In VC-1 interlaced field pictures, chroma motion vectors can extend beyond
picture boundary even if luma vectors are bounded. The problem shows up
only for hpel interpolated MVs, and may be due to the way motion vectors
are scaled / cropped.
Thanks to Konstantin Shishkov for suggesting the fix. This fixes
long-known segfaults in MC-VC1.ts from videolan streams archive.
Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>
* qatar/master: (35 commits)
h264_idct_10bit: port x86 assembly to cpuflags.
x86inc: clip num_args to 7 on x86-32.
x86inc: sync to latest version from x264.
fft: rename "z" to "zc" to prevent name collision.
wv: return meaningful error codes.
wv: return AVERROR_EOF on EOF, not EIO.
mp3dec: forward errors for av_get_packet().
mp3dec: remove a pointless local variable.
mp3dec: remove commented out cruft.
lavfi: bump minor to mark stabilizing the ABI.
FATE: add tests for yadif.
FATE: add a test for delogo video filter.
FATE: add a test for amix audio filter.
audiogen: allow specifying random seed as a commandline parameter.
vc1dec: Override invalid macroblock quantizer
vc1: avoid reading beyond the last line in vc1_draw_sprites()
vc1dec: check that coded slice positions and interlacing match.
vc1dec: Do not ignore ff_vc1_parse_frame_header_adv return value
configure: Move parts that should not be user-selectable to CONFIG_EXTRA
lavf: remove commented out cruft in avformat_find_stream_info()
...
Conflicts:
Makefile
configure
libavcodec/vc1dec.c
libavcodec/x86/h264_deblock.asm
libavcodec/x86/h264_deblock_10bit.asm
libavcodec/x86/h264dsp_mmx.c
libavfilter/version.h
libavformat/mp3dec.c
libavformat/utils.c
libavformat/wv.c
libavutil/x86/x86inc.asm
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This fixes out of array writes
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>
* qatar/master:
configure: Check for CommandLineToArgvW
vc1dec: Do not use random pred_flag if motion vector data is skipped
vp8: Enclose pthread function calls in ifdefs
snow: refactor code to work around a compiler bug in MSVC.
vp8: Include the thread headers before using the pthread types
configure: Check for getaddrinfo in ws2tcpip.h, too
vp8: implement sliced threading
vp8: move data from VP8Context->VP8Macroblock
vp8: refactor decoding a single mb_row
doc: update api changes with the right commit hashes
mem: introduce av_malloc_array and av_mallocz_array
Conflicts:
configure
doc/APIchanges
libavcodec/vp8.c
libavutil/mem.h
libavutil/version.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
rtpdec_asf: Set the no_resync_search option for the chained asf demuxer
asfdec: Add an option for not searching for the packet markers
cosmetics: Clean up the tiffenc pix_fmts declaration to match the style of others
cosmetics: Align codec declarations
cosmetics: Convert mimic.c to utf-8
avconv: remove an unused function parameter.
avconv: remove now pointless variables.
avconv: drop support for building without libavfilter.
nellymoserenc: fix crash due to memsetting the wrong area.
libavformat: Only require first packet to be known for audio/video streams
avplay: Don't try to scale timestamps if the tb isn't set
Conflicts:
Changelog
configure
ffmpeg.c
libavcodec/aacenc.c
libavcodec/bmpenc.c
libavcodec/dnxhddec.c
libavcodec/dnxhdenc.c
libavcodec/ffv1.c
libavcodec/flacenc.c
libavcodec/fraps.c
libavcodec/huffyuv.c
libavcodec/libopenjpegdec.c
libavcodec/mpeg12enc.c
libavcodec/mpeg4videodec.c
libavcodec/pamenc.c
libavcodec/pgssubdec.c
libavcodec/pngenc.c
libavcodec/qtrleenc.c
libavcodec/rawdec.c
libavcodec/sgienc.c
libavcodec/tiffenc.c
libavcodec/v210dec.c
libavcodec/wmv2dec.c
libavformat/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Also break some long lines, remove codec function placeholder comments
and add spaces in sample/pixel format lists.
Signed-off-by: Martin Storsjö <martin@martin.st>
* qatar/master:
make av_interleaved_write_frame() flush packets when pkt is NULL
mpegts: Fix dead error checks
vc1: Do not read from array if index is invalid.
targa: convert to bytestream2.
rv34: set mb_num_left to 0 after finishing a frame
Conflicts:
libavcodec/targa.c
libavcodec/vc1data.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This way it catches all cases, and prevents later segfaults.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (29 commits)
sbrdsp.asm: convert all instructions to float/SSE ones.
dv: cosmetics.
dv: check buffer size before reading profile.
Revert "AAC SBR: group some writes."
udp: Print an error message if bind fails
cook: extend channel uncoupling tables so the full bit range is covered.
roqvideo: cosmetics.
roqvideo: convert to bytestream2 API.
dca: don't use av_clip_uintp2().
wmall: fix build with -DDEBUG enabled.
smc: port to bytestream2 API.
AAC SBR: group some writes.
dsputil: remove shift parameter from scalarproduct_int16
SBR DSP: unroll sum_square
rv34: remove dead code in intra availability check
rv34: clean a bit availability checks.
v4l2: update documentation
tgq: convert to bytestream2 API.
parser: remove forward declaration of MpegEncContext
dca: prevent accessing static arrays with invalid indexes.
...
Conflicts:
doc/indevs.texi
libavcodec/Makefile
libavcodec/dca.c
libavcodec/dvdata.c
libavcodec/eatgq.c
libavcodec/mmvideo.c
libavcodec/roqvideodec.c
libavcodec/smc.c
libswscale/output.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (29 commits)
amrwb: remove duplicate arguments from extrapolate_isf().
amrwb: error out early if mode is invalid.
h264: change underread for 10bit QPEL to overread.
matroska: check buffer size for RM-style byte reordering.
vp8: disable mmx functions with sse/sse2 counterparts on x86-64.
vp8: change int stride to ptrdiff_t stride.
wma: fix invalid buffer size assumptions causing random overreads.
Windows Media Audio Lossless decoder
rv10/20: Fix slice overflow with checked bitstream reader.
h263dec: Disallow width/height changing with frame threads.
rv10/20: Fix a buffer overread caused by losing track of the remaining buffer size.
rmdec: Honor .RMF tag size rather than assuming 18.
g722: Fix the QMF scaling
r3d: don't set codec timebase.
electronicarts: set timebase for tgv video.
electronicarts: parse the framerate for cmv video.
ogg: don't set codec timebase
electronicarts: don't set codec timebase
avs: don't set codec timebase
wavpack: Fix an integer overflow
...
Conflicts:
libavcodec/arm/vp8dsp_init_arm.c
libavcodec/fraps.c
libavcodec/h264.c
libavcodec/mpeg4videodec.c
libavcodec/mpegvideo.c
libavcodec/msmpeg4.c
libavcodec/pnmdec.c
libavcodec/qpeg.c
libavcodec/rawenc.c
libavcodec/ulti.c
libavcodec/vcr1.c
libavcodec/version.h
libavcodec/wmalosslessdec.c
libavformat/electronicarts.c
libswscale/ppc/yuv2rgb_altivec.c
tests/ref/acodec/g722
tests/ref/fate/ea-cmv
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of bounds read.
Checked against SMPTE 421M-2006
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
mov: Use defines for sample flags in fragments
mov: Use defines for trun flags
mov: Use defines for tfhd flags
proresenc: force bitrate not to exceed given limit
vc1parse: call vc1_init_common().
wma: don't return 0 on invalid packets.
asf: prevent packet_size_left from going negative if hdrlen > pktlen.
mjpegb: don't return 0 at the end of frame decoding.
rtpdec: Identify incorrectly signalled H263
vp8dsp: split long line.
aiff: don't skip block_align==0 check on COMM-after-SSND files.
dpcm: ignore extra unpaired bytes in stereo streams.
mp3on4: require a minimum framesize.
mpc7: assign an error level + context to av_log() msg.
huffyuv: error out on bit overrun.
dct-test: Add the missing ff_ prefix to the altivec functions
dct-test: Remove a stray declaration of a nonexistent function
movenc: Write the unknown duration as 64 bit fields in ismv
movenc: Write track durations with all bits set if duration is unknown
Conflicts:
libavcodec/dct-test.c
libavcodec/wmadec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
The parser uses VLC tables initialized in vc1_common_init(), therefore
we should call this function on parser init also.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
* qatar/master:
shorten: Use separate pointers for the allocated memory for decoded samples.
atrac3: Fix crash in tonal component decoding.
ws_snd1: Fix wrong samples counts.
movenc: Don't set a default sample duration when creating ismv
rtp: Factorize the check for distinguishing RTCP packets from RTP
golomb: avoid infinite loop on all-zero input (or end of buffer).
bethsoftvid: synchronize video timestamps with audio sample rate
bethsoftvid: add audio stream only after getting the first audio packet
bethsoftvid: Set video packet duration instead of accumulating pts.
bethsoftvid: set packet key frame flag for audio and I-frame video packets.
bethsoftvid: fix read_packet() return codes.
bethsoftvid: pass palette in side data instead of in a separate packet.
sdp: Ignore RTCP packets when autodetecting RTP streams
proresenc: initialise 'sign' variable
mpegaudio: replace memcpy by SIMD code
vc1: prevent using last_frame as a reference for I/P first frame.
Conflicts:
libavcodec/atrac3.c
libavcodec/golomb.h
libavcodec/shorten.c
libavcodec/ws-snd1.c
tests/ref/fate/bethsoft-vid
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (22 commits)
frwu: Employ more meaningful return values.
fraps: Use av_fast_padded_malloc() instead of av_realloc()
mjpegdec: use av_fast_padded_malloc()
eatqi: use av_fast_padded_malloc()
asv1: use av_fast_padded_malloc()
avcodec: Add av_fast_padded_malloc().
swscale: enable dithering in MMX functions.
swscale: make rgb24 function macros slightly smaller.
avcodec.h: Remove some disabled cruft.
swscale: remove obsolete comment.
swscale-test: Drop unused argc and argv arguments from main().
zmbv: Employ more meaningful return values.
zmbvenc: Employ more meaningful return values.
vc1: prevent null pointer dereference on broken files
zmbv: check av_realloc() return values and avoid memleaks on ENOMEM
truespeech: align buffer
ac3: Do not read past the end of ff_ac3_band_start_tab.
dv: Fix small stack overread related to CVE-2011-3929 and CVE-2011-3936.
dv: Fix null pointer dereference due to ach=0
dv: check stype
...
Conflicts:
doc/APIchanges
libavcodec/asv1.c
libavcodec/avcodec.h
libavcodec/eatqi.c
libavcodec/fraps.c
libavcodec/frwu.c
libavcodec/zmbv.c
libavformat/dv.c
libswscale/swscale.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
MVDATA may or may not be transmitted. If it is not, both
dmv_x and dmv_y is to be assumed zero.
This may not trigger wrong picture in all systems, but
it's a bug nevertheless. Fixes SA10116.vc1 on my 64-bit
Windows 7.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
* qatar/master: (29 commits)
cabac: Move code only used within the CABAC test program into the test program.
vp56: Drop unnecessary cabac.h #include.
h264-test: Initialize AVCodecContext.av_class.
build: Skip compiling network.h and rtsp.h if networking is not enabled.
cosmetics: drop some pointless parentheses
Disable annoying warning without changing behavior
faq: Solutions for common problems with sample paths when running FATE.
avcodec: attempt to clarify the CODEC_CAP_DELAY documentation
avcodec: fix avcodec_encode_audio() documentation.
FATE: xmv-demux test; exercise the XMV demuxer without decoding the perceptual codecs inside.
vqf: recognize more metadata chunks
FATE test: BMV demuxer and associated video and audio decoders.
FATE: indeo4 video decoder test.
FATE: update xxan-wc4 test to a sample with more code coverage.
Change the recent h264_mp4toannexb bitstream filter test to output to an elementary stream rather than a program stream.
g722enc: validate AVCodecContext.trellis
g722enc: set frame_size, and also handle an odd number of input samples
g722enc: split encoding into separate functions for trellis vs. no trellis
mpegaudiodec: Use clearer pointer math
tta: Fix returned error code at EOF
...
Conflicts:
libavcodec/h264.c
libavcodec/indeo3.c
libavcodec/interplayvideo.c
libavcodec/ivi_common.c
libavcodec/libxvidff.c
libavcodec/mpegvideo.c
libavcodec/ppc/mpegvideo_altivec.c
libavcodec/tta.c
libavcodec/utils.c
libavfilter/vsrc_buffer.c
libavformat/Makefile
tests/fate/indeo.mak
tests/ref/acodec/g722
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (46 commits)
mtv: Make sure audio_subsegments is not 0
v4l2: use V4L2_FMT_FLAG_EMULATED only if it is defined
avconv: add symbolic names for -vsync parameters
flvdec: Fix compiler warning for uninitialized variables
rtsp: Fix compiler warning for uninitialized variable
ulti: convert to new bytestream API.
swscale: Use standard multiple inclusion guards in ppc/ header files.
Place some START_TIMER invocations in separate blocks.
v4l2: list available formats
v4l2: set the proper codec_tag
v4l2: refactor device_open
v4l2: simplify away io_method
v4l2: cosmetics
v4l2: uniform and format options
v4l2: do not force interlaced mode
avio: exit early in fill_buffer without read_packet
vc1dec: fix invalid memory access for small video dimensions
rv34: fix invalid memory access for small video dimensions
rv34: joint coefficient decoding and dequantization
avplay: Don't call avio_set_interrupt_cb(NULL)
...
Conflicts:
Changelog
avconv.c
doc/APIchanges
doc/indevs.texi
libavcodec/adxenc.c
libavcodec/dnxhdenc.c
libavcodec/h264.c
libavdevice/v4l2.c
libavformat/flvdec.c
libavformat/mtv.c
libswscale/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
For small video dimensions, these calculations of the upper bound
for pixel access may have a negative result. Using an unsigned
comparison to bound a potentially negative value only works if
the greater operand is non-negative. Fixed by doing edge emulation
when the upper bound is probably negative, everywhere that this
pattern appears.
Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>
* qatar/master:
lavc: always align height by 32 pixel
raw: add 10bit YUV definitions
nut: support 10bit YUV
mpegvideo_enc: separate declarations and statements
oma: make header compile standalone
vp3: Reorder some functions to fix VP3 build with Theora disabled.
build: fix standalone compilation of ADX encoder
build: fix standalone compilation of ADPCM decoders
build: fix standalone compilation of mpc7/mpc8 decoders
4xm: Use bytestream2 functions to prevent overreads
bytestream: add a new set of bytestream functions with overread checking
mpegts: Suppress invalid timebase warnings on DMB streams.
mpegts: Fix typo in handling sections in the PMT.
vc1dec: Use the right pointer type for the tmp pointer
Conflicts:
libavcodec/4xm.c
libavcodec/utils.c
libavcodec/vc1dec.c
libavcodec/vp3.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>