The ogg decoder wasn't padding the input buffer with the appropriate
FF_INPUT_BUFFER_PADDING_SIZE bytes. Which led to uninitialized reads in
various pieces of parsing code when they thought they had more data than
they actually did.
Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
We slightly overread the input buffer, so we require
padding at the end of the buffer, as is documented in the
get_bits API. Without padding, we'll read uninitialized
data or beyond the end of the .rodata, which may crash.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Once fixed, the end_frame function does exactly what
avfilter_default_end_frame does; therefore, end_frame
can be removed to let avfilter_default_end_frame work.
Fixes ticket #1038.
* qatar/master: (29 commits)
sbrdsp.asm: convert all instructions to float/SSE ones.
dv: cosmetics.
dv: check buffer size before reading profile.
Revert "AAC SBR: group some writes."
udp: Print an error message if bind fails
cook: extend channel uncoupling tables so the full bit range is covered.
roqvideo: cosmetics.
roqvideo: convert to bytestream2 API.
dca: don't use av_clip_uintp2().
wmall: fix build with -DDEBUG enabled.
smc: port to bytestream2 API.
AAC SBR: group some writes.
dsputil: remove shift parameter from scalarproduct_int16
SBR DSP: unroll sum_square
rv34: remove dead code in intra availability check
rv34: clean a bit availability checks.
v4l2: update documentation
tgq: convert to bytestream2 API.
parser: remove forward declaration of MpegEncContext
dca: prevent accessing static arrays with invalid indexes.
...
Conflicts:
doc/indevs.texi
libavcodec/Makefile
libavcodec/dca.c
libavcodec/dvdata.c
libavcodec/eatgq.c
libavcodec/mmvideo.c
libavcodec/roqvideodec.c
libavcodec/smc.c
libswscale/output.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
The codec would keep returning the last decoded frame if the stream
contains B-frames, since it wouldn't clear that frame from the list of
frames to be returned to the user.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
The "ECs != 1 -> OP1a" assumption was wrong. Luckily, the file that triggered
that behavior had two ECs, not zero. Hence distinguishing between them is
simple in this case.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This fixes rare cases where OPAtom may be treated as OP1a, causing all essence
to be read into RAM.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Since the values are floats, using the float operations
makes sense, improves performance on some CPUs and
makes the code SSE compatible instead of needing SSE2.
Based on suggestion by Jason.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
There is only one caller, which does not need the shifting. Other use cases
are situations where different roundings would be needed.
The x86 and neon versions are modified accordingly.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
The length is even, so some unrolling can be performed. Timings are for x86:
- 32bits: 102c -> 82c
- 64bits: 82c -> 69c
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
This was an incorrect copy-and-paste to a code not needing the original code.
Spotted by Jason in a previous review but forgotten in the commit.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>