37096 Commits

Author SHA1 Message Date
Aneesh Dogra
295a7c0238 4xm: Prevent buffer overreads.
4xm decoder while decoding i2 frames can overread the buffer if proper checks
are not made.

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-01-04 21:15:50 -08:00
Aneesh Dogra
4b84f68223 4xm: pass the correct remaining buffer size to decode_i2_frame().
frame_size is the number of bytes left in the packet, so if we are passing
buf-4 we can safely read frame_size+4 bytes.

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-01-04 21:10:11 -08:00
Aneesh Dogra
893f137679 4xm: fix calculation of the next output line position in decode_i2_frame().
The current code doesn't work unless width is an exact multiple of 16.

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-01-04 21:09:22 -08:00
Michael Niedermayer
7f83db3124 Merge remote-tracking branch 'qatar/master'
* qatar/master: (46 commits)
  mtv: Make sure audio_subsegments is not 0
  v4l2: use V4L2_FMT_FLAG_EMULATED only if it is defined
  avconv: add symbolic names for -vsync parameters
  flvdec: Fix compiler warning for uninitialized variables
  rtsp: Fix compiler warning for uninitialized variable
  ulti: convert to new bytestream API.
  swscale: Use standard multiple inclusion guards in ppc/ header files.
  Place some START_TIMER invocations in separate blocks.
  v4l2: list available formats
  v4l2: set the proper codec_tag
  v4l2: refactor device_open
  v4l2: simplify away io_method
  v4l2: cosmetics
  v4l2: uniform and format options
  v4l2: do not force interlaced mode
  avio: exit early in fill_buffer without read_packet
  vc1dec: fix invalid memory access for small video dimensions
  rv34: fix invalid memory access for small video dimensions
  rv34: joint coefficient decoding and dequantization
  avplay: Don't call avio_set_interrupt_cb(NULL)
  ...

Conflicts:
	Changelog
	avconv.c
	doc/APIchanges
	doc/indevs.texi
	libavcodec/adxenc.c
	libavcodec/dnxhdenc.c
	libavcodec/h264.c
	libavdevice/v4l2.c
	libavformat/flvdec.c
	libavformat/mtv.c
	libswscale/utils.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-05 02:03:12 +01:00
Michael Niedermayer
c4eec85a1f Revert "rmdec: Avoid allocating huge packets"
This reverts commit 66f71f3b5e2e7b6e5049bd9831c371e16aff8a53.

This causes regressions with RDT.
2012-01-05 00:51:12 +01:00
Michael Niedermayer
ad8e3304f7 lavf: use avg_frame_rate and packet number to exit find_stream_info
qatar does this too but clobbers the AVPacket.duration by approximate
values.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-05 00:49:45 +01:00
Michael Niedermayer
1171d938af lavf: revert commit bb99ae3ae924c942a634bec7711ec7ee11c38eb9
Author: Michael Niedermayer <michaelni@gmx.at>
	Date:   Thu Nov 3 22:38:10 2011 +0100

	    lavf: fix null pointer dereference in rdt

	    Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

This is no longer needed and causes various problems with RTSP

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-05 00:23:24 +01:00
Shitiz Garg
feb15cee5e mtv: Make sure audio_subsegments is not 0
audio_subsegments would be 0 and cause floating point exceptions
Fixes bugzilla #144

Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
2012-01-04 17:47:19 -05:00
Michael Niedermayer
ff7f198d7f vorbis: make sure ch is non zero before calling vorbis_residue_decode
This possibly makes part of the CVE-2011-3895 fix unneeded.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-04 21:58:08 +01:00
Chris Evans
f74ce3a60d vorbis: An additional defense in the Vorbis codec.
BUG=101458
Review URL: http://codereview.chromium.org/8414025

Fixes second part of CVE-2011-3895

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-04 21:58:08 +01:00
Chris Evans
68226ed9ec vorbis: Fix decoder bug.
BUG=101458
Review URL: http://codereview.chromium.org/8413019

This fixes part of 2011-3895

bigned-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-04 21:58:08 +01:00
Michael Niedermayer
405e99bdfd vorbisdec: Make sure blocksize is not set to an invalid value.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-04 21:58:08 +01:00
Michael Niedermayer
6fcf2bb8af vorbis: Fix last quarter of CVE-2011-3893
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-04 21:58:08 +01:00
Chris Evans
7149fce2ca ogg: Avoid the possibility to read out-of-bounds of a static global array in Vorbis
decoding.

BUG=100543
Review URL: http://codereview.chromium.org/8365014
This fixes 25% of CVE-2011-3893

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-04 21:58:08 +01:00
Chris Evans
f35e037c93 mkv: Fix a bug where a pointer was cached to an array that might later move due to
a realloc()

BUG=100492
Review URL: http://codereview.chromium.org/8366004
Fixes: 1 of 2 for CVE-2011-3893

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-04 21:58:08 +01:00
Janne Grunau
f13a9ca906 v4l2: use V4L2_FMT_FLAG_EMULATED only if it is defined
V4L2_FMT_FLAG_EMULATED was added in 2.6.32.
2012-01-04 21:34:29 +01:00
Anton Khirnov
e8c04f6240 avconv: add symbolic names for -vsync parameters 2012-01-04 21:25:25 +01:00
Jean First
2df73eefb4 flvdec: Fix compiler warning for uninitialized variables
These can't be used uninitialized in practice, but the
compiler doesn't realize it.

Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-04 22:15:47 +02:00
Jean First
4be386b318 rtsp: Fix compiler warning for uninitialized variable
This one won't ever be used uninitialized in practice, but
the compiler doesn't realize it.

Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-04 22:15:42 +02:00
Philippe Saint-Pierre
f0f2babca2 Fix possible infinite loop decoding als.
Reviewed-by: Thilo Borgmann
2012-01-04 21:00:06 +01:00
Ronald S. Bultje
89d26797f5 ulti: convert to new bytestream API. 2012-01-04 10:57:37 -08:00
Andrew Ryan
4452d58c72 Insert missing newline at end of error log message in mov demuxer. 2012-01-04 19:49:21 +01:00
Carl Eugen Hoyos
84ce58faf5 Replace deprecated FF_I_TYPE with AV_PICTURE_TYPE_I in v308 and yuv4.
Found-by: Paul B Mahol
2012-01-04 19:45:46 +01:00
Diego Biurrun
3d72a6f19e swscale: Use standard multiple inclusion guards in ppc/ header files. 2012-01-04 16:39:37 +01:00
Carl Eugen Hoyos
17edc370b2 yuv4 libquicktime packed 4:2:0 encoder and decoder.
Reviewed-by: Derek Buitenhuis
Reviewed-by: Paul B Mahol
2012-01-04 15:37:59 +01:00
Carl Eugen Hoyos
2754514787 v308 Quicktim Uncompressed 4:4:4 encoder and decoder.
Reviewed-by: Derek Buitenhuis
Reviewed-by: Paul B Mahol
2012-01-04 15:37:59 +01:00
Carl Eugen Hoyos
64e4f4836a Add decoder for Avid 1:1 10-bit RGB Packer (AVrp).
Fixes ticket #525.

Reviewed-by: Paul B Mahol
2012-01-04 15:37:58 +01:00
Diego Biurrun
00a1cdd264 Place some START_TIMER invocations in separate blocks.
This fixes compilation failures related to START_TIMER/STOP_TIMER macros and
-Werror=declaration-after-statement.  START_TIMER declares variables and thus
may not be placed after statements outside of a new block.
2012-01-04 15:05:49 +01:00
Clément Bœsch
dc7ad85c40 doc: use @command{} for commands. 2012-01-04 13:21:08 +01:00
Clément Bœsch
837126568c doc: use @code{} for --{enable,disable}-options. 2012-01-04 13:21:08 +01:00
Luca Barbato
a6a4793d04 v4l2: list available formats
Make use of the experimental framesize enumeration ioctl if available.
2012-01-04 13:10:20 +01:00
Luca Barbato
cd2bbad303 v4l2: set the proper codec_tag
Unbreak direct streamcopy.
2012-01-04 13:10:20 +01:00
Luca Barbato
eb89b4fc09 v4l2: refactor device_open
Check capabilities directly in the function, further simplify the code.
2012-01-04 13:10:20 +01:00
Luca Barbato
246007d370 v4l2: simplify away io_method
Only mmap is supported.
2012-01-04 13:10:20 +01:00
Luca Barbato
a896d7f45a v4l2: cosmetics 2012-01-04 13:10:20 +01:00
Luca Barbato
21aa6ae4fb v4l2: uniform and format options 2012-01-04 13:10:20 +01:00
Luca Barbato
af7123b2ad v4l2: do not force interlaced mode
Video4linux2 supports both interlaced and non-interlaced mode, do not
ask for interlaced if not necessary.
2012-01-04 13:10:20 +01:00
Janne Grunau
a2d1d21629 avio: exit early in fill_buffer without read_packet
Fixes an invalid free() with ass in avi. The sample in bug 98 passes
parts of AVPacket.data as buffer for the AVIOContext. Since the packet
is quite large fill_buffer tries to reallocate the buffer before doing
nothing. Fixes bug 98.
2012-01-04 11:18:24 +01:00
John Brooks
d209c27b09 vc1dec: fix invalid memory access for small video dimensions
For small video dimensions, these calculations of the upper bound
for pixel access may have a negative result. Using an unsigned
comparison to bound a potentially negative value only works if
the greater operand is non-negative. Fixed by doing edge emulation
when the upper bound is probably negative, everywhere that this
pattern appears.

Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>
2012-01-04 10:35:26 +01:00
John Brooks
aacf6b3a2f rv34: fix invalid memory access for small video dimensions
For small video dimensions calculations of the upper bound for pixel
access may result in negative value. Using an unsigned comparison
works only if the greater operand is non-negative. This is fixed by
doing edge emulation explicitly for such conditions.

Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>
2012-01-04 10:32:23 +01:00
Christophe GISQUET
98f24ecd6c rv34: joint coefficient decoding and dequantization
Perform dequantization while decoding coefficients instead of performing it
on the entire coefficients buffer.

Since quantized coefficients are very sparse, this usually causes a small
speedup. Speedup of around 1% on Panda board compared to the removed here
neon code. Global speedup is probably around 3%.

Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>
2012-01-04 10:30:01 +01:00
Martin Storsjö
0749720b6c avplay: Don't call avio_set_interrupt_cb(NULL)
Since we don't use avio_set_interrupt_cb for interrupt callbacks,
we don't need to call it to reset the interrupt cb either.

This avoids a warning about use of deprecated functions.

Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-04 11:03:45 +02:00
Michael Niedermayer
15b219fae9 jpegdec: Fix vlc table check for progressive jpegs.
Fixes Ticket834

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-04 05:03:15 +01:00
Ronald S. Bultje
6b3995ccd1 swscale: remove obsolete comment. 2012-01-03 20:02:17 -08:00
Ronald S. Bultje
6ea64339c5 swscale: split scale.asm.
scale.asm keeps horizontal scaling functions, whereas output.asm gets
the vertical scaling/output functions.
2012-01-03 20:02:07 -08:00
Ronald S. Bultje
9ea3501d87 swscale: don't show full-chroma-int warning for non-RGB output.
Non-RGB output always uses full chroma interpolation.
2012-01-03 20:01:21 -08:00
Ronald S. Bultje
f910dbcdb0 swscale: add MMX files to MMX-OBJS instead of OBJS. 2012-01-03 20:01:15 -08:00
Ronald S. Bultje
400ba1d735 h264: return index in buffer on end-of-sequence.
Fixes hangs if the last packet contains an end-of-sequence NAL unit,
bug 158.
2012-01-03 19:50:22 -08:00
Michael Niedermayer
6072a19b4f lavf: Fix try_decode_frame() so it doesnt loop infinitely.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-04 04:08:46 +01:00
Michael Niedermayer
f37174bc19 electronicarts: Pass error through ea_read_header().
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-04 04:02:22 +01:00