Commit Graph

76856 Commits

Author SHA1 Message Date
Andreas Cadhalpun
3e8e1a660e apng: use correct size for output buffer
The buffer needs s->bpp bytes, at maximum currently 10.
Assert that s->bpp is not larger.

This fixes a stack buffer overflow.

Reviewed-by: wm4 <nfxjfg@googlemail.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2015-11-07 13:15:14 +01:00
Andreas Cadhalpun
db374790c7 jvdec: avoid unsigned overflow in comparison
The return type of strlen is size_t, i.e. unsigned, so if pd->buf_size
is 3, the right side overflows leading to a wrong result of the
comparison and subsequently a heap buffer overflow.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2015-11-07 13:13:35 +01:00
Will Kelleher
7f7fa90f7b hevc: extract SEI caption data
Signed-off-by: Will Kelleher <wkelleher@gogoair.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-07 12:10:55 +01:00
Michael Niedermayer
43492ff3ab avcodec/jpeg2000dec: Clip all tile coordinates
Fixes out of array access
Fixes: b877a6b788a25c70e8b1d014f8628549/asan_heap-oob_1da2c3f_2324_5a1b329b0b3c4bb6b1d775660ac56717.r3d

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-07 02:17:04 +01:00
Michael Niedermayer
c719cd6cf7 avcodec/microdvddec: Check for string end in 'P' case
Fixes out of array read
Fixes: a9502b60f4cecc19475382aee255f73c/asan_heap-oob_1e87fba_2548_a8ad47f6dde36644fe9cdc444d4632d0.sub

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-07 01:01:19 +01:00
Ronald S. Bultje
20db54906f vp9_parser: allow superframes with a single frame. 2015-11-06 17:12:03 -05:00
Michael Niedermayer
daefd8ab2f avcodec/dirac_parser: Fix undefined memcpy() use
Fixes: 9d375e415486edd1a0c826f2307d89a4/asan_generic_4a5159_1577_faa333e83dacdd9e4dd322380aeed537.iss

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-06 21:59:42 +01:00
Michael Niedermayer
cc96018c79 libopenh264enc: Set AVOption data type
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2015-11-06 21:55:15 +01:00
Michael Niedermayer
fcc49924db vdpau: Remove a spurious CONFIG_H263_VDPAU_HWACCEL
Fixes libavcodec/vdpau.c:282:5: warning:
    "CONFIG_H263_VDPAU_HWACCEL" is not defined [-Wundef]

Removed in d35d0c723e.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-06 21:55:15 +01:00
Michael Niedermayer
563e6d8603 segafilm: drop the "song and dance" for cinepak
This seems not to do anything any more since a long time, and removing
it avoids using uninitialized memory. Also change the error value
forwarding as done everywhere else.

Partly fixes: msan_uninit-mem_7fb7d24780d0_2744_R03T.CAK
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2015-11-06 21:55:15 +01:00
Paul B Mahol
1e791ee3aa segafilm: set video and audio stream duration
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2015-11-06 21:55:15 +01:00
Paul B Mahol
c012c6f1a8 segafilm: implement seeking
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2015-11-06 21:55:15 +01:00
Ganesh Ajjanagadde
6f1ddc726f avdevice/dshow_enummediatypes: check return of av_malloc
Untested.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
2015-11-06 09:36:57 -05:00
John Stebbins
2ec112f71c vf_pad: fix x, y option expression evaluation
Calculation of x an y based on width and height did not work when
width == 0 or height == 0.  "0" substitutes the input width and
height, but did so too late for x, y expression evaluation.

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2015-11-06 15:03:51 +01:00
Paul B Mahol
b456ece557 XMA1 and XMA2 stereo decoders
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2015-11-06 13:45:50 +01:00
Ganesh Ajjanagadde
c8780822ba swresample/resample: speed up build_filter for Blackman-Nuttall filter
This uses the trigonometric double and triple angle formulae to avoid
repeated (expensive) evaluation of libc's cos().

Sample benchmark (x86-64, Haswell, GNU/Linux)
test: fate-swr-resample-dblp-44100-2626
old:
1104466600 decicycles in build_filter(loop 1000),     256 runs,      0 skips
1096765286 decicycles in build_filter(loop 1000),     512 runs,      0 skips
1070479590 decicycles in build_filter(loop 1000),    1024 runs,      0 skips

new:
588861423 decicycles in build_filter(loop 1000),     256 runs,      0 skips
591262754 decicycles in build_filter(loop 1000),     512 runs,      0 skips
577355145 decicycles in build_filter(loop 1000),    1024 runs,      0 skips

This results in small differences with the old expression:
difference (worst case on [0, 2*M_PI]), argmax 0.008:
max diff (relative): 0.000000000000157289807188
blackman_old(0.008): 0.000363951585488813192382
blackman_new(0.008): 0.000363951585488755946507

These are judged to be insignificant for the performance gain. PSNR to
reference file is unchanged up to second decimal point for instance.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
2015-11-05 21:52:40 -05:00
Sebastian Dröge
7d6a4797f1 mpegtsenc: Implement writing of Opus trim_start/trim_end control values
Signed-off-by: Sebastian Dröge <sebastian@centricular.com>
Reviewed-by: Kieran Kunhya <kierank@obe.tv>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-06 03:33:17 +01:00
Sebastian Dröge
01509cdf92 mpegtsenc: Add support for muxing Opus in MPEG-TS
Signed-off-by: Sebastian Dröge <sebastian@centricular.com>
Previous version reviewed-by: Kieran Kunhya <kierank@obe.tv>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-06 03:32:40 +01:00
Michael Niedermayer
79c4a338e4 avformat/xmv: Discard remainder of packet on error
Fixes infinite loop
Fixes: 9c48ae2680c5f23bca3d20ff0f325fd8/asan_generic_4c254d_1374_993f1e5967dd6f844b8d72f978ce2a6c.pss

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-06 02:24:01 +01:00
Michael Niedermayer
9b6fac11da avformat/xmv: factor return check out of if/else
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-06 02:11:01 +01:00
Michael Niedermayer
973c3dba27 avcodec/mpeg12dec: Do not call show_bits() with invalid bits
Fixes assertion failure
Fixes: 63e50545709a6440d3d59f6426d58db9/signal_sigabrt_7ffff6ae7cc9_8189_3272a3010fd98ddf947c662bbde1ac13.ts

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-06 00:56:52 +01:00
Michael Niedermayer
cea9eb9520 avcodec/dnxhddec: Make mb_scan_index a fixed length array
Fixes null pointer dereference
Fixes: 5c9d1a6f74a12763fc7c9dd7834022b9/signal_sigsegv_11f78d9_1461_ecee3c5e7205457498e79b3ffaf21d0c.mxf

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-06 00:15:21 +01:00
Michael Niedermayer
d4a731b84a avcodec/faxcompr: Add missing runs check in decode_uncompressed()
Fixes out of array access
Fixes: 54e488b9da4abbceaf405d6492515697/asan_heap-oob_32769b0_160_a8755eb08ee8f9579348501945a33955.TIF

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-05 21:36:14 +01:00
Michael Niedermayer
c9bfd6a8c3 libavutil/channel_layout: Check strtol*() for failure
Fixes assertion failure
Fixes: 4f5814bb15d2dda6fc18ef9791b13816/signal_sigabrt_7ffff6ae7cc9_65_7209d160d168b76f311be6cd64a548eb.wv

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-05 19:28:19 +01:00
Luca Barbato
e2854e731f avresample: Document avresample_open() a little better
Bug-Id: 911
2015-11-05 17:25:46 +01:00
Michael Niedermayer
3692d859f4 avformat/mpegts: Only start probing data streams within probe_packets
Fixes assertion failure
Fixes: 4321db8ac331f5967ebfbfe80ce5eb78/signal_sigabrt_7ffff6ae7cc9_7213_0d6457b9d6897fa7c78507fa5de53510.ts

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-05 17:06:02 +01:00
Michael Niedermayer
93f30f825c avcodec/hevc_ps: Check chroma_format_idc
Fixes out of array access
Fixes: 24d05e8b84676799c735c9e27d97895e/asan_heap-oob_1b70f6a_2955_7c3652a7f370f9f3ef40642bc2c99bb2.bit

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-05 15:04:57 +01:00
Michael Niedermayer
a813cdda48 avcodec/truemotion1: Initialize mb_change_byte only when needed
Fixes out of array read
Fixes: d92114d8c2a019b8a6e50cd2a7301b54/asan_heap-oob_26bf563_60_1d3420277533de9dbf8aba3f93af346f.avi

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-05 03:16:15 +01:00
Michael Niedermayer
a8b254e436 avcodec/ffv1dec: Print an error if the quant table count is invalid
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-05 01:31:52 +01:00
Michael Niedermayer
c665532820 avcodec/ffv1dec: Free tables on init failure
Fixes memleak
Fixes: 07ec1fc3c1cbf2d3edcd7d9b52ca156c/asan_heap-oob_13624c5_491_ecd4720a03e697ba750b235690656c8f.avi

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-05 01:31:52 +01:00
Michael Niedermayer
5745cf799a avcodec/ffv1dec: Check for 0 quant tables
Fixes assertion failure
Fixes: 07ec1fc3c1cbf2d3edcd7d9b52ca156c/asan_heap-oob_13624c5_491_ecd4720a03e697ba750b235690656c8f.avi

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-05 01:31:52 +01:00
Ganesh Ajjanagadde
9bec6d71a2 swresample/resample: speed up build_filter by 50%
This speeds up build_filter by ~ 50%. This gain should be pretty
consistent across all architectures and platforms.

Essentially, this relies on a observation that the filters have some
even/odd symmetry that may be exploited during the construction of the
polyphase filter bank. In particular, phases (scaled to [0, 1]) in [0.5, 1] are
easily derived from [0, 0.5] and expensive reevaluation of function
points are unnecessary. This requires some rather annoying even/odd
bookkeeping as can be seen from the patch.

I vaguely recall from signal processing theory more general symmetries allowing even greater
optimization of the construction. At a high level, "even functions"
correspond to 2, and one can imagine variations. Nevertheless, for the sake
of some generality and because of existing filters, this is all that is
being exploited.

Currently, this patch relies on phase_count being even or (trivially) 1,
though this is not an inherent limitation to the approach. This
assumption is safe as phase_count is 1 << phase_bits, and is hence a
power of two. There is no way for user API to set it to a nontrivial odd
number. This assumption has been placed as an assert in the code.

To repeat, this assumes even symmetry of the filters, which is the most common
way to get generalized linear phase anyway and is true of all currently
supported filters.

As a side note, accuracy should be identical or perhaps slightly better
due to this "forcing" filter symmetries leading to a better phase
characteristic. As before, I can't test this claim easily, though it may
be of interest.

Patch tested with FATE.

Sample benchmark (x86-64, Haswell, GNU/Linux):

test: swr-resample-dblp-44100-2626

new:
527376779 decicycles in build_filter(loop 1000),     256 runs,      0 skips
524361765 decicycles in build_filter(loop 1000),     512 runs,      0 skips
516552574 decicycles in build_filter(loop 1000),    1024 runs,      0 skips

old:
974178658 decicycles in build_filter(loop 1000),     256 runs,      0 skips
972794408 decicycles in build_filter(loop 1000),     512 runs,      0 skips
954350046 decicycles in build_filter(loop 1000),    1024 runs,      0 skips

Note that lower level optimizations are entirely possible, I focussed on
getting the high level semantics correct. In any case, this should
provide a good foundation.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
2015-11-04 17:05:57 -05:00
Michael Niedermayer
cc35f6f476 avcodec/mjpegdec: Reinitialize IDCT on BPP changes
Fixes misaligned access
Fixes: dc9262a469f6f315f74c087a7b3a7f35/signal_sigsegv_2e95bcd_9_9c0f9f4a9ba82aa9b3ab2b91ce4d5277.jpg

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-04 21:51:21 +01:00
Michael Niedermayer
d24888ef19 avcodec/mjpegdec: Check index in ljpeg_decode_yuv_scan() before using it
Fixes: 04715144ba237443010554be0d05343f/asan_heap-oob_1eafc76_1737_c685b48041a563461839e4e7ab97abb8.jpg
Fixes out of array access

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-04 19:33:33 +01:00
Ganesh Ajjanagadde
fd0bf457b7 avcodec/aacsbr_template: replace qsort with AV_QSORT
When sbr->reset is set in encode_frame, a bunch of qsort calls might get made.
Thus, there is the potential of calling qsort whenever the spectral
contents change.

AV_QSORT is substantially faster due to the inlining of the comparison callback.
Thus, the increase in performance should be worth the increase in binary size.

Tested with FATE.

Reviewed-by: Rostislav Pehlivanov <atomnuker@gmail.com>
Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
2015-11-04 08:15:24 -05:00
Michael Niedermayer
bc55cec57e avcodec/rawenc: Cast argument for av_image_copy_to_buffer() to const
Fixes: libavcodec/rawenc.c:64:40: warning: passing argument 3 of av_image_copy_to_buffer from incompatible pointer type [enabled by default]

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-04 04:41:22 +01:00
Michael Niedermayer
432c1f35f7 avcodec/libzvbi-teletextdec: Remove unused variable ret
Fixes: libavcodec/libzvbi-teletextdec.c:232:9: warning: unused variable ret [-Wunused-variable]

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-04 04:40:00 +01:00
Michael Niedermayer
f3867b0a4a avcodec/vdpau: Remove CONFIG_H263_VDPAU_HWACCEL
Fixes: libavcodec/vdpau.c:320:5: warning: "CONFIG_H263_VDPAU_HWACCEL" is not defined [-Wundef]

It was removed in d15adeacf3

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-04 04:30:19 +01:00
Bryan Huh
d917f25658 avformat/cache: Use int64_t to avoid int overflow in cache_read
Fixes an issue where an int64_t ffurl_seek return-value was being stored
in an int (32-bit) "r" variable, leading to integer overflow when seeking
into a large file (>2GB), and ultimately a "Failed to perform internal
seek" error mesage.

To test, try running `ffprobe 'cache:http://<something>'` on a file that
is ~3GB large, whose moov atom is at the end of the file

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-04 03:59:17 +01:00
Muhammad Faiz
6df2c94130 avfilter/showcqt: remove yuv offset
this makes draw_bar faster
slightly different result with old version

check result (with ~3 minutes audio file):
old:
    real    0m49.611s
    user    0m49.260s
    sys     0m0.073s
new:
    real    0m47.606s
    user    0m47.378s
    sys     0m0.068s
PSNR between old and new:
yuv444p PSNR
    y:109.519298 u:107.506485 v:104.746878
    average:106.816074 min:99.167305 max:inf
yuv422p PSNR
    y:109.519298 u:108.025801 v:104.489734
    average:107.279817 min:98.007467 max:inf
yuv420p PSNR
    y:109.519298 u:108.363875 v:105.290200
    average:108.261511 min:97.461812 max:inf

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-03 23:47:09 +01:00
Ganesh Ajjanagadde
92e483f8ed all: use FFDIFFSIGN to resolve possible undefined behavior in comparators
FFDIFFSIGN was created explicitly for this purpose, since the common
return a - b idiom is unsafe regarding overflow on signed integers. It
optimizes to branchless code on common compilers.

FFDIFFSIGN also has the subjective benefit of being easier to read due
to lack of ternary operators.

Tested with FATE.

Things not covered by this are unsigned integers, for which overflows
are well defined, and also places where overflow is clearly impossible,
e.g an instance where the a - b was being done on 24 bit values.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Reviewed-by: Clément Bœsch <u@pkh.me>
Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
2015-11-03 16:28:30 -05:00
Ganesh Ajjanagadde
265f83fd35 avutil/common: add FFDIFFSIGN macro
This is of use for defining comparator callbacks. Common approaches like
return x-y are not safe due to the risks of overflow.
Furthermore, the (x > y) - (x < y) trick is optimized to branchless
code.
This also documents this macro accordingly.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
2015-11-03 16:28:12 -05:00
Ganesh Ajjanagadde
03f5bcd921 avfilter/vf_rotate: correct log message
There seems to be some typos in the log messages that are fixed by this.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
2015-11-03 16:22:33 -05:00
James Almer
a97f1e7bd0 fate: update fate-source ref file
Signed-off-by: James Almer <jamrial@gmail.com>
2015-11-03 15:05:32 -03:00
wm4
f128b8e19a mov: detect cover art pictures by content
I've got some m4a samples that had jpeg cover art marked as png. Since
these files were supposedly written by iTunes, and other software can
read it (e.g. clementine does), this should be worked around.

Since png has a very simple to detect header, while it's apparently a
real pain to detect jpeg in the general case, try to detect png and
assume jpeg otherwise. Not bothering with bmp, as I have no test case.

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2015-11-03 15:03:12 +01:00
Paul B Mahol
cb7a00da21 avformat: add acm demuxer
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2015-11-03 12:26:09 +01:00
Paul B Mahol
c89e075d5a avcodec: add Interplay ACM decoder
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2015-11-03 12:01:27 +01:00
Tobias Rapp
4746653466 avutil/file_open: avoid file handle inheritance on Windows
Avoids inheritance of file handles on Windows systems similar to the
O_CLOEXEC/FD_CLOEXEC flag on Linux.

Fixes file lock issues in Windows applications when a child process
is started with handle inheritance enabled (standard input/output
redirection) while a FFmpeg transcoding is running in the parent
process.

Links relevant to the subject:

https://msdn.microsoft.com/en-us/library/w7sa2b22.aspx

Describes the _wsopen() function and the O_NOINHERIT flag. File handles
opened by _wsopen() are inheritable by default.

https://msdn.microsoft.com/en-us/library/windows/desktop/ms682425%28v=vs.85%29.aspx

Describes handle inheritance when creating new processes. Handle
inheritance must be enabled (bInheritHandles = TRUE) e.g. when you want
to pass handles for stdin/stdout via lpStartupInfo.

Signed-off-by: Tobias Rapp <t.rapp@noa-audio.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-02 17:40:49 +01:00
Luca Barbato
50d2a3b5f3 flashsv: Initialize the block array
Otherwise flashsv2_prime could be fed random data.

Bug-Id: 908
CC: libav-stable@libav.org

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2015-11-02 16:29:46 +01:00
Luca Barbato
de41b555cd truemotion2: Fix the buffer check
The variable skip contains the expected size in bytes.

Bug-Id: 906
CC: libav-stable@libav.org

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2015-11-02 16:29:14 +01:00