Fixes out of bounds read.
Checked against SMPTE 421M-2006
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This fixes clipping if the encoder input used the full 16 bit
input range (samples with a magnitude below 16383 worked fine).
The filtered subband samples should be 15 bit maximum, while
the code earlier produced them scaled to 16 bit.
This makes the decoder output have double the magnitude
compared to before.
The spec reference samples doesn't test the QMF at all, which
was why this part slipped past initially.
Signed-off-by: Martin Storsjö <martin@martin.st>
Integer Overflow Checker detected an integer
overflow while FATE was running.
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
h264: error out on invalid bitdepth.
aacsbr: use a swap index for the Y matrix rather than copy buffers.
huffyuv: do not abort on unknown pix_fmt; instead, return an error.
lcl: return negative error codes on decode_init() errors.
rtpenc: Use MB info side data for splitting H263 packets for RFC 2190
h263enc: Add an option for outputting info about MBs as side data
avpacket: Add a function for shrinking already allocated side data
nellymoserdec: Saner and faster IMDCT windowing
Conflicts:
doc/APIchanges
libavcodec/avpacket.c
libavcodec/version.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Fixes invalid reads while initializing the dequant tables, which uses
the bit depth to determine the QP table size.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
This is based on the reference implementation and fixes
a global out of array read.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This fixes a out of global array read.
This change is based on the reference mpc imlementation.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
It appears there are corner cases with damaged input that can lead
to small overreads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Code ported from qatar/master, please see there for per line authorship.
Main authors AFAIK are Ronald and Justin. I have no authorship on this.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (58 commits)
amrnbdec: check frame size before decoding.
cscd: use negative error values to indicate decode_init() failures.
h264: prevent overreads in intra PCM decoding.
FATE: do not decode audio in the nuv test.
dxa: set audio stream time base using the sample rate
psx-str: do not allow seeking by bytes
asfdec: Do not set AVCodecContext.frame_size
vqf: set packet parameters after av_new_packet()
mpegaudiodec: use DSPUtil.butterflies_float().
FATE: add mp3 test for sample that exhibited false overreads
fate: add cdxl test for bit line plane arrangement
vmnc: return error on decode_init() failure.
libvorbis: add/update error messages
libvorbis: use AVFifoBuffer for output packet buffer
libvorbis: remove unneeded e_o_s check
libvorbis: check return values for functions that can return errors
libvorbis: use float input instead of s16
libvorbis: do not flush libvorbis analysis if dsp state was not initialized
libvorbis: use VBR by default, with default quality of 3
libvorbis: fix use of minrate/maxrate AVOptions
...
Conflicts:
Changelog
doc/APIchanges
libavcodec/avcodec.h
libavcodec/dpxenc.c
libavcodec/libvorbis.c
libavcodec/vmnc.c
libavformat/asfdec.c
libavformat/id3v2enc.c
libavformat/internal.h
libavformat/mp3enc.c
libavformat/utils.c
libavformat/version.h
libswscale/utils.c
tests/fate/video.mak
tests/ref/fate/nuv
tests/ref/fate/prores-alpha
tests/ref/lavf/ffm
tests/ref/vsynth1/prores
tests/ref/vsynth2/prores
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Its not clear from the spec what to do with values larger than 127
so iam opting for the safe side and ask for a sample.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
With the encode2 API, encoders allocate huge packets to be
sure they have enough room (a typical case is mpeg4, which
allocs ~10M for 1280x768 yuv420p) but only actually use a
very small part of the buffer.
ProRes codes chroma blocks in 444 mode in different order than luma blocks,
so make both decoder and encoder read/write chroma blocks in right order.
Reported by Phil Barrett
[alex.converse@mgail.com]
Move code to get_che()
Update for AAC new channel configuration interface
Only set chan_config if output_configure succeeds.
Signed-off-by: Alex Converse <alex.converse@gmail.com>
This is somewhat redundant as no decoder should call get_buffer() with such argument.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
ALS spec:
11.6.3.1.1 Quantization and encoding of parcor coefficients
...
In all cases the resulting quantized values ak are restricted to the range [-64,63].
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
adpcm: Clip step_index values read from the bitstream at the beginning of each frame.
oma: don't read beyond end of leaf_table.
doxygen: Remove documentation for non-existing parameters; misc small fixes.
Indeo3: fix crashes on corrupt bitstreams.
msmpeg4: Replace forward declaration by proper #include.
segment: implement wrap around
avf: reorder AVStream and AVFormatContext
aacdec: Remove erroneous reference to global gain from the out of bounds scalefactor error message.
Conflicts:
libavcodec/indeo3.c
libavformat/avformat.h
libavutil/avutil.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Splits at borders of cells are invalid, since it leaves one of the
cells with a width/height of zero. Also, propagate errors on buffer
allocation failures, so we don't continue decoding (which crashes).
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
* qatar/master:
avcodec_default_reget_buffer(): fix compilation in DEBUG mode
fate: Overhaul WavPack coverage
h264: fix mmxext chroma deblock to use correct TC values.
flvdec: Remove the now redundant check for known broken metadata creator
flvdec: Validate index entries added from metadata while reading
rtsp: Handle requests from server to client
movenc: use timestamps instead of frame_size for samples-per-packet
movenc: use the first cluster duration as the tfhd default duration
movenc: factorize calculation of cluster duration into a separate function
doc/APIchanges: fill in missing dates and hashes.
lavc: reorder AVCodecContext fields.
lavc: reorder AVFrame fields.
Conflicts:
doc/APIchanges
libavcodec/avcodec.h
libavformat/flvdec.c
libavformat/movenc.c
tests/fate/lossless-audio.mak
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
lavf: don't guess r_frame_rate from either stream or codec timebase.
avconv: set discard on input streams automatically.
Fix parser not to clobber has_b_frames when extradata is set.
lavf: don't set codec timebase in avformat_find_stream_info().
avconv: saner output video timebase.
rawdec: set timebase to 1/fps.
avconv: refactor vsync code.
FATE: remove a bunch of useless -vsync 0
cdxl: bit line plane arrangement support
cdxl: remove early check for bpp
cdxl: set pix_fmt PAL8 only if palette is available
Conflicts:
ffmpeg.c
libavcodec/h264_parser.c
libavformat/rawdec.c
tests/fate/demux.mak
tests/fate/ea.mak
tests/fate/h264.mak
tests/fate/prores.mak
tests/fate/video.mak
tests/ref/fate/bethsoft-vid
tests/ref/fate/creatureshock-avs
tests/ref/fate/ea-cmv
tests/ref/fate/interplay-mve-16bit
tests/ref/fate/interplay-mve-8bit
tests/ref/fate/nuv
tests/ref/fate/prores-alpha
tests/ref/fate/qtrle-16bit
tests/ref/fate/qtrle-1bit
tests/ref/fate/real-rv40
tests/ref/fate/rpza
tests/ref/fate/wmv8-drm
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Because in contrast to the decoder, the parser does not setup low_delay.
The code in parse_nal_units would always end up setting has_b_frames
to "1", except when stream is explicitly marked as low delay.
Since the parser itself would create 'extradata', simply reopening
the parser would cause this.
This happens for instance in estimate_timings_from_pts(), which causes the
parser to be reopened on the same stream.
This fixes Libav #22 and FFmpeg (trac) #360
CC: libav-stable@libav.org
Based on a patch by Reimar Döffinger <Reimar.Doeffinger@gmx.de>
(commit 31ac0ac29b)
Comments and description adapted by Reinhard Tartler.
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
* qatar/master: (34 commits)
mlp_parser: fix the channel mask value used for the top surround channel
vorbisenc: check all allocations for failure
roqaudioenc: return AVERROR codes instead of -1
roqaudioenc: set correct bit rate
roqaudioenc: use AVCodecContext.frame_size correctly.
roqaudioenc: remove unneeded sample_fmt check
ra144enc: use int16_t* for input samples rather than void*
ra144enc: set AVCodecContext.coded_frame
ra144enc: remove unneeded sample_fmt check
nellymoserenc: set AVCodecContext.coded_frame
nellymoserenc: improve error checking in encode_init()
nellymoserenc: return AVERROR codes instead of -1
libvorbis: improve error checking in oggvorbis_encode_init()
mpegaudioenc: return AVERROR codes instead of -1
libfaac: improve error checking and handling in Faac_encode_init()
avutil: add AVERROR_UNKNOWN
check for coded_frame allocation failure in several audio encoders
audio encoders: do not set coded_frame->key_frame.
g722enc: check for trellis data allocation error
libspeexenc: export encoder delay through AVCodecContext.delay
...
Conflicts:
doc/APIchanges
libavcodec/avcodec.h
libavcodec/fraps.c
libavcodec/kgv1dec.c
libavcodec/libfaac.c
libavcodec/libgsm.c
libavcodec/libvorbis.c
libavcodec/mlp_parser.c
libavcodec/roqaudioenc.c
libavcodec/vorbisenc.c
libavutil/avutil.h
libavutil/error.c
libavutil/error.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
It is not allowed to change mid-stream like it does currently. Instead we need
to buffer the first 8 frames before returning them as a single packet, then
only return single frame packets after that.
* qatar/master:
docs: use -bsf:[vas] instead of -[vas]bsf.
mpegaudiodec: Prevent premature clipping of mp3 input buffer.
lavf: move the packet keyframe setting code.
oggenc: free comment header for all codecs
lcl: error out if uncompressed input buffer is smaller than framesize.
mjpeg: abort decoding if packet is too large.
golomb: use HAVE_BITS_REMAINING() macro to prevent infloop on EOF.
get_bits: add HAVE_BITS_REMAINING macro.
lavf/output-example: use new audio encoding API correctly.
lavf/output-example: more proper usage of the new API.
tiff: Prevent overreads in the type_sizes array.
tiff: Make the TIFF_LONG and TIFF_SHORT types unsigned.
apetag: do not leak memory if avio_read() fails
apetag: propagate errors.
SBR DSP x86: implement SSE sbr_hf_g_filt
SBR DSP x86: implement SSE sbr_sum_square_sse
SBR DSP: use intptr_t for the ixh parameter.
Conflicts:
doc/bitstream_filters.texi
doc/examples/muxing.c
doc/ffmpeg.texi
libavcodec/golomb.h
libavcodec/x86/Makefile
libavformat/oggenc.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Prevents crash when trying to copy from a non-existing plane in e.g.
a RGB32 reference image to a YUV420P target image
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Instead of clipping extrasize based on EXTRABYTES, clip based on the
amount of buffer actually left. Without this fix, there are warbles
and other distortions in the test case below.
http://kevincennis.com/mix/assets/sounds/1901_voxfx.mp3
This prevents crashes when trying to read beyond the end of the buffer
while decoding frame data.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
* qatar/master: (40 commits)
swf: check return values for av_get/new_packet().
wavpack: Don't shift minclip/maxclip
rtpenc: Expose the max packet size via an avoption
rtpenc: Move max_packet_size to a context variable
rtpenc: Add an option for not sending RTCP packets
lavc: drop encode() support for video.
snowenc: switch to encode2().
snowenc: don't abuse input picture for storing information.
a64multienc: switch to encode2().
a64multienc: don't write into output buffer when there's no output.
libxvid: switch to encode2().
tiffenc: switch to encode2().
tiffenc: properly forward error codes in encode_frame().
lavc: drop libdirac encoder.
gifenc: switch to encode2().
libvpxenc: switch to encode2().
flashsvenc: switch to encode2().
Remove libpostproc.
lcl: don't overwrite input memory.
swscale: take first/lastline over/underflows into account for MMX.
...
Conflicts:
.gitignore
Makefile
cmdutils.c
configure
doc/APIchanges
libavcodec/Makefile
libavcodec/allcodecs.c
libavcodec/libdiracenc.c
libavcodec/libxvidff.c
libavcodec/qtrleenc.c
libavcodec/tiffenc.c
libavcodec/utils.c
libavformat/mov.c
libavformat/movenc.c
libpostproc/Makefile
libpostproc/postprocess.c
libpostproc/postprocess.h
libpostproc/postprocess_altivec_template.c
libpostproc/postprocess_internal.h
libpostproc/postprocess_template.c
libswscale/swscale.c
libswscale/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Unrolling the main loop to process, instead of 4 elements:
- 8: minor gain of 2 cycles (not worth the extra object size)
- 2: loss of 8 cycles.
Assigning STEP to a register is a loss. Output address (Y) is almost always
unaligned.
Timings:
- C (32/64 bits): 117/109 cycles
- SSE: 57 cycles
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
The 32bits targets have been compiled with -mfpmath=sse for proper reference.
sbr_sum_square C /32bits: 82c (unrolled)/102c
C /64bits: 69c (unrolled)/82c
SSE/32bits: 42c
SSE/64bits: 31c
Use of SSE4.1 dpps to perform the final sum is slower.
Not unrolling to perform 8 operations in a loop yields 10 more cycles.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
Since we are clipping before we shift the values to
16 or 32 bits, we should not shift the min/max clip
values to compensate.
Fixes 8 and 24 bit lossy decoding.
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
If the PNG filter is enabled, a PNG-style filter will run over the
input buffer, writing into the buffer. Therefore, if no zlib compression
was used, ensure that we copy into a temporary buffer, otherwise we
overwrite user-provided input data.
This prevents crashers and errors further down when reading nodes in the
empty tree.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
* qatar/master:
dxva2: don't check for DXVA_PictureParameters->wDecodedPictureIndex
img2: split muxer and demuxer into separate files
rm: prevent infinite loops for index parsing.
aac: fix infinite loop on end-of-frame with sequence of 1-bits.
mov: Add more HDV and XDCAM FourCCs.
lavf: don't set AVCodecContext.has_b_frames in compute_pkt_fields().
rmdec: when using INT4 deinterleaving, error out if sub_packet_h <= 1.
cdxl: correctly synchronize video timestamps to audio
mlpdec_parser: fix a few channel layouts.
Add channel names to channel_names[] array for channels added in b2890f5
movenc: Buffer the mdat for the initial moov fragment, too
flvdec: Ignore the index if the ignidx flag is set
flvdec: Fix indentation
movdec: Don't parse all fragments if ignidx is set
movdec: Restart parsing root-level atoms at the right spot
prores: use natural integer type for the codebook index
mov: Add support for MPEG2 HDV 720p24 (hdv4)
swscale: K&R formatting cosmetics (part I)
swscale: variable declaration and placement cosmetics
Conflicts:
configure
libavcodec/aacdec.c
libavcodec/mlp_parser.c
libavformat/flvdec.c
libavformat/img2.c
libavformat/isom.h
libavformat/mov.c
libavformat/movenc.c
libswscale/rgb2rgb.c
libswscale/rgb2rgb_template.c
libswscale/yuv2rgb.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
The operations that use it require it to be promoted to a larger (natural)
type and thus perform sign extension on it.
While an optimal compiler may account for this, gcc 4.6 (for x86 Windows)
fails. Using the natural integer type provides a 2% speedup for Win64
and 1% for Win32.
Signed-off-by: Diego Biurrun <diego@biurrun.de>
* qatar/master:
mpegvideo_enc: only allocate output packet when we know there will be output
Add names for more channel layouts to the channel layout map.
sunrast: Add a sample request for RMP_RAW colormap.
avcodec: do not override pts or duration from the audio encoder
Add prores regression test.
Enable already existing rso regression test.
Add regression test for "sox" format muxer/demuxer.
Add dpx encoding regression test.
swscale: K&R formatting cosmetics for PowerPC code (part I/II)
img2: Use ff_guess_image2_codec(filename) shorthand where appropriate.
Clarify licensing information about files borrowed from libjpeg.
Mark mutable static data const where appropriate.
avplay: fix -threads option
dvbsubdec: avoid undefined signed left shift in RGBA macro
mlpdec: use av_log_ask_for_sample()
gif: K&R formatting cosmetics
png: make .long_name more descriptive
movdec: Adjust keyframe flagging in fragmented files
rv34: change most "int stride" into "ptrdiff_t stride".
Conflicts:
avprobe.c
ffplay.c
libavcodec/mlpdec.c
libavcodec/mpegvideo_enc.c
libavcodec/pngenc.c
libavcodec/x86/v210-init.c
libavfilter/vf_boxblur.c
libavfilter/vf_crop.c
libavfilter/vf_drawtext.c
libavfilter/vf_lut.c
libavfilter/vf_overlay.c
libavfilter/vf_pad.c
libavfilter/vf_scale.c
libavfilter/vf_select.c
libavfilter/vf_setpts.c
libavfilter/vf_settb.c
libavformat/img2.c
libavutil/audioconvert.c
tests/codec-regression.sh
tests/lavf-regression.sh
tests/ref/lavf/dpx
tests/ref/vsynth1/prores
tests/ref/vsynth2/prores
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (36 commits)
adpcmenc: Use correct frame_size for Yamaha ADPCM.
avcodec: add ff_samples_to_time_base() convenience function to internal.h
adx parser: set duration
mlp parser: set duration instead of frame_size
gsm parser: set duration
mpegaudio parser: set duration instead of frame_size
(e)ac3 parser: set duration instead of frame_size
flac parser: set duration instead of frame_size
avcodec: add duration field to AVCodecParserContext
avutil: add av_rescale_q_rnd() to allow different rounding
pnmdec: remove useless .pix_fmts
libmp3lame: support float and s32 sample formats
libmp3lame: renaming, rearrangement, alignment, and comments
libmp3lame: use the LAME default bit rate
libmp3lame: use avpriv_mpegaudio_decode_header() for output frame parsing
libmp3lame: cosmetics: remove some pointless comments
libmp3lame: convert some debugging code to av_dlog()
libmp3lame: remove outdated comment.
libmp3lame: do not set coded_frame->key_frame.
libmp3lame: improve error handling in MP3lame_encode_init()
...
Conflicts:
doc/APIchanges
libavcodec/libmp3lame.c
libavcodec/pcxenc.c
libavcodec/pnmdec.c
libavcodec/pnmenc.c
libavcodec/sgienc.c
libavcodec/utils.c
libavformat/hls.c
libavutil/avutil.h
libswscale/x86/swscale_mmx.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This prevents having to sign-extend on 64-bit systems with 32-bit ints,
such as x86-64. Also fixes crashes on systems where we don't do it and
arguments are not in registers, such as Win64 for all weight functions.
We now require at least libmp3lame 3.98.3.
lame_encode_buffer_interleaved() still doesn't work for mono, but it does not
"die"; it just expects a stereo interleaved buffer.
* qatar/master:
doxy: remove reference to removed api
examples: unbreak compilation
ttadec: cosmetics: reindent
sunrast: use RLE trigger macro inplace of the hard coded value.
sunrastenc: set keyframe flag for the output packet.
mpegvideo_enc: switch to encode2().
mpegvideo_enc: force encoding delay of at least 1 frame when low_delay=0
Conflicts:
doc/examples/muxing.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* shariman/wmall:
Perform inter-channel decorr. only if both channels are coded
Use fixed-length array in revert_mclms()
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This allows the following commit to extrapolate better dts for the first
frame. Pts difference between the first two frames is reused as the
difference between pts and dts of the first frame.
This zeros all the memory once and avoids valgrind warnings.
alternatively the warnings could be suppressed.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
mov: Use defines for sample flags in fragments
mov: Use defines for trun flags
mov: Use defines for tfhd flags
proresenc: force bitrate not to exceed given limit
vc1parse: call vc1_init_common().
wma: don't return 0 on invalid packets.
asf: prevent packet_size_left from going negative if hdrlen > pktlen.
mjpegb: don't return 0 at the end of frame decoding.
rtpdec: Identify incorrectly signalled H263
vp8dsp: split long line.
aiff: don't skip block_align==0 check on COMM-after-SSND files.
dpcm: ignore extra unpaired bytes in stereo streams.
mp3on4: require a minimum framesize.
mpc7: assign an error level + context to av_log() msg.
huffyuv: error out on bit overrun.
dct-test: Add the missing ff_ prefix to the altivec functions
dct-test: Remove a stray declaration of a nonexistent function
movenc: Write the unknown duration as 64 bit fields in ismv
movenc: Write track durations with all bits set if duration is unknown
Conflicts:
libavcodec/dct-test.c
libavcodec/wmadec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Apple ProRes Format Specifications mentions target data size for every frame,
so make sure frame meets it. This also allows encoder to demand much smaller
packet sizes for output.
The parser uses VLC tables initialized in vc1_common_init(), therefore
we should call this function on parser init also.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Return 0 means "please return the same data again", i.e. it causes an
infinite loop. Instead, return an error.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Return 0 indicates "please return the same data again", i.e. it causes
an infinite loop. Instead, return that we consumed the buffer if we
finished decoding succesfully, or return an error if an error occurred.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
* qatar/master: (22 commits)
als: prevent infinite loop in zero_remaining().
cook: prevent div-by-zero if channels is zero.
pamenc: switch to encode2().
svq1enc: switch to encode2().
dvenc: switch to encode2().
dpxenc: switch to encode2().
pngenc: switch to encode2().
v210enc: switch to encode2().
xwdenc: switch to encode2().
ttadec: use branchless unsigned-to-signed unfolding
avcodec: add a Sun Rasterfile encoder
sunrast: Move common defines to a new header file.
cdxl: fix video decoding for some files
cdxl: fix audio for some samples
apetag: add proper support for binary tags
ttadec: remove dead code
swscale: make access to filter data conditional on filter type.
swscale: update context offsets after removal of AlpMmxFilter.
prores: initialise encoder and decoder parts only when needed
swscale: make monowhite/black RGB-independent.
...
Conflicts:
Changelog
libavcodec/alsdec.c
libavcodec/dpxenc.c
libavcodec/golomb.h
libavcodec/pamenc.c
libavcodec/pngenc.c
libavformat/img2.c
libswscale/output.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
If bufsize < headersize, init_get_bits() will be called with a negative
number, causing it to fail and any subsequent call to get_bits() will
crash because it reads from a NULL pointer.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
On EOF, get_bits() will continuously return 0, causing an infinite
loop.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
The unused code being removed is for encoding only and therefore is not needed
by the decoder.
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
WMApro actually support 13-bits block sizes (potentially even up to 14),
and thus we should support that also. If we get block sizes beyond what
the decoder can handle (14 is possible depending on s->decode_flags),
error out instead of crashing.
* qatar/master:
shorten: Use separate pointers for the allocated memory for decoded samples.
atrac3: Fix crash in tonal component decoding.
ws_snd1: Fix wrong samples counts.
movenc: Don't set a default sample duration when creating ismv
rtp: Factorize the check for distinguishing RTCP packets from RTP
golomb: avoid infinite loop on all-zero input (or end of buffer).
bethsoftvid: synchronize video timestamps with audio sample rate
bethsoftvid: add audio stream only after getting the first audio packet
bethsoftvid: Set video packet duration instead of accumulating pts.
bethsoftvid: set packet key frame flag for audio and I-frame video packets.
bethsoftvid: fix read_packet() return codes.
bethsoftvid: pass palette in side data instead of in a separate packet.
sdp: Ignore RTCP packets when autodetecting RTP streams
proresenc: initialise 'sign' variable
mpegaudio: replace memcpy by SIMD code
vc1: prevent using last_frame as a reference for I/P first frame.
Conflicts:
libavcodec/atrac3.c
libavcodec/golomb.h
libavcodec/shorten.c
libavcodec/ws-snd1.c
tests/ref/fate/bethsoft-vid
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Fixes invalid free() if any of the buffers are not allocated due to either
not decoding a header or an error prior to allocating all buffers.
Fixes CVE-2012-0858
CC: libav-stable@libav.org
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
Add a check to avoid writing past the end of the channel_unit.components[]
array.
Bug Found by: cosminamironesei
Fixes CVE-2012-0853
CC: libav-stable@libav.org
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
This makes the check that avoids overwrite of the samples array actually
work properly.
fixes CVE-2012-0848
CC: libav-stable@libav.org
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
Update FATE reference to account for now non-existent palette packet.
This also fixes the FATE test if frame data is not initialized in
get_buffer(), so update comment in avconv accordingly.
