Commit Graph

15670 Commits

Author SHA1 Message Date
Ronald S. Bultje
80387f0e25 mimic: don't use self as reference, and report completion at end of decode().
Fixes hangs on corrupt samples that reference self-frames.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-16 15:30:52 -07:00
Diego Biurrun
e5d403720e h264: K&R formatting cosmetics
Also remove some disabled code and fix a few comment typos.
2012-03-16 20:35:37 +01:00
Diego Biurrun
ad4cec6b80 s3tc.h: Add missing #include to fix standalone header compilation. 2012-03-16 18:51:57 +01:00
Paul B Mahol
702985b8b7 dxa: remove useless code
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2012-03-15 14:01:23 +01:00
Ronald S. Bultje
e0febda22d h264: stricter reference limit enforcement.
Progressive images can have only 16 references, error out if there are
more, since the data is almost certainly corrupt, and the invalid value
will lead to random crashes or invalid writes later on.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-14 13:24:49 -07:00
Ronald S. Bultje
48cbe4b092 h264: increase reference poc list from 16 to 32.
Interlaced images can have 32 references (16 per field), so limiting the
array size to 16 leads to invalid writes.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-14 13:24:45 -07:00
Ronald S. Bultje
86020073db xa_adpcm: limit filter to prevent xa_adpcm_table[] array bounds overruns.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-14 13:24:40 -07:00
Michael Niedermayer
1f8ff2b13c snow: check reference frame indices.
Fixes NULL ptr dereference

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-03-14 13:24:35 -07:00
Michael Niedermayer
c9837954e7 snow: reject unsupported chroma shifts.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-03-14 13:24:31 -07:00
Paul B Mahol
5b4d026a03 anm: convert to bytestream2 API
Protects from overreads.

Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-03-14 13:23:07 -07:00
Paul B Mahol
f1ce053cd0 bytestream: add more unchecked variants for bytestream2 API
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-03-14 13:23:07 -07:00
Paul B Mahol
a1c036e961 jvdec: unbreak video decoding
The safe bitstream reader broke it since the buffer size was specified
in bytes instead of bits.

Signed-off-by: Janne Grunau <janne-libav@jannau.net>
CC: libav-stable@libav.org
2012-03-14 15:34:50 +01:00
Michael Niedermayer
758ec11153 h264: Fix invalid interlaced/progressive MB combinations for direct mode prediction.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-03-13 10:04:23 -07:00
Anton Khirnov
d533e395e1 libx264: add 'stats' private option for setting 2pass stats filename.
x264 always opens the file itself with fopen, so we cannot use the
standard lavc stats mechanism.

CC: libav-stable@libav.org
2012-03-13 12:20:50 +01:00
Anton Khirnov
9d5c131ece libx264: fix help text for slice-max-size option.
CC: libav-stable@libav.org
2012-03-13 12:20:34 +01:00
Hendrik Leppkes
7103c8350a dxva2_vc1: pass the overlap flag to the decoder
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2012-03-13 08:14:23 +01:00
Hendrik Leppkes
b2b0aa70ea dxva2_vc1: fix decoding of BI frames
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2012-03-13 08:14:22 +01:00
Paul B Mahol
29b0d94b43 dfa: convert to bytestream2 API
Protects from overreads.

Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-03-12 21:47:40 -07:00
Peter Ross
015da6e394 anm decoder: move buffer allocation from decode_init() to decode_frame()
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-03-12 16:44:39 -07:00
Michael Niedermayer
3aa661ec56 h264: improve parsing of broken AVC SPS
Parsing the entire NAL as SPS fixes decoding of some AVC bitstreams
with broken escaping. Since the size of the NAL unit is known and
checked against the buffer end we can parse it entirely without buffer
overreads.

Fixes playback of
http://streams.videolan.org/streams/mp4/Mr_MrsSmith-h264_aac.mp4

Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2012-03-13 00:31:52 +01:00
Paul B Mahol
bd3e07c82a pcm-mpeg: convert to bytestream2 API
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2012-03-12 23:03:57 +01:00
Janne Grunau
8a6037c390 Revert "h264: clear trailing bits in partially parsed NAL units"
This reverts commit 729ebb2f18.

There was an off-by-one error in the bit mask calculation clearing
actually the last valid bit and causing
http://bugzilla.libav.org/show_bug.cgi?id=227

The broken sample (Mr_MrsSmith-h264_aac.mp4) the commit was fixing
does not work after correcting the off-by-one error.

CC: libav-stable@libav.org
2012-03-12 22:46:56 +01:00
Janne Grunau
363bd1c62c remove iwmmxt optimizations
The were broken since August of 2010 without anyone noticing until
three weeks ago. Nobody cares about it anymore and hopefully Marvell
will support NEON like in the PXA978 from now on.
2012-03-12 22:46:56 +01:00
Paul B Mahol
33c5c3ad07 mimic: do not continue if swap_buf_size is 0
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-03-12 11:47:48 -07:00
Paul B Mahol
dba425ad7a mimic: convert to bytestream2 API
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-03-12 11:46:34 -07:00
Paul B Mahol
05d089a80b frwu: use MKTAG to check marker instead of AV_RL32
Using intreadwrite.h for this is overkill.

Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-03-12 11:41:02 -07:00
Paul B Mahol
919f355438 txd: port to bytestream2 API
Protects against overreads.

Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-03-12 11:37:47 -07:00
Paul B Mahol
85aded741e c93: convert to bytestream2 API
Protects against overreads.

Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Martin Storsjö <martin@martin.st>
2012-03-12 17:13:42 +02:00
Ronald S. Bultje
c95fefa042 dsicinvideo: validate buffer offset before copying pixels.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-11 07:28:54 -07:00
Ronald S. Bultje
97e48b2f54 cook: error out on quant_index values outside [-63, 63] range.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-10 17:51:28 -08:00
Ronald S. Bultje
d7eabd5042 mpc: pad mpc_CC/SCF[] tables to allow for negative indices.
MPC8 allows indices of mpc_CC up to -1, and mpc_SCF up to -6, thus pad
the tables by that much on the left end.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-10 14:28:08 -08:00
Ronald S. Bultje
442c3a8cb1 cook: expand dither_tab[], and make sure indexes into it don't overflow.
Fixes overflows in accessing dither_tab[].

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-10 12:03:53 -08:00
Ronald S. Bultje
71af42bd96 xxan: reindent xan_unpack_luma().
It used 3-space indent instead of 4-space indent.
2012-03-10 11:57:56 -08:00
Ronald S. Bultje
f77bfa8376 xxan: protect against chroma LUT overreads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-10 11:57:17 -08:00
Ronald S. Bultje
5518827816 xxan: convert to bytestream2 API.
Protects against overreads.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-10 11:48:57 -08:00
Ronald S. Bultje
f1279e286b xxan: don't read before start of buffer in av_memcpy_backptr().
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-10 11:48:39 -08:00
Ronald S. Bultje
a928ed3751 vp8: convert mbedge loopfilter x86 assembly to use named arguments. 2012-03-10 11:36:33 -08:00
Ronald S. Bultje
bee330e300 vp8: convert inner loopfilter x86 assembly to use named arguments. 2012-03-10 11:36:33 -08:00
Diego Biurrun
ffae713a5b Fix a bunch of common typos. 2012-03-09 22:02:49 +01:00
Diego Biurrun
eab6968f24 build: Skip compiling xvmc.h under the correct condition. 2012-03-09 20:56:15 +01:00
Michael Niedermayer
744dd1d356 aacdec: Fix SCE parity check.
An unpaired SCE preceding a CPE only makes sense for front SCEs
preceding the first CPE.

Split from FFmpeg commit a8d67efa53

Signed-off-by: Alex Converse <alex.converse@gmail.com>
2012-03-09 09:47:57 -08:00
Michael Niedermayer
d53fe096e4 aacdec: Fix out of array writes (stack).
Set the element to channel vector (e2c_vec) size to be the maximum
number of aac channel elements. This makes it slightly larger than it
needs to be because CCEs are never mapped to output channel locations.

Also add a check that all input tags (legal or not) will fit.

Split from FFmpeg commit a8d67efa53

Signed-off-by: Alex Converse <alex.converse@gmail.com>
2012-03-09 09:47:57 -08:00
Paul B Mahol
ea1d64ab10 ttadec: unbreak playback of matroska files
Matroska demuxer needs to recreate tta header, so just display
crc error without aborting.

Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-03-08 11:56:45 -08:00
Aaron Colwell
12623a8026 vorbisdec: avoid invalid memory access
This fixes some invalid memory access caused later in the function
by res_chan[] not being set for all channels. This happens when a
channel doesn't appear a submap. This change simply returns a
decoder error when this situation is detected.

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-03-08 11:52:33 -08:00
Ronald S. Bultje
4ffe5e2aa5 huffyuv: add padding to classic (v1) huffman tables.
We slightly overread the input buffer, so we require
padding at the end of the buffer, as is documented in the
get_bits API. Without padding, we'll read uninitialized
data or beyond the end of the .rodata, which may crash.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-08 11:20:49 -08:00
Ronald S. Bultje
4c25269ced png: convert to bytestream2 API.
Protects against overreads in the input buffer.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-08 11:17:25 -08:00
Kostya Shishkov
681e726865 dca: include libavutil/mathematics.h for possibly missing M_SQRT1_2 2012-03-08 07:16:01 +01:00
Ronald S. Bultje
83f15a1228 avs: fix infinite loop on end-of-stream.
The codec would keep returning the last decoded frame if the stream
contains B-frames, since it wouldn't clear that frame from the list of
frames to be returned to the user.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-07 16:33:35 -08:00
Alex Converse
fd0be63049 tiffdec: Prevent illegal memory access caused by recycled pointers.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-07 15:40:42 -08:00
Ronald S. Bultje
b4bccf3e4e wma: fix off-by-one in array bounds check.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-07 14:42:39 -08:00