76840 Commits

Author SHA1 Message Date
Michael Niedermayer
4a9af07a49 avcodec/smacker: Check that the data size is a multiple of a sample vector
Fixes out of array access
Fixes: ce19e41f0ef1e52a23edc488faecdb58/asan_heap-oob_2504e97_4202_ffa0df1baed14022b9bfd4f8ac23d0cb.smk

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-15 15:25:51 +01:00
Andreas Cadhalpun
6a69a175e7 mpegvideo: clear overread in clear_context
Otherwise the h263p decoder can try to copy overread bytes, even though
buffer is NULL.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2015-11-15 10:26:48 +01:00
Matthieu Bouron
0cdc77f104 lavc/pngdec: set FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM capability 2015-11-15 10:13:24 +01:00
Matthieu Bouron
ad0203d7b0 lavc/mjpegdec: set FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM capability 2015-11-15 10:13:24 +01:00
Matthieu Bouron
e162542e15 lavc/internal: add FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM
The decoder extracts and fills its parameters even if the frame is
skipped due to the skip_frame setting.
2015-11-15 10:13:00 +01:00
Michael Niedermayer
5c3dee7dad avutil: Move av_rint64_clip_* to internal.h
The function is renamed to ff_rint64_clip()

This should avoid build failures on VS2012
Feel free to changes this to a different solution

Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-15 03:47:09 +01:00
Michael Niedermayer
08b520636e avcodec/takdec: Skip last p2 sample (which is unused)
Fixes out of array read
Fixes: cb3f38b08b4541523974667c7d1eee9e/asan_heap-oob_2659e18_9838_021fd5cd635bf76cede6398cd9ecbcdd.tak

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-15 01:23:25 +01:00
Michael Niedermayer
76b6f4b7d9 avcodec/dxtory: Fix input size check in dxtory_decode_v1_410()
Fixes potential out of array read

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-15 00:32:19 +01:00
Michael Niedermayer
9caa9414cc avcodec/dxtory: Fix input size check in dxtory_decode_v1_420()
Fixes out of array read
Fixes: c50c4aa6cefda71b19a31ea12302980c/asan_heap-oob_12be5fd_7011_33ebd015a74976215934add72b9c8352.avi

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-15 00:26:01 +01:00
Michael Niedermayer
a105f52855 avcodec/error_resilience: avoid accessing previous or next frames tables beyond height
The height of tables can be rounded up for MBAFF but this does not imply that is also true
for the previous frames

Fixes out of array reads
Fixes: c106b36fa36db8ff8f3ed0c82be7bea2/asan_heap-oob_32699f0_6321_467b9a1d7e03d7cfd310b7e65dc53bcc.mov

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-14 22:51:30 +01:00
Andreas Cadhalpun
603ebab8d7 dds: disable palette flag for compressed dds
Having both is not valid and can cause a NULL pointer dereference of
frame->data[1] later.

Reviewed-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2015-11-14 21:52:11 +01:00
Michael Niedermayer
ebf5264cd6 avcodec/pgssubdec: Check dimensions for 0
Fixes division by 0
Fixes: b293a6479bb4b5286cff24d356bfd955/asan_generic_225c3c9_7819_cc526b657450c6cdef1371b526499626.mkv

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-14 18:26:11 +01:00
Michael Niedermayer
ac6ab77741 avcodec/rscc: Check input size for raw mode
Fixes out of array read
Fixes: 7fcd09eadd046e326d8ea0af66f166c8/asan_heap-oob_4a52e5_2273_fa6078a10dd575df266fb1e0b4114cd5.avi

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-14 18:26:11 +01:00
Ganesh Ajjanagadde
618b3ae7d4 avcodec/simple_idct: use predefined M_SQRT2
M_SQRT2 is defined in math.h, or in avutil/mathematics.h for
compatibility hacks. This uses this value instead of a floating literal.

Fixed point values produced by C_FIX(), R_FIX() remain identical.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
2015-11-14 10:58:39 -05:00
Ganesh Ajjanagadde
11f0acf829 avcodec/mpegaudio: use predefined M_SQRT2
M_SQRT2 is defined in math.h, or in avutil/mathematics.h for
compatibility hacks. This uses this value instead of an ad-hoc define.

Fixed point values produced by FIX() remain identical.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
2015-11-14 10:58:39 -05:00
Ganesh Ajjanagadde
c5fa42c69a avcodec/mpegvideo: use predefined M_PI
M_PI is defined in math.h, or in avutil/mathematics.h for compatibility
hacks. This uses this value instead of an ad-hoc floating literal.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
2015-11-14 10:58:39 -05:00
Ganesh Ajjanagadde
f1726ad1b0 avcodec/ratecontrol: use predefined M_E
M_E is defined in math.h, or in avutil/mathematics.h for compatibility
hacks. This uses this value instead of an ad-hoc define.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
2015-11-14 10:58:39 -05:00
Michael Niedermayer
c8aaae8e0f avcodec/dpx: Move need_align to act per line
Fixes out of array read
Fixes: 61cf123c081ee2bb774d307c75bdb99e/asan_heap-oob_1224f76_5546_bee833ffae73f752b489b9eeaac52db7.dpx

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-14 16:12:15 +01:00
Hendrik Leppkes
4c8d86eb18 avformat: implement SChannel SSP TLS protocol
This implementation does not support TLS listen sockets and loading
CA/Certs from files.

The Windows API does not support loading PEM certs, and would either
require a manual loader or instead be limited to loading Windows PFX
certificates

TLS listen sockets would have to be implemented quite separately, as many
of the APIs are different for server-mode (as opposed to client mode).
2015-11-14 14:31:58 +01:00
Michael Niedermayer
17705f5d4f avcodec/flashsv: Check size before updating it
Fixes out of array read
Fixes: 3c857d4d90365731524716e6d051e43a/signal_sigsegv_7f4f59bcc29e_1386_20abd2c8e655cb9c75b24368e65fe3b1.flv

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-14 13:34:52 +01:00
Michael Niedermayer
e04126072e avcodec/ffv1dec: Clear quant_table_count if its invalid
Fixes deallocation of corrupted pointer
Fixes: 343dfbe142a38b521ed069dc4ea7c03b/signal_sigsegv_421427_4074_ffb11959610278cd40dbc153464aa254.avi
No releases affected

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-14 13:23:14 +01:00
Michael Niedermayer
ccba8aaff2 avcodec/avrndec: Use the AVFrame format instead of the context
Fixes out of array read
Fixes: 20dd01398dee0f6d83d7e5410a2ae8eb/signal_sigsegv_39eeb1f_4001_62efbdf1c60748dabf1ec310b59525fd.mov

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-14 13:06:25 +01:00
Ganesh Ajjanagadde
6f520ce1a6 avutil/common: add av_rint64_clip
The rationale for this function is reflected in the documentation for
it, and is copied here:

Clip a double value into the long long amin-amax range.
This function is needed because conversion of floating point to integers when
it does not fit in the integer's representation does not necessarily saturate
correctly (usually converted to a cvttsd2si on x86) which saturates numbers
> INT64_MAX to INT64_MIN. The standard marks such conversions as undefined
behavior, allowing this sort of mathematically bogus conversions. This provides
a safe alternative that is slower obviously but assures safety and better
mathematical behavior.
API:
@param a value to clip
@param amin minimum value of the clip range
@param amax maximum value of the clip range
@return clipped value

Note that a priori if one can guarantee from the calling side that the
double is in range, it is safe to simply do an explicit/implicit cast,
and that will be far faster. However, otherwise this function should be
used.

avutil minor version is bumped.

Reviewed-by: Ronald S. Bultje <rsbultje@gmail.com>
Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
2015-11-13 21:48:16 -05:00
Andreas Cadhalpun
0a8bff788b dds: disable palette flag for compressed images
Having both is not valid and can cause a NULL pointer dereference of
frame->data[1] later.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2015-11-14 03:40:20 +01:00
Michael Niedermayer
2fb6e1e754 segafilm: Fix current_sample after seeking and avio_seek return type
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-14 03:39:44 +01:00
Michael Niedermayer
df91aa034b avcodec/ivi: Check image dimensions
Fixes integer overflow
Fixes: 1e32c6c591d940337c20b197ec1c4d3d/asan_heap-oob_4a52e5_8946_0bb0d9e863def56005e49f1d89bdc94d.avi

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-14 02:37:12 +01:00
Michael Niedermayer
4e16ad2868 avcodec/utils: Better check for channels in av_get_audio_frame_duration()
Fixes integer overflow
Fixes: 0c2625f236ced104d402b4a03c0d65c7/asan_generic_274e1ce_5990_9314e7a67c26aecf011b178ade9f217c.avi

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-14 01:38:15 +01:00
Michael Niedermayer
44a7f17d0b avcodec/jpeg2000dec: Check for duplicate SIZ marker
Fixes: 0231a17345734228011c6f35a64e4594/asan_heap-oob_1d92a72_3218_1213809a9e3affec77e4c191fdfdc0a9.mov

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-14 00:58:54 +01:00
Martin Storsjö
62b4a6f1b9 rtmpcrypt: Provide the xtea keys in little endian format for consistency
Signed-off-by: Martin Storsjö <martin@martin.st>
2015-11-13 21:54:04 +02:00
Martin Storsjö
588b6215b4 rtmpcrypt: Do the xtea decryption in little endian mode
The XTEA algorithm operates on 32 bit numbers, not on byte sequences.
The XTEA implementation in libavutil is written assuming big endian
numbers, while the rtmpe signature encryption assumes little endian.

This fixes rtmpe communication with rtmpe servers that use signature
type 8 (XTEA), e.g. crunchyroll.

Signed-off-by: Martin Storsjö <martin@martin.st>
2015-11-13 21:53:57 +02:00
Martin Storsjö
92d107a171 xtea: Add functions for little endian mode
Signed-off-by: Martin Storsjö <martin@martin.st>
2015-11-13 21:53:54 +02:00
Martin Storsjö
1fc94724f1 xtea: Clarify that the current API works in big endian mode
Signed-off-by: Martin Storsjö <martin@martin.st>
2015-11-13 21:53:51 +02:00
Bryan Huh
d07585f04a avformat/async: Fix bug where async could not recover after seek to eof
When async issues its inner seek via ffurl_seek, it treats failures as
EOF being reached. This is not consistent with the behavior of other
protocols (e.g. http, cache) which continue to tolerate reads after
failed seeks, and therefore does not interact correctly with them.

A common pattern where this manifests itself is where avio_seek is
called with pos to be the end-of-file - the http range-request would
fail here, and async would set io_eof_reached to 1. The background
thread would then refuse to read more bytes, and subsequent reads would
only empty the fifo and end in an error.

Presumably the code may have expected subsequent seeks to unset the
io_eof_reached but this is not guaranteed to be true - a subsequent seek
that lands in the AVIOContext's buffer (the fact that the
previously-failed avio_seek leaves the AVIOContext's buffer intact also
suggests that follow-up reads are expected to be tolerated) would not be
issued to the async_seek function, and when that buffer is drained only
async_read calls would follow, leading to the same error just described.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-13 12:43:22 +01:00
Michael Niedermayer
5324109dd7 avformat/segafilm: Fix current_sample after seeking and avio_seek return type
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-12 23:37:21 +01:00
Michael Niedermayer
0106a20aea avformat/mux: Rename compute_pkt_fields2(), the name is absolutely terrible
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-12 23:06:32 +01:00
KO Myung-Hun
6248f23859 os2threads: Add pthread_once()
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-12 22:31:46 +01:00
Will Kelleher
b1a32429ef hevc: Fix a53 caption extraction
Just realized my previous patch doesn't work quite right.  I uploaded a better
sample file that actually has visible captions to /incoming/hevc_cc.ts.  I
tested with that file doing hevc->x264 and it works.

This is basically an exact copy of the existing h264 logic.

Signed-off-by: Will Kelleher <wkelleher@gogoair.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-12 13:16:25 +01:00
Matt Oliver
58d32c00be avutil/x86/intmath: Fix intrinsic header include when using newer gcc with older icc.
Signed-off-by: Matt Oliver <protogonoi@gmail.com>
2015-11-12 16:54:08 +11:00
Matt Oliver
9b9c9ef3b4 avutil/x86/bswap: Add msvc bswap instrinsics.
This adds msvc optimisations as well as fixing an error in icl whereby it will generate invalid code otherwise.

Signed-off-by: Matt Oliver <protogonoi@gmail.com>
2015-11-12 16:53:44 +11:00
Andreas Cadhalpun
7b2211bfc4 dds: add missing newline to log messages
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2015-11-12 04:39:14 +01:00
Vittorio Giovara
b5f963bfec mov: Drop dref when unable to parse
Some entries might be either empty or contain types we do not parse
(eg. 'url '). In both cases, if an 'alis' is not the first entry,
external references are not loaded, so make sure that the array starts
with an 'alis' dref.
2015-11-12 04:39:14 +01:00
Vittorio Giovara
303f931938 mov: Correctly store dref paths
Rather than reading the alternate absolute path version from dref
type 18, make sure that 0s are considered as '/'. These values are
sometimes present in the full path, and are mistakenly interpreted as
line terminators othewise.

With the correct handling of this dref type, parsing type 18 is not
needed any more.
2015-11-12 04:39:14 +01:00
Vittorio Giovara
e25cac50e0 lavc: Add missing mem.h header to libxvid and screenpresso 2015-11-12 04:39:14 +01:00
Carl Eugen Hoyos
73b0324913 aiff: Support demuxing G.722 streams 2015-11-12 04:39:14 +01:00
Paul B Mahol
5f2c8315b3 thp: set duration for audio stream too
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2015-11-12 04:39:14 +01:00
Andreas Cadhalpun
29b1752861 dds: validate compressed source buffer size
A too small buffer will cause segfaults somewhere below
decompress_texture_thread.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2015-11-12 04:39:14 +01:00
Andreas Cadhalpun
e6459c655e dds: validate source buffer size before copying
If it is too small av_image_copy_plane segfaults.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2015-11-12 04:39:14 +01:00
Martin Storsjö
1d62ee3889 movenc: Add a unit test for signaling of the track start times
Signed-off-by: Martin Storsjö <martin@martin.st>
2015-11-11 22:53:42 +02:00
Martin Storsjö
bef3b1f59f movenc: Allow setting start_dts/start_cts before writing actual packets
By writing a zero-sized packet, the caller can communicate the
start_dts/start_cts for the stream without actually writing
the first packet.

This allows doing random-access writing of fragments when the
start dts of the stream isn't zero, so that the edit list in the moov
is written based on timestamps from the nominal start time signaled
via the zero-sized packet, while the first proper packet written
corresponds to a later fragment.

To avoid potential unexpected behaviour, empty packets only set
start_dts if the frag_discont flag is set.

Signed-off-by: Martin Storsjö <martin@martin.st>
2015-11-11 22:53:31 +02:00
Martin Storsjö
3eeb7edfc2 movenc: Add a unit test for frag_discont with edit lists
This tests the case where the muxer correctly guesses that a stream
starts at pts=0.

Signed-off-by: Martin Storsjö <martin@martin.st>
2015-11-11 22:52:53 +02:00