep 17 00:00:00 2001 From: Paul B Mahol Date: Mon, 29 Jul 2013 00:00:42 +0200 Subject: [PATCH 087/452] Revert "pnm: remove nonsense code" Breaks decoding pgms with 255 < maxval < 65535. Found-by: Carl Eugen Hoyos . This reverts commit a0348d0966a81a66f3a1bf061576b24d5296b933. (cherry picked from commit 768e40b451a459fefaceed6b1b3d6e70c93596ac) --- libavcodec/pnm.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/pnm.c b/libavcodec/pnm.c index 6d1eb6d0ed..243b746104 100644 --- a/libavcodec/pnm.c +++ b/libavcodec/pnm.c @@ -163,6 +163,8 @@ int ff_pnm_decode_header(AVCodecContext *avctx, PNMContext * const s) if (s->maxval >= 256) { if (avctx->pix_fmt == AV_PIX_FMT_GRAY8) { avctx->pix_fmt = AV_PIX_FMT_GRAY16BE; + if (s->maxval != 65535) + avctx->pix_fmt = AV_PIX_FMT_GRAY16; } else if (avctx->pix_fmt == AV_PIX_FMT_RGB24) { avctx->pix_fmt = AV_PIX_FMT_RGB48BE; } else if (avctx->pix_fmt == AV_PIX_FMT_YUV420P && s->maxval < 65536) { From f9c872622e843e1338fb938af6ad690494cc980f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 29 Jul 2013 20:43:45 +0200 Subject: [PATCH 088/452] avcodec/kmvc: fix MV checks Fixes Ticket2813 Fixes regression since 70b5583 Signed-off-by: Michael Niedermayer (cherry picked from commit 3cd8aaa2b2e78faf039691e1c31ff4f8d94e3bc6) --- libavcodec/kmvc.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libavcodec/kmvc.c b/libavcodec/kmvc.c index ffef77138b..48cfff08d6 100644 --- a/libavcodec/kmvc.c +++ b/libavcodec/kmvc.c @@ -107,7 +107,7 @@ static int kmvc_decode_intra_8x8(KmvcContext * ctx, int w, int h) val = bytestream2_get_byte(&ctx->g); mx = val & 0xF; my = val >> 4; - if ((l0x-mx) + 320*(l0y-my) < 0 || (l0x-mx) + 320*(l0y-my) > 316*196) { + if ((l0x-mx) + 320*(l0y-my) < 0 || (l0x-mx) + 320*(l0y-my) > 320*197 - 4) { av_log(ctx->avctx, AV_LOG_ERROR, "Invalid MV\n"); return AVERROR_INVALIDDATA; } @@ -132,7 +132,7 @@ static int kmvc_decode_intra_8x8(KmvcContext * ctx, int w, int h) val = bytestream2_get_byte(&ctx->g); mx = val & 0xF; my = val >> 4; - if ((l1x-mx) + 320*(l1y-my) < 0 || (l1x-mx) + 320*(l1y-my) > 318*198) { + if ((l1x-mx) + 320*(l1y-my) < 0 || (l1x-mx) + 320*(l1y-my) > 320*199 - 2) { av_log(ctx->avctx, AV_LOG_ERROR, "Invalid MV\n"); return AVERROR_INVALIDDATA; } @@ -207,7 +207,7 @@ static int kmvc_decode_inter_8x8(KmvcContext * ctx, int w, int h) val = bytestream2_get_byte(&ctx->g); mx = (val & 0xF) - 8; my = (val >> 4) - 8; - if ((l0x+mx) + 320*(l0y+my) < 0 || (l0x+mx) + 320*(l0y+my) > 318*198) { + if ((l0x+mx) + 320*(l0y+my) < 0 || (l0x+mx) + 320*(l0y+my) > 320*197 - 4) { av_log(ctx->avctx, AV_LOG_ERROR, "Invalid MV\n"); return AVERROR_INVALIDDATA; } @@ -232,7 +232,7 @@ static int kmvc_decode_inter_8x8(KmvcContext * ctx, int w, int h) val = bytestream2_get_byte(&ctx->g); mx = (val & 0xF) - 8; my = (val >> 4) - 8; - if ((l1x+mx) + 320*(l1y+my) < 0 || (l1x+mx) + 320*(l1y+my) > 318*198) { + if ((l1x+mx) + 320*(l1y+my) < 0 || (l1x+mx) + 320*(l1y+my) > 320*199 - 2) { av_log(ctx->avctx, AV_LOG_ERROR, "Invalid MV\n"); return AVERROR_INVALIDDATA; } From 364495a351b223212b747221e8210d1a5ebd71e6 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 20 Aug 2013 13:45:20 +0200 Subject: [PATCH 089/452] movenc: ilbc needs audio_vbr set. Without this the block_align or bitrate value is not available to the decoder Fixes Ticket2858 Signed-off-by: Michael Niedermayer (cherry picked from commit 3d64845600c6486a2706b118a81805f3bf4d3db5) --- libavformat/movenc.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/movenc.c b/libavformat/movenc.c index 8f3b1bc57a..dd7dd52c18 100644 --- a/libavformat/movenc.c +++ b/libavformat/movenc.c @@ -3648,6 +3648,9 @@ static int mov_write_header(AVFormatContext *s) }else{ track->sample_size = (av_get_bits_per_sample(st->codec->codec_id) >> 3) * st->codec->channels; } + if (st->codec->codec_id == AV_CODEC_ID_ILBC) { + track->audio_vbr = 1; + } if (track->mode != MODE_MOV && track->enc->codec_id == AV_CODEC_ID_MP3 && track->timescale < 16000) { av_log(s, AV_LOG_ERROR, "track %d: muxing mp3 at %dhz is not supported\n", From a94404457b0b22e0473c8a4e00d107af92f0e12e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 20 Aug 2013 16:49:31 +0200 Subject: [PATCH 090/452] swr: clean layouts before checking sanity Signed-off-by: Michael Niedermayer (cherry picked from commit 6dfffe92004dfd8c79d18791f28a2b1c7e387845) --- libswresample/rematrix.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libswresample/rematrix.c b/libswresample/rematrix.c index 51658cee21..cfe0a1b592 100644 --- a/libswresample/rematrix.c +++ b/libswresample/rematrix.c @@ -118,13 +118,14 @@ av_cold static int auto_matrix(SwrContext *s) const int matrix_encoding = s->matrix_encoding; in_ch_layout = clean_layout(s, s->in_ch_layout); + out_ch_layout = clean_layout(s, s->out_ch_layout); + if(!sane_layout(in_ch_layout)){ av_get_channel_layout_string(buf, sizeof(buf), -1, s->in_ch_layout); av_log(s, AV_LOG_ERROR, "Input channel layout '%s' is not supported\n", buf); return AVERROR(EINVAL); } - out_ch_layout = clean_layout(s, s->out_ch_layout); if(!sane_layout(out_ch_layout)){ av_get_channel_layout_string(buf, sizeof(buf), -1, s->out_ch_layout); av_log(s, AV_LOG_ERROR, "Output channel layout '%s' is not supported\n", buf); From c55a09a8b65f88d748daa885b4829019a081040c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 20 Aug 2013 16:56:51 +0200 Subject: [PATCH 091/452] swr/rematrix: Fix handling of AV_CH_LAYOUT_STEREO_DOWNMIX output Fixes Ticket2859 Note, testcases related to the downmix channels are welcome. (id like to make sure this is working correctly now, as obviously it didnt work before ...) Signed-off-by: Michael Niedermayer (cherry picked from commit c56d4dab039b352961cca298d753b04e2f2fd990) --- libswresample/rematrix.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/libswresample/rematrix.c b/libswresample/rematrix.c index cfe0a1b592..541f46a782 100644 --- a/libswresample/rematrix.c +++ b/libswresample/rematrix.c @@ -78,9 +78,6 @@ static int even(int64_t layout){ } static int clean_layout(SwrContext *s, int64_t layout){ - if((layout & AV_CH_LAYOUT_STEREO_DOWNMIX) == AV_CH_LAYOUT_STEREO_DOWNMIX) - return AV_CH_LAYOUT_STEREO; - if(layout && layout != AV_CH_FRONT_CENTER && !(layout&(layout-1))) { char buf[128]; av_get_channel_layout_string(buf, sizeof(buf), -1, layout); @@ -120,6 +117,11 @@ av_cold static int auto_matrix(SwrContext *s) in_ch_layout = clean_layout(s, s->in_ch_layout); out_ch_layout = clean_layout(s, s->out_ch_layout); + if( out_ch_layout == AV_CH_LAYOUT_STEREO_DOWNMIX + && (in_ch_layout & AV_CH_LAYOUT_STEREO_DOWNMIX) == 0 + ) + out_ch_layout = AV_CH_LAYOUT_STEREO; + if(!sane_layout(in_ch_layout)){ av_get_channel_layout_string(buf, sizeof(buf), -1, s->in_ch_layout); av_log(s, AV_LOG_ERROR, "Input channel layout '%s' is not supported\n", buf); From 64d362fce718d5dfe108c147971ca9558f5bed24 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 3 Aug 2013 18:54:43 +0200 Subject: [PATCH 092/452] avfilter: fix plane validity checks Fixes out of array accesses Signed-off-by: Michael Niedermayer (cherry picked from commit e43a0a232dbf6d3c161823c2e07c52e76227a1bc) Conflicts: libavfilter/vf_delogo.c libavfilter/vf_fieldmatch.c libavfilter/vf_fieldorder.c libavfilter/vf_hflip.c libavfilter/vf_kerndeint.c libavfilter/vf_lut.c libavfilter/vf_pad.c libavfilter/vf_showinfo.c libavfilter/vf_vignette.c Signed-off-by: Michael Niedermayer --- libavfilter/vf_boxblur.c | 4 ++-- libavfilter/vf_delogo.c | 2 +- libavfilter/vf_fieldorder.c | 2 +- libavfilter/vf_gradfun.c | 2 +- libavfilter/vf_hflip.c | 2 +- libavfilter/vf_kerndeint.c | 2 +- libavfilter/vf_lut.c | 2 +- libavfilter/vf_pad.c | 2 +- libavfilter/vf_showinfo.c | 4 ++-- 9 files changed, 11 insertions(+), 11 deletions(-) diff --git a/libavfilter/vf_boxblur.c b/libavfilter/vf_boxblur.c index a4ac50afd5..25c9f7d8b0 100644 --- a/libavfilter/vf_boxblur.c +++ b/libavfilter/vf_boxblur.c @@ -346,13 +346,13 @@ static int filter_frame(AVFilterLink *inlink, AVFilterBufferRef *in) } avfilter_copy_buffer_ref_props(out, in); - for (plane = 0; in->data[plane] && plane < 4; plane++) + for (plane = 0; plane < 4 && in->data[plane] && in->linesize[plane]; plane++) hblur(out->data[plane], out->linesize[plane], in ->data[plane], in ->linesize[plane], w[plane], h[plane], boxblur->radius[plane], boxblur->power[plane], boxblur->temp); - for (plane = 0; in->data[plane] && plane < 4; plane++) + for (plane = 0; plane < 4 && in->data[plane] && in->linesize[plane]; plane++) vblur(out->data[plane], out->linesize[plane], out->data[plane], out->linesize[plane], w[plane], h[plane], boxblur->radius[plane], boxblur->power[plane], diff --git a/libavfilter/vf_delogo.c b/libavfilter/vf_delogo.c index bf0ac62117..ed5423ef17 100644 --- a/libavfilter/vf_delogo.c +++ b/libavfilter/vf_delogo.c @@ -232,7 +232,7 @@ static int filter_frame(AVFilterLink *inlink, AVFilterBufferRef *in) avfilter_copy_buffer_ref_props(out, in); } - for (plane = 0; plane < 4 && in->data[plane]; plane++) { + for (plane = 0; plane < 4 && in->data[plane] && in->linesize[plane]; plane++) { int hsub = plane == 1 || plane == 2 ? hsub0 : 0; int vsub = plane == 1 || plane == 2 ? vsub0 : 0; diff --git a/libavfilter/vf_fieldorder.c b/libavfilter/vf_fieldorder.c index 06e0369962..e2dfefe141 100644 --- a/libavfilter/vf_fieldorder.c +++ b/libavfilter/vf_fieldorder.c @@ -137,7 +137,7 @@ static int filter_frame(AVFilterLink *inlink, AVFilterBufferRef *frame) "picture will move %s one line\n", s->dst_tff ? "up" : "down"); h = frame->video->h; - for (plane = 0; plane < 4 && frame->data[plane]; plane++) { + for (plane = 0; plane < 4 && frame->data[plane] && frame->linesize[plane]; plane++) { line_step = frame->linesize[plane]; line_size = s->line_size[plane]; data = frame->data[plane]; diff --git a/libavfilter/vf_gradfun.c b/libavfilter/vf_gradfun.c index 13154f09e5..e488232d71 100644 --- a/libavfilter/vf_gradfun.c +++ b/libavfilter/vf_gradfun.c @@ -216,7 +216,7 @@ static int filter_frame(AVFilterLink *inlink, AVFilterBufferRef *in) avfilter_copy_buffer_ref_props(out, in); } - for (p = 0; p < 4 && in->data[p]; p++) { + for (p = 0; p < 4 && in->data[p] && in->linesize[p]; p++) { int w = inlink->w; int h = inlink->h; int r = gf->radius; diff --git a/libavfilter/vf_hflip.c b/libavfilter/vf_hflip.c index c3b92c25df..fc88fe2b65 100644 --- a/libavfilter/vf_hflip.c +++ b/libavfilter/vf_hflip.c @@ -90,7 +90,7 @@ static int filter_frame(AVFilterLink *inlink, AVFilterBufferRef *in) if (av_pix_fmt_desc_get(inlink->format)->flags & PIX_FMT_PAL) memcpy(out->data[1], in->data[1], AVPALETTE_SIZE); - for (plane = 0; plane < 4 && in->data[plane]; plane++) { + for (plane = 0; plane < 4 && in->data[plane] && in->linesize[plane]; plane++) { step = flip->max_step[plane]; hsub = (plane == 1 || plane == 2) ? flip->hsub : 0; vsub = (plane == 1 || plane == 2) ? flip->vsub : 0; diff --git a/libavfilter/vf_kerndeint.c b/libavfilter/vf_kerndeint.c index 9b77e09e58..b694027730 100644 --- a/libavfilter/vf_kerndeint.c +++ b/libavfilter/vf_kerndeint.c @@ -162,7 +162,7 @@ static int filter_frame(AVFilterLink *inlink, AVFilterBufferRef *inpic) avfilter_copy_buffer_ref_props(outpic, inpic); outpic->video->interlaced = 0; - for (plane = 0; inpic->data[plane] && plane < 4; plane++) { + for (plane = 0; plane < 4 && inpic->data[plane] && inpic->linesize[plane]; plane++) { h = plane == 0 ? inlink->h : inlink->h >> kerndeint->vsub; bwidth = kerndeint->tmp_bwidth[plane]; diff --git a/libavfilter/vf_lut.c b/libavfilter/vf_lut.c index bdfe712cf4..350f4af2eb 100644 --- a/libavfilter/vf_lut.c +++ b/libavfilter/vf_lut.c @@ -298,7 +298,7 @@ static int filter_frame(AVFilterLink *inlink, AVFilterBufferRef *in) } } else { /* planar */ - for (plane = 0; plane < 4 && in->data[plane]; plane++) { + for (plane = 0; plane < 4 && in->data[plane] && in->linesize[plane]; plane++) { int vsub = plane == 1 || plane == 2 ? lut->vsub : 0; int hsub = plane == 1 || plane == 2 ? lut->hsub : 0; diff --git a/libavfilter/vf_pad.c b/libavfilter/vf_pad.c index 5c146f208f..a4f99c8c1f 100644 --- a/libavfilter/vf_pad.c +++ b/libavfilter/vf_pad.c @@ -254,7 +254,7 @@ static AVFilterBufferRef *get_video_buffer(AVFilterLink *inlink, int perms, int picref->video->w = w; picref->video->h = h; - for (plane = 0; plane < 4 && picref->data[plane]; plane++) + for (plane = 0; plane < 4 && picref->data[plane] && picref->linesize[plane]; plane++) picref->data[plane] += FFALIGN(pad->x >> pad->draw.hsub[plane], align) * pad->draw.pixelstep[plane] + (pad->y >> pad->draw.vsub[plane]) * picref->linesize[plane]; diff --git a/libavfilter/vf_showinfo.c b/libavfilter/vf_showinfo.c index f91721d278..402f6bfccf 100644 --- a/libavfilter/vf_showinfo.c +++ b/libavfilter/vf_showinfo.c @@ -50,7 +50,7 @@ static int filter_frame(AVFilterLink *inlink, AVFilterBufferRef *frame) uint32_t plane_checksum[4] = {0}, checksum = 0; int i, plane, vsub = desc->log2_chroma_h; - for (plane = 0; plane < 4 && frame->data[plane]; plane++) { + for (plane = 0; plane < 4 && frame->data[plane] && frame->linesize[plane]; plane++) { int64_t linesize = av_image_get_linesize(frame->format, frame->video->w, plane); uint8_t *data = frame->data[plane]; int h = plane == 1 || plane == 2 ? inlink->h >> vsub : inlink->h; @@ -80,7 +80,7 @@ static int filter_frame(AVFilterLink *inlink, AVFilterBufferRef *frame) av_get_picture_type_char(frame->video->pict_type), checksum, plane_checksum[0]); - for (plane = 1; plane < 4 && frame->data[plane]; plane++) + for (plane = 1; plane < 4 && frame->data[plane] && frame->linesize[plane]; plane++) av_log(ctx, AV_LOG_INFO, " %08X", plane_checksum[plane]); av_log(ctx, AV_LOG_INFO, "]\n"); From 42586c875418ff93689536dc5a6db80f80a747e3 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 9 Aug 2013 13:23:10 +0200 Subject: [PATCH 093/452] avformat/paf: Fix integer overflow and out of array read Found-by: Laurent Butti Signed-off-by: Michael Niedermayer (cherry picked from commit f58cd2867a8af2eed13acdd21d067b48249b14a1) Signed-off-by: Michael Niedermayer --- libavformat/paf.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavformat/paf.c b/libavformat/paf.c index 09786eb34f..09aefe6770 100644 --- a/libavformat/paf.c +++ b/libavformat/paf.c @@ -233,10 +233,11 @@ static int read_packet(AVFormatContext *s, AVPacket *pkt) p->current_frame_block++; } - size = p->video_size - p->frames_offset_table[p->current_frame]; - if (size < 1) + if (p->frames_offset_table[p->current_frame] >= p->video_size) return AVERROR_INVALIDDATA; + size = p->video_size - p->frames_offset_table[p->current_frame]; + if (av_new_packet(pkt, size) < 0) return AVERROR(ENOMEM); From 64d440a3b459bf9747cbd134afd29e4463a52c44 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 20 Aug 2013 23:18:48 +0200 Subject: [PATCH 094/452] avcodec/flashsv: check diff_start/height Fixes out of array accesses Fixes Ticket2844 Found-by: ami_stuff Signed-off-by: Michael Niedermayer (cherry picked from commit 880c73cd76109697447fbfbaa8e5ee5683309446) Signed-off-by: Michael Niedermayer --- libavcodec/flashsv.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/flashsv.c b/libavcodec/flashsv.c index 21464ed6b4..4d13a5d830 100644 --- a/libavcodec/flashsv.c +++ b/libavcodec/flashsv.c @@ -394,6 +394,10 @@ static int flashsv_decode_frame(AVCodecContext *avctx, void *data, } s->diff_start = get_bits(&gb, 8); s->diff_height = get_bits(&gb, 8); + if (s->diff_start + s->diff_height > cur_blk_height) { + av_log(avctx, AV_LOG_ERROR, "Block parameters invalid\n"); + return AVERROR_INVALIDDATA; + } av_log(avctx, AV_LOG_DEBUG, "%dx%d diff start %d height %d\n", i, j, s->diff_start, s->diff_height); From 9d8795e59814b8d2381ca51359cfe3f588f1ca0a Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 22 Aug 2013 01:07:32 +0200 Subject: [PATCH 095/452] avcodec/rpza: Perform pointer advance and checks before using the pointers Fixes out of array accesses Fixes Ticket2850 Signed-off-by: Michael Niedermayer (cherry picked from commit 3819db745da2ac7fb3faacb116788c32f4753f34) Signed-off-by: Michael Niedermayer --- libavcodec/rpza.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libavcodec/rpza.c b/libavcodec/rpza.c index a5da96720f..1e15e8fc79 100644 --- a/libavcodec/rpza.c +++ b/libavcodec/rpza.c @@ -84,7 +84,7 @@ static void rpza_decode_stream(RpzaContext *s) unsigned short *pixels = (unsigned short *)s->frame.data[0]; int row_ptr = 0; - int pixel_ptr = 0; + int pixel_ptr = -4; int block_ptr; int pixel_x, pixel_y; int total_blocks; @@ -140,6 +140,7 @@ static void rpza_decode_stream(RpzaContext *s) colorA = AV_RB16 (&s->buf[stream_ptr]); stream_ptr += 2; while (n_blocks--) { + ADVANCE_BLOCK() block_ptr = row_ptr + pixel_ptr; for (pixel_y = 0; pixel_y < 4; pixel_y++) { for (pixel_x = 0; pixel_x < 4; pixel_x++){ @@ -148,7 +149,6 @@ static void rpza_decode_stream(RpzaContext *s) } block_ptr += row_inc; } - ADVANCE_BLOCK(); } break; @@ -187,6 +187,7 @@ static void rpza_decode_stream(RpzaContext *s) if (s->size - stream_ptr < n_blocks * 4) return; while (n_blocks--) { + ADVANCE_BLOCK(); block_ptr = row_ptr + pixel_ptr; for (pixel_y = 0; pixel_y < 4; pixel_y++) { index = s->buf[stream_ptr++]; @@ -197,7 +198,6 @@ static void rpza_decode_stream(RpzaContext *s) } block_ptr += row_inc; } - ADVANCE_BLOCK(); } break; @@ -205,6 +205,7 @@ static void rpza_decode_stream(RpzaContext *s) case 0x00: if (s->size - stream_ptr < 16) return; + ADVANCE_BLOCK(); block_ptr = row_ptr + pixel_ptr; for (pixel_y = 0; pixel_y < 4; pixel_y++) { for (pixel_x = 0; pixel_x < 4; pixel_x++){ @@ -218,7 +219,6 @@ static void rpza_decode_stream(RpzaContext *s) } block_ptr += row_inc; } - ADVANCE_BLOCK(); break; /* Unknown opcode */ From 848e5cfc0f7ef0eae410562c3d7f7744a83aae9b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 24 Aug 2013 03:19:40 +0200 Subject: [PATCH 096/452] jpeg2000: check log2_cblk dimensions Fixes out of array access Fixes Ticket2895 Found-by: Piotr Bandurski Signed-off-by: Michael Niedermayer (cherry picked from commit 9a271a9368eaabf99e6c2046103acb33957e63b7) Conflicts: libavcodec/jpeg2000dec.c Signed-off-by: Michael Niedermayer --- libavcodec/j2kdec.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/libavcodec/j2kdec.c b/libavcodec/j2kdec.c index 53c4f079f8..d086de731f 100644 --- a/libavcodec/j2kdec.c +++ b/libavcodec/j2kdec.c @@ -31,6 +31,7 @@ #include "bytestream.h" #include "internal.h" #include "j2k.h" +#include "libavutil/avassert.h" #include "libavutil/common.h" #define JP2_SIG_TYPE 0x6A502020 @@ -302,6 +303,10 @@ static int get_cox(J2kDecoderContext *s, J2kCodingStyle *c) c->log2_cblk_width = bytestream2_get_byteu(&s->g) + 2; // cblk width c->log2_cblk_height = bytestream2_get_byteu(&s->g) + 2; // cblk height + if (c->log2_cblk_width > 6 || c->log2_cblk_height > 6) { + return AVERROR_PATCHWELCOME; + } + c->cblk_style = bytestream2_get_byteu(&s->g); if (c->cblk_style != 0){ // cblk style av_log(s->avctx, AV_LOG_WARNING, "extra cblk styles %X\n", c->cblk_style); @@ -719,6 +724,9 @@ static int decode_cblk(J2kDecoderContext *s, J2kCodingStyle *codsty, J2kT1Contex int bpass_csty_symbol = J2K_CBLK_BYPASS & codsty->cblk_style; int vert_causal_ctx_csty_symbol = J2K_CBLK_VSC & codsty->cblk_style; + av_assert0(width <= J2K_MAX_CBLKW); + av_assert0(height <= J2K_MAX_CBLKH); + for (y = 0; y < height+2; y++) memset(t1->flags[y], 0, (width+2)*sizeof(int)); From a0e328d28b26357cf906c4638d690bc67813d15b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 20 May 2013 04:00:30 +0200 Subject: [PATCH 097/452] matroska_read_seek: Fix used streams for subtitle index compensation Might fix Ticket1907 (I have no testcase so i cant test) Signed-off-by: Michael Niedermayer (cherry picked from commit 4758e32a6c48044f77102a49110c79b4f338f648) Signed-off-by: Michael Niedermayer --- libavformat/matroskadec.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index af407d7c56..be30f9326e 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -2457,10 +2457,11 @@ static int matroska_read_seek(AVFormatContext *s, int stream_index, if (tracks[i].type == MATROSKA_TRACK_TYPE_SUBTITLE && tracks[i].stream->discard != AVDISCARD_ALL) { index_sub = av_index_search_timestamp(tracks[i].stream, st->index_entries[index].timestamp, AVSEEK_FLAG_BACKWARD); - if (index_sub >= 0 - && st->index_entries[index_sub].pos < st->index_entries[index_min].pos - && st->index_entries[index].timestamp - st->index_entries[index_sub].timestamp < 30000000000/matroska->time_scale) - index_min = index_sub; + while(index_sub >= 0 + && index_min >= 0 + && tracks[i].stream->index_entries[index_sub].pos < st->index_entries[index_min].pos + && st->index_entries[index].timestamp - tracks[i].stream->index_entries[index_sub].timestamp < 30000000000/matroska->time_scale) + index_min--; } } From f9fa32173478144f745d22b81fbed35b840f09a1 Mon Sep 17 00:00:00 2001 From: James Almer Date: Wed, 17 Jul 2013 03:10:16 -0300 Subject: [PATCH 098/452] lavf/matroskaenc: Check for valid metadata before creating tags Tags must have at least one SimpleTag element to be spec conformant. Updated lavf-mkv and seek-lavf-mkv FATE references as the tests were affected by this. Fixes ticket #2785 Signed-off-by: James Almer Signed-off-by: Michael Niedermayer (cherry picked from commit 088ed5314694031e07e02e9d364c9d486a60e704) --- libavformat/matroskaenc.c | 18 +++++++++++++--- tests/ref/lavf/mkv | 8 +++---- tests/ref/seek/lavf-mkv | 44 +++++++++++++++++++-------------------- 3 files changed, 41 insertions(+), 29 deletions(-) diff --git a/libavformat/matroskaenc.c b/libavformat/matroskaenc.c index 4544f8e871..56519f5505 100644 --- a/libavformat/matroskaenc.c +++ b/libavformat/matroskaenc.c @@ -816,6 +816,18 @@ static int mkv_write_tag(AVFormatContext *s, AVDictionary *m, unsigned int eleme return 0; } +static int mkv_check_tag(AVDictionary *m) +{ + AVDictionaryEntry *t = NULL; + int ret = 0; + + while ((t = av_dict_get(m, "", t, AV_DICT_IGNORE_SUFFIX))) + if (av_strcasecmp(t->key, "title") && av_strcasecmp(t->key, "stereo_mode")) + ret++; + + return ret; +} + static int mkv_write_tags(AVFormatContext *s) { ebml_master tags = {0}; @@ -823,7 +835,7 @@ static int mkv_write_tags(AVFormatContext *s) ff_metadata_conv_ctx(s, ff_mkv_metadata_conv, NULL); - if (av_dict_get(s->metadata, "", NULL, AV_DICT_IGNORE_SUFFIX)) { + if (mkv_check_tag(s->metadata)) { ret = mkv_write_tag(s, s->metadata, 0, 0, &tags); if (ret < 0) return ret; } @@ -831,7 +843,7 @@ static int mkv_write_tags(AVFormatContext *s) for (i = 0; i < s->nb_streams; i++) { AVStream *st = s->streams[i]; - if (!av_dict_get(st->metadata, "", 0, AV_DICT_IGNORE_SUFFIX)) + if (!mkv_check_tag(st->metadata)) continue; ret = mkv_write_tag(s, st->metadata, MATROSKA_ID_TAGTARGETS_TRACKUID, i + 1, &tags); @@ -841,7 +853,7 @@ static int mkv_write_tags(AVFormatContext *s) for (i = 0; i < s->nb_chapters; i++) { AVChapter *ch = s->chapters[i]; - if (!av_dict_get(ch->metadata, "", NULL, AV_DICT_IGNORE_SUFFIX)) + if (!mkv_check_tag(ch->metadata)) continue; ret = mkv_write_tag(s, ch->metadata, MATROSKA_ID_TAGTARGETS_CHAPTERUID, ch->id, &tags); diff --git a/tests/ref/lavf/mkv b/tests/ref/lavf/mkv index 64979b225f..be474a4c2e 100644 --- a/tests/ref/lavf/mkv +++ b/tests/ref/lavf/mkv @@ -1,6 +1,6 @@ -b53f31e572394f225aff0bc82b5d1cc9 *./tests/data/lavf/lavf.mkv -472553 ./tests/data/lavf/lavf.mkv +1748c0b3221977509c62a158236d2492 *./tests/data/lavf/lavf.mkv +472533 ./tests/data/lavf/lavf.mkv ./tests/data/lavf/lavf.mkv CRC=0x4780846b -84dcb326fe85aeeb5768beb44372f248 *./tests/data/lavf/lavf.mkv -320297 ./tests/data/lavf/lavf.mkv +0f78dd9299210a51b18faafc971e71f2 *./tests/data/lavf/lavf.mkv +320265 ./tests/data/lavf/lavf.mkv ./tests/data/lavf/lavf.mkv CRC=0x4780846b diff --git a/tests/ref/seek/lavf-mkv b/tests/ref/seek/lavf-mkv index 681462cccc..f03bcf83d6 100644 --- a/tests/ref/seek/lavf-mkv +++ b/tests/ref/seek/lavf-mkv @@ -1,48 +1,48 @@ -ret: 0 st: 1 flags:1 dts: 0.000000 pts: 0.000000 pos: 555 size: 208 +ret: 0 st: 1 flags:1 dts: 0.000000 pts: 0.000000 pos: 523 size: 208 ret: 0 st:-1 flags:0 ts:-1.000000 -ret: 0 st: 0 flags:1 dts: 0.011000 pts: 0.011000 pos: 771 size: 27837 +ret: 0 st: 0 flags:1 dts: 0.011000 pts: 0.011000 pos: 739 size: 27837 ret: 0 st:-1 flags:1 ts: 1.894167 -ret: 0 st: 0 flags:1 dts: 0.971000 pts: 0.971000 pos: 292185 size: 27834 +ret: 0 st: 0 flags:1 dts: 0.971000 pts: 0.971000 pos: 292153 size: 27834 ret: 0 st: 0 flags:0 ts: 0.788000 -ret: 0 st: 0 flags:1 dts: 0.971000 pts: 0.971000 pos: 292185 size: 27834 +ret: 0 st: 0 flags:1 dts: 0.971000 pts: 0.971000 pos: 292153 size: 27834 ret: 0 st: 0 flags:1 ts:-0.317000 -ret: 0 st: 0 flags:1 dts: 0.011000 pts: 0.011000 pos: 771 size: 27837 +ret: 0 st: 0 flags:1 dts: 0.011000 pts: 0.011000 pos: 739 size: 27837 ret:-1 st: 1 flags:0 ts: 2.577000 ret: 0 st: 1 flags:1 ts: 1.471000 -ret: 0 st: 1 flags:1 dts: 0.993000 pts: 0.993000 pos: 320026 size: 209 +ret: 0 st: 1 flags:1 dts: 0.993000 pts: 0.993000 pos: 319994 size: 209 ret: 0 st:-1 flags:0 ts: 0.365002 -ret: 0 st: 0 flags:1 dts: 0.491000 pts: 0.491000 pos: 146738 size: 27925 +ret: 0 st: 0 flags:1 dts: 0.491000 pts: 0.491000 pos: 146706 size: 27925 ret: 0 st:-1 flags:1 ts:-0.740831 -ret: 0 st: 0 flags:1 dts: 0.011000 pts: 0.011000 pos: 771 size: 27837 +ret: 0 st: 0 flags:1 dts: 0.011000 pts: 0.011000 pos: 739 size: 27837 ret:-1 st: 0 flags:0 ts: 2.153000 ret: 0 st: 0 flags:1 ts: 1.048000 -ret: 0 st: 0 flags:1 dts: 0.971000 pts: 0.971000 pos: 292185 size: 27834 +ret: 0 st: 0 flags:1 dts: 0.971000 pts: 0.971000 pos: 292153 size: 27834 ret: 0 st: 1 flags:0 ts:-0.058000 -ret: 0 st: 1 flags:1 dts: 0.000000 pts: 0.000000 pos: 555 size: 208 +ret: 0 st: 1 flags:1 dts: 0.000000 pts: 0.000000 pos: 523 size: 208 ret: 0 st: 1 flags:1 ts: 2.836000 -ret: 0 st: 1 flags:1 dts: 0.993000 pts: 0.993000 pos: 320026 size: 209 +ret: 0 st: 1 flags:1 dts: 0.993000 pts: 0.993000 pos: 319994 size: 209 ret:-1 st:-1 flags:0 ts: 1.730004 ret: 0 st:-1 flags:1 ts: 0.624171 -ret: 0 st: 0 flags:1 dts: 0.491000 pts: 0.491000 pos: 146738 size: 27925 +ret: 0 st: 0 flags:1 dts: 0.491000 pts: 0.491000 pos: 146706 size: 27925 ret: 0 st: 0 flags:0 ts:-0.482000 -ret: 0 st: 0 flags:1 dts: 0.011000 pts: 0.011000 pos: 771 size: 27837 +ret: 0 st: 0 flags:1 dts: 0.011000 pts: 0.011000 pos: 739 size: 27837 ret: 0 st: 0 flags:1 ts: 2.413000 -ret: 0 st: 0 flags:1 dts: 0.971000 pts: 0.971000 pos: 292185 size: 27834 +ret: 0 st: 0 flags:1 dts: 0.971000 pts: 0.971000 pos: 292153 size: 27834 ret:-1 st: 1 flags:0 ts: 1.307000 ret: 0 st: 1 flags:1 ts: 0.201000 -ret: 0 st: 1 flags:1 dts: 0.000000 pts: 0.000000 pos: 555 size: 208 +ret: 0 st: 1 flags:1 dts: 0.000000 pts: 0.000000 pos: 523 size: 208 ret: 0 st:-1 flags:0 ts:-0.904994 -ret: 0 st: 0 flags:1 dts: 0.011000 pts: 0.011000 pos: 771 size: 27837 +ret: 0 st: 0 flags:1 dts: 0.011000 pts: 0.011000 pos: 739 size: 27837 ret: 0 st:-1 flags:1 ts: 1.989173 -ret: 0 st: 0 flags:1 dts: 0.971000 pts: 0.971000 pos: 292185 size: 27834 +ret: 0 st: 0 flags:1 dts: 0.971000 pts: 0.971000 pos: 292153 size: 27834 ret: 0 st: 0 flags:0 ts: 0.883000 -ret: 0 st: 0 flags:1 dts: 0.971000 pts: 0.971000 pos: 292185 size: 27834 +ret: 0 st: 0 flags:1 dts: 0.971000 pts: 0.971000 pos: 292153 size: 27834 ret: 0 st: 0 flags:1 ts:-0.222000 -ret: 0 st: 0 flags:1 dts: 0.011000 pts: 0.011000 pos: 771 size: 27837 +ret: 0 st: 0 flags:1 dts: 0.011000 pts: 0.011000 pos: 739 size: 27837 ret:-1 st: 1 flags:0 ts: 2.672000 ret: 0 st: 1 flags:1 ts: 1.566000 -ret: 0 st: 1 flags:1 dts: 0.993000 pts: 0.993000 pos: 320026 size: 209 +ret: 0 st: 1 flags:1 dts: 0.993000 pts: 0.993000 pos: 319994 size: 209 ret: 0 st:-1 flags:0 ts: 0.460008 -ret: 0 st: 0 flags:1 dts: 0.491000 pts: 0.491000 pos: 146738 size: 27925 +ret: 0 st: 0 flags:1 dts: 0.491000 pts: 0.491000 pos: 146706 size: 27925 ret: 0 st:-1 flags:1 ts:-0.645825 -ret: 0 st: 0 flags:1 dts: 0.011000 pts: 0.011000 pos: 771 size: 27837 +ret: 0 st: 0 flags:1 dts: 0.011000 pts: 0.011000 pos: 739 size: 27837 From 90ed77019285938176ace29ab3ad90261048f7df Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 17 Jul 2013 13:30:36 +0200 Subject: [PATCH 099/452] matroskaenc: simplify mkv_check_tag() Signed-off-by: Michael Niedermayer (cherry picked from commit 066111bf19518a9f4d836991b34dbfc5ab72a41a) --- libavformat/matroskaenc.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/libavformat/matroskaenc.c b/libavformat/matroskaenc.c index 56519f5505..d5e91bb6d5 100644 --- a/libavformat/matroskaenc.c +++ b/libavformat/matroskaenc.c @@ -819,13 +819,12 @@ static int mkv_write_tag(AVFormatContext *s, AVDictionary *m, unsigned int eleme static int mkv_check_tag(AVDictionary *m) { AVDictionaryEntry *t = NULL; - int ret = 0; while ((t = av_dict_get(m, "", t, AV_DICT_IGNORE_SUFFIX))) if (av_strcasecmp(t->key, "title") && av_strcasecmp(t->key, "stereo_mode")) - ret++; + return 1; - return ret; + return 0; } static int mkv_write_tags(AVFormatContext *s) From 9865f19f15ba05b87c58027b81c2edc193cb283b Mon Sep 17 00:00:00 2001 From: James Almer Date: Sat, 17 Aug 2013 14:48:33 -0300 Subject: [PATCH 100/452] matroskadec: Improve TTA duration calculation Calculate the duration as accurately as possible to improve decoding of samples where the last frame is smaller than the rest. Signed-off-by: James Almer Approved-by: Paul B Mahol Signed-off-by: Michael Niedermayer (cherry picked from commit af248fa1174200acb537a6ab1198bb2fed38e884) --- libavformat/matroskadec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index be30f9326e..2590a71481 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -1690,7 +1690,7 @@ static int matroska_read_header(AVFormatContext *s) avio_wl16(&b, track->audio.channels); avio_wl16(&b, track->audio.bitdepth); avio_wl32(&b, track->audio.out_samplerate); - avio_wl32(&b, matroska->ctx->duration * track->audio.out_samplerate); + avio_wl32(&b, av_rescale((matroska->duration * matroska->time_scale), track->audio.out_samplerate, AV_TIME_BASE * 1000)); } else if (codec_id == AV_CODEC_ID_RV10 || codec_id == AV_CODEC_ID_RV20 || codec_id == AV_CODEC_ID_RV30 || codec_id == AV_CODEC_ID_RV40) { extradata_offset = 26; From 5d3cd041fcb8ec0811c5d6e3b28b7a67e3f528f8 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 18 Aug 2013 02:20:54 +0200 Subject: [PATCH 101/452] avformat/matroskadec: check out_samplerate before using it in av_rescale() Prevent assertion failure with damaged input Signed-off-by: Michael Niedermayer (cherry picked from commit 338f8b2eaf36f078eb5cc26ac10e651dc4c48243) Signed-off-by: Michael Niedermayer --- libavformat/matroskadec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index 2590a71481..aea5fe44d8 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -1689,6 +1689,8 @@ static int matroska_read_header(AVFormatContext *s) avio_wl16(&b, 1); avio_wl16(&b, track->audio.channels); avio_wl16(&b, track->audio.bitdepth); + if (track->audio.out_samplerate < 0 || track->audio.out_samplerate > INT_MAX) + return AVERROR_INVALIDDATA; avio_wl32(&b, track->audio.out_samplerate); avio_wl32(&b, av_rescale((matroska->duration * matroska->time_scale), track->audio.out_samplerate, AV_TIME_BASE * 1000)); } else if (codec_id == AV_CODEC_ID_RV10 || codec_id == AV_CODEC_ID_RV20 || From 8e3581ab03b1cca32c7020c45d88002516ff92dd Mon Sep 17 00:00:00 2001 From: Timothy Gu Date: Sun, 31 Mar 2013 12:20:17 +0200 Subject: [PATCH 102/452] doc/filters: fix width/height typo in crop filter. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Clément BÅ“sch (cherry picked from commit 874173002e9ea7e3504197c2f55a565f78cddf61) Signed-off-by: Timothy Gu --- doc/filters.texi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/filters.texi b/doc/filters.texi index b170f850e7..528d3b0013 100644 --- a/doc/filters.texi +++ b/doc/filters.texi @@ -2030,7 +2030,7 @@ This expression is evaluated only once during the filter configuration. @item h, out_h -Set the crop area width. It defaults to @code{ih}. +Set the crop area height. It defaults to @code{ih}. This expression is evaluated only once during the filter configuration. From 8f07c09b207b651a18274827f95ee0a9a61048a4 Mon Sep 17 00:00:00 2001 From: Timothy Gu Date: Fri, 24 May 2013 12:28:48 -0700 Subject: [PATCH 103/452] doc/encoders: Add documentation for libmp3lame Signed-off-by: Michael Niedermayer (cherry picked from commit 4703a345fb41b14fe28f7e6bf7f60bb2213aa9e0) Signed-off-by: Timothy Gu --- doc/encoders.texi | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/doc/encoders.texi b/doc/encoders.texi index 07343eb42b..dc79e517a0 100644 --- a/doc/encoders.texi +++ b/doc/encoders.texi @@ -412,6 +412,35 @@ Selected by Encoder (default) @end table +@section libmp3lame + +LAME (Lame Ain't an MP3 Encoder) MP3 encoder wrapper + +Requires the presence of the libmp3lame headers and library during +configuration. You need to explicitly configure the build with +@code{--enable-libmp3lame}. + +@subsection Option Mapping + +The following options are supported by the libmp3lame wrapper, +the LAME-equivalent options follow the FFmpeg ones. + +@multitable @columnfractions .2 .2 +@item FFmpeg @tab LAME +@item b @tab b +FFmpeg @code{b} option is expressed in bits/s, lame @code{bitrate} +in kilobits/s. +@item q @tab V +Quality setting for VBR. +@item compression_level @tab q +Algorithm quality. Valid options are integers from 0-9. +@item reservoir @tab N.A. +Enable use of bit reservoir. LAME has this enabled by default. +@item joint_stereo @tab -m j +Enables the the encoder to use (on a frame by frame basis) either L/R +stereo or mid/side stereo. +@end multitable + @c man end AUDIO ENCODERS @chapter Video Encoders From c87f3c3ab4c541dd05c26cb5669cfaa998335ea5 Mon Sep 17 00:00:00 2001 From: Timothy Gu Date: Sat, 1 Jun 2013 16:26:03 -0700 Subject: [PATCH 104/452] doc/encoders: add documentation for libtwolame (cherry picked from commit ea038b996d5662702b2247a6aa919dee1cebc0be) Signed-off-by: Timothy Gu --- doc/encoders.texi | 63 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) diff --git a/doc/encoders.texi b/doc/encoders.texi index dc79e517a0..74f3c2fda8 100644 --- a/doc/encoders.texi +++ b/doc/encoders.texi @@ -441,6 +441,69 @@ Enables the the encoder to use (on a frame by frame basis) either L/R stereo or mid/side stereo. @end multitable +@section libtwolame + +TwoLAME MP2 encoder wrapper + +Requires the presence of the libtwolame headers and library during +configuration. You need to explicitly configure the build with +@code{--enable-libtwolame}. + +@subsection Options Mapping + +The following options are supported by the libtwolame wrapper. The +TwoLAME-equivalent options follow the FFmpeg ones and are in +parentheses. + +@table @option +@item b +(b) Set bitrate in bits/s. Note that FFmpeg @code{b} option is +expressed in bits/s, twolame @code{b} in kilobits/s. The default +value is 128k. + +@item q +(V) Set quality for experimental VBR support. Maximum value range is +from -50 to 50, useful range is from -10 to 10. + +@item mode +(mode) Set MPEG mode. Possible values: + +@table @samp +@item auto +Choose mode automatically based on the input. This is the default. +@item stereo +Stereo +@item joint_stereo +Joint stereo +@item dual_channel +Dual channel +@item mono +Mono +@end table + +@item psymodel +(psyc-mode) Set psychoacoustic model to use in encoding. The argument +must be an integer between -1 and 4, inclusive. The higher the value, +the better the quality. The default value is 3. + +@item energy_levels +(energy) Enable energy levels extensions when set to 1. The default +value is 0 (disabled). + +@item error_protection +(protect) Enable CRC error protection when set to 1. The default value +is 0 (disabled). + +@item copyright +(copyright) Set MPEG audio copyright flag when set to 1. The default +value is 0 (disabled). + +@item original +(original) Set MPEG audio original flag when set to 1. The default +value is 0 (disabled). + +@end table + @c man end AUDIO ENCODERS @chapter Video Encoders From 24187a96ee1f1f23e3fd46a3441f90d2923026f7 Mon Sep 17 00:00:00 2001 From: Timothy Gu Date: Fri, 7 Jun 2013 19:54:23 -0700 Subject: [PATCH 105/452] doc/encoders: Add libvo-aacenc doc Signed-off-by: Michael Niedermayer (cherry picked from commit ba7cb4807f050c401f8fd7ef1d1065b138358135) Signed-off-by: Timothy Gu --- doc/encoders.texi | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/doc/encoders.texi b/doc/encoders.texi index 74f3c2fda8..2fe2f5fde8 100644 --- a/doc/encoders.texi +++ b/doc/encoders.texi @@ -504,6 +504,27 @@ value is 0 (disabled). @end table +@section libvo-aacenc + +VisualOn AAC encoder + +Requires the presence of the libvo-aacenc headers and library during +configuration. You need to explicitly configure the build with +@code{--enable-libvo-aacenc --enable-version3}. + +@subsection Options + +The VisualOn AAC encoder only support encoding AAC-LC and up to 2 +channels. It is also CBR-only. It is considered to be worse than the +native experimental FFmpeg AAC encoder. + +@table @option + +@item b +Bitrate. + +@end table + @c man end AUDIO ENCODERS @chapter Video Encoders From dc1881ee11041f327fe99449bbe317e67eeed1e1 Mon Sep 17 00:00:00 2001 From: Timothy Gu Date: Tue, 11 Jun 2013 16:58:01 -0700 Subject: [PATCH 106/452] doc/encoders: Add libvo-amrwbenc doc Signed-off-by: Michael Niedermayer (cherry picked from commit 0ec65aa1046a4417d5c7dfcf8faeecde60e3fe00) Signed-off-by: Timothy Gu Conflicts: doc/encoders.texi --- doc/encoders.texi | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/doc/encoders.texi b/doc/encoders.texi index 2fe2f5fde8..6fed7ae7f9 100644 --- a/doc/encoders.texi +++ b/doc/encoders.texi @@ -525,6 +525,44 @@ Bitrate. @end table +@section libvo-amrwbenc + +VisualOn Adaptive Multi-Rate Wideband encoder + +Requires the presence of the libvo-amrwbenc headers and library during +configuration. You need to explicitly configure the build with +@code{--enable-libvo-amrwbenc --enable-version3}. + +This is a mono-only encoder. Officially it only supports 16000Hz sample +rate, but you can override it by setting @option{strict} to +@samp{unofficial} or lower. + +@subsection Options + +@table @option + +@item b +Set bitrate in bits/s. Only the following bitrates are supported, otherwise +libavcodec will round to the nearest valid bitrate. + +@table @samp +@item 6600 +@item 8850 +@item 12650 +@item 14250 +@item 15850 +@item 18250 +@item 19850 +@item 23050 +@item 23850 +@end table + +@item dtx +Allow discontinuous transmission (generate comfort noise) when set to 1. The +default value is 0 (disabled). + +@end table + @c man end AUDIO ENCODERS @chapter Video Encoders From f637fa5d334a3207f6c3b29656cd3045f6ecfb09 Mon Sep 17 00:00:00 2001 From: Timothy Gu Date: Tue, 11 Jun 2013 16:52:12 -0700 Subject: [PATCH 107/452] doc/general: Make the license status of the Android libraries clearer Signed-off-by: Michael Niedermayer (cherry picked from commit 6fe419bf73146655961a373c734e9e4d8826c835) Signed-off-by: Timothy Gu --- doc/general.texi | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/doc/general.texi b/doc/general.texi index 39b9360c9e..086a280e3a 100644 --- a/doc/general.texi +++ b/doc/general.texi @@ -24,7 +24,7 @@ instructions. To enable using OpenJPEG in FFmpeg, pass @code{--enable-libopenjp @file{./configure}. -@section OpenCORE and VisualOn libraries +@section OpenCORE, VisualOn, and Fraunhofer libraries Spun off Google Android sources, OpenCore, VisualOn and Fraunhofer libraries provide encoders for a number of audio codecs. @@ -32,9 +32,14 @@ libraries provide encoders for a number of audio codecs. @float NOTE OpenCORE and VisualOn libraries are under the Apache License 2.0 (see @url{http://www.apache.org/licenses/LICENSE-2.0} for details), which is -incompatible with the LGPL version 2.1 and GPL version 2. You have to +incompatible to the LGPL version 2.1 and GPL version 2. You have to upgrade FFmpeg's license to LGPL version 3 (or if you have enabled -GPL components, GPL version 3) to use it. +GPL components, GPL version 3) by passing @code{--enable-version3} to configure in +order to use it. + +The Fraunhofer AAC library is licensed under a license incompatible to the GPL +and is not known to be compatible to the LGPL. Therefore, you have to pass +@code{--enable-nonfree} to configure to use it. @end float @subsection OpenCORE AMR From c7887135890642f5d1049b1e269e7e49814bc529 Mon Sep 17 00:00:00 2001 From: Timothy Gu Date: Mon, 17 Jun 2013 17:42:08 -0700 Subject: [PATCH 108/452] doc/decoders: Document libcelt Signed-off-by: Michael Niedermayer (cherry picked from commit e3580449221c79cf611995dc7e2fcb61dd867d4c) Signed-off-by: Timothy Gu --- doc/decoders.texi | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/doc/decoders.texi b/doc/decoders.texi index 2d812a27ff..7d639b98b3 100644 --- a/doc/decoders.texi +++ b/doc/decoders.texi @@ -60,6 +60,14 @@ This decoder generates wave patterns according to predefined sequences. Its use is purely internal and the format of the data it accepts is not publicly documented. +@section libcelt + +libcelt decoder wrapper + +libcelt allows libavcodec to decode the Xiph CELT ultra-low delay audio codec. +Requires the presence of the libcelt headers and library during configuration. +You need to explicitly configure the build with @code{--enable-libcelt}. + @c man end AUDIO DECODERS @chapter Subtitles Decoders From 09653c5444aca22b4e92dbd7c67afbb9bb59caed Mon Sep 17 00:00:00 2001 From: Timothy Gu Date: Mon, 17 Jun 2013 17:38:38 -0700 Subject: [PATCH 109/452] doc/encoders: Add libopencore-amrnb doc Signed-off-by: Michael Niedermayer (cherry picked from commit 9ead06057acfcc43bcb99a63a7c58543007b2847) Signed-off-by: Timothy Gu --- doc/encoders.texi | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/doc/encoders.texi b/doc/encoders.texi index 6fed7ae7f9..b69c06782e 100644 --- a/doc/encoders.texi +++ b/doc/encoders.texi @@ -563,6 +563,43 @@ default value is 0 (disabled). @end table +@section libopencore-amrnb + +OpenCORE Adaptive Multi-Rate Narrowband encoder. + +Requires the presence of the libopencore-amrnb headers and library during +configuration. You need to explicitly configure the build with +@code{--enable-libopencore-amrnb --enable-version3}. + +This is a mono-only encoder. Officially it only supports 8000Hz sample rate, +but you can override it by setting @option{strict} to @samp{unofficial} or +lower. + +@subsection Options + +@table @option + +@item b +Set bitrate in bits per second. Only the following bitrates are supported, +otherwise libavcodec will round to the nearest valid bitrate. + +@table @option +@item 4750 +@item 5150 +@item 5900 +@item 6700 +@item 7400 +@item 7950 +@item 10200 +@item 12200 +@end table + +@item dtx +Allow discontinuous transmission (generate comfort noise) when set to 1. The +default value is 0 (disabled). + +@end table + @c man end AUDIO ENCODERS @chapter Video Encoders From 79ec45a455463f4e32263298d3a3ba9b585a373b Mon Sep 17 00:00:00 2001 From: Timothy Gu Date: Tue, 18 Jun 2013 16:01:43 -0700 Subject: [PATCH 110/452] doc/decoders: Document libgsm decoder Signed-off-by: Michael Niedermayer (cherry picked from commit c16496c3770fa083472ab86146c18dc96c1feea7) Signed-off-by: Timothy Gu --- doc/decoders.texi | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/doc/decoders.texi b/doc/decoders.texi index 7d639b98b3..4885607801 100644 --- a/doc/decoders.texi +++ b/doc/decoders.texi @@ -68,6 +68,16 @@ libcelt allows libavcodec to decode the Xiph CELT ultra-low delay audio codec. Requires the presence of the libcelt headers and library during configuration. You need to explicitly configure the build with @code{--enable-libcelt}. +@section libgsm + +libgsm decoder wrapper + +libgsm allows libavcodec to decode the GSM full rate audio codec. Requires +the presence of the libgsm headers and library during configuration. You need +to explicitly configure the build with @code{--enable-libgsm}. + +This decoder supports both the ordinary GSM and the Microsoft variant. + @c man end AUDIO DECODERS @chapter Subtitles Decoders From 025e28675716102bfbcb86549b39c18f3bf58f04 Mon Sep 17 00:00:00 2001 From: Timothy Gu Date: Thu, 20 Jun 2013 16:33:49 -0700 Subject: [PATCH 111/452] doc/decoders: Document libilbc decoder Signed-off-by: Michael Niedermayer (cherry picked from commit 8cdea50f6eee1271e24ff0c9590522f8323e87fe) Signed-off-by: Timothy Gu --- doc/decoders.texi | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/doc/decoders.texi b/doc/decoders.texi index 4885607801..f3e57a0ef0 100644 --- a/doc/decoders.texi +++ b/doc/decoders.texi @@ -78,6 +78,27 @@ to explicitly configure the build with @code{--enable-libgsm}. This decoder supports both the ordinary GSM and the Microsoft variant. +@section libilbc + +libilbc decoder wrapper + +libilbc allows libavcodec to decode the Internet Low Bitrate Codec (iLBC) +audio codec. Requires the presence of the libilbc headers and library during +configuration. You need to explicitly configure the build with +@code{--enable-libilbc}. + +@subsection Options + +The following option is supported by the libilbc wrapper. + +@table @option +@item enhance + +Enable the enhancement of the decoded audio when set to 1. The default +value is 0 (disabled). + +@end table + @c man end AUDIO DECODERS @chapter Subtitles Decoders From f85c44264bff580a7b6b509aefe5637dc00369cc Mon Sep 17 00:00:00 2001 From: Timothy Gu Date: Thu, 20 Jun 2013 20:08:35 -0700 Subject: [PATCH 112/452] doc/decoders: Document libopencore-amrnb decoder Signed-off-by: Michael Niedermayer (cherry picked from commit b43860ee0c27279f2fa020ea965c03d359f8f45c) Signed-off-by: Timothy Gu --- doc/decoders.texi | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/doc/decoders.texi b/doc/decoders.texi index f3e57a0ef0..08f8df8074 100644 --- a/doc/decoders.texi +++ b/doc/decoders.texi @@ -99,6 +99,18 @@ value is 0 (disabled). @end table +@section libopencore-amrnb + +libopencore-amrnb decoder wrapper + +libopencore-amrnb allows libavcodec to decode the Adaptive Multi-Rate +Narrowband audio codec. Using it requires the presence of the +libopencore-amrnb headers and library during configuration. You need to +explicitly configure the build with @code{--enable-libopencore-amrnb}. + +An FFmpeg native decoder for AMR-NB exists, so users can decode AMR-NB +without this library. + @c man end AUDIO DECODERS @chapter Subtitles Decoders From 7858d261aadb23f661ce0f9a8067e6faf491d689 Mon Sep 17 00:00:00 2001 From: Timothy Gu Date: Fri, 21 Jun 2013 18:17:21 +0200 Subject: [PATCH 113/452] doc/decoders: Add libopencore-amrwb decoder doc Signed-off-by: Stefano Sabatini (cherry picked from commit 83647ace735d1707d4b28345ef77fefe525ea52e) Signed-off-by: Timothy Gu --- doc/decoders.texi | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/doc/decoders.texi b/doc/decoders.texi index 08f8df8074..345540b9f8 100644 --- a/doc/decoders.texi +++ b/doc/decoders.texi @@ -111,6 +111,18 @@ explicitly configure the build with @code{--enable-libopencore-amrnb}. An FFmpeg native decoder for AMR-NB exists, so users can decode AMR-NB without this library. +@section libopencore-amrwb + +libopencore-amrwb decoder wrapper. + +libopencore-amrwb allows libavcodec to decode the Adaptive Multi-Rate +Wideband audio codec. Using it requires the presence of the +libopencore-amrwb headers and library during configuration. You need to +explicitly configure the build with @code{--enable-libopencore-amrwb}. + +An FFmpeg native decoder for AMR-WB exists, so users can decode AMR-WB +without this library. + @c man end AUDIO DECODERS @chapter Subtitles Decoders From aaac34f5e6fd9f8c740d35f6301680682810ced9 Mon Sep 17 00:00:00 2001 From: Timothy Gu Date: Thu, 27 Jun 2013 18:50:54 -0700 Subject: [PATCH 114/452] doc/encoders: alphabetically list the encoders Signed-off-by: Stefano Sabatini (cherry picked from commit 934df3b0375743ae2b03168a4174edb9f88a6889) Signed-off-by: Timothy Gu --- doc/encoders.texi | 74 +++++++++++++++++++++++------------------------ 1 file changed, 37 insertions(+), 37 deletions(-) diff --git a/doc/encoders.texi b/doc/encoders.texi index b69c06782e..a2b1648f6b 100644 --- a/doc/encoders.texi +++ b/doc/encoders.texi @@ -441,6 +441,43 @@ Enables the the encoder to use (on a frame by frame basis) either L/R stereo or mid/side stereo. @end multitable +@section libopencore-amrnb + +OpenCORE Adaptive Multi-Rate Narrowband encoder. + +Requires the presence of the libopencore-amrnb headers and library during +configuration. You need to explicitly configure the build with +@code{--enable-libopencore-amrnb --enable-version3}. + +This is a mono-only encoder. Officially it only supports 8000Hz sample rate, +but you can override it by setting @option{strict} to @samp{unofficial} or +lower. + +@subsection Options + +@table @option + +@item b +Set bitrate in bits per second. Only the following bitrates are supported, +otherwise libavcodec will round to the nearest valid bitrate. + +@table @option +@item 4750 +@item 5150 +@item 5900 +@item 6700 +@item 7400 +@item 7950 +@item 10200 +@item 12200 +@end table + +@item dtx +Allow discontinuous transmission (generate comfort noise) when set to 1. The +default value is 0 (disabled). + +@end table + @section libtwolame TwoLAME MP2 encoder wrapper @@ -563,43 +600,6 @@ default value is 0 (disabled). @end table -@section libopencore-amrnb - -OpenCORE Adaptive Multi-Rate Narrowband encoder. - -Requires the presence of the libopencore-amrnb headers and library during -configuration. You need to explicitly configure the build with -@code{--enable-libopencore-amrnb --enable-version3}. - -This is a mono-only encoder. Officially it only supports 8000Hz sample rate, -but you can override it by setting @option{strict} to @samp{unofficial} or -lower. - -@subsection Options - -@table @option - -@item b -Set bitrate in bits per second. Only the following bitrates are supported, -otherwise libavcodec will round to the nearest valid bitrate. - -@table @option -@item 4750 -@item 5150 -@item 5900 -@item 6700 -@item 7400 -@item 7950 -@item 10200 -@item 12200 -@end table - -@item dtx -Allow discontinuous transmission (generate comfort noise) when set to 1. The -default value is 0 (disabled). - -@end table - @c man end AUDIO ENCODERS @chapter Video Encoders From 02f1ae5406aa1827fcd788ca86793b5c7c2becb2 Mon Sep 17 00:00:00 2001 From: Timothy Gu Date: Thu, 27 Jun 2013 19:07:32 -0700 Subject: [PATCH 115/452] doc/decoders: document libopus decoder Signed-off-by: Stefano Sabatini (cherry picked from commit 7eb5288f17aad81d5bd1b4d3d46533e457df262c) Signed-off-by: Timothy Gu --- doc/decoders.texi | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/doc/decoders.texi b/doc/decoders.texi index 345540b9f8..cdcbe6515b 100644 --- a/doc/decoders.texi +++ b/doc/decoders.texi @@ -123,6 +123,15 @@ explicitly configure the build with @code{--enable-libopencore-amrwb}. An FFmpeg native decoder for AMR-WB exists, so users can decode AMR-WB without this library. +@section libopus + +libopus decoder wrapper. + +libopus allows libavcodec to decode the Opus Interactive Audio Codec. +Requires the presence of the libopus headers and library during +configuration. You need to explicitly configure the build with +@code{--enable-libopus}. + @c man end AUDIO DECODERS @chapter Subtitles Decoders From 1d6b261a24be7ff0f6a5aa10faecf32f32749b91 Mon Sep 17 00:00:00 2001 From: Timothy Gu Date: Tue, 2 Jul 2013 19:32:27 -0700 Subject: [PATCH 116/452] doc/muxers: Add AIFF doc Signed-off-by: Stefano Sabatini (cherry picked from commit 4ec46b1160eb549a551823c168905b43922add31) Signed-off-by: Timothy Gu --- doc/muxers.texi | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/doc/muxers.texi b/doc/muxers.texi index 9d119c39a1..84dbdbab4d 100644 --- a/doc/muxers.texi +++ b/doc/muxers.texi @@ -18,6 +18,23 @@ enabled muxers. A description of some of the currently available muxers follows. +@anchor{aiff} +@section aiff + +Audio Interchange File Format muxer. + +It accepts the following options: + +@table @option +@item write_id3v2 +Enable ID3v2 tags writing when set to 1. Default is 0 (disabled). + +@item id3v2_version +Select ID3v2 version to write. Currently only version 3 and 4 (aka. +ID3v2.3 and ID3v2.4) are supported. The default is version 4. + +@end table + @anchor{crc} @section crc From 6fb2c03e1ad61ceea70664c96cbb57dc5660ade0 Mon Sep 17 00:00:00 2001 From: Timothy Gu Date: Fri, 5 Jul 2013 20:37:18 -0700 Subject: [PATCH 117/452] doc/encoders: add libopus encoder doc Signed-off-by: Stefano Sabatini (cherry picked from commit 561e05136f1cbe28a79af1940aa137f70281eef4) Signed-off-by: Timothy Gu --- doc/encoders.texi | 73 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) diff --git a/doc/encoders.texi b/doc/encoders.texi index a2b1648f6b..16d5333fe6 100644 --- a/doc/encoders.texi +++ b/doc/encoders.texi @@ -600,6 +600,79 @@ default value is 0 (disabled). @end table +@section libopus + +libopus Opus Interactive Audio Codec encoder wrapper. + +Requires the presence of the libopus headers and library during +configuration. You need to explicitly configure the build with +@code{--enable-libopus}. + +@subsection Option Mapping + +Most libopus options are modeled after the @command{opusenc} utility from +opus-tools. The following is an option mapping chart describing options +supported by the libopus wrapper, and their @command{opusenc}-equivalent +in parentheses. + +@table @option + +@item b (@emph{bitrate}) +Set the bit rate in bits/s. FFmpeg's @option{b} option is +expressed in bits/s, while @command{opusenc}'s @option{bitrate} in +kilobits/s. + +@item vbr (@emph{vbr}, @emph{hard-cbr}, and @emph{cvbr}) +Set VBR mode. The FFmpeg @option{vbr} option has the following +valid arguments, with the their @command{opusenc} equivalent options +in parentheses: + +@table @samp +@item off (@emph{hard-cbr}) +Use constant bit rate encoding. + +@item on (@emph{vbr}) +Use variable bit rate encoding (the default). + +@item constrained (@emph{cvbr}) +Use constrained variable bit rate encoding. +@end table + +@item compression_level (@emph{comp}) +Set encoding algorithm complexity. Valid options are integers in +the 0-10 range. 0 gives the fastest encodes but lower quality, while 10 +gives the highest quality but slowest encoding. The default is 10. + +@item frame_duration (@emph{framesize}) +Set maximum frame size, or duration of a frame in milliseconds. The +argument must be exactly the following: 2.5, 5, 10, 20, 40, 60. Smaller +frame sizes achieve lower latency but less quality at a given bitrate. +Sizes greater than 20ms are only interesting at fairly low bitrates. +The default of FFmpeg is 10ms, but is 20ms in @command{opusenc}. + +@item packet_loss (@emph{expect-loss}) +Set expected packet loss percentage. The default is 0. + +@item application (N.A.) +Set intended application type. Valid options are listed below: + +@table @samp +@item voip +Favor improved speech intelligibility. +@item audio +Favor faithfulness to the input (the default). +@item lowdelay +Restrict to only the lowest delay modes. +@end table + +@item cutoff (N.A.) +Set cutoff bandwidth in Hz. The argument must be exactly one of the +following: 4000, 6000, 8000, 12000, or 20000, corresponding to +narrowband, mediumband, wideband, super wideband, and fullband +respectively. The default is 0 (cutoff disabled). + +@end table + @c man end AUDIO ENCODERS @chapter Video Encoders From eae4dfd4e8fd90615605c2ff9442531c9114f789 Mon Sep 17 00:00:00 2001 From: Timothy Gu Date: Mon, 22 Jul 2013 16:44:11 -0700 Subject: [PATCH 118/452] doc/encoders: partially rewrite and reformat libx264 docs Format is based on the thread: "[PATCH] doc/encoders: Add libopus encoder doc" (06-28-2013) http://thread.gmane.org/gmane.comp.video.ffmpeg.devel/165368/ Also merge the two option sections (Mapping and Private options). Patch partially edited by Stefano Sabatini. Signed-off-by: Stefano Sabatini (cherry picked from commit 11cb697501edf6447a718d6194f0e63ec2310d39) Signed-off-by: Timothy Gu --- doc/encoders.texi | 449 ++++++++++++++++++++++++++++++---------------- 1 file changed, 297 insertions(+), 152 deletions(-) diff --git a/doc/encoders.texi b/doc/encoders.texi index 16d5333fe6..0e47e3ed9f 100644 --- a/doc/encoders.texi +++ b/doc/encoders.texi @@ -844,178 +844,318 @@ For more information about libvpx see: x264 H.264/MPEG-4 AVC encoder wrapper -Requires the presence of the libx264 headers and library during -configuration. You need to explicitly configure the build with +This encoder requires the presence of the libx264 headers and library +during configuration. You need to explicitly configure the build with @code{--enable-libx264}. -x264 supports an impressive number of features, including 8x8 and 4x4 adaptive -spatial transform, adaptive B-frame placement, CAVLC/CABAC entropy coding, -interlacing (MBAFF), lossless mode, psy optimizations for detail retention -(adaptive quantization, psy-RD, psy-trellis). +libx264 supports an impressive number of features, including 8x8 and +4x4 adaptive spatial transform, adaptive B-frame placement, CAVLC/CABAC +entropy coding, interlacing (MBAFF), lossless mode, psy optimizations +for detail retention (adaptive quantization, psy-RD, psy-trellis). -The FFmpeg wrapper provides a mapping for most of them using global options -that match those of the encoders and provides private options for the unique -encoder options. Additionally an expert override is provided to directly pass -a list of key=value tuples as accepted by x264_param_parse. +Many libx264 encoder options are mapped to FFmpeg global codec +options, while unique encoder options are provided through private +options. Additionally the @option{x264opts} and @option{x264-params} +private options allows to pass a list of key=value tuples as accepted +by the libx264 @code{x264_param_parse} function. -@subsection Option Mapping +The x264 project website is at +@url{http://www.videolan.org/developers/x264.html}. -The following options are supported by the x264 wrapper, the x264-equivalent -options follow the FFmpeg ones. +@subsection Options -@multitable @columnfractions .2 .2 -@item b @tab bitrate -FFmpeg @code{b} option is expressed in bits/s, x264 @code{bitrate} in kilobits/s. -@item bf @tab bframes -Maximum number of B-frames. -@item g @tab keyint -Maximum GOP size. -@item qmin @tab qpmin -@item qmax @tab qpmax -@item qdiff @tab qpstep -@item qblur @tab qblur -@item qcomp @tab qcomp -@item refs @tab ref -@item sc_threshold @tab scenecut -@item trellis @tab trellis -@item nr @tab nr -Noise reduction. -@item me_range @tab merange -@item me_method @tab me -@item subq @tab subme -@item b_strategy @tab b-adapt -@item keyint_min @tab keyint-min -@item coder @tab cabac -Set coder to @code{ac} to use CABAC. -@item cmp @tab chroma-me -Set to @code{chroma} to use chroma motion estimation. -@item threads @tab threads -@item thread_type @tab sliced_threads -Set to @code{slice} to use sliced threading instead of frame threading. -@item flags -cgop @tab open-gop -Set @code{-cgop} to use recovery points to close GOPs. -@item rc_init_occupancy @tab vbv-init -Initial buffer occupancy. -@end multitable +The following options are supported by the libx264 wrapper. The +@command{x264}-equivalent options or values are listed in parentheses +for easy migration. + +To reduce the duplication of documentation, only the private options +and some others requiring special attention are documented here. For +the documentation of the undocumented generic options, see +@ref{codec-options}. + +To get a more accurate and extensive documentation of the libx264 +options, invoke the command @command{x264 --full-help} or consult +the libx264 documentation. -@subsection Private Options @table @option -@item -preset @var{string} -Set the encoding preset (cf. x264 --fullhelp). -@item -tune @var{string} -Tune the encoding params (cf. x264 --fullhelp). -@item -profile @var{string} -Set profile restrictions (cf. x264 --fullhelp). -@item -fastfirstpass @var{integer} -Use fast settings when encoding first pass. -@item -crf @var{float} -Select the quality for constant quality mode. -@item -crf_max @var{float} -In CRF mode, prevents VBV from lowering quality beyond this point. -@item -qp @var{integer} -Constant quantization parameter rate control method. -@item -aq-mode @var{integer} -AQ method +@item b (@emph{bitrate}) +Set bitrate in bits/s. Note that FFmpeg's @option{b} option is +expressed in bits/s, while @command{x264}'s @option{bitrate} is in +kilobits/s. + +@item bf (@emph{bframes}) + +@item g (@emph{keyint}) + +@item qmax (@emph{qpmax}) + +@item qmin (@emph{qpmin}) + +@item qdiff (@emph{qpstep}) + +@item qblur (@emph{qblur}) + +@item qcomp (@emph{qcomp}) + +@item refs (@emph{ref}) + +@item sc_threshold (@emph{scenecut}) + +@item trellis (@emph{trellis}) + +@item nr (@emph{nr}) + +@item me_range (@emph{merange}) + +@item me_method (@emph{me}) +Set motion estimation method. Possible values in the decreasing order +of speed: -Possible values: @table @samp -@item none +@item dia (@emph{dia}) +@item epzs (@emph{dia}) +Diamond search with radius 1 (fastest). @samp{epzs} is an alias for +@samp{dia}. +@item hex (@emph{hex}) +Hexagonal search with radius 2. +@item umh (@emph{umh}) +Uneven multi-hexagon search. +@item esa (@emph{esa}) +Exhaustive search. +@item tesa (@emph{tesa}) +Hadamard exhaustive search (slowest). +@end table -@item variance +@item subq (@emph{subme}) + +@item b_strategy (@emph{b-adapt}) + +@item keyint_min (@emph{min-keyint}) + +@item coder +Set entropy encoder. Possible values: + +@table @samp +@item ac +Enable CABAC. + +@item vlc +Enable CAVLC and disable CABAC. It generates the same effect as +@command{x264}'s @option{--no-cabac} option. +@end table + +@item cmp +Set full pixel motion estimation comparation algorithm. Possible values: + +@table @samp +@item chroma +Enable chroma in motion estimation. + +@item sad +Ignore chroma in motion estimation. It generates the same effect as +@command{x264}'s @option{--no-chroma-me} option. +@end table + +@item threads (@emph{threads}) + +@item thread_type +Set multithreading technique. Possible values: + +@table @samp +@item slice +Slice-based multithreading. It generates the same effect as +@command{x264}'s @option{--sliced-threads} option. +@item frame +Frame-based multithreading. +@end table + +@item flags +Set encoding flags. It can be used to disable closed GOP and enable +open GOP by setting it to @code{-cgop}. The result is similar to +the behavior of @command{x264}'s @option{--open-gop} option. + +@item rc_init_occupancy (@emph{vbv-init}) + +@item preset (@emph{preset}) +Set the encoding preset. + +@item tune (@emph{tune}) +Set tuning of the encoding params. + +@item profile (@emph{profile}) +Set profile restrictions. + +@item fastfirstpass +Enable fast settings when encoding first pass, when set to 1. When set +to 0, it has the same effect of @command{x264}'s +@option{--slow-firstpass} option. + +@item crf (@emph{crf}) +Set the quality for constant quality mode. + +@item crf_max (@emph{crf-max}) +In CRF mode, prevents VBV from lowering quality beyond this point. + +@item qp (@emph{qp}) +Set constant quantization rate control method parameter. + +@item aq-mode (@emph{aq-mode}) +Set AQ method. Possible values: + +@table @samp +@item none (@emph{0}) +Disabled. + +@item variance (@emph{1}) Variance AQ (complexity mask). -@item autovariance + +@item autovariance (@emph{2}) Auto-variance AQ (experimental). @end table -@item -aq-strength @var{float} -AQ strength, reduces blocking and blurring in flat and textured areas. -@item -psy @var{integer} -Use psychovisual optimizations. -@item -psy-rd @var{string} -Strength of psychovisual optimization, in : format. -@item -rc-lookahead @var{integer} -Number of frames to look ahead for frametype and ratecontrol. -@item -weightb @var{integer} -Weighted prediction for B-frames. -@item -weightp @var{integer} -Weighted prediction analysis method. -Possible values: +@item aq-strength (@emph{aq-strength}) +Set AQ strength, reduce blocking and blurring in flat and textured areas. + +@item psy +Use psychovisual optimizations when set to 1. When set to 0, it has the +same effect as @command{x264}'s @option{--no-psy} option. + +@item psy-rd (@emph{psy-rd}) +Set strength of psychovisual optimization, in +@var{psy-rd}:@var{psy-trellis} format. + +@item rc-lookahead (@emph{rc-lookahead}) +Set number of frames to look ahead for frametype and ratecontrol. + +@item weightb +Enable weighted prediction for B-frames when set to 1. When set to 0, +it has the same effect as @command{x264}'s @option{--no-weightb} option. + +@item weightp (@emph{weightp}) +Set weighted prediction method for P-frames. Possible values: + @table @samp -@item none - -@item simple - -@item smart - +@item none (@emph{0}) +Disabled +@item simple (@emph{1}) +Enable only weighted refs +@item smart (@emph{2}) +Enable both weighted refs and duplicates @end table -@item -ssim @var{integer} -Calculate and print SSIM stats. -@item -intra-refresh @var{integer} -Use Periodic Intra Refresh instead of IDR frames. -@item -b-bias @var{integer} -Influences how often B-frames are used. -@item -b-pyramid @var{integer} -Keep some B-frames as references. -Possible values: +@item ssim (@emph{ssim}) +Enable calculation and printing SSIM stats after the encoding. + +@item intra-refresh (@emph{intra-refresh}) +Enable the use of Periodic Intra Refresh instead of IDR frames when set +to 1. + +@item b-bias (@emph{b-bias}) +Set the influence on how often B-frames are used. + +@item b-pyramid (@emph{b-pyramid}) +Set method for keeping of some B-frames as references. Possible values: + @table @samp -@item none - -@item strict +@item none (@emph{none}) +Disabled. +@item strict (@emph{strict}) Strictly hierarchical pyramid. -@item normal +@item normal (@emph{normal}) Non-strict (not Blu-ray compatible). @end table -@item -mixed-refs @var{integer} -One reference per partition, as opposed to one reference per macroblock. -@item -8x8dct @var{integer} -High profile 8x8 transform. -@item -fast-pskip @var{integer} -@item -aud @var{integer} -Use access unit delimiters. -@item -mbtree @var{integer} -Use macroblock tree ratecontrol. -@item -deblock @var{string} -Loop filter parameters, in form. -@item -cplxblur @var{float} -Reduce fluctuations in QP (before curve compression). -@item -partitions @var{string} -A comma-separated list of partitions to consider, possible values: p8x8, p4x4, b8x8, i8x8, i4x4, none, all. -@item -direct-pred @var{integer} -Direct MV prediction mode -Possible values: +@item mixed-refs +Enable the use of one reference per partition, as opposed to one +reference per macroblock when set to 1. When set to 0, it has the +same effect as @command{x264}'s @option{--no-mixed-refs} option. + +@item 8x8dct +Enable adaptive spatial transform (high profile 8x8 transform) +when set to 1. When set to 0, it has the same effect as +@command{x264}'s @option{--no-8x8dct} option. + +@item fast-pskip +Enable early SKIP detection on P-frames when set to 1. When set +to 0, it has the same effect as @command{x264}'s +@option{--no-fast-pskip} option. + +@item aud (@emph{aud}) +Enable use of access unit delimiters when set to 1. + +@item mbtree +Enable use macroblock tree ratecontrol when set to 1. When set +to 0, it has the same effect as @command{x264}'s +@option{--no-mbtree} option. + +@item deblock (@emph{deblock}) +Set loop filter parameters, in @var{alpha}:@var{beta} form. + +@item cplxblur (@emph{cplxblur}) +Set fluctuations reduction in QP (before curve compression). + +@item partitions (@emph{partitions}) +Set partitions to consider as a comma-separated list of. Possible +values in the list: + @table @samp -@item none - -@item spatial - -@item temporal - -@item auto - -@end table -@item -slice-max-size @var{integer} -Limit the size of each slice in bytes. -@item -stats @var{string} -Filename for 2 pass stats. -@item -nal-hrd @var{integer} -Signal HRD information (requires vbv-bufsize; cbr not allowed in .mp4). - -Possible values: -@table @samp -@item none - -@item vbr - -@item cbr - +@item p8x8 +8x8 P-frame partition. +@item p4x4 +4x4 P-frame partition. +@item b8x8 +4x4 B-frame partition. +@item i8x8 +8x8 I-frame partition. +@item i4x4 +4x4 I-frame partition. +(Enabling @samp{p4x4} requires @samp{p8x8} to be enabled. Enabling +@samp{i8x8} requires adaptive spatial transform (@option{8x8dct} +option) to be enabled.) +@item none (@emph{none}) +Do not consider any partitions. +@item all (@emph{all}) +Consider every partition. @end table -@item x264opts @var{options} -Allow to set any x264 option, see @code{x264 --fullhelp} for a list. +@item direct-pred (@emph{direct}) +Set direct MV prediction mode. Possible values: -@var{options} is a list of @var{key}=@var{value} couples separated by +@table @samp +@item none (@emph{none}) +Disable MV prediction. +@item spatial (@emph{spatial}) +Enable spatial predicting. +@item temporal (@emph{temporal}) +Enable temporal predicting. +@item auto (@emph{auto}) +Automatically decided. +@end table + +@item slice-max-size (@emph{slice-max-size}) +Set the limit of the size of each slice in bytes. If not specified +but RTP payload size (@option{ps}) is specified, that is used. + +@item stats (@emph{stats}) +Set the file name for multi-pass stats. + +@item nal-hrd (@emph{nal-hrd}) +Set signal HRD information (requires @option{vbv-bufsize} to be set). +Possible values: + +@table @samp +@item none (@emph{none}) +Disable HRD information signaling. +@item vbr (@emph{vbr}) +Variable bit rate. +@item cbr (@emph{cbr}) +Constant bit rate (not allowed in MP4 container). +@end table + +@item x264opts (N.A.) +Set any x264 option, see @command{x264 --fullhelp} for a list. + +Argument is a list of @var{key}=@var{value} couples separated by ":". In @var{filter} and @var{psy-rd} options that use ":" as a separator themselves, use "," instead. They accept it as well since long ago but this is kept undocumented for some reason. @@ -1025,17 +1165,22 @@ For example to specify libx264 encoding options with @command{ffmpeg}: ffmpeg -i foo.mpg -vcodec libx264 -x264opts keyint=123:min-keyint=20 -an out.mkv @end example -For more information about libx264 and the supported options see: -@url{http://www.videolan.org/developers/x264.html} +@item x264-params (N.A.) +Override the x264 configuration using a :-separated list of key=value +parameters. -@item -x264-params @var{string} -Override the x264 configuration using a :-separated list of key=value parameters. +This option is functionally the same as the @option{x264opts}, but is +duplicated for compability with the Libav fork. + +For example to specify libx264 encoding options with @command{ffmpeg}: @example --x264-params level=30:bframes=0:weightp=0:cabac=0:ref=1:vbv-maxrate=768:vbv-bufsize=2000:analyse=all:me=umh:no-fast-pskip=1:subq=6:8x8dct=0:trellis=0 +ffmpeg -i INPUT -c:v libx264 -x264-params level=30:bframes=0:weightp=0:\ +cabac=0:ref=1:vbv-maxrate=768:vbv-bufsize=2000:analyse=all:me=umh:\ +no-fast-pskip=1:subq=6:8x8dct=0:trellis=0 OUTPUT @end example @end table -Encoding avpresets for common usages are provided so they can be used with the -general presets system (e.g. passing the @code{-pre} option). +Encoding ffpresets for common usages are provided so they can be used with the +general presets system (e.g. passing the @option{pre} option). @c man end VIDEO ENCODERS From b23642aa7e64d914b40772c4dd69ac88acbc809c Mon Sep 17 00:00:00 2001 From: Timothy Gu Date: Mon, 29 Jul 2013 19:12:10 -0700 Subject: [PATCH 119/452] doc/encoders: add libxvid doc Signed-off-by: Stefano Sabatini (cherry picked from commit 6b255e5e70c72aa59ff7aed74b4ee976223eb140) Signed-off-by: Timothy Gu Conflicts: doc/encoders.texi --- doc/encoders.texi | 113 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 113 insertions(+) diff --git a/doc/encoders.texi b/doc/encoders.texi index 0e47e3ed9f..f763b4dfae 100644 --- a/doc/encoders.texi +++ b/doc/encoders.texi @@ -1183,4 +1183,117 @@ no-fast-pskip=1:subq=6:8x8dct=0:trellis=0 OUTPUT Encoding ffpresets for common usages are provided so they can be used with the general presets system (e.g. passing the @option{pre} option). +@section libxvid + +Xvid MPEG-4 Part 2 encoder wrapper. + +This encoder requires the presence of the libxvidcore headers and library +during configuration. You need to explicitly configure the build with +@code{--enable-libxvid --enable-gpl}. + +The native @code{mpeg4} encoder supports the MPEG-4 Part 2 format, so +users can encode to this format without this library. + +@subsection Options + +The following options are supported by the libxvid wrapper. Some of +the following options are listed but are not documented, and +correspond to shared codec options. See @ref{codec-options,,the Codec +Options chapter} for their documentation. The other shared options +which are not listed have no effect for the libxvid encoder. + +@table @option +@item b + +@item g + +@item qmin + +@item qmax + +@item mpeg_quant + +@item threads + +@item bf + +@item b_qfactor + +@item b_qoffset + +@item flags +Set specific encoding flags. Possible values: + +@table @samp + +@item mv4 +Use four motion vector by macroblock. + +@item aic +Enable high quality AC prediction. + +@item gray +Only encode grayscale. + +@item gmc +Enable the use of global motion compensation (GMC). + +@item qpel +Enable quarter-pixel motion compensation. + +@item cgop +Enable closed GOP. + +@item global_header +Place global headers in extradata instead of every keyframe. + +@end table + +@item trellis + +@item me_method +Set motion estimation method. Possible values in decreasing order of +speed and increasing order of quality: + +@table @samp +@item zero +Use no motion estimation (default). + +@item phods +@item x1 +@item log +Enable advanced diamond zonal search for 16x16 blocks and half-pixel +refinement for 16x16 blocks. @samp{x1} and @samp{log} are aliases for +@samp{phods}. + +@item epzs +Enable all of the things described above, plus advanced diamond zonal +search for 8x8 blocks, half-pixel refinement for 8x8 blocks, and motion +estimation on chroma planes. + +@item full +Enable all of the things described above, plus extended 16x16 and 8x8 +blocks search. +@end table + +@item mbd +Set macroblock decision algorithm. Possible values in the increasing +order of quality: + +@table @samp +@item simple +Use macroblock comparing function algorithm (default). + +@item bits +Enable rate distortion-based half pixel and quarter pixel refinement for +16x16 blocks. + +@item rd +Enable all of the things described above, plus rate distortion-based +half pixel and quarter pixel refinement for 8x8 blocks, and rate +distortion-based search using square pattern. +@end table + +@end table + @c man end VIDEO ENCODERS From 2da5b69020aaa263be398152f08f095cb299705c Mon Sep 17 00:00:00 2001 From: Stefano Sabatini Date: Sat, 6 Apr 2013 01:43:01 +0200 Subject: [PATCH 120/452] doc/filters: review introductory example and explanation In particular, fix wrong vertical mirroring command, and clarify and extend explanation. Based on a patch by littlebat . Should fix trac ticket #2413. (cherry picked from commit 215ca864759a54f45265a51ac57dbfd75cb23da2) Signed-off-by: Timothy Gu Conflicts: doc/filters.texi --- doc/filters.texi | 39 +++++++++++++++++++++++---------------- 1 file changed, 23 insertions(+), 16 deletions(-) diff --git a/doc/filters.texi b/doc/filters.texi index 528d3b0013..cfce0f8148 100644 --- a/doc/filters.texi +++ b/doc/filters.texi @@ -3,10 +3,10 @@ Filtering in FFmpeg is enabled through the libavfilter library. -In libavfilter, it is possible for filters to have multiple inputs and -multiple outputs. -To illustrate the sorts of things that are possible, we can -use a complex filter graph. For example, the following one: +In libavfilter, a filter can have multiple inputs and multiple +outputs. +To illustrate the sorts of things that are possible, we consider the +following filtergraph. @example input --> split ---------------------> overlay --> output @@ -15,25 +15,32 @@ input --> split ---------------------> overlay --> output +-----> crop --> vflip -------+ @end example -splits the stream in two streams, sends one stream through the crop filter -and the vflip filter before merging it back with the other stream by -overlaying it on top. You can use the following command to achieve this: +This filtergraph splits the input stream in two streams, sends one +stream through the crop filter and the vflip filter before merging it +back with the other stream by overlaying it on top. You can use the +following command to achieve this: @example -ffmpeg -i input -vf "[in] split [T1], [T2] overlay=0:H/2 [out]; [T1] crop=iw:ih/2:0:ih/2, vflip [T2]" output +ffmpeg -i INPUT -vf "split [main][tmp]; [tmp] crop=iw:ih/2:0:0, vflip [flip]; [main][flip] overlay=0:H/2" OUTPUT @end example The result will be that in output the top half of the video is mirrored onto the bottom half. -Filters are loaded using the @var{-vf} or @var{-af} option passed to -@command{ffmpeg} or to @command{ffplay}. Filters in the same linear -chain are separated by commas. In our example, @var{split, -overlay} are in one linear chain, and @var{crop, vflip} are in -another. The points where the linear chains join are labeled by names -enclosed in square brackets. In our example, that is @var{[T1]} and -@var{[T2]}. The special labels @var{[in]} and @var{[out]} are the points -where video is input and output. +Filters in the same linear chain are separated by commas, and distinct +linear chains of filters are separated by semicolons. In our example, +@var{crop,vflip} are in one linear chain, @var{split} and +@var{overlay} are separately in another. The points where the linear +chains join are labelled by names enclosed in square brackets. In the +example, the split filter generates two outputs that are associated to +the labels @var{[main]} and @var{[tmp]}. + +The stream sent to the second output of @var{split}, labelled as +@var{[tmp]}, is processed through the @var{crop} filter, which crops +away the lower half part of the video, and then vertically flipped. The +@var{overlay} filter takes in input the first unchanged output of the +split filter (which was labelled as @var{[main]}), and overlay on its +lower half the output generated by the @var{crop,vflip} filterchain. Some filters take in input a list of parameters: they are specified after the filter name and an equal sign, and are separated from each other From b3fb651a8a8a6cf9eb1b8409fdb669ff71f54545 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 27 Aug 2013 00:26:24 +0200 Subject: [PATCH 121/452] update for 1.2.3 Signed-off-by: Michael Niedermayer --- RELEASE | 2 +- VERSION | 2 +- doc/Doxyfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/RELEASE b/RELEASE index 23aa839063..0495c4a88c 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -1.2.2 +1.2.3 diff --git a/VERSION b/VERSION index 23aa839063..0495c4a88c 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.2.2 +1.2.3 diff --git a/doc/Doxyfile b/doc/Doxyfile index 77d55d9294..f101e13b76 100644 --- a/doc/Doxyfile +++ b/doc/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 1.2.2 +PROJECT_NUMBER = 1.2.3 # With the PROJECT_LOGO tag one can specify an logo or icon that is included # in the documentation. The maximum height of the logo should not exceed 55 From 26617b47faccaf3646b767ed3062affd8252499d Mon Sep 17 00:00:00 2001 From: Stefano Sabatini Date: Sat, 27 Jul 2013 16:50:19 +0200 Subject: [PATCH 122/452] doc/codecs: fix dangling reference to codec-options chapter (cherry picked from commit b4bd21b7fe2ad8be59b16538448586814e5db65b) Signed-off-by: Timothy Gu Conflicts: doc/codecs.texi --- doc/encoders.texi | 2 +- doc/ffmpeg-codecs.texi | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/encoders.texi b/doc/encoders.texi index f763b4dfae..121e865556 100644 --- a/doc/encoders.texi +++ b/doc/encoders.texi @@ -871,7 +871,7 @@ for easy migration. To reduce the duplication of documentation, only the private options and some others requiring special attention are documented here. For the documentation of the undocumented generic options, see -@ref{codec-options}. +@ref{codec-options,,the Codec Options chapter}. To get a more accurate and extensive documentation of the libx264 options, invoke the command @command{x264 --full-help} or consult diff --git a/doc/ffmpeg-codecs.texi b/doc/ffmpeg-codecs.texi index db20aec84c..c53531db62 100644 --- a/doc/ffmpeg-codecs.texi +++ b/doc/ffmpeg-codecs.texi @@ -17,6 +17,7 @@ the libavcodec library. @c man end DESCRIPTION +@anchor{codec-options} @chapter Codec Options @c man begin CODEC OPTIONS From ddce97c7b0e460bafa0e7da72b6c4b8193f23cda Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 30 Aug 2013 23:14:32 +0200 Subject: [PATCH 123/452] avcodec/pngdsp: fix (un)signed type in end comparission Fixes out of array accesses Fixes Ticket2919 Found_by: ami_stuff Signed-off-by: Michael Niedermayer (cherry picked from commit 86736f59d6a527d8bc807d09b93f971c0fe0bb07) --- libavcodec/pngdsp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/pngdsp.c b/libavcodec/pngdsp.c index 1ee8b57bc9..38ee458f8d 100644 --- a/libavcodec/pngdsp.c +++ b/libavcodec/pngdsp.c @@ -30,7 +30,7 @@ static void add_bytes_l2_c(uint8_t *dst, uint8_t *src1, uint8_t *src2, int w) { long i; - for (i = 0; i <= w - sizeof(long); i += sizeof(long)) { + for (i = 0; i <= w - (int)sizeof(long); i += sizeof(long)) { long a = *(long *)(src1 + i); long b = *(long *)(src2 + i); *(long *)(dst + i) = ((a & pb_7f) + (b & pb_7f)) ^ ((a ^ b) & pb_80); From 32cff0d3f096293189916ea438918bcca0445d50 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 31 Aug 2013 03:08:25 +0200 Subject: [PATCH 124/452] avformat/avidec: match first index and first packet size=0 handling Fixes Ticket2861 Signed-off-by: Michael Niedermayer (cherry picked from commit 227a0eb5a92409572f2cecde6137529b83e7d495) Conflicts: libavformat/avidec.c --- libavformat/avidec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/avidec.c b/libavformat/avidec.c index 6513f3f9eb..4852e44f12 100644 --- a/libavformat/avidec.c +++ b/libavformat/avidec.c @@ -1303,7 +1303,7 @@ static int avi_read_idx1(AVFormatContext *s, int size) st = s->streams[index]; ast = st->priv_data; - if(first_packet && first_packet_pos && len) { + if (first_packet && first_packet_pos) { data_offset = first_packet_pos - pos; first_packet = 0; } From 95d0baa95217097a7840729003d528f198a980f5 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 1 Sep 2013 03:40:20 +0200 Subject: [PATCH 125/452] avcodec/h264: set er.ref_count earlier Fixes Ticket2910 Signed-off-by: Michael Niedermayer (cherry picked from commit 93cf7b01950b9d8e1646227752b522d0275d32df) --- libavcodec/h264.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 3a83b4b031..acc42eeb95 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -3775,6 +3775,7 @@ static int decode_slice_header(H264Context *h, H264Context *h0) if (h->ref_count[0]) h->er.last_pic = &h->ref_list[0][0]; if (h->ref_count[1]) h->er.next_pic = &h->ref_list[1][0]; + h->er.ref_count = h->ref_count[0]; if (h->avctx->debug & FF_DEBUG_PICT_INFO) { av_log(h->avctx, AV_LOG_DEBUG, @@ -4166,7 +4167,6 @@ static void er_add_slice(H264Context *h, int startx, int starty, if (CONFIG_ERROR_RESILIENCE) { ERContext *er = &h->er; - er->ref_count = h->ref_count[0]; ff_er_add_slice(er, startx, starty, endx, endy, status); } } From 458933fdb8d5a9936088cfa9a466842f7b8da2f0 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 1 Sep 2013 00:21:37 +0200 Subject: [PATCH 126/452] avformat/lxfdec: use a parser to parse video frame headers lxf needs a parser (or would need to set a few fields explicitly). Fixes Ticket2917 Signed-off-by: Michael Niedermayer (cherry picked from commit 8349be852be7f68fe0590584fd46c4d5f1c16b3d) --- libavformat/lxfdec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavformat/lxfdec.c b/libavformat/lxfdec.c index 90c49749a6..99257397f9 100644 --- a/libavformat/lxfdec.c +++ b/libavformat/lxfdec.c @@ -258,6 +258,7 @@ static int lxf_read_header(AVFormatContext *s) st->codec->bit_rate = 1000000 * ((video_params >> 14) & 0xFF); st->codec->codec_tag = video_params & 0xF; st->codec->codec_id = ff_codec_get_id(lxf_tags, st->codec->codec_tag); + st->need_parsing = AVSTREAM_PARSE_HEADERS; av_log(s, AV_LOG_DEBUG, "record: %x = %i-%02i-%02i\n", record_date, 1900 + (record_date & 0x7F), (record_date >> 7) & 0xF, From 7eee79ea2fd3095984fbb3b684d4c598a0267e70 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Mon, 2 Sep 2013 08:32:24 +0200 Subject: [PATCH 127/452] Avoid a deadlock when decoding wma. Fixes ticket #2925. (cherry picked from commit ec8a4841f7e81040f9a2757f23e70dff5e6b33a4) --- libavcodec/wmadec.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/wmadec.c b/libavcodec/wmadec.c index cdd285002d..40a1040d90 100644 --- a/libavcodec/wmadec.c +++ b/libavcodec/wmadec.c @@ -506,6 +506,10 @@ static int wma_decode_block(WMACodecContext *s) coef escape coding */ total_gain = 1; for(;;) { + if (get_bits_left(&s->gb) < 7) { + av_log(s->avctx, AV_LOG_ERROR, "total_gain overread\n"); + return AVERROR_INVALIDDATA; + } a = get_bits(&s->gb, 7); total_gain += a; if (a != 127) From ece54c7085dc9cd945354e9985e480ea187b8be0 Mon Sep 17 00:00:00 2001 From: Paul B Mahol Date: Mon, 2 Sep 2013 22:50:00 +0000 Subject: [PATCH 128/452] w64dec: fix skipping of unknown guids Regression since 14d50c1. Fixes #2932. Signed-off-by: Paul B Mahol (cherry picked from commit 79b70e47a463057a3a48353ee1dd58671c11f86c) --- libavformat/wavdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/wavdec.c b/libavformat/wavdec.c index 782fa6416d..832dfde55c 100644 --- a/libavformat/wavdec.c +++ b/libavformat/wavdec.c @@ -655,7 +655,7 @@ static int w64_read_header(AVFormatContext *s) avio_skip(pb, end - avio_tell(pb)); } else { av_log(s, AV_LOG_DEBUG, "unknown guid: "FF_PRI_GUID"\n", FF_ARG_GUID(guid)); - avio_skip(pb, size - 24); + avio_skip(pb, FFALIGN(size, INT64_C(8)) - 24); } } From 3c523bdda84f8d2036b017fc82a428f064e4d1c0 Mon Sep 17 00:00:00 2001 From: Paul B Mahol Date: Tue, 3 Sep 2013 01:03:10 +0000 Subject: [PATCH 129/452] w64dec: fix end position of summarylist guid Noticed-by: James Almer Signed-off-by: Paul B Mahol (cherry picked from commit 3e36dc8626f4721ea749286dae40169ee5cb7d04) --- libavformat/wavdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/wavdec.c b/libavformat/wavdec.c index 832dfde55c..87d369912b 100644 --- a/libavformat/wavdec.c +++ b/libavformat/wavdec.c @@ -629,7 +629,7 @@ static int w64_read_header(AVFormatContext *s) uint32_t count, chunk_size, i; start = avio_tell(pb); - end = start + size; + end = start + FFALIGN(size, INT64_C(8)) - 24; count = avio_rl32(pb); for (i = 0; i < count; i++) { From 06a927a6b5343b1cff5d09a0c4d525adbfea901c Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Sun, 1 Sep 2013 20:20:47 +0200 Subject: [PATCH 130/452] Read h264 headers from v4l2 to allow stream-copying. Fixes ticket #2882. Analyzed and tested by William C Bonner. (cherry picked from commit e337c9d56408dc00a15887309488a1ff5cb06ba3) --- libavdevice/v4l2.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavdevice/v4l2.c b/libavdevice/v4l2.c index 6726b0b89f..049f0bd93c 100644 --- a/libavdevice/v4l2.c +++ b/libavdevice/v4l2.c @@ -985,6 +985,9 @@ static int v4l2_read_header(AVFormatContext *s1) if (codec_id == AV_CODEC_ID_RAWVIDEO) st->codec->codec_tag = avcodec_pix_fmt_to_codec_tag(st->codec->pix_fmt); + else if (codec_id == AV_CODEC_ID_H264) { + st->need_parsing = AVSTREAM_PARSE_HEADERS; + } if (desired_format == V4L2_PIX_FMT_YVU420) st->codec->codec_tag = MKTAG('Y', 'V', '1', '2'); else if (desired_format == V4L2_PIX_FMT_YVU410) From 8f87e75c6c92eae64f16878481c0274f64dea82d Mon Sep 17 00:00:00 2001 From: Paul B Mahol Date: Sun, 8 Sep 2013 12:35:31 +0000 Subject: [PATCH 131/452] avformat/matroskaenc: remove bogus prores tag Fixes: ffmpeg -i input -c:v prores output.mkv Signed-off-by: Paul B Mahol (cherry picked from commit 14851ca5f5a3af140085e82589e28e06c7cdefdc) Conflicts: libavformat/matroskaenc.c --- libavformat/matroskaenc.c | 1 - 1 file changed, 1 deletion(-) diff --git a/libavformat/matroskaenc.c b/libavformat/matroskaenc.c index d5e91bb6d5..e62d5347ca 100644 --- a/libavformat/matroskaenc.c +++ b/libavformat/matroskaenc.c @@ -1414,7 +1414,6 @@ const AVCodecTag additional_audio_tags[] = { }; const AVCodecTag additional_video_tags[] = { - { AV_CODEC_ID_PRORES, 0xFFFFFFFF }, { AV_CODEC_ID_RV10, 0xFFFFFFFF }, { AV_CODEC_ID_RV20, 0xFFFFFFFF }, { AV_CODEC_ID_RV30, 0xFFFFFFFF }, From 8cea63c48ae004b240a925bcbd882985928149bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20B=C5=93sch?= Date: Sun, 8 Sep 2013 09:43:53 +0200 Subject: [PATCH 132/452] avformat/vobsub: fix seeking. (cherry picked from commit f8678dcef3c5b0ea82e898e1f419863409fa135f) --- libavformat/mpeg.c | 16 ++++++++++++++++ libavformat/subtitles.c | 16 ++++++++++++++-- 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/libavformat/mpeg.c b/libavformat/mpeg.c index 4eaffd8812..82957a104b 100644 --- a/libavformat/mpeg.c +++ b/libavformat/mpeg.c @@ -649,6 +649,7 @@ static int vobsub_read_header(AVFormatContext *s) st->id = stream_id; st->codec->codec_type = AVMEDIA_TYPE_SUBTITLE; st->codec->codec_id = AV_CODEC_ID_DVD_SUBTITLE; + avpriv_set_pts_info(st, 64, 1, 1000); av_dict_set(&st->metadata, "language", id, 0); av_log(s, AV_LOG_DEBUG, "IDX stream[%d] id=%s\n", stream_id, id); header_parsed = 1; @@ -806,6 +807,21 @@ static int vobsub_read_seek(AVFormatContext *s, int stream_index, int64_t min_ts, int64_t ts, int64_t max_ts, int flags) { MpegDemuxContext *vobsub = s->priv_data; + + /* Rescale requested timestamps based on the first stream (timebase is the + * same for all subtitles stream within a .idx/.sub). Rescaling is done just + * like in avformat_seek_file(). */ + if (stream_index == -1 && s->nb_streams != 1) { + AVRational time_base = s->streams[0]->time_base; + ts = av_rescale_q(ts, AV_TIME_BASE_Q, time_base); + min_ts = av_rescale_rnd(min_ts, time_base.den, + time_base.num * (int64_t)AV_TIME_BASE, + AV_ROUND_UP | AV_ROUND_PASS_MINMAX); + max_ts = av_rescale_rnd(max_ts, time_base.den, + time_base.num * (int64_t)AV_TIME_BASE, + AV_ROUND_DOWN | AV_ROUND_PASS_MINMAX); + } + return ff_subtitles_queue_seek(&vobsub->q, s, stream_index, min_ts, ts, max_ts, flags); } diff --git a/libavformat/subtitles.c b/libavformat/subtitles.c index 37ba0cb0b6..e128bcef3e 100644 --- a/libavformat/subtitles.c +++ b/libavformat/subtitles.c @@ -108,7 +108,8 @@ int ff_subtitles_queue_seek(FFDemuxSubtitlesQueue *q, AVFormatContext *s, int st for (i = 0; i < q->nb_subs; i++) { int64_t pts = q->subs[i].pts; uint64_t ts_diff = FFABS(pts - ts); - if (pts >= min_ts && pts <= max_ts && ts_diff < min_ts_diff) { + if ((stream_index == -1 || q->subs[i].stream_index == stream_index) && + pts >= min_ts && pts <= max_ts && ts_diff < min_ts_diff) { min_ts_diff = ts_diff; idx = i; } @@ -118,13 +119,24 @@ int ff_subtitles_queue_seek(FFDemuxSubtitlesQueue *q, AVFormatContext *s, int st /* look back in the latest subtitles for overlapping subtitles */ ts_selected = q->subs[idx].pts; for (i = idx - 1; i >= 0; i--) { - if (q->subs[i].duration <= 0) + if (q->subs[i].duration <= 0 || + (stream_index != -1 && q->subs[i].stream_index != stream_index)) continue; if (q->subs[i].pts > ts_selected - q->subs[i].duration) idx = i; else break; } + + /* If the queue is used to store multiple subtitles streams (like with + * VobSub) and the stream index is not specified, we need to make sure + * to focus on the smallest file position offset for a same timestamp; + * queue is ordered by pts and then filepos, so we can take the first + * entry for a given timestamp. */ + if (stream_index == -1) + while (idx > 0 && q->subs[idx - 1].pts == q->subs[idx].pts) + idx--; + q->current_sub_idx = idx; } return 0; From 6a782e20d7613f91f637630c3b9158f8c6e549c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20B=C5=93sch?= Date: Sun, 8 Sep 2013 09:55:02 +0200 Subject: [PATCH 133/452] avformat/subtitles: check lower bound for duration overlap seeking. (cherry picked from commit 1ca4bf930bab681a79fb591330043675c7cfd798) --- libavformat/subtitles.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/subtitles.c b/libavformat/subtitles.c index e128bcef3e..1634e3a99a 100644 --- a/libavformat/subtitles.c +++ b/libavformat/subtitles.c @@ -119,10 +119,11 @@ int ff_subtitles_queue_seek(FFDemuxSubtitlesQueue *q, AVFormatContext *s, int st /* look back in the latest subtitles for overlapping subtitles */ ts_selected = q->subs[idx].pts; for (i = idx - 1; i >= 0; i--) { + int64_t pts = q->subs[i].pts; if (q->subs[i].duration <= 0 || (stream_index != -1 && q->subs[i].stream_index != stream_index)) continue; - if (q->subs[i].pts > ts_selected - q->subs[i].duration) + if (pts >= min_ts && pts > ts_selected - q->subs[i].duration) idx = i; else break; From 3a6fbb0c8e0663767c9b127a6459ce62584f8541 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Mon, 9 Sep 2013 10:02:12 +0200 Subject: [PATCH 134/452] Store the video bit_rate in the context when muxing mxf. This will allow using rc_max_rate if no bit_rate is specified (on remuxing). Reviewed-by: Matthieu Bouron (cherry picked from commit 52cf08b4c8859f7cac010a7a59f7aa369384ad85) --- libavformat/mxfenc.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/libavformat/mxfenc.c b/libavformat/mxfenc.c index cf9b77dd92..257542cec9 100644 --- a/libavformat/mxfenc.c +++ b/libavformat/mxfenc.c @@ -76,6 +76,7 @@ typedef struct { int temporal_reordering; AVRational aspect_ratio; ///< display aspect ratio int closed_gop; ///< gop is closed, used in mpeg-2 frame parsing + int video_bit_rate; } MXFStreamContext; typedef struct { @@ -976,13 +977,14 @@ static void mxf_write_cdci_desc(AVFormatContext *s, AVStream *st) static void mxf_write_mpegvideo_desc(AVFormatContext *s, AVStream *st) { AVIOContext *pb = s->pb; + MXFStreamContext *sc = st->priv_data; int profile_and_level = (st->codec->profile<<4) | st->codec->level; mxf_write_cdci_common(s, st, mxf_mpegvideo_descriptor_key, 8+5); // bit rate mxf_write_local_tag(pb, 4, 0x8000); - avio_wb32(pb, st->codec->bit_rate); + avio_wb32(pb, sc->video_bit_rate); // profile and level mxf_write_local_tag(pb, 1, 0x8007); @@ -1705,14 +1707,15 @@ static int mxf_write_header(AVFormatContext *s) ret = av_timecode_init(&mxf->tc, rate, 0, 0, s); if (ret < 0) return ret; + sc->video_bit_rate = st->codec->bit_rate; if (s->oformat == &ff_mxf_d10_muxer) { - if (st->codec->bit_rate == 50000000) { + if (sc->video_bit_rate == 50000000) { if (mxf->time_base.den == 25) sc->index = 3; else sc->index = 5; - } else if (st->codec->bit_rate == 40000000) { + } else if (sc->video_bit_rate == 40000000) { if (mxf->time_base.den == 25) sc->index = 7; else sc->index = 9; - } else if (st->codec->bit_rate == 30000000) { + } else if (sc->video_bit_rate == 30000000) { if (mxf->time_base.den == 25) sc->index = 11; else sc->index = 13; } else { @@ -1721,7 +1724,7 @@ static int mxf_write_header(AVFormatContext *s) } mxf->edit_unit_byte_count = KAG_SIZE; // system element - mxf->edit_unit_byte_count += 16 + 4 + (uint64_t)st->codec->bit_rate * + mxf->edit_unit_byte_count += 16 + 4 + (uint64_t)sc->video_bit_rate * mxf->time_base.num / (8*mxf->time_base.den); mxf->edit_unit_byte_count += klv_fill_size(mxf->edit_unit_byte_count); mxf->edit_unit_byte_count += 16 + 4 + 4 + spf->samples_per_frame[0]*8*4; @@ -1855,7 +1858,8 @@ static void mxf_write_d10_video_packet(AVFormatContext *s, AVStream *st, AVPacke { MXFContext *mxf = s->priv_data; AVIOContext *pb = s->pb; - int packet_size = (uint64_t)st->codec->bit_rate*mxf->time_base.num / + MXFStreamContext *sc = st->priv_data; + int packet_size = (uint64_t)sc->video_bit_rate*mxf->time_base.num / (8*mxf->time_base.den); // frame size int pad; From b4f90013ab4f35f9cd0086193becffbe3413da08 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Mon, 9 Sep 2013 10:03:14 +0200 Subject: [PATCH 135/452] Use rc_max_rate if no video bit_rate was specified when muxing mxf_d10. Fixes ticket #2945. Reviewed-by: Matthieu Bouron (cherry picked from commit d73565d5ddf41d4b7805327cdb271c59d8c3fc59) --- libavformat/mxfenc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mxfenc.c b/libavformat/mxfenc.c index 257542cec9..e9a870bf3e 100644 --- a/libavformat/mxfenc.c +++ b/libavformat/mxfenc.c @@ -1707,7 +1707,7 @@ static int mxf_write_header(AVFormatContext *s) ret = av_timecode_init(&mxf->tc, rate, 0, 0, s); if (ret < 0) return ret; - sc->video_bit_rate = st->codec->bit_rate; + sc->video_bit_rate = st->codec->bit_rate ? st->codec->bit_rate : st->codec->rc_max_rate; if (s->oformat == &ff_mxf_d10_muxer) { if (sc->video_bit_rate == 50000000) { if (mxf->time_base.den == 25) sc->index = 3; From a0779a2ee504e9f38cab91296ba96fa189804f9b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20B=C5=93sch?= Date: Sun, 8 Sep 2013 16:17:46 +0200 Subject: [PATCH 136/452] avformat/srtdec: skip initial random line breaks. I found a bunch of (recent) SRT files in the wild with 3 to 10 line breaks at the beginning. (cherry picked from commit cfcd55db164e0acc0c30b2cf084e6eebe9741d34) Signed-off-by: Alexander Strasser --- libavformat/srtdec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/srtdec.c b/libavformat/srtdec.c index 76e06e4165..6b60052148 100644 --- a/libavformat/srtdec.c +++ b/libavformat/srtdec.c @@ -37,6 +37,8 @@ static int srt_probe(AVProbeData *p) if (AV_RB24(ptr) == 0xEFBBBF) ptr += 3; /* skip UTF-8 BOM */ + while (*ptr == '\r' || *ptr == '\n') + ptr++; for (i=0; i<2; i++) { if ((num == i || num + 1 == i) && sscanf(ptr, "%*d:%*2d:%*2d%*1[,.]%*3d --> %*d:%*2d:%*2d%*1[,.]%3d", &v) == 1) From c09acf9882803fd17762689859032c0866568e27 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20B=C5=93sch?= Date: Sun, 8 Sep 2013 18:02:45 +0200 Subject: [PATCH 137/452] avformat/subtitles: add a next line jumper and use it. This fixes a bunch of possible overread in avformat with the idiom p += strcspn(p, "\n") + 1 (strcspn() can focus on the trailing '\0' if no '\n' is found, so the +1 leads to an overread). Note on lavf/matroskaenc: no extra subtitles.o Makefile dependency is added because only the header is required for ff_subtitles_next_line(). Note on lavf/mpsubdec: code gets slightly complex to avoid an infinite loop in the probing since there is no more forced increment. NOTE: Code of function ff_subtitles_next_line fixed by Alexander Strasser. The original code from master did test the wrong character, but was corrected by a subsequent commit. That commit however is not backported, so it had to be fixed in this commit for the backport. Conflicts: libavformat/mpl2dec.c (cherry picked from commit 90fc00a623de44e137fe1601b91356e8cd8bdd54) Signed-off-by: Alexander Strasser --- libavformat/jacosubdec.c | 2 +- libavformat/matroskaenc.c | 3 ++- libavformat/microdvddec.c | 2 +- libavformat/mpl2dec.c | 2 +- libavformat/mpsubdec.c | 6 +++++- libavformat/srtdec.c | 7 ++++--- libavformat/subtitles.h | 13 +++++++++++++ 7 files changed, 27 insertions(+), 8 deletions(-) diff --git a/libavformat/jacosubdec.c b/libavformat/jacosubdec.c index 89e7e1bf54..c622dd04ee 100644 --- a/libavformat/jacosubdec.c +++ b/libavformat/jacosubdec.c @@ -63,7 +63,7 @@ static int jacosub_probe(AVProbeData *p) return AVPROBE_SCORE_MAX/2 + 1; return 0; } - ptr += strcspn(ptr, "\n") + 1; + ptr += ff_subtitles_next_line(ptr); } return 0; } diff --git a/libavformat/matroskaenc.c b/libavformat/matroskaenc.c index e62d5347ca..c506835dfb 100644 --- a/libavformat/matroskaenc.c +++ b/libavformat/matroskaenc.c @@ -27,6 +27,7 @@ #include "avc.h" #include "flacenc.h" #include "avlanguage.h" +#include "subtitles.h" #include "libavutil/samplefmt.h" #include "libavutil/sha.h" #include "libavutil/intreadwrite.h" @@ -1179,7 +1180,7 @@ static int srt_get_duration(uint8_t **buf) s_hsec += 1000*s_sec; e_hsec += 1000*e_sec; duration = e_hsec - s_hsec; } - *buf += strcspn(*buf, "\n") + 1; + *buf += ff_subtitles_next_line(*buf); } return duration; } diff --git a/libavformat/microdvddec.c b/libavformat/microdvddec.c index 4b428461cb..5d9b13ee68 100644 --- a/libavformat/microdvddec.c +++ b/libavformat/microdvddec.c @@ -47,7 +47,7 @@ static int microdvd_probe(AVProbeData *p) sscanf(ptr, "{%*d}{%*d}%c", &c) != 1 && sscanf(ptr, "{DEFAULT}{}%c", &c) != 1) return 0; - ptr += strcspn(ptr, "\n") + 1; + ptr += ff_subtitles_next_line(ptr); } return AVPROBE_SCORE_MAX; } diff --git a/libavformat/mpl2dec.c b/libavformat/mpl2dec.c index ce2061bb8b..2f708e0194 100644 --- a/libavformat/mpl2dec.c +++ b/libavformat/mpl2dec.c @@ -43,7 +43,7 @@ static int mpl2_probe(AVProbeData *p) if (sscanf(ptr, "[%"PRId64"][%"PRId64"]%c", &start, &end, &c) != 3 && sscanf(ptr, "[%"PRId64"][]%c", &start, &c) != 2) return 0; - ptr += strcspn(ptr, "\r\n") + 1; + ptr += ff_subtitles_next_line(ptr); if (ptr >= ptr_end) return 0; } diff --git a/libavformat/mpsubdec.c b/libavformat/mpsubdec.c index 2acafaa81b..360a3d837f 100644 --- a/libavformat/mpsubdec.c +++ b/libavformat/mpsubdec.c @@ -37,12 +37,16 @@ static int mpsub_probe(AVProbeData *p) const char *ptr_end = p->buf + p->buf_size; while (ptr < ptr_end) { + int inc; int n; if (!memcmp(ptr, "FORMAT=TIME", 11) || sscanf(ptr, "FORMAT=%d", &n) == 1) return AVPROBE_SCORE_MAX/2; - ptr += strcspn(ptr, "\n") + 1; + inc = ff_subtitles_next_line(ptr); + if (!inc) + break; + ptr += inc; } return 0; } diff --git a/libavformat/srtdec.c b/libavformat/srtdec.c index 6b60052148..ba799846c1 100644 --- a/libavformat/srtdec.c +++ b/libavformat/srtdec.c @@ -44,7 +44,7 @@ static int srt_probe(AVProbeData *p) && sscanf(ptr, "%*d:%*2d:%*2d%*1[,.]%*3d --> %*d:%*2d:%*2d%*1[,.]%3d", &v) == 1) return AVPROBE_SCORE_MAX; num = atoi(ptr); - ptr += strcspn(ptr, "\n") + 1; + ptr += ff_subtitles_next_line(ptr); } return 0; } @@ -65,10 +65,11 @@ static int64_t get_pts(const char **buf, int *duration, int64_t start = (hh1*3600LL + mm1*60LL + ss1) * 1000LL + ms1; int64_t end = (hh2*3600LL + mm2*60LL + ss2) * 1000LL + ms2; *duration = end - start; - *buf += strcspn(*buf, "\n") + 1; + *buf += ff_subtitles_next_line(*buf); return start; } - *buf += strcspn(*buf, "\n") + 1; + *buf += ff_subtitles_next_line(*buf); + } return AV_NOPTS_VALUE; } diff --git a/libavformat/subtitles.h b/libavformat/subtitles.h index 455b374f25..8f68e7bda1 100644 --- a/libavformat/subtitles.h +++ b/libavformat/subtitles.h @@ -96,4 +96,17 @@ const char *ff_smil_get_attr_ptr(const char *s, const char *attr); */ void ff_subtitles_read_chunk(AVIOContext *pb, AVBPrint *buf); +/** + * Get the number of characters to increment to jump to the next line, or to + * the end of the string. + */ +static av_always_inline int ff_subtitles_next_line(const char *ptr) +{ + int n = strcspn(ptr, "\n"); + ptr += n; + if (*ptr == '\n') + n++; + return n; +} + #endif /* AVFORMAT_SUBTITLES_H */ From 0a55c882cb6bef5617ea7150c61889272aa08e5e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20B=C5=93sch?= Date: Sun, 8 Sep 2013 18:28:11 +0200 Subject: [PATCH 138/452] avcodec/srtdec: fix potential overread. (cherry picked from commit 3a54c221d574ec944db1eddf9df895808f32bf9e) Signed-off-by: Alexander Strasser --- libavcodec/srtdec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/srtdec.c b/libavcodec/srtdec.c index 267561c866..b16645a01e 100644 --- a/libavcodec/srtdec.c +++ b/libavcodec/srtdec.c @@ -204,7 +204,8 @@ static const char *read_ts(const char *buf, int *ts_start, int *ts_end, "%*[ ]X1:%u X2:%u Y1:%u Y2:%u", &hs, &ms, &ss, ts_start, &he, &me, &se, ts_end, x1, x2, y1, y2); - buf += strcspn(buf, "\n") + 1; + buf += strcspn(buf, "\n"); + buf += !!*buf; if (c >= 8) { *ts_start = 100*(ss + 60*(ms + 60*hs)) + *ts_start/10; *ts_end = 100*(se + 60*(me + 60*he)) + *ts_end /10; From 82cfb8c2db6c6ec4818fec1e56050e69caa11ac5 Mon Sep 17 00:00:00 2001 From: Timothy Gu Date: Sat, 3 Aug 2013 16:51:26 -0700 Subject: [PATCH 139/452] doc/encoders: reformat libmp3lame doc Signed-off-by: Timothy Gu Signed-off-by: Stefano Sabatini (cherry picked from commit 40b8350b57adaa9aaf6731bac5130d4fec1639c3) Conflicts: doc/encoders.texi --- doc/encoders.texi | 46 ++++++++++++++++++++++++++++------------------ 1 file changed, 28 insertions(+), 18 deletions(-) diff --git a/doc/encoders.texi b/doc/encoders.texi index 121e865556..f14e16367c 100644 --- a/doc/encoders.texi +++ b/doc/encoders.texi @@ -420,26 +420,36 @@ Requires the presence of the libmp3lame headers and library during configuration. You need to explicitly configure the build with @code{--enable-libmp3lame}. -@subsection Option Mapping +@subsection Options -The following options are supported by the libmp3lame wrapper, -the LAME-equivalent options follow the FFmpeg ones. +The following options are supported by the libmp3lame wrapper. The +@command{lame}-equivalent of the options are listed in parentheses. -@multitable @columnfractions .2 .2 -@item FFmpeg @tab LAME -@item b @tab b -FFmpeg @code{b} option is expressed in bits/s, lame @code{bitrate} -in kilobits/s. -@item q @tab V -Quality setting for VBR. -@item compression_level @tab q -Algorithm quality. Valid options are integers from 0-9. -@item reservoir @tab N.A. -Enable use of bit reservoir. LAME has this enabled by default. -@item joint_stereo @tab -m j -Enables the the encoder to use (on a frame by frame basis) either L/R -stereo or mid/side stereo. -@end multitable +@table @option +@item b (@emph{-b}) +Set bitrate expressed in bits/s for CBR. LAME @code{bitrate} is +expressed in kilobits/s. + +@item q (@emph{-V}) +Set constant quality setting for VBR. This option is valid only +using the @command{ffmpeg} command-line tool. For library interface +users, use @option{global_quality}. + +@item compression_level (@emph{-q}) +Set algorithm quality. Valid arguments are integers in the 0-9 range, +with 0 meaning highest quality but slowest, and 9 meaning fastest +while producing the worst quality. + +@item reservoir +Enable use of bit reservoir when set to 1. Default value is 1. LAME +has this enabled by default, but can be overriden by use +@option{--nores} option. + +@item joint_stereo (@emph{-m j}) +Enable the encoder to use (on a frame by frame basis) either L/R +stereo or mid/side stereo. Default value is 1. + +@end table @section libopencore-amrnb From 0f73cb454d1467efb2b42df681f9464a670dc41c Mon Sep 17 00:00:00 2001 From: Timothy Gu Date: Sat, 3 Aug 2013 16:55:40 -0700 Subject: [PATCH 140/452] doc/encoders: reformat and add some clarification in libtwolame doc Signed-off-by: Timothy Gu Signed-off-by: Stefano Sabatini (cherry picked from commit e45e72f5f89ef5a5791562cfcb935028b46ecd0a) Signed-off-by: Timothy Gu --- doc/encoders.texi | 56 ++++++++++++++++++++++++----------------------- 1 file changed, 29 insertions(+), 27 deletions(-) diff --git a/doc/encoders.texi b/doc/encoders.texi index f14e16367c..f4d0eb1dea 100644 --- a/doc/encoders.texi +++ b/doc/encoders.texi @@ -496,24 +496,26 @@ Requires the presence of the libtwolame headers and library during configuration. You need to explicitly configure the build with @code{--enable-libtwolame}. -@subsection Options Mapping +@subsection Options The following options are supported by the libtwolame wrapper. The -TwoLAME-equivalent options follow the FFmpeg ones and are in +@command{twolame}-equivalent options follow the FFmpeg ones and are in parentheses. @table @option -@item b -(b) Set bitrate in bits/s. Note that FFmpeg @code{b} option is -expressed in bits/s, twolame @code{b} in kilobits/s. The default -value is 128k. +@item b (@emph{-b}) +Set bitrate expressed in bits/s for CBR. @command{twolame} @option{b} +option is expressed in kilobits/s. Default value is 128k. -@item q -(V) Set quality for experimental VBR support. Maximum value range is -from -50 to 50, useful range is from -10 to 10. +@item q (@emph{-V}) +Set quality for experimental VBR support. Maximum value range is +from -50 to 50, useful range is from -10 to 10. The higher the +value, the better the quality. This option is valid only using the +@command{ffmpeg} command-line tool. For library interface users, +use @option{global_quality}. -@item mode -(mode) Set MPEG mode. Possible values: +@item mode (@emph{--mode}) +Set the mode of the resulting audio. Possible values: @table @samp @item auto @@ -528,26 +530,26 @@ Dual channel Mono @end table -@item psymodel -(psyc-mode) Set psychoacoustic model to use in encoding. The argument -must be an integer between -1 and 4, inclusive. The higher the value, -the better the quality. The default value is 3. +@item psymodel (@emph{--psyc-mode}) +Set psychoacoustic model to use in encoding. The argument must be +an integer between -1 and 4, inclusive. The higher the value, the +better the quality. The default value is 3. -@item energy_levels -(energy) Enable energy levels extensions when set to 1. The default -value is 0 (disabled). +@item energy_levels (@emph{--energy}) +Enable energy levels extensions when set to 1. The default value is +0 (disabled). -@item error_protection -(protect) Enable CRC error protection when set to 1. The default value -is 0 (disabled). +@item error_protection (@emph{--protect}) +Enable CRC error protection when set to 1. The default value is 0 +(disabled). -@item copyright -(copyright) Set MPEG audio copyright flag when set to 1. The default -value is 0 (disabled). +@item copyright (@emph{--copyright}) +Set MPEG audio copyright flag when set to 1. The default value is 0 +(disabled). -@item original -(original) Set MPEG audio original flag when set to 1. The default -value is 0 (disabled). +@item original (@emph{--original}) +Set MPEG audio original flag when set to 1. The default value is 0 +(disabled). @end table From d2feaf2ba613d446944e9be84bc581d5534e29c9 Mon Sep 17 00:00:00 2001 From: Timothy Gu Date: Sun, 8 Sep 2013 16:56:39 -0700 Subject: [PATCH 141/452] doc/encoders: Remove options that were not there when branch was cut from master Signed-off-by: Timothy Gu --- doc/encoders.texi | 4 ---- 1 file changed, 4 deletions(-) diff --git a/doc/encoders.texi b/doc/encoders.texi index f4d0eb1dea..08ec283708 100644 --- a/doc/encoders.texi +++ b/doc/encoders.texi @@ -445,10 +445,6 @@ Enable use of bit reservoir when set to 1. Default value is 1. LAME has this enabled by default, but can be overriden by use @option{--nores} option. -@item joint_stereo (@emph{-m j}) -Enable the encoder to use (on a frame by frame basis) either L/R -stereo or mid/side stereo. Default value is 1. - @end table @section libopencore-amrnb From 4431ee1896433b710bbbc54392db6d262d293aec Mon Sep 17 00:00:00 2001 From: Timothy Gu Date: Sun, 15 Sep 2013 19:08:58 -0700 Subject: [PATCH 142/452] doc/ffmpeg-formats: Add documentation for 3 parameters that have been missing Signed-off-by: Timothy Gu Signed-off-by: Michael Niedermayer (cherry picked from commit b7dd4598630fb1f890ae060f21a9ec92a103f22d) Signed-off-by: Timothy Gu Conflicts: doc/formats.texi --- doc/ffmpeg-formats.texi | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/doc/ffmpeg-formats.texi b/doc/ffmpeg-formats.texi index 30cf415d14..a8bc4bacb5 100644 --- a/doc/ffmpeg-formats.texi +++ b/doc/ffmpeg-formats.texi @@ -76,6 +76,9 @@ Enable RTP MP4A-LATM payload. Reduce the latency introduced by optional buffering @end table +@item seek2any @var{integer} (@emph{input}) +Forces seeking to enable seek to any mode if set to 1. Default is 0. + @item analyzeduration @var{integer} (@emph{input}) Specify how many microseconds are analyzed to probe the input. A higher value will allow to detect more accurate information, but will @@ -142,6 +145,12 @@ Use wallclock as timestamps. @item avoid_negative_ts @var{integer} (@emph{output}) Shift timestamps to make them positive. 1 enables, 0 disables, default of -1 enables when required by target format. + +@item skip_initial_bytes @var{integer} (@emph{input}) +Set number initial bytes to skip. Default is 0. + +@item correct_ts_overflow @var{integer} (@emph{input}) +Correct single timestamp overflows if set to 1. Default is 1. @end table @c man end FORMAT OPTIONS From 85eeab4d22ccbdb23ed7255b858ea788613bf700 Mon Sep 17 00:00:00 2001 From: Timothy Gu Date: Sat, 7 Sep 2013 20:13:11 -0700 Subject: [PATCH 143/452] doc/encoders: improve libvo-aacenc doc Signed-off-by: Timothy Gu Signed-off-by: Stefano Sabatini (cherry picked from commit 81bbe49a0e588aa899f37a567808ba8926d798d6) Signed-off-by: Timothy Gu --- doc/encoders.texi | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/doc/encoders.texi b/doc/encoders.texi index 08ec283708..b3a3ffbf73 100644 --- a/doc/encoders.texi +++ b/doc/encoders.texi @@ -557,16 +557,19 @@ Requires the presence of the libvo-aacenc headers and library during configuration. You need to explicitly configure the build with @code{--enable-libvo-aacenc --enable-version3}. +This encoder is considered to be worse than the +@ref{aacenc,,native experimental FFmpeg AAC encoder}, according to +multiple sources. + @subsection Options The VisualOn AAC encoder only support encoding AAC-LC and up to 2 -channels. It is also CBR-only. It is considered to be worse than the -native experimental FFmpeg AAC encoder. +channels. It is also CBR-only. @table @option @item b -Bitrate. +Set bit rate in bits/s. @end table From 6db67ac2a4faa138c2799ec399f56211329fc012 Mon Sep 17 00:00:00 2001 From: Timothy Gu Date: Sun, 8 Sep 2013 16:32:22 -0700 Subject: [PATCH 144/452] doc/encoders: add doc for AAC encoder Thanks-to: Kostya Shishkov Signed-off-by: Timothy Gu Signed-off-by: Stefano Sabatini (cherry picked from commit 0e11790cf7eef3b0f38a64486da1e3fb8c7f14b8) Signed-off-by: Timothy Gu --- doc/encoders.texi | 90 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) diff --git a/doc/encoders.texi b/doc/encoders.texi index b3a3ffbf73..a2ad496b22 100644 --- a/doc/encoders.texi +++ b/doc/encoders.texi @@ -25,6 +25,95 @@ enabled encoders. A description of some of the currently available audio encoders follows. +@anchor{aacenc} +@section aac + +Advanced Audio Coding (AAC) encoder. + +This encoder is an experimental FFmpeg-native AAC encoder. Currently only the +low complexity (AAC-LC) profile is supported. To use this encoder, you must set +@option{strict} option to @samp{experimental} or lower. + +As this encoder is experimental, unexpected behavior may exist from time to +time. For a more stable AAC encoder, see @ref{libvo-aacenc}. However, be warned +that it has a worse quality reported by some users. + +@c Comment this out until somebody writes the respective documentation. +@c See also @ref{libfaac}, @ref{libaacplus}, and @ref{libfdk-aac-enc}. + +@subsection Options + +@table @option +@item b +Set bit rate in bits/s. Setting this automatically activates constant bit rate +(CBR) mode. + +@item q +Set quality for variable bit rate (VBR) mode. This option is valid only using +the @command{ffmpeg} command-line tool. For library interface users, use +@option{global_quality}. + +@item stereo_mode +Set stereo encoding mode. Possible values: + +@table @samp +@item auto +Automatically selected by the encoder. + +@item ms_off +Disable middle/side encoding. This is the default. + +@item ms_force +Force middle/side encoding. +@end table + +@item aac_coder +Set AAC encoder coding method. Possible values: + +@table @samp +@item 0 +FAAC-inspired method. + +This method is a simplified reimplementation of the method used in FAAC, which +sets thresholds proportional to the band energies, and then decreases all the +thresholds with quantizer steps to find the appropriate quantization with +distortion below threshold band by band. + +The quality of this method is comparable to the two loop searching method +descibed below, but somewhat a little better and slower. + +@item 1 +Average noise to mask ratio (ANMR) trellis-based solution. + +This has a theoretic best quality out of all the coding methods, but at the +cost of the slowest speed. + +@item 2 +Two loop searching (TLS) method. + +This method first sets quantizers depending on band thresholds and then tries +to find an optimal combination by adding or subtracting a specific value from +all quantizers and adjusting some individual quantizer a little. + +This method produces similar quality with the FAAC method and is the default. + +@item 3 +Constant quantizer method. + +This method sets a constant quantizer for all bands. This is the fastest of all +the methods, yet produces the worst quality. + +@end table + +@end table + +@subsection Tips and Tricks + +According to some reports +(e.g. @url{http://d.hatena.ne.jp/kamedo2/20120729/1343545890}), setting the +@option{cutoff} option to 15000 Hz greatly improves the quality of the output +quality. As a result, we encourage you to do the same. + @section ac3 and ac3_fixed AC-3 audio encoders. @@ -549,6 +638,7 @@ Set MPEG audio original flag when set to 1. The default value is 0 @end table +@anchor{libvo-aacenc} @section libvo-aacenc VisualOn AAC encoder From 9902eef0f5314b112938de6c32daaa7771daeb57 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 30 Aug 2013 03:43:49 +0200 Subject: [PATCH 145/452] avcodec/ffv1dec: check global header version Signed-off-by: Michael Niedermayer (cherry picked from commit 20b965a1a43ae88b7ae95635d5a3570e7dc2bbd4) Signed-off-by: Michael Niedermayer --- libavcodec/ffv1dec.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/ffv1dec.c b/libavcodec/ffv1dec.c index cb72203468..60bbbd0375 100644 --- a/libavcodec/ffv1dec.c +++ b/libavcodec/ffv1dec.c @@ -446,6 +446,10 @@ static int read_extra_header(FFV1Context *f) ff_build_rac_states(c, 0.05 * (1LL << 32), 256 - 8); f->version = get_symbol(c, state, 0); + if (f->version < 2) { + av_log(f->avctx, AV_LOG_ERROR, "Invalid version in global header\n"); + return AVERROR_INVALIDDATA; + } if (f->version > 2) { c->bytestream_end -= 4; f->minor_version = get_symbol(c, state, 0); From bb4126e250e0a2d8505d135cd81d8c98b48dd4fc Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 30 Aug 2013 04:51:09 +0200 Subject: [PATCH 146/452] ffv1dec: check that global parameters dont change in version 0/1 Such changes are not allowed nor supported Fixes Ticket2906 Found-by: ami_stuff Signed-off-by: Michael Niedermayer (cherry picked from commit 547d690d676064069d44703a1917e0dab7e33445) Signed-off-by: Michael Niedermayer --- libavcodec/ffv1dec.c | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/libavcodec/ffv1dec.c b/libavcodec/ffv1dec.c index 60bbbd0375..b72e3125c0 100644 --- a/libavcodec/ffv1dec.c +++ b/libavcodec/ffv1dec.c @@ -527,6 +527,7 @@ static int read_header(FFV1Context *f) memset(state, 128, sizeof(state)); if (f->version < 2) { + int chroma_planes, chroma_h_shift, chroma_v_shift, transparency; unsigned v= get_symbol(c, state, 0); if (v >= 2) { av_log(f->avctx, AV_LOG_ERROR, "invalid version %d in ver01 header\n", v); @@ -544,10 +545,26 @@ static int read_header(FFV1Context *f) if (f->version > 0) f->avctx->bits_per_raw_sample = get_symbol(c, state, 0); - f->chroma_planes = get_rac(c, state); - f->chroma_h_shift = get_symbol(c, state, 0); - f->chroma_v_shift = get_symbol(c, state, 0); - f->transparency = get_rac(c, state); + chroma_planes = get_rac(c, state); + chroma_h_shift = get_symbol(c, state, 0); + chroma_v_shift = get_symbol(c, state, 0); + transparency = get_rac(c, state); + + if (f->plane_count) { + if ( chroma_planes != f->chroma_planes + || chroma_h_shift!= f->chroma_h_shift + || chroma_v_shift!= f->chroma_v_shift + || transparency != f->transparency) { + av_log(f->avctx, AV_LOG_ERROR, "Invalid change of global parameters\n"); + return AVERROR_INVALIDDATA; + } + } + + f->chroma_planes = chroma_planes; + f->chroma_h_shift = chroma_h_shift; + f->chroma_v_shift = chroma_v_shift; + f->transparency = transparency; + f->plane_count = 2 + f->transparency; } From 91e19ab9306c347229265cab9ba21f04ee56c888 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 30 Aug 2013 06:08:32 +0200 Subject: [PATCH 147/452] ffv1dec: Check bits_per_raw_sample and colorspace for equality in ver 0/1 headers Signed-off-by: Michael Niedermayer (cherry picked from commit b05cd1ea7e45a836f7f6071a716c38bb30326e0f) Signed-off-by: Michael Niedermayer --- libavcodec/ffv1dec.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/libavcodec/ffv1dec.c b/libavcodec/ffv1dec.c index b72e3125c0..2fa22a0102 100644 --- a/libavcodec/ffv1dec.c +++ b/libavcodec/ffv1dec.c @@ -527,7 +527,7 @@ static int read_header(FFV1Context *f) memset(state, 128, sizeof(state)); if (f->version < 2) { - int chroma_planes, chroma_h_shift, chroma_v_shift, transparency; + int chroma_planes, chroma_h_shift, chroma_v_shift, transparency, colorspace, bits_per_raw_sample; unsigned v= get_symbol(c, state, 0); if (v >= 2) { av_log(f->avctx, AV_LOG_ERROR, "invalid version %d in ver01 header\n", v); @@ -540,18 +540,17 @@ static int read_header(FFV1Context *f) f->state_transition[i] = get_symbol(c, state, 1) + c->one_state[i]; } - f->colorspace = get_symbol(c, state, 0); //YUV cs type - - if (f->version > 0) - f->avctx->bits_per_raw_sample = get_symbol(c, state, 0); - + colorspace = get_symbol(c, state, 0); //YUV cs type + bits_per_raw_sample = f->version > 0 ? get_symbol(c, state, 0) : f->avctx->bits_per_raw_sample; chroma_planes = get_rac(c, state); chroma_h_shift = get_symbol(c, state, 0); chroma_v_shift = get_symbol(c, state, 0); transparency = get_rac(c, state); if (f->plane_count) { - if ( chroma_planes != f->chroma_planes + if ( colorspace != f->colorspace + || bits_per_raw_sample != f->avctx->bits_per_raw_sample + || chroma_planes != f->chroma_planes || chroma_h_shift!= f->chroma_h_shift || chroma_v_shift!= f->chroma_v_shift || transparency != f->transparency) { @@ -560,6 +559,8 @@ static int read_header(FFV1Context *f) } } + f->colorspace = colorspace; + f->avctx->bits_per_raw_sample = bits_per_raw_sample; f->chroma_planes = chroma_planes; f->chroma_h_shift = chroma_h_shift; f->chroma_v_shift = chroma_v_shift; From a0d13f578b8572a383106b07527fb437f70f3b50 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 30 Aug 2013 23:40:47 +0200 Subject: [PATCH 148/452] avcodec/dsputil: fix signedness in sizeof() comparissions Signed-off-by: Michael Niedermayer (cherry picked from commit 454a11a1c9c686c78aa97954306fb63453299760) Signed-off-by: Michael Niedermayer --- libavcodec/dsputil.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/dsputil.c b/libavcodec/dsputil.c index 12cfb1b216..02fd5b3ba1 100644 --- a/libavcodec/dsputil.c +++ b/libavcodec/dsputil.c @@ -1897,7 +1897,7 @@ void ff_set_cmp(DSPContext* c, me_cmp_func *cmp, int type){ static void add_bytes_c(uint8_t *dst, uint8_t *src, int w){ long i; - for(i=0; i<=w-sizeof(long); i+=sizeof(long)){ + for(i=0; i<=w-(int)sizeof(long); i+=sizeof(long)){ long a = *(long*)(src+i); long b = *(long*)(dst+i); *(long*)(dst+i) = ((a&pb_7f) + (b&pb_7f)) ^ ((a^b)&pb_80); @@ -1922,7 +1922,7 @@ static void diff_bytes_c(uint8_t *dst, const uint8_t *src1, const uint8_t *src2, } }else #endif - for(i=0; i<=w-sizeof(long); i+=sizeof(long)){ + for(i=0; i<=w-(int)sizeof(long); i+=sizeof(long)){ long a = *(long*)(src1+i); long b = *(long*)(src2+i); *(long*)(dst+i) = ((a|pb_80) - (b&pb_7f)) ^ ((a^b^pb_80)&pb_80); From 0f3cdddf3886ebd5abc8efad72bc193189c815bf Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 2 Sep 2013 04:32:23 +0200 Subject: [PATCH 149/452] avfilter/vf_fps: make sure the fifo is not empty before using it Fixes Ticket2905 Signed-off-by: Michael Niedermayer (cherry picked from commit cdd5df8189ff1537f7abe8defe971f80602cc2d2) Signed-off-by: Michael Niedermayer --- libavfilter/vf_fps.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavfilter/vf_fps.c b/libavfilter/vf_fps.c index 29eedc7cf5..d55b5dcff3 100644 --- a/libavfilter/vf_fps.c +++ b/libavfilter/vf_fps.c @@ -203,7 +203,7 @@ static int filter_frame(AVFilterLink *inlink, AVFilterBufferRef *buf) } /* now wait for the next timestamp */ - if (buf->pts == AV_NOPTS_VALUE) { + if (buf->pts == AV_NOPTS_VALUE || av_fifo_size(s->fifo) <= 0) { return write_to_fifo(s->fifo, buf); } From c17fd9f9ce2eb2e4bd11045faa4d6ae8b1fe8e1c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 5 Sep 2013 00:36:44 +0200 Subject: [PATCH 150/452] avcodec/mjpegdec: Add some sanity checks to ljpeg_decode_rgb_scan() These prevent the rgb ljpeg code from being run on parameters that it doesnt support. No testcase available but it seems possible to trigger these. Signed-off-by: Michael Niedermayer (cherry picked from commit 61c68000eda643dfce96dc46b488d39fd5c4e309) Signed-off-by: Michael Niedermayer --- libavcodec/mjpegdec.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index f1e9b6809b..d399efe6f5 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -774,6 +774,12 @@ static int ljpeg_decode_rgb_scan(MJpegDecodeContext *s, int nb_components, int p int resync_mb_y = 0; int resync_mb_x = 0; + if (s->nb_components != 3 && s->nb_components != 4) + return AVERROR_INVALIDDATA; + if (s->v_max != 1 || s->h_max != 1 || !s->lossless) + return AVERROR_INVALIDDATA; + + s->restart_count = s->restart_interval; av_fast_malloc(&s->ljpeg_buffer, &s->ljpeg_buffer_size, From c3ee5b4c36411532fc8a26ef533ec89628b29cb5 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 8 Sep 2013 20:27:54 +0200 Subject: [PATCH 151/452] avcodec/truemotion2: Fix av_freep arguments Fixes null pointer dereference Fixes Ticket2944 Signed-off-by: Michael Niedermayer (cherry picked from commit c54aa2fb0f869ec025933944cbd1634fffe95d09) Conflicts: libavcodec/truemotion2.c Signed-off-by: Michael Niedermayer --- libavcodec/truemotion2.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/libavcodec/truemotion2.c b/libavcodec/truemotion2.c index eacd728ca4..18b38f838c 100644 --- a/libavcodec/truemotion2.c +++ b/libavcodec/truemotion2.c @@ -948,14 +948,14 @@ static av_cold int decode_init(AVCodecContext *avctx) if (!l->Y1_base || !l->Y2_base || !l->U1_base || !l->V1_base || !l->U2_base || !l->V2_base || !l->last || !l->clast) { - av_freep(l->Y1_base); - av_freep(l->Y2_base); - av_freep(l->U1_base); - av_freep(l->U2_base); - av_freep(l->V1_base); - av_freep(l->V2_base); - av_freep(l->last); - av_freep(l->clast); + av_freep(&l->Y1_base); + av_freep(&l->Y2_base); + av_freep(&l->U1_base); + av_freep(&l->U2_base); + av_freep(&l->V1_base); + av_freep(&l->V2_base); + av_freep(&l->last); + av_freep(&l->clast); return AVERROR(ENOMEM); } l->Y1 = l->Y1_base + l->y_stride * 4 + 4; From f32051cd733dde7ab95079e6e05a1c44a4d797eb Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 9 Sep 2013 17:58:18 +0200 Subject: [PATCH 152/452] avcodec/ffv1enc: update buffer check for 16bps Signed-off-by: Michael Niedermayer (cherry picked from commit 3728603f1854b5c79d1a64dd3b41b80640ef1e7f) Signed-off-by: Michael Niedermayer --- libavcodec/ffv1enc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/ffv1enc.c b/libavcodec/ffv1enc.c index 70fcd65852..1862636c73 100644 --- a/libavcodec/ffv1enc.c +++ b/libavcodec/ffv1enc.c @@ -274,7 +274,7 @@ static av_always_inline int encode_line(FFV1Context *s, int w, int run_mode = 0; if (s->ac) { - if (c->bytestream_end - c->bytestream < w * 20) { + if (c->bytestream_end - c->bytestream < w * 35) { av_log(s->avctx, AV_LOG_ERROR, "encoded frame too large\n"); return AVERROR_INVALIDDATA; } From 95e26d33d76d00b3684485e623cb10644820870f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 26 Sep 2013 21:03:48 +0200 Subject: [PATCH 153/452] avcodec/parser: reset indexes on realloc failure Fixes Ticket2982 Signed-off-by: Michael Niedermayer (cherry picked from commit f31011e9abfb2ae75bb32bc44e2c34194c8dc40a) Signed-off-by: Michael Niedermayer --- libavcodec/parser.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/libavcodec/parser.c b/libavcodec/parser.c index f7cb5cfa67..c30b43e0e5 100644 --- a/libavcodec/parser.c +++ b/libavcodec/parser.c @@ -235,8 +235,10 @@ int ff_combine_frame(ParseContext *pc, int next, const uint8_t **buf, int *buf_s if(next == END_NOT_FOUND){ void* new_buffer = av_fast_realloc(pc->buffer, &pc->buffer_size, (*buf_size) + pc->index + FF_INPUT_BUFFER_PADDING_SIZE); - if(!new_buffer) + if(!new_buffer) { + pc->index = 0; return AVERROR(ENOMEM); + } pc->buffer = new_buffer; memcpy(&pc->buffer[pc->index], *buf, *buf_size); pc->index += *buf_size; @@ -249,9 +251,11 @@ int ff_combine_frame(ParseContext *pc, int next, const uint8_t **buf, int *buf_s /* append to buffer */ if(pc->index){ void* new_buffer = av_fast_realloc(pc->buffer, &pc->buffer_size, next + pc->index + FF_INPUT_BUFFER_PADDING_SIZE); - - if(!new_buffer) + if(!new_buffer) { + pc->overread_index = + pc->index = 0; return AVERROR(ENOMEM); + } pc->buffer = new_buffer; if (next > -FF_INPUT_BUFFER_PADDING_SIZE) memcpy(&pc->buffer[pc->index], *buf, From 14e258d847f7ff3e9713abae5c1554f39e6bc341 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 3 Oct 2013 01:28:06 +0200 Subject: [PATCH 154/452] update for 1.2.4 Signed-off-by: Michael Niedermayer --- RELEASE | 2 +- VERSION | 2 +- doc/Doxyfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/RELEASE b/RELEASE index 0495c4a88c..e8ea05db81 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -1.2.3 +1.2.4 diff --git a/VERSION b/VERSION index 0495c4a88c..e8ea05db81 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.2.3 +1.2.4 diff --git a/doc/Doxyfile b/doc/Doxyfile index f101e13b76..6740e77a3f 100644 --- a/doc/Doxyfile +++ b/doc/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 1.2.3 +PROJECT_NUMBER = 1.2.4 # With the PROJECT_LOGO tag one can specify an logo or icon that is included # in the documentation. The maximum height of the logo should not exceed 55 From 6559bb893f5f180e70f9b50064f63086aed70793 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 4 Oct 2013 17:39:19 +0200 Subject: [PATCH 155/452] avformat/mov: force parsing of headers if stts is absent Fixes Ticket2991 Signed-off-by: Michael Niedermayer (cherry picked from commit e41ea866fc26f38d770bbc1ad67703e7f4400ae1) --- libavformat/mov.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/mov.c b/libavformat/mov.c index 82972777a7..fa7d645969 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -1679,6 +1679,8 @@ static int mov_read_stss(MOVContext *c, AVIOContext *pb, MOVAtom atom) if (!entries) { sc->keyframe_absent = 1; + if (!st->need_parsing) + st->need_parsing = AVSTREAM_PARSE_HEADERS; return 0; } if (entries >= UINT_MAX / sizeof(int)) From eff0bf7defdf36574ad6670643ee032099ec5b71 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 6 Oct 2013 00:07:28 +0200 Subject: [PATCH 156/452] avformat/matroskadec: only set r_frame_rate if the value is within reasonable limits Fixes Ticket2451 Signed-off-by: Michael Niedermayer (cherry picked from commit 6853e40106cac769f0641183ea0bdd530ae9a0a1) --- libavformat/matroskadec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index aea5fe44d8..f97e239a73 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -1781,7 +1781,8 @@ static int matroska_read_header(AVFormatContext *s) av_reduce(&st->avg_frame_rate.num, &st->avg_frame_rate.den, 1000000000, track->default_duration, 30000); #if FF_API_R_FRAME_RATE - st->r_frame_rate = st->avg_frame_rate; + if (st->avg_frame_rate.num < st->avg_frame_rate.den * 1000L) + st->r_frame_rate = st->avg_frame_rate; #endif } From 970109deaf470dae691a90c7e0d65a652a1a2da4 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 9 Oct 2013 21:43:06 +0200 Subject: [PATCH 157/452] avformat/wavdec: Dont trust the fact chunk for PCM Fixes Ticket3033 Signed-off-by: Michael Niedermayer (cherry picked from commit 83fc6c822b06688e572333299927d93eb3c6c426) Conflicts: libavformat/wavdec.c --- libavformat/wavdec.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/libavformat/wavdec.c b/libavformat/wavdec.c index 87d369912b..2c6b15eeb0 100644 --- a/libavformat/wavdec.c +++ b/libavformat/wavdec.c @@ -368,8 +368,15 @@ break_loop: avio_seek(pb, data_ofs, SEEK_SET); - if (!sample_count && st->codec->channels && av_get_bits_per_sample(st->codec->codec_id) && wav->data_end <= avio_size(pb)) - sample_count = (data_size<<3) / (st->codec->channels * (uint64_t)av_get_bits_per_sample(st->codec->codec_id)); + if (!sample_count || av_get_exact_bits_per_sample(st->codec->codec_id) > 0) + if ( st->codec->channels + && data_size + && av_get_bits_per_sample(st->codec->codec_id) + && wav->data_end <= avio_size(pb)) + sample_count = (data_size << 3) + / + (st->codec->channels * (uint64_t)av_get_bits_per_sample(st->codec->codec_id)); + if (sample_count) st->duration = sample_count; From 311e58e478c1a28a199b73f04a17d1f1ecc44403 Mon Sep 17 00:00:00 2001 From: mrlika Date: Mon, 2 Sep 2013 15:10:22 +0300 Subject: [PATCH 158/452] lavd/v4l2: do not fail when VIDIOC_ENUMSTD returns EINVAL without a valid match With some (buggy) drivers, the VIDIOC_G_STD ioctl returns a std_id that cannot be matched with any of the enumerated v4l2_standard structures (for example std_id = 0 or std_id = 0xffffff). Do not fail when we reach the end of the enumeration without a valid match. Fixes ticket #2370 Note: This commit message has been modified by Giorgio Vazzana, the original commit message was: "Fixed regression for mandatory VIDIOC_ENUMSTD support by v4l2" Signed-off-by: Michael Niedermayer (cherry picked from commit ed72542539fb61dc3a6d6280d8a6a956ac04a071) --- libavdevice/v4l2.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavdevice/v4l2.c b/libavdevice/v4l2.c index 049f0bd93c..e3f52c45d1 100644 --- a/libavdevice/v4l2.c +++ b/libavdevice/v4l2.c @@ -757,6 +757,10 @@ static int v4l2_set_parameters(AVFormatContext *s1) standard.index = i; if (v4l2_ioctl(s->fd, VIDIOC_ENUMSTD, &standard) < 0) { ret = AVERROR(errno); + if (ret == AVERROR(EINVAL)) { + tpf = &streamparm.parm.capture.timeperframe; + break; + } av_log(s1, AV_LOG_ERROR, "ioctl(VIDIOC_ENUMSTD): %s\n", av_err2str(ret)); return ret; } From 1fe734f4d342bfee1673c9fc1f1d136632ac8543 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 9 Oct 2013 23:52:54 +0200 Subject: [PATCH 159/452] avcodec/h264_refs: modify key frame detection heuristic to detect more cases Fixes Ticket2968 Signed-off-by: Michael Niedermayer (cherry picked from commit 5ac6b6028f17b64723884c9fa72cfcbd369a1ba2) --- libavcodec/h264_refs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h264_refs.c b/libavcodec/h264_refs.c index d87106e7cb..62a937df3a 100644 --- a/libavcodec/h264_refs.c +++ b/libavcodec/h264_refs.c @@ -680,7 +680,7 @@ int ff_h264_execute_ref_pic_marking(H264Context *h, MMCO *mmco, int mmco_count){ print_short_term(h); print_long_term(h); - if(err >= 0 && h->long_ref_count==0 && h->short_ref_count<=2 && h->pps.ref_count[0]<=1 + (h->picture_structure != PICT_FRAME) && h->cur_pic_ptr->f.pict_type == AV_PICTURE_TYPE_I){ + if(err >= 0 && h->long_ref_count==0 && h->short_ref_count<=2 && h->pps.ref_count[0]<=2 + (h->picture_structure != PICT_FRAME) && h->cur_pic_ptr->f.pict_type == AV_PICTURE_TYPE_I){ h->cur_pic_ptr->sync |= 1; if(!h->avctx->has_b_frames) h->sync = 2; From a8b6721bedce381c855728e98f409ef5dabef304 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 24 Oct 2013 23:11:41 +0200 Subject: [PATCH 160/452] avcodec/h264: do not trust last_pic_droppable when marking pictures as done This simplifies the code and fixes a deadlock Fixes Ticket2927 Signed-off-by: Michael Niedermayer (cherry picked from commit 29ffeef5e73b8f41ff3a3f2242d356759c66f91f) Conflicts: libavcodec/h264.c --- libavcodec/h264.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index acc42eeb95..4f5ca99e9a 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -3364,7 +3364,7 @@ static int decode_slice_header(H264Context *h, H264Context *h0) assert(h0->cur_pic_ptr->f.reference != DELAYED_PIC_REF); /* Mark old field/frame as completed */ - if (!last_pic_droppable && h0->cur_pic_ptr->owner2 == h0) { + if (h0->cur_pic_ptr->owner2 == h0) { ff_thread_report_progress(&h0->cur_pic_ptr->f, INT_MAX, last_pic_structure == PICT_BOTTOM_FIELD); } @@ -3373,7 +3373,7 @@ static int decode_slice_header(H264Context *h, H264Context *h0) if (!FIELD_PICTURE || h->picture_structure == last_pic_structure) { /* Previous field is unmatched. Don't display it, but let it * remain for reference if marked as such. */ - if (!last_pic_droppable && last_pic_structure != PICT_FRAME) { + if (last_pic_structure != PICT_FRAME) { ff_thread_report_progress(&h0->cur_pic_ptr->f, INT_MAX, last_pic_structure == PICT_TOP_FIELD); } @@ -3383,7 +3383,7 @@ static int decode_slice_header(H264Context *h, H264Context *h0) * different frame_nums. Consider this field first in * pair. Throw away previous field except for reference * purposes. */ - if (!last_pic_droppable && last_pic_structure != PICT_FRAME) { + if (last_pic_structure != PICT_FRAME) { ff_thread_report_progress(&h0->cur_pic_ptr->f, INT_MAX, last_pic_structure == PICT_TOP_FIELD); } From 833dce3818e3e82296e8af6a0e0888296fc3572d Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 25 Oct 2013 19:35:55 +0200 Subject: [PATCH 161/452] avformat/mp3dec: perform seek resync in the correct direction Fixes seeking to the last frame in CBR files Fixes Ticket2773 Signed-off-by: Michael Niedermayer (cherry picked from commit ba8716df7fb541fb690d1a898cda0e12f9011faf) --- libavformat/mp3dec.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavformat/mp3dec.c b/libavformat/mp3dec.c index 858e93c3c7..f2c7bc63db 100644 --- a/libavformat/mp3dec.c +++ b/libavformat/mp3dec.c @@ -283,6 +283,7 @@ static int mp3_seek(AVFormatContext *s, int stream_index, int64_t timestamp, AVStream *st = s->streams[0]; int64_t ret = av_index_search_timestamp(st, timestamp, flags); int i, j; + int dir = (flags&AVSEEK_FLAG_BACKWARD) ? -1 : 1; if (mp3->is_cbr && st->duration > 0 && mp3->header_filesize > s->data_offset) { int64_t filesize = avio_size(s->pb); @@ -312,7 +313,7 @@ static int mp3_seek(AVFormatContext *s, int stream_index, int64_t timestamp, #define MIN_VALID 3 for(i=0; i<4096; i++) { - int64_t pos = ie->pos + i; + int64_t pos = ie->pos + i*dir; for(j=0; jpb, ie->pos + i, SEEK_SET); + ret = avio_seek(s->pb, ie->pos + i*dir, SEEK_SET); if (ret < 0) return ret; ff_update_cur_dts(s, st, ie->timestamp); From 9195ef6f65cbd4d12e7bc3e7d8915595b8b0812b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 25 Oct 2013 20:03:29 +0200 Subject: [PATCH 162/452] avcodec/h264: reduce noisiness of "mmco: unref short failure" Do not consider it an error if we have no frames and should discard one. This condition can easily happen when decoding is started from an I frame Fixes Ticket2811 Signed-off-by: Michael Niedermayer (cherry picked from commit 08a89761964bdd0a023eff6d37a1131fb7e1d7a0) Conflicts: libavcodec/h264_refs.c --- libavcodec/h264_refs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h264_refs.c b/libavcodec/h264_refs.c index 62a937df3a..01f79f6a33 100644 --- a/libavcodec/h264_refs.c +++ b/libavcodec/h264_refs.c @@ -543,7 +543,7 @@ int ff_h264_execute_ref_pic_marking(H264Context *h, MMCO *mmco, int mmco_count){ if(!pic){ if(mmco[i].opcode != MMCO_SHORT2LONG || !h->long_ref[mmco[i].long_arg] || h->long_ref[mmco[i].long_arg]->frame_num != frame_num) { - av_log(h->avctx, AV_LOG_ERROR, "mmco: unref short failure\n"); + av_log(h->avctx, h->short_ref_count ? AV_LOG_ERROR : AV_LOG_DEBUG, "mmco: unref short failure\n"); err = AVERROR_INVALIDDATA; } continue; From 720e2d4143b52aed731b8d8cd1350bf57d9bfcf3 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 26 Oct 2013 01:22:38 +0200 Subject: [PATCH 163/452] h264: make flush_change() set mmco_reset This ensures that frames do not get mixed on context reinits Fixes Ticket2836 Signed-off-by: Michael Niedermayer (cherry picked from commit 3c9dd93faa9f3c250428dd0548c075583aa07cc3) --- libavcodec/h264.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 4f5ca99e9a..f7de642e2d 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -2584,6 +2584,7 @@ static void flush_change(H264Context *h) h->sync= 0; h->list_count = 0; h->current_slice = 0; + h->mmco_reset = 1; } /* forget old pics after a seek */ From 93d720b040bf62afac6e63277eedb58b949d1209 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 27 Oct 2013 01:03:19 +0200 Subject: [PATCH 164/452] avformat/utils: do not override pts in h264 when they are provided from the demuxer Fixes Ticket2143 Signed-off-by: Michael Niedermayer (cherry picked from commit 1e5271a9fd6ddcceb083f2185a4bbd8d44c9a813) --- libavformat/utils.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index 4e6e21586d..a0bb89d8d6 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -1165,12 +1165,14 @@ static void compute_pkt_fields(AVFormatContext *s, AVStream *st, if (pkt->dts != AV_NOPTS_VALUE) { // got DTS from the stream, update reference timestamp st->reference_dts = pkt->dts - pc->dts_ref_dts_delta * num / den; - pkt->pts = pkt->dts + pc->pts_dts_delta * num / den; } else if (st->reference_dts != AV_NOPTS_VALUE) { // compute DTS based on reference timestamp pkt->dts = st->reference_dts + pc->dts_ref_dts_delta * num / den; - pkt->pts = pkt->dts + pc->pts_dts_delta * num / den; } + + if (st->reference_dts != AV_NOPTS_VALUE && pkt->pts == AV_NOPTS_VALUE) + pkt->pts = pkt->dts + pc->pts_dts_delta * num / den; + if (pc->dts_sync_point > 0) st->reference_dts = pkt->dts; // new reference } From fd8af75109913d09fb6673f4aa189b4bf49bede9 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 30 Oct 2013 23:56:52 +0100 Subject: [PATCH 165/452] avcodec/bink: fix seeking to frame 0 Fixes Ticket3088 Signed-off-by: Michael Niedermayer (cherry picked from commit cb52d6da0a9c88c584a38a9a7a94825565854b7e) Conflicts: libavcodec/bink.c --- libavcodec/bink.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/libavcodec/bink.c b/libavcodec/bink.c index 5d000a86b4..fcaa863cfe 100644 --- a/libavcodec/bink.c +++ b/libavcodec/bink.c @@ -117,6 +117,7 @@ typedef struct BinkContext { int version; ///< internal Bink file version int has_alpha; int swap_planes; + unsigned frame_num; Bundle bundle[BINKB_NB_SRC]; ///< bundles for decoding all data types Tree col_high[16]; ///< trees for decoding high nibble in "colours" data type @@ -1207,6 +1208,8 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame, AVPac if (c->version >= 'i') skip_bits_long(&gb, 32); + c->frame_num++; + for (plane = 0; plane < 3; plane++) { plane_idx = (!plane || !c->swap_planes) ? plane : (plane ^ 3); @@ -1215,7 +1218,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame, AVPac return ret; } else { if ((ret = binkb_decode_plane(c, &gb, plane_idx, - !avctx->frame_number, !!plane)) < 0) + c->frame_num == 1, !!plane)) < 0) return ret; } if (get_bits_count(&gb) >= bits_count) @@ -1339,6 +1342,13 @@ static av_cold int decode_end(AVCodecContext *avctx) return 0; } +static void flush(AVCodecContext *avctx) +{ + BinkContext * const c = avctx->priv_data; + + c->frame_num = 0; +} + AVCodec ff_bink_decoder = { .name = "binkvideo", .type = AVMEDIA_TYPE_VIDEO, @@ -1348,5 +1358,6 @@ AVCodec ff_bink_decoder = { .close = decode_end, .decode = decode_frame, .long_name = NULL_IF_CONFIG_SMALL("Bink video"), + .flush = flush, .capabilities = CODEC_CAP_DR1, }; From 25c67b21653422bbdc9a3689332ad30031289c33 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 18 Nov 2013 03:02:36 +0100 Subject: [PATCH 166/452] avformat/utils: dont count attached pics toward the probesize Such pics behave more like headers which we also dont count. Fixes Ticket3146 Signed-off-by: Michael Niedermayer (cherry picked from commit a8dec360c5db15e8da4b44ff3c0f02a6c57e8ac0) --- libavformat/utils.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index a0bb89d8d6..d32f584197 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -2845,9 +2845,10 @@ int avformat_find_stream_info(AVFormatContext *ic, AVDictionary **options) goto find_stream_info_err; } - read_size += pkt->size; - st = ic->streams[pkt->stream_index]; + if (!(st->disposition & AV_DISPOSITION_ATTACHED_PIC)) + read_size += pkt->size; + if (pkt->dts != AV_NOPTS_VALUE && st->codec_info_nb_frames > 1) { /* check for non-increasing dts */ if (st->info->fps_last_dts != AV_NOPTS_VALUE && From d04e78805aa41b43d371ce9cd9b4fd2bf3af2989 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20B=C5=93sch?= Date: Fri, 8 Nov 2013 23:55:06 +0100 Subject: [PATCH 167/452] build: avoid stdin stall with GNU AS probing. a758c5e added probing for various tools, such as AS. Unfortunately, GNU AS is reading stdin with -v, and thus configure is stalled with configure arguments such as --as=as. Fixes Ticket #1898. (cherry picked from commit dbb41f93c16cbc65a899a75723c95da51c851cd5) --- configure | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/configure b/configure index 58469a901a..db768ce4e5 100755 --- a/configure +++ b/configure @@ -2636,7 +2636,9 @@ probe_cc(){ unset _depflags _DEPCMD _DEPFLAGS _flags_filter=echo - if $_cc -v 2>&1 | grep -q '^gcc.*LLVM'; then + if $_cc --version 2>&1 | grep -q '^GNU assembler'; then + true # no-op to avoid reading stdin in following checks + elif $_cc -v 2>&1 | grep -q '^gcc.*LLVM'; then _type=llvm_gcc gcc_extra_ver=$(expr "$($_cc --version | head -n1)" : '.*\((.*)\)') _ident="llvm-gcc $($_cc -dumpversion) $gcc_extra_ver" From 14f31df2ccf37466ee23d88e7525136be3f42222 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 2 Apr 2013 18:08:12 +0200 Subject: [PATCH 168/452] ffmpeg: Fix forcing of the framerate for stream copy on input Fixes Ticket2211 Signed-off-by: Michael Niedermayer (cherry picked from commit 356363c89830585b0a1476ccc16d79158260617c) --- ffmpeg.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/ffmpeg.c b/ffmpeg.c index b272b55f8f..0a79e0b837 100644 --- a/ffmpeg.c +++ b/ffmpeg.c @@ -1910,7 +1910,10 @@ static int output_packet(InputStream *ist, const AVPacket *pkt) ist->st->codec->sample_rate; break; case AVMEDIA_TYPE_VIDEO: - if (pkt->duration) { + if (ist->framerate.num) { + int64_t next_dts = av_rescale_q(ist->next_dts, AV_TIME_BASE_Q, av_inv_q(ist->framerate)); + ist->next_dts = av_rescale_q(next_dts + 1, av_inv_q(ist->framerate), AV_TIME_BASE_Q); + } else if (pkt->duration) { ist->next_dts += av_rescale_q(pkt->duration, ist->st->time_base, AV_TIME_BASE_Q); } else if(ist->st->codec->time_base.num != 0) { int ticks= ist->st->parser ? ist->st->parser->repeat_pict + 1 : ist->st->codec->ticks_per_frame; @@ -2213,6 +2216,8 @@ static int transcode_init(void) codec->time_base = icodec->time_base; } + if (ist && !ost->frame_rate.num) + ost->frame_rate = ist->framerate; if(ost->frame_rate.num) codec->time_base = av_inv_q(ost->frame_rate); From 86d4d4b011f280f9d15083fad19e15aa7c4112ff Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 5 Dec 2013 01:41:10 +0100 Subject: [PATCH 169/452] avcodec/cabac: force get_cabac to be not inlined works around bug in gccs inline asm register assignment Fixes Ticket3177 gcc from 4.4 to 4.6 is affected at least, no non affected gccs known clang seems not affected Signed-off-by: Michael Niedermayer (cherry picked from commit 0538b29ae8002c44f27bae8a1a6fc6e646998be5) --- libavcodec/cabac.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/cabac.c b/libavcodec/cabac.c index 385721fe1d..d8f34c8602 100644 --- a/libavcodec/cabac.c +++ b/libavcodec/cabac.c @@ -305,7 +305,7 @@ STOP_TIMER("get_cabac_bypass") for(i=0; i Date: Sun, 15 Dec 2013 14:10:02 +0100 Subject: [PATCH 170/452] swscale/utils: remove useless () Signed-off-by: Michael Niedermayer (cherry picked from commit 554e913fd7acc9da02ddac2c5ce9487f7f633c92) --- libswscale/utils.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libswscale/utils.c b/libswscale/utils.c index 932cf9424c..1c154645f6 100644 --- a/libswscale/utils.c +++ b/libswscale/utils.c @@ -1107,8 +1107,8 @@ av_cold int sws_init_context(SwsContext *c, SwsFilter *srcFilter, dst_stride <<= 1; if (INLINE_MMXEXT(cpu_flags) && c->srcBpc == 8 && c->dstBpc <= 14) { - c->canMMXEXTBeUsed = (dstW >= srcW && (dstW & 31) == 0 && - (srcW & 15) == 0) ? 1 : 0; + c->canMMXEXTBeUsed = dstW >= srcW && (dstW & 31) == 0 && + (srcW & 15) == 0; if (!c->canMMXEXTBeUsed && dstW >= srcW && (srcW & 15) == 0 && (flags & SWS_FAST_BILINEAR)) { From af7cbdf470e4fe9ce5da744b41196dcf15dc4e23 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 15 Dec 2013 14:13:55 +0100 Subject: [PATCH 171/452] swscale/utils: check chroma width for fast bilinear scaler Fixes artifacts where fast bilinear was used for downscaling chroma Signed-off-by: Michael Niedermayer (cherry picked from commit 037fc3b054b10aee0f11fdbe835e5dffa8e95b37) --- libswscale/utils.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libswscale/utils.c b/libswscale/utils.c index 1c154645f6..69ae7d8659 100644 --- a/libswscale/utils.c +++ b/libswscale/utils.c @@ -1108,8 +1108,9 @@ av_cold int sws_init_context(SwsContext *c, SwsFilter *srcFilter, if (INLINE_MMXEXT(cpu_flags) && c->srcBpc == 8 && c->dstBpc <= 14) { c->canMMXEXTBeUsed = dstW >= srcW && (dstW & 31) == 0 && + c->chrDstW >= c->chrSrcW && (srcW & 15) == 0; - if (!c->canMMXEXTBeUsed && dstW >= srcW && (srcW & 15) == 0 + if (!c->canMMXEXTBeUsed && dstW >= srcW && c->chrDstW >= c->chrSrcW && (srcW & 15) == 0 && (flags & SWS_FAST_BILINEAR)) { if (flags & SWS_PRINT_INFO) From 3e65caf5bc3e39b290573d55cd83675c22077a61 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Storsj=C3=B6?= Date: Fri, 20 Dec 2013 15:02:35 +0200 Subject: [PATCH 172/452] arm: Don't clobber callee saved registers in scalarproduct MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit q4-q7/d8-d15 are supposed to not be clobbered by the callee. CC: libav-stable@libav.org Signed-off-by: Martin Storsjö (cherry picked from commit d307e408d4a9ada22df443cc38be77cc5e492694) --- libavcodec/arm/int_neon.S | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/libavcodec/arm/int_neon.S b/libavcodec/arm/int_neon.S index 6b28a97af8..29fdfe0f37 100644 --- a/libavcodec/arm/int_neon.S +++ b/libavcodec/arm/int_neon.S @@ -41,10 +41,10 @@ function ff_scalarproduct_int16_neon, export=1 vpadd.s32 d16, d0, d1 vpadd.s32 d17, d2, d3 - vpadd.s32 d10, d4, d5 - vpadd.s32 d11, d6, d7 + vpadd.s32 d18, d4, d5 + vpadd.s32 d19, d6, d7 vpadd.s32 d0, d16, d17 - vpadd.s32 d1, d10, d11 + vpadd.s32 d1, d18, d19 vpadd.s32 d2, d0, d1 vpaddl.s32 d3, d2 vmov.32 r0, d3[0] @@ -81,10 +81,10 @@ function ff_scalarproduct_and_madd_int16_neon, export=1 vpadd.s32 d16, d0, d1 vpadd.s32 d17, d2, d3 - vpadd.s32 d10, d4, d5 - vpadd.s32 d11, d6, d7 + vpadd.s32 d18, d4, d5 + vpadd.s32 d19, d6, d7 vpadd.s32 d0, d16, d17 - vpadd.s32 d1, d10, d11 + vpadd.s32 d1, d18, d19 vpadd.s32 d2, d0, d1 vpaddl.s32 d3, d2 vmov.32 r0, d3[0] From 7ba102d00814a7654d09c9bdcac6db86c43812ca Mon Sep 17 00:00:00 2001 From: Peter Ross Date: Mon, 23 Dec 2013 20:37:00 +1100 Subject: [PATCH 173/452] riffenc: add option to ff_put_bmp_header to ignore extradata Signed-off-by: Michael Niedermayer (cherry picked from commit fcbb94712d9873a37cdc8b526e368154b5982186) Conflicts: libavformat/riffenc.c --- libavformat/asfenc.c | 2 +- libavformat/avienc.c | 2 +- libavformat/matroskaenc.c | 2 +- libavformat/riff.c | 6 ++++-- libavformat/riff.h | 2 +- 5 files changed, 8 insertions(+), 6 deletions(-) diff --git a/libavformat/asfenc.c b/libavformat/asfenc.c index f3aec9c845..0a4240130f 100644 --- a/libavformat/asfenc.c +++ b/libavformat/asfenc.c @@ -457,7 +457,7 @@ static int asf_write_header1(AVFormatContext *s, int64_t file_size, avio_wl16(pb, 40 + enc->extradata_size); /* size */ /* BITMAPINFOHEADER header */ - ff_put_bmp_header(pb, enc, ff_codec_bmp_tags, 1); + ff_put_bmp_header(pb, enc, ff_codec_bmp_tags, 1, 0); } end_header(pb, hpos); } diff --git a/libavformat/avienc.c b/libavformat/avienc.c index 918992f5a9..98fab80ce0 100644 --- a/libavformat/avienc.c +++ b/libavformat/avienc.c @@ -291,7 +291,7 @@ static int avi_write_header(AVFormatContext *s) // are not (yet) supported. if (stream->codec_id != AV_CODEC_ID_XSUB) break; case AVMEDIA_TYPE_VIDEO: - ff_put_bmp_header(pb, stream, ff_codec_bmp_tags, 0); + ff_put_bmp_header(pb, stream, ff_codec_bmp_tags, 0, 0); break; case AVMEDIA_TYPE_AUDIO: if ((ret = ff_put_wav_header(pb, stream)) < 0) { diff --git a/libavformat/matroskaenc.c b/libavformat/matroskaenc.c index c506835dfb..6a783e1011 100644 --- a/libavformat/matroskaenc.c +++ b/libavformat/matroskaenc.c @@ -512,7 +512,7 @@ static int mkv_write_codecprivate(AVFormatContext *s, AVIOContext *pb, AVCodecCo ret = AVERROR(EINVAL); } - ff_put_bmp_header(dyn_cp, codec, ff_codec_bmp_tags, 0); + ff_put_bmp_header(dyn_cp, codec, ff_codec_bmp_tags, 0, 0); } } else if (codec->codec_type == AVMEDIA_TYPE_AUDIO) { diff --git a/libavformat/riff.c b/libavformat/riff.c index ac1a4ff368..bb4d06706f 100644 --- a/libavformat/riff.c +++ b/libavformat/riff.c @@ -569,9 +569,9 @@ int ff_put_wav_header(AVIOContext *pb, AVCodecContext *enc) } /* BITMAPINFOHEADER header */ -void ff_put_bmp_header(AVIOContext *pb, AVCodecContext *enc, const AVCodecTag *tags, int for_asf) +void ff_put_bmp_header(AVIOContext *pb, AVCodecContext *enc, const AVCodecTag *tags, int for_asf, int ignore_extradata) { - avio_wl32(pb, 40 + enc->extradata_size); /* size */ + avio_wl32(pb, 40 + (ignore_extradata ? 0 : enc->extradata_size)); /* size */ avio_wl32(pb, enc->width); //We always store RGB TopDown avio_wl32(pb, enc->codec_tag ? enc->height : -enc->height); @@ -586,10 +586,12 @@ void ff_put_bmp_header(AVIOContext *pb, AVCodecContext *enc, const AVCodecTag *t avio_wl32(pb, 0); avio_wl32(pb, 0); + if (!ignore_extradata) { avio_write(pb, enc->extradata, enc->extradata_size); if (!for_asf && enc->extradata_size & 1) avio_w8(pb, 0); + } } void ff_parse_specific_params(AVCodecContext *stream, int *au_rate, int *au_ssize, int *au_scale) diff --git a/libavformat/riff.h b/libavformat/riff.h index 70b2f76171..d3815143fe 100644 --- a/libavformat/riff.h +++ b/libavformat/riff.h @@ -46,7 +46,7 @@ void ff_end_tag(AVIOContext *pb, int64_t start); */ int ff_get_bmp_header(AVIOContext *pb, AVStream *st, unsigned *esize); -void ff_put_bmp_header(AVIOContext *pb, AVCodecContext *enc, const AVCodecTag *tags, int for_asf); +void ff_put_bmp_header(AVIOContext *pb, AVCodecContext *enc, const AVCodecTag *tags, int for_asf, int ignore_extradata); int ff_put_wav_header(AVIOContext *pb, AVCodecContext *enc); enum AVCodecID ff_wav_codec_get_id(unsigned int tag, int bps); int ff_get_wav_header(AVIOContext *pb, AVCodecContext *codec, int size); From 9f3135b30bfb04dc507305044687797cdb73bfa2 Mon Sep 17 00:00:00 2001 From: Peter Ross Date: Mon, 23 Dec 2013 20:37:13 +1100 Subject: [PATCH 174/452] avformat/riffenc: indent Signed-off-by: Michael Niedermayer (cherry picked from commit f93b0abe4041b75f0dbb590ee932b37a07662856) Conflicts: libavformat/riffenc.c --- libavformat/riff.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavformat/riff.c b/libavformat/riff.c index bb4d06706f..be0505d09f 100644 --- a/libavformat/riff.c +++ b/libavformat/riff.c @@ -587,10 +587,10 @@ void ff_put_bmp_header(AVIOContext *pb, AVCodecContext *enc, const AVCodecTag *t avio_wl32(pb, 0); if (!ignore_extradata) { - avio_write(pb, enc->extradata, enc->extradata_size); + avio_write(pb, enc->extradata, enc->extradata_size); - if (!for_asf && enc->extradata_size & 1) - avio_w8(pb, 0); + if (!for_asf && enc->extradata_size & 1) + avio_w8(pb, 0); } } From fa45feefad0e653ff32a216e7bb98095a10ba49e Mon Sep 17 00:00:00 2001 From: Peter Ross Date: Mon, 23 Dec 2013 20:37:28 +1100 Subject: [PATCH 175/452] wtvenc: populate VIDEOINFOHEADER2 Fixes ticket #2835. Signed-off-by: Peter Ross Signed-off-by: Michael Niedermayer (cherry picked from commit 6da21c1f8190d674fd1e5619bb148c1bbab8ca3c) Conflicts: tests/ref/lavf/wtv tests/ref/seek/lavf-wtv --- libavformat/wtvenc.c | 51 ++++++++++++++++++++++++++++++++++------- tests/ref/lavf/wtv | 2 +- tests/ref/seek/lavf-wtv | 44 +++++++++++++++++------------------ 3 files changed, 66 insertions(+), 31 deletions(-) diff --git a/libavformat/wtvenc.c b/libavformat/wtvenc.c index 22917a454c..9e44001c02 100644 --- a/libavformat/wtvenc.c +++ b/libavformat/wtvenc.c @@ -227,9 +227,50 @@ static void finish_chunk(AVFormatContext *s) write_index(s); } +static void put_videoinfoheader2(AVIOContext *pb, AVStream *st) +{ + AVRational dar = av_mul_q(st->sample_aspect_ratio, (AVRational){st->codec->width, st->codec->height}); + unsigned int num, den; + av_reduce(&num, &den, dar.num, dar.den, 0xFFFFFFFF); + + /* VIDEOINFOHEADER2 */ + avio_wl32(pb, 0); + avio_wl32(pb, 0); + avio_wl32(pb, st->codec->width); + avio_wl32(pb, st->codec->height); + + avio_wl32(pb, 0); + avio_wl32(pb, 0); + avio_wl32(pb, 0); + avio_wl32(pb, 0); + + avio_wl32(pb, st->codec->bit_rate); + avio_wl32(pb, 0); + avio_wl64(pb, st->avg_frame_rate.num && st->avg_frame_rate.den ? INT64_C(10000000) / av_q2d(st->avg_frame_rate) : 0); + avio_wl32(pb, 0); + avio_wl32(pb, 0); + + avio_wl32(pb, num); + avio_wl32(pb, den); + avio_wl32(pb, 0); + avio_wl32(pb, 0); + + ff_put_bmp_header(pb, st->codec, ff_codec_bmp_tags, 0, 1); + + if (st->codec->codec_id == AV_CODEC_ID_MPEG2VIDEO) { + /* MPEG2VIDEOINFO */ + avio_wl32(pb, 0); + avio_wl32(pb, st->codec->extradata_size); + avio_wl32(pb, -1); + avio_wl32(pb, -1); + avio_wl32(pb, 0); + avio_write(pb, st->codec->extradata, st->codec->extradata_size); + avio_wl64(pb, 0); + } +} + static int write_stream_codec_info(AVFormatContext *s, AVStream *st) { - WtvContext *wctx = s->priv_data; const ff_asf_guid *g, *media_type, *format_type; AVIOContext *pb = s->pb; int64_t hdr_pos_start; @@ -261,13 +302,7 @@ static int write_stream_codec_info(AVFormatContext *s, AVStream *st) hdr_pos_start = avio_tell(pb); if (st->codec->codec_type == AVMEDIA_TYPE_VIDEO) { - if (wctx->first_video_flag) { - write_pad(pb, 216); //The size is sensitive. - wctx->first_video_flag = 0; - } else { - write_pad(pb, 72); // aspect ratio - ff_put_bmp_header(pb, st->codec, ff_codec_bmp_tags, 0); - } + put_videoinfoheader2(pb, st); } else { ff_put_wav_header(pb, st->codec); } diff --git a/tests/ref/lavf/wtv b/tests/ref/lavf/wtv index 8f2c2acc6c..bcdcb3e8f3 100644 --- a/tests/ref/lavf/wtv +++ b/tests/ref/lavf/wtv @@ -1,3 +1,3 @@ -345516d3a03fd239c62e5e7257c9f4a2 *./tests/data/lavf/lavf.wtv +ea7ac962126198092454f36cc3af3433 *./tests/data/lavf/lavf.wtv 413696 ./tests/data/lavf/lavf.wtv ./tests/data/lavf/lavf.wtv CRC=0xcc2dc628 diff --git a/tests/ref/seek/lavf-wtv b/tests/ref/seek/lavf-wtv index 67def8aae3..c214cde7db 100644 --- a/tests/ref/seek/lavf-wtv +++ b/tests/ref/seek/lavf-wtv @@ -1,48 +1,48 @@ -ret: 0 st: 1 flags:1 dts:-0.010907 pts:-0.010907 pos: 26344 size: 208 +ret: 0 st: 1 flags:1 dts:-0.010907 pts:-0.010907 pos: 26288 size: 208 ret: 0 st:-1 flags:0 ts:-1.000000 -ret: 0 st: 1 flags:1 dts:-0.010907 pts:-0.010907 pos: 26344 size: 208 +ret: 0 st: 1 flags:1 dts:-0.010907 pts:-0.010907 pos: 26288 size: 208 ret: 0 st:-1 flags:1 ts: 1.894167 -ret: 0 st: 1 flags:1 dts: 0.694399 pts: 0.694399 pos: 294744 size: 209 +ret: 0 st: 1 flags:1 dts: 0.694399 pts: 0.694399 pos: 294688 size: 209 ret: 0 st: 0 flags:0 ts: 0.788334 -ret: 0 st: 1 flags:1 dts: 0.694399 pts: 0.694399 pos: 294744 size: 209 +ret: 0 st: 1 flags:1 dts: 0.694399 pts: 0.694399 pos: 294688 size: 209 ret: 0 st: 0 flags:1 ts:-0.317499 -ret: 0 st: 1 flags:1 dts:-0.010907 pts:-0.010907 pos: 26344 size: 208 +ret: 0 st: 1 flags:1 dts:-0.010907 pts:-0.010907 pos: 26288 size: 208 ret:-1 st: 1 flags:0 ts: 2.576668 ret: 0 st: 1 flags:1 ts: 1.470835 -ret: 0 st: 1 flags:1 dts: 0.694399 pts: 0.694399 pos: 294744 size: 209 +ret: 0 st: 1 flags:1 dts: 0.694399 pts: 0.694399 pos: 294688 size: 209 ret: 0 st:-1 flags:0 ts: 0.365002 -ret: 0 st: 1 flags:1 dts:-0.010907 pts:-0.010907 pos: 26344 size: 208 +ret: 0 st: 1 flags:1 dts:-0.010907 pts:-0.010907 pos: 26288 size: 208 ret: 0 st:-1 flags:1 ts:-0.740831 -ret: 0 st: 1 flags:1 dts:-0.010907 pts:-0.010907 pos: 26344 size: 208 +ret: 0 st: 1 flags:1 dts:-0.010907 pts:-0.010907 pos: 26288 size: 208 ret:-1 st: 0 flags:0 ts: 2.153336 ret: 0 st: 0 flags:1 ts: 1.047503 -ret: 0 st: 1 flags:1 dts: 0.694399 pts: 0.694399 pos: 294744 size: 209 +ret: 0 st: 1 flags:1 dts: 0.694399 pts: 0.694399 pos: 294688 size: 209 ret: 0 st: 1 flags:0 ts:-0.058330 -ret: 0 st: 1 flags:1 dts:-0.010907 pts:-0.010907 pos: 26344 size: 208 +ret: 0 st: 1 flags:1 dts:-0.010907 pts:-0.010907 pos: 26288 size: 208 ret: 0 st: 1 flags:1 ts: 2.835837 -ret: 0 st: 1 flags:1 dts: 0.694399 pts: 0.694399 pos: 294744 size: 209 +ret: 0 st: 1 flags:1 dts: 0.694399 pts: 0.694399 pos: 294688 size: 209 ret:-1 st:-1 flags:0 ts: 1.730004 ret: 0 st:-1 flags:1 ts: 0.624171 -ret: 0 st: 1 flags:1 dts:-0.010907 pts:-0.010907 pos: 26344 size: 208 +ret: 0 st: 1 flags:1 dts:-0.010907 pts:-0.010907 pos: 26288 size: 208 ret: 0 st: 0 flags:0 ts:-0.481662 -ret: 0 st: 1 flags:1 dts:-0.010907 pts:-0.010907 pos: 26344 size: 208 +ret: 0 st: 1 flags:1 dts:-0.010907 pts:-0.010907 pos: 26288 size: 208 ret: 0 st: 0 flags:1 ts: 2.412505 -ret: 0 st: 1 flags:1 dts: 0.694399 pts: 0.694399 pos: 294744 size: 209 +ret: 0 st: 1 flags:1 dts: 0.694399 pts: 0.694399 pos: 294688 size: 209 ret:-1 st: 1 flags:0 ts: 1.306672 ret: 0 st: 1 flags:1 ts: 0.200839 -ret: 0 st: 1 flags:1 dts: 0.224195 pts: 0.224195 pos: 112904 size: 209 +ret: 0 st: 1 flags:1 dts: 0.224195 pts: 0.224195 pos: 112848 size: 209 ret: 0 st:-1 flags:0 ts:-0.904994 -ret: 0 st: 1 flags:1 dts:-0.010907 pts:-0.010907 pos: 26344 size: 208 +ret: 0 st: 1 flags:1 dts:-0.010907 pts:-0.010907 pos: 26288 size: 208 ret: 0 st:-1 flags:1 ts: 1.989173 -ret: 0 st: 1 flags:1 dts: 0.694399 pts: 0.694399 pos: 294744 size: 209 +ret: 0 st: 1 flags:1 dts: 0.694399 pts: 0.694399 pos: 294688 size: 209 ret: 0 st: 0 flags:0 ts: 0.883340 -ret: 0 st: 1 flags:1 dts: 0.694399 pts: 0.694399 pos: 294744 size: 209 +ret: 0 st: 1 flags:1 dts: 0.694399 pts: 0.694399 pos: 294688 size: 209 ret: 0 st: 0 flags:1 ts:-0.222493 -ret: 0 st: 1 flags:1 dts:-0.010907 pts:-0.010907 pos: 26344 size: 208 +ret: 0 st: 1 flags:1 dts:-0.010907 pts:-0.010907 pos: 26288 size: 208 ret:-1 st: 1 flags:0 ts: 2.671674 ret: 0 st: 1 flags:1 ts: 1.565841 -ret: 0 st: 1 flags:1 dts: 0.694399 pts: 0.694399 pos: 294744 size: 209 +ret: 0 st: 1 flags:1 dts: 0.694399 pts: 0.694399 pos: 294688 size: 209 ret: 0 st:-1 flags:0 ts: 0.460008 -ret: 0 st: 1 flags:1 dts:-0.010907 pts:-0.010907 pos: 26344 size: 208 +ret: 0 st: 1 flags:1 dts:-0.010907 pts:-0.010907 pos: 26288 size: 208 ret: 0 st:-1 flags:1 ts:-0.645825 -ret: 0 st: 1 flags:1 dts:-0.010907 pts:-0.010907 pos: 26344 size: 208 +ret: 0 st: 1 flags:1 dts:-0.010907 pts:-0.010907 pos: 26288 size: 208 From 5c502e5d4141709db616b1ab4576f8dbabdd216f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 22 Dec 2013 18:47:28 +0100 Subject: [PATCH 176/452] nutenc/write_index: warn if 2 consecutive keyframes have the same PTS and discard the 2nd This fixes an assertion failure and regression and restores previous behaviour Fixes Ticket3197 An alternative would be to fail hard in this case and refuse to mux such data. Signed-off-by: Michael Niedermayer (cherry picked from commit de2a2caf4dedb28a959d0ff6f02751bb6c3ff033) --- libavformat/nutenc.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/libavformat/nutenc.c b/libavformat/nutenc.c index 2d8d2652ee..974b62431b 100644 --- a/libavformat/nutenc.c +++ b/libavformat/nutenc.c @@ -584,8 +584,15 @@ static int write_index(NUTContext *nut, AVIOContext *bc) { int64_t last_pts= -1; int j, k; for (j=0; jsp_count; j++) { - int flag = (nus->keyframe_pts[j] != AV_NOPTS_VALUE) ^ (j+1 == nut->sp_count); + int flag; int n = 0; + + if (j && nus->keyframe_pts[j] == nus->keyframe_pts[j-1]) { + av_log(nut->avf, AV_LOG_WARNING, "Multiple keyframes with same PTS\n"); + nus->keyframe_pts[j] = AV_NOPTS_VALUE; + } + + flag = (nus->keyframe_pts[j] != AV_NOPTS_VALUE) ^ (j+1 == nut->sp_count); for (; jsp_count && (nus->keyframe_pts[j] != AV_NOPTS_VALUE) == flag; j++) n++; From dcd1acce1a69aebc36306a1155c025cc4175badc Mon Sep 17 00:00:00 2001 From: Alexander Strasser Date: Fri, 6 Dec 2013 17:20:26 +0100 Subject: [PATCH 177/452] configure: Special case libfreetype test Include the freetype header, in-directly through a macro, like it is done in the drawtext filter. Do not break if the header is moved. Unfortunately the drawtext filter included the file where the include macros are defined in a wrong way. This is not needed and breaks the build. Remove that #include line too. (cherry picked from commit cea5812fa723c08b89d929eeba73462e05de2973) Signed-off-by: Alexander Strasser Conflicts: configure --- configure | 22 +++++++++++++++++++++- libavfilter/vf_drawtext.c | 1 - 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/configure b/configure index db768ce4e5..d9308104fc 100755 --- a/configure +++ b/configure @@ -1075,6 +1075,26 @@ require_pkg_config(){ add_extralibs $(get_safe ${pkg}_libs) } +require_libfreetype(){ + log require_libfreetype "$@" + pkg="freetype2" + check_cmd $pkg_config --exists --print-errors $pkg \ + || die "ERROR: $pkg not found" + pkg_cflags=$($pkg_config --cflags $pkg) + pkg_libs=$($pkg_config --libs $pkg) + { + echo "#include " + echo "#include FT_FREETYPE_H" + echo "long check_func(void) { return (long) FT_Init_FreeType; }" + echo "int main(void) { return 0; }" + } | check_ld "cc" $pkg_cflags $pkg_libs \ + && set_safe ${pkg}_cflags $pkg_cflags \ + && set_safe ${pkg}_libs $pkg_libs \ + || die "ERROR: $pkg not found" + add_cflags $(get_safe ${pkg}_cflags) + add_extralibs $(get_safe ${pkg}_libs) +} + hostcc_o(){ eval printf '%s\\n' $HOSTCC_O } @@ -3904,7 +3924,7 @@ enabled libfaac && require2 libfaac "stdint.h faac.h" faacEncGetVersion -lfaa enabled libfdk_aac && require libfdk_aac fdk-aac/aacenc_lib.h aacEncOpen -lfdk-aac flite_libs="-lflite_cmu_time_awb -lflite_cmu_us_awb -lflite_cmu_us_kal -lflite_cmu_us_kal16 -lflite_cmu_us_rms -lflite_cmu_us_slt -lflite_usenglish -lflite_cmulex -lflite" enabled libflite && require2 libflite "flite/flite.h" flite_init $flite_libs -enabled libfreetype && require_pkg_config freetype2 "ft2build.h freetype/freetype.h" FT_Init_FreeType +enabled libfreetype && require_libfreetype enabled libgsm && { for gsm_hdr in "gsm.h" "gsm/gsm.h"; do check_lib "${gsm_hdr}" gsm_create -lgsm && break; done || die "ERROR: libgsm not found"; } diff --git a/libavfilter/vf_drawtext.c b/libavfilter/vf_drawtext.c index 2358e35c26..4c08092249 100644 --- a/libavfilter/vf_drawtext.c +++ b/libavfilter/vf_drawtext.c @@ -48,7 +48,6 @@ #include "video.h" #include -#include #include FT_FREETYPE_H #include FT_GLYPH_H #if CONFIG_FONTCONFIG From 71b3235cea40623ece8e9f2d91cda0e1257ac3f7 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 4 Jan 2014 17:33:59 +0100 Subject: [PATCH 178/452] avformat/oggdec: dont read timestamps from EOS pages of ogm videos Some muxers store invalid timestamps there, which breaks seeking Fixes Ticket2739 Signed-off-by: Michael Niedermayer (cherry picked from commit 5e0c7eab2a9d43e6e3be967ec1a6b04a3e0328da) --- libavformat/oggdec.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavformat/oggdec.c b/libavformat/oggdec.c index 5cb03fe13a..e495a87bed 100644 --- a/libavformat/oggdec.c +++ b/libavformat/oggdec.c @@ -786,6 +786,11 @@ static int64_t ogg_read_timestamp(AVFormatContext *s, int stream_index, && !ogg_packet(s, &i, &pstart, &psize, pos_arg)) { if (i == stream_index) { struct ogg_stream *os = ogg->streams + stream_index; + // Dont trust the last timestamps of a ogm video + if ( (os->flags & OGG_FLAG_EOS) + && !(os->flags & OGG_FLAG_BOS) + && os->codec == &ff_ogm_video_codec) + continue; pts = ogg_calc_pts(s, i, NULL); ogg_validate_keyframe(s, i, pstart, psize); if (os->pflags & AV_PKT_FLAG_KEY) { From f974c54909dc83e3c74933295718bf2539542044 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 8 Jan 2014 04:49:50 +0100 Subject: [PATCH 179/452] avformat/mxfdec: detect loops during header parsing The header parser uses forward and backward parsing, making the bulletproof prevention of loops difficult, thus this simple detection code. If someone improves the forward/backward parsing so it cannot loop then this commit should be reverted Fixes Ticket3278 Signed-off-by: Michael Niedermayer (cherry picked from commit 1c010fd035c1a14dc73827b84f21f593e969a5d6) --- libavformat/mxfdec.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index 06aa8ac617..09482b6054 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -1856,6 +1856,8 @@ static int mxf_read_header(AVFormatContext *s) MXFContext *mxf = s->priv_data; KLVPacket klv; int64_t essence_offset = 0; + int64_t last_pos = -1; + uint64_t last_pos_index = 1; int ret; mxf->last_forward_tell = INT64_MAX; @@ -1871,7 +1873,12 @@ static int mxf_read_header(AVFormatContext *s) while (!url_feof(s->pb)) { const MXFMetadataReadTableEntry *metadata; - + if (avio_tell(s->pb) == last_pos) { + av_log(mxf->fc, AV_LOG_ERROR, "MXF structure loop detected\n"); + return AVERROR_INVALIDDATA; + } + if ((1ULL<<61) % last_pos_index++ == 0) + last_pos = avio_tell(s->pb); if (klv_read_packet(&klv, s->pb) < 0) { /* EOF - seek to previous partition or stop */ if(mxf_parse_handle_partition_or_eof(mxf) <= 0) From 6f7fd2f589566e3aa44215fb3970b941c2070885 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Tue, 7 Jan 2014 22:49:05 +0100 Subject: [PATCH 180/452] Use the h264 parser when decoding VSSH in avi. Fixes ticket #3261 visually. Analyzed-by: Michael Doilnitsyn (cherry picked from commit 94cf4f8bac12c58e30ce3b5d72cf5898baafe9a8) Conflicts: libavformat/avidec.c --- libavformat/avidec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/avidec.c b/libavformat/avidec.c index 4852e44f12..2d60bfb9ca 100644 --- a/libavformat/avidec.c +++ b/libavformat/avidec.c @@ -639,6 +639,8 @@ static int avi_read_header(AVFormatContext *s) st->codec->codec_tag = tag1; st->codec->codec_id = ff_codec_get_id(ff_codec_bmp_tags, tag1); st->need_parsing = AVSTREAM_PARSE_HEADERS; // This is needed to get the pict type which is necessary for generating correct pts. + if (st->codec->codec_tag == MKTAG('V', 'S', 'S', 'H')) + st->need_parsing = AVSTREAM_PARSE_FULL; if(st->codec->codec_tag==0 && st->codec->height > 0 && st->codec->extradata_size < 1U<<30){ st->codec->extradata_size+= 9; From e24b33cd68357d978e0798d861867cd988607e1f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 9 Jan 2014 04:02:58 +0100 Subject: [PATCH 181/452] avcodec/msvideo1enc: fix SKIPS_MAX Fixes Ticket3270 Signed-off-by: Michael Niedermayer (cherry picked from commit fb8f5d0510619cea2204246631f1c0dcd994ee25) --- libavcodec/msvideo1enc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/msvideo1enc.c b/libavcodec/msvideo1enc.c index e0efb4823f..2cbf2d48d7 100644 --- a/libavcodec/msvideo1enc.c +++ b/libavcodec/msvideo1enc.c @@ -58,7 +58,7 @@ enum MSV1Mode{ }; #define SKIP_PREFIX 0x8400 -#define SKIPS_MAX 0x0FFF +#define SKIPS_MAX 0x03FF #define MKRGB555(in, off) ((in[off] << 10) | (in[off + 1] << 5) | (in[off + 2])) static const int remap[16] = { 0, 1, 4, 5, 2, 3, 6, 7, 8, 9, 12, 13, 10, 11, 14, 15 }; From d6a705d7787ff10848de5533eee0bc61c40ea272 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Wed, 15 Jan 2014 23:35:22 +0100 Subject: [PATCH 182/452] Do not set mkv bit_depth to av_get_bytes_per_sample() for G.726. The value is wrong and leads to broken files. (cherry picked from commit 565102dcac4959da60e6b1528dc31315d21194ca) --- libavformat/matroskaenc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/matroskaenc.c b/libavformat/matroskaenc.c index 6a783e1011..05890d3577 100644 --- a/libavformat/matroskaenc.c +++ b/libavformat/matroskaenc.c @@ -567,7 +567,7 @@ static int mkv_write_tracks(AVFormatContext *s) continue; } - if (!bit_depth) + if (!bit_depth && codec->codec_id != AV_CODEC_ID_ADPCM_G726) bit_depth = av_get_bytes_per_sample(codec->sample_fmt) << 3; if (!bit_depth) bit_depth = codec->bits_per_coded_sample; From 30147f14d4b6d8c6232a0f8162b89b4173ee9400 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Wed, 15 Jan 2014 23:37:47 +0100 Subject: [PATCH 183/452] Do not read mkv audio bit_depth if bits_per_coded_sample is already set. This allows decoding broken mkv files containing G.726 audio. (cherry picked from commit 11329370770e5c982deece7d4eb4f2e95e725332) --- libavformat/matroskadec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index f97e239a73..ebad0d51b9 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -1812,6 +1812,7 @@ static int matroska_read_header(AVFormatContext *s) st->codec->codec_type = AVMEDIA_TYPE_AUDIO; st->codec->sample_rate = track->audio.out_samplerate; st->codec->channels = track->audio.channels; + if (!st->codec->bits_per_coded_sample) st->codec->bits_per_coded_sample = track->audio.bitdepth; if (st->codec->codec_id != AV_CODEC_ID_AAC) st->need_parsing = AVSTREAM_PARSE_HEADERS; From b8b77aefe89438b86d47dfd7c78d541eed0bd2a9 Mon Sep 17 00:00:00 2001 From: Paul B Mahol Date: Mon, 9 Sep 2013 10:44:27 +0000 Subject: [PATCH 184/452] avcodec/ffv1dec: fix format detection Fixes crash with carefuly designed files. Signed-off-by: Paul B Mahol (cherry picked from commit a27227d401adf12534dc7a26d72e43e2f35f8944) Signed-off-by: Michael Niedermayer --- libavcodec/ffv1dec.c | 25 +++++++------------------ 1 file changed, 7 insertions(+), 18 deletions(-) diff --git a/libavcodec/ffv1dec.c b/libavcodec/ffv1dec.c index 2fa22a0102..7cbf034ba0 100644 --- a/libavcodec/ffv1dec.c +++ b/libavcodec/ffv1dec.c @@ -583,47 +583,32 @@ static int read_header(FFV1Context *f) case 0x11: f->avctx->pix_fmt = AV_PIX_FMT_YUV420P; break; case 0x20: f->avctx->pix_fmt = AV_PIX_FMT_YUV411P; break; case 0x22: f->avctx->pix_fmt = AV_PIX_FMT_YUV410P; break; - default: - av_log(f->avctx, AV_LOG_ERROR, "format not supported\n"); - return AVERROR(ENOSYS); } } else if (f->avctx->bits_per_raw_sample <= 8 && f->transparency) { switch(16*f->chroma_h_shift + f->chroma_v_shift) { case 0x00: f->avctx->pix_fmt = AV_PIX_FMT_YUVA444P; break; case 0x10: f->avctx->pix_fmt = AV_PIX_FMT_YUVA422P; break; case 0x11: f->avctx->pix_fmt = AV_PIX_FMT_YUVA420P; break; - default: - av_log(f->avctx, AV_LOG_ERROR, "format not supported\n"); - return AVERROR(ENOSYS); } - } else if (f->avctx->bits_per_raw_sample == 9) { + } else if (f->avctx->bits_per_raw_sample == 9 && !f->transparency) { f->packed_at_lsb = 1; switch(16 * f->chroma_h_shift + f->chroma_v_shift) { case 0x00: f->avctx->pix_fmt = AV_PIX_FMT_YUV444P9; break; case 0x10: f->avctx->pix_fmt = AV_PIX_FMT_YUV422P9; break; case 0x11: f->avctx->pix_fmt = AV_PIX_FMT_YUV420P9; break; - default: - av_log(f->avctx, AV_LOG_ERROR, "format not supported\n"); - return AVERROR(ENOSYS); } - } else if (f->avctx->bits_per_raw_sample == 10) { + } else if (f->avctx->bits_per_raw_sample == 10 && !f->transparency) { f->packed_at_lsb = 1; switch(16 * f->chroma_h_shift + f->chroma_v_shift) { case 0x00: f->avctx->pix_fmt = AV_PIX_FMT_YUV444P10; break; case 0x10: f->avctx->pix_fmt = AV_PIX_FMT_YUV422P10; break; case 0x11: f->avctx->pix_fmt = AV_PIX_FMT_YUV420P10; break; - default: - av_log(f->avctx, AV_LOG_ERROR, "format not supported\n"); - return AVERROR(ENOSYS); } - } else { + } else if (f->avctx->bits_per_raw_sample == 16 && !f->transparency){ switch(16 * f->chroma_h_shift + f->chroma_v_shift) { case 0x00: f->avctx->pix_fmt = AV_PIX_FMT_YUV444P16; break; case 0x10: f->avctx->pix_fmt = AV_PIX_FMT_YUV422P16; break; case 0x11: f->avctx->pix_fmt = AV_PIX_FMT_YUV420P16; break; - default: - av_log(f->avctx, AV_LOG_ERROR, "format not supported\n"); - return AVERROR(ENOSYS); } } } else if (f->colorspace == 1) { @@ -647,6 +632,10 @@ static int read_header(FFV1Context *f) av_log(f->avctx, AV_LOG_ERROR, "colorspace not supported\n"); return AVERROR(ENOSYS); } + if (f->avctx->pix_fmt == AV_PIX_FMT_NONE) { + av_log(f->avctx, AV_LOG_ERROR, "format not supported\n"); + return AVERROR(ENOSYS); + } av_dlog(f->avctx, "%d %d %d\n", f->chroma_h_shift, f->chroma_v_shift, f->avctx->pix_fmt); From da82be0cc00c195ffb890207db3a7608a97f2ac0 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 9 Oct 2013 00:30:46 +0200 Subject: [PATCH 185/452] ffserver: strip odd chars from html error messages before sending them back Fixes Ticket3034 Signed-off-by: Michael Niedermayer (cherry picked from commit 885739f3b4ca3fb60abf417120845e3fcfb99b53) Signed-off-by: Michael Niedermayer --- ffserver.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/ffserver.c b/ffserver.c index eee83e5695..97906a2444 100644 --- a/ffserver.c +++ b/ffserver.c @@ -328,6 +328,14 @@ static AVLFG random_state; static FILE *logfile = NULL; +static void htmlstrip(char *s) { + while (s && *s) { + s += strspn(s, "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ,. "); + if (*s) + *s++ = '?'; + } +} + static int64_t ffm_read_write_index(int fd) { uint8_t buf[8]; @@ -1887,6 +1895,7 @@ static int http_parse_request(HTTPContext *c) send_error: c->http_error = 404; q = c->buffer; + htmlstrip(msg); snprintf(q, c->buffer_size, "HTTP/1.0 404 Not Found\r\n" "Content-type: text/html\r\n" From 45dd7df83b39b350ac2f6fa5e09db90c6f5f900c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 21 Oct 2013 16:21:14 +0200 Subject: [PATCH 186/452] avfilter/ff_insert_pad: fix order of operations Fixes out of bounds access Fixes CID732170 Fixes CID732169 No filter is known to use this function in a way so the issue can be reproduced. Signed-off-by: Michael Niedermayer (cherry picked from commit ab2bfb85d49b2f8aa505816f93e75fd18ad0a361) Conflicts: libavfilter/avfilter.c (cherry picked from commit 86591b244f3a27293153896813f5569b49b2f5c0) Conflicts: libavfilter/avfilter.c --- libavfilter/avfilter.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavfilter/avfilter.c b/libavfilter/avfilter.c index ffd1b4ea19..956b0a6892 100644 --- a/libavfilter/avfilter.c +++ b/libavfilter/avfilter.c @@ -117,9 +117,9 @@ void ff_insert_pad(unsigned idx, unsigned *count, size_t padidx_off, (*links)[idx] = NULL; (*count)++; - for (i = idx+1; i < *count; i++) - if (*links[i]) - (*(unsigned *)((uint8_t *) *links[i] + padidx_off))++; + for (i = idx + 1; i < *count; i++) + if ((*links)[i]) + (*(unsigned *)((uint8_t *) (*links)[i] + padidx_off))++; } int avfilter_link(AVFilterContext *src, unsigned srcpad, From d805a5171382180311ec10174d9b343b0c362fb9 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 19 Oct 2013 17:45:54 +0200 Subject: [PATCH 187/452] avcodec/avpacket/av_packet_split_side_data: ensure that side data padding is initialized Signed-off-by: Michael Niedermayer (cherry picked from commit 240fd8c96f59ebe9dcfc4152a1086cd3f63400c0) Signed-off-by: Michael Niedermayer --- libavcodec/avpacket.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/avpacket.c b/libavcodec/avpacket.c index dea72e5d73..a70bbde460 100644 --- a/libavcodec/avpacket.c +++ b/libavcodec/avpacket.c @@ -286,7 +286,7 @@ int av_packet_split_side_data(AVPacket *pkt){ for (i=0; ; i++){ size= AV_RB32(p); av_assert0(size<=INT_MAX && p - pkt->data >= size); - pkt->side_data[i].data = av_malloc(size + FF_INPUT_BUFFER_PADDING_SIZE); + pkt->side_data[i].data = av_mallocz(size + FF_INPUT_BUFFER_PADDING_SIZE); pkt->side_data[i].size = size; pkt->side_data[i].type = p[4]&127; if (!pkt->side_data[i].data) From 252002aec13bbe4cd914ad6ae4658d1723093243 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 19 Oct 2013 17:52:47 +0200 Subject: [PATCH 188/452] avcodec/utils: add some saftey checks to add_metadata_from_side_data() This fixes potential overreads with crafted files. Found-by: wm4 Signed-off-by: Michael Niedermayer (cherry picked from commit 838f461b0716393a1b5c70efd03de1e8bc197380) Conflicts: libavcodec/utils.c --- libavcodec/utils.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index 2fd61e627c..969fe0c3f1 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -1647,10 +1647,17 @@ static int add_metadata_from_side_data(AVCodecContext *avctx, AVFrame *frame) if (!side_metadata) goto end; end = side_metadata + size; + if (size && end[-1]) + return AVERROR_INVALIDDATA; while (side_metadata < end) { const uint8_t *key = side_metadata; const uint8_t *val = side_metadata + strlen(key) + 1; - int ret = av_dict_set(ff_frame_get_metadatap(frame), key, val, 0); + int ret; + + if (val >= end) + return AVERROR_INVALIDDATA; + + ret = av_dict_set(ff_frame_get_metadatap(frame), key, val, 0); if (ret < 0) break; side_metadata = val + strlen(val) + 1; From 803ca5c3491a295a52cc7f2b1b583468d21a953f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 20 Oct 2013 18:38:48 +0200 Subject: [PATCH 189/452] avutil/opt: initialize ret Fixes CID1108610 Fixes use of uninitialized variable Signed-off-by: Michael Niedermayer (cherry picked from commit 2d8ccf0adcae09cb9e14b01cfe20e4d77c3bbf5d) Signed-off-by: Michael Niedermayer --- libavutil/opt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavutil/opt.c b/libavutil/opt.c index f91d18b198..eeb72fd8a7 100644 --- a/libavutil/opt.c +++ b/libavutil/opt.c @@ -249,7 +249,7 @@ int av_set_string3(void *obj, const char *name, const char *val, int alloc, cons int av_opt_set(void *obj, const char *name, const char *val, int search_flags) { - int ret; + int ret = 0; void *dst, *target_obj; const AVOption *o = av_opt_find2(obj, name, NULL, 0, search_flags, &target_obj); if (!o || !target_obj) From 751e684aae1e44799bd2ed0dcc93f4ecf9db4b53 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 30 Oct 2013 23:27:28 +0100 Subject: [PATCH 190/452] avcodec/jpeglsdec: check err value for ls_get_code_runterm() Fixes infinite loop Fixes Ticket3086 Signed-off-by: Michael Niedermayer (cherry picked from commit cc0e47b55096361723b364afa43b79a3f5619cdc) Signed-off-by: Michael Niedermayer --- libavcodec/jpeglsdec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/jpeglsdec.c b/libavcodec/jpeglsdec.c index 516a82fc90..10fe31a64f 100644 --- a/libavcodec/jpeglsdec.c +++ b/libavcodec/jpeglsdec.c @@ -142,6 +142,8 @@ static inline int ls_get_code_runterm(GetBitContext *gb, JLSState *state, int RI ret = ret >> 1; } + if(FFABS(ret) > 0xFFFF) + return -0x10000; /* update state */ state->A[Q] += FFABS(ret) - RItype; ret *= state->twonear; From d0ed672484e46f0b79e2ac91dfd6dab49a8f1017 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 31 Oct 2013 02:19:40 +0100 Subject: [PATCH 191/452] avformat/thp: fix variable types to avoid overflows Signed-off-by: Michael Niedermayer (cherry picked from commit 2b1056e4e27b046af3777e8bd65a5145abff878f) Signed-off-by: Michael Niedermayer --- libavformat/thp.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/libavformat/thp.c b/libavformat/thp.c index 3717b8f12c..09979aca99 100644 --- a/libavformat/thp.c +++ b/libavformat/thp.c @@ -26,15 +26,15 @@ typedef struct ThpDemuxContext { int version; - int first_frame; - int first_framesz; - int last_frame; + unsigned first_frame; + unsigned first_framesz; + unsigned last_frame; int compoff; - int framecnt; + unsigned framecnt; AVRational fps; - int frame; - int next_frame; - int next_framesz; + unsigned frame; + int64_t next_frame; + unsigned next_framesz; int video_stream_index; int audio_stream_index; int compcount; From 971b13752d921b76d59f0bfea0afb27b0ea3124e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 31 Oct 2013 02:26:07 +0100 Subject: [PATCH 192/452] avformat/thp: force moving forward Fixes infinite loop Fixes Ticket3098 Signed-off-by: Michael Niedermayer (cherry picked from commit 6c4b87d3d6ae08a6da16b4616626b4d2a726afbf) Signed-off-by: Michael Niedermayer --- libavformat/thp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/thp.c b/libavformat/thp.c index 09979aca99..568807d6f7 100644 --- a/libavformat/thp.c +++ b/libavformat/thp.c @@ -158,7 +158,7 @@ static int thp_read_packet(AVFormatContext *s, avio_seek(pb, thp->next_frame, SEEK_SET); /* Locate the next frame and read out its size. */ - thp->next_frame += thp->next_framesz; + thp->next_frame += FFMAX(thp->next_framesz, 1); thp->next_framesz = avio_rb32(pb); avio_rb32(pb); /* Previous total size. */ From c7027ae7381d67a8e852e7de914821ba391a61a2 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 14 Nov 2013 11:27:45 +0100 Subject: [PATCH 193/452] h264: Do not treat the initial frame special in handling of frame gaps The not handling of frame gaps has lead to the lack of a dummy reference frame, which has lead to the failure of decode_slice_header() which has lead to one SEI recovery message being skiped which had introduced a slightly suboptimal recovery point for at least 1 h264 file compared to JM. Found-by: Carl & BugMaster Signed-off-by: Michael Niedermayer (cherry picked from commit 9e5ef1c5c37208326c59d642e2dc7afd3f10b09b) Signed-off-by: Michael Niedermayer --- libavcodec/h264.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index f7de642e2d..dd16627364 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -3338,7 +3338,7 @@ static int decode_slice_header(H264Context *h, H264Context *h0) } else { /* Shorten frame num gaps so we don't have to allocate reference * frames just to throw them away */ - if (h->frame_num != h->prev_frame_num && h->prev_frame_num >= 0) { + if (h->frame_num != h->prev_frame_num) { int unwrap_prev_frame_num = h->prev_frame_num; int max_frame_num = 1 << h->sps.log2_max_frame_num; @@ -3420,7 +3420,7 @@ static int decode_slice_header(H264Context *h, H264Context *h0) } } - while (h->frame_num != h->prev_frame_num && h->prev_frame_num >= 0 && !h0->first_field && + while (h->frame_num != h->prev_frame_num && !h0->first_field && h->frame_num != (h->prev_frame_num + 1) % (1 << h->sps.log2_max_frame_num)) { Picture *prev = h->short_ref_count ? h->short_ref[0] : NULL; av_log(h->avctx, AV_LOG_DEBUG, "Frame num gap %d %d\n", From dea7f1c62e1af3e0967c7c85a8ab48ab6ffa1b47 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 21 Nov 2013 02:32:37 +0100 Subject: [PATCH 194/452] avcodec: move end zeroing code from av_packet_split_side_data() to avcodec_decode_subtitle2() This code changes the input packet, which is read only and can in rare circumstances lead to decoder errors. (i run into one of these in the audio decoder, which corrupted the packet during av_find_stream_info() so that actual decoding that single packet failed later) Until a better fix is implemented, this commit limits the problem. A better fix might be to make the subtitle decoders not depend on data[size] = 0 or to copy their input when this is not the case. (cherry picked from commit 01923bab98506b1e98b4cbf08419364ce6ffea6d) Signed-off-by: Michael Niedermayer --- libavcodec/utils.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index 969fe0c3f1..bd3858b2ff 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -1976,6 +1976,16 @@ int avcodec_decode_subtitle2(AVCodecContext *avctx, AVSubtitle *sub, int did_split = av_packet_split_side_data(&tmp); //apply_param_change(avctx, &tmp); + if (did_split) { + /* FFMIN() prevents overflow in case the packet wasn't allocated with + * proper padding. + * If the side data is smaller than the buffer padding size, the + * remaining bytes should have already been filled with zeros by the + * original packet allocation anyway. */ + memset(tmp.data + tmp.size, 0, + FFMIN(avpkt->size - tmp.size, FF_INPUT_BUFFER_PADDING_SIZE)); + } + pkt_recoded = tmp; ret = recode_subtitle(avctx, &pkt_recoded, &tmp); if (ret < 0) { From 5a8d78ab7f5444fa690503e9cd39fd25416a8338 Mon Sep 17 00:00:00 2001 From: Paul B Mahol Date: Fri, 15 Nov 2013 01:09:06 +0000 Subject: [PATCH 195/452] avcodec/libopusenc: change default frame duration to 20 ms 20 ms is used by libopus encoder. Signed-off-by: Paul B Mahol (cherry picked from commit 74906d3727ec3bd9b7b28dfa7a98ff6e8cf8b6d7) Signed-off-by: Michael Niedermayer --- doc/encoders.texi | 2 +- libavcodec/libopusenc.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/encoders.texi b/doc/encoders.texi index a2ad496b22..267f7cbf13 100644 --- a/doc/encoders.texi +++ b/doc/encoders.texi @@ -749,7 +749,7 @@ Set maximum frame size, or duration of a frame in milliseconds. The argument must be exactly the following: 2.5, 5, 10, 20, 40, 60. Smaller frame sizes achieve lower latency but less quality at a given bitrate. Sizes greater than 20ms are only interesting at fairly low bitrates. -The default of FFmpeg is 10ms, but is 20ms in @command{opusenc}. +The default is 20ms. @item packet_loss (@emph{expect-loss}) Set expected packet loss percentage. The default is 0. diff --git a/libavcodec/libopusenc.c b/libavcodec/libopusenc.c index 04c297deba..ad65344352 100644 --- a/libavcodec/libopusenc.c +++ b/libavcodec/libopusenc.c @@ -380,7 +380,7 @@ static const AVOption libopus_options[] = { { "voip", "Favor improved speech intelligibility", 0, AV_OPT_TYPE_CONST, { .i64 = OPUS_APPLICATION_VOIP }, 0, 0, FLAGS, "application" }, { "audio", "Favor faithfulness to the input", 0, AV_OPT_TYPE_CONST, { .i64 = OPUS_APPLICATION_AUDIO }, 0, 0, FLAGS, "application" }, { "lowdelay", "Restrict to only the lowest delay modes", 0, AV_OPT_TYPE_CONST, { .i64 = OPUS_APPLICATION_RESTRICTED_LOWDELAY }, 0, 0, FLAGS, "application" }, - { "frame_duration", "Duration of a frame in milliseconds", OFFSET(frame_duration), AV_OPT_TYPE_FLOAT, { .dbl = 10.0 }, 2.5, 60.0, FLAGS }, + { "frame_duration", "Duration of a frame in milliseconds", OFFSET(frame_duration), AV_OPT_TYPE_FLOAT, { .dbl = 20.0 }, 2.5, 60.0, FLAGS }, { "packet_loss", "Expected packet loss percentage", OFFSET(packet_loss), AV_OPT_TYPE_INT, { .i64 = 0 }, 0, 100, FLAGS }, { "vbr", "Variable bit rate mode", OFFSET(vbr), AV_OPT_TYPE_INT, { .i64 = 1 }, 0, 2, FLAGS, "vbr" }, { "off", "Use constant bit rate", 0, AV_OPT_TYPE_CONST, { .i64 = 0 }, 0, 0, FLAGS, "vbr" }, From 3488e9e269f83ed1a8aec10f75d779176c939e11 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 6 Dec 2013 16:49:00 +0100 Subject: [PATCH 196/452] avcodec/error_resilience: factor er_supported() check out Signed-off-by: Michael Niedermayer (cherry picked from commit afb18c55783362546b5e512ce01b7fe7bf5744d9) Signed-off-by: Michael Niedermayer --- libavcodec/error_resilience.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/libavcodec/error_resilience.c b/libavcodec/error_resilience.c index 70a800a746..de84d84cc6 100644 --- a/libavcodec/error_resilience.c +++ b/libavcodec/error_resilience.c @@ -762,6 +762,17 @@ void ff_er_frame_start(ERContext *s) s->error_occurred = 0; } +static int er_supported(ERContext *s) +{ + if(s->avctx->hwaccel || + s->avctx->codec->capabilities&CODEC_CAP_HWACCEL_VDPAU || + !s->cur_pic || + s->cur_pic->field_picture + ) + return 0; + return 1; +} + /** * Add a slice. * @param endx x component of the last macroblock, can be -1 @@ -851,9 +862,7 @@ void ff_er_frame_end(ERContext *s) * though it should not crash if enabled. */ if (!s->avctx->err_recognition || s->error_count == 0 || s->avctx->lowres || - s->avctx->hwaccel || - s->avctx->codec->capabilities&CODEC_CAP_HWACCEL_VDPAU || - !s->cur_pic || s->cur_pic->field_picture || + !er_supported(s) || s->error_count == 3 * s->mb_width * (s->avctx->skip_top + s->avctx->skip_bottom)) { return; From b841869477c951840f3304f57470baee6e13e474 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 6 Dec 2013 16:49:35 +0100 Subject: [PATCH 197/452] avcodec/error_resilience: check that er is supported before attempting to read the status of the previous slice Fixes incorrectly set error_occured and improves speed Signed-off-by: Michael Niedermayer (cherry picked from commit 90539cea336fd513c47295a03c164cb4a851166f) Signed-off-by: Michael Niedermayer --- libavcodec/error_resilience.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/error_resilience.c b/libavcodec/error_resilience.c index de84d84cc6..6d18aa868a 100644 --- a/libavcodec/error_resilience.c +++ b/libavcodec/error_resilience.c @@ -839,7 +839,7 @@ void ff_er_add_slice(ERContext *s, int startx, int starty, s->error_status_table[start_xy] |= VP_START; if (start_xy > 0 && !(s->avctx->active_thread_type & FF_THREAD_SLICE) && - s->avctx->skip_top * s->mb_width < start_i) { + er_supported(s) && s->avctx->skip_top * s->mb_width < start_i) { int prev_status = s->error_status_table[s->mb_index2xy[start_i - 1]]; prev_status &= ~ VP_START; From 5dde8ba59e90facf3f22a99cf0ea86569758e576 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 6 Dec 2013 23:30:34 +0100 Subject: [PATCH 198/452] avutil/log: skip IO calls on empty strings These occur when no context is set for example, thus they are common Signed-off-by: Michael Niedermayer (cherry picked from commit a044a183a3fb90b20a8deaa3ea1158510bcdd420) Signed-off-by: Michael Niedermayer --- libavutil/log.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavutil/log.c b/libavutil/log.c index 49dd4d1897..bdb4be0f91 100644 --- a/libavutil/log.c +++ b/libavutil/log.c @@ -101,6 +101,9 @@ static int use_color = -1; static void colored_fputs(int level, const char *str) { + if (!*str) + return; + if (use_color < 0) { #if HAVE_SETCONSOLETEXTATTRIBUTE CONSOLE_SCREEN_BUFFER_INFO con_info; From ab38b390592df4ad941b8e7568b8dd7f0aa521ca Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 18 Apr 2013 16:19:10 +0200 Subject: [PATCH 199/452] evrcdec: use memmove() instead of memcpy() when regions can overlap. This occurs also with valid files. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 5ae484e350e4f1b20b31802dac59ca3519627c0a) Signed-off-by: Michael Niedermayer --- libavcodec/evrcdec.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libavcodec/evrcdec.c b/libavcodec/evrcdec.c index 5569ca2511..aec652ac8c 100644 --- a/libavcodec/evrcdec.c +++ b/libavcodec/evrcdec.c @@ -640,7 +640,7 @@ static void postfilter(EVRCContext *e, float *in, const float *coeff, /* Short term postfilter */ synthesis_filter(temp, wcoef2, e->postfilter_iir, length, out); - memcpy(e->postfilter_residual, + memmove(e->postfilter_residual, e->postfilter_residual + length, ACB_SIZE * sizeof(float)); } @@ -714,7 +714,7 @@ static void frame_erasure(EVRCContext *e, float *samples) e->pitch[ACB_SIZE + j] = e->energy_vector[i]; } - memcpy(e->pitch, e->pitch + subframe_size, ACB_SIZE * sizeof(float)); + memmove(e->pitch, e->pitch + subframe_size, ACB_SIZE * sizeof(float)); if (e->bitrate != RATE_QUANT && e->avg_acb_gain < 0.4) { f = 0.1 * e->avg_fcb_gain; @@ -814,7 +814,7 @@ static int evrc_decode_frame(AVCodecContext *avctx, void *data, interpolate_delay(idelay, delay, e->prev_pitch_delay, i); acb_excitation(e, e->pitch + ACB_SIZE, e->avg_acb_gain, idelay, subframe_size); - memcpy(e->pitch, e->pitch + subframe_size, ACB_SIZE * sizeof(float)); + memmove(e->pitch, e->pitch + subframe_size, ACB_SIZE * sizeof(float)); } } @@ -872,7 +872,7 @@ static int evrc_decode_frame(AVCodecContext *avctx, void *data, e->pitch[ACB_SIZE + j] = e->energy_vector[i]; } - memcpy(e->pitch, e->pitch + subframe_size, ACB_SIZE * sizeof(float)); + memmove(e->pitch, e->pitch + subframe_size, ACB_SIZE * sizeof(float)); synthesis_filter(e->pitch + ACB_SIZE, ilpc, e->synthesis, subframe_size, tmp); From a92b73da9907cc6819b5a476747a5ab44c797c88 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 18 Apr 2013 17:54:54 +0200 Subject: [PATCH 200/452] svq3: use memmove to avoid overlap in memcpy. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 4c8ce750abaa783109630d41ca7dde5de34f6197) Signed-off-by: Michael Niedermayer --- libavcodec/svq3.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/svq3.c b/libavcodec/svq3.c index 0481c807ab..3c17e0fc68 100644 --- a/libavcodec/svq3.c +++ b/libavcodec/svq3.c @@ -790,8 +790,8 @@ static int svq3_decode_slice_header(AVCodecContext *avctx) header ^ s->watermark_key); } if (length > 0) { - memcpy((uint8_t *) &h->gb.buffer[get_bits_count(&h->gb) >> 3], - &h->gb.buffer[h->gb.size_in_bits >> 3], length - 1); + memmove((uint8_t *) &h->gb.buffer[get_bits_count(&h->gb) >> 3], + &h->gb.buffer[h->gb.size_in_bits >> 3], length - 1); } skip_bits_long(&h->gb, 0); } From a2186a8054428807d7bcd9ee29342e8741177f9c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 18 Apr 2013 19:53:00 +0200 Subject: [PATCH 201/452] avcodec/mpegvideo_motion: Check P field references If a reference is unavailable use a field from the current picture Fixes null pointer dereference Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 23daee0dcc57b647b9d62d4c905e94acf0c6b8e0) Signed-off-by: Michael Niedermayer --- libavcodec/mpegvideo_motion.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/mpegvideo_motion.c b/libavcodec/mpegvideo_motion.c index 565f6cb286..f443b8e629 100644 --- a/libavcodec/mpegvideo_motion.c +++ b/libavcodec/mpegvideo_motion.c @@ -812,7 +812,8 @@ static av_always_inline void MPV_motion_internal(MpegEncContext *s, s->mv[dir][1][0], s->mv[dir][1][1], 8, mb_y); } } else { - if(s->picture_structure != s->field_select[dir][0] + 1 && s->pict_type != AV_PICTURE_TYPE_B && !s->first_field){ + if( s->picture_structure != s->field_select[dir][0] + 1 && s->pict_type != AV_PICTURE_TYPE_B && !s->first_field + || !ref_picture[0]){ ref_picture = s->current_picture_ptr->f.data; } From 8ded3738d15c9fb83906a5c1a5a04925130edc1f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 16 Apr 2013 16:41:21 +0200 Subject: [PATCH 202/452] avcodec/c93: Check for block overlap. Fixes overlapping memcpy() Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 6b657ac7889738b9ab38924cca4e7c418f6fbc38) Signed-off-by: Michael Niedermayer --- libavcodec/c93.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libavcodec/c93.c b/libavcodec/c93.c index e5f371b081..c6358d5b5c 100644 --- a/libavcodec/c93.c +++ b/libavcodec/c93.c @@ -175,7 +175,13 @@ static int decode_frame(AVCodecContext *avctx, void *data, case C93_4X4_FROM_PREV: for (j = 0; j < 8; j += 4) { for (i = 0; i < 8; i += 4) { - offset = bytestream2_get_le16(&gb); + int offset = bytestream2_get_le16(&gb); + int from_x = offset % WIDTH; + int from_y = offset / WIDTH; + if (block_type == C93_4X4_FROM_CURR && from_y == y+j && + (FFABS(from_x - x-i) < 4 || FFABS(from_x - x-i) > WIDTH-4)) { + return AVERROR_INVALIDDATA; + } if ((ret = copy_block(avctx, &out[j*stride+i], copy_from, offset, 4, stride)) < 0) return ret; From d1da1c8384c625f2ecb0040c60702ebb5523a0d1 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 19 Apr 2013 14:46:31 +0200 Subject: [PATCH 203/452] avcodec/mpegvideo_motion: Use a field from the current frame if the last is unavailable in DMV & 16x8 Fixes null pointer dereference Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 42bcc4082d644342171216fcf597cde75421a4d7) Signed-off-by: Michael Niedermayer --- libavcodec/mpegvideo_motion.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/libavcodec/mpegvideo_motion.c b/libavcodec/mpegvideo_motion.c index f443b8e629..6fddab7705 100644 --- a/libavcodec/mpegvideo_motion.c +++ b/libavcodec/mpegvideo_motion.c @@ -827,8 +827,8 @@ static av_always_inline void MPV_motion_internal(MpegEncContext *s, for(i=0; i<2; i++){ uint8_t ** ref2picture; - if(s->picture_structure == s->field_select[dir][i] + 1 - || s->pict_type == AV_PICTURE_TYPE_B || s->first_field){ + if((s->picture_structure == s->field_select[dir][i] + 1 + || s->pict_type == AV_PICTURE_TYPE_B || s->first_field) && ref_picture[0]){ ref2picture= ref_picture; }else{ ref2picture = s->current_picture_ptr->f.data; @@ -857,6 +857,9 @@ static av_always_inline void MPV_motion_internal(MpegEncContext *s, pix_op = s->dsp.avg_pixels_tab; } }else{ + if (!ref_picture[0]) { + ref_picture = s->current_picture_ptr->f.data; + } for(i=0; i<2; i++){ mpeg_motion(s, dest_y, dest_cb, dest_cr, s->picture_structure != i+1, From 08a319549a4198150f92be8cd36f06b7ec1d9eb3 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 18 Apr 2013 02:47:10 +0200 Subject: [PATCH 204/452] avcodec/bitstream: Check bits in ff_init_vlc_sparse() Fixes out of array reads Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit fb3e3808aed843b21dd70a70bdbc4b9f7de6a00b) Signed-off-by: Michael Niedermayer --- libavcodec/bitstream.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/bitstream.c b/libavcodec/bitstream.c index 6bcdadb9c4..6598d3e397 100644 --- a/libavcodec/bitstream.c +++ b/libavcodec/bitstream.c @@ -305,6 +305,10 @@ int ff_init_vlc_sparse(VLC *vlc, int nb_bits, int nb_codes, GET_DATA(buf[j].bits, bits, i, bits_wrap, bits_size);\ if (!(condition))\ continue;\ + if (buf[j].bits > 3*nb_bits || buf[j].bits>32) {\ + av_log(NULL, AV_LOG_ERROR, "Too long VLC in init_vlc\n");\ + return -1;\ + }\ GET_DATA(buf[j].code, codes, i, codes_wrap, codes_size);\ if (flags & INIT_VLC_LE)\ buf[j].code = bitswap_32(buf[j].code);\ From bb6f4667946c7e4b5e99971a60040c9adedee84b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 18 Apr 2013 02:52:41 +0200 Subject: [PATCH 205/452] avcodec/bitstream: check codes in ff_init_vlc_sparse() Signed-off-by: Michael Niedermayer (cherry picked from commit 6998af4a40e67b5f0bfb769b7749f38a92eb2819) Signed-off-by: Michael Niedermayer --- libavcodec/bitstream.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/bitstream.c b/libavcodec/bitstream.c index 6598d3e397..2dda9bbf7b 100644 --- a/libavcodec/bitstream.c +++ b/libavcodec/bitstream.c @@ -310,6 +310,10 @@ int ff_init_vlc_sparse(VLC *vlc, int nb_bits, int nb_codes, return -1;\ }\ GET_DATA(buf[j].code, codes, i, codes_wrap, codes_size);\ + if (buf[j].code >= (1LL< Date: Thu, 18 Apr 2013 00:52:48 +0200 Subject: [PATCH 206/452] xan: Check for overlapping copies No valid samples i found use such copies Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit bdfe60c769f4d4e71a360fe02f06cdb9c039cf35) Signed-off-by: Michael Niedermayer --- libavcodec/xan.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/xan.c b/libavcodec/xan.c index 219eedd92d..6bfb4ba7bd 100644 --- a/libavcodec/xan.c +++ b/libavcodec/xan.c @@ -244,6 +244,11 @@ static inline void xan_wc3_copy_pixel_run(XanContext *s, int x, int y, curframe_x = x; prevframe_index = (y + motion_y) * stride + x + motion_x; prevframe_x = x + motion_x; + + if (prev_palette_plane == palette_plane && FFABS(curframe_index - prevframe_index) < pixel_count) { + return ; + } + while (pixel_count && curframe_index < s->frame_size && prevframe_index < s->frame_size) { From 6e3697b985520d3d0f6b2719446b9c2d1fb021ec Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 3 May 2013 23:16:54 +0200 Subject: [PATCH 207/452] eamad: Check against minimum supported dimensions Fixes out of array reads Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit e756635964ed3aa1ee997465f9b46143bcb5d894) Signed-off-by: Michael Niedermayer --- libavcodec/eamad.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/eamad.c b/libavcodec/eamad.c index b9679bca86..7a4908ccdb 100644 --- a/libavcodec/eamad.c +++ b/libavcodec/eamad.c @@ -255,6 +255,11 @@ static int decode_frame(AVCodecContext *avctx, calc_quant_matrix(s, buf[13]); buf += 16; + if (width < 16 || height < 16) { + av_log(avctx, AV_LOG_ERROR, "Dimensions too small\n"); + return AVERROR_INVALIDDATA; + } + if (avctx->width != width || avctx->height != height) { if((width * height)/2048*7 > buf_end-buf) return AVERROR_INVALIDDATA; From 2b26f8c6bf764423f644653974f7289078c2ffc9 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 4 May 2013 02:47:58 +0200 Subject: [PATCH 208/452] evrcdec: fix sign error The specification wants round(abs(x))) * sign(x) which is equivakent to round(x) Fixes out of array access Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit f18d2dff1194b34b79dc7641aafe54d1df349e40) Signed-off-by: Michael Niedermayer --- libavcodec/evrcdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/evrcdec.c b/libavcodec/evrcdec.c index aec652ac8c..22f4688064 100644 --- a/libavcodec/evrcdec.c +++ b/libavcodec/evrcdec.c @@ -374,7 +374,7 @@ static void bl_intrp(EVRCContext *e, float *ex, float delay) int offset, i, coef_idx; int16_t t; - offset = lrintf(fabs(delay)); + offset = lrintf(delay); t = (offset - delay + 0.5) * 8.0 + 0.5; if (t == 8) { From ca7f64e0ac205da95c9a113bd3b68956e9231b61 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 7 May 2013 19:57:10 +0200 Subject: [PATCH 209/452] shorten: allocate space for padding Fixes array overread Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 89d998f1c1eddac3a1256e28ac00ccfdf4d3edd1) Signed-off-by: Michael Niedermayer --- libavcodec/shorten.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c index 3a6d634012..5765fa41b0 100644 --- a/libavcodec/shorten.c +++ b/libavcodec/shorten.c @@ -424,7 +424,7 @@ static int shorten_decode_frame(AVCodecContext *avctx, void *data, void *tmp_ptr; s->max_framesize = 8192; // should hopefully be enough for the first header tmp_ptr = av_fast_realloc(s->bitstream, &s->allocated_bitstream_size, - s->max_framesize); + s->max_framesize + FF_INPUT_BUFFER_PADDING_SIZE); if (!tmp_ptr) { av_log(avctx, AV_LOG_ERROR, "error allocating bitstream buffer\n"); return AVERROR(ENOMEM); From 7855083443e059503731371d0eab011ae573708c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 7 May 2013 20:18:41 +0200 Subject: [PATCH 210/452] dxa: check vectors of 4x4 motion blocks Fixes out of array reads Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit f96e0eb2387f8da7b8177f8f22969853dc648ca6) Signed-off-by: Michael Niedermayer --- libavcodec/dxa.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/dxa.c b/libavcodec/dxa.c index a2fe5578df..97c30d5bd0 100644 --- a/libavcodec/dxa.c +++ b/libavcodec/dxa.c @@ -71,6 +71,11 @@ static int decode_13(AVCodecContext *avctx, DxaDecContext *c, uint8_t* dst, uint case 4: // motion compensation x = (*mv) >> 4; if(x & 8) x = 8 - x; y = (*mv++) & 0xF; if(y & 8) y = 8 - y; + if (i < -x || avctx->width - i - 4 < x || + j < -y || avctx->height - j - 4 < y) { + av_log(avctx, AV_LOG_ERROR, "MV %d %d out of bounds\n", x,y); + return AVERROR_INVALIDDATA; + } tmp2 += x + y*stride; case 0: // skip case 5: // skip in method 12 From 84b100396efb1d8ac65b2097ff1d9e532313d2d6 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 7 May 2013 20:33:33 +0200 Subject: [PATCH 211/452] dxa: check vectors of 2x2 motion blocks Fixes out of array reads Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit ead590c2561980f2afda38a662364659577dca38) Signed-off-by: Michael Niedermayer --- libavcodec/dxa.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/dxa.c b/libavcodec/dxa.c index 97c30d5bd0..7bd74f3c74 100644 --- a/libavcodec/dxa.c +++ b/libavcodec/dxa.c @@ -133,6 +133,11 @@ static int decode_13(AVCodecContext *avctx, DxaDecContext *c, uint8_t* dst, uint case 0x80: // motion compensation x = (*mv) >> 4; if(x & 8) x = 8 - x; y = (*mv++) & 0xF; if(y & 8) y = 8 - y; + if (i + 2*(k & 1) < -x || avctx->width - i - 2*(k & 1) - 2 < x || + j + (k & 2) < -y || avctx->height - j - (k & 2) - 2 < y) { + av_log(avctx, AV_LOG_ERROR, "MV %d %d out of bounds\n", x,y); + return AVERROR_INVALIDDATA; + } tmp2 += x + y*stride; case 0x00: // skip tmp[d + 0 ] = tmp2[0]; From 3d380ffde9af31152b1ddac47fa09521e0ae3d57 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 7 May 2013 22:26:22 +0200 Subject: [PATCH 212/452] avformat/vqf: check number of channels before use. Fixes division by zero Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit a527e692592b7eef69430cc866bb96231526316c) Signed-off-by: Michael Niedermayer --- libavformat/vqf.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavformat/vqf.c b/libavformat/vqf.c index f1e6aafd98..8ba199c678 100644 --- a/libavformat/vqf.c +++ b/libavformat/vqf.c @@ -132,6 +132,11 @@ static int vqf_read_header(AVFormatContext *s) rate_flag = AV_RB32(comm_chunk + 8); avio_skip(s->pb, len-12); + if (st->codec->channels <= 0) { + av_log(s, AV_LOG_ERROR, "Invalid number of channels\n"); + return AVERROR_INVALIDDATA; + } + st->codec->bit_rate = read_bitrate*1000; break; case MKTAG('D','S','I','Z'): // size of compressed data From e438fd3be905cefdf75d9cc5a632ded4dc043be5 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 13 May 2013 18:09:04 +0200 Subject: [PATCH 213/452] avcodec/lcldec: Check that dimensions are a multiple of the subsample factors Other dimensions would not work correctly currently, also ask for a sample for files that fail this check. This fixes an integer overflow leading to out of array accesses. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 1e00bbb10cbde3da03a1e744265ce6def9ae4c56) Signed-off-by: Michael Niedermayer --- libavcodec/lcldec.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/libavcodec/lcldec.c b/libavcodec/lcldec.c index f8d45da95a..78210413bc 100644 --- a/libavcodec/lcldec.c +++ b/libavcodec/lcldec.c @@ -42,6 +42,7 @@ #include #include "libavutil/mem.h" +#include "libavutil/pixdesc.h" #include "avcodec.h" #include "bytestream.h" #include "internal.h" @@ -491,6 +492,7 @@ static av_cold int decode_init(AVCodecContext *avctx) unsigned int max_basesize = FFALIGN(avctx->width, 4) * FFALIGN(avctx->height, 4); unsigned int max_decomp_size; + int subsample_h, subsample_v; avcodec_get_frame_defaults(&c->pic); if (avctx->extradata_size < 8) { @@ -517,6 +519,9 @@ static av_cold int decode_init(AVCodecContext *avctx) max_decomp_size = max_basesize * 2; avctx->pix_fmt = AV_PIX_FMT_YUV422P; av_log(avctx, AV_LOG_DEBUG, "Image type is YUV 4:2:2.\n"); + if (avctx->width % 4) { + return AVERROR_INVALIDDATA; + } break; case IMGTYPE_RGB24: c->decomp_size = basesize * 3; @@ -547,6 +552,11 @@ static av_cold int decode_init(AVCodecContext *avctx) return AVERROR_INVALIDDATA; } + av_pix_fmt_get_chroma_sub_sample(avctx->pix_fmt, &subsample_h, &subsample_v); + if (avctx->width % (1<height % (1<compression = (int8_t)avctx->extradata[5]; switch (avctx->codec_id) { From dee327b0e70d7051ed0d349974e88bd1ec8a246c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 22 May 2013 17:39:22 +0200 Subject: [PATCH 214/452] shorten: fix "off by padding" bug Fixes array overread Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit ad22767cb61cdc75541b21154d65fd1ad6351025) Signed-off-by: Michael Niedermayer --- libavcodec/shorten.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c index 5765fa41b0..af17d9daf5 100644 --- a/libavcodec/shorten.c +++ b/libavcodec/shorten.c @@ -437,7 +437,7 @@ static int shorten_decode_frame(AVCodecContext *avctx, void *data, buf_size = FFMIN(buf_size, s->max_framesize - s->bitstream_size); input_buf_size = buf_size; - if (s->bitstream_index + s->bitstream_size + buf_size > + if (s->bitstream_index + s->bitstream_size + buf_size + FF_INPUT_BUFFER_PADDING_SIZE > s->allocated_bitstream_size) { memmove(s->bitstream, &s->bitstream[s->bitstream_index], s->bitstream_size); From 271f5d68b922174e5b49df9778c89ee76b105c60 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 2 May 2013 02:15:03 +0200 Subject: [PATCH 215/452] avcodec/ansi: Check x/y This prevents out of array accesses Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit e91fd754c63de7fd3cb7fdea8974166db362e387) Signed-off-by: Michael Niedermayer --- libavcodec/ansi.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/ansi.c b/libavcodec/ansi.c index 51339d24f9..655c86970c 100644 --- a/libavcodec/ansi.c +++ b/libavcodec/ansi.c @@ -239,6 +239,8 @@ static int execute_code(AVCodecContext * avctx, int c) default: av_log_ask_for_sample(avctx, "unsupported screen mode\n"); } + s->x = av_clip(s->x, 0, width - FONT_WIDTH); + s->y = av_clip(s->y, 0, height - s->font_height); if (width != avctx->width || height != avctx->height) { if (s->frame.data[0]) avctx->release_buffer(avctx, &s->frame); @@ -335,6 +337,8 @@ static int execute_code(AVCodecContext * avctx, int c) av_log_ask_for_sample(avctx, "unsupported escape code\n"); break; } + s->x = av_clip(s->x, 0, avctx->width - FONT_WIDTH); + s->y = av_clip(s->y, 0, avctx->height - s->font_height); return 0; } From 483b2016bb70c1170383d8710433bed144e5706f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 2 May 2013 02:16:41 +0200 Subject: [PATCH 216/452] avcodec/ansi: Fix right/bottom end checks Signed-off-by: Michael Niedermayer (cherry picked from commit 6021615bbe393381f23b34a7cd0dcfd1a42687ba) Signed-off-by: Michael Niedermayer --- libavcodec/ansi.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/ansi.c b/libavcodec/ansi.c index 655c86970c..bd28a77be9 100644 --- a/libavcodec/ansi.c +++ b/libavcodec/ansi.c @@ -112,7 +112,7 @@ static void hscroll(AVCodecContext *avctx) AnsiContext *s = avctx->priv_data; int i; - if (s->y < avctx->height - s->font_height) { + if (s->y <= avctx->height - 2*s->font_height) { s->y += s->font_height; return; } @@ -165,7 +165,7 @@ static void draw_char(AVCodecContext *avctx, int c) ff_draw_pc_font(s->frame.data[0] + s->y * s->frame.linesize[0] + s->x, s->frame.linesize[0], s->font, s->font_height, c, fg, bg); s->x += FONT_WIDTH; - if (s->x >= avctx->width) { + if (s->x > avctx->width - FONT_WIDTH) { s->x = 0; hscroll(avctx); } From a2bea0df0e4a9d242b2d577d407e1a9d504ec02e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 29 Mar 2013 20:58:42 +0100 Subject: [PATCH 217/452] aacps: correct opdipd code to match spec This fixes out of array reads Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 66e9716a36105f69b9f076b0fec3ec2551c7e3b7) Signed-off-by: Michael Niedermayer --- libavcodec/aacps.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/aacps.c b/libavcodec/aacps.c index b82001e967..9abc296cc7 100644 --- a/libavcodec/aacps.c +++ b/libavcodec/aacps.c @@ -823,7 +823,8 @@ static void stereo_processing(PSContext *ps, float (*l)[32][2], float (*r)[32][2 h12 = H_LUT[iid_mapped[e][b] + 7 + 23 * ps->iid_quant][icc_mapped[e][b]][1]; h21 = H_LUT[iid_mapped[e][b] + 7 + 23 * ps->iid_quant][icc_mapped[e][b]][2]; h22 = H_LUT[iid_mapped[e][b] + 7 + 23 * ps->iid_quant][icc_mapped[e][b]][3]; - if (!PS_BASELINE && ps->enable_ipdopd && b < ps->nr_ipdopd_par) { + + if (!PS_BASELINE && ps->enable_ipdopd && 2*b <= NR_PAR_BANDS[is34]) { //The spec say says to only run this smoother when enable_ipdopd //is set but the reference decoder appears to run it constantly float h11i, h12i, h21i, h22i; From 3d1e4b7ca5d52762c0953b833fea2ee593a1b68f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 2 Jan 2014 17:46:21 +0100 Subject: [PATCH 218/452] avcodec/aacps: fix number of bands used with ipd/opd Fixes use of uninitialized memory Fixes: msan_uninit-mem_7f861d16355f_1664_File1_fixed.aac Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 6433b393ba2b1b410ff18e386f84781a760549f5) Signed-off-by: Michael Niedermayer --- libavcodec/aacps.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/aacps.c b/libavcodec/aacps.c index 9abc296cc7..38783f4566 100644 --- a/libavcodec/aacps.c +++ b/libavcodec/aacps.c @@ -429,6 +429,7 @@ static void hybrid_synthesis(PSDSPContext *dsp, float out[2][38][64], #define DECAY_SLOPE 0.05f /// Number of frequency bands that can be addressed by the parameter index, b(k) static const int NR_PAR_BANDS[] = { 20, 34 }; +static const int NR_IPDOPD_BANDS[] = { 11, 17 }; /// Number of frequency bands that can be addressed by the sub subband index, k static const int NR_BANDS[] = { 71, 91 }; /// Start frequency band for the all-pass filter decay slope @@ -824,7 +825,7 @@ static void stereo_processing(PSContext *ps, float (*l)[32][2], float (*r)[32][2 h21 = H_LUT[iid_mapped[e][b] + 7 + 23 * ps->iid_quant][icc_mapped[e][b]][2]; h22 = H_LUT[iid_mapped[e][b] + 7 + 23 * ps->iid_quant][icc_mapped[e][b]][3]; - if (!PS_BASELINE && ps->enable_ipdopd && 2*b <= NR_PAR_BANDS[is34]) { + if (!PS_BASELINE && ps->enable_ipdopd && b < NR_IPDOPD_BANDS[is34]) { //The spec say says to only run this smoother when enable_ipdopd //is set but the reference decoder appears to run it constantly float h11i, h12i, h21i, h22i; From 47faf347a0ed7c8a28232fa07ad0a53edccad7ac Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 28 Mar 2013 03:16:01 +0100 Subject: [PATCH 219/452] h264_cavlc: fix assertion failure due to reading too long vlc Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 10ece44d0948b44b062d09319052d09d14f7bfdb) Signed-off-by: Michael Niedermayer --- libavcodec/h264_cavlc.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/libavcodec/h264_cavlc.c b/libavcodec/h264_cavlc.c index 089d41aca4..1e979e5eff 100644 --- a/libavcodec/h264_cavlc.c +++ b/libavcodec/h264_cavlc.c @@ -549,9 +549,15 @@ static int decode_residual(H264Context *h, GetBitContext *gb, int16_t *block, in if(prefix<15){ level_code = (prefix<=16) + level_code = 15<=16) { + if(prefix > 25+3){ + av_log(h->avctx, AV_LOG_ERROR, "Invalid level prefix\n"); + return AVERROR_INVALIDDATA; + } level_code += (1<<(prefix-3))-4096; + } + level_code += get_bits(gb, prefix-3); } mask= -(level_code&1); level_code= (((2+level_code)>>1) ^ mask) - mask; From b9058f58bde97af4178c8cffa1bbdc85787de2ab Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 28 Mar 2013 21:09:01 +0100 Subject: [PATCH 220/452] h264_refs: Check for attempts to assign pictures to short & long. Fixes null pointer dereference Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 92002db3eb437414281ad4fb6e84e34862f7fc92) Signed-off-by: Michael Niedermayer --- libavcodec/h264_refs.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/h264_refs.c b/libavcodec/h264_refs.c index 01f79f6a33..2ba36b632c 100644 --- a/libavcodec/h264_refs.c +++ b/libavcodec/h264_refs.c @@ -586,6 +586,9 @@ int ff_h264_execute_ref_pic_marking(H264Context *h, MMCO *mmco, int mmco_count){ if (h->long_ref[mmco[i].long_arg] != h->cur_pic_ptr) { remove_long(h, mmco[i].long_arg, 0); + if (remove_short(h, h->cur_pic_ptr->frame_num, 0)) { + av_log(h->avctx, AV_LOG_ERROR, "mmco: cannot assign current picture to short and long at the same time\n"); + } h->long_ref[ mmco[i].long_arg ]= h->cur_pic_ptr; h->long_ref[ mmco[i].long_arg ]->long_ref=1; From 3f2efac0fec16de92dd110723d73694e3e63946f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 30 Mar 2013 16:04:07 +0100 Subject: [PATCH 221/452] h264: Move slice_table clean out of frame_start Fixes inconsistency ultimately leading to an out of array read Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 746016598d1885afd1fee976b6d315ed7eeefa68) Signed-off-by: Michael Niedermayer --- libavcodec/h264.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index dd16627364..8bc8d7dbb0 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -1782,11 +1782,6 @@ int ff_h264_frame_start(H264Context *h) h->block_offset[48 + 32 + i] = (4 * ((scan8[i] - scan8[0]) & 7) << pixel_shift) + 8 * h->uvlinesize * ((scan8[i] - scan8[0]) >> 3); } - /* Some macroblocks can be accessed before they're available in case - * of lost slices, MBAFF or threading. */ - memset(h->slice_table, -1, - (h->mb_height * h->mb_stride - 1) * sizeof(*h->slice_table)); - // s->decode = (h->flags & CODEC_FLAG_PSNR) || !s->encoding || // h->cur_pic.f.reference /* || h->contains_intra */ || 1; @@ -3499,6 +3494,15 @@ static int decode_slice_header(H264Context *h, H264Context *h0) } else { release_unused_pictures(h, 0); } + /* Some macroblocks can be accessed before they're available in case + * of lost slices, MBAFF or threading. */ + if (FIELD_PICTURE) { + for(i = (h->picture_structure == PICT_BOTTOM_FIELD); imb_height; i++) + memset(h->slice_table + i*h->mb_stride, -1, (h->mb_stride - (i+1==h->mb_height)) * sizeof(*h->slice_table)); + } else { + memset(h->slice_table, -1, + (h->mb_height * h->mb_stride - 1) * sizeof(*h->slice_table)); + } } if (h != h0 && (ret = clone_slice(h, h0)) < 0) return ret; From 97978b7ae8e9313365e0702fe60e226b3c3e0dae Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 30 Mar 2013 19:10:04 +0100 Subject: [PATCH 222/452] h264: move the default_ref_list_done check down after its inputs have been written Fixes out of array read Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 11c3381ce3c353a4dadf9def6232e7604b0c5d2b) Signed-off-by: Michael Niedermayer --- libavcodec/h264.c | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 8bc8d7dbb0..4ecfa40466 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -3110,7 +3110,6 @@ static int decode_slice_header(H264Context *h, H264Context *h0) unsigned int pps_id; int num_ref_idx_active_override_flag, ret; unsigned int slice_type, tmp, i, j; - int default_ref_list_done = 0; int last_pic_structure, last_pic_droppable; int must_reinit; int needs_reinit = 0; @@ -3150,12 +3149,6 @@ static int decode_slice_header(H264Context *h, H264Context *h0) h->slice_type_fixed = 0; slice_type = golomb_to_pict_type[slice_type]; - if (slice_type == AV_PICTURE_TYPE_I || - (h0->current_slice != 0 && - slice_type == h0->last_slice_type && - !memcmp(h0->last_ref_count, h0->ref_count, sizeof(h0->ref_count)))) { - default_ref_list_done = 1; - } h->slice_type = slice_type; h->slice_type_nos = slice_type & 3; @@ -3595,9 +3588,12 @@ static int decode_slice_header(H264Context *h, H264Context *h0) h->list_count = 0; h->ref_count[0] = h->ref_count[1] = 0; } - - if (!default_ref_list_done) + if (slice_type != AV_PICTURE_TYPE_I && + (h0->current_slice == 0 || + slice_type != h0->last_slice_type || + memcmp(h0->last_ref_count, h0->ref_count, sizeof(h0->ref_count)))) { ff_h264_fill_default_ref_list(h); + } if (h->slice_type_nos != AV_PICTURE_TYPE_I && ff_h264_decode_ref_pic_list_reordering(h) < 0) { From c8b90c7cd52600bbfb403793d6665fc90ad78946 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 4 May 2013 20:21:47 +0200 Subject: [PATCH 223/452] h264: Always decode MMCOs into temprary array When decoding succeeded the array is copied into the permanent one. This prevents inconsistencies Fixes assertion failure Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit c40f51e15b91898e5c69fca7c8c67e3da6624dd4) Signed-off-by: Michael Niedermayer --- libavcodec/h264_refs.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/h264_refs.c b/libavcodec/h264_refs.c index 2ba36b632c..196dcfbaeb 100644 --- a/libavcodec/h264_refs.c +++ b/libavcodec/h264_refs.c @@ -696,7 +696,7 @@ int ff_h264_decode_ref_pic_marking(H264Context *h, GetBitContext *gb, int first_slice) { int i, ret; - MMCO mmco_temp[MAX_MMCO_COUNT], *mmco = first_slice ? h->mmco : mmco_temp; + MMCO mmco_temp[MAX_MMCO_COUNT], *mmco = mmco_temp; int mmco_index = 0; if (h->nal_unit_type == NAL_IDR_SLICE){ // FIXME fields @@ -762,6 +762,7 @@ int ff_h264_decode_ref_pic_marking(H264Context *h, GetBitContext *gb, } if (first_slice && mmco_index != -1) { + memcpy(h->mmco, mmco_temp, sizeof(h->mmco)); h->mmco_index = mmco_index; } else if (!first_slice && mmco_index >= 0 && (mmco_index != h->mmco_index || From 15a736483e3cb672e343ab3ffb78281675896d6f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 6 May 2013 01:37:34 +0200 Subject: [PATCH 224/452] h264: check mb_width/height Fixes inconsistency that leads to out of array accesses with threads Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 5a9e3760495e8678ae87314670e3d9d5a1792c8d) Signed-off-by: Michael Niedermayer --- libavcodec/h264.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 4ecfa40466..001882b7cd 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -3208,7 +3208,10 @@ static int decode_slice_header(H264Context *h, H264Context *h0) || 16*h->sps.mb_height * (2 - h->sps.frame_mbs_only_flag) != h->avctx->coded_height || h->avctx->bits_per_raw_sample != h->sps.bit_depth_luma || h->cur_chroma_format_idc != h->sps.chroma_format_idc - || av_cmp_q(h->sps.sar, h->avctx->sample_aspect_ratio))); + || av_cmp_q(h->sps.sar, h->avctx->sample_aspect_ratio) + || h->mb_width != h->sps.mb_width + || h->mb_height != h->sps.mb_height * (2 - h->sps.frame_mbs_only_flag) + )); if (h0->avctx->pix_fmt != get_pixel_format(h0, 0)) must_reinit = 1; From db20610c4967696d3d0b7c48e2555593c2c1d59f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 4 May 2013 16:49:47 +0200 Subject: [PATCH 225/452] wmaprodec: Fix null pointer dereference in decode_frame() Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit c7a7605656633e52ade8a5d32a7c2497b37faef8) Signed-off-by: Michael Niedermayer --- libavcodec/wmaprodec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/wmaprodec.c b/libavcodec/wmaprodec.c index a772e7371a..f0944fe486 100644 --- a/libavcodec/wmaprodec.c +++ b/libavcodec/wmaprodec.c @@ -1572,7 +1572,8 @@ static int decode_packet(AVCodecContext *avctx, void *data, (frame_size = show_bits(gb, s->log2_frame_size)) && frame_size <= remaining_bits(s, gb)) { save_bits(s, gb, frame_size, 0); - s->packet_done = !decode_frame(s, data, got_frame_ptr); + if (!s->packet_loss) + s->packet_done = !decode_frame(s, data, got_frame_ptr); } else if (!s->len_prefix && s->num_saved_bits > get_bits_count(&s->gb)) { /** when the frames do not have a length prefix, we don't know From 884094debae78bc4bad8b6354373a7eec54b6ba1 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 16 Jan 2014 02:52:53 +0100 Subject: [PATCH 226/452] Update for 1.2.5 Signed-off-by: Michael Niedermayer --- RELEASE | 2 +- VERSION | 2 +- doc/Doxyfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/RELEASE b/RELEASE index e8ea05db81..c813fe116c 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -1.2.4 +1.2.5 diff --git a/VERSION b/VERSION index e8ea05db81..c813fe116c 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.2.4 +1.2.5 diff --git a/doc/Doxyfile b/doc/Doxyfile index 6740e77a3f..0736a3d351 100644 --- a/doc/Doxyfile +++ b/doc/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 1.2.4 +PROJECT_NUMBER = 1.2.5 # With the PROJECT_LOGO tag one can specify an logo or icon that is included # in the documentation. The maximum height of the logo should not exceed 55 From 5a0a156e88f7f07b96f9522677ee79c64c8a5c19 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 16 Jan 2014 02:53:32 +0100 Subject: [PATCH 227/452] cmdutils: update year Signed-off-by: Michael Niedermayer --- cmdutils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmdutils.c b/cmdutils.c index 2668ee1486..576d810f24 100644 --- a/cmdutils.c +++ b/cmdutils.c @@ -65,7 +65,7 @@ struct SwsContext *sws_opts; AVDictionary *swr_opts; AVDictionary *format_opts, *codec_opts, *resample_opts; -const int this_year = 2013; +const int this_year = 2014; static FILE *report_file; From 67d20495f592e120b596dcacf14a7193de2dfb8f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 19 Jan 2014 04:55:01 +0100 Subject: [PATCH 228/452] avcodec/mjpegdec: update cur_scan also for non-LS jpeg This should make no difference but the variable will be used in a subsequent commit Signed-off-by: Michael Niedermayer (cherry picked from commit 8893f31e206358d933abe4a5227b5ae89f5f303d) Conflicts: libavcodec/mjpegdec.c --- libavcodec/mjpegdec.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index d399efe6f5..1a0b49b144 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -1596,8 +1596,6 @@ int ff_mjpeg_find_marker(MJpegDecodeContext *s, int t = 0, b = 0; PutBitContext pb; - s->cur_scan++; - /* find marker */ while (src + t < buf_end) { uint8_t x = src[t++]; @@ -1771,6 +1769,7 @@ eoi_parser: goto the_end; case SOS: + s->cur_scan++; if ((ret = ff_mjpeg_decode_sos(s, NULL, NULL)) < 0 && (avctx->err_recognition & AV_EF_EXPLODE)) goto fail; From d81ccf1fb22958041e71d9e6d562a77fb7579d96 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 19 Jan 2014 04:56:13 +0100 Subject: [PATCH 229/452] avcodec/mjpegdec: only run EOI emulation code when there was a scan Signed-off-by: Michael Niedermayer (cherry picked from commit 361e27a3d8096baacc45d2551a1ebfcbfdaa6a67) --- libavcodec/mjpegdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index 1a0b49b144..eaf2659e63 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -1799,7 +1799,7 @@ eoi_parser: (get_bits_count(&s->gb) + 7) / 8, get_bits_count(&s->gb)); } } - if (s->got_picture) { + if (s->got_picture && s->cur_scan) { av_log(avctx, AV_LOG_WARNING, "EOI missing, emulating\n"); goto eoi_parser; } From bd29764c6177f8bb07f70799a5de40df52cfde28 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 19 Jan 2014 06:20:46 +0100 Subject: [PATCH 230/452] avcodec/aacdec: Dont fail if channels arent known yet Fixes Ticket3312 Signed-off-by: Michael Niedermayer (cherry picked from commit 676a395ab903cac623c5d6ddd0928c789e08a59e) Conflicts: libavcodec/aacdec.c --- libavcodec/aacdec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/aacdec.c b/libavcodec/aacdec.c index 7a871c4022..c9eb798d70 100644 --- a/libavcodec/aacdec.c +++ b/libavcodec/aacdec.c @@ -189,6 +189,9 @@ static int frame_configure_elements(AVCodecContext *avctx) } } + if (!avctx->channels) + return 1; + /* get output buffer */ ac->frame->nb_samples = 2048; if ((ret = ff_get_buffer(avctx, ac->frame)) < 0) { From f0fabcc6ed0d6e1db9630ce975afeec2bfa3ede7 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 19 Jan 2014 04:02:11 +0100 Subject: [PATCH 231/452] avcodec/mjpegdec: Dont treat the lack of a startcode differently from end of the bitstream Fixes Ticket3303 Signed-off-by: Michael Niedermayer (cherry picked from commit 31e703e899bee74c50efd8eb62c3d012ef5ab26d) Conflicts: libavcodec/mjpegdec.c --- libavcodec/mjpegdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index eaf2659e63..97e0f12f44 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -1659,7 +1659,7 @@ int ff_mjpeg_decode_frame(AVCodecContext *avctx, void *data, int *got_frame, &unescaped_buf_size); /* EOF */ if (start_code < 0) { - goto the_end; + break; } else if (unescaped_buf_size > (1U<<28)) { av_log(avctx, AV_LOG_ERROR, "MJPEG packet 0x%x too big (0x%x/0x%x), corrupt data?\n", start_code, unescaped_buf_size, buf_size); From b902ba478c81909422668fa7da7878848d792e52 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 19 Jan 2014 16:44:58 +0100 Subject: [PATCH 232/452] avcodec/mjpegdec: Dont skip picture allocation if theres no picture allocated Fixes Ticket 3245 (cherry picked from commit ad8d063f230c05f8b5efbd05cc5a9f51a2549dcf) --- libavcodec/mjpegdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index 97e0f12f44..27b0e5bff1 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -329,7 +329,7 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s) s->first_picture = 0; } - if (s->interlaced && (s->bottom_field == !s->interlace_polarity)) { + if (s->got_picture && s->interlaced && (s->bottom_field == !s->interlace_polarity)) { if (s->progressive) { av_log_ask_for_sample(s->avctx, "progressively coded interlaced pictures not supported\n"); return AVERROR_INVALIDDATA; From 4fdcb1e1b7b1369b74faeeae2358feed7989de1b Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Mon, 20 Jan 2014 22:37:18 +0100 Subject: [PATCH 233/452] Allow decoding of slightly broken Nikon avi files. Fixes ticket #3330. (cherry picked from commit f9c2d4d17e3b18becb046d71811f9e8aa5946cf9) Conflicts: libavformat/avidec.c --- libavformat/avidec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavformat/avidec.c b/libavformat/avidec.c index 2d60bfb9ca..d2f0152735 100644 --- a/libavformat/avidec.c +++ b/libavformat/avidec.c @@ -327,6 +327,7 @@ static void avi_read_nikon(AVFormatContext *s, uint64_t end) uint16_t size = avio_rl16(s->pb); const char *name = NULL; char buffer[64] = {0}; + size = FFMIN(size, tag_end - avio_tell(s->pb)); size -= avio_read(s->pb, buffer, FFMIN(size, sizeof(buffer)-1)); switch (tag) { From 8a38deb789ecc000d1d1258352a67054dbee593a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Sat, 16 Mar 2013 13:36:20 +0100 Subject: [PATCH 234/452] Fix compilation on ARM with android gcc 4.7 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit With the current code it fails due to running out of registers. So code the store offsets manually into the assembler instead. Passes "make fate-dts". Signed-off-by: Reimar Döffinger (cherry picked from commit 8067f55edf3719182aed6e5b57b7863889f80218) Fixes ticket #2756. --- libavcodec/arm/dca.h | 74 +++++++++++++++++++++----------------------- 1 file changed, 36 insertions(+), 38 deletions(-) diff --git a/libavcodec/arm/dca.h b/libavcodec/arm/dca.h index 2cfd18a837..431b62e527 100644 --- a/libavcodec/arm/dca.h +++ b/libavcodec/arm/dca.h @@ -34,46 +34,44 @@ static inline int decode_blockcodes(int code1, int code2, int levels, { int v0, v1, v2, v3, v4, v5; - __asm__ ("smmul %8, %14, %18 \n" - "smmul %11, %15, %18 \n" - "smlabb %14, %8, %17, %14 \n" - "smlabb %15, %11, %17, %15 \n" - "smmul %9, %8, %18 \n" - "smmul %12, %11, %18 \n" - "sub %14, %14, %16, lsr #1 \n" - "sub %15, %15, %16, lsr #1 \n" - "smlabb %8, %9, %17, %8 \n" - "smlabb %11, %12, %17, %11 \n" - "smmul %10, %9, %18 \n" - "smmul %13, %12, %18 \n" - "str %14, %0 \n" - "str %15, %4 \n" - "sub %8, %8, %16, lsr #1 \n" - "sub %11, %11, %16, lsr #1 \n" - "smlabb %9, %10, %17, %9 \n" - "smlabb %12, %13, %17, %12 \n" - "smmul %14, %10, %18 \n" - "smmul %15, %13, %18 \n" - "str %8, %1 \n" - "str %11, %5 \n" - "sub %9, %9, %16, lsr #1 \n" - "sub %12, %12, %16, lsr #1 \n" - "smlabb %10, %14, %17, %10 \n" - "smlabb %13, %15, %17, %13 \n" - "str %9, %2 \n" - "str %12, %6 \n" - "sub %10, %10, %16, lsr #1 \n" - "sub %13, %13, %16, lsr #1 \n" - "str %10, %3 \n" - "str %13, %7 \n" - : "=m"(values[0]), "=m"(values[1]), - "=m"(values[2]), "=m"(values[3]), - "=m"(values[4]), "=m"(values[5]), - "=m"(values[6]), "=m"(values[7]), - "=&r"(v0), "=&r"(v1), "=&r"(v2), + __asm__ ("smmul %0, %6, %10 \n" + "smmul %3, %7, %10 \n" + "smlabb %6, %0, %9, %6 \n" + "smlabb %7, %3, %9, %7 \n" + "smmul %1, %0, %10 \n" + "smmul %4, %3, %10 \n" + "sub %6, %6, %8, lsr #1 \n" + "sub %7, %7, %8, lsr #1 \n" + "smlabb %0, %1, %9, %0 \n" + "smlabb %3, %4, %9, %3 \n" + "smmul %2, %1, %10 \n" + "smmul %5, %4, %10 \n" + "str %6, [%11, #0] \n" + "str %7, [%11, #16] \n" + "sub %0, %0, %8, lsr #1 \n" + "sub %3, %3, %8, lsr #1 \n" + "smlabb %1, %2, %9, %1 \n" + "smlabb %4, %5, %9, %4 \n" + "smmul %6, %2, %10 \n" + "smmul %7, %5, %10 \n" + "str %0, [%11, #4] \n" + "str %3, [%11, #20] \n" + "sub %1, %1, %8, lsr #1 \n" + "sub %4, %4, %8, lsr #1 \n" + "smlabb %2, %6, %9, %2 \n" + "smlabb %5, %7, %9, %5 \n" + "str %1, [%11, #8] \n" + "str %4, [%11, #24] \n" + "sub %2, %2, %8, lsr #1 \n" + "sub %5, %5, %8, lsr #1 \n" + "str %2, [%11, #12] \n" + "str %5, [%11, #28] \n" + : "=&r"(v0), "=&r"(v1), "=&r"(v2), "=&r"(v3), "=&r"(v4), "=&r"(v5), "+&r"(code1), "+&r"(code2) - : "r"(levels - 1), "r"(-levels), "r"(ff_inverse[levels])); + : "r"(levels - 1), "r"(-levels), + "r"(ff_inverse[levels]), "r"(values) + : "memory"); return code1 | code2; } From 89c917fcd92c5e5ae7f226ceb7b1e6a12c82cba7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Storsj=C3=B6?= Date: Thu, 23 Jan 2014 14:07:46 +0200 Subject: [PATCH 235/452] rtpdec_asf: Copy the need_parsing field from the chained demuxer MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This fixes playback of mp3 streams in rtp/asf. This used to work until 950482bf, but mostly by coincidence. Signed-off-by: Martin Storsjö (cherry picked from commit 2aec9e228cb317cca8cda9e03986c8482ea54404) Fixes ticket #3223 --- libavformat/rtpdec_asf.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/rtpdec_asf.c b/libavformat/rtpdec_asf.c index 35603f29e9..2074a1b0db 100644 --- a/libavformat/rtpdec_asf.c +++ b/libavformat/rtpdec_asf.c @@ -144,6 +144,8 @@ static int asfrtp_parse_sdp_line(AVFormatContext *s, int stream_index, if (s->streams[stream_index]->id == rt->asf_ctx->streams[i]->id) { *s->streams[stream_index]->codec = *rt->asf_ctx->streams[i]->codec; + s->streams[stream_index]->need_parsing = + rt->asf_ctx->streams[i]->need_parsing; rt->asf_ctx->streams[i]->codec->extradata_size = 0; rt->asf_ctx->streams[i]->codec->extradata = NULL; avpriv_set_pts_info(s->streams[stream_index], 32, 1, 1000); From 2256b2a3c1a6eae15dbfca0b95a64d911d618f40 Mon Sep 17 00:00:00 2001 From: Anton Khirnov Date: Thu, 27 Feb 2014 21:36:33 +0100 Subject: [PATCH 236/452] pthread_frame: flush all threads on flush, not just the first one avcodec_flush_buffers() must release all internally held references according to its documentation, for which all the threads need to be flushed. Bug-Id: vlc/9665 (cherry picked from commit d1f9563d502037239185c11578cc614bdf0c5870) Conflicts: libavcodec/pthread_frame.c --- libavcodec/pthread.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavcodec/pthread.c b/libavcodec/pthread.c index 1ca72b44f2..7a57c2e186 100644 --- a/libavcodec/pthread.c +++ b/libavcodec/pthread.c @@ -912,8 +912,6 @@ void ff_thread_flush(AVCodecContext *avctx) if (fctx->prev_thread) { if (fctx->prev_thread != &fctx->threads[0]) update_context_from_thread(fctx->threads[0].avctx, fctx->prev_thread->avctx, 0); - if (avctx->codec->flush) - avctx->codec->flush(fctx->threads[0].avctx); } fctx->next_decoding = fctx->next_finished = 0; @@ -925,6 +923,9 @@ void ff_thread_flush(AVCodecContext *avctx) p->got_frame = 0; release_delayed_buffers(p); + + if (avctx->codec->flush) + avctx->codec->flush(fctx->threads[0].avctx); } } From 5e01cd3b697e756cad4ca00f4dd1cfb47512d186 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 17 Jan 2014 20:09:48 +0100 Subject: [PATCH 237/452] dnxhdenc: fix mb_rc size Fixes out of array access with RC_VARIANCE set to 0 Signed-off-by: Michael Niedermayer (cherry picked from commit f1caaa1c61310beba705957e6366f0392a0b005b) Signed-off-by: Michael Niedermayer --- libavcodec/dnxhdenc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/dnxhdenc.c b/libavcodec/dnxhdenc.c index 4b6ce2f60b..3fda531c09 100644 --- a/libavcodec/dnxhdenc.c +++ b/libavcodec/dnxhdenc.c @@ -236,7 +236,7 @@ static int dnxhd_init_qmat(DNXHDEncContext *ctx, int lbias, int cbias) static int dnxhd_init_rc(DNXHDEncContext *ctx) { - FF_ALLOCZ_OR_GOTO(ctx->m.avctx, ctx->mb_rc, 8160*ctx->m.avctx->qmax*sizeof(RCEntry), fail); + FF_ALLOCZ_OR_GOTO(ctx->m.avctx, ctx->mb_rc, 8160*(ctx->m.avctx->qmax + 1)*sizeof(RCEntry), fail); if (ctx->m.avctx->mb_decision != FF_MB_DECISION_RD) FF_ALLOCZ_OR_GOTO(ctx->m.avctx, ctx->mb_cmp, ctx->m.mb_num*sizeof(RCCMPEntry), fail); From e925fd215f9f44bb46c916310c93a20ee28ef245 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 20 Jan 2014 18:08:18 +0100 Subject: [PATCH 238/452] avcodec/vmnc: Check that rectangles are within the picture Prevents out of array accesses with CODEC_FLAG_EMU_EDGE Signed-off-by: Michael Niedermayer (cherry picked from commit 6ba02602aa7fc7d38db582e75b8b093fb3c1608d) Conflicts: libavcodec/vmnc.c Signed-off-by: Michael Niedermayer (cherry picked from commit 7c17207ab9acfaa934e8feb8fba90765c9d0b989) Signed-off-by: Michael Niedermayer --- libavcodec/vmnc.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/vmnc.c b/libavcodec/vmnc.c index eb39fc923d..051e700462 100644 --- a/libavcodec/vmnc.c +++ b/libavcodec/vmnc.c @@ -276,6 +276,11 @@ static int decode_hextile(VmncContext *c, uint8_t* dst, const uint8_t* src, int } xy = *src++; wh = *src++; + if ( (xy >> 4) + (wh >> 4) + 1 > w - i + || (xy & 0xF) + (wh & 0xF)+1 > h - j) { + av_log(c->avctx, AV_LOG_ERROR, "Rectangle outside picture\n"); + return AVERROR_INVALIDDATA; + } paint_rect(dst2, xy >> 4, xy & 0xF, (wh>>4)+1, (wh & 0xF)+1, fg, bpp, stride); } } From ca9d302519b690af1318c4c5ef6aeff118548819 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 31 Jan 2014 19:16:02 +0100 Subject: [PATCH 239/452] avcodec/takdec: always check bits_per_raw_sample Fixes out of array access Fixes: asan_heap-oob_19c7a94_6470_cov_1453611734_luckynight-partial.tak Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit f58eab151214d2d35ff0973f2b3e51c5eb372da4) Signed-off-by: Michael Niedermayer --- libavcodec/takdec.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/libavcodec/takdec.c b/libavcodec/takdec.c index ae751fed16..260e32699e 100644 --- a/libavcodec/takdec.c +++ b/libavcodec/takdec.c @@ -732,11 +732,9 @@ static int tak_decode_frame(AVCodecContext *avctx, void *data, return AVERROR_INVALIDDATA; } - if (s->ti.bps != avctx->bits_per_raw_sample) { - avctx->bits_per_raw_sample = s->ti.bps; - if ((ret = set_bps_params(avctx)) < 0) - return ret; - } + avctx->bits_per_raw_sample = s->ti.bps; + if ((ret = set_bps_params(avctx)) < 0) + return ret; if (s->ti.sample_rate != avctx->sample_rate) { avctx->sample_rate = s->ti.sample_rate; set_sample_rate_params(avctx); From b3cc4bd18f3c43ad2d84448a9f3c20f0c908b15e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 1 Feb 2014 19:04:37 +0100 Subject: [PATCH 240/452] avcodec/vc1: reset fcm/field_mode in non advanced header parsing Fixes NULL pointer dereference Fixes: signal_sigsegv_1ab8bf4_2847_cov_4254117347_SA10091.vc1 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit b51e9354772de446e8196dabf9aad1567b22f74d) Signed-off-by: Michael Niedermayer --- libavcodec/vc1.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/vc1.c b/libavcodec/vc1.c index a6a7bac239..3882816c78 100644 --- a/libavcodec/vc1.c +++ b/libavcodec/vc1.c @@ -580,6 +580,8 @@ int ff_vc1_parse_frame_header(VC1Context *v, GetBitContext* gb) { int pqindex, lowquant, status; + v->field_mode = 0; + v->fcm = 0; if (v->finterpflag) v->interpfrm = get_bits1(gb); if (!v->s.avctx->codec) From bb683ebdba9bfe7521b213c5314ff6ea1fc00990 Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Thu, 30 Jan 2014 14:08:38 -0500 Subject: [PATCH 241/452] samplefmt: avoid integer overflow in av_samples_get_buffer_size() CC:libav-stable@libav.org (cherry picked from commit 0e830094ad0dc251613a0aa3234d9c5c397e02e6) Signed-off-by: Michael Niedermayer --- libavutil/samplefmt.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavutil/samplefmt.c b/libavutil/samplefmt.c index 6f762df9b4..d25cc98fe7 100644 --- a/libavutil/samplefmt.c +++ b/libavutil/samplefmt.c @@ -135,6 +135,8 @@ int av_samples_get_buffer_size(int *linesize, int nb_channels, int nb_samples, /* auto-select alignment if not specified */ if (!align) { + if (nb_samples > INT_MAX - 31) + return AVERROR(EINVAL); align = 1; nb_samples = FFALIGN(nb_samples, 32); } From 11b14d0e63f882171e579f05a0af3b2679dd021a Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 7 Feb 2014 15:07:23 +0100 Subject: [PATCH 242/452] avcodec/wmalosslessdec: fix mclms_coeffs* array size Fixes corruption of context Fixes: 8835659dde6a4f7dcdf341de6a45c6c8-signal_sigsegv_1dce67b_4564_cov_2504444599_classical_22_16_1_14000_v3c_0_extend_0_29.wma Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit ec9578d54d09b64bf112c2bf7a34b1ef3b93dbd3) Signed-off-by: Michael Niedermayer --- libavcodec/wmalosslessdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/wmalosslessdec.c b/libavcodec/wmalosslessdec.c index 331a027133..46b344841e 100644 --- a/libavcodec/wmalosslessdec.c +++ b/libavcodec/wmalosslessdec.c @@ -127,8 +127,8 @@ typedef struct WmallDecodeCtx { int8_t mclms_order; int8_t mclms_scaling; - int16_t mclms_coeffs[128]; - int16_t mclms_coeffs_cur[4]; + int16_t mclms_coeffs[WMALL_MAX_CHANNELS * WMALL_MAX_CHANNELS * 32]; + int16_t mclms_coeffs_cur[WMALL_MAX_CHANNELS * WMALL_MAX_CHANNELS]; int16_t mclms_prevvalues[WMALL_MAX_CHANNELS * 2 * 32]; int16_t mclms_updates[WMALL_MAX_CHANNELS * 2 * 32]; int mclms_recent; From a57d29a50c7a65cd75d55db78ffb24d326aec38f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 13 Feb 2014 13:59:51 +0100 Subject: [PATCH 243/452] avformat/mpegtsenc: Check data array size in mpegts_write_pmt() Prevents out of array writes Signed-off-by: Michael Niedermayer (cherry picked from commit 842b6c14bcfc1c5da1a2d288fd65386eb8c158ad) Conflicts: libavformat/mpegtsenc.c (cherry picked from commit e87de3f50b765134588d0b048c32ed4b8acc16fb) Signed-off-by: Michael Niedermayer --- libavformat/mpegtsenc.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/libavformat/mpegtsenc.c b/libavformat/mpegtsenc.c index 56b9d8506a..d09e4a012a 100644 --- a/libavformat/mpegtsenc.c +++ b/libavformat/mpegtsenc.c @@ -255,7 +255,7 @@ static void mpegts_write_pat(AVFormatContext *s) data, q - data); } -static void mpegts_write_pmt(AVFormatContext *s, MpegTSService *service) +static int mpegts_write_pmt(AVFormatContext *s, MpegTSService *service) { MpegTSWrite *ts = s->priv_data; uint8_t data[1012], *q, *desc_length_ptr, *program_info_length_ptr; @@ -308,6 +308,10 @@ static void mpegts_write_pmt(AVFormatContext *s, MpegTSService *service) stream_type = STREAM_TYPE_PRIVATE_DATA; break; } + + if (q - data > sizeof(data) - 32) + return AVERROR(EINVAL); + *q++ = stream_type; put16(&q, 0xe000 | ts_st->pid); desc_length_ptr = q; @@ -339,7 +343,7 @@ static void mpegts_write_pmt(AVFormatContext *s, MpegTSService *service) len_ptr = q++; *len_ptr = 0; - for (p = lang->value; next && *len_ptr < 255 / 4 * 4; p = next + 1) { + for (p = lang->value; next && *len_ptr < 255 / 4 * 4 && q - data < sizeof(data) - 4; p = next + 1) { next = strchr(p, ','); if (strlen(p) != 3 && (!next || next != p + 3)) continue; /* not a 3-letter code */ @@ -401,6 +405,7 @@ static void mpegts_write_pmt(AVFormatContext *s, MpegTSService *service) } mpegts_write_section1(&service->pmt, PMT_TID, service->sid, 0, 0, 0, data, q - data); + return 0; } /* NOTE: str == NULL is accepted for an empty string */ From ab31a9ee4af5cfc0bab6b318512819fb706d0ff2 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 16 Feb 2014 23:08:52 +0100 Subject: [PATCH 244/452] avcodec/msrle: use av_image_get_linesize() to calculate the linesize Fixes out of array access Fixes: 14a74a0a2dc67ede543f0e35d834fbbe-asan_heap-oob_49572c_556_cov_215466444_44_001_engine_room.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit c919e1ca2ecfc47d796382973ba0e48b8f6f92a2) Conflicts: libavcodec/msrle.c (cherry picked from commit bc1c8ec5e65098fd2ccd8456f667151dfc9cda42) Signed-off-by: Michael Niedermayer --- libavcodec/msrle.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/msrle.c b/libavcodec/msrle.c index 7187d1a5e1..a836e33cbe 100644 --- a/libavcodec/msrle.c +++ b/libavcodec/msrle.c @@ -34,6 +34,7 @@ #include "avcodec.h" #include "msrledec.h" +#include "libavutil/imgutils.h" typedef struct MsrleContext { AVCodecContext *avctx; @@ -112,7 +113,7 @@ static int msrle_decode_frame(AVCodecContext *avctx, /* FIXME how to correctly detect RLE ??? */ if (avctx->height * istride == avpkt->size) { /* assume uncompressed */ - int linesize = (avctx->width * avctx->bits_per_coded_sample + 7) / 8; + int linesize = av_image_get_linesize(avctx->pix_fmt, avctx->width, 0); uint8_t *ptr = s->frame.data[0]; uint8_t *buf = avpkt->data + (avctx->height-1)*istride; int i, j; From 9085cdd677996fe792eef13bcbc670bf250e302b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 17 Feb 2014 20:49:42 +0100 Subject: [PATCH 245/452] avcodec/ansi: fix integer overflow Fixes out of array read Fixes: 5f9698e86d92f19bb08d54ff0d57027f-signal_sigsegv_b30756_3795_cov_2693691257_ansi256.ans Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit d42ec8433c687fcbccefa51a7716d81920218e4f) Signed-off-by: Michael Niedermayer --- libavcodec/ansi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/ansi.c b/libavcodec/ansi.c index bd28a77be9..df04f091b9 100644 --- a/libavcodec/ansi.c +++ b/libavcodec/ansi.c @@ -419,7 +419,7 @@ static int decode_frame(AVCodecContext *avctx, switch(buf[0]) { case '0': case '1': case '2': case '3': case '4': case '5': case '6': case '7': case '8': case '9': - if (s->nb_args < MAX_NB_ARGS) + if (s->nb_args < MAX_NB_ARGS && s->args[s->nb_args] < 6553) s->args[s->nb_args] = FFMAX(s->args[s->nb_args], 0) * 10 + buf[0] - '0'; break; case ';': From b580bae53ac79dafa8578f8cc77e30c435ab3405 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 18 Feb 2014 02:53:14 +0100 Subject: [PATCH 246/452] avcodec/snow: split block clipping checks Fixes out of array read Fixes: d4476f68ca1c1c57afbc45806f581963-asan_heap-oob_2266b27_8607_cov_4044577381_snow_chroma_bug.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 61d59703c91869f4e5cdacd8d6be52f8b89d4ba4) Signed-off-by: Michael Niedermayer --- libavcodec/snow.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libavcodec/snow.h b/libavcodec/snow.h index a3b0512490..f15b50f65f 100644 --- a/libavcodec/snow.h +++ b/libavcodec/snow.h @@ -315,7 +315,8 @@ static av_always_inline void add_yblock(SnowContext *s, int sliced, slice_buffer if(!sliced && !offset_dst) dst -= src_x; src_x=0; - }else if(src_x + b_w > w){ + } + if(src_x + b_w > w){ b_w = w - src_x; } if(src_y<0){ @@ -324,7 +325,8 @@ static av_always_inline void add_yblock(SnowContext *s, int sliced, slice_buffer if(!sliced && !offset_dst) dst -= src_y*dst_stride; src_y=0; - }else if(src_y + b_h> h){ + } + if(src_y + b_h> h){ b_h = h - src_y; } From ddcccababe3492252b3a723c82b6dfc97491677f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 1 Mar 2014 02:40:19 +0100 Subject: [PATCH 247/452] avcodec/utvideoenc: fix slice_bits size Fixes assertion failure Signed-off-by: Michael Niedermayer (cherry picked from commit 0a8c90202bb906747168a698b6837496f82c717c) Conflicts: libavcodec/utvideoenc.c (cherry picked from commit 57522ca79cc38c279123596d3288ddbf56fa8903) Signed-off-by: Michael Niedermayer --- libavcodec/utvideoenc.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/libavcodec/utvideoenc.c b/libavcodec/utvideoenc.c index acb25c3899..ce9f249431 100644 --- a/libavcodec/utvideoenc.c +++ b/libavcodec/utvideoenc.c @@ -468,7 +468,7 @@ static int encode_plane(AVCodecContext *avctx, uint8_t *src, * get the offset in bits and convert to bytes. */ offset += write_huff_codes(dst + sstart * width, c->slice_bits, - width * (send - sstart), width, + width * height + 4, width, send - sstart, he) >> 3; slice_len = offset - slice_len; @@ -525,8 +525,7 @@ static int utvideo_encode_frame(AVCodecContext *avctx, AVPacket *pkt, bytestream2_init_writer(&pb, dst, pkt->size); - av_fast_malloc(&c->slice_bits, &c->slice_bits_size, - width * height + FF_INPUT_BUFFER_PADDING_SIZE); + av_fast_padded_malloc(&c->slice_bits, &c->slice_bits_size, width * height + 4); if (!c->slice_bits) { av_log(avctx, AV_LOG_ERROR, "Cannot allocate temporary buffer 2.\n"); From e63346f7e8d36f99ec85733823de6d1a0fd31f4f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 5 Mar 2014 03:55:25 +0100 Subject: [PATCH 248/452] update for 1.2.6 Signed-off-by: Michael Niedermayer --- RELEASE | 2 +- VERSION | 2 +- doc/Doxyfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/RELEASE b/RELEASE index c813fe116c..3c43790f5d 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -1.2.5 +1.2.6 diff --git a/VERSION b/VERSION index c813fe116c..3c43790f5d 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.2.5 +1.2.6 diff --git a/doc/Doxyfile b/doc/Doxyfile index 0736a3d351..e803996a0e 100644 --- a/doc/Doxyfile +++ b/doc/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 1.2.5 +PROJECT_NUMBER = 1.2.6 # With the PROJECT_LOGO tag one can specify an logo or icon that is included # in the documentation. The maximum height of the logo should not exceed 55 From 0d819ed318ded6e7acdebced7da2e6411caa0fd6 Mon Sep 17 00:00:00 2001 From: Timothy Gu Date: Sun, 23 Feb 2014 16:39:18 -0800 Subject: [PATCH 249/452] configure: use pkg-config to detect libbluray The current configure fails when static libbluray is compiled with libxml2 support. Signed-off-by: Timothy Gu Signed-off-by: Michael Niedermayer (cherry picked from commit baa650cc7946a9eb1cf5a083f61a581a97122f03) Signed-off-by: Timothy Gu Conflicts: configure --- configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure b/configure index d9308104fc..025941f2a7 100755 --- a/configure +++ b/configure @@ -3915,7 +3915,7 @@ enabled gnutls && require_pkg_config gnutls gnutls/gnutls.h gnutls_global_in enabled libiec61883 && require libiec61883 libiec61883/iec61883.h iec61883_cmp_connect -lraw1394 -lavc1394 -lrom1394 -liec61883 enabled libaacplus && require "libaacplus >= 2.0.0" aacplus.h aacplusEncOpen -laacplus enabled libass && require_pkg_config libass ass/ass.h ass_library_init -enabled libbluray && require libbluray libbluray/bluray.h bd_open -lbluray +enabled libbluray && require_pkg_config libbluray libbluray/bluray.h bd_open enabled libcelt && require libcelt celt/celt.h celt_decode -lcelt0 && { check_lib celt/celt.h celt_decoder_create_custom -lcelt0 || die "ERROR: libcelt must be installed and version must be >= 0.11.0."; } From 78197501572abbad33d7458f5009c5f53ecf021a Mon Sep 17 00:00:00 2001 From: Luca Barbato Date: Sat, 27 Jul 2013 15:48:41 +0200 Subject: [PATCH 250/452] avidec: Let the inner dv demuxer take care of discarding Fixes ticket #1796. (cherry picked from commit c8f0b20b4a6bb6691928789d83e4b02896969848) Conflicts: libavformat/avidec.c --- libavformat/avidec.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/libavformat/avidec.c b/libavformat/avidec.c index d2f0152735..6bd644601c 100644 --- a/libavformat/avidec.c +++ b/libavformat/avidec.c @@ -1002,10 +1002,12 @@ start_sync: } } - - if( (st->discard >= AVDISCARD_DEFAULT && size==0) - /*|| (st->discard >= AVDISCARD_NONKEY && !(pkt->flags & AV_PKT_FLAG_KEY))*/ //FIXME needs a little reordering - || st->discard >= AVDISCARD_ALL){ + if (!avi->dv_demux && + ((st->discard >= AVDISCARD_DEFAULT && size == 0) /* || + // FIXME: needs a little reordering + (st->discard >= AVDISCARD_NONKEY && + !(pkt->flags & AV_PKT_FLAG_KEY)) */ + || st->discard >= AVDISCARD_ALL)) { if (!exit_early) { ast->frame_offset += get_duration(ast, size); avio_skip(pb, size); From fb44a3e4a3e333b690fc00bd051c4c2c1a882109 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 11 Mar 2014 20:45:29 +0100 Subject: [PATCH 251/452] avcodec/vorbisdec: use the stored previous window type only when the actual previous is not known Fixes Ticket3432 Signed-off-by: Michael Niedermayer (cherry picked from commit 5171ae781a240cac3860c20f9aefc6d1b2c61cac) --- libavcodec/vorbisdec.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/libavcodec/vorbisdec.c b/libavcodec/vorbisdec.c index bd5b2e43c3..8d106b1170 100644 --- a/libavcodec/vorbisdec.c +++ b/libavcodec/vorbisdec.c @@ -151,7 +151,7 @@ typedef struct vorbis_context_s { uint8_t mode_count; vorbis_mode *modes; uint8_t mode_number; // mode number for the current packet - uint8_t previous_window; + int8_t previous_window; float *channel_residues; float *saved; } vorbis_context; @@ -989,7 +989,7 @@ static int vorbis_parse_id_hdr(vorbis_context *vc) if (!vc->channel_residues || !vc->saved) return AVERROR(ENOMEM); - vc->previous_window = 0; + vc->previous_window = -1; ff_mdct_init(&vc->mdct[0], bl0, 1, -1.0); ff_mdct_init(&vc->mdct[1], bl1, 1, -1.0); @@ -1518,7 +1518,7 @@ static int vorbis_parse_audio_packet(vorbis_context *vc, float **floor_ptr) { GetBitContext *gb = &vc->gb; FFTContext *mdct; - unsigned previous_window = vc->previous_window; + int previous_window = vc->previous_window; unsigned mode_number, blockflag, blocksize; int i, j; uint8_t no_residue[255]; @@ -1551,9 +1551,11 @@ static int vorbis_parse_audio_packet(vorbis_context *vc, float **floor_ptr) blocksize = vc->blocksize[blockflag]; vlen = blocksize / 2; if (blockflag) { - previous_window = get_bits(gb, 1); - skip_bits1(gb); // next_window - } + int code = get_bits(gb, 2); + if (previous_window < 0) + previous_window = code>>1; + } else if (previous_window < 0) + previous_window = 0; memset(ch_res_ptr, 0, sizeof(float) * vc->audio_channels * vlen); //FIXME can this be removed ? for (i = 0; i < vc->audio_channels; ++i) @@ -1783,7 +1785,7 @@ static av_cold void vorbis_decode_flush(AVCodecContext *avctx) memset(vc->saved, 0, (vc->blocksize[1] / 4) * vc->audio_channels * sizeof(*vc->saved)); } - vc->previous_window = 0; + vc->previous_window = -1; } AVCodec ff_vorbis_decoder = { From f31682f2f2b10157b11c5d93c3773b724e0efe9c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 12 Mar 2014 01:50:41 +0100 Subject: [PATCH 252/452] avformat/flvdec: discard inconsistent timestamps Fixes Ticket3425 Signed-off-by: Michael Niedermayer (cherry picked from commit dbc3e1109cddd7ab653dce0f7758bad17b94803d) Conflicts: libavformat/flvdec.c --- libavformat/flvdec.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c index d0511f1582..38801f2d58 100644 --- a/libavformat/flvdec.c +++ b/libavformat/flvdec.c @@ -815,6 +815,10 @@ retry_duration: if (cts < 0) { // dts are wrong flv->wrong_dts = 1; av_log(s, AV_LOG_WARNING, "negative cts, previous timestamps might be wrong\n"); + } else if (FFABS(dts - pts) > 1000*60*15) { + av_log(s, AV_LOG_WARNING, + "invalid timestamps %"PRId64" %"PRId64"\n", dts, pts); + dts = pts = AV_NOPTS_VALUE; } if (flv->wrong_dts) dts = AV_NOPTS_VALUE; From e3ce3d373caf29d457d0eb02c707799d141cbd4c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 17 Mar 2014 02:25:20 +0100 Subject: [PATCH 253/452] avcodec/h264: be more tolerant on what pixel format changes trigger reinits Fixes Ticket3260 Signed-off-by: Michael Niedermayer (cherry picked from commit 8e92ff25469f75f5c1fcbb9ba5721cea341ca34a) Conflicts: libavcodec/h264.c --- libavcodec/h264.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 001882b7cd..8c0544a7b7 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -3094,6 +3094,18 @@ static int h264_slice_header_init(H264Context *h, int reinit) return 0; } +static enum AVPixelFormat non_j_pixfmt(enum AVPixelFormat a) +{ + switch (a) { + case AV_PIX_FMT_YUVJ420P: return AV_PIX_FMT_YUV420P; + case AV_PIX_FMT_YUVJ422P: return AV_PIX_FMT_YUV422P; + case AV_PIX_FMT_YUVJ444P: return AV_PIX_FMT_YUV444P; + default: + return a; + } +} + + /** * Decode a slice header. * This will also call ff_MPV_common_init() and frame_start() as needed. @@ -3212,7 +3224,7 @@ static int decode_slice_header(H264Context *h, H264Context *h0) || h->mb_width != h->sps.mb_width || h->mb_height != h->sps.mb_height * (2 - h->sps.frame_mbs_only_flag) )); - if (h0->avctx->pix_fmt != get_pixel_format(h0, 0)) + if (non_j_pixfmt(h0->avctx->pix_fmt) != non_j_pixfmt(get_pixel_format(h0, 0))) must_reinit = 1; h->mb_width = h->sps.mb_width; From 620d80d5720e401ce1c01c53850457588c70a84a Mon Sep 17 00:00:00 2001 From: Peter Ross Date: Sat, 15 Mar 2014 11:16:19 +1100 Subject: [PATCH 254/452] avcodec/adpcm: ADPCM_IMA_DK3 packets are padded to 16-bit packet boundary Fixes ticket #3461. Signed-off-by: Peter Ross Signed-off-by: Michael Niedermayer (cherry picked from commit d1bb17940dd242e56541775318636bcbe3eab73d) --- libavcodec/adpcm.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/adpcm.c b/libavcodec/adpcm.c index 02de22cee7..6fd4675a4f 100644 --- a/libavcodec/adpcm.c +++ b/libavcodec/adpcm.c @@ -863,6 +863,9 @@ static int adpcm_decode_frame(AVCodecContext *avctx, void *data, *samples++ = c->status[0].predictor + c->status[1].predictor; *samples++ = c->status[0].predictor - c->status[1].predictor; } + + if ((bytestream2_tell(&gb) & 1)) + bytestream2_skip(&gb, 1); break; } case AV_CODEC_ID_ADPCM_IMA_ISS: From b1a960cc83677030c8127f6db068cb2346289448 Mon Sep 17 00:00:00 2001 From: Peter Ross Date: Fri, 14 Mar 2014 20:02:04 +1100 Subject: [PATCH 255/452] avcodec/adpcm: squelch 'mismatch in coded sample count' warning for AV_CODEC_ID_ADPCM_EA_R2/3 These ADPCM codecs include a per-frame flag that enables a raw 16-bit mode. Therefore the the number of samples returned by get_nb_samples() is only ever approximate. Fixes ticket #3460. Signed-off-by: Peter Ross Reviewed-by: Paul B Mahol Signed-off-by: Michael Niedermayer (cherry picked from commit 7380201451a2edfb240cd356579c4c39a87cf5bd) --- libavcodec/adpcm.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/libavcodec/adpcm.c b/libavcodec/adpcm.c index 6fd4675a4f..c7bf3f10bb 100644 --- a/libavcodec/adpcm.c +++ b/libavcodec/adpcm.c @@ -449,9 +449,11 @@ static void adpcm_swf_decode(AVCodecContext *avctx, const uint8_t *buf, int buf_ * @param[out] coded_samples set to the number of samples as coded in the * packet, or 0 if the codec does not encode the * number of samples in each frame. + * @param[out] approx_nb_samples set to non-zero if the number of samples + * returned is an approximation. */ static int get_nb_samples(AVCodecContext *avctx, GetByteContext *gb, - int buf_size, int *coded_samples) + int buf_size, int *coded_samples, int *approx_nb_samples) { ADPCMDecodeContext *s = avctx->priv_data; int nb_samples = 0; @@ -460,6 +462,7 @@ static int get_nb_samples(AVCodecContext *avctx, GetByteContext *gb, int header_size; *coded_samples = 0; + *approx_nb_samples = 0; if(ch <= 0) return 0; @@ -530,10 +533,12 @@ static int get_nb_samples(AVCodecContext *avctx, GetByteContext *gb, case AV_CODEC_ID_ADPCM_EA_R2: header_size = 4 + 5 * ch; *coded_samples = bytestream2_get_le32(gb); + *approx_nb_samples = 1; break; case AV_CODEC_ID_ADPCM_EA_R3: header_size = 4 + 5 * ch; *coded_samples = bytestream2_get_be32(gb); + *approx_nb_samples = 1; break; } *coded_samples -= *coded_samples % 28; @@ -625,11 +630,11 @@ static int adpcm_decode_frame(AVCodecContext *avctx, void *data, int16_t **samples_p; int st; /* stereo */ int count1, count2; - int nb_samples, coded_samples, ret; + int nb_samples, coded_samples, approx_nb_samples, ret; GetByteContext gb; bytestream2_init(&gb, buf, buf_size); - nb_samples = get_nb_samples(avctx, &gb, buf_size, &coded_samples); + nb_samples = get_nb_samples(avctx, &gb, buf_size, &coded_samples, &approx_nb_samples); if (nb_samples <= 0) { av_log(avctx, AV_LOG_ERROR, "invalid number of samples in packet\n"); return AVERROR_INVALIDDATA; @@ -647,7 +652,7 @@ static int adpcm_decode_frame(AVCodecContext *avctx, void *data, /* use coded_samples when applicable */ /* it is always <= nb_samples, so the output buffer will be large enough */ if (coded_samples) { - if (coded_samples != nb_samples) + if (!approx_nb_samples && coded_samples != nb_samples) av_log(avctx, AV_LOG_WARNING, "mismatch in coded sample count\n"); frame->nb_samples = nb_samples = coded_samples; } From a58053dc246219245de6995b8ff34dbbe3c0c970 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 13 Mar 2014 17:32:15 +0100 Subject: [PATCH 256/452] avutil/timestamp: Warn about missing __STDC_FORMAT_MACROS for C++ use Signed-off-by: Michael Niedermayer (cherry picked from commit 8b02dfd37cb3bc9521fc6e1f5b5f13c80d144cd2) Signed-off-by: Michael Niedermayer --- libavutil/timestamp.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavutil/timestamp.h b/libavutil/timestamp.h index c7348d8f12..9559b0cf3f 100644 --- a/libavutil/timestamp.h +++ b/libavutil/timestamp.h @@ -26,6 +26,10 @@ #include "common.h" +#if defined(__cplusplus) && !defined(__STDC_FORMAT_MACROS) && !defined(PRId64) +#error missing -D__STDC_FORMAT_MACROS / #define __STDC_FORMAT_MACROS +#endif + #define AV_TS_MAX_STRING_SIZE 32 /** From d0ba12fa0c6ffcc277da7d7d2754e2b0b5fe6053 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 15 Mar 2014 22:52:22 +0100 Subject: [PATCH 257/452] swscale/x86/swscale: fix missing xmm clobbers in yuv2yuvX_sse3() Signed-off-by: Michael Niedermayer (cherry picked from commit 6c47a4e972485e5f0c812159373f703c6f1d089f) Signed-off-by: Michael Niedermayer --- libswscale/x86/swscale.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libswscale/x86/swscale.c b/libswscale/x86/swscale.c index 2f67b1b03f..318278c17a 100644 --- a/libswscale/x86/swscale.c +++ b/libswscale/x86/swscale.c @@ -271,7 +271,8 @@ static void yuv2yuvX_sse3(const int16_t *filter, int filterSize, "jb 1b \n\t"\ :: "g" (filter), "r" (dest-offset), "g" ((x86_reg)(dstW+offset)), "m" (offset) - : "%"REG_d, "%"REG_S, "%"REG_c + : XMM_CLOBBERS("%xmm0" , "%xmm1" , "%xmm2" , "%xmm3" , "%xmm4" , "%xmm5" , "%xmm7" ,) + "%"REG_d, "%"REG_S, "%"REG_c ); } #endif From f07cebcd910c97ff6012085c21493231752990e9 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 18 Mar 2014 18:06:17 +0100 Subject: [PATCH 258/452] avcodec/h263dec: Fix use of uninitialized memory from the bitstream buffer Signed-off-by: Michael Niedermayer --- libavcodec/h263dec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/h263dec.c b/libavcodec/h263dec.c index e231b08548..df2d7d3d2b 100644 --- a/libavcodec/h263dec.c +++ b/libavcodec/h263dec.c @@ -721,10 +721,10 @@ frame_end: } if(startcode_found){ - av_fast_malloc( + av_fast_padded_mallocz( &s->bitstream_buffer, &s->allocated_bitstream_buffer_size, - buf_size - current_pos + FF_INPUT_BUFFER_PADDING_SIZE); + buf_size - current_pos); if (!s->bitstream_buffer) return AVERROR(ENOMEM); memcpy(s->bitstream_buffer, buf + current_pos, buf_size - current_pos); From da6a8c9cfda5ac28a7936efd317904b9e69daf93 Mon Sep 17 00:00:00 2001 From: Hendrik Leppkes Date: Mon, 4 Nov 2013 16:22:27 +0100 Subject: [PATCH 259/452] avformat/mov: only force parsing for video tracks if stss is empty Fixes playback of some AAC streams, which are otherwise mangled by the parser, and stss is typically only valid for video anyway. Fixes a regression since e41ea866. Signed-off-by: Michael Niedermayer (cherry picked from commit 019247bdc326a90bf20d3ce5d2413cc642e8bb08) --- libavformat/mov.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index fa7d645969..b5d3e93ad5 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -1679,7 +1679,7 @@ static int mov_read_stss(MOVContext *c, AVIOContext *pb, MOVAtom atom) if (!entries) { sc->keyframe_absent = 1; - if (!st->need_parsing) + if (!st->need_parsing && st->codec->codec_type == AVMEDIA_TYPE_VIDEO) st->need_parsing = AVSTREAM_PARSE_HEADERS; return 0; } From 5202621ac413ff82a65ee81d145e5ee704360c22 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 12 Feb 2014 06:32:51 +0100 Subject: [PATCH 260/452] avformat/mov: fix keyframe flags for sample from chromium Issue 340865 Fixes ticket #3362. Signed-off-by: Michael Niedermayer (cherry picked from commit a0911b059763b8f13c70adcbbe71e10382855104) --- libavformat/mov.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavformat/mov.c b/libavformat/mov.c index b5d3e93ad5..c2d2a07893 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -2017,6 +2017,11 @@ static void mov_build_index(MOVContext *mov, AVStream *st) rap_group_index++; } } + if (sc->keyframe_absent + && !sc->stps_count + && !rap_group_present + && st->codec->codec_type == AVMEDIA_TYPE_AUDIO) + keyframe = 1; if (keyframe) distance = 0; sample_size = sc->alt_sample_size > 0 ? sc->alt_sample_size : sc->sample_sizes[current_sample]; From 9060c10c659cc4ab397585f8dba1ab3bf9aa2a0b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 19 Jan 2014 20:59:28 +0100 Subject: [PATCH 261/452] avformat/matroskaenc: wrap V_QUICKTIME codec private in something that looks like its part of quicktime stsd This is needed for matroska spec compliance Fixes playback of SVQ3 in matroska with vlc Fixes Ticket 3256 Signed-off-by: Michael Niedermayer (cherry picked from commit 8456bd2c0f3b08756f353646fe3b40a6772e665e) --- libavformat/matroskaenc.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/libavformat/matroskaenc.c b/libavformat/matroskaenc.c index 05890d3577..5869af1123 100644 --- a/libavformat/matroskaenc.c +++ b/libavformat/matroskaenc.c @@ -501,8 +501,18 @@ static int mkv_write_codecprivate(AVFormatContext *s, AVIOContext *pb, AVCodecCo if (qt_id) { if (!codec->codec_tag) codec->codec_tag = ff_codec_get_tag(ff_codec_movvideo_tags, codec->codec_id); - if (codec->extradata_size) + if (codec->extradata_size) { + if ( ff_codec_get_id(ff_codec_movvideo_tags, codec->codec_tag) == codec->codec_id + && ff_codec_get_id(ff_codec_movvideo_tags, AV_RL32(codec->extradata+4)) != codec->codec_id + ) { + int i; + avio_wb32(dyn_cp, 0x5a + codec->extradata_size); + avio_wl32(dyn_cp, codec->codec_tag); + for(i=0; i<0x5a-8; i++) + avio_w8(dyn_cp, 0); + } avio_write(dyn_cp, codec->extradata, codec->extradata_size); + } } else { if (!codec->codec_tag) codec->codec_tag = ff_codec_get_tag(ff_codec_bmp_tags, codec->codec_id); From 8ee704c39297033b58c3fa59a38288006346f4cd Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 19 Jan 2014 18:35:33 +0100 Subject: [PATCH 262/452] avformat/matroskadec: support SVQ3 as generated by mkvtoolnix-6.6.0 Fixes part of Ticket3256 Signed-off-by: Michael Niedermayer (cherry picked from commit 5800b08572ef5f776950fc6f1b6572ba9a6b1933) Conflicts: libavformat/matroskadec.c --- libavformat/matroskadec.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index ebad0d51b9..1d0f1b2eb5 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -1634,8 +1634,12 @@ static int matroska_read_header(AVFormatContext *s) } else if (!strcmp(track->codec_id, "V_QUICKTIME") && (track->codec_priv.size >= 86) && (track->codec_priv.data != NULL)) { - fourcc = AV_RL32(track->codec_priv.data); + fourcc = AV_RL32(track->codec_priv.data + 4); codec_id = ff_codec_get_id(ff_codec_movvideo_tags, fourcc); + if (ff_codec_get_id(ff_codec_movvideo_tags, AV_RL32(track->codec_priv.data))) { + fourcc = AV_RL32(track->codec_priv.data); + codec_id = ff_codec_get_id(ff_codec_movvideo_tags, fourcc); + } } else if (codec_id == AV_CODEC_ID_ALAC && track->codec_priv.size && track->codec_priv.size < INT_MAX-12) { /* Only ALAC's magic cookie is stored in Matroska's track headers. Create the "atom size", "tag", and "tag version" fields the From 5219e20d58e15305e188ba60a75bfc37a1f82341 Mon Sep 17 00:00:00 2001 From: Peter Ross Date: Sat, 19 Apr 2014 12:12:00 +1000 Subject: [PATCH 263/452] ff_id3v2_free_extra_meta: set the pointer pointing to extra_meta to NULL Fixes ticket #3530. Signed-off-by: Peter Ross Signed-off-by: Michael Niedermayer (cherry picked from commit c94305ae23318c8956a30485cd5642829f4f16a9) --- libavformat/id3v2.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/id3v2.c b/libavformat/id3v2.c index 2cab5ac304..2e8d06d6b0 100644 --- a/libavformat/id3v2.c +++ b/libavformat/id3v2.c @@ -822,6 +822,8 @@ void ff_id3v2_free_extra_meta(ID3v2ExtraMeta **extra_meta) av_freep(¤t); current = next; } + + *extra_meta = NULL; } int ff_id3v2_parse_apic(AVFormatContext *s, ID3v2ExtraMeta **extra_meta) From 7f8aa37bc3666d060b3eb2baa02fcea3597a22fd Mon Sep 17 00:00:00 2001 From: Peter Ross Date: Fri, 18 Apr 2014 14:49:40 +1000 Subject: [PATCH 264/452] ff_id3v2_read: add option to limit ID3 magic number search Several chunked formats (AIFF, IFF,DSF) store ID3 metadata within an 'ID3 ' chunk tag. If such chunks are stored sequentially, it is possible for the ID3v2 parser to confuse the chunk tag for the ID3 magic number. e.g. [1st chunk tag ('ID3 ') | chunk size] [ID3 magic number | metadata ...] [2nd chunk tag ('ID3 ') | chunk size] [ID3 magic number | metadata ...] Fixes ticket #3530. Signed-off-by: Peter Ross Signed-off-by: Michael Niedermayer (cherry picked from commit 5331773cc33ba26b9e26ace643d926219e46a17b) Conflicts: libavformat/dsfdec.c libavformat/id3v2.c --- libavformat/aiffdec.c | 2 +- libavformat/asfdec.c | 2 +- libavformat/id3v2.c | 15 +++++++++++++-- libavformat/id3v2.h | 4 +++- libavformat/omadec.c | 2 +- libavformat/utils.c | 2 +- 6 files changed, 20 insertions(+), 7 deletions(-) diff --git a/libavformat/aiffdec.c b/libavformat/aiffdec.c index 4a2629888b..396abb162d 100644 --- a/libavformat/aiffdec.c +++ b/libavformat/aiffdec.c @@ -237,7 +237,7 @@ static int aiff_read_header(AVFormatContext *s) break; case MKTAG('I', 'D', '3', ' '): position = avio_tell(pb); - ff_id3v2_read(s, ID3v2_DEFAULT_MAGIC, &id3v2_extra_meta); + ff_id3v2_read(s, ID3v2_DEFAULT_MAGIC, &id3v2_extra_meta, size); if (id3v2_extra_meta) if ((ret = ff_id3v2_parse_apic(s, &id3v2_extra_meta)) < 0) { ff_id3v2_free_extra_meta(&id3v2_extra_meta); diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c index de42b45a8e..74201cff1a 100644 --- a/libavformat/asfdec.c +++ b/libavformat/asfdec.c @@ -268,7 +268,7 @@ static void get_id3_tag(AVFormatContext *s, int len) { ID3v2ExtraMeta *id3v2_extra_meta = NULL; - ff_id3v2_read(s, ID3v2_DEFAULT_MAGIC, &id3v2_extra_meta); + ff_id3v2_read(s, ID3v2_DEFAULT_MAGIC, &id3v2_extra_meta, len); if (id3v2_extra_meta) ff_id3v2_parse_apic(s, &id3v2_extra_meta); ff_id3v2_free_extra_meta(&id3v2_extra_meta); diff --git a/libavformat/id3v2.c b/libavformat/id3v2.c index 2e8d06d6b0..8fdcc8a032 100644 --- a/libavformat/id3v2.c +++ b/libavformat/id3v2.c @@ -777,16 +777,27 @@ seek: return; } -void ff_id3v2_read(AVFormatContext *s, const char *magic, ID3v2ExtraMeta **extra_meta) +void ff_id3v2_read(AVFormatContext *s, const char *magic, ID3v2ExtraMeta **extra_meta, + unsigned int max_search_size) { int len, ret; uint8_t buf[ID3v2_HEADER_SIZE]; int found_header; - int64_t off; + int64_t start, off; + if (max_search_size && max_search_size < ID3v2_HEADER_SIZE) + return; + + start = avio_tell(s->pb); do { /* save the current offset in case there's nothing to read/skip */ off = avio_tell(s->pb); + ret = avio_read(s->pb, buf, ID3v2_HEADER_SIZE); + if (max_search_size && off - start >= max_search_size - ID3v2_HEADER_SIZE) { + avio_seek(s->pb, off, SEEK_SET); + break; + } + ret = avio_read(s->pb, buf, ID3v2_HEADER_SIZE); if (ret != ID3v2_HEADER_SIZE) { avio_seek(s->pb, off, SEEK_SET); diff --git a/libavformat/id3v2.h b/libavformat/id3v2.h index f7270106a1..4fe59a5477 100644 --- a/libavformat/id3v2.h +++ b/libavformat/id3v2.h @@ -93,8 +93,10 @@ int ff_id3v2_tag_len(const uint8_t *buf); * Read an ID3v2 tag, including supported extra metadata * @param extra_meta If not NULL, extra metadata is parsed into a list of * ID3v2ExtraMeta structs and *extra_meta points to the head of the list + * @param[opt] max_search_search restrict ID3 magic number search (bytes from start) */ -void ff_id3v2_read(AVFormatContext *s, const char *magic, ID3v2ExtraMeta **extra_meta); +void ff_id3v2_read(AVFormatContext *s, const char *magic, ID3v2ExtraMeta **extra_meta, + unsigned int max_search_size); /** * Initialize an ID3v2 tag. diff --git a/libavformat/omadec.c b/libavformat/omadec.c index 8d29675c1c..34d63a377c 100644 --- a/libavformat/omadec.c +++ b/libavformat/omadec.c @@ -275,7 +275,7 @@ static int oma_read_header(AVFormatContext *s) ID3v2ExtraMeta *extra_meta = NULL; OMAContext *oc = s->priv_data; - ff_id3v2_read(s, ID3v2_EA3_MAGIC, &extra_meta); + ff_id3v2_read(s, ID3v2_EA3_MAGIC, &extra_meta, 0); ret = avio_read(s->pb, buf, EA3_HEADER_SIZE); if (ret < EA3_HEADER_SIZE) return -1; diff --git a/libavformat/utils.c b/libavformat/utils.c index d32f584197..821b23d642 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -620,7 +620,7 @@ int avformat_open_input(AVFormatContext **ps, const char *filename, AVInputForma /* e.g. AVFMT_NOFILE formats will not have a AVIOContext */ if (s->pb) - ff_id3v2_read(s, ID3v2_DEFAULT_MAGIC, &id3v2_extra_meta); + ff_id3v2_read(s, ID3v2_DEFAULT_MAGIC, &id3v2_extra_meta, 0); if (!(s->flags&AVFMT_FLAG_PRIV_OPT) && s->iformat->read_header) if ((ret = s->iformat->read_header(s)) < 0) From 1530fbccac86a33fe46cf87de901f839d25b5034 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 22 Apr 2014 04:00:32 +0200 Subject: [PATCH 265/452] avformat/avidec: Speed up keyframe detection code Fixes Ticket3531 Signed-off-by: Michael Niedermayer (cherry picked from commit 57fb570908df2e84b11635f12b5be1fb27f053eb) Conflicts: libavformat/avidec.c --- libavformat/avidec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/avidec.c b/libavformat/avidec.c index 6bd644601c..e3a153af1f 100644 --- a/libavformat/avidec.c +++ b/libavformat/avidec.c @@ -1198,7 +1198,7 @@ resync: int index; av_assert0(st->index_entries); - index= av_index_search_timestamp(st, ast->frame_offset, 0); + index= av_index_search_timestamp(st, ast->frame_offset, AVSEEK_FLAG_ANY); e= &st->index_entries[index]; if(index >= 0 && e->timestamp == ast->frame_offset){ From 0759bdc315493f71871b36ed920d05a2a16965b0 Mon Sep 17 00:00:00 2001 From: Stefano Sabatini Date: Tue, 22 Apr 2014 13:01:14 +0200 Subject: [PATCH 266/452] ffprobe: fix scaling of vali in value_string() in case -prefix is selected Fix trac ticket #3523. (cherry picked from commit 1ba59b1cbeafe7cd28db04f772abd89eb7e4ce1e) --- ffprobe.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ffprobe.c b/ffprobe.c index 940e979848..5024af82a6 100644 --- a/ffprobe.c +++ b/ffprobe.c @@ -203,6 +203,7 @@ static char *value_string(char *buf, int buf_size, struct unit_value uv) vald /= pow(10, index * 3); prefix_string = decimal_unit_prefixes[index]; } + vali = vald; } if (show_float || (use_value_prefix && vald != (long long int)vald)) From 2c71734d9ef18b991c2947b67c4c663e0b09b72e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 30 Apr 2014 04:12:29 +0200 Subject: [PATCH 267/452] avcodec/vorbisdec: try to workaround libvorbisenc bug Fixes Ticket3590 Signed-off-by: Michael Niedermayer (cherry picked from commit 0a266cb55af9794fc5cff695d35cae4111e4334f) Conflicts: libavcodec/vorbisdec.c --- libavcodec/vorbisdec.c | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/libavcodec/vorbisdec.c b/libavcodec/vorbisdec.c index 8d106b1170..3e1d41bca1 100644 --- a/libavcodec/vorbisdec.c +++ b/libavcodec/vorbisdec.c @@ -701,8 +701,7 @@ static int vorbis_parse_setup_hdr_residues(vorbis_context *vc) res_setup->partition_size = get_bits(gb, 24) + 1; /* Validations to prevent a buffer overflow later. */ if (res_setup->begin>res_setup->end || - res_setup->end > (res_setup->type == 2 ? vc->audio_channels : 1) * vc->blocksize[1] / 2 || - (res_setup->end-res_setup->begin) / res_setup->partition_size > V_MAX_PARTITIONS) { + (res_setup->end-res_setup->begin) / res_setup->partition_size > FFMIN(V_MAX_PARTITIONS, 65535)) { av_log(vc->avctx, AV_LOG_ERROR, "partition out of bounds: type, begin, end, size, blocksize: %"PRIu16", %"PRIu32", %"PRIu32", %u, %"PRIu32"\n", res_setup->type, res_setup->begin, res_setup->end, @@ -1325,6 +1324,7 @@ static av_always_inline int vorbis_residue_decode_internal(vorbis_context *vc, uint8_t *classifs = vr->classifs; unsigned pass, ch_used, i, j, k, l; unsigned max_output = (ch - 1) * vlen; + int libvorbis_bug = 0; if (vr_type == 2) { for (j = 1; j < ch; ++j) @@ -1339,8 +1339,13 @@ static av_always_inline int vorbis_residue_decode_internal(vorbis_context *vc, } if (max_output > ch_left * vlen) { - av_log(vc->avctx, AV_LOG_ERROR, "Insufficient output buffer\n"); - return -1; + if (max_output <= ch_left * vlen + vr->partition_size*ch_used/ch) { + ptns_to_read--; + libvorbis_bug = 1; + } else { + av_log(vc->avctx, AV_LOG_ERROR, "Insufficient output buffer\n"); + return AVERROR_INVALIDDATA; + } } av_dlog(NULL, " residue type 0/1/2 decode begin, ch: %d cpc %d \n", ch, c_p_c); @@ -1466,6 +1471,14 @@ static av_always_inline int vorbis_residue_decode_internal(vorbis_context *vc, voffset += vr->partition_size; } } + if (libvorbis_bug && !pass) { + for (j = 0; j < ch_used; ++j) { + if (!do_not_decode[j]) { + get_vlc2(&vc->gb, vc->codebooks[vr->classbook].vlc.table, + vc->codebooks[vr->classbook].nb_bits, 3); + } + } + } } return 0; } From 3d79041f85498eee309bc3c2adc985a9686a5057 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 30 Apr 2014 06:21:58 +0200 Subject: [PATCH 268/452] sws: dont use the optimized 410->420 unscaled conversion when height%4 Fixes Ticket3594 Signed-off-by: Michael Niedermayer (cherry picked from commit 421b21ca8a02a346ba03cea3bb2ecc33f791fc30) --- libswscale/swscale_unscaled.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libswscale/swscale_unscaled.c b/libswscale/swscale_unscaled.c index 8da73b26c2..f6c3b3559b 100644 --- a/libswscale/swscale_unscaled.c +++ b/libswscale/swscale_unscaled.c @@ -1017,7 +1017,7 @@ void ff_get_unscaled_swscale(SwsContext *c) c->swScale = ff_yuv2rgb_get_func_ptr(c); } - if (srcFormat == AV_PIX_FMT_YUV410P && + if (srcFormat == AV_PIX_FMT_YUV410P && !(dstH & 3) && (dstFormat == AV_PIX_FMT_YUV420P || dstFormat == AV_PIX_FMT_YUVA420P) && !(flags & SWS_BITEXACT)) { c->swScale = yvu9ToYv12Wrapper; From 9e9d92bbcc4fb25fbe2bbc3b9aff3f29ed7b7ee5 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 4 Jun 2014 05:04:13 +0200 Subject: [PATCH 269/452] avformat/avidec: allow rounding errors between scale/rate and timebase Fixes Ticket3670 Signed-off-by: Michael Niedermayer (cherry picked from commit 571ab8344a9a2864d22d01af41283cee9328b927) Conflicts: libavformat/avidec.c --- libavformat/avidec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/avidec.c b/libavformat/avidec.c index e3a153af1f..fbbcde7dff 100644 --- a/libavformat/avidec.c +++ b/libavformat/avidec.c @@ -1520,7 +1520,7 @@ static int avi_read_seek(AVFormatContext *s, int stream_index, int64_t timestamp continue; // av_assert1(st2->codec->block_align); - av_assert0((int64_t)st2->time_base.num*ast2->rate == (int64_t)st2->time_base.den*ast2->scale); + av_assert0(fabs(av_q2d(st2->time_base) - ast2->scale / (double)ast2->rate) < av_q2d(st2->time_base) * 0.00000001); index = av_index_search_timestamp( st2, av_rescale_q(timestamp, st->time_base, st2->time_base) * FFMAX(ast2->sample_size, 1), From 0983720cf2b45d6f8b19ab406ff2f07c34caedf1 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Thu, 29 May 2014 08:41:15 +0200 Subject: [PATCH 270/452] avcodec/utvideodec: Increase vlc len Fixes a regression since fb3e380 similar to ticket #2661, reported by fluffrabbit at aol dot com. Signed-off-by: Michael Niedermayer (cherry picked from commit 673716c54b39eba9579a38ad222130e3f9549167) Conflicts: libavcodec/utvideodec.c --- libavcodec/utvideodec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/utvideodec.c b/libavcodec/utvideodec.c index 259030aac5..3108159bbd 100644 --- a/libavcodec/utvideodec.c +++ b/libavcodec/utvideodec.c @@ -70,7 +70,7 @@ static int build_huff(const uint8_t *src, VLC *vlc, int *fsym) code += 0x80000000u >> (he[i].len - 1); } - return ff_init_vlc_sparse(vlc, FFMIN(he[last].len, 9), last + 1, + return ff_init_vlc_sparse(vlc, FFMIN(he[last].len, 11), last + 1, bits, sizeof(*bits), sizeof(*bits), codes, sizeof(*codes), sizeof(*codes), syms, sizeof(*syms), sizeof(*syms), 0); From 71516ac175aaf10466db1998205aea8a31387370 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Storsj=C3=B6?= Date: Thu, 5 Jun 2014 11:56:10 +0300 Subject: [PATCH 271/452] adpcm: Fix trellis encoding of IMA QT This was broken in 095be4fb - samples+ch (for the previous non-planar case) equals &samples_p[ch][0]. The confusion probably stemmed from the IMA WAV case where it originally was &samples[avctx->channels + ch], which was correctly changed into &samples_p[ch][1]. Fixes part of Ticket3701 Signed-off-by: Michael Niedermayer (cherry picked from commit a32765c4252eb106a2ade543026ef6f59e699bfa) --- libavcodec/adpcmenc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/adpcmenc.c b/libavcodec/adpcmenc.c index 59f016bdb1..fed0cc8a19 100644 --- a/libavcodec/adpcmenc.c +++ b/libavcodec/adpcmenc.c @@ -557,7 +557,7 @@ static int adpcm_encode_frame(AVCodecContext *avctx, AVPacket *avpkt, put_bits(&pb, 7, status->step_index); if (avctx->trellis > 0) { uint8_t buf[64]; - adpcm_compress_trellis(avctx, &samples_p[ch][1], buf, status, + adpcm_compress_trellis(avctx, &samples_p[ch][0], buf, status, 64, 1); for (i = 0; i < 64; i++) put_bits(&pb, 4, buf[i ^ 1]); From 401b3dafd989b4a016064e1906086be5ff3ea39a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Storsj=C3=B6?= Date: Fri, 6 Jun 2014 12:03:09 +0300 Subject: [PATCH 272/452] adpcm: Write the proper predictor in trellis mode in IMA QT The actual predictor value, set by the trellis code, never was written back into the variable that was written into the block header. This was accidentally removed in b304244b. This significantly improves the audio quality of the trellis case, which was plain broken since b304244b. Encoding IMA QT with trellis still actually gives a slightly worse quality than without trellis, since the trellis encoder doesn't use the exact same way of rounding as in adpcm_ima_qt_compress_sample and adpcm_ima_qt_expand_nibble. Fixes part of Ticket3701 Signed-off-by: Michael Niedermayer (cherry picked from commit fa8f060b75bf9074792a0f9ff4ed002652ef62b8) Conflicts: tests/ref/acodec/adpcm-ima_qt-trellis --- libavcodec/adpcmenc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/adpcmenc.c b/libavcodec/adpcmenc.c index fed0cc8a19..5bcaeb14be 100644 --- a/libavcodec/adpcmenc.c +++ b/libavcodec/adpcmenc.c @@ -561,6 +561,7 @@ static int adpcm_encode_frame(AVCodecContext *avctx, AVPacket *avpkt, 64, 1); for (i = 0; i < 64; i++) put_bits(&pb, 4, buf[i ^ 1]); + status->prev_sample = status->predictor; } else { for (i = 0; i < 64; i += 2) { int t1, t2; From 3ac85d70f09dd8ffa96c3f4a13a93f0f465ba6a4 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Fri, 20 Jun 2014 01:58:14 +0200 Subject: [PATCH 273/452] Revert two backports to release/1.2 that broke fate. Revert "ff_id3v2_read: add option to limit ID3 magic number search" Revert "ff_id3v2_free_extra_meta: set the pointer pointing to extra_meta to NULL" This reverts commit 7f8aa37bc3666d060b3eb2baa02fcea3597a22fd. This reverts commit 5219e20d58e15305e188ba60a75bfc37a1f82341. --- libavformat/aiffdec.c | 2 +- libavformat/asfdec.c | 2 +- libavformat/id3v2.c | 17 ++--------------- libavformat/id3v2.h | 4 +--- libavformat/omadec.c | 2 +- libavformat/utils.c | 2 +- 6 files changed, 7 insertions(+), 22 deletions(-) diff --git a/libavformat/aiffdec.c b/libavformat/aiffdec.c index 396abb162d..4a2629888b 100644 --- a/libavformat/aiffdec.c +++ b/libavformat/aiffdec.c @@ -237,7 +237,7 @@ static int aiff_read_header(AVFormatContext *s) break; case MKTAG('I', 'D', '3', ' '): position = avio_tell(pb); - ff_id3v2_read(s, ID3v2_DEFAULT_MAGIC, &id3v2_extra_meta, size); + ff_id3v2_read(s, ID3v2_DEFAULT_MAGIC, &id3v2_extra_meta); if (id3v2_extra_meta) if ((ret = ff_id3v2_parse_apic(s, &id3v2_extra_meta)) < 0) { ff_id3v2_free_extra_meta(&id3v2_extra_meta); diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c index 74201cff1a..de42b45a8e 100644 --- a/libavformat/asfdec.c +++ b/libavformat/asfdec.c @@ -268,7 +268,7 @@ static void get_id3_tag(AVFormatContext *s, int len) { ID3v2ExtraMeta *id3v2_extra_meta = NULL; - ff_id3v2_read(s, ID3v2_DEFAULT_MAGIC, &id3v2_extra_meta, len); + ff_id3v2_read(s, ID3v2_DEFAULT_MAGIC, &id3v2_extra_meta); if (id3v2_extra_meta) ff_id3v2_parse_apic(s, &id3v2_extra_meta); ff_id3v2_free_extra_meta(&id3v2_extra_meta); diff --git a/libavformat/id3v2.c b/libavformat/id3v2.c index 8fdcc8a032..2cab5ac304 100644 --- a/libavformat/id3v2.c +++ b/libavformat/id3v2.c @@ -777,27 +777,16 @@ seek: return; } -void ff_id3v2_read(AVFormatContext *s, const char *magic, ID3v2ExtraMeta **extra_meta, - unsigned int max_search_size) +void ff_id3v2_read(AVFormatContext *s, const char *magic, ID3v2ExtraMeta **extra_meta) { int len, ret; uint8_t buf[ID3v2_HEADER_SIZE]; int found_header; - int64_t start, off; + int64_t off; - if (max_search_size && max_search_size < ID3v2_HEADER_SIZE) - return; - - start = avio_tell(s->pb); do { /* save the current offset in case there's nothing to read/skip */ off = avio_tell(s->pb); - ret = avio_read(s->pb, buf, ID3v2_HEADER_SIZE); - if (max_search_size && off - start >= max_search_size - ID3v2_HEADER_SIZE) { - avio_seek(s->pb, off, SEEK_SET); - break; - } - ret = avio_read(s->pb, buf, ID3v2_HEADER_SIZE); if (ret != ID3v2_HEADER_SIZE) { avio_seek(s->pb, off, SEEK_SET); @@ -833,8 +822,6 @@ void ff_id3v2_free_extra_meta(ID3v2ExtraMeta **extra_meta) av_freep(¤t); current = next; } - - *extra_meta = NULL; } int ff_id3v2_parse_apic(AVFormatContext *s, ID3v2ExtraMeta **extra_meta) diff --git a/libavformat/id3v2.h b/libavformat/id3v2.h index 4fe59a5477..f7270106a1 100644 --- a/libavformat/id3v2.h +++ b/libavformat/id3v2.h @@ -93,10 +93,8 @@ int ff_id3v2_tag_len(const uint8_t *buf); * Read an ID3v2 tag, including supported extra metadata * @param extra_meta If not NULL, extra metadata is parsed into a list of * ID3v2ExtraMeta structs and *extra_meta points to the head of the list - * @param[opt] max_search_search restrict ID3 magic number search (bytes from start) */ -void ff_id3v2_read(AVFormatContext *s, const char *magic, ID3v2ExtraMeta **extra_meta, - unsigned int max_search_size); +void ff_id3v2_read(AVFormatContext *s, const char *magic, ID3v2ExtraMeta **extra_meta); /** * Initialize an ID3v2 tag. diff --git a/libavformat/omadec.c b/libavformat/omadec.c index 34d63a377c..8d29675c1c 100644 --- a/libavformat/omadec.c +++ b/libavformat/omadec.c @@ -275,7 +275,7 @@ static int oma_read_header(AVFormatContext *s) ID3v2ExtraMeta *extra_meta = NULL; OMAContext *oc = s->priv_data; - ff_id3v2_read(s, ID3v2_EA3_MAGIC, &extra_meta, 0); + ff_id3v2_read(s, ID3v2_EA3_MAGIC, &extra_meta); ret = avio_read(s->pb, buf, EA3_HEADER_SIZE); if (ret < EA3_HEADER_SIZE) return -1; diff --git a/libavformat/utils.c b/libavformat/utils.c index 821b23d642..d32f584197 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -620,7 +620,7 @@ int avformat_open_input(AVFormatContext **ps, const char *filename, AVInputForma /* e.g. AVFMT_NOFILE formats will not have a AVIOContext */ if (s->pb) - ff_id3v2_read(s, ID3v2_DEFAULT_MAGIC, &id3v2_extra_meta, 0); + ff_id3v2_read(s, ID3v2_DEFAULT_MAGIC, &id3v2_extra_meta); if (!(s->flags&AVFMT_FLAG_PRIV_OPT) && s->iformat->read_header) if ((ret = s->iformat->read_header(s)) < 0) From 6011b806dd5d608a52df9cb1956e1dd099058687 Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Sat, 21 Jun 2014 19:35:06 +0200 Subject: [PATCH 274/452] Show duration for large asf files as written in the file header. Fixes ticket #3428. (cherry picked from commit e3fd263f0b73e4425192d6dd1ab18027ecaa35db) --- libavformat/asfdec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c index de42b45a8e..7c7105a9cb 100644 --- a/libavformat/asfdec.c +++ b/libavformat/asfdec.c @@ -378,7 +378,8 @@ static int asf_read_stream_properties(AVFormatContext *s, int64_t size) if (!(asf->hdr.flags & 0x01)) { // if we aren't streaming... int64_t fsize = avio_size(pb); - if (fsize <= 0 || (int64_t)asf->hdr.file_size <= 0 || FFABS(fsize - (int64_t)asf->hdr.file_size) < 10000) + if (fsize <= 0 || (int64_t)asf->hdr.file_size <= 0 || + FFABS(fsize - (int64_t)asf->hdr.file_size) / (float)FFMIN(fsize, asf->hdr.file_size) < 0.05) st->duration = asf->hdr.play_time / (10000000 / 1000) - start_time; } From 1be06c853182f9b691efe8df5ab3653d54cdd5b9 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 24 Mar 2014 05:01:32 +0100 Subject: [PATCH 275/452] swscale/swscale: fix integer overflow Should fix fate failure with clang ftrapv Signed-off-by: Michael Niedermayer (cherry picked from commit c9c0451224fd7bc38b4e135e99f114f80c1ae67f) Signed-off-by: Michael Niedermayer --- libswscale/swscale.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libswscale/swscale.c b/libswscale/swscale.c index bb908191dc..bff610d709 100644 --- a/libswscale/swscale.c +++ b/libswscale/swscale.c @@ -208,8 +208,9 @@ static void lumRangeToJpeg16_c(int16_t *_dst, int width) { int i; int32_t *dst = (int32_t *) _dst; - for (i = 0; i < width; i++) - dst[i] = (FFMIN(dst[i], 30189 << 4) * 4769 - (39057361 << 2)) >> 12; + for (i = 0; i < width; i++) { + dst[i] = ((int)(FFMIN(dst[i], 30189 << 4) * 4769U - (39057361 << 2))) >> 12; + } } static void lumRangeFromJpeg16_c(int16_t *_dst, int width) From 92ca3578bf405ed4c0e742c653e016258648fda9 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 25 Mar 2014 00:15:52 +0100 Subject: [PATCH 276/452] avcodec/x86/mpegvideoenc_template: fix integer overflow Signed-off-by: Michael Niedermayer --- libavcodec/x86/mpegvideoenc_template.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/x86/mpegvideoenc_template.c b/libavcodec/x86/mpegvideoenc_template.c index 1e0505ea3c..b0ba234d4b 100644 --- a/libavcodec/x86/mpegvideoenc_template.c +++ b/libavcodec/x86/mpegvideoenc_template.c @@ -216,7 +216,7 @@ static int RENAME(dct_quantize)(MpegEncContext *s, "psubusw "MM"1, "MM"4 \n\t" "packuswb "MM"4, "MM"4 \n\t" #if COMPILE_TEMPLATE_SSE2 - "packuswb "MM"4, "MM"4 \n\t" + "packsswb "MM"4, "MM"4 \n\t" #endif "movd "MM"4, %0 \n\t" // *overflow : "=g" (*overflow) From 2af3a04164535984953b04b99454b58fe6ed4580 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 26 Mar 2014 18:09:23 +0100 Subject: [PATCH 277/452] avcodec/h264_mp4toannexb_bsf: prepend global headers before any in stream parameter sets Fixes h264_mp4toannexb_bsf_failure.mkv Signed-off-by: Michael Niedermayer (cherry picked from commit 289b149cecb381522cc9ccdf382825330169c655) Signed-off-by: Michael Niedermayer --- libavcodec/h264_mp4toannexb_bsf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h264_mp4toannexb_bsf.c b/libavcodec/h264_mp4toannexb_bsf.c index 2dea93301a..f9c3621d3f 100644 --- a/libavcodec/h264_mp4toannexb_bsf.c +++ b/libavcodec/h264_mp4toannexb_bsf.c @@ -154,7 +154,7 @@ pps: goto fail; /* prepend only to the first type 5 NAL unit of an IDR picture */ - if (ctx->first_idr && unit_type == 5) { + if (ctx->first_idr && (unit_type == 5 || unit_type == 7 || unit_type == 8)) { if ((ret=alloc_and_copy(poutbuf, poutbuf_size, avctx->extradata, avctx->extradata_size, buf, nal_size)) < 0) From e897eb108b514b4eb80490a7c17daf1b2d1ef51e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 28 Mar 2014 00:03:38 +0100 Subject: [PATCH 278/452] avcodec/libx264: move where x264opts is applied down so it isnt overridden by avctx & defaults fixes x264opts opengop=1 Signed-off-by: Michael Niedermayer (cherry picked from commit 64b79141bdfdffaa9fda69eecce140473d0a9a18) Signed-off-by: Michael Niedermayer --- libavcodec/libx264.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/libavcodec/libx264.c b/libavcodec/libx264.c index 7e8fa65818..9157ab36b2 100644 --- a/libavcodec/libx264.c +++ b/libavcodec/libx264.c @@ -343,19 +343,6 @@ static av_cold int X264_init(AVCodecContext *avctx) OPT_STR("level", x4->level); - if(x4->x264opts){ - const char *p= x4->x264opts; - while(p){ - char param[256]={0}, val[256]={0}; - if(sscanf(p, "%255[^:=]=%255[^:]", param, val) == 1){ - OPT_STR(param, "1"); - }else - OPT_STR(param, val); - p= strchr(p, ':'); - p+=!!p; - } - } - if (avctx->i_quant_factor > 0) x4->params.rc.f_ip_factor = 1 / fabs(avctx->i_quant_factor); @@ -525,6 +512,19 @@ static av_cold int X264_init(AVCodecContext *avctx) if (avctx->flags & CODEC_FLAG_GLOBAL_HEADER) x4->params.b_repeat_headers = 0; + if(x4->x264opts){ + const char *p= x4->x264opts; + while(p){ + char param[256]={0}, val[256]={0}; + if(sscanf(p, "%255[^:=]=%255[^:]", param, val) == 1){ + OPT_STR(param, "1"); + }else + OPT_STR(param, val); + p= strchr(p, ':'); + p+=!!p; + } + } + if (x4->x264_params) { AVDictionary *dict = NULL; AVDictionaryEntry *en = NULL; From 8f7ebb88b8168de4e95e2c77cc57486d1d879804 Mon Sep 17 00:00:00 2001 From: Lukasz Marek Date: Fri, 4 Apr 2014 19:28:45 +0200 Subject: [PATCH 279/452] lavu/opt: validate range before dereference This change make error handling simplier. av_opt_freep_ranges may be called when some ranges are NULL, for example after memory allocation fail. Signed-off-by: Lukasz Marek Signed-off-by: Michael Niedermayer (cherry picked from commit 3aac5fcfa9d3748659d78ab2a66d0ccce22cfd4f) Signed-off-by: Michael Niedermayer --- libavutil/opt.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libavutil/opt.c b/libavutil/opt.c index eeb72fd8a7..4100d028c1 100644 --- a/libavutil/opt.c +++ b/libavutil/opt.c @@ -1291,8 +1291,10 @@ void av_opt_freep_ranges(AVOptionRanges **rangesp) for (i = 0; i < ranges->nb_ranges; i++) { AVOptionRange *range = ranges->range[i]; - av_freep(&range->str); - av_freep(&ranges->range[i]); + if (range) { + av_freep(&range->str); + av_freep(&ranges->range[i]); + } } av_freep(&ranges->range); av_freep(rangesp); From e5546d48717f59d630102ddbff413c06f6c0ea54 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 5 Apr 2014 21:34:03 +0200 Subject: [PATCH 280/452] avcodec/wma: use av_freep(), do not leave stale pointers in memory Signed-off-by: Michael Niedermayer (cherry picked from commit d167faafe9dfa0b82bebb267c3c4e5fa5286bd67) Signed-off-by: Michael Niedermayer --- libavcodec/wma.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavcodec/wma.c b/libavcodec/wma.c index e704223f1e..5888363ac9 100644 --- a/libavcodec/wma.c +++ b/libavcodec/wma.c @@ -385,9 +385,9 @@ int ff_wma_end(AVCodecContext *avctx) } for (i = 0; i < 2; i++) { ff_free_vlc(&s->coef_vlc[i]); - av_free(s->run_table[i]); - av_free(s->level_table[i]); - av_free(s->int_table[i]); + av_freep(&s->run_table[i]); + av_freep(&s->level_table[i]); + av_freep(&s->int_table[i]); } #if FF_API_OLD_ENCODE_AUDIO From a61998e4f4e1af2d10856ac99f0f8e7a3d56b4d6 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 6 Apr 2014 04:01:24 +0200 Subject: [PATCH 281/452] avcodec/msrle: check return code for success before use The check is possibly redundant, but better to check for errors that dont occur than to skip the check and crash Fixes CID1197060 Signed-off-by: Michael Niedermayer (cherry picked from commit 754f84663e8b3a88fa2e953b195d59230393fb8d) Signed-off-by: Michael Niedermayer --- libavcodec/msrle.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/msrle.c b/libavcodec/msrle.c index a836e33cbe..c1498b544d 100644 --- a/libavcodec/msrle.c +++ b/libavcodec/msrle.c @@ -118,6 +118,9 @@ static int msrle_decode_frame(AVCodecContext *avctx, uint8_t *buf = avpkt->data + (avctx->height-1)*istride; int i, j; + if (linesize < 0) + return linesize; + for (i = 0; i < avctx->height; i++) { if (avctx->bits_per_coded_sample == 4) { for (j = 0; j < avctx->width - 1; j += 2) { From ce959040135de0536b875d4faf369a25d542ea65 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 8 Apr 2014 00:19:07 +0200 Subject: [PATCH 282/452] swresample/resample: Limit filter length Related to CID1197063 The limit choosen is arbitrary and much larger than what makes sense. It avoids the need for checking arithmetic operations with the length for overflow Signed-off-by: Michael Niedermayer (cherry picked from commit f9158b01d0f3effb58e87fb07db0382bc1e47de5) Signed-off-by: Michael Niedermayer --- libswresample/resample.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libswresample/resample.c b/libswresample/resample.c index fb9da7c354..1288d9fe1f 100644 --- a/libswresample/resample.c +++ b/libswresample/resample.c @@ -229,6 +229,11 @@ static ResampleContext *resample_init(ResampleContext *c, int out_rate, int in_r av_assert0(0); } + if (filter_size/factor > INT32_MAX/256) { + av_log(NULL, AV_LOG_ERROR, "Filter length too large\n"); + goto error; + } + c->phase_shift = phase_shift; c->phase_mask = phase_count - 1; c->linear = linear; From fe97363c38a9e264cb56d1fb8d57f384e67bde05 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 8 Apr 2014 00:29:06 +0200 Subject: [PATCH 283/452] swresample/dither: use av_malloc_array() Signed-off-by: Michael Niedermayer (cherry picked from commit a5290cb1ac047851563da7aca06569e3ada55f79) Signed-off-by: Michael Niedermayer --- libswresample/dither.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libswresample/dither.c b/libswresample/dither.c index d0193dda46..ce8581cfe7 100644 --- a/libswresample/dither.c +++ b/libswresample/dither.c @@ -26,7 +26,7 @@ void swri_get_dither(SwrContext *s, void *dst, int len, unsigned seed, enum AVSampleFormat noise_fmt) { double scale = s->dither.noise_scale; #define TMP_EXTRA 2 - double *tmp = av_malloc((len + TMP_EXTRA) * sizeof(double)); + double *tmp = av_malloc_array(len + TMP_EXTRA, sizeof(double)); int i; for(i=0; i Date: Tue, 8 Apr 2014 00:29:26 +0200 Subject: [PATCH 284/452] swresample/resample: use av_malloc_array() where appropriate Signed-off-by: Michael Niedermayer (cherry picked from commit 5027f39712fdce25b9008e72d52e5abfeefd5fe6) Signed-off-by: Michael Niedermayer --- libswresample/resample.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libswresample/resample.c b/libswresample/resample.c index 1288d9fe1f..93c86aa6bd 100644 --- a/libswresample/resample.c +++ b/libswresample/resample.c @@ -95,7 +95,7 @@ static int build_filter(ResampleContext *c, void *filter, double factor, int tap int filter_type, int kaiser_beta){ int ph, i; double x, y, w; - double *tab = av_malloc(tap_count * sizeof(*tab)); + double *tab = av_malloc_array(tap_count, sizeof(*tab)); const int center= (tap_count-1)/2; if (!tab) From 4af56488c86e326f13ec4c786e57396b005eccf2 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 8 Apr 2014 18:12:12 +0200 Subject: [PATCH 285/452] swscale/x86/swscale_template: loose hardcoded dstw_offset Signed-off-by: Michael Niedermayer (cherry picked from commit f6759d9ad4a8b71e6f212ca4f1e7da9fa56d3298) Signed-off-by: Michael Niedermayer --- libswscale/x86/swscale_template.c | 78 +++++++++++++++---------------- 1 file changed, 37 insertions(+), 41 deletions(-) diff --git a/libswscale/x86/swscale_template.c b/libswscale/x86/swscale_template.c index f2567c1d8b..98a3dc880a 100644 --- a/libswscale/x86/swscale_template.c +++ b/libswscale/x86/swscale_template.c @@ -332,7 +332,7 @@ static void RENAME(yuv2yuvX)(const int16_t *filter, int filterSize, MOVNTQ( q3, 24(dst, index, 4))\ \ "add $8, "#index" \n\t"\ - "cmp "#dstw", "#index" \n\t"\ + "cmp "dstw", "#index" \n\t"\ " jb 1b \n\t" #define WRITEBGR32(dst, dstw, index, b, g, r, a, q0, q2, q3, t) REAL_WRITEBGR32(dst, dstw, index, b, g, r, a, q0, q2, q3, t) @@ -358,13 +358,13 @@ static void RENAME(yuv2rgb32_X_ar)(SwsContext *c, const int16_t *lumFilter, "psraw $3, %%mm1 \n\t" "psraw $3, %%mm7 \n\t" "packuswb %%mm7, %%mm1 \n\t" - WRITEBGR32(%4, %5, %%REGa, %%mm3, %%mm4, %%mm5, %%mm1, %%mm0, %%mm7, %%mm2, %%mm6) + WRITEBGR32(%4, "%5", %%REGa, %%mm3, %%mm4, %%mm5, %%mm1, %%mm0, %%mm7, %%mm2, %%mm6) YSCALEYUV2PACKEDX_END } else { YSCALEYUV2PACKEDX_ACCURATE YSCALEYUV2RGBX "pcmpeqd %%mm7, %%mm7 \n\t" - WRITEBGR32(%4, %5, %%REGa, %%mm2, %%mm4, %%mm5, %%mm7, %%mm0, %%mm1, %%mm3, %%mm6) + WRITEBGR32(%4, "%5", %%REGa, %%mm2, %%mm4, %%mm5, %%mm7, %%mm0, %%mm1, %%mm3, %%mm6) YSCALEYUV2PACKEDX_END } } @@ -387,13 +387,13 @@ static void RENAME(yuv2rgb32_X)(SwsContext *c, const int16_t *lumFilter, "psraw $3, %%mm1 \n\t" "psraw $3, %%mm7 \n\t" "packuswb %%mm7, %%mm1 \n\t" - WRITEBGR32(%4, %5, %%REGa, %%mm2, %%mm4, %%mm5, %%mm1, %%mm0, %%mm7, %%mm3, %%mm6) + WRITEBGR32(%4, "%5", %%REGa, %%mm2, %%mm4, %%mm5, %%mm1, %%mm0, %%mm7, %%mm3, %%mm6) YSCALEYUV2PACKEDX_END } else { YSCALEYUV2PACKEDX YSCALEYUV2RGBX "pcmpeqd %%mm7, %%mm7 \n\t" - WRITEBGR32(%4, %5, %%REGa, %%mm2, %%mm4, %%mm5, %%mm7, %%mm0, %%mm1, %%mm3, %%mm6) + WRITEBGR32(%4, "%5", %%REGa, %%mm2, %%mm4, %%mm5, %%mm7, %%mm0, %%mm1, %%mm3, %%mm6) YSCALEYUV2PACKEDX_END } } @@ -422,7 +422,7 @@ static void RENAME(yuv2rgb32_X)(SwsContext *c, const int16_t *lumFilter, MOVNTQ(%%mm1, 8(dst, index, 2))\ \ "add $8, "#index" \n\t"\ - "cmp "#dstw", "#index" \n\t"\ + "cmp "dstw", "#index" \n\t"\ " jb 1b \n\t" #define WRITERGB16(dst, dstw, index) REAL_WRITERGB16(dst, dstw, index) @@ -446,7 +446,7 @@ static void RENAME(yuv2rgb565_X_ar)(SwsContext *c, const int16_t *lumFilter, "paddusb "GREEN_DITHER"(%0), %%mm4\n\t" "paddusb "RED_DITHER"(%0), %%mm5\n\t" #endif - WRITERGB16(%4, %5, %%REGa) + WRITERGB16(%4, "%5", %%REGa) YSCALEYUV2PACKEDX_END } @@ -470,7 +470,7 @@ static void RENAME(yuv2rgb565_X)(SwsContext *c, const int16_t *lumFilter, "paddusb "GREEN_DITHER"(%0), %%mm4 \n\t" "paddusb "RED_DITHER"(%0), %%mm5 \n\t" #endif - WRITERGB16(%4, %5, %%REGa) + WRITERGB16(%4, "%5", %%REGa) YSCALEYUV2PACKEDX_END } @@ -499,7 +499,7 @@ static void RENAME(yuv2rgb565_X)(SwsContext *c, const int16_t *lumFilter, MOVNTQ(%%mm1, 8(dst, index, 2))\ \ "add $8, "#index" \n\t"\ - "cmp "#dstw", "#index" \n\t"\ + "cmp "dstw", "#index" \n\t"\ " jb 1b \n\t" #define WRITERGB15(dst, dstw, index) REAL_WRITERGB15(dst, dstw, index) @@ -523,7 +523,7 @@ static void RENAME(yuv2rgb555_X_ar)(SwsContext *c, const int16_t *lumFilter, "paddusb "GREEN_DITHER"(%0), %%mm4\n\t" "paddusb "RED_DITHER"(%0), %%mm5\n\t" #endif - WRITERGB15(%4, %5, %%REGa) + WRITERGB15(%4, "%5", %%REGa) YSCALEYUV2PACKEDX_END } @@ -547,7 +547,7 @@ static void RENAME(yuv2rgb555_X)(SwsContext *c, const int16_t *lumFilter, "paddusb "GREEN_DITHER"(%0), %%mm4 \n\t" "paddusb "RED_DITHER"(%0), %%mm5 \n\t" #endif - WRITERGB15(%4, %5, %%REGa) + WRITERGB15(%4, "%5", %%REGa) YSCALEYUV2PACKEDX_END } @@ -601,7 +601,7 @@ static void RENAME(yuv2rgb555_X)(SwsContext *c, const int16_t *lumFilter, "add $24, "#dst" \n\t"\ \ "add $8, "#index" \n\t"\ - "cmp "#dstw", "#index" \n\t"\ + "cmp "dstw", "#index" \n\t"\ " jb 1b \n\t" #define WRITEBGR24MMXEXT(dst, dstw, index) \ @@ -649,7 +649,7 @@ static void RENAME(yuv2rgb555_X)(SwsContext *c, const int16_t *lumFilter, "add $24, "#dst" \n\t"\ \ "add $8, "#index" \n\t"\ - "cmp "#dstw", "#index" \n\t"\ + "cmp "dstw", "#index" \n\t"\ " jb 1b \n\t" #if COMPILE_TEMPLATE_MMXEXT @@ -676,7 +676,7 @@ static void RENAME(yuv2bgr24_X_ar)(SwsContext *c, const int16_t *lumFilter, "pxor %%mm7, %%mm7 \n\t" "lea (%%"REG_a", %%"REG_a", 2), %%"REG_c"\n\t" //FIXME optimize "add %4, %%"REG_c" \n\t" - WRITEBGR24(%%REGc, %5, %%REGa) + WRITEBGR24(%%REGc, "%5", %%REGa) :: "r" (&c->redDither), "m" (dummy), "m" (dummy), "m" (dummy), "r" (dest), "m" (dstW_reg), "m"(uv_off) @@ -700,7 +700,7 @@ static void RENAME(yuv2bgr24_X)(SwsContext *c, const int16_t *lumFilter, "pxor %%mm7, %%mm7 \n\t" "lea (%%"REG_a", %%"REG_a", 2), %%"REG_c" \n\t" //FIXME optimize "add %4, %%"REG_c" \n\t" - WRITEBGR24(%%REGc, %5, %%REGa) + WRITEBGR24(%%REGc, "%5", %%REGa) :: "r" (&c->redDither), "m" (dummy), "m" (dummy), "m" (dummy), "r" (dest), "m" (dstW_reg), "m"(uv_off) @@ -721,7 +721,7 @@ static void RENAME(yuv2bgr24_X)(SwsContext *c, const int16_t *lumFilter, MOVNTQ(%%mm7, 8(dst, index, 2))\ \ "add $8, "#index" \n\t"\ - "cmp "#dstw", "#index" \n\t"\ + "cmp "dstw", "#index" \n\t"\ " jb 1b \n\t" #define WRITEYUY2(dst, dstw, index) REAL_WRITEYUY2(dst, dstw, index) @@ -742,7 +742,7 @@ static void RENAME(yuv2yuyv422_X_ar)(SwsContext *c, const int16_t *lumFilter, "psraw $3, %%mm4 \n\t" "psraw $3, %%mm1 \n\t" "psraw $3, %%mm7 \n\t" - WRITEYUY2(%4, %5, %%REGa) + WRITEYUY2(%4, "%5", %%REGa) YSCALEYUV2PACKEDX_END } @@ -763,7 +763,7 @@ static void RENAME(yuv2yuyv422_X)(SwsContext *c, const int16_t *lumFilter, "psraw $3, %%mm4 \n\t" "psraw $3, %%mm1 \n\t" "psraw $3, %%mm7 \n\t" - WRITEYUY2(%4, %5, %%REGa) + WRITEYUY2(%4, "%5", %%REGa) YSCALEYUV2PACKEDX_END } @@ -864,7 +864,7 @@ static void RENAME(yuv2rgb32_2)(SwsContext *c, const int16_t *buf[2], "psraw $3, %%mm1 \n\t" /* abuf0[eax] - abuf1[eax] >>7*/ "psraw $3, %%mm7 \n\t" /* abuf0[eax] - abuf1[eax] >>7*/ "packuswb %%mm7, %%mm1 \n\t" - WRITEBGR32(%4, 8280(%5), %%r8, %%mm2, %%mm4, %%mm5, %%mm1, %%mm0, %%mm7, %%mm3, %%mm6) + WRITEBGR32(%4, DSTW_OFFSET"(%5)", %%r8, %%mm2, %%mm4, %%mm5, %%mm1, %%mm0, %%mm7, %%mm3, %%mm6) :: "c" (buf0), "d" (buf1), "S" (ubuf0), "D" (ubuf1), "r" (dest), "a" (&c->redDither), "r" (abuf0), "r" (abuf1) @@ -888,7 +888,7 @@ static void RENAME(yuv2rgb32_2)(SwsContext *c, const int16_t *buf[2], "packuswb %%mm7, %%mm1 \n\t" "pop %1 \n\t" "pop %0 \n\t" - WRITEBGR32(%%REGb, 8280(%5), %%REGBP, %%mm2, %%mm4, %%mm5, %%mm1, %%mm0, %%mm7, %%mm3, %%mm6) + WRITEBGR32(%%REGb, DSTW_OFFSET"(%5)", %%REGBP, %%mm2, %%mm4, %%mm5, %%mm1, %%mm0, %%mm7, %%mm3, %%mm6) "pop %%"REG_BP" \n\t" "mov "ESP_OFFSET"(%5), %%"REG_b" \n\t" :: "c" (buf0), "d" (buf1), "S" (ubuf0), "D" (ubuf1), "m" (dest), @@ -902,7 +902,7 @@ static void RENAME(yuv2rgb32_2)(SwsContext *c, const int16_t *buf[2], "push %%"REG_BP" \n\t" YSCALEYUV2RGB(%%REGBP, %5) "pcmpeqd %%mm7, %%mm7 \n\t" - WRITEBGR32(%%REGb, 8280(%5), %%REGBP, %%mm2, %%mm4, %%mm5, %%mm7, %%mm0, %%mm1, %%mm3, %%mm6) + WRITEBGR32(%%REGb, DSTW_OFFSET"(%5)", %%REGBP, %%mm2, %%mm4, %%mm5, %%mm7, %%mm0, %%mm1, %%mm3, %%mm6) "pop %%"REG_BP" \n\t" "mov "ESP_OFFSET"(%5), %%"REG_b" \n\t" :: "c" (buf0), "d" (buf1), "S" (ubuf0), "D" (ubuf1), "m" (dest), @@ -919,14 +919,13 @@ static void RENAME(yuv2bgr24_2)(SwsContext *c, const int16_t *buf[2], const int16_t *buf0 = buf[0], *buf1 = buf[1], *ubuf0 = ubuf[0], *ubuf1 = ubuf[1]; - //Note 8280 == DSTW_OFFSET but the preprocessor can't handle that there :( __asm__ volatile( "mov %%"REG_b", "ESP_OFFSET"(%5) \n\t" "mov %4, %%"REG_b" \n\t" "push %%"REG_BP" \n\t" YSCALEYUV2RGB(%%REGBP, %5) "pxor %%mm7, %%mm7 \n\t" - WRITEBGR24(%%REGb, 8280(%5), %%REGBP) + WRITEBGR24(%%REGb, DSTW_OFFSET"(%5)", %%REGBP) "pop %%"REG_BP" \n\t" "mov "ESP_OFFSET"(%5), %%"REG_b" \n\t" :: "c" (buf0), "d" (buf1), "S" (ubuf0), "D" (ubuf1), "m" (dest), @@ -942,7 +941,6 @@ static void RENAME(yuv2rgb555_2)(SwsContext *c, const int16_t *buf[2], const int16_t *buf0 = buf[0], *buf1 = buf[1], *ubuf0 = ubuf[0], *ubuf1 = ubuf[1]; - //Note 8280 == DSTW_OFFSET but the preprocessor can't handle that there :( __asm__ volatile( "mov %%"REG_b", "ESP_OFFSET"(%5) \n\t" "mov %4, %%"REG_b" \n\t" @@ -955,7 +953,7 @@ static void RENAME(yuv2rgb555_2)(SwsContext *c, const int16_t *buf[2], "paddusb "GREEN_DITHER"(%5), %%mm4 \n\t" "paddusb "RED_DITHER"(%5), %%mm5 \n\t" #endif - WRITERGB15(%%REGb, 8280(%5), %%REGBP) + WRITERGB15(%%REGb, DSTW_OFFSET"(%5)", %%REGBP) "pop %%"REG_BP" \n\t" "mov "ESP_OFFSET"(%5), %%"REG_b" \n\t" :: "c" (buf0), "d" (buf1), "S" (ubuf0), "D" (ubuf1), "m" (dest), @@ -971,7 +969,6 @@ static void RENAME(yuv2rgb565_2)(SwsContext *c, const int16_t *buf[2], const int16_t *buf0 = buf[0], *buf1 = buf[1], *ubuf0 = ubuf[0], *ubuf1 = ubuf[1]; - //Note 8280 == DSTW_OFFSET but the preprocessor can't handle that there :( __asm__ volatile( "mov %%"REG_b", "ESP_OFFSET"(%5) \n\t" "mov %4, %%"REG_b" \n\t" @@ -984,7 +981,7 @@ static void RENAME(yuv2rgb565_2)(SwsContext *c, const int16_t *buf[2], "paddusb "GREEN_DITHER"(%5), %%mm4 \n\t" "paddusb "RED_DITHER"(%5), %%mm5 \n\t" #endif - WRITERGB16(%%REGb, 8280(%5), %%REGBP) + WRITERGB16(%%REGb, DSTW_OFFSET"(%5)", %%REGBP) "pop %%"REG_BP" \n\t" "mov "ESP_OFFSET"(%5), %%"REG_b" \n\t" :: "c" (buf0), "d" (buf1), "S" (ubuf0), "D" (ubuf1), "m" (dest), @@ -1040,13 +1037,12 @@ static void RENAME(yuv2yuyv422_2)(SwsContext *c, const int16_t *buf[2], const int16_t *buf0 = buf[0], *buf1 = buf[1], *ubuf0 = ubuf[0], *ubuf1 = ubuf[1]; - //Note 8280 == DSTW_OFFSET but the preprocessor can't handle that there :( __asm__ volatile( "mov %%"REG_b", "ESP_OFFSET"(%5) \n\t" "mov %4, %%"REG_b" \n\t" "push %%"REG_BP" \n\t" YSCALEYUV2PACKED(%%REGBP, %5) - WRITEYUY2(%%REGb, 8280(%5), %%REGBP) + WRITEYUY2(%%REGb, DSTW_OFFSET"(%5)", %%REGBP) "pop %%"REG_BP" \n\t" "mov "ESP_OFFSET"(%5), %%"REG_b" \n\t" :: "c" (buf0), "d" (buf1), "S" (ubuf0), "D" (ubuf1), "m" (dest), @@ -1189,7 +1185,7 @@ static void RENAME(yuv2rgb32_1)(SwsContext *c, const int16_t *buf0, "push %%"REG_BP" \n\t" YSCALEYUV2RGB1(%%REGBP, %5) YSCALEYUV2RGB1_ALPHA(%%REGBP) - WRITEBGR32(%%REGb, 8280(%5), %%REGBP, %%mm2, %%mm4, %%mm5, %%mm7, %%mm0, %%mm1, %%mm3, %%mm6) + WRITEBGR32(%%REGb, DSTW_OFFSET"(%5)", %%REGBP, %%mm2, %%mm4, %%mm5, %%mm7, %%mm0, %%mm1, %%mm3, %%mm6) "pop %%"REG_BP" \n\t" "mov "ESP_OFFSET"(%5), %%"REG_b" \n\t" :: "c" (buf0), "d" (abuf0), "S" (ubuf0), "D" (ubuf1), "m" (dest), @@ -1202,7 +1198,7 @@ static void RENAME(yuv2rgb32_1)(SwsContext *c, const int16_t *buf0, "push %%"REG_BP" \n\t" YSCALEYUV2RGB1(%%REGBP, %5) "pcmpeqd %%mm7, %%mm7 \n\t" - WRITEBGR32(%%REGb, 8280(%5), %%REGBP, %%mm2, %%mm4, %%mm5, %%mm7, %%mm0, %%mm1, %%mm3, %%mm6) + WRITEBGR32(%%REGb, DSTW_OFFSET"(%5)", %%REGBP, %%mm2, %%mm4, %%mm5, %%mm7, %%mm0, %%mm1, %%mm3, %%mm6) "pop %%"REG_BP" \n\t" "mov "ESP_OFFSET"(%5), %%"REG_b" \n\t" :: "c" (buf0), "d" (buf1), "S" (ubuf0), "D" (ubuf1), "m" (dest), @@ -1218,7 +1214,7 @@ static void RENAME(yuv2rgb32_1)(SwsContext *c, const int16_t *buf0, "push %%"REG_BP" \n\t" YSCALEYUV2RGB1b(%%REGBP, %5) YSCALEYUV2RGB1_ALPHA(%%REGBP) - WRITEBGR32(%%REGb, 8280(%5), %%REGBP, %%mm2, %%mm4, %%mm5, %%mm7, %%mm0, %%mm1, %%mm3, %%mm6) + WRITEBGR32(%%REGb, DSTW_OFFSET"(%5)", %%REGBP, %%mm2, %%mm4, %%mm5, %%mm7, %%mm0, %%mm1, %%mm3, %%mm6) "pop %%"REG_BP" \n\t" "mov "ESP_OFFSET"(%5), %%"REG_b" \n\t" :: "c" (buf0), "d" (abuf0), "S" (ubuf0), "D" (ubuf1), "m" (dest), @@ -1231,7 +1227,7 @@ static void RENAME(yuv2rgb32_1)(SwsContext *c, const int16_t *buf0, "push %%"REG_BP" \n\t" YSCALEYUV2RGB1b(%%REGBP, %5) "pcmpeqd %%mm7, %%mm7 \n\t" - WRITEBGR32(%%REGb, 8280(%5), %%REGBP, %%mm2, %%mm4, %%mm5, %%mm7, %%mm0, %%mm1, %%mm3, %%mm6) + WRITEBGR32(%%REGb, DSTW_OFFSET"(%5)", %%REGBP, %%mm2, %%mm4, %%mm5, %%mm7, %%mm0, %%mm1, %%mm3, %%mm6) "pop %%"REG_BP" \n\t" "mov "ESP_OFFSET"(%5), %%"REG_b" \n\t" :: "c" (buf0), "d" (buf1), "S" (ubuf0), "D" (ubuf1), "m" (dest), @@ -1257,7 +1253,7 @@ static void RENAME(yuv2bgr24_1)(SwsContext *c, const int16_t *buf0, "push %%"REG_BP" \n\t" YSCALEYUV2RGB1(%%REGBP, %5) "pxor %%mm7, %%mm7 \n\t" - WRITEBGR24(%%REGb, 8280(%5), %%REGBP) + WRITEBGR24(%%REGb, DSTW_OFFSET"(%5)", %%REGBP) "pop %%"REG_BP" \n\t" "mov "ESP_OFFSET"(%5), %%"REG_b" \n\t" :: "c" (buf0), "d" (buf1), "S" (ubuf0), "D" (ubuf1), "m" (dest), @@ -1271,7 +1267,7 @@ static void RENAME(yuv2bgr24_1)(SwsContext *c, const int16_t *buf0, "push %%"REG_BP" \n\t" YSCALEYUV2RGB1b(%%REGBP, %5) "pxor %%mm7, %%mm7 \n\t" - WRITEBGR24(%%REGb, 8280(%5), %%REGBP) + WRITEBGR24(%%REGb, DSTW_OFFSET"(%5)", %%REGBP) "pop %%"REG_BP" \n\t" "mov "ESP_OFFSET"(%5), %%"REG_b" \n\t" :: "c" (buf0), "d" (buf1), "S" (ubuf0), "D" (ubuf1), "m" (dest), @@ -1302,7 +1298,7 @@ static void RENAME(yuv2rgb555_1)(SwsContext *c, const int16_t *buf0, "paddusb "GREEN_DITHER"(%5), %%mm4 \n\t" "paddusb "RED_DITHER"(%5), %%mm5 \n\t" #endif - WRITERGB15(%%REGb, 8280(%5), %%REGBP) + WRITERGB15(%%REGb, DSTW_OFFSET"(%5)", %%REGBP) "pop %%"REG_BP" \n\t" "mov "ESP_OFFSET"(%5), %%"REG_b" \n\t" :: "c" (buf0), "d" (buf1), "S" (ubuf0), "D" (ubuf1), "m" (dest), @@ -1322,7 +1318,7 @@ static void RENAME(yuv2rgb555_1)(SwsContext *c, const int16_t *buf0, "paddusb "GREEN_DITHER"(%5), %%mm4 \n\t" "paddusb "RED_DITHER"(%5), %%mm5 \n\t" #endif - WRITERGB15(%%REGb, 8280(%5), %%REGBP) + WRITERGB15(%%REGb, DSTW_OFFSET"(%5)", %%REGBP) "pop %%"REG_BP" \n\t" "mov "ESP_OFFSET"(%5), %%"REG_b" \n\t" :: "c" (buf0), "d" (buf1), "S" (ubuf0), "D" (ubuf1), "m" (dest), @@ -1353,7 +1349,7 @@ static void RENAME(yuv2rgb565_1)(SwsContext *c, const int16_t *buf0, "paddusb "GREEN_DITHER"(%5), %%mm4 \n\t" "paddusb "RED_DITHER"(%5), %%mm5 \n\t" #endif - WRITERGB16(%%REGb, 8280(%5), %%REGBP) + WRITERGB16(%%REGb, DSTW_OFFSET"(%5)", %%REGBP) "pop %%"REG_BP" \n\t" "mov "ESP_OFFSET"(%5), %%"REG_b" \n\t" :: "c" (buf0), "d" (buf1), "S" (ubuf0), "D" (ubuf1), "m" (dest), @@ -1373,7 +1369,7 @@ static void RENAME(yuv2rgb565_1)(SwsContext *c, const int16_t *buf0, "paddusb "GREEN_DITHER"(%5), %%mm4 \n\t" "paddusb "RED_DITHER"(%5), %%mm5 \n\t" #endif - WRITERGB16(%%REGb, 8280(%5), %%REGBP) + WRITERGB16(%%REGb, DSTW_OFFSET"(%5)", %%REGBP) "pop %%"REG_BP" \n\t" "mov "ESP_OFFSET"(%5), %%"REG_b" \n\t" :: "c" (buf0), "d" (buf1), "S" (ubuf0), "D" (ubuf1), "m" (dest), @@ -1434,7 +1430,7 @@ static void RENAME(yuv2yuyv422_1)(SwsContext *c, const int16_t *buf0, "mov %4, %%"REG_b" \n\t" "push %%"REG_BP" \n\t" YSCALEYUV2PACKED1(%%REGBP, %5) - WRITEYUY2(%%REGb, 8280(%5), %%REGBP) + WRITEYUY2(%%REGb, DSTW_OFFSET"(%5)", %%REGBP) "pop %%"REG_BP" \n\t" "mov "ESP_OFFSET"(%5), %%"REG_b" \n\t" :: "c" (buf0), "d" (buf1), "S" (ubuf0), "D" (ubuf1), "m" (dest), @@ -1447,7 +1443,7 @@ static void RENAME(yuv2yuyv422_1)(SwsContext *c, const int16_t *buf0, "mov %4, %%"REG_b" \n\t" "push %%"REG_BP" \n\t" YSCALEYUV2PACKED1b(%%REGBP, %5) - WRITEYUY2(%%REGb, 8280(%5), %%REGBP) + WRITEYUY2(%%REGb, DSTW_OFFSET"(%5)", %%REGBP) "pop %%"REG_BP" \n\t" "mov "ESP_OFFSET"(%5), %%"REG_b" \n\t" :: "c" (buf0), "d" (buf1), "S" (ubuf0), "D" (ubuf1), "m" (dest), From 90cf672d7a497d69fb56acd3873d4d7cfeeb6fc4 Mon Sep 17 00:00:00 2001 From: Anthoine Bourgeois Date: Wed, 9 Apr 2014 12:18:32 +0200 Subject: [PATCH 286/452] avcodec/dirac_arith: Fix build with PIC and stack-check options Fixes Ticket3540 The function dirac_get_arith_bit in libavcodec/dirac_arith.h can't be built with PIC and check-stack because the asm code needs 6 registers and PIC and check-stack options take 1 each and x86 is quite limited in this area. Signed-off-by: Michael Niedermayer (cherry picked from commit d8ab7f31dd819f7b3e0d460a2fa4261aaae87b98) Signed-off-by: Michael Niedermayer --- libavcodec/dirac_arith.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/dirac_arith.h b/libavcodec/dirac_arith.h index f9a8bba5fd..089c71a698 100644 --- a/libavcodec/dirac_arith.h +++ b/libavcodec/dirac_arith.h @@ -28,6 +28,7 @@ #ifndef AVCODEC_DIRAC_ARITH_H #define AVCODEC_DIRAC_ARITH_H +#include "libavutil/x86/asm.h" #include "bytestream.h" #include "get_bits.h" @@ -134,7 +135,7 @@ static inline int dirac_get_arith_bit(DiracArith *c, int ctx) range_times_prob = (c->range * prob_zero) >> 16; -#if HAVE_FAST_CMOV && HAVE_INLINE_ASM +#if HAVE_FAST_CMOV && HAVE_INLINE_ASM && HAVE_6REGS low -= range_times_prob << 16; range -= range_times_prob; bit = 0; From 98fe429ba555dc2e4a6092c972e55e71760839ab Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 14 Apr 2014 17:29:27 +0200 Subject: [PATCH 287/452] avcodec/x86/idct_sse2_xvid: fix non C99 inline function Found-by: Matt Oliver Signed-off-by: Michael Niedermayer (cherry picked from commit 46d5625f44185271862337d61cd246fd569c42a4) Signed-off-by: Michael Niedermayer --- libavcodec/x86/idct_sse2_xvid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/x86/idct_sse2_xvid.c b/libavcodec/x86/idct_sse2_xvid.c index b51466cba0..86c7cf403b 100644 --- a/libavcodec/x86/idct_sse2_xvid.c +++ b/libavcodec/x86/idct_sse2_xvid.c @@ -343,7 +343,7 @@ DECLARE_ASM_CONST(16, int32_t, walkenIdctRounders)[] = { "movdqa %%xmm6, 4*16("dct") \n\t" \ "movdqa "SREG2", 7*16("dct") \n\t" -inline void ff_idct_xvid_sse2(short *block) +av_extern_inline void ff_idct_xvid_sse2(short *block) { __asm__ volatile( "movq "MANGLE(m127)", %%mm0 \n\t" From 71104f7cb0fba6c54a9339756920cb335d199bf8 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 16 Apr 2014 01:55:08 +0200 Subject: [PATCH 288/452] swscale/swscale: fix srcStride/srcSlice typo Fixes part of Ticket3466 Found by: Andrey_Karpov / PVS-Studio Signed-off-by: Michael Niedermayer (cherry picked from commit 14fa7fc6a81d5e59e05243cdc92108eab1b138ac) Signed-off-by: Michael Niedermayer --- libswscale/swscale.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libswscale/swscale.c b/libswscale/swscale.c index bff610d709..5d81a95df0 100644 --- a/libswscale/swscale.c +++ b/libswscale/swscale.c @@ -803,7 +803,7 @@ int attribute_align_arg sws_scale(struct SwsContext *c, uint8_t *dst2[4]; uint8_t *rgb0_tmp = NULL; - if (!srcSlice || !dstStride || !dst || !srcSlice) { + if (!srcStride || !dstStride || !dst || !srcSlice) { av_log(c, AV_LOG_ERROR, "One of the input parameters to sws_scale() is NULL, please check the calling code\n"); return 0; } From 7b38ea4003ed164f1f131ced270fac81ff555c88 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 16 Apr 2014 02:06:37 +0200 Subject: [PATCH 289/452] avcodec/mjpegen: Fix declared argument size Fixes part of Ticket3466 Found-by: Andrey_Karpov / PVS-Studio Signed-off-by: Michael Niedermayer (cherry picked from commit 256f530603ef3838a712a4fcd737b46b7bce455e) Signed-off-by: Michael Niedermayer --- libavcodec/mjpegenc.c | 2 +- libavcodec/mjpegenc.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/mjpegenc.c b/libavcodec/mjpegenc.c index 80a4022c7e..9460d7bd74 100644 --- a/libavcodec/mjpegenc.c +++ b/libavcodec/mjpegenc.c @@ -454,7 +454,7 @@ static void encode_block(MpegEncContext *s, int16_t *block, int n) put_bits(&s->pb, huff_size_ac[0], huff_code_ac[0]); } -void ff_mjpeg_encode_mb(MpegEncContext *s, int16_t block[6][64]) +void ff_mjpeg_encode_mb(MpegEncContext *s, int16_t block[12][64]) { int i; if (s->chroma_format == CHROMA_444) { diff --git a/libavcodec/mjpegenc.h b/libavcodec/mjpegenc.h index ce0c1cce15..041f026bba 100644 --- a/libavcodec/mjpegenc.h +++ b/libavcodec/mjpegenc.h @@ -56,6 +56,6 @@ void ff_mjpeg_encode_picture_trailer(MpegEncContext *s); void ff_mjpeg_encode_stuffing(MpegEncContext *s); void ff_mjpeg_encode_dc(MpegEncContext *s, int val, uint8_t *huff_size, uint16_t *huff_code); -void ff_mjpeg_encode_mb(MpegEncContext *s, int16_t block[6][64]); +void ff_mjpeg_encode_mb(MpegEncContext *s, int16_t block[12][64]); #endif /* AVCODEC_MJPEGENC_H */ From 424b00a30021d800e58dd2a81aab07d49bc86d95 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 16 Apr 2014 02:06:37 +0200 Subject: [PATCH 290/452] avformat/mpegts: Remove redundant check Fixes part of Ticket3466 Found-by: Andrey_Karpov / PVS-Studio Signed-off-by: Michael Niedermayer (cherry picked from commit ff6fa0b4b980fc5b9f7653d7b159ae02c3d95210) Signed-off-by: Michael Niedermayer --- libavformat/mpegts.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mpegts.c b/libavformat/mpegts.c index 216e2f06f6..c2efb53b2c 100644 --- a/libavformat/mpegts.c +++ b/libavformat/mpegts.c @@ -1265,7 +1265,7 @@ static void m4sl_cb(MpegTSFilter *filter, const uint8_t *section, int section_le AVStream *st; if (ts->pids[pid]->es_id != mp4_descr[i].es_id) continue; - if (!(ts->pids[pid] && ts->pids[pid]->type == MPEGTS_PES)) { + if (ts->pids[pid]->type != MPEGTS_PES) { av_log(s, AV_LOG_ERROR, "pid %x is not PES\n", pid); continue; } From 90c7dfb907ee7d9e2d2d1513fc467226e12ebbff Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 16 Apr 2014 02:06:37 +0200 Subject: [PATCH 291/452] avcodec/diracdec: fix undefined behavior with shifts Fixes part of Ticket3466 Found-by: Andrey_Karpov / PVS-Studio Signed-off-by: Michael Niedermayer (cherry picked from commit b8598f6ce61ccda3f2ff0c730b009fb650e42986) Signed-off-by: Michael Niedermayer --- libavcodec/diracdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c index a791e8835a..2ce730dd99 100644 --- a/libavcodec/diracdec.c +++ b/libavcodec/diracdec.c @@ -1343,8 +1343,8 @@ static int mc_subpel(DiracContext *s, DiracBlock *block, const uint8_t *src[5], motion_y >>= s->chroma_y_shift; } - mx = motion_x & ~(-1 << s->mv_precision); - my = motion_y & ~(-1 << s->mv_precision); + mx = motion_x & ~(-1U << s->mv_precision); + my = motion_y & ~(-1U << s->mv_precision); motion_x >>= s->mv_precision; motion_y >>= s->mv_precision; /* normalize subpel coordinates to epel */ From 53c02d04e49591ae128efd94fbc645907ae1b935 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 16 Apr 2014 02:55:13 +0200 Subject: [PATCH 292/452] avcodec/g723_1: add assert to help static code analyzers Signed-off-by: Michael Niedermayer (cherry picked from commit 1457f3fd90e17745791354fbb87899fc4803085a) Signed-off-by: Michael Niedermayer --- libavcodec/g723_1.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/g723_1.c b/libavcodec/g723_1.c index d2cde8a864..7b3ac0a095 100644 --- a/libavcodec/g723_1.c +++ b/libavcodec/g723_1.c @@ -2288,7 +2288,8 @@ static int pack_bitstream(G723_1_Context *p, unsigned char *frame, int size) if (p->cur_rate == RATE_6300) { info_bits = 0; put_bits(&pb, 2, info_bits); - } + }else + av_assert0(0); put_bits(&pb, 8, p->lsp_index[2]); put_bits(&pb, 8, p->lsp_index[1]); From 8d60d8bef228321a86cc62a9a2e0de975dbe78d7 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 16 Apr 2014 02:06:37 +0200 Subject: [PATCH 293/452] avfilter/vf_deshake: fix loss of precission with odd resolutions Fixes part of Ticket3466 Found-by: Andrey_Karpov / PVS-Studio Signed-off-by: Michael Niedermayer (cherry picked from commit 73734282e0e4df92269984ee1671424e39249481) Signed-off-by: Michael Niedermayer --- libavfilter/vf_deshake.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavfilter/vf_deshake.c b/libavfilter/vf_deshake.c index 26f92f4dff..f9e42ac191 100644 --- a/libavfilter/vf_deshake.c +++ b/libavfilter/vf_deshake.c @@ -346,8 +346,8 @@ static void find_motion(DeshakeContext *deshake, uint8_t *src1, uint8_t *src2, //av_log(NULL, AV_LOG_ERROR, "\n"); } - p_x = (center_x - width / 2); - p_y = (center_y - height / 2); + p_x = (center_x - width / 2.0); + p_y = (center_y - height / 2.0); t->vector.x += (cos(t->angle)-1)*p_x - sin(t->angle)*p_y; t->vector.y += sin(t->angle)*p_x + (cos(t->angle)-1)*p_y; From 85b00d798fd13c7f07d94027910d45f0f2a6ba05 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 16 Apr 2014 02:06:37 +0200 Subject: [PATCH 294/452] iavcodec/vc1dec: Fix missing {} Fixes part of Ticket3466 Found-by: Andrey_Karpov / PVS-Studio Signed-off-by: Michael Niedermayer (cherry picked from commit cb53beb81a5b9192c79de401f1e1e13fadddc429) Signed-off-by: Michael Niedermayer --- libavcodec/vc1dec.c | 3 ++- tests/ref/fate/vc1_sa10143 | 28 ++++++++++++++-------------- 2 files changed, 16 insertions(+), 15 deletions(-) diff --git a/libavcodec/vc1dec.c b/libavcodec/vc1dec.c index 2130c74109..2a0d9f497e 100644 --- a/libavcodec/vc1dec.c +++ b/libavcodec/vc1dec.c @@ -1867,9 +1867,10 @@ static void vc1_interp_mc(VC1Context *v) uvmx = (mx + ((mx & 3) == 3)) >> 1; uvmy = (my + ((my & 3) == 3)) >> 1; if (v->field_mode) { - if (v->cur_field_type != v->ref_field_type[1]) + if (v->cur_field_type != v->ref_field_type[1]) { my = my - 2 + 4 * v->cur_field_type; uvmy = uvmy - 2 + 4 * v->cur_field_type; + } } if (v->fastuvmc) { uvmx = uvmx + ((uvmx < 0) ? -(uvmx & 1) : (uvmx & 1)); diff --git a/tests/ref/fate/vc1_sa10143 b/tests/ref/fate/vc1_sa10143 index 6a5137f712..c0ecc3bb9d 100644 --- a/tests/ref/fate/vc1_sa10143 +++ b/tests/ref/fate/vc1_sa10143 @@ -1,31 +1,31 @@ #tb 0: 1/25 0, 0, 0, 1, 518400, 0x89407f55 -0, 2, 2, 1, 518400, 0x8611849c +0, 2, 2, 1, 518400, 0xaa896afd 0, 3, 3, 1, 518400, 0x0e69ff59 -0, 4, 4, 1, 518400, 0xf31adb03 +0, 4, 4, 1, 518400, 0x0c30bfa0 0, 5, 5, 1, 518400, 0x1a5b6a69 -0, 6, 6, 1, 518400, 0x6ae6232e +0, 6, 6, 1, 518400, 0x23470858 0, 7, 7, 1, 518400, 0x9a4e3c54 -0, 8, 8, 1, 518400, 0xe5852b45 +0, 8, 8, 1, 518400, 0xad63160b 0, 9, 9, 1, 518400, 0x0fcfeebc -0, 10, 10, 1, 518400, 0x06e22dc3 +0, 10, 10, 1, 518400, 0x20b31777 0, 11, 11, 1, 518400, 0x9d79df09 -0, 12, 12, 1, 518400, 0xcb2c716f +0, 12, 12, 1, 518400, 0x3e86766f 0, 13, 13, 1, 518400, 0x638a8746 -0, 14, 14, 1, 518400, 0xf7032efd +0, 14, 14, 1, 518400, 0x7a6c1a0e 0, 15, 15, 1, 518400, 0x306f6cef -0, 16, 16, 1, 518400, 0xe83d2518 +0, 16, 16, 1, 518400, 0x81f81281 0, 17, 17, 1, 518400, 0x49ab5bf5 -0, 18, 18, 1, 518400, 0x6b336b6f +0, 18, 18, 1, 518400, 0x8f316e44 0, 19, 19, 1, 518400, 0x95ae00c9 -0, 20, 20, 1, 518400, 0x68ddb64f +0, 20, 20, 1, 518400, 0xf71bb7f5 0, 21, 21, 1, 518400, 0x5205ea68 -0, 22, 22, 1, 518400, 0xb088e617 +0, 22, 22, 1, 518400, 0x74a1d8b9 0, 23, 23, 1, 518400, 0xa3217616 -0, 24, 24, 1, 518400, 0x1723bc53 +0, 24, 24, 1, 518400, 0x2b28bbf8 0, 25, 25, 1, 518400, 0xf024872a -0, 26, 26, 1, 518400, 0x2e81a8bb +0, 26, 26, 1, 518400, 0x2fdbaaf3 0, 27, 27, 1, 518400, 0xa3a2418e -0, 28, 28, 1, 518400, 0xb7beffed +0, 28, 28, 1, 518400, 0x55bfe435 0, 29, 29, 1, 518400, 0x50fb6c94 0, 30, 30, 1, 518400, 0x5584bb40 From 753f0738cae926be97c8b853f2bb5b325ceaa612 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 21 Apr 2014 11:33:17 +0200 Subject: [PATCH 295/452] avfilter/filtfmts: Support dynamically allocated in/outputs Fixes crash Fixes Ticket3468 Signed-off-by: Michael Niedermayer (cherry picked from commit 59c7615d58b5b7ea9caff2c8c774677973eb4f1c) Signed-off-by: Michael Niedermayer --- libavfilter/filtfmts.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/libavfilter/filtfmts.c b/libavfilter/filtfmts.c index 72867292a9..789d10d724 100644 --- a/libavfilter/filtfmts.c +++ b/libavfilter/filtfmts.c @@ -38,7 +38,7 @@ static void print_formats(AVFilterContext *filter_ctx) for (j = 0; j < fmts->format_count; j++) \ if(av_get_pix_fmt_name(fmts->formats[j])) \ printf(#INOUT "PUT[%d] %s: fmt:%s\n", \ - i, filter_ctx->filter->inout##puts[i].name, \ + i, filter_ctx->inout##put_pads[i].name, \ av_get_pix_fmt_name(fmts->formats[j])); \ } else if (filter_ctx->inout##puts[i]->type == AVMEDIA_TYPE_AUDIO) { \ AVFilterFormats *fmts; \ @@ -47,7 +47,7 @@ static void print_formats(AVFilterContext *filter_ctx) fmts = filter_ctx->inout##puts[i]->outin##_formats; \ for (j = 0; j < fmts->format_count; j++) \ printf(#INOUT "PUT[%d] %s: fmt:%s\n", \ - i, filter_ctx->filter->inout##puts[i].name, \ + i, filter_ctx->inout##put_pads[i].name, \ av_get_sample_fmt_name(fmts->formats[j])); \ \ layouts = filter_ctx->inout##puts[i]->outin##_channel_layouts; \ @@ -56,7 +56,7 @@ static void print_formats(AVFilterContext *filter_ctx) av_get_channel_layout_string(buf, sizeof(buf), -1, \ layouts->channel_layouts[j]); \ printf(#INOUT "PUT[%d] %s: chlayout:%s\n", \ - i, filter_ctx->filter->inout##puts[i].name, buf); \ + i, filter_ctx->inout##put_pads[i].name, buf); \ } \ } \ } \ @@ -106,12 +106,12 @@ int main(int argc, char **argv) /* create a link for each of the input pads */ for (i = 0; i < filter_ctx->input_count; i++) { AVFilterLink *link = av_mallocz(sizeof(AVFilterLink)); - link->type = filter_ctx->filter->inputs[i].type; + link->type = filter_ctx->input_pads[i].type; filter_ctx->inputs[i] = link; } for (i = 0; i < filter_ctx->output_count; i++) { AVFilterLink *link = av_mallocz(sizeof(AVFilterLink)); - link->type = filter_ctx->filter->outputs[i].type; + link->type = filter_ctx->output_pads[i].type; filter_ctx->outputs[i] = link; } From 9ade5b804ea1ff98971972769c43497a597b0e77 Mon Sep 17 00:00:00 2001 From: Xi Wang Date: Fri, 15 Mar 2013 06:59:22 -0400 Subject: [PATCH 296/452] lzo: fix overflow checking in copy_backptr() The check `src > dst' in the form `&c->out[-back] > c->out' invokes pointer overflow, which is undefined behavior in C. Remove the check. Also replace `&c->out[-back] < c->out_start' with a safe form `c->out - c->out_start < back' to avoid overflow. CC: libav-stable@libav.org Signed-off-by: Xi Wang Signed-off-by: Luca Barbato (cherry picked from commit ca6c3f2c53be70aa3c38e8f1292809db89ea1ba6) Signed-off-by: Michael Niedermayer --- libavutil/lzo.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libavutil/lzo.c b/libavutil/lzo.c index c723257212..221a66b9ab 100644 --- a/libavutil/lzo.c +++ b/libavutil/lzo.c @@ -110,9 +110,8 @@ static inline void copy(LZOContext *c, int cnt) */ static inline void copy_backptr(LZOContext *c, int back, int cnt) { - register const uint8_t *src = &c->out[-back]; register uint8_t *dst = c->out; - if (src < c->out_start || src > dst) { + if (dst - c->out_start < back) { c->error |= AV_LZO_INVALID_BACKPTR; return; } From eada99a854f8684c92dba3ce5554a9bdd8304a16 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 20 Jun 2014 03:15:28 +0200 Subject: [PATCH 297/452] avutil/lzo: Fix integer overflow Embargoed-till: 2014-06-27 requested by researcher, but embargo broken by libav today (git and mailing list) Fixes: LMS-2014-06-16-4 Found-by: "Don A. Bailey" See: ccda51b14c0fcae2fad73a24872dce75a7964996 Signed-off-by: Michael Niedermayer (cherry picked from commit d6af26c55c1ea30f85a7d9edbc373f53be1743ee) Signed-off-by: Michael Niedermayer --- libavutil/lzo.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/libavutil/lzo.c b/libavutil/lzo.c index 221a66b9ab..82dba94771 100644 --- a/libavutil/lzo.c +++ b/libavutil/lzo.c @@ -65,8 +65,13 @@ static inline int get_len(LZOContext *c, int x, int mask) { int cnt = x & mask; if (!cnt) { - while (!(x = get_byte(c))) + while (!(x = get_byte(c))) { + if (cnt >= INT_MAX - 1000) { + c->error |= AV_LZO_ERROR; + break; + } cnt += 255; + } cnt += mask + x; } return cnt; From ecd30280f5ef3bd5c087ab5c457d115739717e39 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 23 Jun 2014 14:45:47 +0200 Subject: [PATCH 298/452] avutil/lzo: add asserts to be double sure against overflows These asserts cannot fail since d6af26c55c1ea30f85a7d9edbc373f53be1743ee Based-on: ccda51b14c0fcae2fad73a24872dce75a7964996 Signed-off-by: Michael Niedermayer (cherry picked from commit cf2b7c01f81c1fb3283a1390c0ca9a2f81f4f4a8) Signed-off-by: Michael Niedermayer --- libavutil/lzo.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavutil/lzo.c b/libavutil/lzo.c index 82dba94771..6104fc3085 100644 --- a/libavutil/lzo.c +++ b/libavutil/lzo.c @@ -22,6 +22,7 @@ #include #include "avutil.h" +#include "avassert.h" #include "common.h" #include "intreadwrite.h" #include "lzo.h" @@ -85,6 +86,7 @@ static inline void copy(LZOContext *c, int cnt) { register const uint8_t *src = c->in; register uint8_t *dst = c->out; + av_assert0(cnt >= 0); if (cnt > c->in_end - src) { cnt = FFMAX(c->in_end - src, 0); c->error |= AV_LZO_INPUT_DEPLETED; @@ -116,6 +118,7 @@ static inline void copy(LZOContext *c, int cnt) static inline void copy_backptr(LZOContext *c, int back, int cnt) { register uint8_t *dst = c->out; + av_assert0(cnt > 0); if (dst - c->out_start < back) { c->error |= AV_LZO_INVALID_BACKPTR; return; From c75a915f66f2808c7d545e7b91a9242b9752d3f9 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 23 Apr 2014 06:04:50 +0200 Subject: [PATCH 299/452] avformat/mux: Check for and remove invalid packet durations Fixes assertion failure Fixes Ticket3575 Signed-off-by: Michael Niedermayer (cherry picked from commit dc6a17cf74a90e41d70ea1753cdb70c0a5b2ced8) Signed-off-by: Michael Niedermayer --- libavformat/mux.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libavformat/mux.c b/libavformat/mux.c index 98ec7a4cf2..14c12621aa 100644 --- a/libavformat/mux.c +++ b/libavformat/mux.c @@ -410,6 +410,12 @@ static int compute_pkt_fields2(AVFormatContext *s, AVStream *st, AVPacket *pkt) av_dlog(s, "compute_pkt_fields2: pts:%s dts:%s cur_dts:%s b:%d size:%d st:%d\n", av_ts2str(pkt->pts), av_ts2str(pkt->dts), av_ts2str(st->cur_dts), delay, pkt->size, pkt->stream_index); + if (pkt->duration < 0 && st->codec->codec_type != AVMEDIA_TYPE_SUBTITLE) { + av_log(s, AV_LOG_WARNING, "Packet with invalid duration %d in stream %d\n", + pkt->duration, pkt->stream_index); + pkt->duration = 0; + } + /* duration field */ if (pkt->duration == 0) { ff_compute_frame_duration(&num, &den, st, NULL, pkt); From 26d725344155d7e1b079f837bb87b491a4da5c08 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 23 Apr 2014 21:47:48 +0200 Subject: [PATCH 300/452] avformat/h263dec: Fix h263 probe The code was missing 1 bit in the src format Signed-off-by: Michael Niedermayer (cherry picked from commit fc145e576a443bfc89efdf35b91fd3c9ca0d8388) Signed-off-by: Michael Niedermayer --- libavformat/h263dec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/h263dec.c b/libavformat/h263dec.c index 667fdbdcbb..30fd454c49 100644 --- a/libavformat/h263dec.c +++ b/libavformat/h263dec.c @@ -35,7 +35,7 @@ static int h263_probe(AVProbeData *p) for(i=0; ibuf_size; i++){ code = (code<<8) + p->buf[i]; if ((code & 0xfffffc0000) == 0x800000) { - src_fmt= (code>>2)&3; + src_fmt= (code>>2)&7; if( src_fmt != last_src_fmt && last_src_fmt>0 && last_src_fmt<6 && src_fmt<6) From c7e9626b7b5958847bb971028a3f4534f3898cae Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 24 Apr 2014 01:25:46 +0200 Subject: [PATCH 301/452] swresample: fix AV_CH_LAYOUT_STEREO_DOWNMIX input Fixes Ticket 3542 Signed-off-by: Michael Niedermayer (cherry picked from commit 291d464161a5bf3b566bc147f83e4242b0c18d74) Signed-off-by: Michael Niedermayer --- libswresample/rematrix.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libswresample/rematrix.c b/libswresample/rematrix.c index 541f46a782..392eec838c 100644 --- a/libswresample/rematrix.c +++ b/libswresample/rematrix.c @@ -122,6 +122,11 @@ av_cold static int auto_matrix(SwrContext *s) ) out_ch_layout = AV_CH_LAYOUT_STEREO; + if( in_ch_layout == AV_CH_LAYOUT_STEREO_DOWNMIX + && (out_ch_layout & AV_CH_LAYOUT_STEREO_DOWNMIX) == 0 + ) + in_ch_layout = AV_CH_LAYOUT_STEREO; + if(!sane_layout(in_ch_layout)){ av_get_channel_layout_string(buf, sizeof(buf), -1, s->in_ch_layout); av_log(s, AV_LOG_ERROR, "Input channel layout '%s' is not supported\n", buf); From 3c385ea24cb68a9c6679a402db6cf15b88b515f5 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 27 Apr 2014 03:45:12 +0200 Subject: [PATCH 302/452] ffmpeg_filter: fix pointer to local outside scope Fixes CID1206652 Signed-off-by: Michael Niedermayer (cherry picked from commit 09b16619d33ddf93005060d0782f28a1c1cbb7f6) Signed-off-by: Michael Niedermayer --- ffmpeg_filter.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/ffmpeg_filter.c b/ffmpeg_filter.c index bdf43638ae..be2114b429 100644 --- a/ffmpeg_filter.c +++ b/ffmpeg_filter.c @@ -43,12 +43,15 @@ enum AVPixelFormat choose_pixel_fmt(AVStream *st, AVCodec *codec, enum AVPixelFo const AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(target); int has_alpha = desc ? desc->nb_components % 2 == 0 : 0; enum AVPixelFormat best= AV_PIX_FMT_NONE; + const enum AVPixelFormat mjpeg_formats[] = { AV_PIX_FMT_YUVJ420P, AV_PIX_FMT_YUVJ422P, AV_PIX_FMT_YUV420P, AV_PIX_FMT_YUV422P, AV_PIX_FMT_NONE }; + const enum AVPixelFormat ljpeg_formats[] = { AV_PIX_FMT_YUVJ420P, AV_PIX_FMT_YUVJ422P, AV_PIX_FMT_YUVJ444P, AV_PIX_FMT_YUV420P, + AV_PIX_FMT_YUV422P, AV_PIX_FMT_YUV444P, AV_PIX_FMT_BGRA, AV_PIX_FMT_NONE }; + if (st->codec->strict_std_compliance <= FF_COMPLIANCE_UNOFFICIAL) { if (st->codec->codec_id == AV_CODEC_ID_MJPEG) { - p = (const enum AVPixelFormat[]) { AV_PIX_FMT_YUVJ420P, AV_PIX_FMT_YUVJ422P, AV_PIX_FMT_YUV420P, AV_PIX_FMT_YUV422P, AV_PIX_FMT_NONE }; + p = mjpeg_formats; } else if (st->codec->codec_id == AV_CODEC_ID_LJPEG) { - p = (const enum AVPixelFormat[]) { AV_PIX_FMT_YUVJ420P, AV_PIX_FMT_YUVJ422P, AV_PIX_FMT_YUVJ444P, AV_PIX_FMT_YUV420P, - AV_PIX_FMT_YUV422P, AV_PIX_FMT_YUV444P, AV_PIX_FMT_BGRA, AV_PIX_FMT_NONE }; + p =ljpeg_formats; } } for (; *p != AV_PIX_FMT_NONE; p++) { From 0607c8af2bd108410c0882dd96533c6ceaef617a Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 27 Apr 2014 05:32:56 +0200 Subject: [PATCH 303/452] avcodec/mjpegdec: Fix undefined shift Fixes CID1194388 Signed-off-by: Michael Niedermayer (cherry picked from commit b4329605289e25bb071ec1c1182bf25fc83b09aa) Signed-off-by: Michael Niedermayer --- libavcodec/mjpegdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index 27b0e5bff1..b9c6950b1a 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -1144,7 +1144,7 @@ static int mjpeg_decode_scan_progressive_ac(MJpegDecodeContext *s, int ss, } if (!Al) { - s->coefs_finished[c] |= (1LL << (se + 1)) - (1LL << ss); + s->coefs_finished[c] |= (2LL << se) - (1LL << ss); last_scan = !~s->coefs_finished[c]; } From 4ecd7182851f0f4876af4cc78e6a6308714f67c4 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 28 Apr 2014 04:01:50 +0200 Subject: [PATCH 304/452] avfilter/graphdump: Fix pointer to local outside scope Fixes CID1194435 Signed-off-by: Michael Niedermayer (cherry picked from commit 18af0ce62da322176f7bd283b85314d2f41bee2c) Signed-off-by: Michael Niedermayer --- libavfilter/graphdump.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavfilter/graphdump.c b/libavfilter/graphdump.c index 45f64c0146..478afc654a 100644 --- a/libavfilter/graphdump.c +++ b/libavfilter/graphdump.c @@ -31,9 +31,10 @@ static int print_link_prop(AVBPrint *buf, AVFilterLink *link) { char *format; char layout[64]; + AVBPrint dummy_buffer = { 0 }; if (!buf) - buf = &(AVBPrint){ 0 }; /* dummy buffer */ + buf = &dummy_buffer; switch (link->type) { case AVMEDIA_TYPE_VIDEO: format = av_x_if_null(av_get_pix_fmt_name(link->format), "?"); From 4b638ea42d31452f91203919c1581ec61ba77275 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 19 May 2014 06:19:23 +0200 Subject: [PATCH 305/452] avcodec/diracdec: move mc buffer allocation to per frame Fixes out of array accesses for non default buffers with large strides Signed-off-by: Michael Niedermayer (cherry picked from commit 4a30f08505a4e85718896ff233c97be41a9754ca) (cherry picked from commit 9c9fc79d9237d28e33161cb2e75082d8ad232b2e) Signed-off-by: Michael Niedermayer --- libavcodec/diracdec.c | 47 ++++++++++++++++++++++++++++++++++--------- 1 file changed, 37 insertions(+), 10 deletions(-) diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c index 2ce730dd99..08771e5c3c 100644 --- a/libavcodec/diracdec.c +++ b/libavcodec/diracdec.c @@ -201,6 +201,7 @@ typedef struct DiracContext { uint16_t *mctmp; /* buffer holding the MC data multipled by OBMC weights */ uint8_t *mcscratch; + int buffer_stride; DECLARE_ALIGNED(16, uint8_t, obmc_weight)[3][MAX_BLOCKSIZE*MAX_BLOCKSIZE]; @@ -343,22 +344,44 @@ static int alloc_sequence_buffers(DiracContext *s) return AVERROR(ENOMEM); } - w = s->source.width; - h = s->source.height; - /* fixme: allocate using real stride here */ - s->sbsplit = av_malloc(sbwidth * sbheight); - s->blmotion = av_malloc(sbwidth * sbheight * 16 * sizeof(*s->blmotion)); - s->edge_emu_buffer_base = av_malloc((w+64)*MAX_BLOCKSIZE); + s->sbsplit = av_malloc_array(sbwidth, sbheight); + s->blmotion = av_malloc_array(sbwidth, sbheight * 16 * sizeof(*s->blmotion)); - s->mctmp = av_malloc((w+64+MAX_BLOCKSIZE) * (h+MAX_BLOCKSIZE) * sizeof(*s->mctmp)); - s->mcscratch = av_malloc((w+64)*MAX_BLOCKSIZE); - - if (!s->sbsplit || !s->blmotion || !s->mctmp || !s->mcscratch) + if (!s->sbsplit || !s->blmotion) return AVERROR(ENOMEM); return 0; } +static int alloc_buffers(DiracContext *s, int stride) +{ + int w = s->source.width; + int h = s->source.height; + + av_assert0(stride >= w); + stride += 64; + + if (s->buffer_stride >= stride) + return 0; + s->buffer_stride = 0; + + av_freep(&s->edge_emu_buffer_base); + memset(s->edge_emu_buffer, 0, sizeof(s->edge_emu_buffer)); + av_freep(&s->mctmp); + av_freep(&s->mcscratch); + + s->edge_emu_buffer_base = av_malloc_array(stride, MAX_BLOCKSIZE); + + s->mctmp = av_malloc_array((stride+MAX_BLOCKSIZE), (h+MAX_BLOCKSIZE) * sizeof(*s->mctmp)); + s->mcscratch = av_malloc_array(stride, MAX_BLOCKSIZE); + + if (!s->edge_emu_buffer_base || !s->mctmp || !s->mcscratch) + return AVERROR(ENOMEM); + + s->buffer_stride = stride; + return 0; +} + static void free_sequence_buffers(DiracContext *s) { int i, j, k; @@ -382,6 +405,7 @@ static void free_sequence_buffers(DiracContext *s) av_freep(&s->plane[i].idwt_tmp); } + s->buffer_stride = 0; av_freep(&s->sbsplit); av_freep(&s->blmotion); av_freep(&s->edge_emu_buffer_base); @@ -1818,6 +1842,9 @@ static int dirac_decode_data_unit(AVCodecContext *avctx, const uint8_t *buf, int s->plane[1].stride = pic->avframe.linesize[1]; s->plane[2].stride = pic->avframe.linesize[2]; + if (alloc_buffers(s, FFMAX3(FFABS(s->plane[0].stride), FFABS(s->plane[1].stride), FFABS(s->plane[2].stride))) < 0) + return AVERROR(ENOMEM); + /* [DIRAC_STD] 11.1 Picture parse. picture_parse() */ if (dirac_decode_picture_header(s)) return -1; From 2b8490b762d97fa4024c6e5dc169ff31e2c4db30 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 20 May 2014 05:23:52 +0200 Subject: [PATCH 306/452] avutil/cpu: force mmx on selection of higher x86 SIMD features Fixes various runtime failures with manually set flags that represent no existing CPU Fixes Ticket3653 Signed-off-by: Michael Niedermayer (cherry picked from commit 6310eb8010b7a3b3016e297132380cbd4e3d2d10) Signed-off-by: Michael Niedermayer --- libavutil/cpu.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/libavutil/cpu.c b/libavutil/cpu.c index a1d1547033..85bc2d6499 100644 --- a/libavutil/cpu.c +++ b/libavutil/cpu.c @@ -23,6 +23,24 @@ static int flags, checked; void av_force_cpu_flags(int arg){ + if ( (arg & ( AV_CPU_FLAG_3DNOW | + AV_CPU_FLAG_3DNOWEXT | + AV_CPU_FLAG_SSE | + AV_CPU_FLAG_SSE2 | + AV_CPU_FLAG_SSE2SLOW | + AV_CPU_FLAG_SSE3 | + AV_CPU_FLAG_SSE3SLOW | + AV_CPU_FLAG_SSSE3 | + AV_CPU_FLAG_SSE4 | + AV_CPU_FLAG_SSE42 | + AV_CPU_FLAG_AVX | + AV_CPU_FLAG_XOP | + AV_CPU_FLAG_FMA4 )) + && !(arg & AV_CPU_FLAG_MMX)) { + av_log(NULL, AV_LOG_WARNING, "MMX implied by specified flags\n"); + arg |= AV_CPU_FLAG_MMX; + } + flags = arg; checked = arg != -1; } From 5691d9a6c1290597b7c66f26da060c2f94fafee7 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 21 May 2014 03:02:06 +0200 Subject: [PATCH 307/452] avcodec/libvorbisenc: dont add the duration to AV_NOPTS_VALUE Signed-off-by: Michael Niedermayer (cherry picked from commit 19e66c7232d96e4ae8f05b52da2b84dfaa4e4da3) Signed-off-by: Michael Niedermayer --- libavcodec/libvorbisenc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/libvorbisenc.c b/libavcodec/libvorbisenc.c index 1c0dab65e9..21cc4415fb 100644 --- a/libavcodec/libvorbisenc.c +++ b/libavcodec/libvorbisenc.c @@ -362,7 +362,8 @@ static int oggvorbis_encode_frame(AVCodecContext *avctx, AVPacket *avpkt, avctx->delay = duration; av_assert0(!s->afq.remaining_delay); s->afq.frames->duration += duration; - s->afq.frames->pts -= duration; + if (s->afq.frames->pts != AV_NOPTS_VALUE) + s->afq.frames->pts -= duration; s->afq.remaining_samples += duration; } ff_af_queue_remove(&s->afq, duration, &avpkt->pts, &avpkt->duration); From b2b4df8d51b3636776fb68e0aca8261c232ea417 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 25 May 2014 03:19:47 +0200 Subject: [PATCH 308/452] avcodec/aac: fix () in IS_CODEBOOK_UNSIGNED macro Signed-off-by: Michael Niedermayer (cherry picked from commit fa915d4193e13187773c500b80c7df6baeb22c3b) Signed-off-by: Michael Niedermayer --- libavcodec/aac.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/aac.h b/libavcodec/aac.h index d586e271da..e24351eee0 100644 --- a/libavcodec/aac.h +++ b/libavcodec/aac.h @@ -81,7 +81,7 @@ enum BandType { INTENSITY_BT = 15, ///< Scalefactor data are intensity stereo positions. }; -#define IS_CODEBOOK_UNSIGNED(x) ((x - 1) & 10) +#define IS_CODEBOOK_UNSIGNED(x) (((x) - 1) & 10) enum ChannelPosition { AAC_CHANNEL_OFF = 0, From ea7fbd0b1699dd832b66691a8960e1e000be7e9a Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 25 May 2014 03:27:56 +0200 Subject: [PATCH 309/452] avcodec/golomb-test: fix () in EXTEND() macro Signed-off-by: Michael Niedermayer (cherry picked from commit 97e6b5ee3a16fee7d130f19f4dcee030f14d91cf) Signed-off-by: Michael Niedermayer --- libavcodec/golomb-test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/golomb-test.c b/libavcodec/golomb-test.c index 8adcdf63d8..2dfe917144 100644 --- a/libavcodec/golomb-test.c +++ b/libavcodec/golomb-test.c @@ -58,7 +58,7 @@ int main(void) } } -#define EXTEND(i) (i << 3 | i & 7) +#define EXTEND(i) ((i) << 3 | (i) & 7) init_put_bits(&pb, temp, SIZE); for (i = 0; i < COUNT; i++) set_ue_golomb(&pb, EXTEND(i)); From 8d1f38c4b1eb737f4a764f955f1b51fa4621c510 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 25 May 2014 05:17:51 +0200 Subject: [PATCH 310/452] avcodec/mlpdec: fix () in MSB_MASK() macro Signed-off-by: Michael Niedermayer (cherry picked from commit fa160af08b6f42f17e93124aef86e3f6eec70d51) Signed-off-by: Michael Niedermayer --- libavcodec/mlpdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mlpdec.c b/libavcodec/mlpdec.c index c763624f1c..b8c69efe15 100644 --- a/libavcodec/mlpdec.c +++ b/libavcodec/mlpdec.c @@ -813,7 +813,7 @@ static int read_decoding_params(MLPDecodeContext *m, GetBitContext *gbp, return 0; } -#define MSB_MASK(bits) (-1u << bits) +#define MSB_MASK(bits) (-1u << (bits)) /** Generate PCM samples using the prediction filters and residual values * read from the data stream, and update the filter state. */ From 5626e11bd553163530c9450667f8779b19ab23cd Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 25 May 2014 05:18:47 +0200 Subject: [PATCH 311/452] avcodec/mss34dsp: fix () in SOP* macros Signed-off-by: Michael Niedermayer (cherry picked from commit 6e720c5c815e510188a0bda654662383f2c48050) Signed-off-by: Michael Niedermayer --- libavcodec/mss34dsp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/mss34dsp.c b/libavcodec/mss34dsp.c index e4d4299805..0397add17d 100644 --- a/libavcodec/mss34dsp.c +++ b/libavcodec/mss34dsp.c @@ -84,8 +84,8 @@ void ff_mss34_gen_quant_mat(uint16_t *qmat, int quality, int luma) blk[6 * step] = (-(t3 + t7) + t8 + tA) >> shift; \ blk[7 * step] = (-(t1 + t6) + t9 + tB) >> shift; \ -#define SOP_ROW(a) ((a) << 16) + 0x2000 -#define SOP_COL(a) ((a + 32) << 16) +#define SOP_ROW(a) (((a) << 16) + 0x2000) +#define SOP_COL(a) (((a) + 32) << 16) void ff_mss34_dct_put(uint8_t *dst, int stride, int *block) { From d13cf32099faa419a4e0e1b7722d98411b0b2586 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 25 May 2014 05:19:09 +0200 Subject: [PATCH 312/452] avcodec/mss4: Fix () in MKVAL() macro Signed-off-by: Michael Niedermayer (cherry picked from commit cf7ff0146c76b93c32edf5230a28b9590acf5105) Signed-off-by: Michael Niedermayer --- libavcodec/mss4.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mss4.c b/libavcodec/mss4.c index 977e1e5552..f2a8aa6a8b 100644 --- a/libavcodec/mss4.c +++ b/libavcodec/mss4.c @@ -363,7 +363,7 @@ static int get_value_cached(GetBitContext *gb, int vec_pos, uint8_t *vec, return prev[component]; } -#define MKVAL(vals) (vals[0] | (vals[1] << 3) | (vals[2] << 6)) +#define MKVAL(vals) ((vals)[0] | ((vals)[1] << 3) | ((vals)[2] << 6)) /* Image mode - the hardest to comprehend MSS4 coding mode. * From f2aaee49b2414f16ea117c84dcabf8203aad9889 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 7 Jun 2014 12:03:31 +0200 Subject: [PATCH 313/452] avformat/flvenc: Do not allow creating h263/mpeg4 in flv without unofficial format extensions being enabled. Found-by: Jean-Baptiste Kempf Signed-off-by: Michael Niedermayer (cherry picked from commit 74760883fcb4443d105814ed246b3cf51d7e9dca) Signed-off-by: Michael Niedermayer --- libavformat/flvenc.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/libavformat/flvenc.c b/libavformat/flvenc.c index e1dd43f716..c5ed800ac8 100644 --- a/libavformat/flvenc.c +++ b/libavformat/flvenc.c @@ -218,6 +218,18 @@ static int flv_write_header(AVFormatContext *s) avcodec_get_name(enc->codec_id), i); return AVERROR(EINVAL); } + if (enc->codec_id == AV_CODEC_ID_MPEG4 || + enc->codec_id == AV_CODEC_ID_H263) { + int error = enc->strict_std_compliance > FF_COMPLIANCE_UNOFFICIAL; + av_log(s, error ? AV_LOG_ERROR : AV_LOG_WARNING, + "Codec %s is not supported in the official FLV specification,\n", avcodec_get_name(enc->codec_id)); + + if (error) { + av_log(s, AV_LOG_ERROR, + "use vstrict=-1 / -strict -1 to use it anyway.\n"); + return AVERROR(EINVAL); + } + } break; case AVMEDIA_TYPE_AUDIO: audio_enc = enc; From 9d77a6293627663d5052d05697303b53efd5d220 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 8 Jun 2014 14:30:30 +0200 Subject: [PATCH 314/452] avcodec/alsdec: Clear MPEG4AudioConfig so that no use of uninitialized memory is possible Signed-off-by: Michael Niedermayer (cherry picked from commit 6e6bd5481cf42a9765c492c77754d4633092cece) Signed-off-by: Michael Niedermayer --- libavcodec/alsdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c index a6d70d44e2..7a7733a2b0 100644 --- a/libavcodec/alsdec.c +++ b/libavcodec/alsdec.c @@ -284,7 +284,7 @@ static av_cold int read_specific_config(ALSDecContext *ctx) GetBitContext gb; uint64_t ht_size; int i, config_offset; - MPEG4AudioConfig m4ac; + MPEG4AudioConfig m4ac = {0}; ALSSpecificConfig *sconf = &ctx->sconf; AVCodecContext *avctx = ctx->avctx; uint32_t als_id, header_size, trailer_size; From c2b72eac6cfe5170c27db98cbc940540a91e3802 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 15 Jun 2014 00:49:02 +0200 Subject: [PATCH 315/452] avformat/mpc: attempt to allocate a packet that is not smaller than the data inside it Signed-off-by: Michael Niedermayer (cherry picked from commit 86a9370e2b91d67375e66a06d6eb573b5a017775) Signed-off-by: Michael Niedermayer --- libavformat/mpc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mpc.c b/libavformat/mpc.c index b0f6f533e1..a46919ba36 100644 --- a/libavformat/mpc.c +++ b/libavformat/mpc.c @@ -153,7 +153,7 @@ static int mpc_read_packet(AVFormatContext *s, AVPacket *pkt) } c->curbits = (curbits + size2) & 0x1F; - if ((ret = av_new_packet(pkt, size)) < 0) + if ((ret = av_new_packet(pkt, size + 4)) < 0) return ret; pkt->data[0] = curbits; From cc8d20e345e231543888a07e4063303758285307 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 23 Jun 2014 18:32:54 +0200 Subject: [PATCH 316/452] Update for FFmpeg 1.2.7 Signed-off-by: Michael Niedermayer --- RELEASE | 2 +- VERSION | 2 +- doc/Doxyfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/RELEASE b/RELEASE index 3c43790f5d..c04c650a7a 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -1.2.6 +1.2.7 diff --git a/VERSION b/VERSION index 3c43790f5d..c04c650a7a 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.2.6 +1.2.7 diff --git a/doc/Doxyfile b/doc/Doxyfile index e803996a0e..ff719a45fa 100644 --- a/doc/Doxyfile +++ b/doc/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 1.2.6 +PROJECT_NUMBER = 1.2.7 # With the PROJECT_LOGO tag one can specify an logo or icon that is included # in the documentation. The maximum height of the logo should not exceed 55 From c285db74f6477a09b7ebaa8c526d2a0d9c94a498 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 13 Jul 2014 01:07:59 +0200 Subject: [PATCH 317/452] avformat/utils: do not wait for packets from discarded streams for genpts Fixes long loop Fixes Ticket3208 Signed-off-by: Michael Niedermayer (cherry picked from commit 8202c49b43621c04e26d4a3aa83a10e1e5cc1836) Signed-off-by: Michael Niedermayer --- libavformat/utils.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index d32f584197..9dd403f9f8 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -1533,7 +1533,8 @@ int av_read_frame(AVFormatContext *s, AVPacket *pkt) } /* read packet from packet buffer, if there is data */ - if (!(next_pkt->pts == AV_NOPTS_VALUE && + st = s->streams[next_pkt->stream_index]; + if (!(next_pkt->pts == AV_NOPTS_VALUE && st->discard < AVDISCARD_ALL && next_pkt->dts != AV_NOPTS_VALUE && !eof)) { ret = read_from_packet_buffer(&s->packet_buffer, &s->packet_buffer_end, pkt); From f70ee7d14fcf990bfcc0acea4d73108842bf6d20 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 2 Aug 2014 00:27:23 +0200 Subject: [PATCH 318/452] avcodec/dvdsub_parser: never return 0 when the input isnt 0 Fixes a infinite loop Fixes Ticket3804 Signed-off-by: Michael Niedermayer (cherry picked from commit cfdb30d2f1241de9354a8efdbf8252d0f1a6f933) Signed-off-by: Michael Niedermayer --- libavcodec/dvdsub_parser.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/dvdsub_parser.c b/libavcodec/dvdsub_parser.c index e50c3396e4..9a6457e8b4 100644 --- a/libavcodec/dvdsub_parser.c +++ b/libavcodec/dvdsub_parser.c @@ -46,7 +46,7 @@ static int dvdsub_parse(AVCodecParserContext *s, if (pc->packet_index == 0) { if (buf_size < 2) - return 0; + return buf_size; pc->packet_len = AV_RB16(buf); if (pc->packet_len == 0) /* HD-DVD subpicture packet */ pc->packet_len = AV_RB32(buf+2); From 454f6c622c45e09e3b7e2a2f45bbb098ae3f2588 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 2 Aug 2014 01:15:37 +0200 Subject: [PATCH 319/452] avcodec/dvdsub_parser: Check buf_size before reading 32bit packet size Signed-off-by: Michael Niedermayer (cherry picked from commit 81c1657a593b1c0f8e46fca00ead1d30ee1cd418) Signed-off-by: Michael Niedermayer --- libavcodec/dvdsub_parser.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/dvdsub_parser.c b/libavcodec/dvdsub_parser.c index 9a6457e8b4..07ed4f72fc 100644 --- a/libavcodec/dvdsub_parser.c +++ b/libavcodec/dvdsub_parser.c @@ -45,8 +45,9 @@ static int dvdsub_parse(AVCodecParserContext *s, DVDSubParseContext *pc = s->priv_data; if (pc->packet_index == 0) { - if (buf_size < 2) + if (buf_size < 2 || AV_RB16(buf) && buf_size < 6) { return buf_size; + } pc->packet_len = AV_RB16(buf); if (pc->packet_len == 0) /* HD-DVD subpicture packet */ pc->packet_len = AV_RB32(buf+2); From b4632cec7401b4a136491f8bf3ad7983aa3ef30c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 2 Aug 2014 01:16:14 +0200 Subject: [PATCH 320/452] avcodec/dvdsub_parser: print message if packet is smaller than the packet size field Signed-off-by: Michael Niedermayer (cherry picked from commit bcc898dd2643c883522ffa565be4b226ce798c78) Signed-off-by: Michael Niedermayer --- libavcodec/dvdsub_parser.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/dvdsub_parser.c b/libavcodec/dvdsub_parser.c index 07ed4f72fc..32a945ed65 100644 --- a/libavcodec/dvdsub_parser.c +++ b/libavcodec/dvdsub_parser.c @@ -46,6 +46,8 @@ static int dvdsub_parse(AVCodecParserContext *s, if (pc->packet_index == 0) { if (buf_size < 2 || AV_RB16(buf) && buf_size < 6) { + if (buf_size) + av_log(avctx, AV_LOG_DEBUG, "Parser input %d too small\n", buf_size); return buf_size; } pc->packet_len = AV_RB16(buf); From ca232ff9b0af13af68d58f7a7306092dc55409ac Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 2 Aug 2014 22:30:03 +0200 Subject: [PATCH 321/452] avformat/tee: flip assigment direction Found-by: CSA Reviewed-by: Nicolas George Signed-off-by: Michael Niedermayer (cherry picked from commit 2e6fdcb7f3c86491408a3699f0aa9dc52b7c5686) Signed-off-by: Michael Niedermayer --- libavformat/tee.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/tee.c b/libavformat/tee.c index f41327bc7e..392c4bd589 100644 --- a/libavformat/tee.c +++ b/libavformat/tee.c @@ -251,7 +251,7 @@ static int tee_write_packet(AVFormatContext *avf, AVPacket *pkt) if ((ret = av_copy_packet(&pkt2, pkt)) < 0 || (ret = av_dup_packet(&pkt2))< 0) if (!ret_all) { - ret = ret_all; + ret_all = ret; continue; } tb = avf ->streams[s]->time_base; From f712d3669e2eed4a57b0e4d85d2902a2036de89e Mon Sep 17 00:00:00 2001 From: Anton Khirnov Date: Wed, 6 Aug 2014 10:56:34 +0000 Subject: [PATCH 322/452] cdgraphics: do not return 0 from the decode function 0 means no data consumed, so it can trigger an infinite loop in the caller. CC:libav-stable@libav.org (cherry picked from commit c7d9b473e28238d4a4ef1b7e8b42c1cca256da36) Conflicts: libavcodec/cdgraphics.c Merged-by: Michael Niedermayer --- libavcodec/cdgraphics.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libavcodec/cdgraphics.c b/libavcodec/cdgraphics.c index 94ce6ae946..7405ba5343 100644 --- a/libavcodec/cdgraphics.c +++ b/libavcodec/cdgraphics.c @@ -361,11 +361,10 @@ static int cdg_decode_frame(AVCodecContext *avctx, *got_frame = 1; } else { *got_frame = 0; - buf_size = 0; } *(AVFrame *) data = cc->frame; - return buf_size; + return avpkt->size; } static av_cold int cdg_decode_end(AVCodecContext *avctx) From abc1fa7c5a1dca1345b9471b81cfcda00c56220d Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 10 Aug 2014 21:59:33 +0200 Subject: [PATCH 323/452] avcodec/iff: check pixfmt for rgb8 / rgbn Fixes out of array access Found-by: Piotr Bandurski Signed-off-by: Michael Niedermayer (cherry picked from commit 3539d6c63a16e1b2874bb037a86f317449c58770) Conflicts: libavcodec/iff.c (cherry picked from commit 656f930160db48e0b7b25069c62abc340e7f0628) Conflicts: libavcodec/iff.c --- libavcodec/iff.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/iff.c b/libavcodec/iff.c index 8e7f8cae46..b4b99a5101 100644 --- a/libavcodec/iff.c +++ b/libavcodec/iff.c @@ -832,9 +832,9 @@ static int decode_frame(AVCodecContext *avctx, break; case 4: bytestream2_init(&gb, buf, buf_size); - if (avctx->codec_tag == MKTAG('R','G','B','8')) + if (avctx->codec_tag == MKTAG('R','G','B','8') && avctx->pix_fmt == AV_PIX_FMT_RGB32) decode_rgb8(&gb, s->frame.data[0], avctx->width, avctx->height, s->frame.linesize[0]); - else if (avctx->codec_tag == MKTAG('R','G','B','N')) + else if (avctx->codec_tag == MKTAG('R','G','B','N') && avctx->pix_fmt == AV_PIX_FMT_RGB444) decode_rgbn(&gb, s->frame.data[0], avctx->width, avctx->height, s->frame.linesize[0]); else return unsupported(avctx); From 61a51598e3434f9f63025e6df3b065d7986540dc Mon Sep 17 00:00:00 2001 From: Luca Barbato Date: Fri, 28 Jun 2013 03:40:35 +0200 Subject: [PATCH 324/452] lavc: move put_bits_left in put_bits.h (cherry picked from commit afe03092dd693d025d43e1620283d8d285c92772) Signed-off-by: Michael Niedermayer --- libavcodec/dv.c | 5 ----- libavcodec/put_bits.h | 8 ++++++++ 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/libavcodec/dv.c b/libavcodec/dv.c index 0812dbbacf..acf73f0218 100644 --- a/libavcodec/dv.c +++ b/libavcodec/dv.c @@ -350,11 +350,6 @@ static av_cold int dvvideo_init_encoder(AVCodecContext *avctx) static const int vs_total_ac_bits = (100 * 4 + 68*2) * 5; static const int mb_area_start[5] = { 1, 6, 21, 43, 64 }; -static inline int put_bits_left(PutBitContext* s) -{ - return (s->buf_end - s->buf) * 8 - put_bits_count(s); -} - #if CONFIG_SMALL /* Converts run and level (where level != 0) pair into VLC, returning bit size */ static av_always_inline int dv_rl2vlc(int run, int level, int sign, uint32_t* vlc) diff --git a/libavcodec/put_bits.h b/libavcodec/put_bits.h index 7320443895..e2c4a61791 100644 --- a/libavcodec/put_bits.h +++ b/libavcodec/put_bits.h @@ -75,6 +75,14 @@ static inline int put_bits_count(PutBitContext *s) return (s->buf_ptr - s->buf) * 8 + 32 - s->bit_left; } +/** + * @return the number of bits available in the bitstream. + */ +static inline int put_bits_left(PutBitContext* s) +{ + return (s->buf_end - s->buf_ptr) * 8 - 32 + s->bit_left; +} + /** * Pad the end of the output stream with zeros. */ From 18342848f7fa0c98f81049495adaf3d528b325f5 Mon Sep 17 00:00:00 2001 From: Christophe Gisquet Date: Mon, 11 Aug 2014 22:06:08 +0000 Subject: [PATCH 325/452] proresenc_kostya: report buffer overflow If the allocated size, despite best efforts, is too small, exit with the appropriate error. Signed-off-by: Michael Niedermayer (cherry picked from commit 52b81ff4635c077b2bc8b8d3637d933b6629d803) Signed-off-by: Michael Niedermayer --- libavcodec/proresenc_kostya.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/libavcodec/proresenc_kostya.c b/libavcodec/proresenc_kostya.c index 8da13ac822..d80382d9b0 100644 --- a/libavcodec/proresenc_kostya.c +++ b/libavcodec/proresenc_kostya.c @@ -456,6 +456,11 @@ static int encode_slice(AVCodecContext *avctx, const AVFrame *pic, num_cblocks, plane_factor, qmat); total_size += sizes[i]; + if (put_bits_left(pb) < 0) { + av_log(avctx, AV_LOG_ERROR, "Serious underevaluation of" + "required buffer size"); + return AVERROR_BUFFER_TOO_SMALL; + } } return total_size; } @@ -754,9 +759,9 @@ static int encode_frame(AVCodecContext *avctx, AVPacket *pkt, avctx->coded_frame->pict_type = AV_PICTURE_TYPE_I; avctx->coded_frame->key_frame = 1; - pkt_size = ctx->frame_size_upper_bound + FF_MIN_BUFFER_SIZE; + pkt_size = ctx->frame_size_upper_bound; - if ((ret = ff_alloc_packet2(avctx, pkt, pkt_size)) < 0) + if ((ret = ff_alloc_packet2(avctx, pkt, pkt_size + FF_MIN_BUFFER_SIZE)) < 0) return ret; orig_buf = pkt->data; @@ -833,7 +838,9 @@ static int encode_frame(AVCodecContext *avctx, AVPacket *pkt, slice_hdr = buf; buf += slice_hdr_size - 1; init_put_bits(&pb, buf, (pkt_size - (buf - orig_buf)) * 8); - encode_slice(avctx, pic, &pb, sizes, x, y, q, mbs_per_slice); + ret = encode_slice(avctx, pic, &pb, sizes, x, y, q, mbs_per_slice); + if (ret < 0) + return ret; bytestream_put_byte(&slice_hdr, q); slice_size = slice_hdr_size + sizes[ctx->num_planes - 1]; From ab4e54f6f6b3656482532d62ca7c1160cb850c9b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 17 Aug 2014 17:31:13 +0200 Subject: [PATCH 326/452] update for 1.2.8 Signed-off-by: Michael Niedermayer --- RELEASE | 2 +- doc/Doxyfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/RELEASE b/RELEASE index c04c650a7a..db6fb4a911 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -1.2.7 +1.2.8 diff --git a/doc/Doxyfile b/doc/Doxyfile index ff719a45fa..373665f033 100644 --- a/doc/Doxyfile +++ b/doc/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 1.2.7 +PROJECT_NUMBER = 1.2.8 # With the PROJECT_LOGO tag one can specify an logo or icon that is included # in the documentation. The maximum height of the logo should not exceed 55 From 4ce6d65b6fbe6f6482da3bdd3d396a43dd2e31af Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 19 Aug 2014 02:13:02 +0200 Subject: [PATCH 327/452] Changelog: update for 1.2.8 Signed-off-by: Michael Niedermayer --- Changelog | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/Changelog b/Changelog index 020f5f1271..1306f38cbb 100644 --- a/Changelog +++ b/Changelog @@ -1,6 +1,14 @@ Entries are sorted chronologically from oldest to youngest within each release, releases are sorted from youngest to oldest. +version 1.2.8: +- proresenc_ks: fix buffer overflow +- iff: fix crash +- cdgraphics: fix infinite loop +- Fix Ticket3804 +- Fix Ticket3208 + + version 1.2: - VDPAU hardware acceleration through normal hwaccel From 59b2a9ef957ec796ccf457aad263a52bc457b610 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 28 Jul 2014 02:22:11 +0200 Subject: [PATCH 328/452] remove VERSION file it overrides what version.sh prints and thus makes its output from release branches rather useless Signed-off-by: Michael Niedermayer (cherry picked from commit 2f71aeb30161edb5cb0fea5d3080094a22cc3038) Conflicts: VERSION (cherry picked from commit f543d32455a30c7e11206241184dfb16b8a8081c) Conflicts: VERSION --- VERSION | 1 - 1 file changed, 1 deletion(-) delete mode 100644 VERSION diff --git a/VERSION b/VERSION deleted file mode 100644 index c04c650a7a..0000000000 --- a/VERSION +++ /dev/null @@ -1 +0,0 @@ -1.2.7 From 0a64e9a0299b8ded2508be4c6f4949f8f8f57724 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 28 Jul 2014 02:40:35 +0200 Subject: [PATCH 329/452] version.sh: Print versions based on the last git tag for release branches release branches are detected by checking if "git" is not in RELEASE This changes "N-64706-g2f71aeb" to "n2.3-8-g2f71aeb" for git master theres no change This should improve the readability of lists of versions which come from more than 1 release branch or master + release. fate.ffmpeg.org is one possible example Reviewed-by: Timothy Gu Signed-off-by: Michael Niedermayer (cherry picked from commit ee606fd0317df202b59946cf9b738c0a01056316) Signed-off-by: Michael Niedermayer (cherry picked from commit 1f4d779e87050111f831f24645580f04e0b1917b) Signed-off-by: Michael Niedermayer --- version.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/version.sh b/version.sh index 8d084c2df3..2309176f7a 100755 --- a/version.sh +++ b/version.sh @@ -2,7 +2,11 @@ # check for git short hash if ! test "$revision"; then - revision=$(cd "$1" && git describe --tags --match N 2> /dev/null) + if (cd "$1" && grep git RELEASE 2> /dev/null >/dev/null) ; then + revision=$(cd "$1" && git describe --tags --match N 2> /dev/null) + else + revision=$(cd "$1" && git describe --tags --always 2> /dev/null) + fi fi # Shallow Git clones (--depth) do not have the N tag: From 30ffb80dcaf7c5cfde35aafb0caf1c71effc8255 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 22 Aug 2014 01:15:57 +0200 Subject: [PATCH 330/452] avcodec: fix aac/ac3 parser bitstream buffer size Buffers containing copies of the AAC and AC3 header bits were not padded before parsing, violating init_get_bits() buffer padding requirement, leading to potential buffer read overflows. This change adds FF_INPUT_BUFFER_PADDING_SIZE bytes to the bit buffer for parsing the header in each of aac_parser.c and ac3_parser.c. Based on patch by: Matt Wolenetz Signed-off-by: Michael Niedermayer (cherry picked from commit fccd85b9f30525f88692f53134eba41f1f2d90db) Signed-off-by: Michael Niedermayer --- libavcodec/aac_parser.c | 2 +- libavcodec/ac3_parser.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/aac_parser.c b/libavcodec/aac_parser.c index ab6ca4e268..cb93ba9482 100644 --- a/libavcodec/aac_parser.c +++ b/libavcodec/aac_parser.c @@ -34,7 +34,7 @@ static int aac_sync(uint64_t state, AACAC3ParseContext *hdr_info, int size; union { uint64_t u64; - uint8_t u8[8]; + uint8_t u8[8 + FF_INPUT_BUFFER_PADDING_SIZE]; } tmp; tmp.u64 = av_be2ne64(state); diff --git a/libavcodec/ac3_parser.c b/libavcodec/ac3_parser.c index 8dc4c0d480..acfbc2ea66 100644 --- a/libavcodec/ac3_parser.c +++ b/libavcodec/ac3_parser.c @@ -147,7 +147,7 @@ static int ac3_sync(uint64_t state, AACAC3ParseContext *hdr_info, int err; union { uint64_t u64; - uint8_t u8[8]; + uint8_t u8[8 + FF_INPUT_BUFFER_PADDING_SIZE]; } tmp = { av_be2ne64(state) }; AC3HeaderInfo hdr; GetBitContext gbc; From 48443598ed51ee7a670a80687d0d5450307cde33 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 24 Aug 2014 23:33:40 +0200 Subject: [PATCH 331/452] avcodec/utils: add GBRP16 to avcodec_align_dimensions2() Fixes Ticket3869 Signed-off-by: Michael Niedermayer (cherry picked from commit 3fe9e7be4c70c8fccdcd56fd19276e668cfb7de8) Signed-off-by: Michael Niedermayer --- libavcodec/utils.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index bd3858b2ff..8acf4c4129 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -244,6 +244,8 @@ void avcodec_align_dimensions2(AVCodecContext *s, int *width, int *height, case AV_PIX_FMT_GBRP12BE: case AV_PIX_FMT_GBRP14LE: case AV_PIX_FMT_GBRP14BE: + case AV_PIX_FMT_GBRP16LE: + case AV_PIX_FMT_GBRP16BE: w_align = 16; //FIXME assume 16 pixel per macroblock h_align = 16 * 2; // interlaced needs 2 macroblocks height break; From 0f578ea70521438e4fbb677fb6079acce893915a Mon Sep 17 00:00:00 2001 From: Timothy Gu Date: Tue, 26 Aug 2014 16:13:52 -0700 Subject: [PATCH 332/452] bktr: Fix Fabrice's name Signed-off-by: Timothy Gu This file with the incorrect name was added after the name was fixed in all other files. This is thus fixing a mistake Signed-off-by: Michael Niedermayer (cherry picked from commit 25cb697d0c866a7048a11e9321e60df94dfeaeca) Signed-off-by: Michael Niedermayer --- libavdevice/bktr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavdevice/bktr.c b/libavdevice/bktr.c index d5f3d9f330..639133b32b 100644 --- a/libavdevice/bktr.c +++ b/libavdevice/bktr.c @@ -3,7 +3,7 @@ * Copyright (c) 2002 Steve O'Hara-Smith * based on * Linux video grab interface - * Copyright (c) 2000,2001 Gerard Lantau + * Copyright (c) 2000, 2001 Fabrice Bellard * and * simple_grab.c Copyright (c) 1999 Roger Hardiman * From 1482253790c61ccb3e042b07cbc288c4d79637e5 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 30 Aug 2014 02:12:10 +0200 Subject: [PATCH 333/452] avcodec/snow: check coeffs for validity Fixes deadlock Fixes integer overflow Fixes Ticket 3892 Signed-off-by: Michael Niedermayer (cherry picked from commit 596636a474ab201badaae269f3a2cef4824b8c1f) Signed-off-by: Michael Niedermayer --- libavcodec/snow.h | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/libavcodec/snow.h b/libavcodec/snow.h index f15b50f65f..cbec20b4a2 100644 --- a/libavcodec/snow.h +++ b/libavcodec/snow.h @@ -652,7 +652,10 @@ static inline void unpack_coeffs(SnowContext *s, SubBand *b, SubBand * parent, i if(v){ v= 2*(get_symbol2(&s->c, b->state[context + 2], context-4) + 1); v+=get_rac(&s->c, &b->state[0][16 + 1 + 3 + ff_quant3bA[l&0xFF] + 3*ff_quant3bA[t&0xFF]]); - + if ((uint16_t)v != v) { + av_log(s->avctx, AV_LOG_ERROR, "Coefficient damaged\n"); + v = 1; + } xc->x=x; (xc++)->coeff= v; } @@ -662,6 +665,10 @@ static inline void unpack_coeffs(SnowContext *s, SubBand *b, SubBand * parent, i else run= INT_MAX; v= 2*(get_symbol2(&s->c, b->state[0 + 2], 0-4) + 1); v+=get_rac(&s->c, &b->state[0][16 + 1 + 3]); + if ((uint16_t)v != v) { + av_log(s->avctx, AV_LOG_ERROR, "Coefficient damaged\n"); + v = 1; + } xc->x=x; (xc++)->coeff= v; From 248a2fca908478d5036c8f5e418e2ead41b2f0a6 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 2 Sep 2014 05:22:26 +0200 Subject: [PATCH 334/452] avformat/swfdec: Use side data to communicate w/h changes to the decoder Fixes reading from freed data Fixes part of Ticket3539 Reviewed-by: Paul B Mahol Signed-off-by: Michael Niedermayer (cherry picked from commit 1c55d0ff3202a04ebc67a72d72391104e9bdb633) Signed-off-by: Michael Niedermayer (cherry picked from commit a9734e7d3017ffc9539eaac2a8acce3ad427f746) Signed-off-by: Michael Niedermayer --- libavformat/swfdec.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/libavformat/swfdec.c b/libavformat/swfdec.c index 54e0f6dc0e..00926c8274 100644 --- a/libavformat/swfdec.c +++ b/libavformat/swfdec.c @@ -347,11 +347,15 @@ static int swf_read_packet(AVFormatContext *s, AVPacket *pkt) avpriv_set_pts_info(vst, 64, 256, swf->frame_rate); st = vst; } - st->codec->width = width; - st->codec->height = height; if ((res = av_new_packet(pkt, out_len - colormapsize * colormapbpp)) < 0) goto bitmap_end; + if (!st->codec->width && !st->codec->height) { + st->codec->width = width; + st->codec->height = height; + } else { + ff_add_param_change(pkt, 0, 0, 0, width, height); + } pkt->pos = pos; pkt->stream_index = st->index; From 6f02de4ee8ca10f7ec2ce61e75c7349b756faecb Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 2 Sep 2014 16:42:33 +0200 Subject: [PATCH 335/452] avformat/swfdec: Do not change the pixel format This is currently not supported Fixes part of Ticket 3539 Signed-off-by: Michael Niedermayer (cherry picked from commit c2430304dfb3cc0e3a59ce6d1b59ebdcc934a0c2) Signed-off-by: Michael Niedermayer --- libavformat/swfdec.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/libavformat/swfdec.c b/libavformat/swfdec.c index 00926c8274..bf5b581d5d 100644 --- a/libavformat/swfdec.c +++ b/libavformat/swfdec.c @@ -283,6 +283,7 @@ static int swf_read_packet(AVFormatContext *s, AVPacket *pkt) const int bmp_fmt = avio_r8(pb); const int width = avio_rl16(pb); const int height = avio_rl16(pb); + int pix_fmt; len -= 2+1+2+2; @@ -361,7 +362,7 @@ static int swf_read_packet(AVFormatContext *s, AVPacket *pkt) switch (bmp_fmt) { case 3: - st->codec->pix_fmt = AV_PIX_FMT_PAL8; + pix_fmt = AV_PIX_FMT_PAL8; for (i = 0; i < colormapsize; i++) if (alpha_bmp) colormap[i] = buf[3]<<24 | AV_RB24(buf + 4*i); else colormap[i] = 0xffU <<24 | AV_RB24(buf + 3*i); @@ -373,14 +374,20 @@ static int swf_read_packet(AVFormatContext *s, AVPacket *pkt) memcpy(pal, colormap, AVPALETTE_SIZE); break; case 4: - st->codec->pix_fmt = AV_PIX_FMT_RGB555; + pix_fmt = AV_PIX_FMT_RGB555; break; case 5: - st->codec->pix_fmt = alpha_bmp ? AV_PIX_FMT_ARGB : AV_PIX_FMT_0RGB; + pix_fmt = alpha_bmp ? AV_PIX_FMT_ARGB : AV_PIX_FMT_0RGB; break; default: av_assert0(0); } + if (st->codec->pix_fmt != AV_PIX_FMT_NONE && st->codec->pix_fmt != pix_fmt) { + av_log(s, AV_LOG_ERROR, "pixel format change unsupported\n"); + res = AVERROR_PATCHWELCOME; + goto bitmap_end; + } + st->codec->pix_fmt = pix_fmt; if (linesize * height > pkt->size) { res = AVERROR_INVALIDDATA; From 0fc229450fd965d6fea86a95d1b7afec5d26e328 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 7 Sep 2014 12:52:24 +0200 Subject: [PATCH 336/452] avcodec/mpegvideo: Use "goto fail" for all error paths in ff_mpv_common_frame_size_change() Signed-off-by: Michael Niedermayer (cherry picked from commit 2762323c37511fbbc98b164c07620b9ebc59ec68) Signed-off-by: Michael Niedermayer --- libavcodec/mpegvideo.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mpegvideo.c b/libavcodec/mpegvideo.c index 3fbe03bd1a..11e5467b3d 100644 --- a/libavcodec/mpegvideo.c +++ b/libavcodec/mpegvideo.c @@ -1115,7 +1115,7 @@ int ff_MPV_common_frame_size_change(MpegEncContext *s) if ((s->width || s->height) && av_image_check_size(s->width, s->height, 0, s->avctx)) - return AVERROR_INVALIDDATA; + goto fail; if ((err = init_context_frame(s))) goto fail; From 0f1882b9b2e443ed13f7dde4ec7487916d14e8ad Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 7 Sep 2014 13:00:47 +0200 Subject: [PATCH 337/452] avcodec/mpegvideo: check that the context is initialized in ff_mpv_common_frame_size_change() The function otherwise would initialize the context without setting context_initialized alternatively we could set context_initialized Fixes valgrind anomalies related to ticket 3928 Signed-off-by: Michael Niedermayer (cherry picked from commit 0d0f7f0ba43f64312ae4a05d97afecf1b7b1330c) Signed-off-by: Michael Niedermayer --- libavcodec/mpegvideo.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/mpegvideo.c b/libavcodec/mpegvideo.c index 11e5467b3d..5dab8d8cbb 100644 --- a/libavcodec/mpegvideo.c +++ b/libavcodec/mpegvideo.c @@ -1086,6 +1086,9 @@ int ff_MPV_common_frame_size_change(MpegEncContext *s) { int i, err = 0; + if (!s->context_initialized) + return AVERROR(EINVAL); + if (s->slice_context_count > 1) { for (i = 0; i < s->slice_context_count; i++) { free_duplicate_context(s->thread_context[i]); From d49b57fe0f74264ba795ffdeadab1fe1be582369 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 7 Sep 2014 14:14:52 +0200 Subject: [PATCH 338/452] avcodec/mpegvideo: Set err on failure in ff_mpv_common_frame_size_change() Found-by: ubitux Signed-off-by: Michael Niedermayer (cherry picked from commit cfce6f7efd28130bf0dd409b2367ca0f8c9b2417) Signed-off-by: Michael Niedermayer --- libavcodec/mpegvideo.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/mpegvideo.c b/libavcodec/mpegvideo.c index 5dab8d8cbb..68bbe9ff8f 100644 --- a/libavcodec/mpegvideo.c +++ b/libavcodec/mpegvideo.c @@ -1117,7 +1117,7 @@ int ff_MPV_common_frame_size_change(MpegEncContext *s) s->mb_height = (s->height + 15) / 16; if ((s->width || s->height) && - av_image_check_size(s->width, s->height, 0, s->avctx)) + (err = av_image_check_size(s->width, s->height, 0, s->avctx)) < 0) goto fail; if ((err = init_context_frame(s))) @@ -1134,7 +1134,7 @@ int ff_MPV_common_frame_size_change(MpegEncContext *s) } for (i = 0; i < nb_slices; i++) { - if (init_duplicate_context(s->thread_context[i]) < 0) + if ((err = init_duplicate_context(s->thread_context[i])) < 0) goto fail; s->thread_context[i]->start_mb_y = (s->mb_height * (i) + nb_slices / 2) / nb_slices; From b9b97900c19c9bddd74d495aaa320af1924bf7ce Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 7 Sep 2014 16:39:39 +0200 Subject: [PATCH 339/452] avformat/m4vdec: Check for non startcode 00 00 00 sequences in probe Fixes miss detection of PCM as m4v Fixes Ticket 3928 Signed-off-by: Michael Niedermayer (cherry picked from commit 7c1835c52a4be2e4e996f83c91a8d5a147b01100) Signed-off-by: Michael Niedermayer --- libavformat/m4vdec.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/libavformat/m4vdec.c b/libavformat/m4vdec.c index e72fb42f1d..2deff32906 100644 --- a/libavformat/m4vdec.c +++ b/libavformat/m4vdec.c @@ -33,13 +33,15 @@ static int mpeg4video_probe(AVProbeData *probe_packet) for(i=0; ibuf_size; i++){ temp_buffer = (temp_buffer<<8) + probe_packet->buf[i]; - if ((temp_buffer & 0xffffff00) != 0x100) + if (temp_buffer & 0xfffffe00) + continue; + if (temp_buffer < 2) continue; if (temp_buffer == VOP_START_CODE) VOP++; else if (temp_buffer == VISUAL_OBJECT_START_CODE) VISO++; - else if (temp_buffer < 0x120) VO++; - else if (temp_buffer < 0x130) VOL++; + else if (temp_buffer >= 0x100 && temp_buffer < 0x120) VO++; + else if (temp_buffer >= 0x120 && temp_buffer < 0x130) VOL++; else if ( !(0x1AF < temp_buffer && temp_buffer < 0x1B7) && !(0x1B9 < temp_buffer && temp_buffer < 0x1C4)) res++; } From 70dc7bb893db63e7c8d8592e4730b69af20f6be4 Mon Sep 17 00:00:00 2001 From: Katerina Barone-Adesi Date: Tue, 16 Sep 2014 01:40:24 +0200 Subject: [PATCH 340/452] apetag: Fix APE tag size check The size variable is (correctly) unsigned, but is passed to several functions which take signed parameters, such as avio_read, sometimes after having numbers added to it. So ensure that size remains within the bounds that these functions can handle. CC: libav-stable@libav.org Signed-off-by: Diego Biurrun (cherry picked from commit c5560e72d0bb69f8a1ac9536570398f84388f396) Signed-off-by: Michael Niedermayer --- libavformat/apetag.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libavformat/apetag.c b/libavformat/apetag.c index a445c84aef..6f5f7bd5d0 100644 --- a/libavformat/apetag.c +++ b/libavformat/apetag.c @@ -51,8 +51,10 @@ static int ape_tag_read_field(AVFormatContext *s) av_log(s, AV_LOG_WARNING, "Invalid APE tag key '%s'.\n", key); return -1; } - if (size >= UINT_MAX) - return -1; + if (size > INT32_MAX - FF_INPUT_BUFFER_PADDING_SIZE) { + av_log(s, AV_LOG_ERROR, "APE tag size too large.\n"); + return AVERROR_INVALIDDATA; + } if (flags & APE_TAG_FLAG_IS_BINARY) { uint8_t filename[1024]; enum AVCodecID id; From 9b9048a3ddfe97e33a26c87f8c4b029032d49ad8 Mon Sep 17 00:00:00 2001 From: James Almer Date: Wed, 5 Mar 2014 19:44:36 -0300 Subject: [PATCH 341/452] x86/dsputil: add emms to ff_scalarproduct_int16_mmxext() Also undo the changes to ra144enc.c from previous commits. Should fix ticket #3429 Signed-off-by: James Almer Signed-off-by: Michael Niedermayer (cherry picked from commit 9e0e1f9067430de1655a7b28536b5afed48bded5) Conflicts: libavcodec/ra144enc.c Signed-off-by: Michael Niedermayer --- libavcodec/ra144enc.c | 1 - libavcodec/x86/dsputil.asm | 3 +++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/libavcodec/ra144enc.c b/libavcodec/ra144enc.c index 21d38dcea0..a67b14a704 100644 --- a/libavcodec/ra144enc.c +++ b/libavcodec/ra144enc.c @@ -34,7 +34,6 @@ #include "celp_filters.h" #include "ra144.h" - static av_cold int ra144_encode_close(AVCodecContext *avctx) { RA144Context *ractx = avctx->priv_data; diff --git a/libavcodec/x86/dsputil.asm b/libavcodec/x86/dsputil.asm index aa18bddd67..32e6134d45 100644 --- a/libavcodec/x86/dsputil.asm +++ b/libavcodec/x86/dsputil.asm @@ -61,6 +61,9 @@ cglobal scalarproduct_int16, 3,3,3, v1, v2, order %endif paddd m2, m0 movd eax, m2 +%if mmsize == 8 + emms +%endif RET ; int scalarproduct_and_madd_int16(int16_t *v1, int16_t *v2, int16_t *v3, int order, int mul) From e28c27e25f30e9eb7bbc123cf4dc8d057e2e2ae2 Mon Sep 17 00:00:00 2001 From: Gianluigi Tiesi Date: Fri, 19 Sep 2014 04:49:36 +0200 Subject: [PATCH 342/452] avcodec/libilbc: support for latest git of libilbc in the latest git commits of libilbc developers removed WebRtc_xxx typedefs This commit uses int types instead, it's safe to apply also for previous versions since WebRtc_Word16 was always a typedef of int16_t and WebRtc_UWord16 a typedef of uint16_t Reviewed-by: Timothy Gu Signed-off-by: Michael Niedermayer (cherry picked from commit 59af5383c18c8cf3fe2a4b5cc1ebf2f3300bdfe5) Signed-off-by: Michael Niedermayer --- libavcodec/libilbc.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/libavcodec/libilbc.c b/libavcodec/libilbc.c index 98053484b1..3e77fbff60 100644 --- a/libavcodec/libilbc.c +++ b/libavcodec/libilbc.c @@ -98,8 +98,7 @@ static int ilbc_decode_frame(AVCodecContext *avctx, void *data, return ret; } - WebRtcIlbcfix_DecodeImpl((WebRtc_Word16*) frame->data[0], - (const WebRtc_UWord16*) buf, &s->decoder, 1); + WebRtcIlbcfix_DecodeImpl((int16_t *) frame->data[0], (const uint16_t *) buf, &s->decoder, 1); *got_frame_ptr = 1; @@ -185,7 +184,7 @@ static int ilbc_encode_frame(AVCodecContext *avctx, AVPacket *avpkt, if ((ret = ff_alloc_packet2(avctx, avpkt, 50)) < 0) return ret; - WebRtcIlbcfix_EncodeImpl((WebRtc_UWord16*) avpkt->data, (const WebRtc_Word16*) frame->data[0], &s->encoder); + WebRtcIlbcfix_EncodeImpl((uint16_t *) avpkt->data, (const int16_t *) frame->data[0], &s->encoder); avpkt->size = s->encoder.no_of_bytes; *got_packet_ptr = 1; From 2144ce08c1de4d0947043d69ef2b9b5f10850dab Mon Sep 17 00:00:00 2001 From: lvqcl Date: Sat, 27 Sep 2014 13:21:31 +0200 Subject: [PATCH 343/452] avutil/x86/cpu: fix cpuid sub-leaf selection Signed-off-by: Michael Niedermayer (cherry picked from commit e58fc44649d07d523fcd17aa10d9eb0d3a5ef3f4) Signed-off-by: Michael Niedermayer --- libavutil/x86/cpu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavutil/x86/cpu.c b/libavutil/x86/cpu.c index a3a5239159..9f8d7491e8 100644 --- a/libavutil/x86/cpu.c +++ b/libavutil/x86/cpu.c @@ -44,7 +44,7 @@ "cpuid \n\t" \ "xchg %%"REG_b", %%"REG_S \ : "=a" (eax), "=S" (ebx), "=c" (ecx), "=d" (edx) \ - : "0" (index)) + : "0" (index), "2"(0)) #define xgetbv(index, eax, edx) \ __asm__ (".byte 0x0f, 0x01, 0xd0" : "=a"(eax), "=d"(edx) : "c" (index)) From e9d85860d0f3d54cb1c6f67cf1856a7ebfea6ffe Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 27 Sep 2014 20:34:44 +0200 Subject: [PATCH 344/452] avcodec/ac3enc_template: fix out of array read Found-by: Andreas Cadhalpun Signed-off-by: Michael Niedermayer (cherry picked from commit d85ebea3f3b68ebccfe308fa839fc30fa634e4de) Signed-off-by: Michael Niedermayer --- libavcodec/ac3enc_template.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/ac3enc_template.c b/libavcodec/ac3enc_template.c index 0389c2ef4a..76d42a2bdc 100644 --- a/libavcodec/ac3enc_template.c +++ b/libavcodec/ac3enc_template.c @@ -260,7 +260,7 @@ static void apply_channel_coupling(AC3EncodeContext *s) energy_cpl = energy[blk][CPL_CH][bnd]; energy_ch = energy[blk][ch][bnd]; blk1 = blk+1; - while (!s->blocks[blk1].new_cpl_coords[ch] && blk1 < s->num_blocks) { + while (blk1 < s->num_blocks && !s->blocks[blk1].new_cpl_coords[ch]) { if (s->blocks[blk1].cpl_in_use) { energy_cpl += energy[blk1][CPL_CH][bnd]; energy_ch += energy[blk1][ch][bnd]; From 997bf49b1c88a17128bfcbdad19a2b71e689276c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Sun, 21 Sep 2014 09:58:10 +0100 Subject: [PATCH 345/452] configure: add noexecstack to linker options if supported. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Reimar Döffinger (cherry picked from commit b7082d953fda93f7841ffffe7d15a6c3cd15bdee) Signed-off-by: Michael Niedermayer --- configure | 1 + 1 file changed, 1 insertion(+) diff --git a/configure b/configure index 025941f2a7..dc1c3b6d55 100755 --- a/configure +++ b/configure @@ -3750,6 +3750,7 @@ EOF fi check_ldflags -Wl,--as-needed +check_ldflags -Wl,-z,noexecstack if check_func dlopen; then ldl= From 0bd9b78fb6c4831cfffe368989583b337bdacca6 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 2 Oct 2014 23:17:21 +0200 Subject: [PATCH 346/452] avcodec/jpeglsdec: Check run value more completely in ls_decode_line() previously it could have been by 1 too large Fixes out of array access Fixes: asan_heap-oob_12240f5_1_asan_heap-oob_12240f5_448_t8c1e3.jls Fixes: asan_heap-oob_12240f5_1_asan_heap-oob_12240f5_448_t8nde0.jls Fixes: asan_heap-oob_12240fa_1_asan_heap-oob_12240fa_448_t16e3.jls Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 06e7d58410a17dc72c30ee7f3145fcacc425f4f2) Signed-off-by: Michael Niedermayer --- libavcodec/jpeglsdec.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/jpeglsdec.c b/libavcodec/jpeglsdec.c index 10fe31a64f..05eae38655 100644 --- a/libavcodec/jpeglsdec.c +++ b/libavcodec/jpeglsdec.c @@ -207,6 +207,11 @@ static inline void ls_decode_line(JLSState *state, MJpegDecodeContext *s, void * x += stride; } + if (x >= w) { + av_log(NULL, AV_LOG_ERROR, "run overflow\n"); + return; + } + /* decode run termination value */ Rb = R(last, x); RItype = (FFABS(Ra - Rb) <= state->near) ? 1 : 0; From 0ffa44340f247e5d24d006726ecc9c66c55dcf22 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 3 Oct 2014 01:50:27 +0200 Subject: [PATCH 347/452] avcodec/mjpegdec: check bits per pixel for changes similar to dimensions Fixes out of array accesses Fixes: asan_heap-oob_16668e9_2_asan_heap-oob_16668e9_346_miss_congeniality_pegasus_mjpg.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 5c378d6a6df8243f06c87962b873bd563e58cd39) Conflicts: libavcodec/mjpegdec.c (cherry picked from commit 94371a404c663c3dae3d542fa43951567ab67f82) Conflicts: libavcodec/mjpegdec.c --- libavcodec/mjpegdec.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index b9c6950b1a..234dd20f58 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -211,7 +211,7 @@ int ff_mjpeg_decode_dht(MJpegDecodeContext *s) int ff_mjpeg_decode_sof(MJpegDecodeContext *s) { - int len, nb_components, i, width, height, pix_fmt_id; + int len, nb_components, i, width, height, bits, pix_fmt_id; int h_count[MAX_COMPONENTS]; int v_count[MAX_COMPONENTS]; @@ -220,14 +220,14 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s) /* XXX: verify len field validity */ len = get_bits(&s->gb, 16); - s->bits = get_bits(&s->gb, 8); + bits = get_bits(&s->gb, 8); if (s->pegasus_rct) - s->bits = 9; - if (s->bits == 9 && !s->pegasus_rct) + bits = 9; + if (bits == 9 && !s->pegasus_rct) s->rct = 1; // FIXME ugly - if (s->bits != 8 && !s->lossless) { + if (bits != 8 && !s->lossless) { av_log(s->avctx, AV_LOG_ERROR, "only 8 bits/component accepted\n"); return -1; } @@ -258,7 +258,7 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s) return AVERROR_INVALIDDATA; } } - if (s->ls && !(s->bits <= 8 || nb_components == 1)) { + if (s->ls && !(bits <= 8 || nb_components == 1)) { av_log_missing_feature(s->avctx, "For JPEG-LS anything except <= 8 bits/component" " or 16-bit gray", 0); @@ -301,12 +301,14 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s) /* if different size, realloc/alloc picture */ if ( width != s->width || height != s->height + || bits != s->bits || memcmp(s->h_count, h_count, sizeof(h_count)) || memcmp(s->v_count, v_count, sizeof(v_count))) { av_freep(&s->qscale_table); s->width = width; s->height = height; + s->bits = bits; memcpy(s->h_count, h_count, sizeof(h_count)); memcpy(s->v_count, v_count, sizeof(v_count)); s->interlaced = 0; From e90d620cb93eb23a17b8803d8bb164c903633378 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 3 Oct 2014 04:30:58 +0200 Subject: [PATCH 348/452] avcodec/utils: Add case for jv to avcodec_align_dimensions2() Fixes out of array accesses Fixes: asan_heap-oob_12304aa_8_asan_heap-oob_4da4f3_300_intro.jv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 105654e376a736d243aef4a1d121abebce912e6b) Signed-off-by: Michael Niedermayer --- libavcodec/utils.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index 8acf4c4129..33ff8e0110 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -274,6 +274,10 @@ void avcodec_align_dimensions2(AVCodecContext *s, int *width, int *height, w_align = 4; h_align = 4; } + if (s->codec_id == AV_CODEC_ID_JV) { + w_align = 8; + h_align = 8; + } break; case AV_PIX_FMT_BGR24: if ((s->codec_id == AV_CODEC_ID_MSZH) || From 76601e4ab8f5d304906766bffabefbc3791819e9 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 3 Oct 2014 14:45:04 +0200 Subject: [PATCH 349/452] avcodec/mmvideo: Bounds check 2nd line of HHV Intra blocks Fixes out of array access Fixes: asan_heap-oob_4da4f3_8_asan_heap-oob_4da4f3_419_scene1a.mm Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 8b0e96e1f21b761ca15dbb470cd619a1ebf86c3e) Conflicts: libavcodec/mmvideo.c Signed-off-by: Michael Niedermayer --- libavcodec/mmvideo.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mmvideo.c b/libavcodec/mmvideo.c index b74424cc13..38aeac0384 100644 --- a/libavcodec/mmvideo.c +++ b/libavcodec/mmvideo.c @@ -109,7 +109,7 @@ static int mm_decode_intra(MmContext * s, int half_horiz, int half_vert) if (color) { memset(s->frame.data[0] + y*s->frame.linesize[0] + x, color, run_length); - if (half_vert) + if (half_vert && y + half_vert < s->avctx->height) memset(s->frame.data[0] + (y+1)*s->frame.linesize[0] + x, color, run_length); } x+= run_length; From f56095c4d7e5a76be8b114bcf427ab0becf0c635 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 3 Oct 2014 16:08:32 +0200 Subject: [PATCH 350/452] avcodec/tiff: more completely check bpp/bppcount Fixes pixel format selection Fixes out of array accesses Fixes: asan_heap-oob_1766029_6_asan_heap-oob_20aa045_332_cov_1823216757_m2-d1d366d7965db766c19a66c7a2ccbb6b.tif Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit e1c0cfaa419aa5d320540d5a1b3f8fd9b82ab7e5) Signed-off-by: Michael Niedermayer --- libavcodec/tiff.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c index b43fda8c63..1456dad786 100644 --- a/libavcodec/tiff.c +++ b/libavcodec/tiff.c @@ -716,13 +716,13 @@ static int tiff_decode_tag(TiffContext *s) s->height = value; break; case TIFF_BPP: - s->bppcount = count; - if (count > 4) { + if (count > 4U) { av_log(s->avctx, AV_LOG_ERROR, "This format is not supported (bpp=%d, %d components)\n", - s->bpp, count); + value, count); return AVERROR_INVALIDDATA; } + s->bppcount = count; if (count == 1) s->bpp = value; else { @@ -743,6 +743,13 @@ static int tiff_decode_tag(TiffContext *s) s->bpp = -1; } } + if (s->bpp > 64U) { + av_log(s->avctx, AV_LOG_ERROR, + "This format is not supported (bpp=%d, %d components)\n", + s->bpp, count); + s->bpp = 0; + return AVERROR_INVALIDDATA; + } break; case TIFF_SAMPLES_PER_PIXEL: if (count != 1) { From 12c8e4021c2db6c714bc0d419820c274f19333fc Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 3 Oct 2014 17:35:58 +0200 Subject: [PATCH 351/452] avcodec/pngdec: Check bits per pixel before setting monoblack pixel format Fixes out of array accesses Fixes: asan_heap-oob_14dbfcf_4_asan_heap-oob_1ce5767_179_add_method_small.png Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 3e2b745020c2dbf0201fe7df3dad9e7e0b2e1bb6) Signed-off-by: Michael Niedermayer --- libavcodec/pngdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c index 36db29e53e..5b02a4d28a 100644 --- a/libavcodec/pngdec.c +++ b/libavcodec/pngdec.c @@ -631,7 +631,7 @@ static int decode_frame(AVCodecContext *avctx, } else if ((s->bits_per_pixel == 1 || s->bits_per_pixel == 2 || s->bits_per_pixel == 4 || s->bits_per_pixel == 8) && s->color_type == PNG_COLOR_TYPE_PALETTE) { avctx->pix_fmt = AV_PIX_FMT_PAL8; - } else if (s->bit_depth == 1) { + } else if (s->bit_depth == 1 && s->bits_per_pixel == 1) { avctx->pix_fmt = AV_PIX_FMT_MONOBLACK; } else if (s->bit_depth == 8 && s->color_type == PNG_COLOR_TYPE_GRAY_ALPHA) { From 665f70209a95b573f1b2b35851d00298f04ffd0f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 3 Oct 2014 17:54:21 +0200 Subject: [PATCH 352/452] avcodec/pngdec: Calculate MPNG bytewidth more defensively Signed-off-by: Michael Niedermayer (cherry picked from commit e830902934a29df05c7af65aef2a480b15f572c4) Conflicts: libavcodec/pngdec.c --- libavcodec/pngdec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c index 5b02a4d28a..fc7d694ccf 100644 --- a/libavcodec/pngdec.c +++ b/libavcodec/pngdec.c @@ -842,9 +842,10 @@ static int decode_frame(AVCodecContext *avctx, int i, j; uint8_t *pd = s->current_picture->data[0]; uint8_t *pd_last = s->last_picture->data[0]; + int ls = FFMIN(av_image_get_linesize(s->current_picture->format, s->width, 0), s->width * s->bpp); for (j = 0; j < s->height; j++) { - for (i = 0; i < s->width * s->bpp; i++) { + for (i = 0; i < ls; i++) { pd[i] += pd_last[i]; } pd += s->image_linesize; From 75f5fe165cedc63ea89514b3e9f6da67fd1038ec Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 3 Oct 2014 19:33:01 +0200 Subject: [PATCH 353/452] avcodec/cinepak: fix integer underflow Fixes out of array access Fixes: asan_heap-oob_4da0ba_6_asan_heap-oob_4da0ba_241_cvid_crash.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit e7e5114c506957f40aafd794e06de1a7e341e9d5) Signed-off-by: Michael Niedermayer --- libavcodec/cinepak.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/cinepak.c b/libavcodec/cinepak.c index 5bd3f1349b..ce0f1a9db8 100644 --- a/libavcodec/cinepak.c +++ b/libavcodec/cinepak.c @@ -134,7 +134,7 @@ static int cinepak_decode_vectors (CinepakContext *s, cvid_strip *strip, const uint8_t *eod = (data + size); uint32_t flag, mask; uint8_t *cb0, *cb1, *cb2, *cb3; - unsigned int x, y; + int x, y; char *ip0, *ip1, *ip2, *ip3; flag = 0; From 24a5cd720d579634ab7140f4cb7fa09fe4b780e4 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 3 Oct 2014 20:15:52 +0200 Subject: [PATCH 354/452] avcodec/gifdec: factorize interleave end handling out also change it to a loop Fixes out of array access Fixes: asan_heap-oob_ca5410_8_asan_heap-oob_ca5410_97_ID_LSD_Size_Less_Then_Data_Inter_3.gif Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 8f1457864be8fb9653643519dea1c6492f1dde57) Signed-off-by: Michael Niedermayer --- libavcodec/gifdec.c | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/libavcodec/gifdec.c b/libavcodec/gifdec.c index 727887ab44..a27dee7865 100644 --- a/libavcodec/gifdec.c +++ b/libavcodec/gifdec.c @@ -253,26 +253,21 @@ static int gif_read_image(GifState *s) case 1: y1 += 8; ptr += linesize * 8; - if (y1 >= height) { - y1 = pass ? 2 : 4; - ptr = ptr1 + linesize * y1; - pass++; - } break; case 2: y1 += 4; ptr += linesize * 4; - if (y1 >= height) { - y1 = 1; - ptr = ptr1 + linesize; - pass++; - } break; case 3: y1 += 2; ptr += linesize * 2; break; } + while (y1 >= height) { + y1 = 4 >> pass; + ptr = ptr1 + linesize * y1; + pass++; + } } else { ptr += linesize; } From 891376d26108e0077f8456195770bbcb839fd02f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 3 Oct 2014 21:08:52 +0200 Subject: [PATCH 355/452] avcodec/qpeg: fix off by 1 error in MV bounds check Fixes out of array access Fixes: asan_heap-oob_153760f_4_asan_heap-oob_1d7a4cf_164_VWbig6.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit dd3bfe3cc1ca26d0fff3a3baf61a40207032143f) Signed-off-by: Michael Niedermayer --- libavcodec/qpeg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/qpeg.c b/libavcodec/qpeg.c index 73d652e5d8..a9e7898eeb 100644 --- a/libavcodec/qpeg.c +++ b/libavcodec/qpeg.c @@ -163,7 +163,7 @@ static void qpeg_decode_inter(QpegContext *qctx, uint8_t *dst, /* check motion vector */ if ((me_x + filled < 0) || (me_x + me_w + filled > width) || - (height - me_y - me_h < 0) || (height - me_y > orig_height) || + (height - me_y - me_h < 0) || (height - me_y >= orig_height) || (filled + me_w > width) || (height - me_h < 0)) av_log(NULL, AV_LOG_ERROR, "Bogus motion vector (%i,%i), block size %ix%i at %i,%i\n", me_x, me_y, me_w, me_h, filled, height); From 4865948d2ea9d239ce0ebfe40420d111799ee742 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 3 Oct 2014 22:50:45 +0200 Subject: [PATCH 356/452] avcodec/smc: fix off by 1 error Fixes out of array access Fixes: asan_heap-oob_1685bf0_5_asan_heap-oob_1f35116_430_smc.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit c727401aa9d62335e89d118a5b4e202edf39d905) Signed-off-by: Michael Niedermayer --- libavcodec/smc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/smc.c b/libavcodec/smc.c index 6294f09691..c602b9f7af 100644 --- a/libavcodec/smc.c +++ b/libavcodec/smc.c @@ -69,7 +69,7 @@ typedef struct SmcContext { row_ptr += stride * 4; \ } \ total_blocks--; \ - if (total_blocks < 0) \ + if (total_blocks < 0 + !!n_blocks) \ { \ av_log(s->avctx, AV_LOG_INFO, "warning: block counter just went negative (this should not happen)\n"); \ return; \ From c4f0f3c52d977b58dc7723fbcb97ee8b1b0f588d Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 4 Oct 2014 04:29:40 +0200 Subject: [PATCH 357/452] avformat/mpegts: Check desc_len / get8() return code Fixes out of array read Fixes: signal_sigsegv_844d59_10_signal_sigsegv_a17bb7_366_mpegts_mpeg2video_mp2_dvbsub_topfield.rec Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit c3d7f00ee3e09801f56f25db8b5961f25e842bd2) Signed-off-by: Michael Niedermayer --- libavformat/mpegts.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mpegts.c b/libavformat/mpegts.c index c2efb53b2c..58633d8a92 100644 --- a/libavformat/mpegts.c +++ b/libavformat/mpegts.c @@ -1695,7 +1695,7 @@ static void sdt_cb(MpegTSFilter *filter, const uint8_t *section, int section_len break; desc_len = get8(&p, desc_list_end); desc_end = p + desc_len; - if (desc_end > desc_list_end) + if (desc_len < 0 || desc_end > desc_list_end) break; av_dlog(ts->stream, "tag: 0x%02x len=%d\n", From 7fc97160c27d358e8489fefccde10a89f7c9e310 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 4 Oct 2014 14:51:46 +0200 Subject: [PATCH 358/452] avcodec/h264: Check mode before considering mixed mode intra prediction Fixes out of array read Fixes: asan_heap-oob_e476fc_2_asan_heap-oob_1333ec6_61_CAMACI3_Sony_C.jsv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 9734a7a1de3043f012ad0f1ef11027d9488067e6) Signed-off-by: Michael Niedermayer --- libavcodec/h264.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 8c0544a7b7..21fcabe957 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -417,18 +417,18 @@ int ff_h264_check_intra_pred_mode(H264Context *h, int mode, int is_chroma) if ((h->left_samples_available & 0x8080) != 0x8080) { mode = left[mode]; - if (is_chroma && (h->left_samples_available & 0x8080)) { - // mad cow disease mode, aka MBAFF + constrained_intra_pred - mode = ALZHEIMER_DC_L0T_PRED8x8 + - (!(h->left_samples_available & 0x8000)) + - 2 * (mode == DC_128_PRED8x8); - } if (mode < 0) { av_log(h->avctx, AV_LOG_ERROR, "left block unavailable for requested intra mode at %d %d\n", h->mb_x, h->mb_y); return -1; } + if (is_chroma && (h->left_samples_available & 0x8080)) { + // mad cow disease mode, aka MBAFF + constrained_intra_pred + mode = ALZHEIMER_DC_L0T_PRED8x8 + + (!(h->left_samples_available & 0x8000)) + + 2 * (mode == DC_128_PRED8x8); + } } return mode; From 65889b62b3ebd1133173becce7dfa27c6462863a Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 6 Oct 2014 01:08:20 +0200 Subject: [PATCH 359/452] swresample/swresample: fix sample drop loop end condition Fixes Ticket3985 Signed-off-by: Michael Niedermayer (cherry picked from commit f9fefa499f0af48f47ea73c8ce0b25df0976c315) Signed-off-by: Michael Niedermayer --- libswresample/swresample.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libswresample/swresample.c b/libswresample/swresample.c index 9b71b2e122..464e7b7e04 100644 --- a/libswresample/swresample.c +++ b/libswresample/swresample.c @@ -751,6 +751,8 @@ int swr_convert(struct SwrContext *s, uint8_t *out_arg[SWR_CH_MAX], int out_coun in_count = 0; if(ret>0) { s->drop_output -= ret; + if (!s->drop_output && !out_arg) + return 0; continue; } From e0465d6fcf3a5490d9912fd904a443f84f0f2e42 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 7 Oct 2014 19:40:13 +0200 Subject: [PATCH 360/452] Update for 1.2.9 Signed-off-by: Michael Niedermayer --- RELEASE | 2 +- doc/Doxyfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/RELEASE b/RELEASE index db6fb4a911..9d4f8239dc 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -1.2.8 +1.2.9 diff --git a/doc/Doxyfile b/doc/Doxyfile index 373665f033..f7cfc25e12 100644 --- a/doc/Doxyfile +++ b/doc/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 1.2.8 +PROJECT_NUMBER = 1.2.9 # With the PROJECT_LOGO tag one can specify an logo or icon that is included # in the documentation. The maximum height of the logo should not exceed 55 From e5cf4d16c60e438ba027947645a1d0a732b49257 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 7 Sep 2014 19:18:21 +0200 Subject: [PATCH 361/452] avformat/mpeg: increase score for short mpeg-ps by 1 Fixes Ticket 3855 Signed-off-by: Michael Niedermayer (cherry picked from commit 5109ce2017c15202275b33bce58ec9d88044eeb5) Conflicts: libavformat/mpeg.c --- libavformat/mpeg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mpeg.c b/libavformat/mpeg.c index 82957a104b..a49fdbea42 100644 --- a/libavformat/mpeg.c +++ b/libavformat/mpeg.c @@ -91,7 +91,7 @@ static int mpegps_probe(AVProbeData *p) score= AVPROBE_SCORE_MAX/4; if(sys>invalid && sys*9 <= pspack*10) - return (audio > 12 || vid > 3 || pspack > 2) ? AVPROBE_SCORE_MAX/2+2 : AVPROBE_SCORE_MAX/4; // +1 for .mpg + return (audio > 12 || vid > 3 || pspack > 2) ? AVPROBE_SCORE_MAX/2+2 : AVPROBE_SCORE_MAX/4+1; // +1 for .mpg if(pspack > invalid && (priv1+vid+audio)*10 >= pspack*9) return pspack > 2 ? AVPROBE_SCORE_MAX/2+2 : AVPROBE_SCORE_MAX/4; // +1 for .mpg if((!!vid ^ !!audio) && (audio > 4 || vid > 1) && !sys && !pspack && p->buf_size>2048 && vid + audio > invalid) /* PES stream */ From 1abb0e563918ffec4c76c12e23f1a0647062a0fe Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 8 Oct 2014 20:23:40 +0200 Subject: [PATCH 362/452] avformat/matroskadec: do not trust the default duration to be the real 1/timebase if its less than 5fps Fixes Ticket3980 Signed-off-by: Michael Niedermayer (cherry picked from commit be695ee389724d713e1b8a61ef899fe1795193ce) --- libavformat/matroskadec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index 1d0f1b2eb5..767fa5e0a0 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -1785,7 +1785,8 @@ static int matroska_read_header(AVFormatContext *s) av_reduce(&st->avg_frame_rate.num, &st->avg_frame_rate.den, 1000000000, track->default_duration, 30000); #if FF_API_R_FRAME_RATE - if (st->avg_frame_rate.num < st->avg_frame_rate.den * 1000L) + if ( st->avg_frame_rate.num < st->avg_frame_rate.den * 1000L + && st->avg_frame_rate.num > st->avg_frame_rate.den * 5L) st->r_frame_rate = st->avg_frame_rate; #endif } From 7ddf252c7e1e08d0029e40cefd3f5e9e1592e35c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 27 Oct 2014 04:22:42 +0100 Subject: [PATCH 363/452] Move get_avc_nalsize() and find_start_code() to h264.h This allows sharing them with the h264 parser Signed-off-by: Michael Niedermayer (cherry picked from commit 4898440f6bd19152373969159fff057b532c6374) Conflicts: libavcodec/h264.c libavcodec/h264.h --- libavcodec/h264.h | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/libavcodec/h264.h b/libavcodec/h264.h index 03be472c51..dbbfba25b4 100644 --- a/libavcodec/h264.h +++ b/libavcodec/h264.h @@ -969,6 +969,42 @@ static av_always_inline int get_dct8x8_allowed(H264Context *h) 0x0001000100010001ULL)); } +static inline int find_start_code(const uint8_t *buf, int buf_size, + int buf_index, int next_avc) +{ + // start code prefix search + for (; buf_index + 3 < next_avc; buf_index++) + // This should always succeed in the first iteration. + if (buf[buf_index] == 0 && + buf[buf_index + 1] == 0 && + buf[buf_index + 2] == 1) + break; + + buf_index += 3; + + if (buf_index >= buf_size) + return buf_size; + + return buf_index; +} + +static inline int get_avc_nalsize(H264Context *h, const uint8_t *buf, + int buf_size, int *buf_index) +{ + int i, nalsize = 0; + + if (*buf_index >= buf_size - h->nal_length_size) + return -1; + + for (i = 0; i < h->nal_length_size; i++) + nalsize = ((unsigned)nalsize << 8) | buf[(*buf_index)++]; + if (nalsize <= 0 || nalsize > buf_size - *buf_index) { + av_log(h->avctx, AV_LOG_ERROR, + "AVC: nal size %d\n", nalsize); + return -1; + } + return nalsize; +} void ff_h264_draw_horiz_band(H264Context *h, int y, int height); #endif /* AVCODEC_H264_H */ From aa9d70587150a004947e5cac9953e47f7eea87fa Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 27 Oct 2014 04:24:20 +0100 Subject: [PATCH 364/452] avcodec/h264: simplify find_start_code() this also uses avpriv_find_start_code(), though no speed change is expected as the area searched is generally small Signed-off-by: Michael Niedermayer (cherry picked from commit 3b678da5e386c138316954e867d595f946666051) Conflicts: libavcodec/h264.h --- libavcodec/h264.h | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/libavcodec/h264.h b/libavcodec/h264.h index dbbfba25b4..ab7ee5b153 100644 --- a/libavcodec/h264.h +++ b/libavcodec/h264.h @@ -36,6 +36,7 @@ #include "h264dsp.h" #include "h264pred.h" #include "h264qpel.h" +#include "internal.h" // for avpriv_find_start_code() #include "rectangle.h" #define MAX_SPS_COUNT 32 @@ -972,20 +973,11 @@ static av_always_inline int get_dct8x8_allowed(H264Context *h) static inline int find_start_code(const uint8_t *buf, int buf_size, int buf_index, int next_avc) { - // start code prefix search - for (; buf_index + 3 < next_avc; buf_index++) - // This should always succeed in the first iteration. - if (buf[buf_index] == 0 && - buf[buf_index + 1] == 0 && - buf[buf_index + 2] == 1) - break; + uint32_t state = -1; - buf_index += 3; + buf_index = avpriv_find_start_code(buf + buf_index, buf + next_avc + 1, &state) - buf - 1; - if (buf_index >= buf_size) - return buf_size; - - return buf_index; + return FFMIN(buf_index, buf_size); } static inline int get_avc_nalsize(H264Context *h, const uint8_t *buf, From 9282c96071be63bdee838754932948b309154ec4 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 27 Oct 2014 04:30:11 +0100 Subject: [PATCH 365/452] avcodec/h264_parser: rewrite the parse_nal_units() loop logic based on h264.c Fixes Ticket4011 Signed-off-by: Michael Niedermayer (cherry picked from commit 69a9a90d2ef795162074be24e3ad2182a8676af2) Conflicts: libavcodec/h264_parser.c --- libavcodec/h264_parser.c | 39 ++++++++++++++++++++------------------- 1 file changed, 20 insertions(+), 19 deletions(-) diff --git a/libavcodec/h264_parser.c b/libavcodec/h264_parser.c index 44b92b79e3..1b92932f67 100644 --- a/libavcodec/h264_parser.c +++ b/libavcodec/h264_parser.c @@ -139,10 +139,10 @@ found: */ static inline int parse_nal_units(AVCodecParserContext *s, AVCodecContext *avctx, - const uint8_t *buf, int buf_size) + const uint8_t * const buf, int buf_size) { H264Context *h = s->priv_data; - const uint8_t *buf_end = buf + buf_size; + int buf_index, next_avc; unsigned int pps_id; unsigned int slice_type; int state = -1; @@ -162,26 +162,26 @@ static inline int parse_nal_units(AVCodecParserContext *s, if (!buf_size) return 0; + buf_index = 0; + next_avc = h->is_avc ? 0 : buf_size; for(;;) { int src_length, dst_length, consumed, nalsize = 0; - if (h->is_avc) { - int i; - if (h->nal_length_size >= buf_end - buf) break; - nalsize = 0; - for (i = 0; i < h->nal_length_size; i++) - nalsize = (nalsize << 8) | *buf++; - if (nalsize <= 0 || nalsize > buf_end - buf) { - av_log(h->avctx, AV_LOG_ERROR, "AVC: nal size %d\n", nalsize); + + if (buf_index >= next_avc) { + nalsize = get_avc_nalsize(h, buf, buf_size, &buf_index); + if (nalsize < 0) break; - } - src_length = nalsize; + next_avc = buf_index + nalsize; } else { - buf = avpriv_mpv_find_start_code(buf, buf_end, &state); - if(buf >= buf_end) - break; - --buf; - src_length = buf_end - buf; + buf_index = find_start_code(buf, buf_size, buf_index, next_avc); + if (buf_index >= buf_size) + break; + if (buf_index >= next_avc) + continue; } + src_length = next_avc - buf_index; + + state = buf[buf_index]; switch (state & 0x1f) { case NAL_SLICE: case NAL_IDR_SLICE: @@ -190,10 +190,12 @@ static inline int parse_nal_units(AVCodecParserContext *s, src_length = 20; break; } - ptr= ff_h264_decode_nal(h, buf, &dst_length, &consumed, src_length); + ptr= ff_h264_decode_nal(h, buf + buf_index, &dst_length, &consumed, src_length); if (ptr==NULL || dst_length < 0) break; + buf_index += consumed; + init_get_bits(&h->gb, ptr, 8*dst_length); switch(h->nal_unit_type) { case NAL_SPS: @@ -277,7 +279,6 @@ static inline int parse_nal_units(AVCodecParserContext *s, return 0; /* no need to evaluate the rest */ } - buf += h->is_avc ? nalsize : consumed; } if (q264) return 0; From a8fd50bb4eeb0b159c46d51000b0d6a981748d9f Mon Sep 17 00:00:00 2001 From: Carl Eugen Hoyos Date: Sun, 2 Nov 2014 00:42:48 +0100 Subject: [PATCH 366/452] Fix compilation after aa9d7058. --- libavcodec/h264.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libavcodec/h264.h b/libavcodec/h264.h index ab7ee5b153..8761a61708 100644 --- a/libavcodec/h264.h +++ b/libavcodec/h264.h @@ -36,7 +36,6 @@ #include "h264dsp.h" #include "h264pred.h" #include "h264qpel.h" -#include "internal.h" // for avpriv_find_start_code() #include "rectangle.h" #define MAX_SPS_COUNT 32 @@ -975,7 +974,7 @@ static inline int find_start_code(const uint8_t *buf, int buf_size, { uint32_t state = -1; - buf_index = avpriv_find_start_code(buf + buf_index, buf + next_avc + 1, &state) - buf - 1; + buf_index = avpriv_mpv_find_start_code(buf + buf_index, buf + next_avc + 1, &state) - buf - 1; return FFMIN(buf_index, buf_size); } From 25a9823eb44a9e77b3568c93751fb002ffb2ae48 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 2 Nov 2014 01:55:40 +0100 Subject: [PATCH 367/452] avcodec/h264_slice: Clear table pointers to avoid stale pointers Might fix Ticket3889 Signed-off-by: Michael Niedermayer (cherry picked from commit 547fce95858ef83f8c25ae347e3ae3b8ba437fd9) Conflicts: libavcodec/h264_slice.c Conflicts: libavcodec/h264.c --- libavcodec/h264.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 21fcabe957..dbed0f0a7f 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -1600,6 +1600,17 @@ static int decode_update_thread_context(AVCodecContext *dst, memset(&h->me, 0, sizeof(h->me)); h->avctx = dst; h->DPB = NULL; + h->intra4x4_pred_mode= NULL; + h->non_zero_count = NULL; + h->slice_table_base = NULL; + h->slice_table = NULL; + h->cbp_table = NULL; + h->chroma_pred_mode_table = NULL; + memset(h->mvd_table, 0, sizeof(h->mvd_table)); + h->direct_table = NULL; + h->list_counts = NULL; + h->mb2b_xy = NULL; + h->mb2br_xy = NULL; if (h1->context_initialized) { h->context_initialized = 0; From 42669252e8f57b82f734036b5dbdd2af23b4dc05 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 12 Oct 2014 20:26:27 +0200 Subject: [PATCH 368/452] postproc/postprocess: fix quant store for fq mode Signed-off-by: Michael Niedermayer (cherry picked from commit 941aaa39e8cd78ba4d16dfcec767290aec9a0136) Conflicts: tests/ref/fate/filter-pp3 (cherry picked from commit 705748caf3f6a4a3e74ad3d2fc547a5a0213a521) Signed-off-by: Michael Niedermayer --- libpostproc/postprocess.c | 2 +- tests/ref/lavfi/pp3 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/libpostproc/postprocess.c b/libpostproc/postprocess.c index facfd2cdd9..3a1b78d371 100644 --- a/libpostproc/postprocess.c +++ b/libpostproc/postprocess.c @@ -1000,7 +1000,7 @@ void pp_postprocess(const uint8_t * src[3], const int srcStride[3], if((pict_type&7)!=3){ if (QPStride >= 0){ int i; - const int count= mbHeight * QPStride; + const int count= mbHeight * FFMAX(QPStride, mbWidth); for(i=0; i<(count>>2); i++){ ((uint32_t*)c->nonBQPTable)[i] = ((const uint32_t*)QP_store)[i] & 0x3F3F3F3F; } diff --git a/tests/ref/lavfi/pp3 b/tests/ref/lavfi/pp3 index ccf2eebc62..1af87610c8 100644 --- a/tests/ref/lavfi/pp3 +++ b/tests/ref/lavfi/pp3 @@ -1 +1 @@ -pp3 39af1a30d0ea0e906df264773adfcaa6 +pp3 c8277ef31ab01bad51356841c9634522 From 23b3fe00bb0d44a073f7a8e0a51f5c42d05facb4 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 13 Oct 2014 16:02:42 +0200 Subject: [PATCH 369/452] postproc: fix qp count Found-by: ubitux Signed-off-by: Michael Niedermayer (cherry picked from commit 0b7e5d0d75e7d8762dd04d35f8c0821736164372) Signed-off-by: Michael Niedermayer --- libpostproc/postprocess.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libpostproc/postprocess.c b/libpostproc/postprocess.c index 3a1b78d371..78404e8ca3 100644 --- a/libpostproc/postprocess.c +++ b/libpostproc/postprocess.c @@ -975,7 +975,7 @@ void pp_postprocess(const uint8_t * src[3], const int srcStride[3], if(pict_type & PP_PICT_TYPE_QP2){ int i; - const int count= mbHeight * absQPStride; + const int count= FFMAX(mbHeight * absQPStride, mbWidth); for(i=0; i<(count>>2); i++){ ((uint32_t*)c->stdQPTable)[i] = (((const uint32_t*)QP_store)[i]>>1) & 0x7F7F7F7F; } @@ -1000,7 +1000,7 @@ void pp_postprocess(const uint8_t * src[3], const int srcStride[3], if((pict_type&7)!=3){ if (QPStride >= 0){ int i; - const int count= mbHeight * FFMAX(QPStride, mbWidth); + const int count= FFMAX(mbHeight * QPStride, mbWidth); for(i=0; i<(count>>2); i++){ ((uint32_t*)c->nonBQPTable)[i] = ((const uint32_t*)QP_store)[i] & 0x3F3F3F3F; } From c36f5df34aca867af08313a885cc1131b489c57e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 28 Oct 2014 01:23:40 +0100 Subject: [PATCH 370/452] avcodec/diracdec: Use 64bit in calculation of codeblock coordinates Fixes integer overflow Fixes out of array read Fixes: asan_heap-oob_107866c_42_041.drc Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 526886e6069636a918c8c04db17e864e3d8151c1) Signed-off-by: Michael Niedermayer --- libavcodec/diracdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c index 08771e5c3c..75a1f9385d 100644 --- a/libavcodec/diracdec.c +++ b/libavcodec/diracdec.c @@ -598,10 +598,10 @@ static av_always_inline void decode_subband_internal(DiracContext *s, SubBand *b top = 0; for (cb_y = 0; cb_y < cb_height; cb_y++) { - bottom = (b->height * (cb_y+1)) / cb_height; + bottom = (b->height * (cb_y+1LL)) / cb_height; left = 0; for (cb_x = 0; cb_x < cb_width; cb_x++) { - right = (b->width * (cb_x+1)) / cb_width; + right = (b->width * (cb_x+1LL)) / cb_width; codeblock(s, b, &gb, &c, left, right, top, bottom, blockcnt_one, is_arith); left = right; } From 341cf9ed8167d8319aff8d814a1a1f5f580deaf5 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 28 Oct 2014 01:23:40 +0100 Subject: [PATCH 371/452] avcodec/diracdec: Tighter checks on CODEBLOCKS_X/Y Fixes very long but finite loop Fixes: asan_heap-oob_107866c_42_041.drc Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 5145d22b88b9835db81c4d286b931a78e08ab76a) Signed-off-by: Michael Niedermayer --- libavcodec/diracdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c index 75a1f9385d..02cb046392 100644 --- a/libavcodec/diracdec.c +++ b/libavcodec/diracdec.c @@ -990,8 +990,8 @@ static int dirac_unpack_idwt_params(DiracContext *s) /* Codeblock parameters (core syntax only) */ if (get_bits1(gb)) { for (i = 0; i <= s->wavelet_depth; i++) { - CHECKEDREAD(s->codeblock[i].width , tmp < 1, "codeblock width invalid\n") - CHECKEDREAD(s->codeblock[i].height, tmp < 1, "codeblock height invalid\n") + CHECKEDREAD(s->codeblock[i].width , tmp < 1 || tmp > (s->avctx->width >>s->wavelet_depth-i), "codeblock width invalid\n") + CHECKEDREAD(s->codeblock[i].height, tmp < 1 || tmp > (s->avctx->height>>s->wavelet_depth-i), "codeblock height invalid\n") } CHECKEDREAD(s->codeblock_mode, tmp > 1, "unknown codeblock mode\n") From 35cf24eee996c6233dde42e93e2a0ff6049f604b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 28 Oct 2014 02:14:41 +0100 Subject: [PATCH 372/452] avcodec/dirac_arith: fix integer overflow Fixes: asan_heap-oob_1078676_9_008.drc Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 39680caceebfc6abf09b17032048752c014e57a8) Signed-off-by: Michael Niedermayer --- libavcodec/dirac_arith.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/dirac_arith.h b/libavcodec/dirac_arith.h index 089c71a698..a1fa96b5bc 100644 --- a/libavcodec/dirac_arith.h +++ b/libavcodec/dirac_arith.h @@ -171,6 +171,10 @@ static inline int dirac_get_arith_uint(DiracArith *c, int follow_ctx, int data_c { int ret = 1; while (!dirac_get_arith_bit(c, follow_ctx)) { + if (ret >= 0x40000000) { + av_log(NULL, AV_LOG_ERROR, "dirac_get_arith_uint overflow\n"); + return -1; + } ret <<= 1; ret += dirac_get_arith_bit(c, data_ctx); follow_ctx = ff_dirac_next_ctx[follow_ctx]; From d59804bafbaf8ce4bb194f04a4692271a8f8f875 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 28 Oct 2014 15:26:42 +0100 Subject: [PATCH 373/452] avcodec/dxa: check dimensions Fixes out of array access Fixes: asan_heap-oob_11222fb_21_020.dxa Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit e70312dfc22c4e54d5716f28f28db8f99c74cc90) Conflicts: libavcodec/dxa.c --- libavcodec/dxa.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/dxa.c b/libavcodec/dxa.c index 7bd74f3c74..52a0fef58b 100644 --- a/libavcodec/dxa.c +++ b/libavcodec/dxa.c @@ -308,6 +308,11 @@ static av_cold int decode_init(AVCodecContext *avctx) avctx->pix_fmt = AV_PIX_FMT_PAL8; + if (avctx->width%4 || avctx->height%4) { + av_log(avctx, AV_LOG_ERROR, "dimensions are not a multiple of 4"); + return AVERROR_INVALIDDATA; + } + avcodec_get_frame_defaults(&c->pic); avcodec_get_frame_defaults(&c->prev); From 6e45a99a7cc485cb91e23b9760912b964cb1ef6c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 29 Oct 2014 00:57:07 +0100 Subject: [PATCH 374/452] avcodec/dnxhddec: treat pix_fmt like width/height Fixes out of array accesses Fixes: asan_heap-oob_22c9a39_16_015.mxf Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit f3c0e0bf6f53df0977f3878d4f5cec99dff8de9e) Conflicts: libavcodec/dnxhddec.c Signed-off-by: Michael Niedermayer --- libavcodec/dnxhddec.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/libavcodec/dnxhddec.c b/libavcodec/dnxhddec.c index 429d9a518a..a1daceef05 100644 --- a/libavcodec/dnxhddec.c +++ b/libavcodec/dnxhddec.c @@ -39,6 +39,7 @@ typedef struct DNXHDContext { GetBitContext gb; int64_t cid; ///< compression id unsigned int width, height; + enum AVPixelFormat pix_fmt; unsigned int mb_width, mb_height; uint32_t mb_scan_index[68]; /* max for 1080p */ int cur_field; ///< current interlaced field @@ -135,7 +136,7 @@ static int dnxhd_decode_header(DNXHDContext *ctx, const uint8_t *buf, int buf_si av_dlog(ctx->avctx, "width %d, height %d\n", ctx->width, ctx->height); if (buf[0x21] & 0x40) { - ctx->avctx->pix_fmt = AV_PIX_FMT_YUV422P10; + ctx->pix_fmt = AV_PIX_FMT_YUV422P10; ctx->avctx->bits_per_raw_sample = 10; if (ctx->bit_depth != 10) { ff_dsputil_init(&ctx->dsp, ctx->avctx); @@ -143,7 +144,7 @@ static int dnxhd_decode_header(DNXHDContext *ctx, const uint8_t *buf, int buf_si ctx->decode_dct_block = dnxhd_decode_dct_block_10; } } else { - ctx->avctx->pix_fmt = AV_PIX_FMT_YUV422P; + ctx->pix_fmt = AV_PIX_FMT_YUV422P; ctx->avctx->bits_per_raw_sample = 8; if (ctx->bit_depth != 8) { ff_dsputil_init(&ctx->dsp, ctx->avctx); @@ -381,9 +382,15 @@ static int dnxhd_decode_frame(AVCodecContext *avctx, void *data, int *got_frame, avctx->width, avctx->height, ctx->width, ctx->height); first_field = 1; } + if (avctx->pix_fmt != AV_PIX_FMT_NONE && avctx->pix_fmt != ctx->pix_fmt) { + av_log(avctx, AV_LOG_WARNING, "pix_fmt changed: %s -> %s\n", + av_get_pix_fmt_name(avctx->pix_fmt), av_get_pix_fmt_name(ctx->pix_fmt)); + first_field = 1; + } if (av_image_check_size(ctx->width, ctx->height, 0, avctx)) return -1; + avctx->pix_fmt = ctx->pix_fmt; avcodec_set_dimensions(avctx, ctx->width, ctx->height); if (first_field) { From b92ccfefc3a3d9a43c6de78ea51c080bb22d7ef3 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 29 Oct 2014 14:15:29 +0100 Subject: [PATCH 375/452] avcodec/utils: Align dimensions by at least their chroma sub-sampling factors. Fixes: out of array accesses Fixes: asan_heap-oob_112c6b3_13_012.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit df74811cd53e45fcbbd3b77a1c42416816687c5c) Signed-off-by: Michael Niedermayer --- libavcodec/utils.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index 33ff8e0110..7cceafa3a4 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -193,6 +193,12 @@ void avcodec_align_dimensions2(AVCodecContext *s, int *width, int *height, int i; int w_align = 1; int h_align = 1; + AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(s->pix_fmt); + + if (desc) { + w_align = 1 << desc->log2_chroma_w; + h_align = 1 << desc->log2_chroma_h; + } switch (s->pix_fmt) { case AV_PIX_FMT_YUV420P: @@ -293,8 +299,6 @@ void avcodec_align_dimensions2(AVCodecContext *s, int *width, int *height, } break; default: - w_align = 1; - h_align = 1; break; } From 96dac432f790a6e73d8af10ba84cdbd2f38005b2 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 30 Oct 2014 18:16:25 +0100 Subject: [PATCH 376/452] avcodec/svq1dec: zero terminate embedded message before printing Fixes out of array access Fixes: asan_stack-oob_49b1e5_10_009.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit e91ba2efa949470e9157b652535d207a101f91e0) Conflicts: libavcodec/svq1dec.c --- libavcodec/svq1dec.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/libavcodec/svq1dec.c b/libavcodec/svq1dec.c index 5b9a620591..a5d35f962d 100644 --- a/libavcodec/svq1dec.c +++ b/libavcodec/svq1dec.c @@ -497,7 +497,7 @@ static int svq1_decode_delta_block(AVCodecContext *avctx, DSPContext *dsp, return result; } -static void svq1_parse_string(GetBitContext *bitbuf, uint8_t *out) +static void svq1_parse_string(GetBitContext *bitbuf, uint8_t out[257]) { uint8_t seed; int i; @@ -509,6 +509,7 @@ static void svq1_parse_string(GetBitContext *bitbuf, uint8_t *out) out[i] = get_bits(bitbuf, 8) ^ seed; seed = string_table[out[i] ^ seed]; } + out[i] = 0; } static int svq1_decode_frame_header(AVCodecContext *avctx, AVFrame *frame) @@ -551,12 +552,12 @@ static int svq1_decode_frame_header(AVCodecContext *avctx, AVFrame *frame) } if ((s->frame_code ^ 0x10) >= 0x50) { - uint8_t msg[256]; + uint8_t msg[257]; svq1_parse_string(bitbuf, msg); av_log(avctx, AV_LOG_INFO, - "embedded message: \"%s\"\n", (char *)msg); + "embedded message: \"%s\"\n", ((char *)msg) + 1); } skip_bits(bitbuf, 2); From 7e8b4506e0aac9dd00ab2aa750c4ad0858a90792 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 2 Nov 2014 11:34:41 +0100 Subject: [PATCH 377/452] update for 1.2.10 Signed-off-by: Michael Niedermayer --- RELEASE | 2 +- doc/Doxyfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/RELEASE b/RELEASE index 9d4f8239dc..963ed7cf37 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -1.2.9 +1.2.10 diff --git a/doc/Doxyfile b/doc/Doxyfile index f7cfc25e12..d8952ea710 100644 --- a/doc/Doxyfile +++ b/doc/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 1.2.9 +PROJECT_NUMBER = 1.2.10 # With the PROJECT_LOGO tag one can specify an logo or icon that is included # in the documentation. The maximum height of the logo should not exceed 55 From 5d33142fd621a02abd4a42d57ff8eceec1c51427 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 3 Nov 2014 13:20:24 +0100 Subject: [PATCH 378/452] avcodec/options_table fix min of audio channels and sample rate Found-by: Lukasz Marek Signed-off-by: Michael Niedermayer (cherry picked from commit 206c98f303e833c9e94427c9e3f9867f85265f78) Signed-off-by: Michael Niedermayer --- libavcodec/options_table.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/options_table.h b/libavcodec/options_table.h index d0c55a2a44..c9404d10c8 100644 --- a/libavcodec/options_table.h +++ b/libavcodec/options_table.h @@ -102,8 +102,8 @@ static const AVOption options[]={ {"extradata_size", NULL, OFFSET(extradata_size), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX}, {"time_base", NULL, OFFSET(time_base), AV_OPT_TYPE_RATIONAL, {.dbl = 0}, INT_MIN, INT_MAX}, {"g", "set the group of picture (GOP) size", OFFSET(gop_size), AV_OPT_TYPE_INT, {.i64 = 12 }, INT_MIN, INT_MAX, V|E}, -{"ar", "set audio sampling rate (in Hz)", OFFSET(sample_rate), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, A|D|E}, -{"ac", "set number of audio channels", OFFSET(channels), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, A|D|E}, +{"ar", "set audio sampling rate (in Hz)", OFFSET(sample_rate), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, 0, INT_MAX, A|D|E}, +{"ac", "set number of audio channels", OFFSET(channels), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, 0, INT_MAX, A|D|E}, {"cutoff", "set cutoff bandwidth", OFFSET(cutoff), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, A|E}, {"frame_size", NULL, OFFSET(frame_size), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, A|E}, {"frame_number", NULL, OFFSET(frame_number), AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX}, From 2d39d8ffc1ac11706d3161ec95d85fb55374c692 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 10 Nov 2014 19:44:20 +0100 Subject: [PATCH 379/452] avcodec/utvideodec: fix assumtation that slice_height >= 1 Fixes out of array read Fixes: asan_heap-oob_2573085_3783_utvideo_rgba_median.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 7656c4c6e66f8a787d384f027ad824cc1677fda1) Signed-off-by: Michael Niedermayer --- libavcodec/utvideodec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/utvideodec.c b/libavcodec/utvideodec.c index 3108159bbd..5c1d45ca80 100644 --- a/libavcodec/utvideodec.c +++ b/libavcodec/utvideodec.c @@ -222,7 +222,7 @@ static void restore_median(uint8_t *src, int step, int stride, A = bsrc[i]; } bsrc += stride; - if (slice_height == 1) + if (slice_height <= 1) continue; // second line - first element has top prediction, the rest uses median C = bsrc[-stride]; @@ -282,7 +282,7 @@ static void restore_median_il(uint8_t *src, int step, int stride, A = bsrc[stride + i]; } bsrc += stride2; - if (slice_height == 1) + if (slice_height <= 1) continue; // second line - first element has top prediction, the rest uses median C = bsrc[-stride2]; From 01384e3dde489c775cd20ddc4b9407f011ded55c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 10 Nov 2014 23:07:50 +0100 Subject: [PATCH 380/452] avcodec/wmaprodec: Fix integer overflow in sfb_offsets initialization Fixes out of array read Fixes: asan_heap-oob_2aec5b0_1828_classical_22_16_2_16000_v3c_0_exclusive_0_29.wma Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 5dcb99033df16eccc4dbbc4a099ad64457f9f090) Signed-off-by: Michael Niedermayer --- libavcodec/wmaprodec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/wmaprodec.c b/libavcodec/wmaprodec.c index f0944fe486..72c1dc7d2f 100644 --- a/libavcodec/wmaprodec.c +++ b/libavcodec/wmaprodec.c @@ -409,6 +409,9 @@ static av_cold int decode_init(AVCodecContext *avctx) offset &= ~3; if (offset > s->sfb_offsets[i][band - 1]) s->sfb_offsets[i][band++] = offset; + + if (offset >= subframe_len) + break; } s->sfb_offsets[i][band - 1] = subframe_len; s->num_sfb[i] = band - 1; From 5284d17562f3a50194cb01dcc890307de3ba99bd Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 16 Nov 2014 04:02:56 +0100 Subject: [PATCH 381/452] avformat/hlsenc: Free context after hls_append_segment Fixes reading uninitialized memory Signed-off-by: Michael Niedermayer (cherry picked from commit 530eb6acf8ee867bf00728bf7efaf505da107e17) Conflicts: libavformat/hlsenc.c (cherry picked from commit 0ac22f043bee2f1c4daf5e1044b014326325d929) Conflicts: libavformat/hlsenc.c (cherry picked from commit 134d3e1c0331462ea94c78a5e13a63b20d283653) Signed-off-by: Michael Niedermayer --- libavformat/hlsenc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/hlsenc.c b/libavformat/hlsenc.c index 18914c026a..578f04d3e6 100644 --- a/libavformat/hlsenc.c +++ b/libavformat/hlsenc.c @@ -305,9 +305,10 @@ static int hls_write_trailer(struct AVFormatContext *s) av_write_trailer(oc); avio_closep(&oc->pb); - avformat_free_context(oc); av_free(hls->basename); append_entry(hls, hls->duration); + avformat_free_context(oc); + hls->avf = NULL; hls_window(s, 1); free_entries(hls); From 6c28673cb3648d49117c6bfa4ed89ead157b1c22 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 25 Nov 2014 13:53:06 +0100 Subject: [PATCH 382/452] avcodec/mjpegdec: Fix context fields becoming inconsistent Fixes out of array access Fixes: asan_heap-oob_1ca4f85_2760_cov_144449187_miss_congeniality_pegasus_ljpg.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 0eecf40935b22644e6cd74c586057237ecfd6844) Signed-off-by: Michael Niedermayer --- libavcodec/mjpegdec.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index 234dd20f58..a2a93c1266 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -1437,6 +1437,8 @@ static int mjpeg_decode_app(MJpegDecodeContext *s) } if (id == AV_RB32("LJIF")) { + int rgb = s->rgb; + int pegasus_rct = s->pegasus_rct; if (s->avctx->debug & FF_DEBUG_PICT_INFO) av_log(s->avctx, AV_LOG_INFO, "Pegasus lossless jpeg header found\n"); @@ -1446,17 +1448,27 @@ static int mjpeg_decode_app(MJpegDecodeContext *s) skip_bits(&s->gb, 16); /* unknown always 0? */ switch (get_bits(&s->gb, 8)) { case 1: - s->rgb = 1; - s->pegasus_rct = 0; + rgb = 1; + pegasus_rct = 0; break; case 2: - s->rgb = 1; - s->pegasus_rct = 1; + rgb = 1; + pegasus_rct = 1; break; default: av_log(s->avctx, AV_LOG_ERROR, "unknown colorspace\n"); } + len -= 9; + if (s->got_picture) + if (rgb != s->rgb || pegasus_rct != s->pegasus_rct) { + av_log(s->avctx, AV_LOG_WARNING, "Mismatching LJIF tag\n"); + goto out; + } + + s->rgb = rgb; + s->pegasus_rct = pegasus_rct; + goto out; } From a65573c45d346a7d5aa197362af368caf1a1b56c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 25 Nov 2014 14:45:30 +0100 Subject: [PATCH 383/452] avcodec/utils: Check that the data is complete in avpriv_bprint_to_extradata() Fixes out of array read Fixes: asan_heap-oob_4d2250_814_cov_2745172097_JACOsub_capability_tester.jss Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 3d5d95db3f5d8e2093e9e19d0c46e86f54ed2a5d) Signed-off-by: Michael Niedermayer --- libavcodec/utils.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index 7cceafa3a4..87184098e9 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -2876,6 +2876,11 @@ int avpriv_bprint_to_extradata(AVCodecContext *avctx, struct AVBPrint *buf) ret = av_bprint_finalize(buf, &str); if (ret < 0) return ret; + if (!av_bprint_is_complete(buf)) { + av_free(str); + return AVERROR(ENOMEM); + } + avctx->extradata = str; /* Note: the string is NUL terminated (so extradata can be read as a * string), but the ending character is not accounted in the size (in From 11e5106c56a0f81759b9284369081f922364582a Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 26 Nov 2014 03:29:03 +0100 Subject: [PATCH 384/452] avcodec/flacdec: Call ff_flacdsp_init() unconditionally Fixes out of array access Fixes: signal_sigsegv_324b135_3398_cov_246853371_short.flac Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit e5c01ccdf5a9a330d4c51a9b9ea721fd8f1fb70b) Conflicts: libavcodec/flacdec.c --- libavcodec/flacdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/flacdec.c b/libavcodec/flacdec.c index 91a25f02c4..872aa1d019 100644 --- a/libavcodec/flacdec.c +++ b/libavcodec/flacdec.c @@ -463,10 +463,10 @@ static int decode_frame(FLACContext *s) ret = allocate_buffers(s); if (ret < 0) return ret; - ff_flacdsp_init(&s->dsp, s->avctx->sample_fmt, s->bps); s->got_streaminfo = 1; dump_headers(s->avctx, (FLACStreaminfo *)s); } + ff_flacdsp_init(&s->dsp, s->avctx->sample_fmt, s->bps); // dump_headers(s->avctx, (FLACStreaminfo *)s); From d723f92dbf6778a17a9e69c56386d357d75d3245 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 26 Nov 2014 15:45:47 +0100 Subject: [PATCH 385/452] avcodec/pngdec: Check IHDR/IDAT order Fixes out of array access Fixes: asan_heap-oob_20a6c26_2690_cov_3434532168_mail.png Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 79ceaf827be0b070675d4cd0a55c3386542defd8) Conflicts: libavcodec/pngdec.c --- libavcodec/pngdec.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c index fc7d694ccf..8c9ae92e6f 100644 --- a/libavcodec/pngdec.c +++ b/libavcodec/pngdec.c @@ -563,6 +563,12 @@ static int decode_frame(AVCodecContext *avctx, case MKTAG('I', 'H', 'D', 'R'): if (length != 13) goto fail; + + if (s->state & PNG_IDAT) { + av_log(avctx, AV_LOG_ERROR, "IHDR after IDAT\n"); + goto fail; + } + s->width = bytestream2_get_be32(&s->gb); s->height = bytestream2_get_be32(&s->gb); if (av_image_check_size(s->width, s->height, 0, avctx)) { From 69a92ae39711f844480dd47b9aa2f30346f3e1ce Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 1 Dec 2014 13:23:24 +0100 Subject: [PATCH 386/452] avcodec/motion_est: use 2x8x8 for interlaced qpel Fixes out of array read Fixes Ticket4121 Signed-off-by: Michael Niedermayer (cherry picked from commit b50e003e1cb6a215df44ffa3354603bf600b4aa3) Signed-off-by: Michael Niedermayer --- libavcodec/motion_est.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libavcodec/motion_est.c b/libavcodec/motion_est.c index d9d6a1fd9d..fe90f3f45d 100644 --- a/libavcodec/motion_est.c +++ b/libavcodec/motion_est.c @@ -189,7 +189,13 @@ static av_always_inline int cmp_inline(MpegEncContext *s, const int x, const int int uvdxy; /* no, it might not be used uninitialized */ if(dxy){ if(qpel){ - c->qpel_put[size][dxy](c->temp, ref[0] + x + y*stride, stride); //FIXME prototype (add h) + if (h << size == 16) { + c->qpel_put[size][dxy](c->temp, ref[0] + x + y*stride, stride); //FIXME prototype (add h) + } else if (size == 0 && h == 8) { + c->qpel_put[1][dxy](c->temp , ref[0] + x + y*stride , stride); + c->qpel_put[1][dxy](c->temp + 8, ref[0] + x + y*stride + 8, stride); + } else + av_assert2(0); if(chroma){ int cx= hx/2; int cy= hy/2; From 71b3f64935dd17af574dcd86b55e296f2e67fac5 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 20 Nov 2014 00:43:45 +0100 Subject: [PATCH 387/452] swscale/x86/rgb2rgb_template: handle the first 2 lines with C in rgb24toyv12_*() This avoids out of array accesses Should fix Ticket3451 Signed-off-by: Michael Niedermayer (cherry picked from commit 4388e78a0f022c8572996f9ab568a39b5f716f9d) Signed-off-by: Michael Niedermayer --- libswscale/x86/rgb2rgb_template.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/libswscale/x86/rgb2rgb_template.c b/libswscale/x86/rgb2rgb_template.c index d802ab4227..b02296688d 100644 --- a/libswscale/x86/rgb2rgb_template.c +++ b/libswscale/x86/rgb2rgb_template.c @@ -1616,6 +1616,16 @@ static inline void RENAME(rgb24toyv12)(const uint8_t *src, uint8_t *ydst, uint8_ { int y; const x86_reg chromWidth= width>>1; + + if (height > 2) { + rgb24toyv12_c(src, ydst, udst, vdst, width, 2, lumStride, chromStride, srcStride); + src += 2*srcStride; + ydst += 2*lumStride; + udst += chromStride; + vdst += chromStride; + height -= 2; + } + for (y=0; y Date: Wed, 3 Dec 2014 20:01:18 +0100 Subject: [PATCH 388/452] avformat/rmdec: Check codec_data_size Fixes infinite loop Fixes Ticket4154 Signed-off-by: Michael Niedermayer (cherry picked from commit a6f730730b82645a9d31aad0968487cb77d6946c) Signed-off-by: Michael Niedermayer --- libavformat/rmdec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c index 2edbfc3780..06a327e1c1 100644 --- a/libavformat/rmdec.c +++ b/libavformat/rmdec.c @@ -309,6 +309,9 @@ ff_rm_read_mdpr_codecdata (AVFormatContext *s, AVIOContext *pb, int64_t codec_pos; int ret; + if (codec_data_size < 0) + return AVERROR_INVALIDDATA; + avpriv_set_pts_info(st, 64, 1, 1000); codec_pos = avio_tell(pb); v = avio_rb32(pb); From 0d5e6261970641fd92d76aec4171821a435a5f13 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 3 Dec 2014 20:21:56 +0100 Subject: [PATCH 389/452] swscale/x86/rgb2rgb_template: fix crash with tiny size and nv12 output Fixes Ticket4151 Signed-off-by: Michael Niedermayer (cherry picked from commit 8524558858b7e14bc50afa10233e0194f591ab9d) Signed-off-by: Michael Niedermayer --- libswscale/x86/rgb2rgb_template.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libswscale/x86/rgb2rgb_template.c b/libswscale/x86/rgb2rgb_template.c index b02296688d..392c067027 100644 --- a/libswscale/x86/rgb2rgb_template.c +++ b/libswscale/x86/rgb2rgb_template.c @@ -1874,6 +1874,7 @@ static void RENAME(interleaveBytes)(const uint8_t *src1, const uint8_t *src2, ui for (h=0; h < height; h++) { int w; + if (width >= 16) #if COMPILE_TEMPLATE_SSE2 __asm__( "xor %%"REG_a", %%"REG_a" \n\t" From 084102cd47ca89b79145b5cde5be97aa8a2dc118 Mon Sep 17 00:00:00 2001 From: wm4 Date: Sat, 6 Dec 2014 16:53:30 +0100 Subject: [PATCH 390/452] avformat/matroskadec: fix handling of recursive SeekHead elements When matroska_execute_seekhead() is called, it goes through the list of seekhead entries and attempts to read elements not read yet. When doing this, the parser can find further SeekHead elements, and will extend the matroska->seekhead list. This can lead to a (practically) infinite loop with certain broken files. (Maybe it can happen even with valid files. The demuxer doesn't seem to check correctly whether an element has already been read.) Fix this by ignoring elements that were added to the seekhead field during executing seekhead entries. This does not fix the possible situation when multiple SeekHead elements after the file header (i.e. occur after the "before_pos" file position) point to the same elements. These elements will probably be parsed multiple times, likely leading to bugs. Fixes ticket #4162. Signed-off-by: Michael Niedermayer (cherry picked from commit 6551acab6877addae815decd02aeca33ba4990c8) Signed-off-by: Michael Niedermayer --- libavformat/matroskadec.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index 767fa5e0a0..15350713ac 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -1362,13 +1362,17 @@ static void matroska_execute_seekhead(MatroskaDemuxContext *matroska) EbmlList *seekhead_list = &matroska->seekhead; int64_t before_pos = avio_tell(matroska->ctx->pb); int i; + int nb_elem; // we should not do any seeking in the streaming case if (!matroska->ctx->pb->seekable || (matroska->ctx->flags & AVFMT_FLAG_IGNIDX)) return; - for (i = 0; i < seekhead_list->nb_elem; i++) { + // do not read entries that are added while parsing seekhead entries + nb_elem = seekhead_list->nb_elem; + + for (i = 0; i < nb_elem; i++) { MatroskaSeekhead *seekhead = seekhead_list->elem; if (seekhead[i].pos <= before_pos) continue; From 8e17d28863685c288d455647368faaa8a9594f02 Mon Sep 17 00:00:00 2001 From: Rob Sykes Date: Sat, 13 Dec 2014 21:12:56 +0100 Subject: [PATCH 391/452] swresample/soxr_resample: fix error handling Fixes CID1257659 Signed-off-by: Michael Niedermayer (cherry picked from commit 4b6f2253741f3023928e61ae5105ccd4b1c515fb) Signed-off-by: Michael Niedermayer --- libswresample/soxr_resample.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/libswresample/soxr_resample.c b/libswresample/soxr_resample.c index 4c000db0ca..7467f8d5cc 100644 --- a/libswresample/soxr_resample.c +++ b/libswresample/soxr_resample.c @@ -76,8 +76,12 @@ static int process( AudioData *src, int src_size, int *consumed){ size_t idone, odone; soxr_error_t error = soxr_set_error((soxr_t)c, soxr_set_num_channels((soxr_t)c, src->ch_count)); - error = soxr_process((soxr_t)c, src->ch, (size_t)src_size, - &idone, dst->ch, (size_t)dst_size, &odone); + if (!error) + error = soxr_process((soxr_t)c, src->ch, (size_t)src_size, + &idone, dst->ch, (size_t)dst_size, &odone); + else + idone = 0; + *consumed = (int)idone; return error? -1 : odone; } From 237958f8e82ce608c0f9ebb072653354e1d9ecca Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 14 Dec 2014 17:26:11 +0100 Subject: [PATCH 392/452] avformat/aviobuf: Check that avio_seek() target is non negative Fixes out of array access Suggested-by: Andrew Scherkus Signed-off-by: Michael Niedermayer (cherry picked from commit ed86dbd05d61363dc1c0d33f3267e2177c985fdd) Signed-off-by: Michael Niedermayer --- libavformat/aviobuf.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/aviobuf.c b/libavformat/aviobuf.c index 7a73a1791f..dc7dbb233b 100644 --- a/libavformat/aviobuf.c +++ b/libavformat/aviobuf.c @@ -216,6 +216,9 @@ int64_t avio_seek(AVIOContext *s, int64_t offset, int whence) return offset1; offset += offset1; } + if (offset < 0) + return AVERROR(EINVAL); + offset1 = offset - pos; if (!s->must_flush && (!s->direct || !s->seek) && offset1 >= 0 && offset1 <= (s->buf_end - s->buffer)) { From c03491d96b89107698fa460fa6cfbe53a7fbd66c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 16 Dec 2014 00:10:02 +0100 Subject: [PATCH 393/452] Update for 1.2.11 Signed-off-by: Michael Niedermayer --- RELEASE | 2 +- doc/Doxyfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/RELEASE b/RELEASE index 963ed7cf37..c11470058f 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -1.2.10 +1.2.11 diff --git a/doc/Doxyfile b/doc/Doxyfile index d8952ea710..cb6298c478 100644 --- a/doc/Doxyfile +++ b/doc/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 1.2.10 +PROJECT_NUMBER = 1.2.11 # With the PROJECT_LOGO tag one can specify an logo or icon that is included # in the documentation. The maximum height of the logo should not exceed 55 From 0da0d7754e745d066f845da499383ff86d2ce04f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 16 Dec 2014 16:24:55 +0100 Subject: [PATCH 394/452] avcodec/vmdvideo: Check len before using it in method 3 Fixes out of array access Fixes: asan_heap-oob_4d23ba_91_cov_3853393937_128.vmd Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 3030fb7e0d41836f8add6399e9a7c7b740b48bfd) Conflicts: libavcodec/vmdvideo.c --- libavcodec/vmdav.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/vmdav.c b/libavcodec/vmdav.c index 79a33b867f..773ca886a3 100644 --- a/libavcodec/vmdav.c +++ b/libavcodec/vmdav.c @@ -343,7 +343,7 @@ static void vmd_decode(VmdVideoContext *s) if (*pb++ == 0xFF) len = rle_unpack(pb, pb_end - pb, len, &dp[ofs], frame_width - ofs); else { - if (pb_end - pb < len) + if (ofs + len > frame_width || pb_end - pb < len) return; memcpy(&dp[ofs], pb, len); } From ece0c9c4b04257d8ba3689987251f44421b1ead7 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 16 Dec 2014 20:45:31 +0100 Subject: [PATCH 395/452] avcodec/utvideodec: Fix handling of slice_height=0 Fixes out of array accesses Fixes: asan_heap-oob_25bcd7e_3783_cov_3553517262_utvideo_rgba_median.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 3881606240953b9275a247a1c98a567f3c44890f) Signed-off-by: Michael Niedermayer --- libavcodec/utvideodec.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/utvideodec.c b/libavcodec/utvideodec.c index 5c1d45ca80..0e4dddbbf1 100644 --- a/libavcodec/utvideodec.c +++ b/libavcodec/utvideodec.c @@ -212,6 +212,8 @@ static void restore_median(uint8_t *src, int step, int stride, slice_height = ((((slice + 1) * height) / slices) & cmask) - slice_start; + if (!slice_height) + continue; bsrc = src + slice_start * stride; // first line - left neighbour prediction @@ -267,6 +269,8 @@ static void restore_median_il(uint8_t *src, int step, int stride, slice_height = ((((slice + 1) * height) / slices) & cmask) - slice_start; slice_height >>= 1; + if (!slice_height) + continue; bsrc = src + slice_start * stride; From 3aa99bed5df3f5da0e3b4d871eb197b028cf1f4d Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 16 Dec 2014 21:14:40 +0100 Subject: [PATCH 396/452] avformat/mov: check atom nesting depth Fixes call stack overflow Fixes: case1_call_stack_overflow.mp4 Found-by: Michal Zalewski Signed-off-by: Michael Niedermayer (cherry picked from commit caa7a3914f499f74b3ee346f26d598ebdc0ec210) Conflicts: libavformat/isom.h --- libavformat/isom.h | 1 + libavformat/mov.c | 13 ++++++++++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/libavformat/isom.h b/libavformat/isom.h index 4154baf827..c9004771bb 100644 --- a/libavformat/isom.h +++ b/libavformat/isom.h @@ -162,6 +162,7 @@ typedef struct MOVContext { int use_absolute_path; int ignore_editlist; int64_t next_root_atom; ///< offset of the next root atom + int atom_depth; } MOVContext; int ff_mp4_read_descr_len(AVIOContext *pb); diff --git a/libavformat/mov.c b/libavformat/mov.c index c2d2a07893..a1694a58cc 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -2788,6 +2788,12 @@ static int mov_read_default(MOVContext *c, AVIOContext *pb, MOVAtom atom) MOVAtom a; int i; + if (c->atom_depth > 10) { + av_log(c->fc, AV_LOG_ERROR, "Atoms too deeply nested\n"); + return AVERROR_INVALIDDATA; + } + c->atom_depth ++; + if (atom.size < 0) atom.size = INT64_MAX; while (total_size + 8 <= atom.size && !url_feof(pb)) { @@ -2804,6 +2810,7 @@ static int mov_read_default(MOVContext *c, AVIOContext *pb, MOVAtom atom) { av_log(c->fc, AV_LOG_ERROR, "Broken file, trak/mdat not at top-level\n"); avio_skip(pb, -8); + c->atom_depth --; return 0; } } @@ -2840,13 +2847,16 @@ static int mov_read_default(MOVContext *c, AVIOContext *pb, MOVAtom atom) int64_t start_pos = avio_tell(pb); int64_t left; int err = parse(c, pb, a); - if (err < 0) + if (err < 0) { + c->atom_depth --; return err; + } if (c->found_moov && c->found_mdat && ((!pb->seekable || c->fc->flags & AVFMT_FLAG_IGNIDX) || start_pos + a.size == avio_size(pb))) { if (!pb->seekable || c->fc->flags & AVFMT_FLAG_IGNIDX) c->next_root_atom = start_pos + a.size; + c->atom_depth --; return 0; } left = a.size - avio_tell(pb) + start_pos; @@ -2864,6 +2874,7 @@ static int mov_read_default(MOVContext *c, AVIOContext *pb, MOVAtom atom) if (total_size < atom.size && atom.size < 0x7ffff) avio_skip(pb, atom.size - total_size); + c->atom_depth --; return 0; } From ec0f77fbff904bb735c9923c3cdd916ca6ac9c88 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 16 Dec 2014 22:21:21 +0100 Subject: [PATCH 397/452] swscale: increase yuv2rgb table headroom Fixes out of array access Fixes: case2_bad_read_yuv2rgbx32.mp4 Found-by: Michal Zalewski Signed-off-by: Michael Niedermayer --- libswscale/swscale_internal.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libswscale/swscale_internal.h b/libswscale/swscale_internal.h index 83d3a0049c..fe5ae111ba 100644 --- a/libswscale/swscale_internal.h +++ b/libswscale/swscale_internal.h @@ -37,7 +37,7 @@ #define STR(s) AV_TOSTRING(s) // AV_STRINGIFY is too long -#define YUVRGB_TABLE_HEADROOM 128 +#define YUVRGB_TABLE_HEADROOM 256 #define FAST_BGR2YV12 // use 7-bit instead of 15-bit coefficients From 45bb57e009e444639399682fde583a4379ebbda9 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 17 Dec 2014 01:31:48 +0100 Subject: [PATCH 398/452] avcodec/h264: make the first field of H264Context an AVClass Fixes use of freed memory Fixes: asan_heap-uaf_3660f67_757_cov_1257014655_Hi422FR1_SONY_A.jsv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit f3b5b139ad853b6f69c6a0b036815a60e7b3f261) Signed-off-by: Michael Niedermayer --- libavcodec/h264.h | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/h264.h b/libavcodec/h264.h index 8761a61708..1ea88ddc16 100644 --- a/libavcodec/h264.h +++ b/libavcodec/h264.h @@ -255,6 +255,7 @@ typedef struct MMCO { * H264Context */ typedef struct H264Context { + AVClass *av_class; AVCodecContext *avctx; VideoDSPContext vdsp; H264DSPContext h264dsp; From 42b7d224bc5918f495cf18a79851be6eb88598ee Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 17 Dec 2014 03:14:21 +0100 Subject: [PATCH 399/452] avcodec/indeo3: use signed variables to avoid underflow Fixes out of array read Fixes: signal_sigsegv_1b0a4da_1865_cov_2167818389_computer_anger.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 3305acdc92fa37869f160a11a87741c8a0de0454) Signed-off-by: Michael Niedermayer --- libavcodec/indeo3.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavcodec/indeo3.c b/libavcodec/indeo3.c index a94b087bed..da7dd8394b 100644 --- a/libavcodec/indeo3.c +++ b/libavcodec/indeo3.c @@ -95,7 +95,7 @@ typedef struct Indeo3DecodeContext { int16_t width, height; uint32_t frame_num; ///< current frame number (zero-based) - uint32_t data_size; ///< size of the frame data in bytes + int data_size; ///< size of the frame data in bytes uint16_t frame_flags; ///< frame properties uint8_t cb_offset; ///< needed for selecting VQ tables uint8_t buf_sel; ///< active frame buffer: 0 - primary, 1 -secondary @@ -897,7 +897,8 @@ static int decode_frame_headers(Indeo3DecodeContext *ctx, AVCodecContext *avctx, { const uint8_t *buf_ptr = buf, *bs_hdr; uint32_t frame_num, word2, check_sum, data_size; - uint32_t y_offset, u_offset, v_offset, starts[3], ends[3]; + int y_offset, u_offset, v_offset; + uint32_t starts[3], ends[3]; uint16_t height, width; int i, j; From a9c0f905aa3bd5342ffa3a0e9d54172d4c541903 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 17 Dec 2014 21:27:37 +0100 Subject: [PATCH 400/452] avcodec/h264: Clear delayed_pic on deallocation Fixes use of freed memory Fixes: case5_av_frame_copy_props.mp4 Found-by: Michal Zalewski Signed-off-by: Michael Niedermayer (cherry picked from commit e8714f6f93d1a32f4e4655209960afcf4c185214) Conflicts: libavcodec/h264.c --- libavcodec/h264.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index dbed0f0a7f..37f770e0b3 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -1043,6 +1043,7 @@ static void free_tables(H264Context *h, int free_rbsp) av_freep(&h->visualization_buffer[i]); if (free_rbsp) { + memset(h->delayed_pic, 0, sizeof(h->delayed_pic)); for (i = 0; i < h->picture_count && !h->avctx->internal->is_copy; i++) free_picture(h, &h->DPB[i]); av_freep(&h->DPB); From 96e2a4ba7402fa711efb8cf8adf4058d4748b71c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 18 Dec 2014 03:16:39 +0100 Subject: [PATCH 401/452] avcodec/h264: Check *log2_weight_denom Fixes undefined behavior Fixes: signal_sigsegv_14768d2_2248_cov_3629497219_h264_h264___pi_20070614T182942.h264 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 61296d41e2de3b41304339e4631dd44c2e15f805) Signed-off-by: Michael Niedermayer --- libavcodec/h264.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 37f770e0b3..65e53ac290 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -2432,6 +2432,16 @@ static int pred_weight_table(H264Context *h) h->luma_log2_weight_denom = get_ue_golomb(&h->gb); if (h->sps.chroma_format_idc) h->chroma_log2_weight_denom = get_ue_golomb(&h->gb); + + if (h->luma_log2_weight_denom > 7U) { + av_log(h->avctx, AV_LOG_ERROR, "luma_log2_weight_denom %d is out of range\n", h->luma_log2_weight_denom); + h->luma_log2_weight_denom = 0; + } + if (h->chroma_log2_weight_denom > 7U) { + av_log(h->avctx, AV_LOG_ERROR, "chroma_log2_weight_denom %d is out of range\n", h->chroma_log2_weight_denom); + h->chroma_log2_weight_denom = 0; + } + luma_def = 1 << h->luma_log2_weight_denom; chroma_def = 1 << h->chroma_log2_weight_denom; From c60caa5769b89ab7dc4aa41a21f87d5ee177bd30 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 18 Dec 2014 18:57:27 +0100 Subject: [PATCH 402/452] avcodec/indeo3: ensure offsets are non negative Signed-off-by: Michael Niedermayer (cherry picked from commit 368642361f3a589d7b0c23ea327d988edb434e3f) Conflicts: libavcodec/indeo3.c --- libavcodec/indeo3.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/indeo3.c b/libavcodec/indeo3.c index da7dd8394b..48f1866647 100644 --- a/libavcodec/indeo3.c +++ b/libavcodec/indeo3.c @@ -978,7 +978,8 @@ static int decode_frame_headers(Indeo3DecodeContext *ctx, AVCodecContext *avctx, ctx->y_data_size = ends[0] - starts[0]; ctx->v_data_size = ends[1] - starts[1]; ctx->u_data_size = ends[2] - starts[2]; - if (FFMAX3(y_offset, v_offset, u_offset) >= ctx->data_size - 16 || + if (FFMIN3(y_offset, v_offset, u_offset) < 0 || + FFMAX3(y_offset, v_offset, u_offset) >= ctx->data_size - 16 || FFMIN3(ctx->y_data_size, ctx->v_data_size, ctx->u_data_size) <= 0) { av_log(avctx, AV_LOG_ERROR, "One of the y/u/v offsets is invalid\n"); return AVERROR_INVALIDDATA; From 8a21620c26b856c6d781c66150ff756a9b4fe149 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 26 Nov 2014 18:16:15 +0100 Subject: [PATCH 403/452] avformat/mov: Fix memleaks for duplicate STCO/CO64/STSC atoms Also see [FFmpeg-devel] [PATCH] avformat/mov: strengthen some table allocations which contains more fixes but is unfinished Fixes: signal_sigabrt_7ffff6ac7bb9_3484_cov_1830000177_starfox2.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 1b5d11240692025f036e945bc37968735679320a) Signed-off-by: Michael Niedermayer --- libavformat/mov.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/libavformat/mov.c b/libavformat/mov.c index a1694a58cc..73ddc999b0 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -1162,6 +1162,10 @@ static int mov_read_stco(MOVContext *c, AVIOContext *pb, MOVAtom atom) if (entries >= UINT_MAX/sizeof(int64_t)) return AVERROR_INVALIDDATA; + if (sc->chunk_offsets) + av_log(c->fc, AV_LOG_WARNING, "Duplicate STCO atom\n"); + av_free(sc->chunk_offsets); + sc->chunk_count = 0; sc->chunk_offsets = av_malloc(entries * sizeof(int64_t)); if (!sc->chunk_offsets) return AVERROR(ENOMEM); @@ -1607,6 +1611,10 @@ static int mov_read_stsc(MOVContext *c, AVIOContext *pb, MOVAtom atom) return 0; if (entries >= UINT_MAX / sizeof(*sc->stsc_data)) return AVERROR_INVALIDDATA; + if (sc->stsc_data) + av_log(c->fc, AV_LOG_WARNING, "Duplicate STSC atom\n"); + av_free(sc->stsc_data); + sc->stsc_count = 0; sc->stsc_data = av_malloc(entries * sizeof(*sc->stsc_data)); if (!sc->stsc_data) return AVERROR(ENOMEM); From fa8d407c1f8fc10a614cdb3bd68a6e4e91ec2ab7 Mon Sep 17 00:00:00 2001 From: Stefano Sabatini Date: Tue, 21 Jan 2014 19:58:41 +0100 Subject: [PATCH 404/452] lavf/segment: remove duplicated and inconsistent cleanup code in seg_write_packet() In particular, avoid to leave around the seg->avf pointer to freed structure, and fix crash with: ffmpeg -f lavfi -i testsrc -c:v h264 -map 0 -f segment foo-%d.ts (cherry picked from commit 169065fbfb3da1ab776379c333aebc54bb1f1bc4) Found-by: Qinghao Tang Signed-off-by: Michael Niedermayer --- libavformat/segment.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/libavformat/segment.c b/libavformat/segment.c index 124a09fa41..f0b201b3fa 100644 --- a/libavformat/segment.c +++ b/libavformat/segment.c @@ -717,12 +717,6 @@ fail: if (pkt->stream_index == seg->reference_stream_index) seg->frame_count++; - if (ret < 0) { - if (seg->list) - avio_close(seg->list_pb); - avformat_free_context(oc); - } - return ret; } From 2dd1d0c60b069256b9e1ef31be6fdee93123631a Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 31 Dec 2014 21:41:46 +0100 Subject: [PATCH 405/452] avformat/cdxl: Fix integer overflow of image_size Signed-off-by: Michael Niedermayer (cherry picked from commit 3eb5cbe0c50d0a0bbe10bcabbd6b16d73d93c128) Signed-off-by: Michael Niedermayer --- libavformat/cdxl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/cdxl.c b/libavformat/cdxl.c index 185b745bb0..226a704650 100644 --- a/libavformat/cdxl.c +++ b/libavformat/cdxl.c @@ -127,6 +127,8 @@ static int cdxl_read_packet(AVFormatContext *s, AVPacket *pkt) height = AV_RB16(&cdxl->header[16]); palette_size = AV_RB16(&cdxl->header[20]); audio_size = AV_RB16(&cdxl->header[22]); + if (FFALIGN(width, 16) * (uint64_t)height * cdxl->header[19] > INT_MAX) + return AVERROR_INVALIDDATA; image_size = FFALIGN(width, 16) * height * cdxl->header[19] / 8; video_size = palette_size + image_size; From fd4c80177b006029c150d7bef96933d3d460ff4d Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 1 Jan 2015 18:15:16 +0100 Subject: [PATCH 406/452] avformat/flvdec: Increase string array size Fixes parsing httphostheader of Scarlatti\,\ Pieter-Jan\ Belder\ -\ Sonata\ K113\ in\ A\ major\ -\ Alle.flv Signed-off-by: Michael Niedermayer (cherry picked from commit eb767a276bfdb9a0493bdb0b38203638230b7ccb) Signed-off-by: Michael Niedermayer --- libavformat/flvdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c index 38801f2d58..f11debf64a 100644 --- a/libavformat/flvdec.c +++ b/libavformat/flvdec.c @@ -333,7 +333,7 @@ static int amf_parse_object(AVFormatContext *s, AVStream *astream, AVStream *vst FLVContext *flv = s->priv_data; AVIOContext *ioc; AMFDataType amf_type; - char str_val[256]; + char str_val[1024]; double num_val; num_val = 0; From 931f4313b2ec2e47bb34b6906ec53df6d3d45f9a Mon Sep 17 00:00:00 2001 From: wm4 Date: Mon, 5 Jan 2015 04:45:26 +0100 Subject: [PATCH 407/452] avcodec/dvdsubdec: fix out of bounds accesses The code blindly trusted buffer offsets read from the file in the RLE decoder. Explicitly check the offset. Also error out on other RLE decoding errors. Signed-off-by: Michael Niedermayer (cherry picked from commit c9151de7c42553bb145be608df8513c1287f1f24) Signed-off-by: Michael Niedermayer --- libavcodec/dvdsubdec.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/libavcodec/dvdsubdec.c b/libavcodec/dvdsubdec.c index cb268b8dfe..220063327e 100644 --- a/libavcodec/dvdsubdec.c +++ b/libavcodec/dvdsubdec.c @@ -99,6 +99,9 @@ static int decode_rle(uint8_t *bitmap, int linesize, int w, int h, int x, y, len, color; uint8_t *d; + if (start >= buf_size) + return -1; + bit_len = (buf_size - start) * 8; init_get_bits(&gb, buf + start, bit_len); @@ -340,10 +343,12 @@ static int decode_dvd_subtitles(DVDSubContext *ctx, AVSubtitle *sub_header, sub_header->rects[0] = av_mallocz(sizeof(AVSubtitleRect)); sub_header->num_rects = 1; sub_header->rects[0]->pict.data[0] = bitmap; - decode_rle(bitmap, w * 2, w, (h + 1) / 2, - buf, offset1, buf_size, is_8bit); - decode_rle(bitmap + w, w * 2, w, h / 2, - buf, offset2, buf_size, is_8bit); + if (decode_rle(bitmap, w * 2, w, (h + 1) / 2, + buf, offset1, buf_size, is_8bit) < 0) + goto fail; + if (decode_rle(bitmap + w, w * 2, w, h / 2, + buf, offset2, buf_size, is_8bit) < 0) + goto fail; sub_header->rects[0]->pict.data[1] = av_mallocz(AVPALETTE_SIZE); if (is_8bit) { if (yuv_palette == 0) From 07f634f9487615b0587cd4a1bef8f537b833384d Mon Sep 17 00:00:00 2001 From: Dale Curtis Date: Mon, 5 Jan 2015 16:19:09 -0800 Subject: [PATCH 408/452] mov: Avoid overflow with mov_metadata_raw() The code previously added 1 to len without checking its size, resulting in an overflow which can corrupt value[-1] -- which may be used to store unaligned ptr information for certain allocators. Found-by: Paul Mehta Signed-off-by: Dale Curtis Signed-off-by: Michael Niedermayer --- libavformat/mov.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/mov.c b/libavformat/mov.c index 73ddc999b0..03a36a8fa5 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -281,6 +281,9 @@ static int mov_read_covr(MOVContext *c, AVIOContext *pb, int type, int len) static int mov_metadata_raw(MOVContext *c, AVIOContext *pb, unsigned len, const char *key) { + // Check for overflow. + if (len >= INT_MAX) + return AVERROR(EINVAL); char *value = av_malloc(len + 1); if (!value) return AVERROR(ENOMEM); From b6351f9978a4188dfc5213a863b8c08308f6fec8 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 6 Jan 2015 04:29:10 +0100 Subject: [PATCH 409/452] avformat/mov: fix integer overflow in mov_read_udta_string() Found-by: Paul Mehta Signed-off-by: Michael Niedermayer (cherry picked from commit 3859868c75313e318ebc5d0d33baada62d45dd75) Signed-off-by: Michael Niedermayer --- libavformat/mov.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index 03a36a8fa5..b6449f334c 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -388,7 +388,7 @@ static int mov_read_udta_string(MOVContext *c, AVIOContext *pb, MOVAtom atom) if (!key) return 0; - if (atom.size < 0) + if (atom.size < 0 || str_size >= INT_MAX/2) return AVERROR_INVALIDDATA; str_size = FFMIN3(sizeof(str)-1, str_size, atom.size); From 54a9f64d429605b954ac8ad50a1a089e8e6c965d Mon Sep 17 00:00:00 2001 From: Dale Curtis Date: Mon, 5 Jan 2015 16:34:17 -0800 Subject: [PATCH 410/452] mov: Fix negative size calculation in mov_read_default(). The previous code assumed if an atom was marked with a 64-bit size extension, it actually had that data available. The new code verfies there's enough data in the atom for this to be done. Failure to verify causes total_size > atom.size which will result in negative size calculations later on. Found-by: Paul Mehta Signed-off-by: Dale Curtis Signed-off-by: Michael Niedermayer (cherry picked from commit 3ebd76a9c57558e284e94da367dd23b435e6a6d0) Signed-off-by: Michael Niedermayer --- libavformat/mov.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index b6449f334c..3dea13a8e0 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -2826,7 +2826,7 @@ static int mov_read_default(MOVContext *c, AVIOContext *pb, MOVAtom atom) } } total_size += 8; - if (a.size == 1) { /* 64 bit extended size */ + if (a.size == 1 && total_size + 8 <= atom.size) { /* 64 bit extended size */ a.size = avio_rb64(pb) - 8; total_size += 8; } From e81236d1a5ac4b919e5f491b8ab9e132eab8e23a Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 6 Jan 2015 12:48:38 +0100 Subject: [PATCH 411/452] avformat/matroskadec: Use av_freep() to avoid leaving stale pointers in memory Signed-off-by: Michael Niedermayer (cherry picked from commit 6e70e4aca50696040cc9256ec96e5c31d9641432) Signed-off-by: Michael Niedermayer --- libavformat/matroskadec.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index 15350713ac..aa9c90598f 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -991,7 +991,7 @@ static void ebml_free(EbmlSyntax *syntax, void *data) char *ptr = list->elem; for (j=0; jnb_elem; j++, ptr+=syntax[i].list_elem_size) ebml_free(syntax[i].def.n, ptr); - av_free(list->elem); + av_freep(&list->elem); } else ebml_free(syntax[i].def.n, data_off); default: break; @@ -1891,7 +1891,7 @@ static int matroska_deliver_packet(MatroskaDemuxContext *matroska, { if (matroska->num_packets > 0) { memcpy(pkt, matroska->packets[0], sizeof(AVPacket)); - av_free(matroska->packets[0]); + av_freep(&matroska->packets[0]); if (matroska->num_packets > 1) { void *newpackets; memmove(&matroska->packets[0], &matroska->packets[1], @@ -1921,7 +1921,7 @@ static void matroska_clear_queue(MatroskaDemuxContext *matroska) int n; for (n = 0; n < matroska->num_packets; n++) { av_free_packet(matroska->packets[n]); - av_free(matroska->packets[n]); + av_freep(&matroska->packets[n]); } av_freep(&matroska->packets); matroska->num_packets = 0; @@ -2514,7 +2514,7 @@ static int matroska_read_close(AVFormatContext *s) for (n=0; n < matroska->tracks.nb_elem; n++) if (tracks[n].type == MATROSKA_TRACK_TYPE_AUDIO) - av_free(tracks[n].audio.buf); + av_freep(&tracks[n].audio.buf); ebml_free(matroska_cluster, &matroska->current_cluster); ebml_free(matroska_segment, matroska); From 529488afa3155593af4e19a97c3085f535ab7506 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 6 Jan 2015 19:51:38 +0100 Subject: [PATCH 412/452] avformat/mov: Fix mixed declaration and statement warning Signed-off-by: Michael Niedermayer (cherry picked from commit db27f50e0658e91758e8a17fdcf390e6bc93c1d2) Signed-off-by: Michael Niedermayer --- libavformat/mov.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index 3dea13a8e0..1820ce805d 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -281,10 +281,11 @@ static int mov_read_covr(MOVContext *c, AVIOContext *pb, int type, int len) static int mov_metadata_raw(MOVContext *c, AVIOContext *pb, unsigned len, const char *key) { + char *value; // Check for overflow. if (len >= INT_MAX) return AVERROR(EINVAL); - char *value = av_malloc(len + 1); + value = av_malloc(len + 1); if (!value) return AVERROR(ENOMEM); avio_read(pb, value, len); From 5410d6d26fc603df80915a9bce863cbcd3eb1fc4 Mon Sep 17 00:00:00 2001 From: Johan Andersson Date: Sat, 3 Jan 2015 17:31:36 +0100 Subject: [PATCH 413/452] cmdutils: update copyright year to 2015. (cherry picked from commit 3e160652219ff4da433f5672ae1e5f4956abb815) Conflicts: cmdutils.c --- cmdutils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmdutils.c b/cmdutils.c index 576d810f24..c8cb2bedf2 100644 --- a/cmdutils.c +++ b/cmdutils.c @@ -65,7 +65,7 @@ struct SwsContext *sws_opts; AVDictionary *swr_opts; AVDictionary *format_opts, *codec_opts, *resample_opts; -const int this_year = 2014; +const int this_year = 2015; static FILE *report_file; From 8a3a3e3154b78c8d90d3b62c38054a959911b79f Mon Sep 17 00:00:00 2001 From: wm4 Date: Wed, 7 Jan 2015 23:57:50 +0100 Subject: [PATCH 414/452] avcodec/dvdsubdec: error on bitmaps with size 0 Attemtping to decode them could lead to invalid writes with some fuzzed samples. Signed-off-by: Michael Niedermayer (cherry picked from commit bcaa9099b3648b47060e1724a97dc98b63c83702) Signed-off-by: Michael Niedermayer --- libavcodec/dvdsubdec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/dvdsubdec.c b/libavcodec/dvdsubdec.c index 220063327e..8d67c50b5a 100644 --- a/libavcodec/dvdsubdec.c +++ b/libavcodec/dvdsubdec.c @@ -102,6 +102,9 @@ static int decode_rle(uint8_t *bitmap, int linesize, int w, int h, if (start >= buf_size) return -1; + if (w <= 0 || h <= 0) + return -1; + bit_len = (buf_size - start) * 8; init_get_bits(&gb, buf + start, bit_len); From 08fe58ef3280134bbaafef83442005d68342cac6 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 8 Jan 2015 23:02:30 +0100 Subject: [PATCH 415/452] ffmpeg: Clear error message array at init. This avoids printing uninitialized bytes if no error message is set Signed-off-by: Michael Niedermayer (cherry picked from commit 6d1a2efb8ac399a003ea7d3b6f8c641d192567ee) Signed-off-by: Michael Niedermayer --- ffmpeg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ffmpeg.c b/ffmpeg.c index 0a79e0b837..1aaf9ec469 100644 --- a/ffmpeg.c +++ b/ffmpeg.c @@ -2092,7 +2092,7 @@ static int transcode_init(void) AVCodecContext *codec; OutputStream *ost; InputStream *ist; - char error[1024]; + char error[1024] = {0}; int want_sdp = 1; /* init framerate emulation */ From b00a3bf3320645c16b312cd04b1fc2cf2934fae9 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 10 Jan 2015 03:43:54 +0100 Subject: [PATCH 416/452] avformat/movenc: workaround bug in "PathScale EKOPath(tm) Compiler Suite Version 4.0.12.1" Signed-off-by: Michael Niedermayer (cherry picked from commit 7824dc5150c0ea44ffa7cd4d57803f9a9697e7d7) Signed-off-by: Michael Niedermayer --- libavformat/movenc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/movenc.c b/libavformat/movenc.c index dd7dd52c18..81863440e3 100644 --- a/libavformat/movenc.c +++ b/libavformat/movenc.c @@ -1894,7 +1894,8 @@ static int mov_write_mvhd_tag(AVIOContext *pb, MOVMuxContext *mov) } version = max_track_len < UINT32_MAX ? 0 : 1; - (version == 1) ? avio_wb32(pb, 120) : avio_wb32(pb, 108); /* size */ + avio_wb32(pb, version == 1 ? 120 : 108); /* size */ + ffio_wfourcc(pb, "mvhd"); avio_w8(pb, version); avio_wb24(pb, 0); /* flags */ From a86cc0cc1bd2fa6a178a8cb2541283da920c3c3c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 17 Jan 2015 01:56:03 +0100 Subject: [PATCH 417/452] avcodec/flac_parser: fix handling EOF if no headers are found Fixes assertion failure Fixes Ticket4269 Signed-off-by: Michael Niedermayer (cherry picked from commit c4d85fc23c100f7a27d9bad710eb153214868e27) Signed-off-by: Michael Niedermayer --- libavcodec/flac_parser.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/flac_parser.c b/libavcodec/flac_parser.c index e2c6744d78..b731da5d53 100644 --- a/libavcodec/flac_parser.c +++ b/libavcodec/flac_parser.c @@ -655,7 +655,7 @@ static int flac_parse(AVCodecParserContext *s, AVCodecContext *avctx, handle_error: *poutbuf = NULL; *poutbuf_size = 0; - return read_end - buf; + return buf_size ? read_end - buf : 0; } static int flac_parse_init(AVCodecParserContext *c) From 71bdcd66e15a92933ad6ca9d9ad9951bf46b7bee Mon Sep 17 00:00:00 2001 From: Vittorio Giovara Date: Thu, 18 Dec 2014 20:26:57 +0100 Subject: [PATCH 418/452] opt: check memory allocation Bug-Id: CID 1257771 Signed-off-by: Michael Niedermayer --- libavutil/opt.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavutil/opt.c b/libavutil/opt.c index 4100d028c1..5b88b28384 100644 --- a/libavutil/opt.c +++ b/libavutil/opt.c @@ -149,6 +149,8 @@ static int set_string_binary(void *obj, const AVOption *o, const char *val, uint len /= 2; ptr = bin = av_malloc(len); + if (!ptr) + return AVERROR(ENOMEM); while (*val) { int a = hexchar2int(*val++); int b = hexchar2int(*val++); From 051b47dc4e084742498ec2a13599f52988aca2d0 Mon Sep 17 00:00:00 2001 From: Vittorio Giovara Date: Wed, 17 Dec 2014 16:02:07 +0100 Subject: [PATCH 419/452] swscale: check memory allocations Bug-Id: CID 1257779 (cherry picked from commit 1dd797e3c9f179f957316a0becbec048b42df8aa) Signed-off-by: Michael Niedermayer --- libswscale/yuv2rgb.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/libswscale/yuv2rgb.c b/libswscale/yuv2rgb.c index d12abda9a8..79fbb6968d 100644 --- a/libswscale/yuv2rgb.c +++ b/libswscale/yuv2rgb.c @@ -782,9 +782,13 @@ av_cold int ff_yuv2rgb_c_init_tables(SwsContext *c, const int inv_table[4], av_free(c->yuvTable); +#define ALLOC_YUV_TABLE(x) \ + c->yuvTable = av_malloc(x); \ + if (!c->yuvTable) \ + return AVERROR(ENOMEM); switch (bpp) { case 1: - c->yuvTable = av_malloc(1024); + ALLOC_YUV_TABLE(1024); y_table = c->yuvTable; yb = -(384 << 16) - oy; for (i = 0; i < 1024 - 110; i++) { @@ -799,7 +803,7 @@ av_cold int ff_yuv2rgb_c_init_tables(SwsContext *c, const int inv_table[4], rbase = isRgb ? 3 : 0; gbase = 1; bbase = isRgb ? 0 : 3; - c->yuvTable = av_malloc(1024 * 3); + ALLOC_YUV_TABLE(1024 * 3); y_table = c->yuvTable; yb = -(384 << 16) - oy; for (i = 0; i < 1024 - 110; i++) { @@ -818,7 +822,7 @@ av_cold int ff_yuv2rgb_c_init_tables(SwsContext *c, const int inv_table[4], rbase = isRgb ? 5 : 0; gbase = isRgb ? 2 : 3; bbase = isRgb ? 0 : 6; - c->yuvTable = av_malloc(1024 * 3); + ALLOC_YUV_TABLE(1024 * 3); y_table = c->yuvTable; yb = -(384 << 16) - oy; for (i = 0; i < 1024 - 38; i++) { @@ -837,7 +841,7 @@ av_cold int ff_yuv2rgb_c_init_tables(SwsContext *c, const int inv_table[4], rbase = isRgb ? 8 : 0; gbase = 4; bbase = isRgb ? 0 : 8; - c->yuvTable = av_malloc(1024 * 3 * 2); + ALLOC_YUV_TABLE(1024 * 3 * 2); y_table16 = c->yuvTable; yb = -(384 << 16) - oy; for (i = 0; i < 1024; i++) { @@ -860,7 +864,7 @@ av_cold int ff_yuv2rgb_c_init_tables(SwsContext *c, const int inv_table[4], rbase = isRgb ? bpp - 5 : 0; gbase = 5; bbase = isRgb ? 0 : (bpp - 5); - c->yuvTable = av_malloc(1024 * 3 * 2); + ALLOC_YUV_TABLE(1024 * 3 * 2); y_table16 = c->yuvTable; yb = -(384 << 16) - oy; for (i = 0; i < 1024; i++) { @@ -880,7 +884,7 @@ av_cold int ff_yuv2rgb_c_init_tables(SwsContext *c, const int inv_table[4], break; case 24: case 48: - c->yuvTable = av_malloc(1024); + ALLOC_YUV_TABLE(1024); y_table = c->yuvTable; yb = -(384 << 16) - oy; for (i = 0; i < 1024; i++) { @@ -901,7 +905,7 @@ av_cold int ff_yuv2rgb_c_init_tables(SwsContext *c, const int inv_table[4], needAlpha = CONFIG_SWSCALE_ALPHA && isALPHA(c->srcFormat); if (!needAlpha) abase = (base + 24) & 31; - c->yuvTable = av_malloc(1024 * 3 * 4); + ALLOC_YUV_TABLE(1024 * 3 * 4); y_table32 = c->yuvTable; yb = -(384 << 16) - oy; for (i = 0; i < 1024; i++) { From 237cf31a573674d015cf93d319a56b368a862ebd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Storsj=C3=B6?= Date: Wed, 17 Dec 2014 13:50:06 +0200 Subject: [PATCH 420/452] rtpdec_h263_rfc2190: Clear the stored bits if discarding buffered data If we throw away the buffered incomplete frame, make sure to also throw away the buffered bits of an incomplete byte at the same time. (cherry picked from commit df07c07b3de0a5e8890078944de1eb5cb8372ef8) Signed-off-by: Michael Niedermayer --- libavformat/rtpdec_h263_rfc2190.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavformat/rtpdec_h263_rfc2190.c b/libavformat/rtpdec_h263_rfc2190.c index 4b6e996770..d741ef0f2e 100644 --- a/libavformat/rtpdec_h263_rfc2190.c +++ b/libavformat/rtpdec_h263_rfc2190.c @@ -82,6 +82,7 @@ static int h263_handle_packet(AVFormatContext *ctx, PayloadContext *data, avio_close_dyn_buf(data->buf, &p); av_free(p); data->buf = NULL; + data->endbyte_bits = 0; } if (len < 4) { From abfa41618124b8ead869f727346d9aaecab73ca8 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 6 Dec 2014 00:18:29 +0100 Subject: [PATCH 421/452] avformat/rmdec: Check for overflow in ff_rm_read_mdpr_codecdata() Signed-off-by: Michael Niedermayer (cherry picked from commit 03abf55f252945c70f4a79eaf4d609cee4d98710) Signed-off-by: Michael Niedermayer --- libavformat/rmdec.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c index 06a327e1c1..bea0ced082 100644 --- a/libavformat/rmdec.c +++ b/libavformat/rmdec.c @@ -389,7 +389,11 @@ ff_rm_read_mdpr_codecdata (AVFormatContext *s, AVIOContext *pb, skip: /* skip codec info */ size = avio_tell(pb) - codec_pos; - avio_skip(pb, codec_data_size - size); + if (codec_data_size >= size) { + avio_skip(pb, codec_data_size - size); + } else { + av_log(s, AV_LOG_WARNING, "codec_data_size %u < size %d\n", codec_data_size, size); + } return 0; } From 9939d98b2c25048f5108997212ce0233c2aec40b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 1 Feb 2015 19:19:25 +0100 Subject: [PATCH 422/452] avformat/utils: Fix number suffixes in tb_unreliable() Signed-off-by: Michael Niedermayer (cherry picked from commit 4b15bba2aec93776bfdc69a1bca42a4795a7d191) Conflicts: libavformat/utils.c (cherry picked from commit e651a2f88c219e74c9851563e74100f7652a6005) --- libavformat/utils.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index 9dd403f9f8..3758355fb1 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -2675,8 +2675,8 @@ static int get_std_framerate(int i){ * And there are "variable" fps files this needs to detect as well. */ static int tb_unreliable(AVCodecContext *c){ - if( c->time_base.den >= 101L*c->time_base.num - || c->time_base.den < 5L*c->time_base.num + if( c->time_base.den >= 101LL*c->time_base.num + || c->time_base.den < 5LL*c->time_base.num /* || c->codec_tag == AV_RL32("DIVX") || c->codec_tag == AV_RL32("XVID")*/ || c->codec_tag == AV_RL32("mp4v") From 0e79fd1ec9259899217002993daf63d4c5b549d0 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 1 Feb 2015 19:27:00 +0100 Subject: [PATCH 423/452] swresample/dither: Cleanup number suffixes The <<31 case needs LL Signed-off-by: Michael Niedermayer (cherry picked from commit c77cc2c1766666cdb5f14daee0f75e397bf7a194) Conflicts: libswresample/dither.c --- libswresample/dither.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/libswresample/dither.c b/libswresample/dither.c index ce8581cfe7..ff082082dd 100644 --- a/libswresample/dither.c +++ b/libswresample/dither.c @@ -84,13 +84,13 @@ int swri_dither_init(SwrContext *s, enum AVSampleFormat out_fmt, enum AVSampleFo in_fmt = av_get_packed_sample_fmt( in_fmt); if(in_fmt == AV_SAMPLE_FMT_FLT || in_fmt == AV_SAMPLE_FMT_DBL){ - if(out_fmt == AV_SAMPLE_FMT_S32) scale = 1.0/(1L<<31); - if(out_fmt == AV_SAMPLE_FMT_S16) scale = 1.0/(1L<<15); - if(out_fmt == AV_SAMPLE_FMT_U8 ) scale = 1.0/(1L<< 7); + if(out_fmt == AV_SAMPLE_FMT_S32) scale = 1.0/(1LL<<31); + if(out_fmt == AV_SAMPLE_FMT_S16) scale = 1.0/(1LL<<15); + if(out_fmt == AV_SAMPLE_FMT_U8 ) scale = 1.0/(1LL<< 7); } - if(in_fmt == AV_SAMPLE_FMT_S32 && out_fmt == AV_SAMPLE_FMT_S16) scale = 1L<<16; - if(in_fmt == AV_SAMPLE_FMT_S32 && out_fmt == AV_SAMPLE_FMT_U8 ) scale = 1L<<24; - if(in_fmt == AV_SAMPLE_FMT_S16 && out_fmt == AV_SAMPLE_FMT_U8 ) scale = 1L<<8; + if(in_fmt == AV_SAMPLE_FMT_S32 && out_fmt == AV_SAMPLE_FMT_S16) scale = 1<<16; + if(in_fmt == AV_SAMPLE_FMT_S32 && out_fmt == AV_SAMPLE_FMT_U8 ) scale = 1<<24; + if(in_fmt == AV_SAMPLE_FMT_S16 && out_fmt == AV_SAMPLE_FMT_U8 ) scale = 1<<8; scale *= s->dither.scale; From ba5e66cf65f3b0180a8d3a1d8a91fbef8cbd2550 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 1 Feb 2015 19:34:52 +0100 Subject: [PATCH 424/452] avformat/matroskadec: Fix number suffixes Signed-off-by: Michael Niedermayer (cherry picked from commit fc3cdb00d084222a107e61e7168903bf3d3d0b47) Signed-off-by: Michael Niedermayer --- libavformat/matroskadec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index aa9c90598f..c90b49957b 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -1789,8 +1789,8 @@ static int matroska_read_header(AVFormatContext *s) av_reduce(&st->avg_frame_rate.num, &st->avg_frame_rate.den, 1000000000, track->default_duration, 30000); #if FF_API_R_FRAME_RATE - if ( st->avg_frame_rate.num < st->avg_frame_rate.den * 1000L - && st->avg_frame_rate.num > st->avg_frame_rate.den * 5L) + if ( st->avg_frame_rate.num < st->avg_frame_rate.den * 1000LL + && st->avg_frame_rate.num > st->avg_frame_rate.den * 5LL) st->r_frame_rate = st->avg_frame_rate; #endif } From ef3687998fb46d7d936bb6023f25c1dc324a4640 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 1 Feb 2015 19:36:13 +0100 Subject: [PATCH 425/452] avformat/smacker: Fix number suffix Signed-off-by: Michael Niedermayer (cherry picked from commit 465f3705b1ef832fd6904750d018f81f9044f3ab) Conflicts: libavformat/smacker.c --- libavformat/smacker.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/smacker.c b/libavformat/smacker.c index 84481e22a6..17fa0afaa1 100644 --- a/libavformat/smacker.c +++ b/libavformat/smacker.c @@ -309,7 +309,7 @@ static int smacker_read_packet(AVFormatContext *s, AVPacket *pkt) uint8_t *tmpbuf; size = avio_rl32(s->pb) - 4; - if(size + 4L > frame_size) + if(size + 4LL > frame_size) return AVERROR_INVALIDDATA; frame_size -= size; frame_size -= 4; From 5f2902bdc76c4f166af365b9941bc6ed9b79198d Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 1 Feb 2015 19:39:22 +0100 Subject: [PATCH 426/452] avcodec/h264_cabac: use int instead of long for mbb_xy The mb address fits in int Signed-off-by: Michael Niedermayer (cherry picked from commit 592ba6ec106206f97133c9345313010c76361e12) Signed-off-by: Michael Niedermayer --- libavcodec/h264_cabac.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h264_cabac.c b/libavcodec/h264_cabac.c index 435343c989..1f4175152d 100644 --- a/libavcodec/h264_cabac.c +++ b/libavcodec/h264_cabac.c @@ -1278,7 +1278,7 @@ void ff_h264_init_cabac_states(H264Context *h) { } static int decode_cabac_field_decoding_flag(H264Context *h) { - const long mbb_xy = h->mb_xy - 2L*h->mb_stride; + const int mbb_xy = h->mb_xy - 2*h->mb_stride; unsigned long ctx = 0; From 7881d3b2a5c3f0c2ef8cbc9aefb345d1dbaf7a37 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 1 Feb 2015 19:40:13 +0100 Subject: [PATCH 427/452] avcodec/mpegvideo_enc: Fix number suffixes in rc_buffer_size calculation Signed-off-by: Michael Niedermayer (cherry picked from commit 4531e2c489d279bfc90d54ca26ed898c5b265a7f) Signed-off-by: Michael Niedermayer --- libavcodec/mpegvideo_enc.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libavcodec/mpegvideo_enc.c b/libavcodec/mpegvideo_enc.c index a0e7a54fb1..4dc6f799d2 100644 --- a/libavcodec/mpegvideo_enc.c +++ b/libavcodec/mpegvideo_enc.c @@ -412,18 +412,18 @@ av_cold int ff_MPV_encode_init(AVCodecContext *avctx) switch(avctx->codec_id) { case AV_CODEC_ID_MPEG1VIDEO: case AV_CODEC_ID_MPEG2VIDEO: - avctx->rc_buffer_size = FFMAX(avctx->rc_max_rate, 15000000) * 112L / 15000000 * 16384; + avctx->rc_buffer_size = FFMAX(avctx->rc_max_rate, 15000000) * 112LL / 15000000 * 16384; break; case AV_CODEC_ID_MPEG4: case AV_CODEC_ID_MSMPEG4V1: case AV_CODEC_ID_MSMPEG4V2: case AV_CODEC_ID_MSMPEG4V3: if (avctx->rc_max_rate >= 15000000) { - avctx->rc_buffer_size = 320 + (avctx->rc_max_rate - 15000000L) * (760-320) / (38400000 - 15000000); + avctx->rc_buffer_size = 320 + (avctx->rc_max_rate - 15000000LL) * (760-320) / (38400000 - 15000000); } else if(avctx->rc_max_rate >= 2000000) { - avctx->rc_buffer_size = 80 + (avctx->rc_max_rate - 2000000L) * (320- 80) / (15000000 - 2000000); + avctx->rc_buffer_size = 80 + (avctx->rc_max_rate - 2000000LL) * (320- 80) / (15000000 - 2000000); } else if(avctx->rc_max_rate >= 384000) { - avctx->rc_buffer_size = 40 + (avctx->rc_max_rate - 384000L) * ( 80- 40) / ( 2000000 - 384000); + avctx->rc_buffer_size = 40 + (avctx->rc_max_rate - 384000LL) * ( 80- 40) / ( 2000000 - 384000); } else avctx->rc_buffer_size = 40; avctx->rc_buffer_size *= 16384; From 5d7320be52c37e511dec27127e3274c76f0d9f6a Mon Sep 17 00:00:00 2001 From: wm4 Date: Tue, 3 Feb 2015 14:41:10 +0100 Subject: [PATCH 428/452] avformat/tta: fix crash with corrupted files av_add_index_entry() can fail, for example because the parameters are invalid, or because memory allocation fails. Check this; it can actually happen with corrupted files. The second hunk is just for robustness. Just in case functions like ff_reduce_index() remove entries. (Not sure if this can actually happen.) Fixes ticket #4294. Reviewed-by: Paul B Mahol Signed-off-by: Michael Niedermayer (cherry picked from commit 6a0cd529a35190d9374b0b26504e71857cd67b83) Signed-off-by: Michael Niedermayer --- libavformat/tta.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/libavformat/tta.c b/libavformat/tta.c index 445389ed95..2dce38f217 100644 --- a/libavformat/tta.c +++ b/libavformat/tta.c @@ -96,8 +96,10 @@ static int tta_read_header(AVFormatContext *s) for (i = 0; i < c->totalframes; i++) { uint32_t size = avio_rl32(s->pb); - av_add_index_entry(st, framepos, i * c->frame_size, size, 0, - AVINDEX_KEYFRAME); + int r; + if ((r = av_add_index_entry(st, framepos, i * c->frame_size, size, 0, + AVINDEX_KEYFRAME)) < 0) + return r; framepos += size; } avio_skip(s->pb, 4); // seektable crc @@ -135,6 +137,11 @@ static int tta_read_packet(AVFormatContext *s, AVPacket *pkt) if (c->currentframe >= c->totalframes) return AVERROR_EOF; + if (st->nb_index_entries < c->totalframes) { + av_log(s, AV_LOG_ERROR, "Index entry disappeared\n"); + return AVERROR_INVALIDDATA; + } + size = st->index_entries[c->currentframe].size; ret = av_get_packet(s->pb, pkt, size); From bdc4abd694a3234ef76d1f41a06e940d8fc9c0ed Mon Sep 17 00:00:00 2001 From: wm4 Date: Tue, 3 Feb 2015 19:04:12 +0100 Subject: [PATCH 429/452] avformat/mpc8: fix hang with fuzzed file This can lead to an endless loop by seeking back a few bytes after each attempted chunk read. Assuming negative sizes are always invalid, this is easy to fix. Other code in this demuxer treats negative sizes as invalid as well. Fixes ticket #4262. Signed-off-by: Michael Niedermayer (cherry picked from commit 56cc024220886927350cfc26ee695062ca7ecaf4) Signed-off-by: Michael Niedermayer --- libavformat/mpc8.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavformat/mpc8.c b/libavformat/mpc8.c index 73f805711d..916639fc52 100644 --- a/libavformat/mpc8.c +++ b/libavformat/mpc8.c @@ -216,6 +216,10 @@ static int mpc8_read_header(AVFormatContext *s) while(!url_feof(pb)){ pos = avio_tell(pb); mpc8_get_chunk_header(pb, &tag, &size); + if (size < 0) { + av_log(s, AV_LOG_ERROR, "Invalid chunk length\n"); + return AVERROR_INVALIDDATA; + } if(tag == TAG_STREAMHDR) break; mpc8_handle_chunk(s, tag, pos, size); From 49dd89f9027f3def12e170bb7d986d37812eedba Mon Sep 17 00:00:00 2001 From: wm4 Date: Tue, 3 Feb 2015 19:04:11 +0100 Subject: [PATCH 430/452] avformat/mpc8: fix broken pointer math MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This could overflow and crash at least on 32 bit systems. Reviewed-by: Reimar Döffinger Signed-off-by: Michael Niedermayer (cherry picked from commit b737a2c52857b214be246ff615c6293730033cfa) Conflicts: libavformat/mpc8.c --- libavformat/mpc8.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mpc8.c b/libavformat/mpc8.c index 916639fc52..56db8076e5 100644 --- a/libavformat/mpc8.c +++ b/libavformat/mpc8.c @@ -91,7 +91,7 @@ static int mpc8_probe(AVProbeData *p) size = bs_get_v(&bs); if (size < 2) return 0; - if (bs + size - 2 >= bs_end) + if (size >= bs_end - bs + 2) return AVPROBE_SCORE_MAX / 4 - 1; //seems to be valid MPC but no header yet if (header_found) { if (size < 11 || size > 28) From 70ff376e8357cd7af909e970d35b04e6ce6833cd Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 4 Feb 2015 14:47:41 +0100 Subject: [PATCH 431/452] avformat/mpc8: Use uint64_t in *_get_v() to avoid undefined behavior Signed-off-by: Michael Niedermayer (cherry picked from commit 05e161952954acf247e0fd1fdef00559675c4d4d) Signed-off-by: Michael Niedermayer --- libavformat/mpc8.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavformat/mpc8.c b/libavformat/mpc8.c index 56db8076e5..804506fedc 100644 --- a/libavformat/mpc8.c +++ b/libavformat/mpc8.c @@ -57,7 +57,7 @@ typedef struct { static inline int64_t bs_get_v(const uint8_t **bs) { - int64_t v = 0; + uint64_t v = 0; int br = 0; int c; @@ -108,7 +108,7 @@ static int mpc8_probe(AVProbeData *p) static inline int64_t gb_get_v(GetBitContext *gb) { - int64_t v = 0; + uint64_t v = 0; int bits = 0; while(get_bits1(gb) && bits < 64-7){ v <<= 7; From 20be3ea442abafbdc4d8288a549c302a306bc63c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 4 Feb 2015 20:13:18 +0100 Subject: [PATCH 432/452] avcodec/mjpegdec: Check escape sequence validity Fixes assertion failure Fixes: asan_heap-oob_1c1a4ea_1242_cov_2274415971_TESTcmyk.jpg Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer --- libavcodec/mjpegdec.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index a2a93c1266..f04b603437 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -1631,6 +1631,10 @@ int ff_mjpeg_find_marker(MJpegDecodeContext *s, put_bits(&pb, 8, x); if (x == 0xFF) { x = src[b++]; + if (x & 0x80) { + av_log(s->avctx, AV_LOG_WARNING, "Invalid escape sequence\n"); + x &= 0x7f; + } put_bits(&pb, 7, x); bit_count--; } From fd6a9fcd427b86c0a249a8cdb33f746f33706725 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 4 Feb 2015 20:48:30 +0100 Subject: [PATCH 433/452] avcodec/mjpegdec: Check number of components for JPEG-LS Fixes out of array accesses Fixes: asan_heap-oob_1c1a4ea_1242_cov_2274415971_TESTcmyk.jpg Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit fabbfaa095660982cc0bc63242c459561fa37037) Conflicts: libavcodec/mjpegdec.c --- libavcodec/mjpegdec.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index f04b603437..fe1e5da349 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -437,9 +437,12 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s) } if (s->ls) { s->upscale_h = s->upscale_v = 0; - if (s->nb_components > 1) + if (s->nb_components == 3) { s->avctx->pix_fmt = AV_PIX_FMT_RGB24; - else if (s->bits <= 8) + } else if (s->nb_components != 1) { + av_log(s->avctx, AV_LOG_ERROR, "Unsupported number of components %d\n", s->nb_components); + return AVERROR_PATCHWELCOME; + } else if (s->bits <= 8) s->avctx->pix_fmt = AV_PIX_FMT_GRAY8; else s->avctx->pix_fmt = AV_PIX_FMT_GRAY16; From 42d9a7010f2d24e93c12c001430186d544eea591 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 5 Feb 2015 00:12:08 +0100 Subject: [PATCH 434/452] swscale/utils: Limit filter shifting so as not to read from prior the array Fixes out of array read Fixes: asan_heap-oob_1fb2f9b_3780_cov_3984375136_usf.mkv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 692b22626ec9a9585f667c124a186b1a9796e432) Signed-off-by: Michael Niedermayer --- libswscale/utils.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libswscale/utils.c b/libswscale/utils.c index 69ae7d8659..de40bf5c34 100644 --- a/libswscale/utils.c +++ b/libswscale/utils.c @@ -571,14 +571,15 @@ static int initFilter(int16_t **outFilter, int32_t **filterPos, } if ((*filterPos)[i] + filterSize > srcW) { - int shift = (*filterPos)[i] + filterSize - srcW; + int shift = (*filterPos)[i] + FFMIN(filterSize - srcW, 0); + // move filter coefficients right to compensate for filterPos for (j = filterSize - 2; j >= 0; j--) { int right = FFMIN(j + shift, filterSize - 1); filter[i * filterSize + right] += filter[i * filterSize + j]; filter[i * filterSize + j] = 0; } - (*filterPos)[i]= srcW - filterSize; + (*filterPos)[i]-= shift; } } From 3508aa142766288c87c471af4de34c204089a800 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 5 Feb 2015 03:45:21 +0100 Subject: [PATCH 435/452] avformat/thp: Check av_get_packet() for failure not only for partial output Fixes null pointer dereference Fixes: signal_sigsegv_db2c1f_3108_cov_163322880_pikmin2_opening1_partial.thp Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit f2579dbb4b31e6ae731e7f5555680528ef3020ab) Signed-off-by: Michael Niedermayer --- libavformat/thp.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/thp.c b/libavformat/thp.c index 568807d6f7..3ef9497b42 100644 --- a/libavformat/thp.c +++ b/libavformat/thp.c @@ -180,6 +180,8 @@ static int thp_read_packet(AVFormatContext *s, pkt->stream_index = thp->video_stream_index; } else { ret = av_get_packet(pb, pkt, thp->audiosize); + if (ret < 0) + return ret; if (ret != thp->audiosize) { av_free_packet(pkt); return AVERROR(EIO); From 4ef5605fc91d5e01611dde6532f8b91742af3c60 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 6 Feb 2015 04:11:56 +0100 Subject: [PATCH 436/452] avcodec/h264_ps: More completely check the bit depths Fixes out of array read Fixes: asan_static-oob_30328b6_719_cov_3325483287_H264_artifacts_motion.h264 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 69aa79365c1e8e1cb597d33e77bf1062c2ef47d4) Conflicts: libavcodec/h264_ps.c Signed-off-by: Michael Niedermayer --- libavcodec/h264_ps.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavcodec/h264_ps.c b/libavcodec/h264_ps.c index 8638ce267d..12a16c811b 100644 --- a/libavcodec/h264_ps.c +++ b/libavcodec/h264_ps.c @@ -379,7 +379,9 @@ int ff_h264_decode_seq_parameter_set(H264Context *h){ } sps->bit_depth_luma = get_ue_golomb(&h->gb) + 8; sps->bit_depth_chroma = get_ue_golomb(&h->gb) + 8; - if (sps->bit_depth_luma > 14U || sps->bit_depth_chroma > 14U || sps->bit_depth_luma != sps->bit_depth_chroma) { + if (sps->bit_depth_luma < 8 || sps->bit_depth_luma > 14 || + sps->bit_depth_chroma < 8 || sps->bit_depth_chroma > 14 || + sps->bit_depth_luma != sps->bit_depth_chroma) { av_log(h->avctx, AV_LOG_ERROR, "illegal bit depth value (%d, %d)\n", sps->bit_depth_luma, sps->bit_depth_chroma); goto fail; From 763c7533483b332bfe2064df4de43056f3935d84 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 6 Feb 2015 15:09:54 +0100 Subject: [PATCH 437/452] avcodec/h264: Be more strict on rejecting pps/sps changes Fixes race condition Fixes: signal_sigsegv_1472ac3_468_cov_2915641226_CABACI3_Sony_B.jsv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 6fafc62b0bd0e206deb77a7aabbf3a370ad80789) Conflicts: libavcodec/h264.c --- libavcodec/h264.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 65e53ac290..f4b19a011d 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -3147,6 +3147,8 @@ static int decode_slice_header(H264Context *h, H264Context *h0) int last_pic_structure, last_pic_droppable; int must_reinit; int needs_reinit = 0; + int first_slice = h == h0 && !h0->current_slice; + PPS *pps; h->me.qpel_put = h->h264qpel.put_h264_qpel_pixels_tab; h->me.qpel_avg = h->h264qpel.avg_h264_qpel_pixels_tab; @@ -3200,17 +3202,26 @@ static int decode_slice_header(H264Context *h, H264Context *h0) pps_id); return -1; } - h->pps = *h0->pps_buffers[pps_id]; - if (!h0->sps_buffers[h->pps.sps_id]) { + pps = h0->pps_buffers[pps_id]; + + if (!h0->sps_buffers[pps->sps_id]) { av_log(h->avctx, AV_LOG_ERROR, "non-existing SPS %u referenced\n", h->pps.sps_id); return -1; } + if (first_slice) + h->pps = *h0->pps_buffers[pps_id]; - if (h->pps.sps_id != h->current_sps_id || - h0->sps_buffers[h->pps.sps_id]->new) { + if (pps->sps_id != h->current_sps_id || + h0->sps_buffers[pps->sps_id]->new) { + + if (!first_slice) { + av_log(h->avctx, AV_LOG_ERROR, + "SPS changed in the middle of the frame\n"); + return AVERROR_INVALIDDATA; + } h0->sps_buffers[h->pps.sps_id]->new = 0; h->current_sps_id = h->pps.sps_id; From d9618b964b179bd4f8cb55aa95e7426f914c95fe Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 6 Feb 2015 22:14:15 +0100 Subject: [PATCH 438/452] avutil/opt: Fix types used to access AV_OPT_TYPE_PIXEL_FMT Signed-off-by: Michael Niedermayer (cherry picked from commit a0640e63463e6428b80422c89e1bfc96147ecfc6) Signed-off-by: Michael Niedermayer --- libavutil/opt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavutil/opt.c b/libavutil/opt.c index 5b88b28384..52cc7a1ec1 100644 --- a/libavutil/opt.c +++ b/libavutil/opt.c @@ -74,7 +74,7 @@ static int read_number(const AVOption *o, void *dst, double *num, int *den, int6 { switch (o->type) { case AV_OPT_TYPE_FLAGS: *intnum = *(unsigned int*)dst;return 0; - case AV_OPT_TYPE_PIXEL_FMT: + case AV_OPT_TYPE_PIXEL_FMT: *intnum = *(enum AVPixelFormat *)dst;return 0; case AV_OPT_TYPE_SAMPLE_FMT: case AV_OPT_TYPE_INT: *intnum = *(int *)dst;return 0; case AV_OPT_TYPE_INT64: *intnum = *(int64_t *)dst;return 0; @@ -97,8 +97,8 @@ static int write_number(void *obj, const AVOption *o, void *dst, double num, int } switch (o->type) { + case AV_OPT_TYPE_PIXEL_FMT: *(enum AVPixelFormat *)dst = llrint(num/den) * intnum; break; case AV_OPT_TYPE_FLAGS: - case AV_OPT_TYPE_PIXEL_FMT: case AV_OPT_TYPE_SAMPLE_FMT: case AV_OPT_TYPE_INT: *(int *)dst= llrint(num/den)*intnum; break; case AV_OPT_TYPE_INT64: *(int64_t *)dst= llrint(num/den)*intnum; break; From 5b4a79ee02177075ca0ea8d00b9771eec0daa9ea Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 6 Feb 2015 22:16:08 +0100 Subject: [PATCH 439/452] avutil/opt: Fix type used to access AV_OPT_TYPE_SAMPLE_FMT Signed-off-by: Michael Niedermayer (cherry picked from commit 1750b45cdf7498d0a05bea29cafcb26aa576d595) Signed-off-by: Michael Niedermayer --- libavutil/opt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavutil/opt.c b/libavutil/opt.c index 52cc7a1ec1..56fde73340 100644 --- a/libavutil/opt.c +++ b/libavutil/opt.c @@ -75,7 +75,7 @@ static int read_number(const AVOption *o, void *dst, double *num, int *den, int6 switch (o->type) { case AV_OPT_TYPE_FLAGS: *intnum = *(unsigned int*)dst;return 0; case AV_OPT_TYPE_PIXEL_FMT: *intnum = *(enum AVPixelFormat *)dst;return 0; - case AV_OPT_TYPE_SAMPLE_FMT: + case AV_OPT_TYPE_SAMPLE_FMT:*intnum = *(enum AVSampleFormat*)dst;return 0; case AV_OPT_TYPE_INT: *intnum = *(int *)dst;return 0; case AV_OPT_TYPE_INT64: *intnum = *(int64_t *)dst;return 0; case AV_OPT_TYPE_FLOAT: *num = *(float *)dst;return 0; @@ -98,8 +98,8 @@ static int write_number(void *obj, const AVOption *o, void *dst, double num, int switch (o->type) { case AV_OPT_TYPE_PIXEL_FMT: *(enum AVPixelFormat *)dst = llrint(num/den) * intnum; break; + case AV_OPT_TYPE_SAMPLE_FMT:*(enum AVSampleFormat*)dst = llrint(num/den) * intnum; break; case AV_OPT_TYPE_FLAGS: - case AV_OPT_TYPE_SAMPLE_FMT: case AV_OPT_TYPE_INT: *(int *)dst= llrint(num/den)*intnum; break; case AV_OPT_TYPE_INT64: *(int64_t *)dst= llrint(num/den)*intnum; break; case AV_OPT_TYPE_FLOAT: *(float *)dst= num*intnum/den; break; From 64e50b2f2a6830475224b2ec03bb88ff300067f8 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 7 Feb 2015 02:06:20 +0100 Subject: [PATCH 440/452] avcodec/h264_slice: Do not change frame_num after the first slice Fixes potential race condition Fixes: signal_sigsegv_1472ac3_468_cov_2915641226_CABACI3_Sony_B.jsv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit f906982c9411f3062e3ce68013309b37c213c4dd) Signed-off-by: Michael Niedermayer Conflicts: libavcodec/h264_slice.c --- libavcodec/h264.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index f4b19a011d..dfbab6687a 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -3148,6 +3148,7 @@ static int decode_slice_header(H264Context *h, H264Context *h0) int must_reinit; int needs_reinit = 0; int first_slice = h == h0 && !h0->current_slice; + int frame_num; PPS *pps; h->me.qpel_put = h->h264qpel.put_h264_qpel_pixels_tab; @@ -3333,7 +3334,15 @@ static int decode_slice_header(H264Context *h, H264Context *h0) init_dequant_tables(h); } - h->frame_num = get_bits(&h->gb, h->sps.log2_max_frame_num); + frame_num = get_bits(&h->gb, h->sps.log2_max_frame_num); + if (!first_slice) { + if (h0->frame_num != frame_num) { + av_log(h->avctx, AV_LOG_ERROR, "Frame num change from %d to %d\n", + h0->frame_num, frame_num); + return AVERROR_INVALIDDATA; + } + } + h->frame_num = frame_num; h->mb_mbaff = 0; h->mb_aff_frame = 0; From 4de40be5077364c8b0e25c5fa8d3fc9afbcfe94b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 7 Feb 2015 02:22:44 +0100 Subject: [PATCH 441/452] avcodec/h264_slice: Check picture structure before setting the related fields This might fix a hypothetical race condition Signed-off-by: Michael Niedermayer (cherry picked from commit f111831ed61103f9fa8fdda41473a23da016bdaa) Signed-off-by: Michael Niedermayer Conflicts: libavcodec/h264_slice.c Conflicts: libavcodec/h264.c --- libavcodec/h264.c | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index dfbab6687a..3e621041ff 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -3148,7 +3148,7 @@ static int decode_slice_header(H264Context *h, H264Context *h0) int must_reinit; int needs_reinit = 0; int first_slice = h == h0 && !h0->current_slice; - int frame_num; + int frame_num, picture_structure, droppable; PPS *pps; h->me.qpel_put = h->h264qpel.put_h264_qpel_pixels_tab; @@ -3342,37 +3342,32 @@ static int decode_slice_header(H264Context *h, H264Context *h0) return AVERROR_INVALIDDATA; } } - h->frame_num = frame_num; h->mb_mbaff = 0; h->mb_aff_frame = 0; last_pic_structure = h0->picture_structure; last_pic_droppable = h0->droppable; - h->droppable = h->nal_ref_idc == 0; + droppable = h->nal_ref_idc == 0; if (h->sps.frame_mbs_only_flag) { - h->picture_structure = PICT_FRAME; + picture_structure = PICT_FRAME; } else { if (!h->sps.direct_8x8_inference_flag && slice_type == AV_PICTURE_TYPE_B) { av_log(h->avctx, AV_LOG_ERROR, "This stream was generated by a broken encoder, invalid 8x8 inference\n"); return -1; } if (get_bits1(&h->gb)) { // field_pic_flag - h->picture_structure = PICT_TOP_FIELD + get_bits1(&h->gb); // bottom_field_flag + picture_structure = PICT_TOP_FIELD + get_bits1(&h->gb); // bottom_field_flag } else { - h->picture_structure = PICT_FRAME; + picture_structure = PICT_FRAME; h->mb_aff_frame = h->sps.mb_aff; } } - h->mb_field_decoding_flag = h->picture_structure != PICT_FRAME; - - if (h0->current_slice != 0) { - if (last_pic_structure != h->picture_structure || - last_pic_droppable != h->droppable) { + if (h0->current_slice) { + if (last_pic_structure != picture_structure || + last_pic_droppable != droppable) { av_log(h->avctx, AV_LOG_ERROR, "Changing field mode (%d -> %d) between slices is not allowed\n", last_pic_structure, h->picture_structure); - h->picture_structure = last_pic_structure; - h->droppable = last_pic_droppable; return AVERROR_INVALIDDATA; } else if (!h0->cur_pic_ptr) { av_log(h->avctx, AV_LOG_ERROR, @@ -3380,7 +3375,14 @@ static int decode_slice_header(H264Context *h, H264Context *h0) h0->current_slice + 1); return AVERROR_INVALIDDATA; } - } else { + } + + h->picture_structure = picture_structure; + h->droppable = droppable; + h->frame_num = frame_num; + h->mb_field_decoding_flag = picture_structure != PICT_FRAME; + + if (h0->current_slice == 0) { /* Shorten frame num gaps so we don't have to allocate reference * frames just to throw them away */ if (h->frame_num != h->prev_frame_num) { From ac8ef33f9a397ed6ddfe936a2bdd6866ecb211dc Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 7 Feb 2015 03:34:48 +0100 Subject: [PATCH 442/452] avcodec/h264_slice: ignore SAR changes in slices after the first Fixes race condition and null pointer dereference Fixes: signal_sigsegv_1472ac3_468_cov_2915641226_CABACI3_Sony_B.jsv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 38d5241b7f36c1571a88517a0650caade16dd5f4) Signed-off-by: Michael Niedermayer Conflicts: libavcodec/h264_slice.c --- libavcodec/h264.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 3e621041ff..533cb9e7ad 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -3254,13 +3254,15 @@ static int decode_slice_header(H264Context *h, H264Context *h0) || 16*h->sps.mb_height * (2 - h->sps.frame_mbs_only_flag) != h->avctx->coded_height || h->avctx->bits_per_raw_sample != h->sps.bit_depth_luma || h->cur_chroma_format_idc != h->sps.chroma_format_idc - || av_cmp_q(h->sps.sar, h->avctx->sample_aspect_ratio) || h->mb_width != h->sps.mb_width || h->mb_height != h->sps.mb_height * (2 - h->sps.frame_mbs_only_flag) )); if (non_j_pixfmt(h0->avctx->pix_fmt) != non_j_pixfmt(get_pixel_format(h0, 0))) must_reinit = 1; + if (first_slice && av_cmp_q(h->sps.sar, h->avctx->sample_aspect_ratio)) + must_reinit = 1; + h->mb_width = h->sps.mb_width; h->mb_height = h->sps.mb_height * (2 - h->sps.frame_mbs_only_flag); h->mb_num = h->mb_width * h->mb_height; From 7e7772c13ad8c75786f3980ad4e118158697d4db Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 11 Feb 2015 03:33:53 +0100 Subject: [PATCH 443/452] avcodec/mjpegdec: Skip blocks which are outside the visible area Fixes out of array accesses Fixes: ffmpeg_mjpeg_crash.avi Found-by: Thomas Lindroth Signed-off-by: Michael Niedermayer (cherry picked from commit 08509c8f86626815a3e9e68d600d1aacbb8df4bf) Conflicts: libavcodec/mjpegdec.c (cherry picked from commit b881a97b9977b79dfe3ce02d61542c630fe78c14) Signed-off-by: Michael Niedermayer --- libavcodec/mjpegdec.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index fe1e5da349..fa5844bac1 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -1083,13 +1083,18 @@ static int mjpeg_decode_scan(MJpegDecodeContext *s, int nb_components, int Ah, if (s->interlaced && s->bottom_field) block_offset += linesize[c] >> 1; - ptr = data[c] + block_offset; + if ( 8*(h * mb_x + x) < s->width + && 8*(v * mb_y + y) < s->height) { + ptr = data[c] + block_offset; + } else + ptr = NULL; if (!s->progressive) { - if (copy_mb) - mjpeg_copy_block(s, ptr, reference_data[c] + block_offset, - linesize[c], s->avctx->lowres); + if (copy_mb) { + if (ptr) + mjpeg_copy_block(s, ptr, reference_data[c] + block_offset, + linesize[c], s->avctx->lowres); - else { + } else { s->dsp.clear_block(s->block); if (decode_block(s, s->block, i, s->dc_index[i], s->ac_index[i], @@ -1098,7 +1103,9 @@ static int mjpeg_decode_scan(MJpegDecodeContext *s, int nb_components, int Ah, "error y=%d x=%d\n", mb_y, mb_x); return AVERROR_INVALIDDATA; } - s->dsp.idct_put(ptr, linesize[c], s->block); + if (ptr) { + s->dsp.idct_put(ptr, linesize[c], s->block); + } } } else { int block_idx = s->block_stride[c] * (v * mb_y + y) + From 2515907a45a99d3354ba0d3f29d9a59ba15f3593 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 12 Feb 2015 14:28:03 +0100 Subject: [PATCH 444/452] Update for FFmpeg 1.2.12 Signed-off-by: Michael Niedermayer --- RELEASE | 2 +- doc/Doxyfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/RELEASE b/RELEASE index c11470058f..f2ae0b4a2c 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -1.2.11 +1.2.12 diff --git a/doc/Doxyfile b/doc/Doxyfile index cb6298c478..b44cce6263 100644 --- a/doc/Doxyfile +++ b/doc/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 1.2.11 +PROJECT_NUMBER = 1.2.12 # With the PROJECT_LOGO tag one can specify an logo or icon that is included # in the documentation. The maximum height of the logo should not exceed 55 From 1218e9d73dc3ca8218ad56ce0e275116d499dd59 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 27 May 2015 04:31:30 +0200 Subject: [PATCH 445/452] avfilter/x86/vf_hqdn3d: Fix register types Fixes Ticket4301 Signed-off-by: Michael Niedermayer (cherry picked from commit 52fc3e372f8ed4de5735abed1f7f7569fe37b023) --- libavfilter/x86/vf_hqdn3d.asm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavfilter/x86/vf_hqdn3d.asm b/libavfilter/x86/vf_hqdn3d.asm index 961127e670..e3b1bdca53 100644 --- a/libavfilter/x86/vf_hqdn3d.asm +++ b/libavfilter/x86/vf_hqdn3d.asm @@ -27,8 +27,8 @@ SECTION .text %if lut_bits != 8 sar %1q, 8-lut_bits %endif - movsx %1d, word [%3q+%1q*2] - add %1d, %2d + movsx %1q, word [%3q+%1q*2] + add %1q, %2q %endmacro %macro LOAD 3 ; dstreg, x, bitdepth From 581bfd9c6f3a30a3859d2fc8b09f85ee0ccc1f25 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 9 Jun 2015 05:11:09 +0200 Subject: [PATCH 446/452] avcodec/x86/h264_weight: handle weight1=128 Fix ticket4596 Signed-off-by: Michael Niedermayer (cherry picked from commit e1009665759d4a3938dd2dd07b7e84d8bc9c5290) --- libavcodec/x86/h264_weight.asm | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/x86/h264_weight.asm b/libavcodec/x86/h264_weight.asm index 4759a063a6..f6b9d5f6ad 100644 --- a/libavcodec/x86/h264_weight.asm +++ b/libavcodec/x86/h264_weight.asm @@ -135,8 +135,11 @@ WEIGHT_FUNC_HALF_MM 8, 8 add off_regd, 1 or off_regd, 1 add r4, 1 + cmp r6d, 128 + je .nonnormal cmp r5, 128 jne .normal +.nonnormal sar r5, 1 sar r6, 1 sar off_regd, 1 From bd8d8f57e87b853176d373b2eb375031a9fb8966 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 8 Jul 2015 02:43:02 +0200 Subject: [PATCH 447/452] avformat/swfdec: Do not error out on pixel format changes Instead print an error and continue Fixes Ticket4702 Signed-off-by: Michael Niedermayer (cherry picked from commit 6a1204a1a46674084b1e6b92562f81aaab7aac69) --- libavformat/swfdec.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/libavformat/swfdec.c b/libavformat/swfdec.c index bf5b581d5d..43a82b8b0e 100644 --- a/libavformat/swfdec.c +++ b/libavformat/swfdec.c @@ -384,10 +384,8 @@ static int swf_read_packet(AVFormatContext *s, AVPacket *pkt) } if (st->codec->pix_fmt != AV_PIX_FMT_NONE && st->codec->pix_fmt != pix_fmt) { av_log(s, AV_LOG_ERROR, "pixel format change unsupported\n"); - res = AVERROR_PATCHWELCOME; - goto bitmap_end; - } - st->codec->pix_fmt = pix_fmt; + }else + st->codec->pix_fmt = pix_fmt; if (linesize * height > pkt->size) { res = AVERROR_INVALIDDATA; From 43919b69226359498936d05d97e640dec3dc0156 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 31 Jul 2015 15:54:38 +0200 Subject: [PATCH 448/452] MAINTAINERS: Remove myself as leader Signed-off-by: Michael Niedermayer (cherry picked from commit f2c58931e629343f7d68258cc2b2d62c5f501ba5) Signed-off-by: Michael Niedermayer --- MAINTAINERS | 1 - 1 file changed, 1 deletion(-) diff --git a/MAINTAINERS b/MAINTAINERS index 32efcab3a3..55d2119597 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -14,7 +14,6 @@ and related discussions. Project Leader ============== -Michael Niedermayer final design decisions From 928473a1872c1b2f364c98f674a83d7882993cc2 Mon Sep 17 00:00:00 2001 From: wm4 Date: Wed, 30 Sep 2015 14:53:35 +0200 Subject: [PATCH 449/452] avcodec/mp3: fix skipping zeros Commits 43bc5cf9 and c5371f77 add code for skipping initial zeros in mp3 packets. This code forgot to report to the user that data was skipped at all. Since audio codecs allow partial packet decoding, the user application has to rely on the return value. It will remove the data reported as consumed by the decoder, and feed it to the decoder again. This resulted in the mp3 frame after the zero region to be decoded over and over again, until the zero region was finally skipped by the application. Fix this by including the amount of skipped bytes to the number of consumed bytes returned by the decode call. Fixes trac ticket #4890. (cherry picked from commit cb1da9fb8d71bb611a7b0028914c97afc3f5711d) --- libavcodec/mpegaudiodec.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavcodec/mpegaudiodec.c b/libavcodec/mpegaudiodec.c index 0266afeb74..58c779a232 100644 --- a/libavcodec/mpegaudiodec.c +++ b/libavcodec/mpegaudiodec.c @@ -1667,9 +1667,11 @@ static int decode_frame(AVCodecContext * avctx, void *data, int *got_frame_ptr, uint32_t header; int ret; + int skipped = 0; while(buf_size && !*buf){ buf++; buf_size--; + skipped++; } if (buf_size < HEADER_SIZE) @@ -1724,7 +1726,7 @@ static int decode_frame(AVCodecContext * avctx, void *data, int *got_frame_ptr, return ret; } s->frame_size = 0; - return buf_size; + return buf_size + skipped; } static void mp_flush(MPADecodeContext *ctx) From 0cdeacf41b5473c64007cd3b0b26f763758222d3 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 15 Sep 2015 04:01:27 +0200 Subject: [PATCH 450/452] avformat/avidec: Workaround broken initial frame Fixes Ticket4851 Signed-off-by: Michael Niedermayer (cherry picked from commit 3e2ef00394b8079e93835d47c993868229f07502) Conflicts: libavformat/avidec.c --- libavformat/avidec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/avidec.c b/libavformat/avidec.c index fbbcde7dff..bf9d3f74ef 100644 --- a/libavformat/avidec.c +++ b/libavformat/avidec.c @@ -1309,7 +1309,8 @@ static int avi_read_idx1(AVFormatContext *s, int size) ast = st->priv_data; if (first_packet && first_packet_pos) { - data_offset = first_packet_pos - pos; + if (avi->movi_list + 4 != pos || pos + 500 > first_packet_pos) + data_offset = first_packet_pos - pos; first_packet = 0; } pos += data_offset; From 30c644afebb991b61dec313cc2d6a01971b60532 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 27 Aug 2015 04:08:42 +0200 Subject: [PATCH 451/452] avformat/oggenc: Check segments_count for headers too Fixes infinite loop and segfault in ogg_buffer_data() Fixes Ticket4806 Signed-off-by: Michael Niedermayer (cherry picked from commit 81a8701eb52d2b6469ae16ef442ce425388141b7) --- libavformat/oggenc.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/libavformat/oggenc.c b/libavformat/oggenc.c index 3d4519c1ac..1fb7dd54a2 100644 --- a/libavformat/oggenc.c +++ b/libavformat/oggenc.c @@ -256,7 +256,7 @@ static int ogg_buffer_data(AVFormatContext *s, AVStream *st, if (i == total_segments) page->granule = granule; - if (!header) { + { AVStream *st = s->streams[page->stream_index]; int64_t start = av_rescale_q(page->start_granule, st->time_base, @@ -264,10 +264,13 @@ static int ogg_buffer_data(AVFormatContext *s, AVStream *st, int64_t next = av_rescale_q(page->granule, st->time_base, AV_TIME_BASE_Q); - if (page->segments_count == 255 || - (ogg->pref_size > 0 && page->size >= ogg->pref_size) || - (ogg->pref_duration > 0 && next - start >= ogg->pref_duration)) { + if (page->segments_count == 255) { ogg_buffer_page(s, oggstream); + } else if (!header) { + if ((ogg->pref_size > 0 && page->size >= ogg->pref_size) || + (ogg->pref_duration > 0 && next - start >= ogg->pref_duration)) { + ogg_buffer_page(s, oggstream); + } } } } From 17788711ac4390f490d958590e218f45199950c4 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 21 Aug 2015 02:49:21 +0200 Subject: [PATCH 452/452] avcodec/h264_mp4toannexb_bsf: Reorder operations in nal_size check Fixes Ticket4778 Signed-off-by: Michael Niedermayer (cherry picked from commit 2bb54b82b5094fd906aa28c0443be08c95662a31) --- libavcodec/h264_mp4toannexb_bsf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h264_mp4toannexb_bsf.c b/libavcodec/h264_mp4toannexb_bsf.c index f9c3621d3f..82b6364fae 100644 --- a/libavcodec/h264_mp4toannexb_bsf.c +++ b/libavcodec/h264_mp4toannexb_bsf.c @@ -150,7 +150,7 @@ pps: buf += ctx->length_size; unit_type = *buf & 0x1f; - if (buf + nal_size > buf_end || nal_size < 0) + if (nal_size > buf_end - buf || nal_size < 0) goto fail; /* prepend only to the first type 5 NAL unit of an IDR picture */