Commit Graph

33383 Commits

Author SHA1 Message Date
Mans Rullgard
58b2e0f0f2 vqavideo: return error if image size is not a multiple of block size
The decoder assumes in various places that the image size
is a multiple of the block size, and there is no obvious
way to support odd sizes.  Bailing out early if the header
specifies a bad size avoids various errors later on.

Fixes CVE-2012-0947.

Signed-off-by: Mans Rullgard <mans@mansr.com>
2012-05-03 21:40:19 +01:00
Justin Ruggles
e5356ebf22 cosmetics: indentation 2012-05-03 16:28:08 -04:00
Justin Ruggles
8916f1fbcb avformat: only fill-in interpolated timestamps if duration is non-zero
This avoids returning duplicate timestamps for multiple packets when the
demuxer does not provide all timestamps and packet duration is not known.
2012-05-03 16:28:08 -04:00
Justin Ruggles
ff499157a1 avformat: remove a workaround for broken timestamps
This modifies pts in situations other than what was intended, leading to
invalid timestamps.

Reverts commit 90bb394dcc
2012-05-03 16:28:08 -04:00
Hendrik Leppkes
1d4a01474d mpeg12: fixed parsing in some mpeg2 streams
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2012-05-03 12:15:52 -04:00
Hendrik Leppkes
ca93f0fa36 Add SMPTE240M transfer characteristics flag.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2012-05-03 12:15:02 -04:00
Joakim Plate
68b9ed8391 mpegts: Some additional HDMV types and reg descriptors for mpegts
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2012-05-03 12:13:28 -04:00
Alex Converse
b5da848fac motionpixels: Clip YUV values after applying a gradient.
Prevents illegal reads on truncated and malformed input.

CC: libav-stable@libav.org
2012-05-02 13:06:09 -07:00
Ronald S. Bultje
5eec5a79da jpeg: handle progressive in second field of interlaced.
Progressive data is allocated later in decode_sof(), not allocating
that data leads to NULL dereferences.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-05-02 10:29:51 -07:00
Michael Niedermayer
1f05dcbad2 ituh263dec: Implement enough of Annex O (scalability) to fix a FPE.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-05-02 10:26:05 -07:00
Ronald S. Bultje
2d22d4307d h263: more strictly forbid frame size changes with frame-mt.
Prevents crashes because the old check was incomplete.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-05-02 10:21:34 -07:00
Ronald S. Bultje
732f9fcfe5 h264: additional protection against unsupported size/bitdepth changes.
Fixes crashes in codepaths not covered by original checks.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-05-02 10:19:37 -07:00
Ronald S. Bultje
ac80b812cd tta: prevents overflows for 32bit integers in header.
This prevents sample_rate/data_length from going negative, which
caused various crashes and undefined behaviour further down.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-05-02 10:16:57 -07:00
Ronald S. Bultje
77cfb2563c configure: remove malloc_aligned.
It was to signal that allocations are 16-byte aligned, but AVX requires
32-byte alignment, thus the check is no longer useful (and causes
crashes).
2012-05-02 09:57:12 -07:00
Ronald S. Bultje
82a0497cf3 vp8: update frame size changes on thread context switches.
This properly synchronizes frame size changes between threads if
subsequent threads abort decoding before frame size is initialized, i.e.
it prevents the thread after that from ping-ponging back to the original
value.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
2012-05-02 09:57:12 -07:00
Ronald S. Bultje
bec207f9f9 snowdsp: explicitily state instruction size.
Fixes a compile error with clang at -O0.
2012-05-02 09:57:12 -07:00
Kostya Shishkov
0e23b50821 wmall: fix reconstructing audio with uncoded channels 2012-05-02 18:46:11 +02:00
Mashiat Sarker Shakkhar
c8370e6e35 WMAL cosmetics: fix indentation
Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>
2012-05-02 18:45:29 +02:00
Joakim Plate
f1aa859728 gitignore: add Win32 library suffixes
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2012-05-02 12:38:22 -04:00
Mans Rullgard
ababec7b95 arm: intreadwrite: disable inline asm for gcc 4.7 and later
Starting with version 4.7, gcc properly supports unaligned
memory accesses on ARM.  Not using the inline asm with these
compilers results in better code.

Signed-off-by: Mans Rullgard <mans@mansr.com>
2012-05-02 17:26:39 +01:00
Mans Rullgard
adebad07e0 arm: intreadwrite: fix inline asm constraints for gcc 4.6 and later
With a dereferenced type-cast pointer as memory operand, gcc 4.6
and later will sometimes copy the data to a temporary location,
the address of which is used as the operand value, if it thinks
the target address might be misaligned.  Using a pointer to a
packed struct type instead does the right thing.

The 16-bit case is special since the ldrh instruction addressing
modes are limited compared to ldr.  The "Uq" constraint produces a
memory reference suitable for an ldrsb instruction, which supports
the same addressing modes as ldrh.  However, the restrictions appear
to apply only when the operand addresses a single byte.  The memory
reference must thus be split into two operands each targeting one
byte.  Finally, the "Uq" constraint is only available in ARM mode.
The Thumb-2 ldrh instruction supports most addressing modes so the
normal "m" constraint can be used there.

Signed-off-by: Mans Rullgard <mans@mansr.com>
2012-05-02 17:26:38 +01:00
Hendrik Leppkes
4b7fa553a9 indeo3: fix motion vector validation
The index of the motion vector has to be checked before being
multiplied by 2 for the array index.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2012-05-01 21:14:18 -04:00
Hendrik Leppkes
ff80c68264 pcm_bluray: set bits_per_raw_sample for > 16-bit
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2012-05-01 20:59:09 -04:00
Mans Rullgard
4bf2e7c5f1 twinvq: fix out of bounds array access
ModeTab.fmode has only 3 elements, so indexing it with ftype
in the initialier for 'size' is invalid when ftype == FT_PPC.

This fixes crashes with gcc 4.8.

Signed-off-by: Mans Rullgard <mans@mansr.com>
2012-05-01 20:17:07 +01:00
Justin Ruggles
4010d724e1 lavr: use 8.8 instead of 10.6 as the 16-bit fixed-point mixing coeff type 2012-05-01 13:52:59 -04:00
Justin Ruggles
f1ffb01ee9 avplay: use libavresample for sample format conversion and channel mixing
SDL only supports s16 sample format and a limited number of channel layouts.
Some versions of SDL on some systems support 4-channel and 6-channel output,
but it's safer overall to downmix any layout with more than 2 channels to
stereo.
2012-05-01 13:38:23 -04:00
Reimar Döffinger
e5b7d7773a Fix compilation with YASM/NASM without AVX support.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
2012-05-01 13:37:25 -04:00
Jakub Stachowski
035a394eac WMAL: do not output last frame again if nothing was decoded in current packet
Reviewed-by: Mashiat Sarker Shakkhar <mashiat.sarker@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>
2012-05-01 14:34:03 +02:00
Mashiat Sarker Shakkhar
f92f452378 WMAL: do not start decoding if frame does not end in current packet
This fixes decoding of frames which span more than two packets. Tested with
recit24.wma.

Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>
2012-05-01 14:33:31 +02:00
Mans Rullgard
a812ed003f adpcm-thp: fix invalid array indexing
Indexing outside array limits is invalid and breaks with gcc 4.8.

Signed-off-by: Mans Rullgard <mans@mansr.com>
2012-05-01 00:21:30 +01:00
Mans Rullgard
c81d1e2390 ppc: add const where needed in scalarproduct_int16_altivec()
Signed-off-by: Mans Rullgard <mans@mansr.com>
2012-05-01 00:21:30 +01:00
Mans Rullgard
ce82dad7eb ppc: remove shift parameter from scalarproduct_int16_altivec()
The shift parameter was removed from this interface in 7e1ce6a.
This updates the Altivec implementation to match.

Signed-off-by: Mans Rullgard <mans@mansr.com>
2012-05-01 00:21:30 +01:00
Mans Rullgard
4c387c7070 ppc: dsputil: do unaligned block accesses correctly
To load unaligned vector data in the usual way, explicit vec_ld()
should be used rather than dereferencing a pointer to a vector type.
When the VSX extension is enabled, gcc may compile vector pointer
dereferences using the VSX lxvw4x instruction instead of the lvx
instruction typically used with Altivec/VMX.  As the behaviour of
these instructions with unaligned addresses differs, it is important
that only lvx is used here.

Signed-off-by: Mans Rullgard <mans@mansr.com>
2012-05-01 00:21:30 +01:00
Mans Rullgard
c75eca9d37 dvenc: do not call dsputil functions with stride not a multiple of 16
Allowing dsputil functions to assume the stride is a multiple of 16
even for smaller block sizes can simplify their implementation.
This appears to be the only place this guarantee is not met.

Signed-off-by: Mans Rullgard <mans@mansr.com>
2012-05-01 00:21:30 +01:00
Justin Ruggles
f7ff099997 APIchanges: fill in some dates and commit hashes 2012-04-30 13:51:41 -04:00
Luca Barbato
0ca4642ec5 mkv: mark corrupted packets and return them
Do return error if memory allocation or I/O fails.
2012-04-29 20:22:09 -07:00
Luca Barbato
721af294d9 mkv: forward EMBL block data error
Do not return 0 on error.
2012-04-29 20:22:09 -07:00
Hendrik Leppkes
85395ba73f avcodec: introduce YCoCg colorspace
Non perceptual color model that aims to have an increase effectiveness
in compression like the normal YCbCr while having near-lossless/lossless
mapping to RGB.

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2012-04-29 14:00:34 -07:00
Luca Barbato
ccc2dfbcdf avcodec: cosmetic cleanup on header
Apply coding style to the structs.
2012-04-29 13:30:40 -07:00
Ronald S. Bultje
b12bf03275 aac sbr: align struct member by 32 byte.
Required because it's used in a call to imdct_half(), which is an AVX
function.

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2012-04-29 13:49:39 -04:00
Mans Rullgard
acb2c79c21 4xm: fix invalid array indexing
Indexing outside arrays is invalid and breaks with gcc 4.8.

Signed-off-by: Mans Rullgard <mans@mansr.com>
2012-04-29 01:08:37 +01:00
Christophe GISQUET
7fb8b491e5 rv34dsp: factorize a multiplication in the noround inverse transform
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-04-28 11:16:07 -07:00
Christophe Gisquet
d834ab0f2a rv40: perform bitwise checks in loop filter
Down from 95 kcycles to 93 (including all called functions).

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-04-28 11:12:38 -07:00
Ronald S. Bultje
774b681b80 rv34: remove inline keyword from rv34_decode_block().
Force-inlining increases object size by 8kB and causes a 2% slowdown.
2012-04-28 11:10:57 -07:00
Christophe Gisquet
0195ab5f5f rv40: change a logical test into a bitwise one.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-04-28 11:09:32 -07:00
Christophe Gisquet
8802799991 rv34: remove constant parameter
is_block2 was always 0, so just remove it, and change accordingly the code.

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-04-28 11:07:50 -07:00
Christophe Gisquet
34e1b07546 rv40: don't always do the full prev_type search
120->100 cycles.

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-04-28 11:06:05 -07:00
Christophe GISQUET
e75d1d4f73 dsputil x86: revert a test back to its previous value
Commit 356ee8d caused the initial inversion.

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-04-28 11:00:51 -07:00
Christophe Gisquet
fe5ed69dc7 rv34dsp x86: implement MMX2 inverse transform
141 cycles down to 51.

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-04-28 10:58:47 -07:00
Roland Scheidegger
9b9df1cdff h264: new assembly version of get_cabac for x86_64 with PIC
This adds a hand-optimized assembly version for get_cabac much like the
existing one, but it works if the table offsets are RIP-relative.
Compared to the non-RIP-relative version this adds 2 lea instructions
and it needs one extra register. get_cabac() gets about 40% faster, for
an overall speedup of about 5%.

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-04-28 09:43:25 -07:00