Fixes out of bounds read.
Checked against SMPTE 421M-2006
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
mov: Use defines for sample flags in fragments
mov: Use defines for trun flags
mov: Use defines for tfhd flags
proresenc: force bitrate not to exceed given limit
vc1parse: call vc1_init_common().
wma: don't return 0 on invalid packets.
asf: prevent packet_size_left from going negative if hdrlen > pktlen.
mjpegb: don't return 0 at the end of frame decoding.
rtpdec: Identify incorrectly signalled H263
vp8dsp: split long line.
aiff: don't skip block_align==0 check on COMM-after-SSND files.
dpcm: ignore extra unpaired bytes in stereo streams.
mp3on4: require a minimum framesize.
mpc7: assign an error level + context to av_log() msg.
huffyuv: error out on bit overrun.
dct-test: Add the missing ff_ prefix to the altivec functions
dct-test: Remove a stray declaration of a nonexistent function
movenc: Write the unknown duration as 64 bit fields in ismv
movenc: Write track durations with all bits set if duration is unknown
Conflicts:
libavcodec/dct-test.c
libavcodec/wmadec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
The parser uses VLC tables initialized in vc1_common_init(), therefore
we should call this function on parser init also.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
* qatar/master:
shorten: Use separate pointers for the allocated memory for decoded samples.
atrac3: Fix crash in tonal component decoding.
ws_snd1: Fix wrong samples counts.
movenc: Don't set a default sample duration when creating ismv
rtp: Factorize the check for distinguishing RTCP packets from RTP
golomb: avoid infinite loop on all-zero input (or end of buffer).
bethsoftvid: synchronize video timestamps with audio sample rate
bethsoftvid: add audio stream only after getting the first audio packet
bethsoftvid: Set video packet duration instead of accumulating pts.
bethsoftvid: set packet key frame flag for audio and I-frame video packets.
bethsoftvid: fix read_packet() return codes.
bethsoftvid: pass palette in side data instead of in a separate packet.
sdp: Ignore RTCP packets when autodetecting RTP streams
proresenc: initialise 'sign' variable
mpegaudio: replace memcpy by SIMD code
vc1: prevent using last_frame as a reference for I/P first frame.
Conflicts:
libavcodec/atrac3.c
libavcodec/golomb.h
libavcodec/shorten.c
libavcodec/ws-snd1.c
tests/ref/fate/bethsoft-vid
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (22 commits)
frwu: Employ more meaningful return values.
fraps: Use av_fast_padded_malloc() instead of av_realloc()
mjpegdec: use av_fast_padded_malloc()
eatqi: use av_fast_padded_malloc()
asv1: use av_fast_padded_malloc()
avcodec: Add av_fast_padded_malloc().
swscale: enable dithering in MMX functions.
swscale: make rgb24 function macros slightly smaller.
avcodec.h: Remove some disabled cruft.
swscale: remove obsolete comment.
swscale-test: Drop unused argc and argv arguments from main().
zmbv: Employ more meaningful return values.
zmbvenc: Employ more meaningful return values.
vc1: prevent null pointer dereference on broken files
zmbv: check av_realloc() return values and avoid memleaks on ENOMEM
truespeech: align buffer
ac3: Do not read past the end of ff_ac3_band_start_tab.
dv: Fix small stack overread related to CVE-2011-3929 and CVE-2011-3936.
dv: Fix null pointer dereference due to ach=0
dv: check stype
...
Conflicts:
doc/APIchanges
libavcodec/asv1.c
libavcodec/avcodec.h
libavcodec/eatqi.c
libavcodec/fraps.c
libavcodec/frwu.c
libavcodec/zmbv.c
libavformat/dv.c
libswscale/swscale.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
MVDATA may or may not be transmitted. If it is not, both
dmv_x and dmv_y is to be assumed zero.
This may not trigger wrong picture in all systems, but
it's a bug nevertheless. Fixes SA10116.vc1 on my 64-bit
Windows 7.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
* qatar/master: (29 commits)
cabac: Move code only used within the CABAC test program into the test program.
vp56: Drop unnecessary cabac.h #include.
h264-test: Initialize AVCodecContext.av_class.
build: Skip compiling network.h and rtsp.h if networking is not enabled.
cosmetics: drop some pointless parentheses
Disable annoying warning without changing behavior
faq: Solutions for common problems with sample paths when running FATE.
avcodec: attempt to clarify the CODEC_CAP_DELAY documentation
avcodec: fix avcodec_encode_audio() documentation.
FATE: xmv-demux test; exercise the XMV demuxer without decoding the perceptual codecs inside.
vqf: recognize more metadata chunks
FATE test: BMV demuxer and associated video and audio decoders.
FATE: indeo4 video decoder test.
FATE: update xxan-wc4 test to a sample with more code coverage.
Change the recent h264_mp4toannexb bitstream filter test to output to an elementary stream rather than a program stream.
g722enc: validate AVCodecContext.trellis
g722enc: set frame_size, and also handle an odd number of input samples
g722enc: split encoding into separate functions for trellis vs. no trellis
mpegaudiodec: Use clearer pointer math
tta: Fix returned error code at EOF
...
Conflicts:
libavcodec/h264.c
libavcodec/indeo3.c
libavcodec/interplayvideo.c
libavcodec/ivi_common.c
libavcodec/libxvidff.c
libavcodec/mpegvideo.c
libavcodec/ppc/mpegvideo_altivec.c
libavcodec/tta.c
libavcodec/utils.c
libavfilter/vsrc_buffer.c
libavformat/Makefile
tests/fate/indeo.mak
tests/ref/acodec/g722
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (46 commits)
mtv: Make sure audio_subsegments is not 0
v4l2: use V4L2_FMT_FLAG_EMULATED only if it is defined
avconv: add symbolic names for -vsync parameters
flvdec: Fix compiler warning for uninitialized variables
rtsp: Fix compiler warning for uninitialized variable
ulti: convert to new bytestream API.
swscale: Use standard multiple inclusion guards in ppc/ header files.
Place some START_TIMER invocations in separate blocks.
v4l2: list available formats
v4l2: set the proper codec_tag
v4l2: refactor device_open
v4l2: simplify away io_method
v4l2: cosmetics
v4l2: uniform and format options
v4l2: do not force interlaced mode
avio: exit early in fill_buffer without read_packet
vc1dec: fix invalid memory access for small video dimensions
rv34: fix invalid memory access for small video dimensions
rv34: joint coefficient decoding and dequantization
avplay: Don't call avio_set_interrupt_cb(NULL)
...
Conflicts:
Changelog
avconv.c
doc/APIchanges
doc/indevs.texi
libavcodec/adxenc.c
libavcodec/dnxhdenc.c
libavcodec/h264.c
libavdevice/v4l2.c
libavformat/flvdec.c
libavformat/mtv.c
libswscale/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
For small video dimensions, these calculations of the upper bound
for pixel access may have a negative result. Using an unsigned
comparison to bound a potentially negative value only works if
the greater operand is non-negative. Fixed by doing edge emulation
when the upper bound is probably negative, everywhere that this
pattern appears.
Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>
* qatar/master:
lavc: always align height by 32 pixel
raw: add 10bit YUV definitions
nut: support 10bit YUV
mpegvideo_enc: separate declarations and statements
oma: make header compile standalone
vp3: Reorder some functions to fix VP3 build with Theora disabled.
build: fix standalone compilation of ADX encoder
build: fix standalone compilation of ADPCM decoders
build: fix standalone compilation of mpc7/mpc8 decoders
4xm: Use bytestream2 functions to prevent overreads
bytestream: add a new set of bytestream functions with overread checking
mpegts: Suppress invalid timebase warnings on DMB streams.
mpegts: Fix typo in handling sections in the PMT.
vc1dec: Use the right pointer type for the tmp pointer
Conflicts:
libavcodec/4xm.c
libavcodec/utils.c
libavcodec/vc1dec.c
libavcodec/vp3.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
h264: clear trailing bits in partially parsed NAL units
vc1: Handle WVC1 interlaced stream
xl: Fix overreads
mpegts: rename payload_index to payload_size
segment: introduce segmented chain muxer
lavu: add AVERROR_BUG error value
avplay: clear pkt_temp when pkt is freed.
qcelpdec: K&R formatting cosmetics
qcelpdec: cosmetics: drop some pointless parentheses
x86: conditionally compile dnxhd encoder optimizations
Revert "h264: skip start code search if the size of the nal unit is known"
swscale: fix formatting and indentation of unscaled conversion routines.
h264: skip start code search if the size of the nal unit is known
cljr: fix buf_size sanity check
cljr: Check if width and height are positive integers
Conflicts:
libavcodec/cljr.c
libavcodec/vc1dec.c
libavformat/Makefile
libavformat/mpegtsenc.c
libavformat/segment.c
libswscale/swscale_unscaled.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (23 commits)
applehttp: Properly clean up if unable to probe a segment
applehttp: Avoid reading uninitialized memory
fate: Replace misleading "aac" in the name of an ADTS test with "adts".
fate: Drop pointless "-an" from pictor test command.
fate: split off image codec FATE tests into their own file
fate: split off WMA codec FATE tests into their own file
fate: split off lossless video and audio FATE tests into their own files
fate: split off qtrle codec FATE tests into their own file
fate: split off Ut Video codec FATE tests into their own file
fate: split off screen codec FATE tests into their own file
fate: split off Real Inc. codec FATE tests into their own file
fate: split off AC-3 codec FATE tests into their own file
mpegvideo: remove abort() in ff_find_unused_picture()
rv40: NEON optimised loop filter strength selection
rv40: rearrange loop filter functions
configure: cosmetics: sort some lists where appropriate
swscale_mmx: drop no longer required parameters from VSCALEX macros
swscale: Mark yuv2planeX_8_mmx as MMX2; it contains MMX2 instructions.
build: conditionally compile x86 H.264 chroma optimizations
v410 encoder and decoder
...
Conflicts:
Changelog
configure
doc/developer.texi
doc/general.texi
libavcodec/arm/asm.S
libavcodec/avcodec.h
libavcodec/v410dec.c
libavcodec/v410enc.c
libavcodec/version.h
libavcodec/x86/Makefile
libavcodec/x86/dsputil_mmx.c
libswscale/x86/swscale_mmx.c
tests/Makefile
tests/fate2.mak
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
ulti: Fix invalid reads
lavf: dealloc private options in av_write_trailer
yadif: support 10bit YUV
vc1: mark with ER_MB_ERROR bits overconsumption
lavc: introduce ER_MB_END and ER_MB_ERROR
error_resilience: use the ER_ namespace
build: move inclusion of subdir.mak to main subdir loop
rv34: NEON optimised 4x4 dequant
rv34: move 4x4 dequant to RV34DSPContext
aacdec: Use intfloat.h rather than local punning union.
Conflicts:
libavcodec/h264.c
libavcodec/vc1dec.c
libavfilter/vf_yadif.c
libavformat/Makefile
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This patch is a generalization of what Michael Niedermayer
fixed in a single case.
The wmv8-drm fate test had been updated accordingly.
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
* qatar/master:
x86: cabac: replace explicit memory references with "m" operands
avplay: don't request a stereo downmix
wmapro: use av_float2int()
lavc: avoid invalid memcpy() in avcodec_default_release_buffer()
lavu: replace int/float punning functions
lavfi: install libavfilter/vsrc_buffer.h
Remove extraneous semicolons
sdp: Restore the original mp4 format h264 extradata if converted
rtpenc: Add support for mp4 format h264
rtpenc: Simplify code by introducing a separate end pointer
movenc: Use the actual converted sample for RTP hinting
Fix a bunch of common typos.
Conflicts:
doc/developer.texi
doc/eval.texi
doc/filters.texi
doc/protocols.texi
ffmpeg.c
ffplay.c
libavcodec/mpegvideo.h
libavcodec/x86/cabac.h
libavfilter/Makefile
libavformat/avformat.h
libavformat/cafdec.c
libavformat/flvdec.c
libavformat/flvenc.c
libavformat/gxfenc.c
libavformat/img2.c
libavformat/movenc.c
libavformat/mpegts.c
libavformat/rtpenc_h264.c
libavformat/utils.c
libavformat/wtv.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
drawtext: remove typo
pcm-mpeg: implement new audio decoding api
w32thread: port fixes to pthread_cond_broadcast() from x264.
doc: add editor configuration section with Vim and Emacs settings
dxva2.h: include d3d9.h to define LPDIRECT3DSURFACE9
avformat/utils: Drop unused goto label.
doxygen: Replace '\' by '@' in Doxygen markup tags.
cosmetics: drop some completely pointless parentheses
cljr: simplify CLJRContext
drawtext: introduce rand(min, max)
drawtext: introduce explicit draw/hide variable
rtmp: Use nb_invokes for all invoke commands
Conflicts:
libavcodec/mpegvideo.c
libavfilter/vf_drawtext.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
vc1: use an enum for Frame Coding Mode
doc: cleanup filter section
indeo3: error out if no motion vector is set.
x86inc: Flag shufps as an floating-point instruction for the AVX emulation code.
mpegaudio: do not use init_static_data() for initializing tables.
musepack: fix signed shift overflow in mpc_read_packet()
mov: Make format string match variable type.
wmavoice: Make format string match variable type.
vc1: select interlaced scan table by FCM element
Generalize RIFF INFO tag support; support reading INFO tag in wav
pthread: track thread existence in a separate variable.
Conflicts:
doc/filters.texi
libavcodec/pthread.c
libavformat/avi.c
libavformat/riff.c
libavformat/riff.h
libavformat/wav.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Interlaced videos can contain progressive frames too and now wrong scantable
is selected for them.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
Interlaced videos can contain progressive frames too and now wrong scantable
is selected for them.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
avcodec: add support for planar signed 8-bit PCM.
ra144enc: add sample_fmts list to ff_ra_144_encoder
smackaud: use uint8_t* for 8-bit output buffer type
smackaud: clip output samples
smackaud: use sign_extend() for difference value instead of casting
sipr: use a function pointer to select the decode_frame function
sipr: set mode based on block_align instead of bit_rate
sipr: do not needlessly set *data_size to 0 when returning an error
ra288: fix formatting of LOCAL_ALIGNED_16
udp: Allow specifying the local IP address
VC1: Add bottom field offset to block_index[] to avoid rewriting (+10L)
vc1dec: move an if() block.
vc1dec: use correct hybrid prediction threshold.
vc1dec: Partial rewrite of vc1_pred_mv()
vc1dec: take ME precision into account while scaling MV predictors.
lavf: don't leak corrupted packets
Conflicts:
libavcodec/8svx.c
libavcodec/ra288.c
libavcodec/version.h
libavformat/iff.c
libavformat/udp.c
libavformat/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
The current code is a generalization of the earlier progressive MV
prediction code. This was supposed to predict MVs for both interlaced
and progressive pictures. But the interlaced MV prediction is buggy
and works mostly by luck.
This partially fixes interlaced MV prediction.
Signed-off-by: Anton Khirnov <anton@khirnov.net>
* qatar/master:
id3v2: fix doxy comment - 'machine byte order' makes no sense on char arrays
VC1: restore mistakenly removed code
twinvq: check output buffer size before decoding
twinvq: return an error when the packet size is too small
lavf: export some forgotten symbols with non-av prefixes.
swscale: update altivec yuv2planeX asm to new per-plane API.
swscale: make yuv2yuvX_10_sse2/avx 8/9/16-bits aware.
yuv2planeX10 SIMD
swscale: decide whether to use yuv2plane1/X on a per-plane basis.
swscale: reintroduce full precision in 16-bit output.
Split up yuv2yuvX functions
Split out yuv2yuv1 luma and chroma in order to make them generic DSP functions
lavc: replace references to deprecated AVCodecContext.error_recognition to use AVCodecContext.err_recognition
lavc: translate non-flag-based er options into flag-based ef options at codec open
add -err_filter AVOptions to access flag-based error recognition
h264_weight: initialize "height" function argument properly.
presets: spelling error in libvpx 1080p50_60
avplay: fix fullscreen behaviour with SDL 1.2.14 on Mac OS X
Conflicts:
ffplay.c
libavformat/libavformat.v
libswscale/swscale.c
libswscale/x86/swscale_template.c
tests/ref/lavfi/pixfmts_scale
Merged-by: Michael Niedermayer <michaelni@gmx.at>
The code was mistakenly removed in cad16562c8d76ea2a2a6495f29296c3ff7966946.
It stored some motion vector data for future use in B-pictures.
This fixes Bugzilla bug #57.
Signed-off-by: Diego Biurrun <diego@biurrun.de>