Commit Graph

36707 Commits

Author SHA1 Message Date
Alex Converse
4274e481c0 mov: Support MOV_CH_LAYOUT_USE_DESCRIPTIONS for labeled descriptions. 2012-01-05 10:34:06 -08:00
Aneesh Dogra
9b55b4bb3a 4xm: Prevent buffer overreads.
4xm decoder while decoding i2 frames can overread the buffer if proper checks
are not made.

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-01-05 09:37:16 -08:00
Janne Grunau
e268a352af mjpegdec: parse RSTn to prevent skipping other data in mjpeg_decode_scan
Check explicitly if enough bits are left to prevent an infinite loop
when the bitstream buffer is not followed by zero-padding.

Based on patches by Michael Niedermayer <michaelni@gmx.at>.
2012-01-05 18:20:35 +01:00
Janne Grunau
5e5cde2745 vp3: add fate test for non-zero last coefficient 2012-01-05 18:18:08 +01:00
Janne Grunau
9b4767e478 vp3: fix streams with non-zero last coefficient
Fixes a regression introduced in 8b94df0f20.
2012-01-05 18:18:08 +01:00
Ronald S. Bultje
2ba65879b5 swscale: remove unused U/V arguments from yuv2rgb_write().
Also document the function somewhat.
2012-01-05 07:17:01 -08:00
Diego Biurrun
dff4af448d timer: K&R formatting cosmetics 2012-01-05 14:48:30 +01:00
Anton Khirnov
f9b9dd8740 lavf: cosmetics, reformat av_read_frame(). 2012-01-05 14:34:28 +01:00
Anton Khirnov
6450599e22 lavf: refactor av_read_frame() to make it easier to understand. 2012-01-05 14:34:13 +01:00
Oana Stratulat
7f09791d28 Report an error if pitch_lag is zero in AMR-NB decoder.
This fixes an infinite loop in the decoder on specially
crafted files, and fixes bug 151.

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-01-04 21:33:14 -08:00
Ronald S. Bultje
3fa646e859 Revert "4xm: Prevent buffer overreads."
This reverts commit 295a7c0238. The
patch breaks decoding of regular files (e.g. fate-4xm-2).
2012-01-04 21:27:31 -08:00
Aneesh Dogra
295a7c0238 4xm: Prevent buffer overreads.
4xm decoder while decoding i2 frames can overread the buffer if proper checks
are not made.

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-01-04 21:15:50 -08:00
Aneesh Dogra
4b84f68223 4xm: pass the correct remaining buffer size to decode_i2_frame().
frame_size is the number of bytes left in the packet, so if we are passing
buf-4 we can safely read frame_size+4 bytes.

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-01-04 21:10:11 -08:00
Aneesh Dogra
893f137679 4xm: fix calculation of the next output line position in decode_i2_frame().
The current code doesn't work unless width is an exact multiple of 16.

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-01-04 21:09:22 -08:00
Michael Niedermayer
7f83db3124 Merge remote-tracking branch 'qatar/master'
* qatar/master: (46 commits)
  mtv: Make sure audio_subsegments is not 0
  v4l2: use V4L2_FMT_FLAG_EMULATED only if it is defined
  avconv: add symbolic names for -vsync parameters
  flvdec: Fix compiler warning for uninitialized variables
  rtsp: Fix compiler warning for uninitialized variable
  ulti: convert to new bytestream API.
  swscale: Use standard multiple inclusion guards in ppc/ header files.
  Place some START_TIMER invocations in separate blocks.
  v4l2: list available formats
  v4l2: set the proper codec_tag
  v4l2: refactor device_open
  v4l2: simplify away io_method
  v4l2: cosmetics
  v4l2: uniform and format options
  v4l2: do not force interlaced mode
  avio: exit early in fill_buffer without read_packet
  vc1dec: fix invalid memory access for small video dimensions
  rv34: fix invalid memory access for small video dimensions
  rv34: joint coefficient decoding and dequantization
  avplay: Don't call avio_set_interrupt_cb(NULL)
  ...

Conflicts:
	Changelog
	avconv.c
	doc/APIchanges
	doc/indevs.texi
	libavcodec/adxenc.c
	libavcodec/dnxhdenc.c
	libavcodec/h264.c
	libavdevice/v4l2.c
	libavformat/flvdec.c
	libavformat/mtv.c
	libswscale/utils.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-05 02:03:12 +01:00
Michael Niedermayer
c4eec85a1f Revert "rmdec: Avoid allocating huge packets"
This reverts commit 66f71f3b5e.

This causes regressions with RDT.
2012-01-05 00:51:12 +01:00
Michael Niedermayer
ad8e3304f7 lavf: use avg_frame_rate and packet number to exit find_stream_info
qatar does this too but clobbers the AVPacket.duration by approximate
values.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-05 00:49:45 +01:00
Michael Niedermayer
1171d938af lavf: revert commit bb99ae3ae9
Author: Michael Niedermayer <michaelni@gmx.at>
	Date:   Thu Nov 3 22:38:10 2011 +0100

	    lavf: fix null pointer dereference in rdt

	    Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

This is no longer needed and causes various problems with RTSP

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-05 00:23:24 +01:00
Shitiz Garg
feb15cee5e mtv: Make sure audio_subsegments is not 0
audio_subsegments would be 0 and cause floating point exceptions
Fixes bugzilla #144

Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
2012-01-04 17:47:19 -05:00
Michael Niedermayer
ff7f198d7f vorbis: make sure ch is non zero before calling vorbis_residue_decode
This possibly makes part of the CVE-2011-3895 fix unneeded.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-04 21:58:08 +01:00
Chris Evans
f74ce3a60d vorbis: An additional defense in the Vorbis codec.
BUG=101458
Review URL: http://codereview.chromium.org/8414025

Fixes second part of CVE-2011-3895

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-04 21:58:08 +01:00
Chris Evans
68226ed9ec vorbis: Fix decoder bug.
BUG=101458
Review URL: http://codereview.chromium.org/8413019

This fixes part of 2011-3895

bigned-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-04 21:58:08 +01:00
Michael Niedermayer
405e99bdfd vorbisdec: Make sure blocksize is not set to an invalid value.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-04 21:58:08 +01:00
Michael Niedermayer
6fcf2bb8af vorbis: Fix last quarter of CVE-2011-3893
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-04 21:58:08 +01:00
Chris Evans
7149fce2ca ogg: Avoid the possibility to read out-of-bounds of a static global array in Vorbis
decoding.

BUG=100543
Review URL: http://codereview.chromium.org/8365014
This fixes 25% of CVE-2011-3893

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-04 21:58:08 +01:00
Chris Evans
f35e037c93 mkv: Fix a bug where a pointer was cached to an array that might later move due to
a realloc()

BUG=100492
Review URL: http://codereview.chromium.org/8366004
Fixes: 1 of 2 for CVE-2011-3893

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-04 21:58:08 +01:00
Janne Grunau
f13a9ca906 v4l2: use V4L2_FMT_FLAG_EMULATED only if it is defined
V4L2_FMT_FLAG_EMULATED was added in 2.6.32.
2012-01-04 21:34:29 +01:00
Anton Khirnov
e8c04f6240 avconv: add symbolic names for -vsync parameters 2012-01-04 21:25:25 +01:00
Jean First
2df73eefb4 flvdec: Fix compiler warning for uninitialized variables
These can't be used uninitialized in practice, but the
compiler doesn't realize it.

Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-04 22:15:47 +02:00
Jean First
4be386b318 rtsp: Fix compiler warning for uninitialized variable
This one won't ever be used uninitialized in practice, but
the compiler doesn't realize it.

Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-04 22:15:42 +02:00
Philippe Saint-Pierre
f0f2babca2 Fix possible infinite loop decoding als.
Reviewed-by: Thilo Borgmann
2012-01-04 21:00:06 +01:00
Ronald S. Bultje
89d26797f5 ulti: convert to new bytestream API. 2012-01-04 10:57:37 -08:00
Andrew Ryan
4452d58c72 Insert missing newline at end of error log message in mov demuxer. 2012-01-04 19:49:21 +01:00
Carl Eugen Hoyos
84ce58faf5 Replace deprecated FF_I_TYPE with AV_PICTURE_TYPE_I in v308 and yuv4.
Found-by: Paul B Mahol
2012-01-04 19:45:46 +01:00
Diego Biurrun
3d72a6f19e swscale: Use standard multiple inclusion guards in ppc/ header files. 2012-01-04 16:39:37 +01:00
Carl Eugen Hoyos
17edc370b2 yuv4 libquicktime packed 4:2:0 encoder and decoder.
Reviewed-by: Derek Buitenhuis
Reviewed-by: Paul B Mahol
2012-01-04 15:37:59 +01:00
Carl Eugen Hoyos
2754514787 v308 Quicktim Uncompressed 4:4:4 encoder and decoder.
Reviewed-by: Derek Buitenhuis
Reviewed-by: Paul B Mahol
2012-01-04 15:37:59 +01:00
Carl Eugen Hoyos
64e4f4836a Add decoder for Avid 1:1 10-bit RGB Packer (AVrp).
Fixes ticket #525.

Reviewed-by: Paul B Mahol
2012-01-04 15:37:58 +01:00
Diego Biurrun
00a1cdd264 Place some START_TIMER invocations in separate blocks.
This fixes compilation failures related to START_TIMER/STOP_TIMER macros and
-Werror=declaration-after-statement.  START_TIMER declares variables and thus
may not be placed after statements outside of a new block.
2012-01-04 15:05:49 +01:00
Clément Bœsch
dc7ad85c40 doc: use @command{} for commands. 2012-01-04 13:21:08 +01:00
Clément Bœsch
837126568c doc: use @code{} for --{enable,disable}-options. 2012-01-04 13:21:08 +01:00
Luca Barbato
a6a4793d04 v4l2: list available formats
Make use of the experimental framesize enumeration ioctl if available.
2012-01-04 13:10:20 +01:00
Luca Barbato
cd2bbad303 v4l2: set the proper codec_tag
Unbreak direct streamcopy.
2012-01-04 13:10:20 +01:00
Luca Barbato
eb89b4fc09 v4l2: refactor device_open
Check capabilities directly in the function, further simplify the code.
2012-01-04 13:10:20 +01:00
Luca Barbato
246007d370 v4l2: simplify away io_method
Only mmap is supported.
2012-01-04 13:10:20 +01:00
Luca Barbato
a896d7f45a v4l2: cosmetics 2012-01-04 13:10:20 +01:00
Luca Barbato
21aa6ae4fb v4l2: uniform and format options 2012-01-04 13:10:20 +01:00
Luca Barbato
af7123b2ad v4l2: do not force interlaced mode
Video4linux2 supports both interlaced and non-interlaced mode, do not
ask for interlaced if not necessary.
2012-01-04 13:10:20 +01:00
Janne Grunau
a2d1d21629 avio: exit early in fill_buffer without read_packet
Fixes an invalid free() with ass in avi. The sample in bug 98 passes
parts of AVPacket.data as buffer for the AVIOContext. Since the packet
is quite large fill_buffer tries to reallocate the buffer before doing
nothing. Fixes bug 98.
2012-01-04 11:18:24 +01:00
John Brooks
d209c27b09 vc1dec: fix invalid memory access for small video dimensions
For small video dimensions, these calculations of the upper bound
for pixel access may have a negative result. Using an unsigned
comparison to bound a potentially negative value only works if
the greater operand is non-negative. Fixed by doing edge emulation
when the upper bound is probably negative, everywhere that this
pattern appears.

Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>
2012-01-04 10:35:26 +01:00