Commit Graph

17297 Commits

Author SHA1 Message Date
Michael Niedermayer
ddf0c1d86a diracdec: Check num_refs.
Fixes: CVE-2011-3950

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-26 17:05:57 +01:00
Michael Niedermayer
e2291ea153 diracdec: Check dirac_unpack_idwt_params parameters before storing them.
Fixes CVE-2011-3949

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-26 17:05:57 +01:00
Michael Niedermayer
46095f427e mp3dec: Check for memcpy size to be positive.
No, ive no testcase.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-26 03:30:46 +01:00
Thierry Foucu
10e9d1f76b Fix a heap-buffer-overflow
In some case, what left to read from ptr is smaller than EXTRABYTES.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-26 03:28:12 +01:00
Michael Niedermayer
3c5fe5b527 Merge remote-tracking branch 'qatar/master'
* qatar/master: (22 commits)
  wma: Clip WMA1 and WMA2 frame length to 11 bits.
  movenc: Don't require frame_size to be set for modes other than mov
  doc: Update APIchanges with info on muxer flushing
  movenc: Reindent a block
  tools: Remove some unnecessary #undefs.
  rv20: prevent calling ff_h263_decode_mba() with unset height/width
  tools: K&R reformatting cosmetics
  Ignore generated aviocat and ismindex tools.
  build: Automatically include architecture-specific library Makefile snippets.
  indeo5: prevent null pointer dereference on broken files
  pktdumper: Use usleep instead of sleep
  cosmetics: Remove some unnecessary block braces.
  Drop unnecessary prefix from *sink* variable and struct names.
  Add a tool for creating smooth streaming manifests
  movdec: Calculate an average bit rate for fragmented streams, too
  movenc: Write the sample rate instead of time scale in the stsd atom
  movenc: Add a separate ismv/isma (smooth streaming) muxer
  movenc: Allow the caller to decide on fragmentation
  libavformat: Add a flag for muxers that support write_packet(NULL) for flushing
  movenc: Add support for writing fragmented mov files
  ...

Conflicts:
	Changelog
	cmdutils.c
	cmdutils.h
	doc/APIchanges
	ffmpeg.c
	ffplay.c
	libavfilter/Makefile
	libavformat/Makefile
	libavformat/avformat.h
	libavformat/movenc.c
	libavformat/movenc.h
	libavformat/version.h
	tools/graph2dot.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-26 02:23:56 +01:00
Michael Niedermayer
01e5e97026 mjpegbdec: Fix incorrect bitstream buffer size.
Fixes CVE-2011-3947

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-25 23:56:09 +01:00
Paul B Mahol
dd453f197c r210, r10k and avrp encoder
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-25 23:40:06 +01:00
Michael Niedermayer
807a045ab7 kgv1dec: Increase offsets array size so it is large enough.
Fixes CVE-2011-3945

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-25 23:25:45 +01:00
Michael Niedermayer
1285baaab5 smackerdec: Check that the last indexes are within the table.
Fixes CVE-2011-3944

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-25 22:32:11 +01:00
Alex Converse
d78bb1a4b2 wma: Clip WMA1 and WMA2 frame length to 11 bits.
The MDCT buffers in the decoder are only sized for up to 11 bits. The
reverse engineered documentation for WMA1/2 headers say that that for
all samplerates above 32kHz 11 bits are used. 12 and 13 bit support
were added for WMAPro. I was unable to make any Microsoft tools generate
a test file at a samplerate above 48kHz.

Discovered by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind

CC: libav-stable@libav.org
2012-01-25 12:31:37 -08:00
Michael Niedermayer
247d30a7db vp3: Copy all 3 frames for thread updates.
This fixes a double release of the current frame on deinit.
Fixes CVE-2011-3934

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-25 21:12:00 +01:00
Hendrik Leppkes
6071644287 indeo3: fix motion vector validation
The index of the motion vector has to be checked before being
multiplied by 2 for the array index.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-25 18:55:32 +01:00
Janne Grunau
c3e10ae412 rv20: prevent calling ff_h263_decode_mba() with unset height/width
Prevents a crash of VLC during playback of a invalid matroska file,
found by John Villamil <johnv@matasano.com>.

CC: libav-stable@libav.org
2012-01-25 16:18:54 +01:00
Diego Biurrun
07a873a277 build: Automatically include architecture-specific library Makefile snippets. 2012-01-25 15:04:28 +01:00
Janne Grunau
366ac22ea5 indeo5: prevent null pointer dereference on broken files
Found by John Villamil <johnv@matasano.com>
2012-01-25 14:31:57 +01:00
Diego Biurrun
33ad8c3cab cosmetics: Remove some unnecessary block braces. 2012-01-25 13:14:49 +01:00
Ronald S. Bultje
c3af52fa8b dsputil: use vertical component for drawing bottom edge.
Current code only writes 8 pixels of vertical edge for YUV422, which
causes MC artifacts when subsequent frames use data from that edge.
2012-01-25 18:06:36 +08:00
Michael Niedermayer
59e95fa4a8 h263dec: Disallow width/height changing with frame threads.
Fixes CVE-2011-3937

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-25 06:48:30 +01:00
Carl Eugen Hoyos
7988dd1b9a Fix multi-channel encoding with libfaac. 2012-01-25 03:51:49 +01:00
Michael Niedermayer
1d9569f9e8 Merge remote-tracking branch 'qatar/master'
* qatar/master: (23 commits)
  aacenc: Fix identification padding when the bitstream is already aligned.
  aacenc: Write correct length for long identification strings.
  aud: remove unneeded field, audio_stream_index from context
  aud: fix time stamp calculation for ADPCM IMA WS
  aud: simplify header parsing
  aud: set pts_wrap_bits to 64.
  cosmetics: indentation
  aud: support Westwood SND1 audio in AUD files.
  adpcm_ima_ws: fix stereo decoding
  avcodec: add a new codec_id for CRYO APC IMA ADPCM.
  vqa: remove unused context fields, audio_samplerate and audio_bits
  vqa: clean up audio header parsing
  vqa: set time base to frame rate as coded in the header.
  vqa: set packet duration.
  vqa: use 1/sample_rate as the audio stream time base
  vqa: set stream start_time to 0.
  lavc: postpone the removal of AVCodecContext.request_channels.
  lavf: postpone removing av_close_input_file().
  lavc: postpone removing old audio encoding and decoding API
  avplay: remove the -er option.
  ...

Conflicts:
	Changelog
	libavcodec/version.h
	libavdevice/v4l.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-24 22:53:59 +01:00
Alex Converse
efe68076da aacenc: Fix identification padding when the bitstream is already aligned. 2012-01-24 12:55:21 -08:00
Michael Niedermayer
cdfe94c5ab aacenc: Write correct length for long identification strings.
When the length is the escape value (15), the new length is calculated by
15 + get_bits(8) - 1.

Signed-off-by: Alex Converse <alex.converse@gmail.com>
2012-01-24 12:54:59 -08:00
Michael Niedermayer
c77be3a35a error concealment: initialize block index.
Fixes CVE-2011-3941 (out of bounds write)

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-24 21:08:41 +01:00
Justin Ruggles
02e7dbf5ad adpcm_ima_ws: fix stereo decoding
Stereo ADPCM IMA WS is planar for VQA version 3 and 2-sample interleaved for
VQA version 2.
2012-01-24 14:13:46 -05:00
Justin Ruggles
220506d23f avcodec: add a new codec_id for CRYO APC IMA ADPCM.
The stereo layout and extradata is significantly different from that in
Westwood IMA ADPCM, so a separate codec_id is warranted.
2012-01-24 14:13:41 -05:00
Anton Khirnov
1381e9bc92 lavc: postpone the removal of AVCodecContext.request_channels.
Although it has been deprecated for a long time, its intended
replacement (request_channel_layout) is not actually used anywhere, so
request_channels is currently the only way to access that functionality.
2012-01-24 18:04:19 +01:00
Anton Khirnov
af0292f33a lavc: postpone removing old audio encoding and decoding API
It has been deprecated only recently.
2012-01-24 18:04:19 +01:00
Michael Niedermayer
beb19a0444 h264: Disallow w/h/pixfmt changes for frame threads.
Previously this was just checked in case of slice threads,
but frame threads do not support this either currently.

Making them support this is of course the long term goal

Fixes bug155

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-24 15:36:38 +01:00
Michael Niedermayer
b2be1dabb1 mpegvideo: Draw edges based on the pictures linesize instead of the contexts.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-24 15:36:38 +01:00
Michael Niedermayer
0bb57f8bf0 Merge remote-tracking branch 'qatar/master'
* qatar/master:
  Remove ffmpeg.
  aacenc: Simplify windowing
  aacenc: Move saved overlap samples to the beginning of the same buffer as incoming samples.
  aacenc: Deinterleave input samples before processing.
  aacenc: Store channel count in AACEncContext.
  aacenc: Move Q^3/4 calculation to it's own table
  aacenc: Request normalized float samples instead of converting s16 samples to float.
  aacpsy: Replace an if with FFMAX in LAME windowing.
  aacenc: cosmetics, replace 'rd' with 'bits' in codebook_trellis_rate to make it more clear what is being calculated.
  aacpsy: cosmetics, change a FIXME to a NOTE about subshort comparisons
  aacenc: cosmetics: move init() and end() to the bottom of the file.
  aacenc: aac_encode_init() cleanup
  XWD encoder and decoder
  vc1: don't read the interpfrm and bfraction elements for interlaced frames
  mxfdec: fix memleak on mxf_read_close()
  westwood: split the AUD and VQA demuxers into separate files.

Conflicts:
	.gitignore
	Changelog
	Makefile
	configure
	doc/ffmpeg.texi
	ffmpeg.c
	libavcodec/Makefile
	libavcodec/aacenc.c
	libavcodec/allcodecs.c
	libavcodec/avcodec.h
	libavcodec/version.h
	libavformat/Makefile
	libavformat/img2.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-24 02:41:53 +01:00
Michael Niedermayer
b955d4072e Revert "Fix multi-channel AAC encoding."
This reverts commit b3452771c4.

A better solution was implemented by Nathan Caldwell.

Conflicts:

	libavcodec/aacenc.c
2012-01-24 02:31:56 +01:00
Janne Grunau
1d3a9e63e0 rv10: verify slice offsets against buffer size
Found by John Villamil <johnv@matasano.com> in fuzzed rv20 in mkv files.
2012-01-24 02:16:02 +01:00
Nathan Caldwell
9292fe4a1d aacenc: Simplify windowing
Signed-off-by: Alex Converse <alex.converse@gmail.com>
2012-01-23 11:40:46 -08:00
Nathan Caldwell
7946a5acfb aacenc: Move saved overlap samples to the beginning of the same buffer as incoming samples.
Signed-off-by: Alex Converse <alex.converse@gmail.com>
2012-01-23 11:40:46 -08:00
Nathan Caldwell
9b8e2a8709 aacenc: Deinterleave input samples before processing.
Signed-off-by: Alex Converse <alex.converse@gmail.com>
2012-01-23 11:40:46 -08:00
Nathan Caldwell
04af2efaae aacenc: Store channel count in AACEncContext.
Signed-off-by: Alex Converse <alex.converse@gmail.com>
2012-01-23 11:40:46 -08:00
Nathan Caldwell
80d44277e6 aacenc: Move Q^3/4 calculation to it's own table
This should be moved to tablegen at some point.

Signed-off-by: Alex Converse <alex.converse@gmail.com>
2012-01-23 11:40:46 -08:00
Nathan Caldwell
025ccf1f8b aacenc: Request normalized float samples instead of converting s16 samples to float.
Signed-off-by: Alex Converse <alex.converse@gmail.com>
2012-01-23 11:40:46 -08:00
Nathan Caldwell
6381f913d1 aacpsy: Replace an if with FFMAX in LAME windowing.
Signed-off-by: Alex Converse <alex.converse@gmail.com>
2012-01-23 11:40:45 -08:00
Nathan Caldwell
207bf44d16 aacenc: cosmetics, replace 'rd' with 'bits' in codebook_trellis_rate to make it more clear what is being calculated.
Signed-off-by: Alex Converse <alex.converse@gmail.com>
2012-01-23 11:40:45 -08:00
Nathan Caldwell
843cd4a3ed aacpsy: cosmetics, change a FIXME to a NOTE about subshort comparisons
Also fix a typo.

Signed-off-by: Alex Converse <alex.converse@gmail.com>
2012-01-23 11:40:45 -08:00
Nathan Caldwell
5310704190 aacenc: cosmetics: move init() and end() to the bottom of the file.
Signed-off-by: Alex Converse <alex.converse@gmail.com>
2012-01-23 11:40:45 -08:00
Nathan Caldwell
17ae608127 aacenc: aac_encode_init() cleanup
Macroify sanity checks and check return values of allocs and other functions.

Signed-off-by: Alex Converse <alex.converse@gmail.com>
2012-01-23 11:40:45 -08:00
David Mitchell
d150a147da Improve support for PGS subtitles.
The previous implementation assumed that a new picture would always
supersede the previous picture. Similarly, presentation segments
were assumed to pertain to the most-recently-read picture.

However, each presentation segment may refer to 0 or more pictures
by their ID. Picture IDs may repeat, and a repeated picture ID
indicates that the old picture for that ID is no longer needed
and may be discarded.

The new implementation allocates a buffer with one slot for each
possible picture ID (the picture ID is a 16-bit field) and
properly decodes presentation segments so that all relevant
pictures are output upon encountering a display segment.

Given that most PGS streams are unlikely to use more than a small
fraction of the available picture IDs, it would probably be better
to use a more memory-efficient data structure. I'm lazy though, so
I leave this to a more motivated individual.

I've tested the code with MKV files in VLC (a recent revision from
their git repo) and with HandBrake (a version that I hacked up to
use ffmpeg's PGS subtitle decoder).

Review-by: Hendrik Leppkes <h.leppkes@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-23 19:47:49 +01:00
Michael Niedermayer
cf7c7f13cd pthreads: Generic progress lubrication support.
Fixes bug118, bug120 and bug125 at least

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-23 19:47:49 +01:00
Michael Niedermayer
575d494de5 pthreads: reset got_frames on flush.
This fixes memory corruption when seeking in broken streams.
a random mpeg4 in nut file was used to debug.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-23 19:47:49 +01:00
Paul B Mahol
27ed027bcd XWD encoder and decoder
Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>
2012-01-23 19:04:35 +01:00
Hendrik Leppkes
7662a532fb vc1: don't read the interpfrm and bfraction elements for interlaced frames
This matches the spec as well as the reference decoder, and fixes a bug
with interlaced frame decoding.

Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>
2012-01-23 19:04:14 +01:00
Michael Niedermayer
feb997577b Merge remote-tracking branch 'qatar/master'
* qatar/master: (25 commits)
  riff: fix invalid av_freep() calls on EOF in ff_read_riff_info
  pam: Fix a typo that broke writing and reading PAM files.
  mxfdec: fix memleak on av_realloc failures
  mxfdec: Do not parse slices or DeltaEntryArrays.
  mxfdec: hybrid demuxing/seeking solution
  mxfdec: Add Avid's essence element key.
  mfxdec: Separate mxf_essence_container_uls for audio and video.
  mxfdec: Compute packet offsets properly.
  mxfdec: Use MaterialPackage - Track - TrackID instead of the system_item hack.
  mxfdec: use av_dlog() for 'no corresponding source package found'
  mxfdec: Make mxf->partitions sorted by offset.
  mxfdec: parse ThisPartition
  mxfdec: Speed up metadata and index parsing.
  mxfdec: Make sure DataDefinition is consistent between material track and source track.
  mxfdec: add EssenceContainer UL found in 0001GL00.MXF.A1.mxf_opatom.mxf
  mxfdec: Add hack that adjusts the n_delta calculation when system items are present.
  mxfdec: Parse IndexTableSegments and convert them into AVIndexEntry arrays.
  mxfdec: Move FooterPartition to MXFContext and make sure it is never zero.
  mxfdec: check return value of avio_seek
  mxfdec: skip to end of structural sets
  ...

Conflicts:
	configure
	libavcodec/pnm.c
	libavformat/mxfdec.c
	libavformat/riff.c
	libavformat/rtsp.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-23 01:05:20 +01:00
Philip Langdale
9bf9c314a0 CrystalHD: Back up extradata to allow decoder reinit to work.
This was a regression that came in when I switched to using the
h.264 annex b filter all the time. As the filter modifies extradata,
its use violates the statelessness assumption that exists in the
'ffmpeg' command line tool, and maybe elsewhere. It assumes that
a docoder can be reinitalised and pointed to an existing stream and
get the same results.

For now, the only way to meet this requirement is to backup the
extradata.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-22 23:40:24 +01:00