In init_planes p->xblen and p->yblen are set to:
p->xblen = s->plane[0].xblen >> s->chroma_x_shift;
p->yblen = s->plane[0].yblen >> s->chroma_y_shift;
These are later used as block_w and block_h arguments of
s->vdsp.emulated_edge_mc. If one of them is 0 it triggers an av_assert2
in emulated_edge_mc:
av_assert2(start_x < end_x && block_w > 0);
av_assert2(start_y < end_y && block_h > 0);
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Quickdraw packs data as a series of codes that the application is supposed
to handle, but it does not define any order in which they might appear.
Since it's unfeasible to support *all* opcodes defined by the spec,
only handle well-known blocks containing video data and ignore any unknown
or unsupported ones.
Move palette loading and rle decoding to separate functions to resue them
in other blocks and drop format initialization in init since it can
support more formats than pal8.
Validate width and height.
previously various variables had a too small type to support the required 32bit unsigned
range allowed from the spec
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
s->ref_pics[i] is later used as ref argument of interpolate_refplane,
where it is dereferenced.
If it is NULL, it causes a segmentation fault.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
If bytes is large enough, bytes*8 can overflow and become negative.
In that case 'bufsize -= bytes*8' causes bufsize to increase instead of
decrease.
This leads to a segmentation fault.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
buf_idx + data_unit_size can overflow, causing the '> buf_size' check to
wrongly fail.
This causes a segmentation fault.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
For max_order = 0 the clipping range is invalid. (amin = 2, amax = 1)
CC: libav-stable@libav.org
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Also change the type of begin, end and smp to ptrdiff_t to make the
comparison well-defined.
CC: libav-stable@libav.org
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
The minimum of the ath(x, ATH_ADD) function depends on ATH_ADD.
This patch uses the first order approximation to determine it.
For ATH_ADD = 4 this results in the value at 3407.06812 (-5.24241638)
not the one at 3410 (-5.24237967).
CC: libav-stabl@libav.org
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
avctx->bits_per_raw_sample is used in get_sbits_long, which only
supports up to 32 bits.
CC: libav-stable@libav.org
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
AV_PIX_FMT_MONOBLACK has the AV_PIX_FMT_FLAG_BITSTREAM flag, i.e.
linesize can be smaller than width.
Since x_offset is only check against the width, this can lead to
x_offset * bpp >= image_linesize.
In this case ptr could be set to a position outside the image_buf in
png_handle_row, leading to memory corruption and thus crashes.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
During the loop ret can get changed. Since it is not set on all failure
paths, decode_frame_common can return 0 even though an error occurred.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This check was removed in commit 08aec6f6, but
s->last_picture.f->data[0] is still used in handle_p_frame_apng
unconditionally.
This fixes a segmentation fault.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* rbultje/vp9-profile1-wip:
vp9: add fate test for 422.
vp9: copy bug in libvpx for 4:2:2 chroma bs=8x4/4x4 prediction.
vp9: add yuv440 fate test.
vp9: fix mask_edges and filter_plane_rows/cols() for 440.
vp9: more specifically specify mask destination to mask_edges().
vp9: add fate test for profile 1 444.
vp9: don't create special u/v filter masks for 444.
vp9: merge uv loopfilter code into generic filter_plane_rows/cols().
vp9: split out loopfilter luma rows/cols functions from loopfilter_sb().
vp9: invert order of two conditions.
vp9: use correct chroma subsampling for profile 1 inter block recon.
vp9: use correct chroma subsampling for profile 1 intra block recon.
vp9: take chroma subsampling into account when walking the block tree.
vp9: support non-420 chroma subsampling for profile 1 token decoding.
vp9: increase buffer sizes for non-420 chroma subsamplings.
vp9: profile 1 header decoding.
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This also fixes intra-only MT failures (it was the same bug), see trac
4526 and 4527.
Tested-by: James Almer <jamrial@gmail.com>
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Check extended sync word for 16-bit LE and BE core streams to reduce
probability of alias sync detection. Previously sync word extension was
checked only for 14-bit streams (and this check did not properly work
across buffer boundary).
Use 64-bit parser state to make extended sync word detection work across
buffer boundary.
This is sufficient to make the sample in ticket #4492 parse
successfully.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit '7a4f74eed51f914e9bbfebaffd4a92ac6791f819':
h264: embed the DPB in the context
Conflicts:
libavcodec/h264.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '88c612e3a4d5b584e2d9f6e2541de78d67bdfb9f':
h264: merge the init and reinit paths in update_thread_context()
Conflicts:
libavcodec/h264_slice.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '8a66fd40260b7aae6226d68c4dbad43b05a8e524':
h264: drop the reinit parameter from init_slice_header()
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'c9ccbc7333eddd025ebbde5cc4f27d68a950c623':
h264: update the current bit depth/chroma type in init_slice_header()
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '440e8dd374b732c48d564d9f1bb0ec3b1b786fb9':
h264: drop a comment that carries no useful information
Merged-by: Michael Niedermayer <michaelni@gmx.at>
It does not make sense to copy is_avc without copying this as well. This
patch should not change anything for now, but will have an effect in
later commits.
That function currently does two things -- reinitializing the DSP
contexts and setting low_delay based on the SPS values.
The former more appropriately belongs in h264_slice_header_init(), while
the latter only really makes sense in decode_slice_header().
The third call to ff_h264_set_parameter_from_sps(), done immediately
after parsing a new SPS, appears to serve no useful purpose, so it is
just dropped.
Also, drop now unneeded H264Context.cur_chroma_format_idc.
Currently, the DPB is initialized in alloc_tables() and uninitialized in
free_tables(), but those functions manage frame size-dependent
variables, so DPB management does not logically belong in there.
Since we want the init/uninit to happen exactly once per the context
lifetime, init_context()/free_context() are the proper place for this
code.
* commit '0c69164f451cc9ca6ce9d6e7568083e2776bc845':
h263: Convert function to macro
Conflicts:
libavcodec/h263.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '59dfc2b0c89f35c5805abee72c2ae4ee7af8e98d':
h263: Drop commented-out code and a related otherwise unused function
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'c3418201307c6b7a2b3e3be10f33ab4a20a32c3b':
jpeglsenc: Mark codec as init-thread-safe and init-cleanup
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'f5ba67ee1342b7741200ff637fc3ea3387b68a1b':
flacenc: Move a scratch buffer to struct used by the function
Conflicts:
libavcodec/flacenc.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
s->decoded_buffer is allocated with a min_size of:
2 * FFALIGN(blockstodecode, 8) * sizeof(*s->decoded_buffer)
Then it is assigned to s->decoded[0] (and s->decoded_buffer + FFALIGN(blockstodecode, 8)
to s->decoded[1]) and passed as out buffer to decode_array_0000.
In this function 64 elements of the out buffer are written
unconditionally and outside the array if blockstodecode is too small.
This causes memory corruption, leading to segmentation faults or other
crashes.
Thus change decode_array_0000 to write at most blockstodecode elements
of the out buffer.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Otherwise range_start_decoding is not necessarily run and thus
ctx->rc.range still 0 in range_dec_normalize leading to an infinite
loop.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
GCC tool had a bug of PPC intrinsic interpret, which has been fixed in GCC 4.9.1. This bug lead to
errors in two of our previous patches. We found this when we update our GCC tools to 4.9.1 and by
reading the related info on GCC website. We fix our previous error in two separate commits
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
HAVE_LOONGSON is replaced by HAVE_LOONGSON3. Even Loongson-2E and 2F support
Loongson SIMD instructs but have low performance for decoding. We plan to focus
on optimizing Loongson-3A1000, 3B1500 and 3A1500, and modify the configure file
to support Loongson-2 series later by adding HAVE_LOONGSON2.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Niklesh <niklesh.lalwani@iitb.ac.in>
Previous version reviewed-by: Philip Langdale <philipl@overt.org>
Previous version reviewed-by: Carl Eugen Hoyos <cehoyos@ag.or.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit '18db1286b04557aa2d2df7efbcb65ae825d5a469':
libxvid: Make codec use the init-cleanup flag and mark it as init-thread-safe
Conflicts:
libavcodec/libxvid.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'eae7338e1592f4a398b7c3cb9d1ac854b7a44ff8':
libx264: Make codec use the init-cleanup flag and mark it as init-thread-safe
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '74a1cad7e3ba79e5b1e5b2e2bcf6179520442679':
lclenc: Mark codec as init-thread-safe and init-cleanup
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'bb428e00ac158244d6691bf135be404e85b66a8b':
hqx: Mark codec as init-thread-safe and init-cleanup
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '43171886e08b6a2f20a1e2f3ecc95a7984b591cd':
huffyuvenc: Mark codec as init-thread-safe and init-cleanup
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'd90133b77bf69667d10e54de9aae7da223c6876a':
asvenc: Mark codec as init-thread-safe and init-cleanup
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '5bba3ab0cf7a0238ee1ea31ca2da08ce860fd8f9':
internal: Make dlog/tlog a no-op when disabled
Conflicts:
libavcodec/internal.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
The unaligned size is not handled in setctx_2d(), causing edges of images
to have improper segmentation prediction, which causes visual artifacts
at image edges a few frames later.
this quiets a warning:
Failed to set VP8E_SET_NOISE_SENSITIVITY codec control: Unspecified
internal error
Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: James Zern <jzern@google.com>
If rice_limit is 0, k can be 0 in decode_scalar, which calls show_bits(gb, k).
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit '0a51c7d42a519c63178a4f3e35b8967f21da3a6a':
prores: Set the bits_per_coded_sample for alpha pix_fmt
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'aef0be08756e00f363c524453c948a6e2a348614':
avcodec: Unref the dummy buffer on the fail path
Merged-by: Michael Niedermayer <michaelni@gmx.at>
For max_order = 0 the clipping range is invalid. (amin = 2, amax = 1)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This is required if it's subsequently re-enabled with no value updates
(which means, use values that were previously set).
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
See sample vp90-2-14-resize-fp-tiles-16-8-4-2-1.webm from the vp9 test
vector set which reproduces the issue. This probably costs a few cycles,
but I don't think there's an easy way to workaround that.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Also change the type of begin, end and smp to ptrdiff_t to make the
comparison well-defined.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Reviewed-by: Thilo Borgmann <thilo.borgmann@mail.de>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The minimum of the ath(x, ATH_ADD) function depends on ATH_ADD.
This patch uses the first order approximation to determine it.
For ATH_ADD = 4 this results in the value at 3407.06812 (-5.24241638)
not the one at 3410 (-5.24237967).
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Approved-by: Claudio Freire <klaussfreire@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Patch to support VP9 encoding with new profiles 1-3.
Profile 1 (8-bit 422/444) should work with default libvpx
configuration.
However you will need to configure libvpx with
--enable-vp9-highbitdepth before building and linking
with ffmpeg for profile 2 (10-/12-bit 420) and profile 3
(10-/12-bit 422/444) encoding.
You may use the appropriate profile option on the
command line:
-profile:v 1 for 422/444 8-bit encoding
-profile:v 2 for 420 10-/12- bit encoding
-profile:v 3 for 422/444 10-/12-bit encoding
If you do not use the -profile:v option, it will be deduced
from the source format.
Signed-off-by: James Zern <jzern@google.com>
* commit 'e6fb844f7b736e72da364032d251283bce9e63ad':
Implement shared parsing of INFO tag in Canopus family
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '453642f8afe9f979fcc813a246b1ec656ec36a93':
hqx: Store shareable data in main decoder context
Conflicts:
libavcodec/hqx.c
libavcodec/hqx.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'ea031b75fb50c59196ccb654c9d143fb75365da9':
hqx: Move DSP related code to a separate file
Conflicts:
libavcodec/hqx.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
If begin is smaller than t, the subtraction 'begin -= t' wraps around,
because begin is unsigned. The same applies for end < t.
This causes segmentation faults.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
avctx->bits_per_raw_sample is used in get_sbits_long, which only
supports up to 32 bits.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
If the same idx is used for more than one i, at least one entry in
sconf->chan_pos remains uninitialized.
This can cause segmentation faults.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This fixes an invalid read if end is 0:
band_end = ff_ac3_bin_to_band_tab[end-1] + 1;
Depending on what is before the array, this can cause stack smashing,
when band_end becomes too large.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
If band->thr is 0.0f, the division is undefined, making norm_fac not a
number or infinity, which causes psy_band->threshold to become NaN.
This is passed on to other variables until it finally reaches
sce->sf_idx and is converted to an integer (-2147483648).
This causes a segmentation fault when it is used as array index.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Reviewed-by: Claudio Freire <klaussfreire@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
ac may be NULL and then accessing ac->avctx results in a segmentation fault.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This fixes segmentation faults, when pic->linesize[0] is negative.
In that case 'line * pic->linesize[0] + pixel_ptr' is treated as
unsigned and wraps around.
This reverts commit 7d78a964.
The problem was introduced in commit f7e1367f, which should obsolete
that commit.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The spec madandate both time_scale and num_units_in_tick greater than 0,
however since they are not essential for decoding, just ignore the whole
block and try to finish parsing the VUI.
Related to Ticket4445.
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
This commit implements the perceptual noise substitution AAC extension. This is a proof of concept
implementation, and as such, is not enabled by default. This is the fourth revision of this patch,
made after some problems were noted out. Any changes made since the previous revisions have been indicated.
In order to extend the encoder to use an additional codebook, the array holding each codebook has been
modified with two additional entries - 13 for the NOISE_BT codebook and 12 which has a placeholder function.
The cost system was modified to skip the 12th entry using an array to map the input and outputs it has. It
also does not accept using the 13th codebook for any band which is not marked as containing noise, thereby
restricting its ability to arbitrarily choose it for bands. The use of arrays allows the system to be easily
extended to allow for intensity stereo encoding, which uses additional codebooks.
The 12th entry in the codebook function array points to a function which stops the execution of the program
by calling an assert with an always 'false' argument. It was pointed out in an email discussion with
Claudio Freire that having a 'NULL' entry can result in unexpected behaviour and could be used as
a security hole. There is no danger of this function being called during encoding due to the codebook maps introduced.
Another change from version 1 of the patch is the addition of an argument to the encoder, '-aac_pns' to
enable and disable the PNS. This currently defaults to disable the PNS, as it is experimental.
The switch will be removed in the future, when the algorithm to select noise bands has been improved.
The current algorithm simply compares the energy to the threshold (multiplied by a constant) to determine
noise, however the FFPsyBand structure contains other useful figures to determine which bands carry noise more accurately.
Some of the sample files provided triggered an assertion when the parameter to tune the threshold was set to
a value of '2.2'. Claudio Freire reported the problem's source could be in the range of the scalefactor
indices for noise and advised to measure the minimal index and clip anything above the maximum allowed
value. This has been implemented and all the files which used to trigger the asserion now encode without error.
The third revision of the problem also removes unneded variabes and comparisons. All of them were
redundant and were of little use for when the PNS implementation would be extended.
The fourth revision moved the clipping of the noise scalefactors outside the second loop of the two-loop
algorithm in order to prevent their redundant calculations. Also, freq_mult has been changed to a float
variable due to the fact that rounding errors can prove to be a problem at low frequencies.
Considerations were taken whether the entire expression could be evaluated inside the expression
, but in the end it was decided that it would be for the best if just the type of the variable were
to change. Claudio Freire reported the two problems. There is no change of functionality
(except for low sampling frequencies) so the spectral demonstrations at the end of this commit's message were not updated.
Finally, the way energy values are converted to scalefactor indices has changed since the first commit,
as per the suggestion of Claudio Freire. This may still have some drawbacks, but unlike the first commit
it works without having redundant offsets and outputs what the decoder expects to have, in terms of the
ranges of the scalefactor indices.
Some spectral comparisons: https://trac.ffmpeg.org/attachment/wiki/Encode/AAC/Original.png (original),
https://trac.ffmpeg.org/attachment/wiki/Encode/AAC/PNS_NO.png (encoded without PNS),
https://trac.ffmpeg.org/attachment/wiki/Encode/AAC/PNS1.2.png (encoded with PNS, const = 1.2),
https://trac.ffmpeg.org/attachment/wiki/Encode/AAC/Difference1.png (spectral difference).
The constant is the value which multiplies the threshold when it gets compared to the energy, larger
values means more noise will be substituded by PNS values. Example when const = 2.2:
https://trac.ffmpeg.org/attachment/wiki/Encode/AAC/PNS_2.2.png
Reviewed-by: Claudio Freire <klaussfreire@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit replaces the previous hardcoded constants with both new and previously
defined macros from aac.h. This change makes it easy for anyone reading the code
to know how encoding and decoding scalefactors works. It's also possibly
a step in unifying some of the code across both the encoder and decoder.
Reviewed-by: Claudio Freire <klaussfreire@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
They seem to sometimes trigger with old AVI files. They are just
confusing, do not help anyone, and use sloppy language.
Signed-off-by: Diego Biurrun <diego@biurrun.de>
This is optional, but ensures that linking with -Wl,--as-needed does not
drop the library containing the MMAL VC driver. The driver normally
"registers" itself in the library constructor, but since no symbols are
explicitly referenced, the linker could remove it with --as-needed
enabled.
Signed-off-by: Diego Biurrun <diego@biurrun.de>
This commit adjusts the intial offset for PNS values, introduced
with commit f7f71b5795 earlier. This
commit shifts the value in such a way that no further offsets are
required in the aaccoder.c file. Earlier version of the PNS patch had 2 offsets in both the aaccoder and aacenc.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
