Commit Graph

18363 Commits

Author SHA1 Message Date
Michael Niedermayer
c3c2db49a7 Merge remote-tracking branch 'qatar/master'
* qatar/master:
  cook: expand dither_tab[], and make sure indexes into it don't overflow.
  xxan: reindent xan_unpack_luma().
  xxan: protect against chroma LUT overreads.
  xxan: convert to bytestream2 API.
  xxan: don't read before start of buffer in av_memcpy_backptr().
  vp8: convert mbedge loopfilter x86 assembly to use named arguments.
  vp8: convert inner loopfilter x86 assembly to use named arguments.

Conflicts:
	libavcodec/xxan.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-11 01:12:52 +01:00
Ronald S. Bultje
d7eabd5042 mpc: pad mpc_CC/SCF[] tables to allow for negative indices.
MPC8 allows indices of mpc_CC up to -1, and mpc_SCF up to -6, thus pad
the tables by that much on the left end.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-10 14:28:08 -08:00
Michael Niedermayer
2440040c7b vc1: add missing entries to ff_vc1_fps_nr.
Fixes out of array read

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-10 23:12:42 +01:00
Michael Niedermayer
8e9a0a3568 mpc7: check subband index
This fixes a overread

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-10 23:12:42 +01:00
Michael Niedermayer
ecc31630f9 mjpegb: Detect changing nb of planes in interlaced video.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-10 23:12:42 +01:00
Michael Niedermayer
50f4f272fe indeo3: Fix out of reference reading with NULL blocks.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-10 23:12:42 +01:00
Ronald S. Bultje
442c3a8cb1 cook: expand dither_tab[], and make sure indexes into it don't overflow.
Fixes overflows in accessing dither_tab[].

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-10 12:03:53 -08:00
Ronald S. Bultje
71af42bd96 xxan: reindent xan_unpack_luma().
It used 3-space indent instead of 4-space indent.
2012-03-10 11:57:56 -08:00
Ronald S. Bultje
f77bfa8376 xxan: protect against chroma LUT overreads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-10 11:57:17 -08:00
Ronald S. Bultje
5518827816 xxan: convert to bytestream2 API.
Protects against overreads.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-10 11:48:57 -08:00
Ronald S. Bultje
f1279e286b xxan: don't read before start of buffer in av_memcpy_backptr().
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-10 11:48:39 -08:00
Ronald S. Bultje
a928ed3751 vp8: convert mbedge loopfilter x86 assembly to use named arguments. 2012-03-10 11:36:33 -08:00
Ronald S. Bultje
bee330e300 vp8: convert inner loopfilter x86 assembly to use named arguments. 2012-03-10 11:36:33 -08:00
Reimar Döffinger
6fe8cb7d70 snowenc: add no_bitstream option.
This allows making e.g. MPlayer's -vf uspp filter about 20% faster.

Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
2012-03-10 20:17:11 +01:00
Reimar Döffinger
c4e0d845e2 snowenc: mark some encode_subband arguments const.
This makes it more obvious that this function only does bitstream
encoding.

Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
2012-03-10 20:17:11 +01:00
Reimar Döffinger
8fbf825ecc DV: Use profile[1] detection hack only for stype 0.
The two samples both have stype 0.
Without this extra check, the code breaks 4:2:2 dvsd
(stype 4), since that has the same resolution.

Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
2012-03-10 10:45:03 +01:00
Michael Niedermayer
f7b57add8e cook: tighten the quant_index_table range further.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-10 08:05:18 +01:00
Michael Niedermayer
8e31dbc1dc Merge remote-tracking branch 'qatar/master'
* qatar/master:
  Fix a bunch of common typos.
  build: Skip compiling xvmc.h under the correct condition.
  configure: darwin: Change dylib install names to include major version.
  mpegts: Always honor a registration descriptor if present and there is no other codec information.
  aacdec: Fix SCE parity check.
  aacdec: Fix out of array writes (stack).
  rtsp: Only set the ttl parameter if the server actually gave a value
  udp: Set ttl for read-write streams, too, not only for write-only ones
  udp: Only bind to the multicast address if in read-only mode
  udp: Clarify the comment about binding the multicast address
  udp: Reorder comments

Conflicts:
	libavcodec/aacdec.c
	tools/patcheck

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-10 01:12:08 +01:00
Michael Niedermayer
1af9fdc3ba snow: reject unsupported chroma shifts.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-10 00:18:29 +01:00
Stefano Sabatini
1a3d4b88a4 imgconvert: add macro pixdesc_has_alpha for checking if a pixel format has an alpha component
Reduce redundancy and simplify.
2012-03-10 00:10:09 +01:00
Diego Biurrun
ffae713a5b Fix a bunch of common typos. 2012-03-09 22:02:49 +01:00
Diego Biurrun
eab6968f24 build: Skip compiling xvmc.h under the correct condition. 2012-03-09 20:56:15 +01:00
Michael Niedermayer
744dd1d356 aacdec: Fix SCE parity check.
An unpaired SCE preceding a CPE only makes sense for front SCEs
preceding the first CPE.

Split from FFmpeg commit a8d67efa53

Signed-off-by: Alex Converse <alex.converse@gmail.com>
2012-03-09 09:47:57 -08:00
Michael Niedermayer
d53fe096e4 aacdec: Fix out of array writes (stack).
Set the element to channel vector (e2c_vec) size to be the maximum
number of aac channel elements. This makes it slightly larger than it
needs to be because CCEs are never mapped to output channel locations.

Also add a check that all input tags (legal or not) will fit.

Split from FFmpeg commit a8d67efa53

Signed-off-by: Alex Converse <alex.converse@gmail.com>
2012-03-09 09:47:57 -08:00
Carl Eugen Hoyos
19e72e0a8d Fix 32bit sunrast decoding.
This patch visually breaks the sample from ticket #895,
but decodes it identically as Gimp, ImageMagick and xview.
2012-03-09 09:17:07 +01:00
Piotr Bandurski
af55a9d80a iff: add support for IFF DEEP
Fixes trac #1045.

Thanks to Peter Ross for his help with this patch.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-09 01:55:45 +01:00
Piotr Bandurski
520cf05338 svq1dec: use AV_LOG_ERROR for error message
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-09 01:55:15 +01:00
Michael Niedermayer
a8cedbebf1 Merge remote-tracking branch 'qatar/master'
* qatar/master:
  ttadec: unbreak playback of matroska files
  vorbisdec: avoid invalid memory access
  Fix uninitialized reads on malformed ogg files.
  huffyuv: add padding to classic (v1) huffman tables.
  png: convert to bytestream2 API.
  dca: include libavutil/mathematics.h for possibly missing M_SQRT1_2
  avs: fix infinite loop on end-of-stream.
  tiffdec: Prevent illegal memory access caused by recycled pointers.
  rtpenc: Fix the AVRational used for av_rescale_q_rnd
  wma: fix off-by-one in array bounds check.

Conflicts:
	libavcodec/huffyuv.c
	libavcodec/pngdec.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-09 01:22:31 +01:00
Michael Niedermayer
a4524930d9 qpeg: remove unused var from decode_frame()
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-08 23:05:25 +01:00
Michael Niedermayer
4916a8fc44 prores_anatoliy: remove unused variable from prores_encode_frame()
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-08 23:04:22 +01:00
Paul B Mahol
ea1d64ab10 ttadec: unbreak playback of matroska files
Matroska demuxer needs to recreate tta header, so just display
crc error without aborting.

Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-03-08 11:56:45 -08:00
Aaron Colwell
12623a8026 vorbisdec: avoid invalid memory access
This fixes some invalid memory access caused later in the function
by res_chan[] not being set for all channels. This happens when a
channel doesn't appear a submap. This change simply returns a
decoder error when this situation is detected.

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-03-08 11:52:33 -08:00
Ronald S. Bultje
4ffe5e2aa5 huffyuv: add padding to classic (v1) huffman tables.
We slightly overread the input buffer, so we require
padding at the end of the buffer, as is documented in the
get_bits API. Without padding, we'll read uninitialized
data or beyond the end of the .rodata, which may crash.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-08 11:20:49 -08:00
Ronald S. Bultje
4c25269ced png: convert to bytestream2 API.
Protects against overreads in the input buffer.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-08 11:17:25 -08:00
Nicolas George
15d75dabee lavc/utils: fix three const warnings.
No change in assembly code produced on x86_64.
2012-03-08 17:13:58 +01:00
Kostya Shishkov
681e726865 dca: include libavutil/mathematics.h for possibly missing M_SQRT1_2 2012-03-08 07:16:01 +01:00
Michael Niedermayer
bf807a5e87 Merge remote-tracking branch 'qatar/master'
* qatar/master: (29 commits)
  sbrdsp.asm: convert all instructions to float/SSE ones.
  dv: cosmetics.
  dv: check buffer size before reading profile.
  Revert "AAC SBR: group some writes."
  udp: Print an error message if bind fails
  cook: extend channel uncoupling tables so the full bit range is covered.
  roqvideo: cosmetics.
  roqvideo: convert to bytestream2 API.
  dca: don't use av_clip_uintp2().
  wmall: fix build with -DDEBUG enabled.
  smc: port to bytestream2 API.
  AAC SBR: group some writes.
  dsputil: remove shift parameter from scalarproduct_int16
  SBR DSP: unroll sum_square
  rv34: remove dead code in intra availability check
  rv34: clean a bit availability checks.
  v4l2: update documentation
  tgq: convert to bytestream2 API.
  parser: remove forward declaration of MpegEncContext
  dca: prevent accessing static arrays with invalid indexes.
  ...

Conflicts:
	doc/indevs.texi
	libavcodec/Makefile
	libavcodec/dca.c
	libavcodec/dvdata.c
	libavcodec/eatgq.c
	libavcodec/mmvideo.c
	libavcodec/roqvideodec.c
	libavcodec/smc.c
	libswscale/output.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-08 02:51:45 +01:00
Ronald S. Bultje
83f15a1228 avs: fix infinite loop on end-of-stream.
The codec would keep returning the last decoded frame if the stream
contains B-frames, since it wouldn't clear that frame from the list of
frames to be returned to the user.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-07 16:33:35 -08:00
Alex Converse
fd0be63049 tiffdec: Prevent illegal memory access caused by recycled pointers.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-07 15:40:42 -08:00
Ronald S. Bultje
b4bccf3e4e wma: fix off-by-one in array bounds check.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-07 14:42:39 -08:00
Reimar Döffinger
6eda85e15b sbrdsp.asm: convert all instructions to float/SSE ones.
Since the values are floats, using the float operations
makes sense, improves performance on some CPUs and
makes the code SSE compatible instead of needing SSE2.

Based on suggestion by Jason.

Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-03-07 13:50:13 -08:00
Ronald S. Bultje
3416d0805e dv: cosmetics. 2012-03-07 13:49:41 -08:00
Ronald S. Bultje
e97efecec8 dv: check buffer size before reading profile.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-07 13:48:41 -08:00
Ronald S. Bultje
6e2821160b Revert "AAC SBR: group some writes."
This reverts commit ba36f14e5d. It
broke decoding on x86-32 on some systems.
2012-03-07 12:16:36 -08:00
Ronald S. Bultje
37cc8600d0 cook: extend channel uncoupling tables so the full bit range is covered.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-07 11:40:46 -08:00
Ronald S. Bultje
84a020efc3 roqvideo: cosmetics. 2012-03-07 11:37:25 -08:00
Ronald S. Bultje
cdf1577162 roqvideo: convert to bytestream2 API.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-07 11:37:20 -08:00
Ronald S. Bultje
93b53ffb1a dca: don't use av_clip_uintp2().
The argument is not a literal, thus causing the ARM v6 or later
builds to break.
2012-03-07 11:31:42 -08:00
Ronald S. Bultje
626964a4c4 wmall: fix build with -DDEBUG enabled. 2012-03-07 10:40:15 -08:00
Ronald S. Bultje
8febcb9fc1 smc: port to bytestream2 API.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-07 10:34:06 -08:00
Christophe Gisquet
ba36f14e5d AAC SBR: group some writes.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-03-07 10:29:52 -08:00
Christophe GISQUET
7e1ce6a6ac dsputil: remove shift parameter from scalarproduct_int16
There is only one caller, which does not need the shifting. Other use cases
are situations where different roundings would be needed.

The x86 and neon versions are modified accordingly.

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-03-07 10:29:52 -08:00
Christophe GISQUET
dabf8dd34a SBR DSP: unroll sum_square
The length is even, so some unrolling can be performed. Timings are for x86:
- 32bits: 102c -> 82c
- 64bits:  82c -> 69c

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-03-07 10:29:52 -08:00
Christophe GISQUET
294c05ce8a rv34: remove dead code in intra availability check
This was an incorrect copy-and-paste to a code not needing the original code.
Spotted by Jason in a previous review but forgotten in the commit.

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-03-07 10:29:52 -08:00
Christophe GISQUET
7104c23bd1 rv34: clean a bit availability checks.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-03-07 10:29:52 -08:00
Ronald S. Bultje
1255eed533 tgq: convert to bytestream2 API.
This protects against input buffer overreads.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-07 09:53:57 -08:00
Paul B Mahol
aed9da20af parser: remove forward declaration of MpegEncContext
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-03-07 09:48:29 -08:00
Ronald S. Bultje
e6ffd997cb dca: prevent accessing static arrays with invalid indexes.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-07 09:37:29 -08:00
Ronald S. Bultje
cc5dd632ce raw: move buffer size check up.
This way, it protects against overreads for 4bpp/2bpp content also.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-07 09:36:32 -08:00
Ronald S. Bultje
f1320dc3be lpcm: fix sample size calculation for 20bit LCPM.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-07 09:36:03 -08:00
Ronald S. Bultje
a55d5bdc6e algmm: convert to bytestream2 API.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-07 09:34:52 -08:00
Nicolas George
c088b7f389 ass_split: accept files with only \n and no \r.
The +1 is there to skip the ','.
With \r\n, the +1 skips the \r but that is ok.
With only \n, the +1 skips it and all hell breaks loose.
2012-03-07 16:41:30 +01:00
Nicolas George
e5dd4ae728 assdec: avoid a possible NULL dereference. 2012-03-07 16:41:30 +01:00
Diego Biurrun
8ca6e523a6 wma: Refactor common code to fix standalone compilation of WMA lossless decoder. 2012-03-07 09:36:05 +01:00
Diego Biurrun
3c715383ea vc1: Move init code shared between decoder and parser to common code file.
This fixes standalone compilation of the VC-1 parser.
2012-03-07 09:36:04 +01:00
Diego Biurrun
1e9d55e45e x86: Remove duplicated AVG_3DNOW_OP / AVG_MMX2_OP macros from h264_qpel_mmx.c. 2012-03-07 09:36:04 +01:00
Paul B Mahol
1eabd71c2b ffv1: PIX_FMT_YUV444P10 support
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-07 05:11:40 +01:00
Paul B Mahol
65491fa3d5 ffv1: PIX_FMT_YUV444P9 & PIX_FMT_YUV422P9 support
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-07 05:11:40 +01:00
Michael Niedermayer
eff2399f24 Revert "error_resilience: initialize s->block_index[]."
This reverts commit 6193ff6854.

This change is unneeded.
2012-03-07 05:11:25 +01:00
Michael Niedermayer
6df42f9874 Merge remote-tracking branch 'qatar/master'
* qatar/master:
  SBR DSP: fix SSE code to not use SSE2 instructions.
  cpu: initialize mask to -1, so that by default, optimizations are used.
  error_resilience: initialize s->block_index[].
  svq3: protect against negative quantizers.
  Don't use ff_cropTbl[] for IDCT.
  swscale: make filterPos 32bit.
  FATE: add CPUFLAGS variable, mapping to -cpuflags avconv option.
  avconv: add -cpuflags option for setting supported cpuflags.
  cpu: add av_set_cpu_flags_mask().
  libx264: Allow overriding the sliced threads option
  avconv: fix counting encoded video size.

Conflicts:
	doc/APIchanges
	doc/fate.texi
	doc/ffmpeg.texi
	ffmpeg.c
	libavcodec/h264idct_template.c
	libavcodec/svq3.c
	libavutil/avutil.h
	libavutil/cpu.c
	libavutil/cpu.h
	libswscale/swscale.c
	tests/Makefile
	tests/fate-run.sh
	tests/regression-funcs.sh

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-07 03:22:49 +01:00
Michael Niedermayer
57986c501e lavc/utils: fix const correctness of AVClass cast
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-07 00:47:11 +01:00
Michael Niedermayer
11344792e8 lavc/utils: remove unused variable from avcodec_encode_video2.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-07 00:45:18 +01:00
Michael Niedermayer
7d75febe0f mjpegenc: Fix const correctness and avoid writes into AVFrame of amv_encode_picture()
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-07 00:40:39 +01:00
Michael Niedermayer
5e6514e24f h264 Fix: "warning: assigning to 'uint8_t *' (aka 'unsigned char *') from 'const uint8_t *' (aka 'const unsigned char *') discards qualifiers"
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-07 00:33:55 +01:00
Michael Niedermayer
902bdf706f h264: fix warning about "uint8_t *p" and const
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-07 00:32:02 +01:00
Michael Niedermayer
3a5836038d cook: silence some signed overflow warnings.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-07 00:29:23 +01:00
Reimar Döffinger
b5161908e0 SBR DSP: fix SSE code to not use SSE2 instructions.
movq from SSE register _to_ memory is an SSE2 instruction.
Use the SSE movlps function instead that does the same thing.

Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-03-06 13:40:35 -08:00
Michael Niedermayer
a8d67efa53 aacdec: Fix out of array writes (stack).
This fixes an issue in the code to check the size that will
be written to match the actual code writing. In the long
term it would make sense to change this so the counting and
writing code are the same so they dont need to be kept in sync.

It also increases the array size, which was too small either way
and adds a redudnant saftey check.

This issue does not affect any FFmpeg release as it has been
introduced Jan 31 which is narrowly after our last release.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-06 21:51:11 +01:00
Bastien Bouclet
b521f11349 Fix bink decoder for files with 24px width.
Fixes ticket #962.
2012-03-06 20:20:41 +01:00
Ronald S. Bultje
6193ff6854 error_resilience: initialize s->block_index[].
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-06 11:08:56 -08:00
Ronald S. Bultje
11b940a1a8 svq3: protect against negative quantizers.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-06 10:47:42 -08:00
Ronald S. Bultje
c23acbaed4 Don't use ff_cropTbl[] for IDCT.
Results of IDCT can by far outreach the range of ff_cropTbl[], leading
to overreads and potentially crashes.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-06 10:47:42 -08:00
Michael Niedermayer
0f13cc732b diracdec: Correct the bytestream end pointer.
This fixes some arith decoder overreads and a potential infinite loop.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-06 19:13:55 +01:00
Martin Storsjö
338978a7c1 libx264: Allow overriding the sliced threads option
Signed-off-by: Martin Storsjö <martin@martin.st>
2012-03-06 13:40:22 +02:00
Michael Niedermayer
f095391a14 Merge remote-tracking branch 'qatar/master'
* qatar/master: (31 commits)
  cdxl demux: do not create packets with uninitialized data at EOF.
  Replace computations of remaining bits with calls to get_bits_left().
  amrnb/amrwb: Remove get_bits usage.
  cosmetics: reindent
  avformat: do not require a pixel/sample format if there is no decoder
  avformat: do not fill-in audio packet duration in compute_pkt_fields()
  lavf: Use av_get_audio_frame_duration() in get_audio_frame_size()
  dca_parser: parse the sample rate and frame durations
  libspeexdec: do not set AVCodecContext.frame_size
  libopencore-amr: do not set AVCodecContext.frame_size
  alsdec: do not set AVCodecContext.frame_size
  siff: do not set AVCodecContext.frame_size
  amr demuxer: do not set AVCodecContext.frame_size.
  aiffdec: do not set AVCodecContext.frame_size
  mov: do not set AVCodecContext.frame_size
  ape: do not set AVCodecContext.frame_size.
  rdt: remove workaround for infinite loop with aac
  avformat: do not require frame_size in avformat_find_stream_info() for CELT
  avformat: do not require frame_size in avformat_find_stream_info() for MP1/2/3
  avformat: do not require frame_size in avformat_find_stream_info() for AAC
  ...

Conflicts:
	doc/APIchanges
	libavcodec/Makefile
	libavcodec/avcodec.h
	libavcodec/h264.c
	libavcodec/h264_ps.c
	libavcodec/utils.c
	libavcodec/version.h
	libavcodec/x86/dsputil_mmx.c
	libavformat/utils.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-06 06:03:32 +01:00
Derek Buitenhuis
01606d10e6 libutvideo: Add Ut Video encoder wrapper
All colorspaces are supported.

Renamed libutvideo.cpp to libutvideodec.cpp.

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-05 22:25:49 +01:00
Derek Buitenhuis
d6e4e69a49 libutvideo: Move structs and includes to header
This is so the forthcoming encoder wrapper can share
them.

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-05 22:25:49 +01:00
Alex Converse
3574a85ce5 Replace computations of remaining bits with calls to get_bits_left(). 2012-03-05 11:22:11 -08:00
Alex Converse
b70feb4053 amrnb/amrwb: Remove get_bits usage.
It is used to parse fixed sized fields out of a single octet. The code
is simpler without it.
2012-03-05 11:22:11 -08:00
Carl Eugen Hoyos
18794000c6 Remove AV_LOG_DEBUG from av_dlog() calls.
AV_LOG_DEBUG is forced by the av_dlog definition.
2012-03-05 20:04:18 +01:00
Justin Ruggles
11ac796f7a dca_parser: parse the sample rate and frame durations 2012-03-05 13:08:17 -05:00
Justin Ruggles
85469f1c9e libspeexdec: do not set AVCodecContext.frame_size
It is not necessary
2012-03-05 13:08:17 -05:00
Justin Ruggles
adbf61ff8a libopencore-amr: do not set AVCodecContext.frame_size
It is not necessary
2012-03-05 13:08:17 -05:00
Justin Ruggles
0efa4073bf alsdec: do not set AVCodecContext.frame_size
It is not necessary
2012-03-05 13:08:17 -05:00
Justin Ruggles
9524cf79df avcodec: add av_get_audio_frame_duration() function.
This is a utility function for the user to get the frame duration based on
the codec id, frame size in bytes, and various AVCodecContext parameters.
2012-03-05 13:08:15 -05:00
Justin Ruggles
6699d07480 avcodec: add av_get_exact_bits_per_sample() function
This only returns bits per sample when it is exactly correct. That is, the
codec contains only raw samples with no frame headers or padding. This applies
to basically all PCM codecs and a small subset of ADPCM codecs.
2012-03-05 13:08:15 -05:00
Michael Niedermayer
c7048036db cook: fix return statements.
Found-by: cbsrobot
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-05 19:00:22 +01:00
Michael Niedermayer
0a7bf34042 wmaenc: change some asserts to av_assert0.
This ensures they are always checked

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-05 19:00:22 +01:00
Michael Niedermayer
0d92e5a682 wmaenc: add assert to check encode_superframe() return.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-05 19:00:22 +01:00
Michael Niedermayer
c99bd29462 Revert "wmaenc: check final frame size against output packet size"
This condition cannot happen, if it can it is a bug that MUST be fixed.
And i very happily volunteer to fix it if someone reports a case to
me that fails.

This reverts commit 5d652e063b.
2012-03-05 19:00:22 +01:00
Fabian Greffrath
c9dbac36ad Fix format string vulnerability detected by -Wformat-security.
Signed-off-by: Diego Biurrun <diego@biurrun.de>
2012-03-05 17:03:00 +01:00
Mans Rullgard
356ee8d7de x86: clean up ff_dsputil_init_mmx()
This splits ff_dsputil_init_mmx() into multiple functions, one for
each MMX/SSE level, somewhat simplifying the nested conditions.

Signed-off-by: Mans Rullgard <mans@mansr.com>
Signed-off-by: Diego Biurrun <diego@biurrun.de>
2012-03-05 14:40:03 +01:00
Michael Niedermayer
1007a805a4 smc: Fix overread.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-05 03:43:15 +01:00
Michael Niedermayer
263bb6edcf bit_depth_template: use av_clip_uint8 over crop_tab.
This fixes some global out of array reads and wrong cliping.
No speed difference meassurable under clang on i5
also all important code paths on all important platforms should
use SIMD.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-05 03:05:21 +01:00
Michael Niedermayer
e75518e18d indeo3: move MV check up.
This adds checking for modes >= 10.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-05 02:15:35 +01:00
Michael Niedermayer
ccb76ad91f cook: check decouple values.
This fixes a out of global array read in the cplscale* tables.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-05 01:37:56 +01:00
Michael Niedermayer
2af8f2cea6 Merge remote-tracking branch 'qatar/master'
* qatar/master: (27 commits)
  cmdutils: use new avcodec_is_decoder/encoder() functions.
  lavc: make codec_is_decoder/encoder() public.
  lavc: deprecate AVCodecContext.sub_id.
  libcdio: add a forgotten AVClass to the private context.
  swscale: remove "cpu flags" from -sws_flags description.
  proresenc: give user a possibility to alter some encoding parameters
  vorbisenc: add output buffer overwrite protection
  libopencore-amrnbenc: fix end-of-stream handling
  ra144enc: fix end-of-stream handling
  nellymoserenc: zero any leftover packet bytes
  nellymoserenc: use proper MDCT overlap delay
  qpeg: Use bytestream2 functions to prevent buffer overreads.
  swscale: make %rep unconditional.
  vp8: convert simple loopfilter x86 assembly to use named arguments.
  vp8: convert idct x86 assembly to use named arguments.
  vp8: convert mc x86 assembly to use named arguments.
  vp8: convert loopfilter x86 assembly to use cpuflags().
  vp8: convert idct/mc x86 assembly to use cpuflags().
  swscale: remove now unnecessary hack.
  x86inc: don't "bake" stack_offset in named arguments.
  ...

Conflicts:
	cmdutils.c
	doc/APIchanges
	libavcodec/mpeg12.c
	libavcodec/options.c
	libavcodec/qpeg.c
	libavcodec/utils.c
	libavcodec/version.h
	libavdevice/libcdio.c
	tests/lavf-regression.sh

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-05 00:15:55 +01:00
Michael Niedermayer
33a183df46 indeo3: Fix overreading requant_tab.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-04 23:13:26 +01:00
Michael Niedermayer
56ffa3fefb indeo3: Check motion vectors.
Fixes overread of reference frame.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-04 23:06:56 +01:00
Anton Khirnov
44fe77b350 lavc: make codec_is_decoder/encoder() public. 2012-03-04 21:08:52 +01:00
Anton Khirnov
02beb9826b lavc: deprecate AVCodecContext.sub_id.
In most places where it's used, it's as a pointless write-only field.

Only rv10 decoder actually reads from it, but it stores some internal
version info in it. There is no reason for it to be in a public field.
2012-03-04 21:02:45 +01:00
Michael Niedermayer
d8d1fbbd7f dsicinav: fix 10l bug introduced in 999d38f3a9
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-04 18:06:23 +01:00
Michael Niedermayer
52807022ab pcm-mpeg: fix 10l condition flip
Original issue Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
10l bug Found-by: nevcairiel
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-04 16:40:08 +01:00
Michael Niedermayer
37fca5daa0 mmvideo: fix overreads of the input buffer.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-04 08:14:07 +01:00
Ronald S. Bultje
999d38f3a9 dsicinvideo: validate buffer offset before copying pixels.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable-LOOeJiBropLYtjvyW6yDsg@public.gmane.org

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-04 07:45:34 +01:00
Kostya Shishkov
4db4b53dc8 proresenc: give user a possibility to alter some encoding parameters
This allows user to select quantisation matrix from different profile,
stamp frames with custom vendor string and change target bitrate.
2012-03-04 07:35:00 +01:00
Justin Ruggles
1ba08c94f5 vorbisenc: add output buffer overwrite protection 2012-03-04 01:16:54 -05:00
Justin Ruggles
fe78470a8b libopencore-amrnbenc: fix end-of-stream handling
Use CODEC_CAP_DELAY and CODEC_CAP_SMALL_LAST_FRAME to properly pad and flush
the encoder at the end of encoding. This is needed in order to have all input
samples decoded.
2012-03-04 01:14:53 -05:00
Justin Ruggles
b0350c1c30 ra144enc: fix end-of-stream handling
Use CODEC_CAP_DELAY and CODEC_CAP_SMALL_LAST_FRAME to properly pad and flush
the encoder at the end of encoding. This is needed in order to have all input
samples decoded.
2012-03-04 01:14:53 -05:00
Justin Ruggles
29e2c85310 nellymoserenc: zero any leftover packet bytes
fixes writing of uninitialized packet data
2012-03-04 01:14:52 -05:00
Justin Ruggles
6c7a01621c nellymoserenc: use proper MDCT overlap delay 2012-03-04 01:14:52 -05:00
Michael Niedermayer
2b693546ad truemotion2: check motion vectors for validity
Fixes out of array read

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-04 07:09:35 +01:00
Michael Niedermayer
39a3a53b66 pngdec: validate length.
Fixes out of array reading.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-04 06:25:06 +01:00
Aneesh Dogra
3e9cd8b4b0 qpeg: Use bytestream2 functions to prevent buffer overreads.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-03-03 20:40:00 -08:00
Ronald S. Bultje
b4188f0d46 vp8: convert simple loopfilter x86 assembly to use named arguments. 2012-03-03 20:40:00 -08:00
Ronald S. Bultje
8476ca3b4e vp8: convert idct x86 assembly to use named arguments. 2012-03-03 20:40:00 -08:00
Ronald S. Bultje
21ffc78fd7 vp8: convert mc x86 assembly to use named arguments. 2012-03-03 20:40:00 -08:00
Ronald S. Bultje
28170f1a39 vp8: convert loopfilter x86 assembly to use cpuflags(). 2012-03-03 20:40:00 -08:00
Ronald S. Bultje
e25be47154 vp8: convert idct/mc x86 assembly to use cpuflags(). 2012-03-03 20:39:59 -08:00
Michael Niedermayer
15c6be8c7d Merge remote-tracking branch 'qatar/master'
* qatar/master:
  tiertexseq: set correct block_align for audio
  tiertexseq: set audio stream start time to 0
  voc/avs: Do not change the sample rate mid-stream.
  segafilm: use the sample rate as the time base for audio streams
  ea: fix audio pts
  psx-str: fix audio pts
  vqf: set packet duration
  tta demuxer: set packet duration
  mpegaudio_parser: do not ignore information from the first parsed frame
  mpegaudio_parser: be less picky about the start position
  thp: set audio packet durations
  avcodec: add a Vorbis parser to get packet duration
  vorbisdec: read the previous window flag for long windows
  lavc: free the output packet when encoding failed or produced no output.
  lavc: preserve avpkt->destruct in ff_alloc_packet().
  lavc: clarify the meaning of AVCodecContext.frame_number.
  mpegts: Pad the packet buffer in handle_packet().
  mpegts: Do not call read_sl_header() when no bytes remain in the buffer.

Conflicts:
	libavcodec/mpegaudio_parser.c
	libavcodec/version.h
	libavformat/mpegts.c
	tests/ref/fate/pva-demux

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-04 04:26:04 +01:00
Justin Ruggles
51ddf35c90 wmaenc: fix m/s stereo encoding for the first frame
We need to set ms_stereo in encode_init() in order to avoid incorrectly
encoding the first frame as non-m/s while flagging it as m/s. Fixes an
uncomfortable pop in the left channel at the start of playback.

CC:libav-stable@libav.org
2012-03-03 18:20:10 -05:00
Justin Ruggles
8ed7488ea3 wmaenc: return s->block_align instead of recalculating it 2012-03-03 18:20:10 -05:00
Justin Ruggles
5d652e063b wmaenc: check final frame size against output packet size
Currently we have an assert() that prevents the frame from being too large,
but it is more user-friendly to give an error message instead of aborting on
assert(). This condition is quite unlikely due to the minimum bit rate check
in encode_init(), but it is still worth having.
2012-03-03 18:20:10 -05:00
Justin Ruggles
dfc4fdedf8 wmaenc: require a large enough output buffer to prevent overwrites
The maximum theoretical frame size is around 17000 bytes. Although in
practice it will generally be much smaller, we require a larger buffer
just to be safe.

CC: libav-stable@libav.org
2012-03-03 18:20:10 -05:00
Justin Ruggles
1ec075cfec wmaenc: limit allowed sample rate to 48kHz
ff_wma_init() allows up to 50kHz, but this generates an exponent band
size table that requires 65 bands. The code assumes 25 bands in many
places, and using sample rates higher than 48kHz will lead to buffer
overwrites.

CC:libav-stable@libav.org
2012-03-03 18:20:10 -05:00
Justin Ruggles
c2b8dea182 wmaenc: limit block_align to MAX_CODED_SUPERFRAME_SIZE
This is near the theoretical limit for wma frame size and is the most that
our decoder can handle. Allowing higher bit rates will just end up padding
each frame with empty bytes.

Fixes invalid writes for avconv when using very high bit rates.

CC:libav-stable@libav.org
2012-03-03 18:20:09 -05:00
Michael Niedermayer
8f1bb3d598 wc4: fix out of chroma LUT reads
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-04 00:13:52 +01:00
Michael Niedermayer
cd0cfdc0a7 pcm-mpeg: Check for valid bps.
The code only supports 16 and 24 bps currently, 20bps causes
out of array reads.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-03 23:55:16 +01:00
Justin Ruggles
0b8b7db01b mpegaudio_parser: do not ignore information from the first parsed frame
Update some demuxing and seeking fate tests.
2012-03-03 17:03:26 -05:00
Michael Niedermayer
6776a8f189 mpegaudio_parser: be less picky about the start position
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
2012-03-03 17:03:26 -05:00
Justin Ruggles
5602a464c9 avcodec: add a Vorbis parser to get packet duration
This also allows for removing some of the Vorbis-related hacks.
2012-03-03 16:43:11 -05:00
Justin Ruggles
737ca4482b vorbisdec: read the previous window flag for long windows
When reading sequentially, we are using the actual flag from the previous
frame, but when seeking we do not know what the previous window flag was, so
we need to read it from the bitstream.
2012-03-03 16:43:11 -05:00
Michael Niedermayer
d629f3edaa cook: check that category is smaller than 8
This fixes some out of global array accesses of dither_tab.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Reviewed-by: Benjamin Larsson <benjamin@southpole.se>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-03 18:35:46 +01:00
Nicolas George
b2792a436b lavc: unify similar code merged from both branches. 2012-03-03 15:56:45 +01:00
Anton Khirnov
7fb6c9225c lavc: free the output packet when encoding failed or produced no output. 2012-03-03 06:31:41 +01:00
Anton Khirnov
e42e9b0e4d lavc: preserve avpkt->destruct in ff_alloc_packet().
Also, don't bother with saving/restoring data, av_init_packet doesn't
touch it.
2012-03-03 06:31:41 +01:00
Anton Khirnov
c179c9e19d lavc: clarify the meaning of AVCodecContext.frame_number. 2012-03-03 06:31:41 +01:00
Michael Niedermayer
c266eb1928 arm: Fix 10l typo
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-03 04:35:15 +01:00
Michael Niedermayer
70b5583baa kvmc: Fix out of reference frame reads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-03 04:14:37 +01:00
Michael Niedermayer
81d4b3af81 qpeg: fix overreads.
qpeg should probably be changed to use the checked bytestream reader.
But for now this fixes it and is significantly less work.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-03 03:50:05 +01:00
Michael Niedermayer
4299dfa5de qpeg: Fix out of array writes.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-03 03:37:52 +01:00
Fabian Greffrath
aaa1173de7 srtdec: fix a format string vulnerability.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-03 02:35:27 +01:00
Michael Niedermayer
268098d8b2 Merge remote-tracking branch 'qatar/master'
* qatar/master: (29 commits)
  amrwb: remove duplicate arguments from extrapolate_isf().
  amrwb: error out early if mode is invalid.
  h264: change underread for 10bit QPEL to overread.
  matroska: check buffer size for RM-style byte reordering.
  vp8: disable mmx functions with sse/sse2 counterparts on x86-64.
  vp8: change int stride to ptrdiff_t stride.
  wma: fix invalid buffer size assumptions causing random overreads.
  Windows Media Audio Lossless decoder
  rv10/20: Fix slice overflow with checked bitstream reader.
  h263dec: Disallow width/height changing with frame threads.
  rv10/20: Fix a buffer overread caused by losing track of the remaining buffer size.
  rmdec: Honor .RMF tag size rather than assuming 18.
  g722: Fix the QMF scaling
  r3d: don't set codec timebase.
  electronicarts: set timebase for tgv video.
  electronicarts: parse the framerate for cmv video.
  ogg: don't set codec timebase
  electronicarts: don't set codec timebase
  avs: don't set codec timebase
  wavpack: Fix an integer overflow
  ...

Conflicts:
	libavcodec/arm/vp8dsp_init_arm.c
	libavcodec/fraps.c
	libavcodec/h264.c
	libavcodec/mpeg4videodec.c
	libavcodec/mpegvideo.c
	libavcodec/msmpeg4.c
	libavcodec/pnmdec.c
	libavcodec/qpeg.c
	libavcodec/rawenc.c
	libavcodec/ulti.c
	libavcodec/vcr1.c
	libavcodec/version.h
	libavcodec/wmalosslessdec.c
	libavformat/electronicarts.c
	libswscale/ppc/yuv2rgb_altivec.c
	tests/ref/acodec/g722
	tests/ref/fate/ea-cmv

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-03 00:23:10 +01:00
Michael Niedermayer
689f65126b simple_idct: idct_4col_put: Fix out of array reads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-02 22:09:44 +01:00
Michael Niedermayer
422e3a74b9 rawdec: fix input overread.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-02 22:04:00 +01:00
Ronald S. Bultje
9d87374ec0 amrwb: remove duplicate arguments from extrapolate_isf().
Prevents warnings because the dst and src overlap (are the same) in the
memcpy() inside the function.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-02 12:50:00 -08:00
Michael Niedermayer
e7b43e8e84 truemotion1: Check input buffer size against header size.
Fixes overread.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-02 21:36:42 +01:00
Michael Niedermayer
a3f5ee297a mjpeg: Check for interlaced progressive frames
Fixes null pointer dereference.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-02 21:35:58 +01:00
Michael Niedermayer
0af48e29f5 snow: check reference frame indices.
Fixes NULL ptr dereference

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-02 20:53:00 +01:00
Ronald S. Bultje
154b8bb800 amrwb: error out early if mode is invalid.
Prevents using the invalid mode as an index in a static array, which
would generate invalid reads.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-02 10:34:50 -08:00
Ronald S. Bultje
291c9b6285 h264: change underread for 10bit QPEL to overread.
This prevents us from reading before the start of the buffer, and thus
prevents crashes resulting from this behaviour. Fixes bug 237.
2012-03-02 10:33:05 -08:00
Ronald S. Bultje
45549339bc vp8: disable mmx functions with sse/sse2 counterparts on x86-64.
x86-64 is guaranteed to have at least SSE2, therefore the MMX/MMX2
functions will never be used in practice.
2012-03-02 10:32:05 -08:00
Ronald S. Bultje
bd66f073fe vp8: change int stride to ptrdiff_t stride.
On 64bit platforms with 32bit int, this means we won't have to sign-
extend the integer anymore.
2012-03-02 10:31:50 -08:00
Ronald S. Bultje
349b7977e4 wma: fix invalid buffer size assumptions causing random overreads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-02 10:31:28 -08:00
Mashiat Sarker Shakkhar
9d25f1f619 Windows Media Audio Lossless decoder
Decodes 16-bit WMA Lossless encoded files. 24-bit is not supported yet.

Bitstream parser written by Andreas Öman with contributions from
Baptiste Coudurier and Ulion.

Includes a number of bug-fixes from Benjamin Larsson, Michael Niedermayer and
Konstantin Shishkov, shine and polish by Diego Biurrun.

Signed-off-by: Diego Biurrun <diego@biurrun.de>
2012-03-02 19:10:29 +01:00
Michael Niedermayer
8fdd93eaad huffyuv: pad classic huffman tables so as to avoid bitreader overread.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-02 18:49:39 +01:00
Michael Niedermayer
64c58f1436 vc1: mquant is not allowed to be 0
Fixes out of bounds read.
Checked against SMPTE 421M-2006

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-02 18:40:42 +01:00
Alex Converse
9243ec4a50 rv10/20: Fix slice overflow with checked bitstream reader. 2012-03-02 09:31:32 -08:00
Michael Niedermayer
71db86d53b h263dec: Disallow width/height changing with frame threads.
Fixes CVE-2011-3937

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-02 09:31:32 -08:00
Alex Converse
2f6528537f rv10/20: Fix a buffer overread caused by losing track of the remaining buffer size.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-02 09:31:32 -08:00
Martin Storsjö
b087ce2bee g722: Fix the QMF scaling
This fixes clipping if the encoder input used the full 16 bit
input range (samples with a magnitude below 16383 worked fine).
The filtered subband samples should be 15 bit maximum, while
the code earlier produced them scaled to 16 bit.

This makes the decoder output have double the magnitude
compared to before.

The spec reference samples doesn't test the QMF at all, which
was why this part slipped past initially.

Signed-off-by: Martin Storsjö <martin@martin.st>
2012-03-02 18:58:19 +02:00
Michael Niedermayer
e93d911e48 h263: fix zygo debug printing overreading.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-02 16:53:37 +01:00
Michael Niedermayer
d964db5742 wmadec: fix off by 1 error on the pow_tab index check.
Fixes global out of array read.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-02 16:44:49 +01:00
Michael Niedermayer
ec3cd74f2d h261: check mtype.
Fixes out of array read

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-02 15:58:14 +01:00
Derek Buitenhuis
f604eab30a wavpack: Fix an integer overflow
Integer Overflow Checker detected an integer
overflow while FATE was running.

See: http://fate.libav.org/x86_64-linux-ioc/

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>
2012-03-02 08:26:36 +01:00
Derek Buitenhuis
83c418e68e wavpack: Fix an integer overflow
Integer Overflow Checker detected an integer
overflow while FATE was running.

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-02 02:40:24 +01:00
Michael Niedermayer
7a7b1f5c4d roqvideodec: improve end of input buffer check
This fixes a out of array read.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-02 02:32:14 +01:00
Michael Niedermayer
1eb7f39c7b Merge remote-tracking branch 'qatar/master'
* qatar/master:
  h264: error out on invalid bitdepth.
  aacsbr: use a swap index for the Y matrix rather than copy buffers.
  huffyuv: do not abort on unknown pix_fmt; instead, return an error.
  lcl: return negative error codes on decode_init() errors.
  rtpenc: Use MB info side data for splitting H263 packets for RFC 2190
  h263enc: Add an option for outputting info about MBs as side data
  avpacket: Add a function for shrinking already allocated side data
  nellymoserdec: Saner and faster IMDCT windowing

Conflicts:
	doc/APIchanges
	libavcodec/avpacket.c
	libavcodec/version.h

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-01 23:11:31 +01:00
Diego Biurrun
1c4717be4f mjpegdec: use correct variable in av_log invocation
libavcodec/mjpegdec.c:1463: warning: format ‘%x’ expects type ‘unsigned int’, but argument 5 has type ‘const uint8_t *’
2012-03-01 23:11:15 +01:00
Diego Biurrun
324deaa268 Replace AVFrame pointer type punning by proper struct member assignments. 2012-03-01 23:11:13 +01:00
Diego Biurrun
47c0ac96aa Replace AVFrame pointer casts by proper struct member accesses. 2012-03-01 23:11:11 +01:00
Diego Biurrun
562b6c744a Remove unnecessary AVFrame pointer casts. 2012-03-01 23:11:10 +01:00
Diego Biurrun
2f4b476e04 msmpeg4: Split encoding backend code off from general backend code. 2012-03-01 23:11:09 +01:00
Anton Khirnov
eb727387fd lavc: shrink encoded video packet size after encoding.
Based on a patch by Nicolas George <nicolas.george <at> normalesup.org>
2012-03-01 22:21:35 +01:00
Michael Niedermayer
75d11b55d7 vc1: avoid reading beyond the last line in vc1_draw_sprites()
Fixes overread

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-01 22:20:07 +01:00
Ronald S. Bultje
0ce4fe482c h264: error out on invalid bitdepth.
Fixes invalid reads while initializing the dequant tables, which uses
the bit depth to determine the QP table size.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-01 12:15:51 -08:00
Christophe Gisquet
cc412b7104 aacsbr: use a swap index for the Y matrix rather than copy buffers.
Signed-off-by: Alex Converse <alex.converse@gmail.com>
2012-03-01 11:03:00 -08:00
Michael Niedermayer
dc945b1fa8 eatgq: Pass error code from tgq_decode_mb() and let the caller fail.
This fixes a over read.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-01 19:57:55 +01:00
Michael Niedermayer
32f0c65828 vc1: fix out of array reads in vc1_inv_trans_4x4_c()
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-01 19:35:12 +01:00
Michael Niedermayer
80c702efeb vc1: fix out of array reads in vc1_inv_trans_4x8_c()
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-01 19:35:12 +01:00
Michael Niedermayer
af796ba4b8 vc1: fix out of array reads in vc1_inv_trans_8x4_c()
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-01 19:35:12 +01:00
Ronald S. Bultje
63c9de6469 huffyuv: do not abort on unknown pix_fmt; instead, return an error.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-01 10:23:36 -08:00
Michael Niedermayer
b2a7c01733 mpc: Fix mpc_CC table and use.
This is based on the reference implementation and fixes
a global out of array read.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-01 16:16:13 +01:00
Michael Niedermayer
b84211ac71 mpc: Fix mpc_SCF use and content.
This fixes a out of global array read.
This change is based on the reference mpc imlementation.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-01 16:15:33 +01:00
Ronald S. Bultje
bd17a40a7e lcl: return negative error codes on decode_init() errors.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-01 07:12:29 -08:00
Martin Storsjö
bdc1220eeb h263enc: Add an option for outputting info about MBs as side data
Signed-off-by: Martin Storsjö <martin@martin.st>
2012-03-01 16:08:31 +02:00
Martin Storsjö
442c1320e7 avpacket: Add a function for shrinking already allocated side data
Signed-off-by: Martin Storsjö <martin@martin.st>
2012-03-01 16:08:30 +02:00
Michael Niedermayer
fd88a25701 rv34dsp: avoid use of crop table for idct.
Fixes out of array read.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-01 07:06:53 +01:00
Michael Niedermayer
8263212e86 mpegaudiodec: Enable checked bitstream reader.
It appears there are corner cases with damaged input that can lead
to small overreads.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-01 06:39:48 +01:00
Michael Niedermayer
a057ef6923 mpegaudiodec: change granule skip code to avoid false checked bitstream reader errors.
Code ported from qatar/master, please see there for per line authorship.
Main authors AFAIK are Ronald and Justin. I have no authorship on this.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-01 06:35:55 +01:00
Michael Niedermayer
436f866f92 svq3dec: fix overread of the cliping table.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-01 05:25:11 +01:00
Michael Niedermayer
79ae084e9b Merge remote-tracking branch 'qatar/master'
* qatar/master: (58 commits)
  amrnbdec: check frame size before decoding.
  cscd: use negative error values to indicate decode_init() failures.
  h264: prevent overreads in intra PCM decoding.
  FATE: do not decode audio in the nuv test.
  dxa: set audio stream time base using the sample rate
  psx-str: do not allow seeking by bytes
  asfdec: Do not set AVCodecContext.frame_size
  vqf: set packet parameters after av_new_packet()
  mpegaudiodec: use DSPUtil.butterflies_float().
  FATE: add mp3 test for sample that exhibited false overreads
  fate: add cdxl test for bit line plane arrangement
  vmnc: return error on decode_init() failure.
  libvorbis: add/update error messages
  libvorbis: use AVFifoBuffer for output packet buffer
  libvorbis: remove unneeded e_o_s check
  libvorbis: check return values for functions that can return errors
  libvorbis: use float input instead of s16
  libvorbis: do not flush libvorbis analysis if dsp state was not initialized
  libvorbis: use VBR by default, with default quality of 3
  libvorbis: fix use of minrate/maxrate AVOptions
  ...

Conflicts:
	Changelog
	doc/APIchanges
	libavcodec/avcodec.h
	libavcodec/dpxenc.c
	libavcodec/libvorbis.c
	libavcodec/vmnc.c
	libavformat/asfdec.c
	libavformat/id3v2enc.c
	libavformat/internal.h
	libavformat/mp3enc.c
	libavformat/utils.c
	libavformat/version.h
	libswscale/utils.c
	tests/fate/video.mak
	tests/ref/fate/nuv
	tests/ref/fate/prores-alpha
	tests/ref/lavf/ffm
	tests/ref/vsynth1/prores
	tests/ref/vsynth2/prores

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-01 03:17:11 +01:00
Vitor Sessak
5cd1337f5d nellymoserdec: Saner and faster IMDCT windowing
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-02-29 15:38:35 -08:00
Vitor Sessak
882abda5a2 amrnbdec: check frame size before decoding.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-02-29 14:13:58 -08:00
Ronald S. Bultje
8a9faf33f2 cscd: use negative error values to indicate decode_init() failures.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-02-29 14:04:23 -08:00
Ronald S. Bultje
d1604b3de9 h264: prevent overreads in intra PCM decoding.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-02-29 13:17:34 -08:00
Michael Niedermayer
a77c8ade2e lavc: fix 10l oversight in realloc of avcodec_encode_video2.
Packets are not guranteed to be allocated by av_malloc().

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-02-29 21:33:00 +01:00
Michael Niedermayer
d7bce4a274 dca: dont overread dca_default_coeffs.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-02-29 21:18:54 +01:00
Michael Niedermayer
51db9a97e9 dca: Check scale_sum.
Fixes a out of array read.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-02-29 21:18:54 +01:00
Michael Niedermayer
d6bc273bac dca: Check LFEScaleIndex.
Its not clear from the spec what to do with values larger than 127
so iam opting for the safe side and ask for a sample.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-02-29 21:18:54 +01:00
Vitor Sessak
9b4cd58611 mpegaudiodec: use DSPUtil.butterflies_float().
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-02-29 12:12:50 -08:00
Ronald S. Bultje
07a180972f vmnc: return error on decode_init() failure.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-02-29 11:58:27 -08:00
Justin Ruggles
a45a1ea521 libvorbis: add/update error messages
also use AVERROR codes for some return values instead of -1
2012-02-29 14:54:25 -05:00
Justin Ruggles
592c4dbc7e libvorbis: use AVFifoBuffer for output packet buffer
simplifies the code and does less memmove()
2012-02-29 14:54:24 -05:00
Justin Ruggles
1fe7c1be54 libvorbis: remove unneeded e_o_s check
vorbis_bitrate_flushpacket() does not return any packets that should not be
output in the bitstream.
2012-02-29 14:54:24 -05:00
Justin Ruggles
94025d8a99 libvorbis: check return values for functions that can return errors 2012-02-29 14:54:24 -05:00
Justin Ruggles
c5063e0348 libvorbis: use float input instead of s16
libvorbis takes float input, so we can just deinterleave/reorder the input
as-is instead of also converting.
2012-02-29 14:54:24 -05:00
Justin Ruggles
f15c4281dc libvorbis: do not flush libvorbis analysis if dsp state was not initialized
Fixes a segfault if init() fails before initializing the dsp state
2012-02-29 14:54:23 -05:00
Justin Ruggles
147ff24a0e libvorbis: use VBR by default, with default quality of 3 2012-02-29 14:54:20 -05:00
Justin Ruggles
182d4f1f38 libvorbis: fix use of minrate/maxrate AVOptions
- enable the options for audio encoding
- properly check for user-set maxrate
- use correct calling order in vorbis_encode_setup_managed()
2012-02-29 14:44:15 -05:00
Justin Ruggles
eb35ef2932 libvorbis: cosmetics: renaming/pretty-printing/comments/unused code 2012-02-29 14:44:15 -05:00
Justin Ruggles
4e99501f62 (e)ac3enc: select a default bit rate based on the channel layout 2012-02-29 14:36:00 -05:00
Justin Ruggles
6aeea1dfb2 ac3enc: choose the closest bit rate to the one requested instead of failing 2012-02-29 14:36:00 -05:00
Ronald S. Bultje
78e9852a2e rpza: error out on buffer overreads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-02-29 11:21:01 -08:00
Ronald S. Bultje
e54ae60e46 qtrle: return error on decode_init() failure.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-02-29 11:20:29 -08:00
Martin Storsjö
85b221e4d3 dpxenc: Don't include the libavcodec ident if bitexact mode is enabled
This avoids breaking fate every time the lavc version is bumped.

Signed-off-by: Martin Storsjö <martin@martin.st>
2012-02-29 20:08:09 +02:00
Nicolas George
33b9fe562a encode_video2: shrink packet after encoding.
With the encode2 API, encoders allocate huge packets to be
sure they have enough room (a typical case is mpeg4, which
allocs ~10M for 1280x768 yuv420p) but only actually use a
very small part of the buffer.
2012-02-29 17:00:26 +01:00
Kostya Shishkov
12b812d2e5 prores: store and retrieve extended colourspace information
Based on the patch by Phil Barrett.
2012-02-29 09:29:02 +01:00
Phil Barrett
c7084182e8 proresenc: correct edge emulation
Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>
2012-02-29 09:28:45 +01:00
Kostya Shishkov
235d693286 prores: handle 444 chroma in right order
ProRes codes chroma blocks in 444 mode in different order than luma blocks,
so make both decoder and encoder read/write chroma blocks in right order.

Reported by Phil Barrett
2012-02-29 09:28:34 +01:00
Anton Khirnov
23bfcc066d mpegvideo_enc: add quantizer_noise_shaping private option.
Deprecate corresponding AVCodecContext field.
2012-02-29 07:26:24 +01:00
Anton Khirnov
16b7557b79 lavc: deprecate AVCodecContext.inter_threshold.
It's unused.
2012-02-29 07:25:44 +01:00
Anton Khirnov
4f07f8196c lavc: deprecate AVCodecContext.color_table_id.
It's currently only used as temporary storage by the mov demuxer. Make
it use a local variable instead.
2012-02-29 07:25:00 +01:00
Anton Khirnov
63efd83ae1 mpegvideo_enc: add chroma/luma_elim_threshold private options.
Deprecate corresponding AVCodecContext fields.
2012-02-29 07:23:31 +01:00
Anton Khirnov
af3d804f9f mpegvideo_enc: add cbp_rd flag to mpv_flags.
Deprecate CODEC_FLAG_CBP_RD.
2012-02-29 07:13:58 +01:00
Anton Khirnov
ff71a383ac mpegvideo_enc: add qp_rd flag to mpv_flags.
Deprecate CODEC_FLAG_QP_RD.
2012-02-29 07:12:10 +01:00
Anton Khirnov
a249f0cc23 mpegvideo_enc: add strict_gop flag to mpv_flags.
Deprecate CODEC_FLAG2_STRICT_GOP.
2012-02-29 07:11:02 +01:00
Anton Khirnov
ed019b8e5b lavc: add -mpv_flags to mpegvideo_enc-based encoders.
Deprecate CODEC_FLAG2_SKIP_RD in favor of the corresponding mpv_flags
flag.
2012-02-29 07:09:29 +01:00
Michael Niedermayer
956fb91e03 aacdec: Support stereo streams that erroneously signal predefined channel configuration 1 (mono).
[alex.converse@mgail.com]
Move code to get_che()
Update for AAC new channel configuration interface
Only set chan_config if output_configure succeeds.

Signed-off-by: Alex Converse <alex.converse@gmail.com>
2012-02-28 21:38:16 -08:00
Alex Converse
2564f6e6d4 aacdec: Reshuffle functions so get_che() can call set_default_channel_config() and output_configure(). 2012-02-28 21:38:15 -08:00
Michael Niedermayer
6aca18a9a0 vmnc: Fail if bpp is not recognized instead of crashing.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-02-29 06:27:38 +01:00
Michael Niedermayer
c250063523 get_buffers: Check that pix_fmt is not NONE.
This is somewhat redundant as no decoder should call get_buffer() with such argument.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-02-29 06:27:38 +01:00
Michael Niedermayer
8534881a38 alsdec: Check that quantized parcor coeffs are within range.
ALS spec:
	11.6.3.1.1 Quantization and encoding of parcor coefficients
	...
	In all cases the resulting quantized values ak are restricted to the range [-64,63].

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-02-29 06:20:07 +01:00
Ronald S. Bultje
8bc396fc0e vp56: error out on invalid stream dimensions.
Prevents crashes when playing corrupt vp5/6 streams.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-02-28 16:41:58 -08:00
Michael Niedermayer
51defefa85 cook: avoid out of global array read.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-02-29 01:41:18 +01:00
Michael Niedermayer
0e6aa0fef5 Merge remote-tracking branch 'qatar/master'
* qatar/master:
  adpcm: Clip step_index values read from the bitstream at the beginning of each frame.
  oma: don't read beyond end of leaf_table.
  doxygen: Remove documentation for non-existing parameters; misc small fixes.
  Indeo3: fix crashes on corrupt bitstreams.
  msmpeg4: Replace forward declaration by proper #include.
  segment: implement wrap around
  avf: reorder AVStream and AVFormatContext
  aacdec: Remove erroneous reference to global gain from the out of bounds scalefactor error message.

Conflicts:
	libavcodec/indeo3.c
	libavformat/avformat.h
	libavutil/avutil.h

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-02-29 00:30:35 +01:00
Michael Niedermayer
f929abd0c3 adpcm_xa: Check filter validity.
Fixes out of global array read.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-02-28 22:54:55 +01:00
Alex Converse
bbeb29133b adpcm: Clip step_index values read from the bitstream at the beginning of each frame.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
2012-02-28 12:11:06 -08:00
Diego Biurrun
cfac648e6a doxygen: Remove documentation for non-existing parameters; misc small fixes. 2012-02-28 20:48:43 +01:00
Michael Niedermayer
bf72c0410d cook: add const to quant_index_table of categorize()
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-02-28 20:07:49 +01:00