17888 Commits

Author SHA1 Message Date
Michael Niedermayer
ac921338a4 jpeg2000: Correctly calculate sgnd
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-07-02 20:05:44 +02:00
Michael Niedermayer
fd54dd028b jpeg2000: check len before parsing header
Avoid overread.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-07-02 20:05:44 +02:00
Michael Niedermayer
eae63e3c15 jpeg2000: Check component number in get_coc() and get_qcc()
Avoid overreads.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Nicolas Bertrand <nicoinattendu@gmail.com>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-07-02 20:05:44 +02:00
Michael Niedermayer
17e5d614a8 jpeg2000: Check zero bit-plane validity
Prevent integer overflows.

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-07-02 20:05:44 +02:00
Luca Barbato
7e201d575d jpeg2000: Validate block lengthinc
Currently we are using an array with a static data size.

Similar to a patch with the same purpose by Michael Niedermayer.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-07-02 20:05:44 +02:00
Michael Niedermayer
278a923c51 jpeg2000: Validate SIZ parsing
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-07-02 20:05:44 +02:00
Michael Niedermayer
d3cb302b88 jpeg2000: Validate SOT parsing
Avoid some overreads.

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-07-02 20:05:44 +02:00
Michael Niedermayer
1a3598aae7 jpeg2000: Use bytestream2
Prevent a number of overreads.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-07-02 20:05:43 +02:00
Luca Barbato
5efadcb8cd jpeg2000: Clean up return paths and error messages
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-07-02 20:05:43 +02:00
Luca Barbato
be3271009e jpeg2000: Define the maximum decomposition levels
And define the resolution levels according.

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-07-02 20:05:43 +02:00
Michael Niedermayer
fbcc03db8f jpeg2000: Check code-block size
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Signed-off-by: Nicolas Bertrand <nicoinattendu@gmail.com>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-07-02 20:05:43 +02:00
Luca Barbato
5650e331a7 jpeg2000: Validate resolution levels
There are 32 maximum decomposition levels, thus 33 resolution levels.

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-07-02 20:05:43 +02:00
Luca Barbato
8bd9039900 Revert "indeo5: reject negative motion vectors"
Negative motion vectors are possible.

This reverts commit 1194a410807bac3eafbeb632578b937656d273e7.
2013-07-01 06:49:46 +02:00
Luca Barbato
b36e1893ef indeo: check for reference when inheriting mvs
The same is done already for qdelta.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2013-07-01 04:20:58 +02:00
Luca Barbato
1194a41080 indeo5: reject negative motion vectors
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2013-07-01 04:20:51 +02:00
Luca Barbato
dd3754a488 indeo: use proper error code 2013-07-01 04:17:46 +02:00
Luca Barbato
7388c0c586 indeo: Properly forward the error codes
If the tile data size does not match the buffer size it did not
return an AVERROR_INVALIDDATA causing futher corruption later.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2013-07-01 04:17:46 +02:00
Loren Merritt
1221bb6239 x86: lpc: fix a segfault in av_evaluate_lls_sse2() 2013-06-30 23:11:19 +00:00
Luca Barbato
6765ee7b9c mjpeg: Check the unescaped size for overflows
And contextually check init_get_bits success and fix the reporting
message.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2013-06-30 08:48:51 +02:00
Luca Barbato
7520d9779c mjpeg: Move code out of else branch
Simplify the control flow and spare some vertical space.
2013-06-30 08:46:55 +02:00
Luca Barbato
02ec656af7 wmapro: error out on impossible scale factor offsets
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2013-06-29 18:11:59 +02:00
Luca Barbato
d4a217a408 wmapro: check the min_samples_per_subframe
Must be at least WMAPRO_BLOCK_MIN_SIZE.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2013-06-29 18:11:40 +02:00
Luca Barbato
183880cfc4 pictor: use the correct logging context
Broken in 6d97484d72e33f7dde9493a9ead1a72e2f029605
2013-06-29 18:11:12 +02:00
Loren Merritt
c93ccf5a4c lpc: use levinson for the first pass of multipass cholesky
Levinson is faster, and cholesky is only needed if we want to apply different
weights to different samples, which doesn't happen on the first pass.

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-06-29 13:26:52 +02:00
Loren Merritt
502ab21af0 x86: lpc: simd av_update_lls
4x-6x faster on sandybridge

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-06-29 13:23:57 +02:00
Loren Merritt
41578f70cf lpc: use function pointers, in preparation for asm
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-06-29 13:23:57 +02:00
Loren Merritt
cc6714bb16 lpc: remove "decay" argument
We never used the rolling-average mode, and this makes av_update_lls 15% faster.

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-06-29 13:23:57 +02:00
Luca Barbato
3822936252 wmapro: check num_vec_coeffs against the actual available buffer
Prevent yet another buffer overwrite.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2013-06-28 13:16:35 +02:00
Luca Barbato
6652338f43 wmapro: return early on unsupported condition
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2013-06-28 13:16:00 +02:00
Luca Barbato
e30b068ef7 wmapro: make sure there is room to store the current packet
Prevent horrid and hard to trace struct overwrite.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2013-06-28 13:15:40 +02:00
Luca Barbato
afe03092dd lavc: move put_bits_left in put_bits.h 2013-06-28 13:14:12 +02:00
Luca Barbato
07c52e2c7c aac: return meaningful errors 2013-06-27 01:22:36 +02:00
Luca Barbato
6d8629aac1 aac: K&R formatting cosmetics 2013-06-27 01:22:06 +02:00
Derek Buitenhuis
d9c89ef86b cllc: Use outbuf in RGB and ARGB functions
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2013-06-24 14:55:01 -04:00
Derek Buitenhuis
1ef6ac1071 cllc: Implement YUV support
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2013-06-24 14:54:46 -04:00
Kieran Kunhya
95d5246454 lavc: Add option to encode MPEG-2 AAC with libfdk-aac
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2013-06-24 08:03:26 +02:00
Anton Khirnov
720a1de52f lavc: free the padded last frame during audio encoding properly 2013-06-20 16:49:11 +02:00
Kostya Shishkov
bbb2945f2d smacker: check the return value of smacker_decode_tree
Also prevent a memory leak.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-06-16 15:56:50 +02:00
Kostya Shishkov
f52edef301 smacker: fix an off by one in huff.length computation
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-06-16 15:55:53 +02:00
Janne Grunau
985f34b756 utils: fix avcodec_flush_buffers pre-reference counting compatibility
The to_free AVframe must be freed just like the other ones.
Indeed, the calling application may expect all frames to be
released.

(This regression caused use-after-free in VLC with hwaccel.)

Signed-off-by: Rémi Denis-Courmont <remi@remlab.net>

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-06-16 15:10:58 +02:00
Luca Barbato
f80b60ad59 bitstream: forward error values and drop few abort() 2013-06-16 09:30:26 +02:00
Luca Barbato
f776899a17 bitstream: K&R formatting cosmetics 2013-06-16 09:30:25 +02:00
Luca Barbato
9e80eda26d h264_mp4toannexb_bsf: return a padded buffer
The code using the returned buffer might expect it to be
FF_INPUT_BUFFER_PADDING_SIZE padded as any other avpacket.
2013-06-15 16:14:45 +02:00
Luca Barbato
8d929afd25 h264_mp4toannexb_bsf: factor out extradata parsing 2013-06-15 16:14:33 +02:00
Luca Barbato
5d21ca4559 h264_mp4toannexb_bsf: K&R formatting cosmetics 2013-06-15 09:11:13 +02:00
Luca Barbato
59d7bb99b6 4xm: check bitstream_size boundary before using it
Prevent buffer overread.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2013-06-12 14:45:46 +02:00
Luca Barbato
fbd0dacc8d 4xm: refactor decode_p_block
Directly return from code 1, 2 and 6 codepaths and simplify the
remaining one to have a single overflow check and a single call to
mcdc.
2013-06-12 14:45:46 +02:00
Luca Barbato
94aefb1932 4xm: do not overread the source buffer in decode_p_block
Check for out of picture macroblocks before calling mcdc.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2013-06-12 14:45:46 +02:00
Luca Barbato
be373cb50d 4xm: do not overread the prestream buffer
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2013-06-12 14:45:46 +02:00
Luca Barbato
de2e5777e2 4xm: validate the buffer size before parsing it
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2013-06-12 14:45:46 +02:00