Since resolution change support this also was exploitable, which is
how it was found.
Fixes read after free and out of array reads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Move some functions from dsputil. The idea is that videodsp contains
functions that are useful for a large and varied set of video decoders.
Currently, it contains emulated_edge_mc() and prefetch().
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
* commit 'f1d8763a02b5fce9a7d9789e049d74a45b15e1e8':
mpegvideo: allocate scratch buffers after linesize is known
Conflicts:
libavcodec/mpegvideo.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Since we can't know which stride a custom get_buffer() implementation is
going to use we have to allocate this scratch buffers after the linesize
is known. It was pretty safe for 8 bit per pixel pixel formats since we
always allocated memory for up to 16 bits per pixel. It broke hoever
with cmdutis.c's alloc_buffer() and high pixel bit depth since it
allocated larger edges than mpegvideo expected.
Fixes fuzzed sample nasa-8s2.ts_s244342.
* commit '6a27ae28f9bde981e85c82cf5bf42c5f43fb6f13':
mpegvideo: treat delayed pictures as used
Conflicts:
libavcodec/h264.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This requires to move the avcodec_default_free_buffers() call to
ff_MPV_common_end() since otherwise delayed pictures would get freed
during a size change.
In ISO/IEC 13818-2, bit rate is differently determined according to video type
1) MPEG1 Video
Bit_rate and vbv_delay are set to 3FFFF and FFFF respectively
to indicate variable bitrate. Other values are for constant bitrate.
VBV is only defined for constant bit rate operation.
Ths STD supersedes the VBV model for vbr.
2) MPEG2 Video
Even if the bitrate is constant, the value of bit_rate may not be the actual bitrate
since bit_rate need only be an upper bound to that actual bitrate.
VBV is only defined for variable bit rate operation.
Constant bit rate is viewed as a special case of vbr.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit '581281e242609a222233a2e5538b89dfb88fb18e':
matroskadec: check realloc in lzo encoding
matroska: honor error_recognition on unknown doctypes
tiffdec: Add support for GRAY16LE.
tiffenc: Add support for little endian RGB48 and GRAY16
mpeg4: support frame parameter changes with frame-mt
mpegvideo: check ff_find_unused_picture() return value for errors
mpegvideo: release frame buffers before freeing them
configure: msvc: default to 'lib' as 'ar' tool
build: support some non-standard ar variants
Conflicts:
libavcodec/h263dec.c
libavcodec/mpegvideo.c
libavcodec/tiff.c
libavcodec/tiffenc.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Adds a flag context_reinit to MpegEncContext to relieable keep track
of frame parameter changes which require a context reinitialization.
This is required for broken inputs which change the frame size but
error out before the context can be reinitialized.
* qatar/master:
rv34: use ff_MPV_common_frame_size_change()
mpegvideo: add reinit function for frame parameter changes
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This is mainly required for frame parameter changes during frame based
multithreading but single threaded usage profits too from avoiding
ff_MPV_common_end()/ff_MPV_common_init() cycles.
* commit 'd58dd4b5b5d31cfd4092e38a5f2c894eee2ab078':
avopt: Store defaults for AV_OPT_TYPE_FLAGS in the i64 union member
Conflicts:
libavcodec/libvpxenc.c
libavcodec/options_table.h
libavfilter/vf_drawtext.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '124134e42455763b28cc346fed1d07017a76e84e':
avopt: Store defaults for AV_OPT_TYPE_CONST in the i64 union member
Conflicts:
libavcodec/aacenc.c
libavcodec/libopenjpegenc.c
libavcodec/options_table.h
libavdevice/bktr.c
libavdevice/v4l2.c
libavdevice/x11grab.c
libavfilter/af_amix.c
libavfilter/vf_drawtext.c
libavformat/movenc.c
libavformat/options_table.h
libavutil/opt.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'a1bcc76e6036e78f25cbb7323c145056cfca9d93': (21 commits)
cmdutils: fix a memleak when specifying an option twice.
x86: mpegvideo: more sensible names for optimization file and init function
x86: mpegvideoenc: Split optimizations off into a separate file
dnxhdenc: x86: more sensible names for optimization file and init function
svq1/svq3: Move common code out of SVQ1 decoder-specific file
dirac: add Comments and references to the standard
lavr: x86: optimized 6-channel flt to fltp conversion
lavr: x86: optimized 2-channel flt to fltp conversion
lavr: x86: optimized 6-channel flt to s16p conversion
lavr: x86: optimized 2-channel flt to s16p conversion
lavr: x86: optimized 6-channel s16 to fltp conversion
lavr: x86: optimized 2-channel s16 to fltp conversion
lavr: x86: optimized 6-channel s16 to s16p conversion
lavr: x86: optimized 2-channel s16 to s16p conversion
lavr: x86: optimized 2-channel fltp to flt conversion
lavr: x86: optimized 6-channel fltp to s16 conversion
lavr: x86: optimized 2-channel fltp to s16 conversion
lavr: x86: optimized 6-channel s16p to flt conversion
lavr: x86: optimized 2-channel s16p to flt conversion
lavr: x86: optimized 6-channel s16p to s16 conversion
...
Conflicts:
libavcodec/dirac.c
libavcodec/mpegvideo.h
libavcodec/x86/Makefile
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
mpegvideo: reduce excessive inlining of mpeg_motion()
mpegvideo: convert mpegvideo_common.h to a .c file
build: factor out mpegvideo.o dependencies to CONFIG_MPEGVIDEO
Move MASK_ABS macro to libavcodec/mathops.h
x86: move MANGLE() and related macros to libavutil/x86/asm.h
x86: rename libavutil/x86_cpu.h to libavutil/x86/asm.h
aacdec: Don't fall back to the old output configuration when no old configuration is present.
rtmp: Add message tracking
rtsp: Support mpegts in raw udp packets
rtsp: Support receiving plain data over UDP without any RTP encapsulation
rtpdec: Remove an unused include
rtpenc: Remove an av_abort() that depends on user-supplied data
vsrc_movie: discourage its use with avconv.
avconv: allow no input files.
avconv: prevent invalid reads in transcode_init()
avconv: rename OutputStream.is_past_recording_time to finished.
Conflicts:
configure
doc/filters.texi
ffmpeg.c
ffmpeg.h
libavcodec/Makefile
libavcodec/aacdec.c
libavcodec/mpegvideo.c
libavformat/version.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This file defines a single, huge function, MPV_motion(), which
although being declared inline is not actually inlined by the
compiler (for good reason). There is thus no sense in defining
this function in a header file, resulting in multiple copies of
it in the final library.
Signed-off-by: Mans Rullgard <mans@mansr.com>
* qatar/master: (29 commits)
lavfi: reclassify showfiltfmts as a TESTPROG
graph2dot: fix printf format specifier
swscale: yuv2planeX 8bit >=sse2 functions need aligned stack on x86-32.
vp8: loopfilter >=sse2 functions need aligned stack on x86-32.
amr: remove shift out of the AMR_BIT() macro.
dsputilenc: group yasm and inline asm function pointer assignment.
mov: use forward declaration of a function instead of a table.
Clarify Doxygen comment for FF_API_* #defines.
configure: simplify get_version()
Create version.h headers for libraries that lack them
gitignore: Use full path instead of relative path to specify patterns
mpegvideo: remove VLAs
Add XTEA encryption support in libavutil
Add Blowfish encryption support in libavutil
eval: Add the isinf() function and tests for it
flacdec: move lpc filter to flacdsp
flacdec: split off channel decorrelation as flacdsp
avplay: Add an option for not limiting the input buffer size
FATE: add a test for WMA cover art.
FATE: add a test for apetag cover art
...
Conflicts:
.gitignore
configure
ffplay.c
libavcodec/Makefile
libavcodec/error_resilience.c
libavcodec/mpegvideo.c
libavcodec/ratecontrol.c
libavdevice/avdevice.h
libavfilter/Makefile
libavfilter/filtfmts.c
libavfilter/version.h
libavformat/mov.c
libavformat/version.h
libavutil/Makefile
libavutil/avutil.h
libavutil/version.h
libswscale/swscale.h
libswscale/x86/swscale_mmx.c
tests/fate/libavutil.mak
tests/lavfi-regression.sh
tools/graph2dot.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
The new lowres support is limited to decoders where lowres decoding
is possible in high quality.
I was not able to measure any speed difference, but if one is found
the 2-3 lines that might affect speed can be made compile time conditional
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
ARM: allow runtime masking of CPU features
dsputil: remove unused functions
mov: Treat keyframe indexes as 1-origin if starting at non-zero.
mov: Take stps entries into consideration also about key_off.
Remove lowres video decoding
Conflicts:
ffmpeg.c
ffplay.c
libavcodec/arm/vp8dsp_init_arm.c
libavcodec/libopenjpegdec.c
libavcodec/mjpegdec.c
libavcodec/mpegvideo.c
libavcodec/utils.c
libavformat/mov.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Interlaced images can have 32 references (16 per field), so limiting the
array size to 16 leads to invalid writes.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
* qatar/master:
h264: error out on invalid bitdepth.
aacsbr: use a swap index for the Y matrix rather than copy buffers.
huffyuv: do not abort on unknown pix_fmt; instead, return an error.
lcl: return negative error codes on decode_init() errors.
rtpenc: Use MB info side data for splitting H263 packets for RFC 2190
h263enc: Add an option for outputting info about MBs as side data
avpacket: Add a function for shrinking already allocated side data
nellymoserdec: Saner and faster IMDCT windowing
Conflicts:
doc/APIchanges
libavcodec/avpacket.c
libavcodec/version.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (58 commits)
amrnbdec: check frame size before decoding.
cscd: use negative error values to indicate decode_init() failures.
h264: prevent overreads in intra PCM decoding.
FATE: do not decode audio in the nuv test.
dxa: set audio stream time base using the sample rate
psx-str: do not allow seeking by bytes
asfdec: Do not set AVCodecContext.frame_size
vqf: set packet parameters after av_new_packet()
mpegaudiodec: use DSPUtil.butterflies_float().
FATE: add mp3 test for sample that exhibited false overreads
fate: add cdxl test for bit line plane arrangement
vmnc: return error on decode_init() failure.
libvorbis: add/update error messages
libvorbis: use AVFifoBuffer for output packet buffer
libvorbis: remove unneeded e_o_s check
libvorbis: check return values for functions that can return errors
libvorbis: use float input instead of s16
libvorbis: do not flush libvorbis analysis if dsp state was not initialized
libvorbis: use VBR by default, with default quality of 3
libvorbis: fix use of minrate/maxrate AVOptions
...
Conflicts:
Changelog
doc/APIchanges
libavcodec/avcodec.h
libavcodec/dpxenc.c
libavcodec/libvorbis.c
libavcodec/vmnc.c
libavformat/asfdec.c
libavformat/id3v2enc.c
libavformat/internal.h
libavformat/mp3enc.c
libavformat/utils.c
libavformat/version.h
libswscale/utils.c
tests/fate/video.mak
tests/ref/fate/nuv
tests/ref/fate/prores-alpha
tests/ref/lavf/ffm
tests/ref/vsynth1/prores
tests/ref/vsynth2/prores
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
doxy: remove reference to removed api
examples: unbreak compilation
ttadec: cosmetics: reindent
sunrast: use RLE trigger macro inplace of the hard coded value.
sunrastenc: set keyframe flag for the output packet.
mpegvideo_enc: switch to encode2().
mpegvideo_enc: force encoding delay of at least 1 frame when low_delay=0
Conflicts:
doc/examples/muxing.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
pixdesc: mark pseudopaletted formats with a special flag.
avconv: switch to avcodec_encode_video2().
libx264: implement encode2().
libx264: split extradata writing out of encode_nals().
lavc: add avcodec_encode_video2() that encodes from an AVFrame -> AVPacket
cmdutils: update copyright year to 2012.
swscale: sign-extend integer function argument to qword on x86-64.
x86inc: support yasm -f win64 flag also.
h264: manually save/restore XMM registers for functions using INIT_MMX.
x86inc: allow manual use of WIN64_SPILL_XMM.
aacdec: Use correct speaker order for 7.1.
aacdec: Remove incorrect comment.
aacdec: Simplify output configuration.
Remove Sun medialib glue code.
dsputil: set STRIDE_ALIGN to 16 for x86 also.
pngdsp: swap argument inversion.
Conflicts:
cmdutils.c
configure
doc/APIchanges
ffmpeg.c
libavcodec/aacdec.c
libavcodec/dsputil.h
libavcodec/libx264.c
libavcodec/mlib/dsputil_mlib.c
libavcodec/utils.c
libavfilter/vf_scale.c
libavutil/avutil.h
libswscale/mlib/yuv2rgb_mlib.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
mpegenc: use avctx->slices as number of slices
v410enc: fix undefined signed left shift caused by integer promotion
Release notes: mention cleaned up header includes
fix Changelog file
Fix a bunch of typos.
Drop some pointless void* return value casts from av_malloc() invocations.
wavpack: fix typos in previous cosmetic clean-up commit
wavpack: cosmetics: K&R pretty-printing
avconv: remove the 'codec framerate is different from stream' warning
wavpack: determine sample_fmt before requesting a buffer
bmv audio: implement new audio decoding API
mpegaudiodec: skip all channels when skipping granules
mpegenc: simplify muxrate calculation
Conflicts:
Changelog
avconv.c
doc/RELEASE_NOTES
libavcodec/h264.c
libavcodec/mpeg12.c
libavcodec/mpegaudiodec.c
libavcodec/mpegvideo.c
libavformat/mpegenc.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Adds a new member to MpegEncContext to hold the number of used slice
contexts. Fixes segfaults with '-threads 17 -thread_type slice' and
fate-vsynth{1,2}-mpeg{2,4}thread{,_ilace} with --disable-pthreads.
* qatar/master:
APIchanges: fill in revision for AVFrame.age deprecation
avcodec: deprecate AVFrame.age
4xm: remove unneeded check for remaining unused data.
lavf: force threads to 1 in avformat_find_stream_info()
swscale: fix overflows in vertical scaling at top/bottom edges.
lavf: add OpenMG audio muxer.
omadec: split data that will be used in the muxer to a separate file.
lavf: rename oma.c -> omadec.c
tmv decoder: set correct pix_fmt
Conflicts:
Changelog
doc/APIchanges
libavcodec/mpegvideo.c
libavcodec/version.h
libavformat/oma.c
libavformat/version.h
libswscale/swscale.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This was intended as an optimisation for skipped blocks in MPEG2
P-frames and never used elsewhere. Removing this "optimisation"
speeds up MPEG2 decoding by 1-2% (ARM Cortex-A9).
Signed-off-by: Mans Rullgard <mans@mansr.com>
* qatar/master:
ulti: Fix invalid reads
lavf: dealloc private options in av_write_trailer
yadif: support 10bit YUV
vc1: mark with ER_MB_ERROR bits overconsumption
lavc: introduce ER_MB_END and ER_MB_ERROR
error_resilience: use the ER_ namespace
build: move inclusion of subdir.mak to main subdir loop
rv34: NEON optimised 4x4 dequant
rv34: move 4x4 dequant to RV34DSPContext
aacdec: Use intfloat.h rather than local punning union.
Conflicts:
libavcodec/h264.c
libavcodec/vc1dec.c
libavfilter/vf_yadif.c
libavformat/Makefile
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This reverts commit 3fc0830432.
The revert is done because the reasoning behind the commit was
flawed, closed_gop is not mpeg1/2 specific.
Conflicts:
libavcodec/mpeg12.c
libavcodec/mpeg12.h
* qatar/master:
Move id3v2 tag writing to a separate file.
swscale: add missing colons to x86 assembly yuv2planeX.
g722: split decoder and encoder into separate files
cosmetics: remove extra spaces before end-of-statement semi-colons
vorbisdec: check output buffer size before writing output
wavpack: calculate bpp using av_get_bytes_per_sample()
ac3enc: Set max value for mode options correctly
lavc: move get_b_cbp() from h263.h to mpeg4videoenc.c
mpeg12: move closed_gop from MpegEncContext to Mpeg1Context
mpeg12: move full_pel from MpegEncContext to Mpeg1Context
mpeg12: move Mpeg1Context from mpeg12.c to mpeg12.h
mpegvideo: remove some unused variables from MpegEncContext.
Conflicts:
libavcodec/mpeg12.c
libavformat/mp3enc.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This reverts commit da22ba7df4 since it
broke slice threading. Slice threading just duplicates MpegEncContext
so every value used during mpeg_decode_slice has to be in it.
A second patch will fix the illusion that Mpeg1Context is available
in mpeg_decode_slice.
* qatar/master: (47 commits)
lavc: hide private symbols.
lavc: deprecate img_get_alpha_info().
lavc: use avpriv_ prefix for ff_toupper4.
lavc: use avpriv_ prefix for ff_copy_bits and align_put_bits.
lavc: use avpriv_ prefix for ff_ac3_parse_header.
lavc: use avpriv_ prefix for ff_frame_rate_tab.
lavc: rename ff_find_start_code to avpriv_mpv_find_start_code
lavc: use avpriv_ prefix for ff_split_xiph_headers.
lavc: use avpriv_ prefix for ff_dirac_parse_sequence_header.
lavc: use avpriv_ prefix for some dv symbols used in lavf.
lavc: use avpriv_ prefix for some flac symbols used in lavf.
lavc: use avpriv_ prefix for some mpeg4audio symbols used in lavf.
lavc: use avpriv_ prefix for some mpegaudio symbols used in lavf.
lavc: use avpriv_ prefix for ff_aac_parse_header().
lavf: hide private symbols.
lavf: use avpriv_ prefix for some dv functions.
lavf: use avpriv_ prefix for ff_new_chapter().
avcodec: add CODEC_CAP_DELAY note to avcodec_decode_audio3() documentation
avcodec: clarify the CODEC_CAP_DELAY note in avcodec_decode_video2()
avcodec: clarify documentation of CODEC_CAP_DELAY
...
Conflicts:
configure
doc/general.texi
libavcodec/Makefile
libavcodec/aacdec.c
libavcodec/allcodecs.c
libavcodec/avcodec.h
libavcodec/dv.c
libavcodec/dvdata.c
libavcodec/dvdata.h
libavcodec/libspeexenc.c
libavcodec/mpegvideo.c
libavcodec/version.h
libavformat/avidec.c
libavformat/dv.c
libavformat/dv.h
libavformat/flvenc.c
libavformat/mov.c
libavformat/mp3enc.c
libavformat/oggparsespeex.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (23 commits)
fix AC3ENC_OPT_MODE_ON/OFF
h264: fix HRD parameters parsing
prores: implement multithreading.
prores: idct sse2/sse4 optimizations.
swscale: use aligned move for storage into temporary buffer.
prores: extract idct into its own dspcontext and merge with put_pixels.
h264: fix invalid shifts in init_cavlc_level_tab()
intfloat_readwrite: fix signed addition overflows
mov: do not misreport empty stts
mov: cosmetics, fix for and if spacing
id3v2: fix NULL pointer dereference
mov: read album_artist atom
mov: fix disc/track numbers and totals
doc: fix references to obsolete presets directories for avconv/ffmpeg
flashsv: return more meaningful error value
flashsv: fix typo in av_log() message
smacker: validate channels and sample format.
smacker: check buffer size before reading output size
smacker: validate number of channels
smacker: Separate audio flags from sample rates in smacker demuxer.
...
Conflicts:
cmdutils.h
doc/ffmpeg.texi
libavcodec/Makefile
libavcodec/motion_est_template.c
libavformat/id3v2.c
libavformat/mov.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
The way this value is used, it should be an unsigned type.
While the numerical value has no meaning, unsigned wraparound
is relied upon.
Signed-off-by: Mans Rullgard <mans@mansr.com>
* qatar/master:
vp6: Reset the internal state when aborting key frames header parsing
vp56: Release old pictures after a resolution changes
vp6: Check for huffman tree build errors
vp56: Check for missing reference frame data
cinepak: Fix invalid read access on extra data
vmd: fix segfaults on corruped streams
cook: Fix js_vlc_bits value validation for joint stereo
segafilm: Check for memory allocation failures in segafilm demuxer.
segafilm: Fix potential division by 0 on corrupted streams in the demuxer
Fixed segfault on corrupted sega streams in the demuxer.
Fixed deference of NULL pointer in motionpixels decoder.
libx264: support 9- and 10-bit output.
h264: correct implicit_weight for field-interlaced pictures.
mpegvideo: set correct offset for edge emulation buffer.
mpegvideo: fix position of bottom edge.
Conflicts:
libavcodec/motionpixels.c
libavcodec/mpegvideo.c
libavcodec/version.h
libavcodec/vmdav.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket472
This may (or may not) cause problems with files that have no keyframes.
Plese open a bugreport or mail me if you have a file for which this fails.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
fifo: add FIFO API test program, and fate test
fifo: add av_fifo_peek2(), and deprecate av_fifo_peek()
postprocess.c: filter name needs to be double 0 terminated
doxygen: fix wrong comment syntax, //< vs. ///<
doxygen: drop pointless star from pointer variable names
Replace deprecated av_find_stream_info() by avformat_find_stream_info().
xmv: eliminate superfluous zeroing of zero data
configure: fix typo in avconv dependency list
Conflicts:
configure
doc/APIchanges
libavutil/Makefile
libavutil/avutil.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
