Avoid overwriting the bitstream buffer data before we
have ended processing the frame.
This is necessary to fix hwaccels which might try to use
the buffer during the end_frame call.
I am not sure but it is possible this could even trigger
a use-after-free if the av_fast_malloc allocated a new buffer.
This would require that decode_slice did not wind the bitstream
forward all the way to the end, which does not currently happen in
normal streams.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
The specification does not allow multiple bits to be set,
but some encoders do it anyway.
Applying it only to the first seems to give better results.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
* commit '3185a80259ce1f8f8111073dbd14a69a396e03a3':
fraps: Make the input buffer size checks more strict
Conflicts:
libavcodec/fraps.c
The added checks are mostly to handle duplicate frames, which
we discard, thus there are also no P frames for example.
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '601c2015bc16f0b281160292a6a760cbbbb0eacb':
svq3: Avoid a division by zero
Conflicts:
libavcodec/svq3.c
See: 4fa706a4a6
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '7a5a55722749a3ab77941914707277b147322cbe':
qpeg: Add checks for running out of rows in qpeg_decode_inter
Conflicts:
libavcodec/qpeg.c
See: 4299dfa5de
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'e9d61de96c113ee0ef8082833c7e682df0e23eec':
mpegaudiodec: Validate that the number of channels fits at the given offset
Conflicts:
libavcodec/mpegaudiodec.c
See: 51fcf276f8
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'f50803354c6acb4575379d7c54ca48ec5d36dd61':
asvdec: Verify the amount of extradata
See: 605f2b6b00
Merged-by: Michael Niedermayer <michaelni@gmx.at>
If the height is zero, the decompression will probably end up
failing due to not fitting into the allocated buffer later
anyway, so this doesn't need any more elaborate check.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
This is similar to the fix in 35cbc98b.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
The init function reads one byte of extradata.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
* commit '5372cda67109848d22146289e401669266217e80':
rv10: Validate the dimensions set from the container
This check could be replaced by a width==0||height==0
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'c4bfa098072ba338d83555d6e2199f7e1e64ffff':
Add a WebP decoder
Conflicts:
Changelog
doc/general.texi
libavcodec/Makefile
libavcodec/avcodec.h
libavcodec/version.h
libavformat/img2.c
The previously existing webp decoder is disabled as the new
one supports lossless mode and alpha while the previous does not.
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '9ae53c5860e17d087642d27b00dade071970a2e7':
lavc: add ff_u8_to_s8() for safe type punning of uint8_t to int8_t
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '18a245a2aea31b92bc435f2962a71e060d83b5f7':
jpeg2000dec: Add more checks when parsing headers
The check cannot be true in FFmpeg, but does no harm.
I will move it in a subsequent commit so it can detect missing SIZ
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This is required, since invalid parameters actually could
pass the switch check below.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
A change in framesize caused a perpetual loss of synchronization.
So read (and use) the frame size from the frame header instead of
setting it only once.
Signed-off-by: Diego Biurrun <diego@biurrun.de>
It's not our responsibility to account for other projects'
terrible hacky usage.
Also, it is no longer needed by XMBC, since 78b71d4.
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
* commit 'ea78a348d86a3a733f6c1e0a65cfdd8283d924b9':
eacmv: Make sure a reference frame exists before referencing it
Conflicts:
libavcodec/eacmv.c
See: 113d7be624
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'a92538b7c0defc86c55fb91f55dfa36aad192673':
ivi_common: Make sure color planes have been initialized
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '711c970168297683860422e95d6b7e37ee3c8367':
rv34: Check the return value from ff_rv34_decode_init
Conflicts:
libavcodec/rv30.c
libavcodec/rv40.c
See: b86651a208
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'e1f3847f860a1094a46be4c5f10db8df616c3135':
mace: Make sure that the channel count is set to a valid value
Conflicts:
libavcodec/mace.c
See: 6df1cfa7e4
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '1115689d54ea95a084421f5a182b8dc56cbff978':
svq3: Check for any negative return value from ff_h264_check_intra_pred_mode
Conflicts:
libavcodec/svq3.c
See: 019eb2c77b
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '187105ff8a02bafc9c58d9d8363bb3f55a415635':
Fix references to deleted avcodec_encode_video() function
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This is similar to an existing check for the second-last frame
from 062421e3.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
This avoids a potential division by zero.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
This avoids crashes when initializing the range coder for
the first slice context.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
Also return a proper error code.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
Also pass on any returned error code.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
* commit 'ac9d159015a88aa2721b271875d18482f713f354':
proresdec: Properly make sure an index doesn't run past the limit
Conflicts:
libavcodec/proresdec_lgpl.c
See: 30df9789a9
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'e90a6846c2c006fbebd00e1f2789f4a86fafacef':
cavsdec: Make sure a sequence header has been decoded before decoding pictures
See: ec0965be36
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Previously the wrong buffer pointer was checked, when buf
instead of *buf was checked. But checking the return value
instead is even better.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
If idx equaled num_coeffs - 1 on entry to the loop, the previous
check failed to break out of the loop.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
The volatile is not required here, and prevents a miscompilation with GCC
4.8.1 when building on x86 with --cpu=i686
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
The sample buffering logic does not take into account that the blocksize
could change. Reset the buffer if the channel configuration changes,
since if there are leftover samples, it is most likely a broken or
misconcatenated stream. This could lead to negative numbers for
missing_samples during decoding.
Thanks to Michael Niedermeyer for pointing these out.
* cehoyos/master:
Set bits_per_raw_sample when reading j2k frames.
libopenjpegdec.c: Correctly scale gray16 output if precision < 16
Use rc_max_rate if no video bit_rate was specified when muxing mxf_d10.
Store the video bit_rate in the context when muxing mxf.
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'b1e469885362febce3d9a4678624e44a92f77da9':
g2meet: Allocate cursor buffers large enough to fit the aligned width
See: 3c4c5ca1c1
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '0d61f260010707f3028b818e8b24598e1a83d696':
zmbvdec: Check the buffer size for uncompressed data
Conflicts:
libavcodec/zmbv.c
See: 44c23aa1b8
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'b26742cc308552f242ee2bf93b07a3ff509f4edc':
shorten: Break out of loop looking for fmt chunk if none is found
See: 5e9a56a035
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '49568851bf1700e3d9ea9cda29208d0df3c2c38b':
shorten: Use a checked bytestream reader for the wave header
Conflicts:
libavcodec/shorten.c
See: 5e9a56a035
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'f3d57dc69145f1b7acb4870da9ce60378190a1fd':
smacker: Free memory properly if the init function fails
Conflicts:
libavcodec/smacker.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '0679cec6e8802643bbe6d5f68ca1110a7d3171da':
smacker: Make sure we don't fill in huffman codes out of range
Conflicts:
libavcodec/smacker.c
See: 1285baaab5
the added test is redundant but will be used after future refactoring
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Also don't pointlessly set the buffer size to 1 after copying
one packet.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
avcodec_find_best_pix_fmt2 does not modify its first argument so may be
marked const. This avoids a warning when passing in AVCodec.pix_fmts.
Signed-off-by: Dylan Simon <dylan@dylex.net>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Adds the end trimming value (duration to be trimmed from the end
of the file due to padding) to the packet's side data. This is
then made use by the muxer to put the value in the container.
Signed-off-by: Vignesh Venkatasubramanian <vigneshv@google.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Adding support for discarding samples from the end based on the value in
AV_PKT_DATA_SKIP_SAMPLES side data's bytes 5-8.
Signed-off By: Vignesh Venkatasubramanian <vigneshv@google.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Some fields of the frame are changed to reflect encoder decissions like
if its a keyframe. It thus cannot be constant.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
These prevent the rgb ljpeg code from being run on parameters that it doesnt
support. No testcase available but it seems possible to trigger these.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Currently all uses of the emu edge code as well as the code itself
assume int linesize
changing some but not changing all would introduce a security issue
once all use this typedef a simple search and replace can be
done to switch them all to ptrdiff_t
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This makes sure that linesize * start_y doesn't overflow, so that
emulated_edge_mc can get back the original value if needed.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
* commit 'af11fa5409cc72fc45ca7f3527400beca10967b9':
mjpegb: Detect changing number of planes in interlaced video
Conflicts:
libavcodec/mjpegdec.c
See: ecc31630f9
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '35cbc98b720db95b923cb2d745f77bb2ee4363dc':
alac: Check that the channels fit at the given offset
Conflicts:
libavcodec/alac.c
See: b53f89710b
Merged-by: Michael Niedermayer <michaelni@gmx.at>
The code tries to decode a number of channels at the
offset given by the ff_alac_channel_layout_offsets table.
Even if the number of channels decoded so far doesn't
exceed the total number of channels, we need to check that
we actually can decode that number of channels at this offset
as well.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
Otherwise buffer size calculations in allocate_buffers could
overflow later, making the code think a large enough buffer
actually was allocated.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
* commit '5f7aecde02a95451e514c809f2794c1deba80695':
pictordec: break out of both decoding loops when y drops below 0
Conflicts:
libavcodec/pictordec.c
The added check is redundant.
It shows the error path more clearly though
See: f3f488423a
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Fixing av_packet_copy_side_data to work correctly when source and
destination are the same. This makes sure that there is no memory
leak and double frees.
Signed-off by: Vignesh Venkatasubramanian <vigneshv@google.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Otherwise picmemset can get called with negative y, resulting in an
invalid write.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Based on a patch by Wolfram Gloger <wmglo@dent.med.uni-muenchen.de>.
http://lists.ffmpeg.org/pipermail/ffmpeg-devel/2012-December/136677.html
The original patch was rebased by Tudor SUCIU <tudor.suciu@gmail.com>.
Lots of additional features and fixes are made by me.
Fixes ticket #2086.
Changes since last version:
- change default page to all pages
Signed-off-by: Marton Balint <cus@passwd.hu>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This moves some allocations to init, reducing possible failure modes in update.
Always copies from the previous context instead of just during init
Fixes Ticket2923
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Remove the header decoding for PCM audio from mpeg.c and the
20/24bit parts from pcm.c and merge them into a new decoder in
pcm-dvd.c.
The decoder has added support for samples that span multiple
packets and modified 20/24bit group decoding. Both is needed to
decode samples that have been generated with DVD-Lab Pro 2. The
decoding of 16bit PCM and two channel 24bit is identical to
before. No other samples are known to verify the correctness of
the encoding this software does.
The complete list of tested formats is
48kHz/16bit/2-8 channels
48kHz/24bit/2-5 channels
96kHz/16bit/2-4 channels
96kHz/24bit/2 channels
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
The original idea was to collect PCM codecs that could appear in various
MPEG streams in this file. Discussion in IRC lead to the conclusion that
one codec per file would be better and stop the need for #ifdefs.
* commit '6369ba3c9cc74becfaad2a8882dff3dd3e7ae3c0':
x86: avcodec: Use convenience macros to check for CPU flags
Conflicts:
libavcodec/x86/dsputil_init.c
libavcodec/x86/hpeldsp_init.c
libavcodec/x86/motion_est.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'a6b650118543e1580e872896d8976042b7c32d01':
ppc: cosmetics: Consistently format CPU flag detection invocations
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Files starting with B frames in presentation order generated the
"no keyframe" warning before this change.
Based on patch by: Robert Krüger <krueger@lesspain.de>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit '70dd8892bf00923af838756dfbb356a9b1e4e40d':
mpegvideo: Replace arch initialization ifdeffery by standard conditionals
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'f61bece684d9685b07895508e6c1c733b5564ccf':
ppc: Add and use convenience macro to check for AltiVec availability
Conflicts:
libavcodec/ppc/dsputil_ppc.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Only consume an AVPacket when all the samples have been read.
When the rate of samples output is limited (by the default value
of max_samples), consuming the first packet immediately will cause
timing problems:
- The first packet with PTS 0 will output 4608 samples and be
consumed entirely
- The second packet with PTS 64 will output the remaining samples
(typically, a lot, that's why max_samples exist) until the decoded
samples of the first packet have been exhausted, at which point the
samples of the second packet will be decoded and output when
av_decode_frame is called with the next packet).
That means there's a PTS jump since the first packet is 'decoded'
immediately, which can be seen with avplay or mplayer: the timing
jumps immediately to 6.2s (which is the size of a packet).
Sample: http://streams.videolan.org/issues/6348/Goldwave-MAClib.ape
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
The fate tests change as they used 1.2 previously
The increased size is due to:
32bit CRCs per slice by default (can be disabled),
it adds slice headers to allow decoding one slice without the others
an additional slice size field is added to make it possible to find
slices within corrupted surroundings.
these add up to about 57bit per slice more
at 50 frames and 4 slices thats 1425 byte
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit '9e7b62f0fb7462a902330fcc82cf596388f0187b':
twinvq: set block align for codecs and use it in size checks
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This both allows factoring out size check for both MetaSound and TwinVQ-VQF
decoders and fixes the situation when there are several MetaSound frames
stuffed together (that happens in 8kHz @ 8kbps MetaSound in ASF for example).
